kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make channels create PKI for addons that needs it

This commit is contained in:
Ole Markus With 2021-01-07 13:43:30 +01:00
parent 064d7fb7ab
commit d41f68c6ef
297 changed files with 51662 additions and 2132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
channels/pkg/api/channel.go
View File

@ -67,6 +67,9 @@ type AddonSpec struct {
// Legal values are control-plane, workers, and all
// Empty value means no update needed
NeedsRollingUpdate string `json:"needsRollingUpdate,omitempty"`
// NeedsPKI determines if channels should provision a CA and a cert-manager issuer for the addon.
NeedsPKI bool `json:"needsPKI,omitempty"`
}
func (a *Addons) Verify() error {

14
channels/pkg/channels/BUILD.bazel
View File

@ -12,10 +12,14 @@ go_library(
visibility = ["//visibility:public"],
deps = [
"//channels/pkg/api:go_default_library",
"//pkg/pki:go_default_library",
"//upup/pkg/fi/utils:go_default_library",
"//util/pkg/vfs:go_default_library",
"//vendor/github.com/blang/semver/v4:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/client/clientset/versioned:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
@ -26,14 +30,22 @@ go_library(
go_test(
name = "go_default_test",
srcs = ["addons_test.go"],
srcs = [
"addons_test.go",
"channel_version_test.go",
],
embed = [":go_default_library"],
deps = [
"//channels/pkg/api:go_default_library",
"//upup/pkg/fi:go_default_library",
"//upup/pkg/fi/utils:go_default_library",
"//vendor/github.com/blang/semver/v4:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/client/clientset/versioned/fake:go_default_library",
"//vendor/github.com/stretchr/testify/assert:go_default_library",
"//vendor/github.com/stretchr/testify/require:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/client-go/kubernetes/fake:go_default_library",
],
)

134
channels/pkg/channels/addon.go
View File

@ -18,10 +18,15 @@ package channels
import (
"context"
"crypto/x509/pkix"
"encoding/json"
"fmt"
"net/url"
"k8s.io/kops/pkg/pki"
certmanager "github.com/jetstack/cert-manager/pkg/client/clientset/versioned"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/validation/field"
@ -29,6 +34,8 @@ import (
"k8s.io/klog/v2"
"k8s.io/kops/channels/pkg/api"
cmv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@ -45,6 +52,7 @@ type AddonUpdate struct {
Name string
ExistingVersion *ChannelVersion
NewVersion *ChannelVersion
InstallPKI bool
}
// AddonMenu is a collection of addons, with helpers for computing the latest versions
@ -93,7 +101,7 @@ func (a *Addon) buildChannel() *Channel {
return channel
}
func (a *Addon) GetRequiredUpdates(ctx context.Context, k8sClient kubernetes.Interface) (*AddonUpdate, error) {
func (a *Addon) GetRequiredUpdates(ctx context.Context, k8sClient kubernetes.Interface, cmClient certmanager.Interface) (*AddonUpdate, error) {
newVersion := a.ChannelVersion()
channel := a.buildChannel()
@ -103,7 +111,20 @@ func (a *Addon) GetRequiredUpdates(ctx context.Context, k8sClient kubernetes.Int
return nil, err
}
pkiInstalled := true
if a.Spec.NeedsPKI {
pkiInstalled, err = channel.IsPKIInstalled(ctx, k8sClient, cmClient)
if err != nil {
return nil, err
}
}
if existingVersion != nil && !newVersion.replaces(existingVersion) {
newVersion = nil
}
if pkiInstalled && newVersion == nil {
return nil, nil
}
@ -111,6 +132,7 @@ func (a *Addon) GetRequiredUpdates(ctx context.Context, k8sClient kubernetes.Int
Name: a.Name,
ExistingVersion: existingVersion,
NewVersion: newVersion,
InstallPKI: !pkiInstalled,
}, nil
}
@ -130,38 +152,46 @@ func (a *Addon) GetManifestFullUrl() (*url.URL, error) {
return manifestURL, nil
}
func (a *Addon) EnsureUpdated(ctx context.Context, k8sClient kubernetes.Interface) (*AddonUpdate, error) {
required, err := a.GetRequiredUpdates(ctx, k8sClient)
func (a *Addon) EnsureUpdated(ctx context.Context, k8sClient kubernetes.Interface, cmClient certmanager.Interface) (*AddonUpdate, error) {
required, err := a.GetRequiredUpdates(ctx, k8sClient, cmClient)
if err != nil {
return nil, err
}
if required == nil {
return nil, nil
}
manifestURL, err := a.GetManifestFullUrl()
if err != nil {
return nil, err
}
klog.Infof("Applying update from %q", manifestURL)
err = Apply(manifestURL.String())
if err != nil {
return nil, fmt.Errorf("error applying update from %q: %v", manifestURL, err)
}
if a.Spec.NeedsRollingUpdate != "" {
err = a.AddNeedsUpdateLabel(ctx, k8sClient)
if required.NewVersion != nil {
manifestURL, err := a.GetManifestFullUrl()
if err != nil {
return nil, fmt.Errorf("error adding needs-update label: %v", err)
return nil, err
}
klog.Infof("Applying update from %q", manifestURL)
err = Apply(manifestURL.String())
if err != nil {
return nil, fmt.Errorf("error applying update from %q: %v", manifestURL, err)
}
if a.Spec.NeedsRollingUpdate != "" {
err = a.AddNeedsUpdateLabel(ctx, k8sClient)
if err != nil {
return nil, fmt.Errorf("error adding needs-update label: %v", err)
}
}
channel := a.buildChannel()
err = channel.SetInstalledVersion(ctx, k8sClient, a.ChannelVersion())
if err != nil {
return nil, fmt.Errorf("error applying annotation to record addon installation: %v", err)
}
}
channel := a.buildChannel()
err = channel.SetInstalledVersion(ctx, k8sClient, a.ChannelVersion())
if err != nil {
return nil, fmt.Errorf("error applying annotation to record addon installation: %v", err)
if required.InstallPKI {
err := a.installPKI(ctx, k8sClient, cmClient)
if err != nil {
return nil, fmt.Errorf("error installing PKI: %v", err)
}
}
return required, nil
}
@ -197,3 +227,63 @@ func (a *Addon) AddNeedsUpdateLabel(ctx context.Context, k8sClient kubernetes.In
}
return nil
}
func (a *Addon) installPKI(ctx context.Context, k8sClient kubernetes.Interface, cmClient certmanager.Interface) error {
klog.Infof("installing PKI for %q", a.Name)
req := &pki.IssueCertRequest{
Type: "ca",
Subject: pkix.Name{
CommonName: a.Name,
},
}
cert, privateKey, _, err := pki.IssueCert(req, nil)
if err != nil {
return err
}
secretName := a.Name + "-ca"
certString, err := cert.AsString()
if err != nil {
return err
}
keyString, err := privateKey.AsString()
if err != nil {
return err
}
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Namespace: "kube-system",
},
StringData: map[string]string{
"tls.crt": certString,
"tls.key": keyString,
},
Type: "kubernetes.io/tls",
}
_, err = k8sClient.CoreV1().Secrets("kube-system").Create(ctx, secret, metav1.CreateOptions{})
if err != nil && !errors.IsAlreadyExists(err) {
return err
}
issuer := &cmv1.Issuer{
ObjectMeta: metav1.ObjectMeta{
Name: a.Name,
Namespace: "kube-system",
},
Spec: cmv1.IssuerSpec{
IssuerConfig: cmv1.IssuerConfig{
CA: &cmv1.CAIssuer{
SecretName: secretName,
},
},
},
}
_, err = cmClient.CertmanagerV1().Issuers("kube-system").Create(ctx, issuer, metav1.CreateOptions{})
if err != nil && !errors.IsAlreadyExists(err) {
return err
}
return nil
}

79
channels/pkg/channels/addons_test.go
View File

@ -17,16 +17,22 @@ limitations under the License.
package channels
import (
"context"
"fmt"
"net/url"
"reflect"
"testing"
"github.com/blang/semver/v4"
fakecertmanager "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/fake"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
fakekubernetes "k8s.io/client-go/kubernetes/fake"
"k8s.io/kops/channels/pkg/api"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/utils"
)
@ -175,10 +181,10 @@ func Test_Replacement(t *testing.T) {
func Test_UnparseableVersion(t *testing.T) {
addons := api.Addons{
TypeMeta: v1.TypeMeta{
TypeMeta: metav1.TypeMeta{
Kind: "Addons",
},
ObjectMeta: v1.ObjectMeta{
ObjectMeta: metav1.ObjectMeta{
Name: "test",
},
Spec: api.AddonsSpec{
@ -225,6 +231,73 @@ func Test_MergeAddons(t *testing.T) {
}
}
func Test_GetRequiredUpdates(t *testing.T) {
ctx := context.Background()
kubeSystem := &corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: "kube-system",
},
}
fakek8s := fakekubernetes.NewSimpleClientset(kubeSystem)
fakecm := fakecertmanager.NewSimpleClientset()
addon := &Addon{
Name: "test",
Spec: &api.AddonSpec{
Name: fi.String("test"),
NeedsPKI: true,
},
}
addonUpdate, err := addon.GetRequiredUpdates(ctx, fakek8s, fakecm)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if addonUpdate == nil {
t.Fatal("expected addon update, got nil")
}
if !addonUpdate.InstallPKI {
t.Errorf("expected addon to require install")
}
}
func Test_InstallPKI(t *testing.T) {
ctx := context.Background()
kubeSystem := &corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: "kube-system",
},
}
fakek8s := fakekubernetes.NewSimpleClientset(kubeSystem)
fakecm := fakecertmanager.NewSimpleClientset()
addon := &Addon{
Name: "test",
Spec: &api.AddonSpec{
Name: fi.String("test"),
NeedsPKI: true,
},
}
err := addon.installPKI(ctx, fakek8s, fakecm)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
_, err = fakek8s.CoreV1().Secrets("kube-system").Get(ctx, "test-ca", metav1.GetOptions{})
if err != nil {
t.Errorf("unexpected error: %v", err)
}
//Two consecutive calls should work since multiple CP nodes can update at the same time
err = addon.installPKI(ctx, fakek8s, fakecm)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
_, err = fakecm.CertmanagerV1().Issuers("kube-system").Get(ctx, "test", metav1.GetOptions{})
if err != nil {
t.Errorf("unexpected error: %v", err)
}
}
func s(v string) *string {
return &v
}

24
channels/pkg/channels/channel_version.go
View File

@ -23,7 +23,9 @@ import (
"strings"
"github.com/blang/semver/v4"
certmanager "github.com/jetstack/cert-manager/pkg/client/clientset/versioned"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/kubernetes"
@ -164,6 +166,28 @@ func (c *Channel) GetInstalledVersion(ctx context.Context, k8sClient kubernetes.
return ParseChannelVersion(annotationValue)
}
func (c *Channel) IsPKIInstalled(ctx context.Context, k8sClient kubernetes.Interface, cmClient certmanager.Interface) (bool, error) {
_, err := k8sClient.CoreV1().Secrets("kube-system").Get(ctx, c.Name+"-ca", metav1.GetOptions{})
if errors.IsNotFound(err) {
return false, nil
}
if err != nil {
return true, err
}
_, err = cmClient.CertmanagerV1().Issuers("kube-system").Get(ctx, c.Name, metav1.GetOptions{})
if errors.IsNotFound(err) {
return false, nil
}
if err != nil {
return true, err
}
return true, nil
}
type annotationPatch struct {
Metadata annotationPatchMetadata `json:"metadata,omitempty"`
}

80
channels/pkg/channels/channel_version_test.go Normal file
View File

@ -0,0 +1,80 @@
/*
Copyright 2021 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package channels
import (
"context"
"testing"
cmv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
fakecertmanager "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/fake"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
fakekubernetes "k8s.io/client-go/kubernetes/fake"
)
func Test_IsPKIInstalled(t *testing.T) {
ctx := context.Background()
fakek8s := fakekubernetes.NewSimpleClientset(&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: "kube-sysetem",
},
})
fakecm := fakecertmanager.NewSimpleClientset()
channel := &Channel{
Name: "test",
}
isInstalled, err := channel.IsPKIInstalled(ctx, fakek8s, fakecm)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if isInstalled {
t.Error("claims PKI installed when it is not")
}
fakek8s = fakekubernetes.NewSimpleClientset(
&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: "kube-sysetem",
},
},
&corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "test-ca",
Namespace: "kube-system",
},
},
)
fakecm = fakecertmanager.NewSimpleClientset(
&cmv1.Issuer{
ObjectMeta: metav1.ObjectMeta{
Name: "test",
Namespace: "kube-system",
},
},
)
isInstalled, err = channel.IsPKIInstalled(ctx, fakek8s, fakecm)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if !isInstalled {
t.Error("claims PKI is not installed when it is")
}
}

2
channels/pkg/cmd/BUILD.bazel
View File

@ -16,12 +16,14 @@ go_library(
"//channels/pkg/channels:go_default_library",
"//util/pkg/tables:go_default_library",
"//vendor/github.com/blang/semver/v4:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/client/clientset/versioned:go_default_library",
"//vendor/github.com/spf13/cobra:go_default_library",
"//vendor/github.com/spf13/viper:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/client-go/kubernetes:go_default_library",
"//vendor/k8s.io/client-go/plugin/pkg/client/auth:go_default_library",
"//vendor/k8s.io/client-go/rest:go_default_library",
"//vendor/k8s.io/client-go/tools/clientcmd:go_default_library",
],
)

19
channels/pkg/cmd/apply_channel.go
View File

@ -59,6 +59,11 @@ func RunApplyChannel(ctx context.Context, f Factory, out io.Writer, options *App
return err
}
cmClient, err := f.CertManagerClient()
if err != nil {
return err
}
kubernetesVersionInfo, err := k8sClient.Discovery().ServerVersion()
if err != nil {
return fmt.Errorf("error querying kubernetes version: %v", err)
@ -135,7 +140,7 @@ func RunApplyChannel(ctx context.Context, f Factory, out io.Writer, options *App
var needUpdates []*channels.Addon
for _, addon := range menu.Addons {
// TODO: Cache lookups to prevent repeated lookups?
update, err := addon.GetRequiredUpdates(ctx, k8sClient)
update, err := addon.GetRequiredUpdates(ctx, k8sClient, cmClient)
if err != nil {
return fmt.Errorf("error checking for required update: %v", err)
}
@ -173,8 +178,14 @@ func RunApplyChannel(ctx context.Context, f Factory, out io.Writer, options *App
}
return "?"
})
t.AddColumn("PKI", func(r *channels.AddonUpdate) string {
if r.InstallPKI {
return "yes"
}
return "no"
})
columns := []string{"NAME", "CURRENT", "UPDATE"}
columns := []string{"NAME", "CURRENT", "UPDATE", "PKI"}
err := t.Render(updates, os.Stdout, columns...)
if err != nil {
return err
@ -187,13 +198,13 @@ func RunApplyChannel(ctx context.Context, f Factory, out io.Writer, options *App
}
for _, needUpdate := range needUpdates {
update, err := needUpdate.EnsureUpdated(ctx, k8sClient)
update, err := needUpdate.EnsureUpdated(ctx, k8sClient, cmClient)
if err != nil {
return fmt.Errorf("error updating %q: %v", needUpdate.Name, err)
}
// Could have been a concurrent request
if update != nil {
if update.NewVersion.Version != nil {
if update.NewVersion != nil && update.NewVersion.Version != nil {
fmt.Printf("Updated %q to %s\n", update.Name, *update.NewVersion.Version)
} else {
fmt.Printf("Updated %q\n", update.Name)

47
channels/pkg/cmd/factory.go
View File

@ -20,36 +20,45 @@ import (
"fmt"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
_ "k8s.io/client-go/plugin/pkg/client/auth"
certmanager "github.com/jetstack/cert-manager/pkg/client/clientset/versioned"
)
type Factory interface {
KubernetesClient() (kubernetes.Interface, error)
CertManagerClient() (certmanager.Interface, error)
}
type DefaultFactory struct {
kubernetesClient kubernetes.Interface
kubernetesClient kubernetes.Interface
certManagerClient certmanager.Interface
}
var _ Factory = &DefaultFactory{}
func loadConfig() (*rest.Config, error) {
loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
loadingRules.DefaultClientConfig = &clientcmd.DefaultClientConfig
configOverrides := &clientcmd.ConfigOverrides{
ClusterDefaults: clientcmd.ClusterDefaults,
}
kubeConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, configOverrides)
return kubeConfig.ClientConfig()
}
func (f *DefaultFactory) KubernetesClient() (kubernetes.Interface, error) {
if f.kubernetesClient == nil {
loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
loadingRules.DefaultClientConfig = &clientcmd.DefaultClientConfig
configOverrides := &clientcmd.ConfigOverrides{
ClusterDefaults: clientcmd.ClusterDefaults,
}
kubeConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, configOverrides)
config, err := kubeConfig.ClientConfig()
config, err := loadConfig()
if err != nil {
return nil, fmt.Errorf("cannot load kubecfg settings: %v", err)
}
k8sClient, err := kubernetes.NewForConfig(config)
if err != nil {
return nil, fmt.Errorf("cannot build kube client: %v", err)
@ -59,3 +68,19 @@ func (f *DefaultFactory) KubernetesClient() (kubernetes.Interface, error) {
return f.kubernetesClient, nil
}
func (f *DefaultFactory) CertManagerClient() (certmanager.Interface, error) {
if f.certManagerClient == nil {
config, err := loadConfig()
if err != nil {
return nil, fmt.Errorf("cannot load kubecfg settings: %v", err)
}
certManagerClient, err := certmanager.NewForConfig(config)
if err != nil {
return nil, fmt.Errorf("cannot build kube client: %v", err)
}
f.certManagerClient = certManagerClient
}
return f.certManagerClient, nil
}

5
go.mod
View File

@ -54,7 +54,7 @@ require (
github.com/Azure/azure-storage-blob-go v0.10.0
github.com/Azure/go-autorest/autorest v0.11.9
github.com/Azure/go-autorest/autorest/azure/auth v0.5.3
github.com/Azure/go-autorest/autorest/to v0.2.0
github.com/Azure/go-autorest/autorest/to v0.4.0
github.com/MakeNowJust/heredoc/v2 v2.0.1
github.com/Masterminds/sprig/v3 v3.1.0
github.com/aliyun/alibaba-cloud-sdk-go v1.61.264
@ -76,6 +76,7 @@ require (
github.com/hashicorp/hcl/v2 v2.7.0
github.com/hashicorp/vault/api v1.0.4
github.com/jacksontj/memberlistmesh v0.0.0-20190905163944-93462b9d2bb7
github.com/jetstack/cert-manager v1.1.0
github.com/mitchellh/mapstructure v1.1.2
github.com/pelletier/go-toml v1.8.1
github.com/pkg/sftp v1.12.0
@ -110,6 +111,6 @@ require (
k8s.io/kubectl v0.19.4
k8s.io/legacy-cloud-providers v0.0.0
k8s.io/utils v0.0.0-20201110183641-67b214c5f920
sigs.k8s.io/controller-runtime v0.6.1
sigs.k8s.io/controller-runtime v0.6.2
sigs.k8s.io/yaml v1.2.0
)

67
go.sum
View File

@ -34,6 +34,7 @@ github.com/Azure/azure-pipeline-go v0.2.3 h1:7U9HBg1JFK3jHl5qmo4CTZKFTVgMwdFHMVt
github.com/Azure/azure-pipeline-go v0.2.3/go.mod h1:x841ezTBIMG6O3lAcl8ATHnsOPVl2bqk7S3ta6S6u4k=
github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v43.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v46.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v48.2.0+incompatible h1:+t2P1j1r5N6lYgPiiz7ZbEVZFkWjVe9WhHbMm0gg8hw=
github.com/Azure/azure-sdk-for-go v48.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-storage-blob-go v0.10.0 h1:evCwGreYo3XLeBV4vSxLbLiYb6e0SzsJiXQVRGsRXxs=
@ -46,12 +47,14 @@ github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
github.com/Azure/go-autorest/autorest v0.11.6/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
github.com/Azure/go-autorest/autorest v0.11.9 h1:P0ZF0dEYoUPUVDQo3mA1CvH5b8mKev7DDcmTwauuNME=
github.com/Azure/go-autorest/autorest v0.11.9/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
github.com/Azure/go-autorest/autorest/adal v0.8.3/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE=
github.com/Azure/go-autorest/autorest/adal v0.9.5 h1:Y3bBUV4rTuxenJJs41HU3qmqsb+auo+a3Lz+PlJPpL0=
github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
github.com/Azure/go-autorest/autorest/azure/auth v0.5.3 h1:lZifaPRAk1bqg5vGqreL6F8uLC5V0fDpY8nFvc3boFc=
@ -70,8 +73,12 @@ github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPu
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/autorest/to v0.2.0 h1:nQOZzFCudTh+TvquAtCRjM01VEYx85e9qbwt5ncW4L8=
github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
github.com/Azure/go-autorest/autorest/validation v0.1.0 h1:ISSNzGUh+ZSzizJWOWzs8bwpXIePbGLW4z/AmUFGH5A=
github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8=
github.com/Azure/go-autorest/autorest/validation v0.3.0 h1:3I9AAI63HfcLtphd9g39ruUwRI+Ca+z/f36KHPFRUss=
github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E=
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
github.com/Azure/go-autorest/logger v0.2.0 h1:e4RVHVZKC5p6UANLJHkM4OfR1UKZPj8Wt8Pcx+3oqrE=
github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
@ -115,6 +122,7 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
github.com/Venafi/vcert/v4 v4.11.0/go.mod h1:OE+UZ0cj8qqVUuk0u7R4GIk4ZB6JMSf/WySqnBPNwws=
github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
@ -153,6 +161,7 @@ github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZo
github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.28.2/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.31.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
github.com/aws/aws-sdk-go v1.34.30/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48=
github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk=
github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
@ -201,6 +210,7 @@ github.com/cilium/ebpf v0.0.0-20200601085316-9f1617e5c574/go.mod h1:XT+cAw5wfvso
github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudflare/cloudflare-go v0.13.2/go.mod h1:27kfc1apuifUmJhp069y0+hwlKDg4bd8LWlu7oKeZvM=
github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313/go.mod h1:P1wt9Z3DP8O6W3rvwCt0REIlshg1InHImaLW0t3ObY0=
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa h1:OaNxuTZr7kxeODyLWsRMC+OD03aFUH+mW6r2d+MWa5Y=
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
@ -243,6 +253,7 @@ github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpu/goacmedns v0.0.3/go.mod h1:4MipLkI+qScwqtVxcNO6okBhbgRrr7/tKXUSgSL0teQ=
github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@ -263,6 +274,7 @@ github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/digitalocean/godo v1.44.0/go.mod h1:p7dOjjtSBqCTUksqtA5Fd3uaKs9kyTq2xcz76ulEJRU=
github.com/digitalocean/godo v1.54.0 h1:KP0Nv87pgViR8k/7De3VrmflCL5pJqXbNnkcw0bwG10=
github.com/digitalocean/godo v1.54.0/go.mod h1:p7dOjjtSBqCTUksqtA5Fd3uaKs9kyTq2xcz76ulEJRU=
github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4=
@ -356,6 +368,8 @@ github.com/go-logr/logr v0.2.1-0.20200730175230-ee2de8da5be6 h1:ZPVluSmhtMIHlqUD
github.com/go-logr/logr v0.2.1-0.20200730175230-ee2de8da5be6/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/zapr v0.1.0 h1:h+WVe9j6HAA01niTJPA/kKH0i7e0rLZBCwauQFcRE54=
github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk=
github.com/go-logr/zapr v0.1.1 h1:qXBXPDdNncunGs7XeEpsJt8wCjYBygluzfdLO0G5baE=
github.com/go-logr/zapr v0.1.1/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk=
github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
@ -413,6 +427,7 @@ github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
github.com/gobuffalo/envy v1.7.1/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80=
github.com/gobuffalo/logger v1.0.1/go.mod h1:2zbswyIUa45I+c+FLXuWl9zSWEiVuthsk8ze5s8JvPs=
github.com/gobuffalo/packd v0.3.0/go.mod h1:zC7QkmNkYVGKPw4tHpBQ+ml7W/3tIebgeo1b36chA3Q=
github.com/gobuffalo/packr/v2 v2.7.1/go.mod h1:qYEvAazPaVxy7Y7KR0W8qYEE+RymX74kETFqjFoFlOc=
@ -444,6 +459,7 @@ github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb
github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
github.com/golang/protobuf v1.0.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@ -474,6 +490,7 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@ -484,6 +501,8 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@ -516,6 +535,8 @@ github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
@ -591,6 +612,7 @@ github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKe
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
github.com/heketi/heketi v9.0.1-0.20190917153846-c2e2a4ab7ab9+incompatible/go.mod h1:bB9ly3RchcQqsQ9CpyaQwvva7RS5ytVoSoholZQON6o=
github.com/heketi/tests v0.0.0-20151005000721-f3775cbcefd6/go.mod h1:xGMAM8JLi7UkZt1i4FQeQy0R2T8GLUwQhOP5M1gBhy4=
github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs=
github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@ -608,6 +630,8 @@ github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS
github.com/jacksontj/memberlistmesh v0.0.0-20190905163944-93462b9d2bb7 h1:q9rwMYjPWIFOSijnxXre4+RGo8xS0NVbJzXg+F0NMHc=
github.com/jacksontj/memberlistmesh v0.0.0-20190905163944-93462b9d2bb7/go.mod h1:fFX3XoduobgoJsVtpzIFRTgKZAbNhsSJIDNOgeUU5g4=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jetstack/cert-manager v1.1.0 h1:gEhBV9I83m+kpQShDhNO4+J8O2qfNDjvAEL27pThGmg=
github.com/jetstack/cert-manager v1.1.0/go.mod h1:GULIHTGjSc2LjlgBCLhQ8u5WmQ95hk9FAiQbhjMthMk=
github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a/go.mod h1:wK6yTYYcgjHE1Z1QtXACPDjcFJyBskHEdagmnq3vsP8=
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
@ -688,15 +712,19 @@ github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM
github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
github.com/marten-seemann/qtls v0.2.3/go.mod h1:xzjG7avBwGGbdZ8dTGxlBnLArsVKLvwmjgmPuiQEcYk=
github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a/go.mod h1:M1qoD/MqPgTZIk0EWKB38wE28ACRfVcn+cU08jyArI0=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-ieproxy v0.0.0-20190702010315-6dee0af9227d/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc=
github.com/mattn/go-ieproxy v0.0.1 h1:qiyop7gCflfhwCzGyeT0gro3sF9AIg9HU98JORTkqfI=
github.com/mattn/go-ieproxy v0.0.1/go.mod h1:pYabZ6IHcRpFh7vIaLfK7rdcWgFEb3SFJ6/gNWuh88E=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-oci8 v0.0.7/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v1.12.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
@ -708,6 +736,8 @@ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N
github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/miekg/dns v1.1.4 h1:rCMZsU2ScVSYcAsOXgmC6+AKOK+6pmQTOcw03nfwYV0=
github.com/miekg/dns v1.1.4/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/miekg/dns v1.1.31 h1:sJFOl9BgwbYAWOGEwr61FU28pqsBNdpRBnhGXtO06Oo=
github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989/go.mod h1:2eu9pRWp8mo84xCg6KswZ+USQHjwgRhNp06sozOdsTY=
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
@ -744,6 +774,7 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0=
github.com/mrunalp/fileutils v0.0.0-20200520151820-abd8a0e76976/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0=
github.com/munnerz/crd-schema-fuzz v1.0.0/go.mod h1:4z/rcm37JxUkSsExFcLL6ZIT1SgDRdLiu7qq1evdVS0=
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mvdan/xurls v1.1.0/go.mod h1:tQlNn3BED8bE/15hnSL2HLkDeLWpNPAwtw7wkEq44oU=
@ -768,7 +799,9 @@ github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn
github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
github.com/olekukonko/tablewriter v0.0.2/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ=
github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.4.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@ -779,10 +812,12 @@ github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0
github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ=
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.3.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
@ -817,6 +852,7 @@ github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIw
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible/go.mod h1:xlUlxe/2ItGlQyMTstqeDv9r3U4obH7xYd26TbDQutY=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/pelletier/go-toml v1.4.0 h1:u3Z1r+oOXJIkxqw34zVhyPgjBsm6X2wn21NWs/HfSeg=
@ -922,6 +958,8 @@ github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs=
github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
@ -988,6 +1026,9 @@ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijb
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA=
github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
@ -1109,6 +1150,7 @@ golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.0 h1:8pl+sMODzuvGJkmj2W4kZihvVb5mKm8pB/X44PIQHv8=
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20180112015858-5ccada7d0a7b/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -1135,6 +1177,7 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191112182307-2180aed22343/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@ -1147,6 +1190,7 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@ -1161,10 +1205,10 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180117170059-2c42eef0765b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -1178,6 +1222,7 @@ golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5h
golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -1198,6 +1243,7 @@ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -1233,6 +1279,7 @@ golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0J
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20171227012246-e19ae1496984/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@ -1270,6 +1317,7 @@ golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgw
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191004055002-72853e10c5a3/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@ -1281,6 +1329,7 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191203134012-c197fd4bf371/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@ -1406,6 +1455,7 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.52.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.57.0 h1:9unxIsFcTt4I55uWluz+UmL95q4kdJ0buvQ1ZIqVQww=
gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/mcuadros/go-syslog.v2 v2.2.1/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U=
@ -1421,6 +1471,7 @@ gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRN
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.0.0/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@ -1429,8 +1480,10 @@ gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c h1:grhR+C34yXImVGp7EzNk+DTIk+323eIUWOmEevy6bDo=
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
@ -1442,7 +1495,6 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3 h1:sXmLre5bzIR6ypkjXCDI3jHPssRhc8KD/Ome589sc3U=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.6 h1:W18jzjh8mfPez+AwGLxmOImucz/IFjpNlrKVnaj2YVc=
honnef.co/go/tools v0.0.1-2020.1.6/go.mod h1:pyyisuGw24ruLjrr1ddx39WE0y9OooInRzEYLhQB2YY=
@ -1480,6 +1532,7 @@ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/klog/v2 v2.3.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/klog/v2 v2.4.0 h1:7+X0fUguPyrKEC4WjH8iGDg3laWgMo5tMnRTIGTTxGQ=
k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/kube-aggregator v0.20.0/go.mod h1:3Is/gzzWmhhG/rA3CpA1+eVye87lreBQDFGcAGT7gzo=
@ -1514,15 +1567,19 @@ rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
sigs.k8s.io/controller-runtime v0.6.1 h1:LcK2+nk0kmaOnKGN+vBcWHqY5WDJNJNB/c5pW+sU8fc=
sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A=
sigs.k8s.io/controller-runtime v0.6.2 h1:jkAnfdTYBpFwlmBn3pS5HFO06SfxvnTZ1p5PeEF/zAA=
sigs.k8s.io/controller-runtime v0.6.2/go.mod h1:vhcq/rlnENJ09SIRp3EveTaZ0yqH526hjf9iJdbUJ/E=
sigs.k8s.io/controller-tools v0.2.9-0.20200414181213-645d44dca7c0/go.mod h1:YKE/iHvcKITCljdnlqHYe+kAt7ZldvtAwUzQff0k1T0=
sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0=
sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU=
sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2 h1:YHQV7Dajm86OuqnIR6zAelnDWBRjo+YhYV9PmGrh1s8=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/testing_frameworks v0.1.2/go.mod h1:ToQrwSC3s8Xf/lADdZp3Mktcql9CG0UAmdJG9th5i0w=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
software.sslmate.com/src/go-pkcs12 v0.0.0-20180114231543-2291e8f0f237/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ=
software.sslmate.com/src/go-pkcs12 v0.0.0-20190209200317-47dd539968c4/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ=
software.sslmate.com/src/go-pkcs12 v0.0.0-20200830195227-52f69702a001/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ=
sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=

2
vendor/github.com/Azure/go-autorest/autorest/to/go.mod generated vendored
View File

@ -1,3 +1,5 @@
module github.com/Azure/go-autorest/autorest/to
go 1.12
require github.com/Azure/go-autorest v14.2.0+incompatible

2
vendor/github.com/Azure/go-autorest/autorest/to/go.sum generated vendored Normal file
View File

@ -0,0 +1,2 @@
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=

24
vendor/github.com/Azure/go-autorest/autorest/to/go_mod_tidy_hack.go generated vendored Normal file
View File

@ -0,0 +1,24 @@
// +build modhack
package to
// Copyright 2017 Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// This file, and the github.com/Azure/go-autorest import, won't actually become part of
// the resultant binary.
// Necessary for safely adding multi-module repo.
// See: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
import _ "github.com/Azure/go-autorest"

5
vendor/github.com/Azure/go-autorest/autorest/validation/go.mod generated vendored
View File

@ -2,4 +2,7 @@ module github.com/Azure/go-autorest/autorest/validation
go 1.12
require github.com/stretchr/testify v1.3.0
require (
github.com/Azure/go-autorest v14.2.0+incompatible
github.com/stretchr/testify v1.3.0
)

2
vendor/github.com/Azure/go-autorest/autorest/validation/go.sum generated vendored
View File

@ -1,3 +1,5 @@
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

24
vendor/github.com/Azure/go-autorest/autorest/validation/go_mod_tidy_hack.go generated vendored Normal file
View File

@ -0,0 +1,24 @@
// +build modhack
package validation
// Copyright 2017 Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// This file, and the github.com/Azure/go-autorest import, won't actually become part of
// the resultant binary.
// Necessary for safely adding multi-module repo.
// See: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
import _ "github.com/Azure/go-autorest"

11
vendor/github.com/google/gofuzz/.travis.yml generated vendored
View File

@ -1,13 +1,10 @@
language: go
go:
- 1.4
- 1.3
- 1.2
- tip
install:
- if ! go get code.google.com/p/go.tools/cmd/cover; then go get golang.org/x/tools/cmd/cover; fi
- 1.11.x
- 1.12.x
- 1.13.x
- master
script:
- go test -cover

1
vendor/github.com/google/gofuzz/BUILD.bazel generated vendored
View File

@ -9,4 +9,5 @@ go_library(
importmap = "k8s.io/kops/vendor/github.com/google/gofuzz",
importpath = "github.com/google/gofuzz",
visibility = ["//visibility:public"],
deps = ["//vendor/github.com/google/gofuzz/bytesource:go_default_library"],
)

2
vendor/github.com/google/gofuzz/CONTRIBUTING.md generated vendored
View File

@ -1,7 +1,7 @@
# How to contribute #
We'd love to accept your patches and contributions to this project. There are
a just a few small guidelines you need to follow.
just a few small guidelines you need to follow.
## Contributor License Agreement ##

18
vendor/github.com/google/gofuzz/README.md generated vendored
View File

@ -68,4 +68,22 @@ f.Fuzz(&myObject) // Type will correspond to whether A or B info is set.
See more examples in ```example_test.go```.
You can use this library for easier [go-fuzz](https://github.com/dvyukov/go-fuzz)ing.
go-fuzz provides the user a byte-slice, which should be converted to different inputs
for the tested function. This library can help convert the byte slice. Consider for
example a fuzz test for a the function `mypackage.MyFunc` that takes an int arguments:
```go
// +build gofuzz
package mypackage
import fuzz "github.com/google/gofuzz"
func Fuzz(data []byte) int {
var i int
fuzz.NewFromGoFuzz(data).Fuzz(&i)
MyFunc(i)
return 0
}
```
Happy testing!

9
vendor/github.com/google/gofuzz/bytesource/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,9 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["bytesource.go"],
importmap = "k8s.io/kops/vendor/github.com/google/gofuzz/bytesource",
importpath = "github.com/google/gofuzz/bytesource",
visibility = ["//visibility:public"],
)

81
vendor/github.com/google/gofuzz/bytesource/bytesource.go generated vendored Normal file
View File

@ -0,0 +1,81 @@
/*
Copyright 2014 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package bytesource provides a rand.Source64 that is determined by a slice of bytes.
package bytesource
import (
"bytes"
"encoding/binary"
"io"
"math/rand"
)
// ByteSource implements rand.Source64 determined by a slice of bytes. The random numbers are
// generated from each 8 bytes in the slice, until the last bytes are consumed, from which a
// fallback pseudo random source is created in case more random numbers are required.
// It also exposes a `bytes.Reader` API, which lets callers consume the bytes directly.
type ByteSource struct {
*bytes.Reader
fallback rand.Source
}
// New returns a new ByteSource from a given slice of bytes.
func New(input []byte) *ByteSource {
s := &ByteSource{
Reader: bytes.NewReader(input),
fallback: rand.NewSource(0),
}
if len(input) > 0 {
s.fallback = rand.NewSource(int64(s.consumeUint64()))
}
return s
}
func (s *ByteSource) Uint64() uint64 {
// Return from input if it was not exhausted.
if s.Len() > 0 {
return s.consumeUint64()
}
// Input was exhausted, return random number from fallback (in this case fallback should not be
// nil). Try first having a Uint64 output (Should work in current rand implementation),
// otherwise return a conversion of Int63.
if s64, ok := s.fallback.(rand.Source64); ok {
return s64.Uint64()
}
return uint64(s.fallback.Int63())
}
func (s *ByteSource) Int63() int64 {
return int64(s.Uint64() >> 1)
}
func (s *ByteSource) Seed(seed int64) {
s.fallback = rand.NewSource(seed)
s.Reader = bytes.NewReader(nil)
}
// consumeUint64 reads 8 bytes from the input and convert them to a uint64. It assumes that the the
// bytes reader is not empty.
func (s *ByteSource) consumeUint64() uint64 {
var bytes [8]byte
_, err := s.Read(bytes[:])
if err != nil && err != io.EOF {
panic("failed reading source") // Should not happen.
}
return binary.BigEndian.Uint64(bytes[:])
}

137
vendor/github.com/google/gofuzz/fuzz.go generated vendored
View File

@ -22,6 +22,9 @@ import (
"reflect"
"regexp"
"time"
"github.com/google/gofuzz/bytesource"
"strings"
)
// fuzzFuncMap is a map from a type to a fuzzFunc that handles that type.
@ -61,6 +64,34 @@ func NewWithSeed(seed int64) *Fuzzer {
return f
}
// NewFromGoFuzz is a helper function that enables using gofuzz (this
// project) with go-fuzz (https://github.com/dvyukov/go-fuzz) for continuous
// fuzzing. Essentially, it enables translating the fuzzing bytes from
// go-fuzz to any Go object using this library.
//
// This implementation promises a constant translation from a given slice of
// bytes to the fuzzed objects. This promise will remain over future
// versions of Go and of this library.
//
// Note: the returned Fuzzer should not be shared between multiple goroutines,
// as its deterministic output will no longer be available.
//
// Example: use go-fuzz to test the function `MyFunc(int)` in the package
// `mypackage`. Add the file: "mypacakge_fuzz.go" with the content:
//
// // +build gofuzz
// package mypacakge
// import fuzz "github.com/google/gofuzz"
// func Fuzz(data []byte) int {
// var i int
// fuzz.NewFromGoFuzz(data).Fuzz(&i)
// MyFunc(i)
// return 0
// }
func NewFromGoFuzz(data []byte) *Fuzzer {
return New().RandSource(bytesource.New(data))
}
// Funcs adds each entry in fuzzFuncs as a custom fuzzing function.
//
// Each entry in fuzzFuncs must be a function taking two parameters.
@ -141,7 +172,7 @@ func (f *Fuzzer) genElementCount() int {
}
func (f *Fuzzer) genShouldFill() bool {
return f.r.Float64() > f.nilChance
return f.r.Float64() >= f.nilChance
}
// MaxDepth sets the maximum number of recursive fuzz calls that will be made
@ -240,6 +271,7 @@ func (fc *fuzzerContext) doFuzz(v reflect.Value, flags uint64) {
fn(v, fc.fuzzer.r)
return
}
switch v.Kind() {
case reflect.Map:
if fc.fuzzer.genShouldFill() {
@ -450,10 +482,10 @@ var fillFuncMap = map[reflect.Kind]func(reflect.Value, *rand.Rand){
v.SetFloat(r.Float64())
},
reflect.Complex64: func(v reflect.Value, r *rand.Rand) {
panic("unimplemented")
v.SetComplex(complex128(complex(r.Float32(), r.Float32())))
},
reflect.Complex128: func(v reflect.Value, r *rand.Rand) {
panic("unimplemented")
v.SetComplex(complex(r.Float64(), r.Float64()))
},
reflect.String: func(v reflect.Value, r *rand.Rand) {
v.SetString(randString(r))
@ -465,38 +497,105 @@ var fillFuncMap = map[reflect.Kind]func(reflect.Value, *rand.Rand){
// randBool returns true or false randomly.
func randBool(r *rand.Rand) bool {
if r.Int()&1 == 1 {
return true
}
return false
return r.Int31()&(1<<30) == 0
}
type charRange struct {
first, last rune
type int63nPicker interface {
Int63n(int64) int64
}
// UnicodeRange describes a sequential range of unicode characters.
// Last must be numerically greater than First.
type UnicodeRange struct {
First, Last rune
}
// UnicodeRanges describes an arbitrary number of sequential ranges of unicode characters.
// To be useful, each range must have at least one character (First <= Last) and
// there must be at least one range.
type UnicodeRanges []UnicodeRange
// choose returns a random unicode character from the given range, using the
// given randomness source.
func (r *charRange) choose(rand *rand.Rand) rune {
count := int64(r.last - r.first)
return r.first + rune(rand.Int63n(count))
func (ur UnicodeRange) choose(r int63nPicker) rune {
count := int64(ur.Last - ur.First + 1)
return ur.First + rune(r.Int63n(count))
}
var unicodeRanges = []charRange{
// CustomStringFuzzFunc constructs a FuzzFunc which produces random strings.
// Each character is selected from the range ur. If there are no characters
// in the range (cr.Last < cr.First), this will panic.
func (ur UnicodeRange) CustomStringFuzzFunc() func(s *string, c Continue) {
ur.check()
return func(s *string, c Continue) {
*s = ur.randString(c.Rand)
}
}
// check is a function that used to check whether the first of ur(UnicodeRange)
// is greater than the last one.
func (ur UnicodeRange) check() {
if ur.Last < ur.First {
panic("The last encoding must be greater than the first one.")
}
}
// randString of UnicodeRange makes a random string up to 20 characters long.
// Each character is selected form ur(UnicodeRange).
func (ur UnicodeRange) randString(r *rand.Rand) string {
n := r.Intn(20)
sb := strings.Builder{}
sb.Grow(n)
for i := 0; i < n; i++ {
sb.WriteRune(ur.choose(r))
}
return sb.String()
}
// defaultUnicodeRanges sets a default unicode range when user do not set
// CustomStringFuzzFunc() but wants fuzz string.
var defaultUnicodeRanges = UnicodeRanges{
{' ', '~'}, // ASCII characters
{'\u00a0', '\u02af'}, // Multi-byte encoded characters
{'\u4e00', '\u9fff'}, // Common CJK (even longer encodings)
}
// CustomStringFuzzFunc constructs a FuzzFunc which produces random strings.
// Each character is selected from one of the ranges of ur(UnicodeRanges).
// Each range has an equal probability of being chosen. If there are no ranges,
// or a selected range has no characters (.Last < .First), this will panic.
// Do not modify any of the ranges in ur after calling this function.
func (ur UnicodeRanges) CustomStringFuzzFunc() func(s *string, c Continue) {
// Check unicode ranges slice is empty.
if len(ur) == 0 {
panic("UnicodeRanges is empty.")
}
// if not empty, each range should be checked.
for i := range ur {
ur[i].check()
}
return func(s *string, c Continue) {
*s = ur.randString(c.Rand)
}
}
// randString of UnicodeRanges makes a random string up to 20 characters long.
// Each character is selected form one of the ranges of ur(UnicodeRanges),
// and each range has an equal probability of being chosen.
func (ur UnicodeRanges) randString(r *rand.Rand) string {
n := r.Intn(20)
sb := strings.Builder{}
sb.Grow(n)
for i := 0; i < n; i++ {
sb.WriteRune(ur[r.Intn(len(ur))].choose(r))
}
return sb.String()
}
// randString makes a random string up to 20 characters long. The returned string
// may include a variety of (valid) UTF-8 encodings.
func randString(r *rand.Rand) string {
n := r.Intn(20)
runes := make([]rune, n)
for i := range runes {
runes[i] = unicodeRanges[r.Intn(len(unicodeRanges))].choose(r)
}
return string(runes)
return defaultUnicodeRanges.randString(r)
}
// randUint64 makes random 64 bit numbers.

202
vendor/github.com/jetstack/cert-manager/LICENSE generated vendored Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

20270
vendor/github.com/jetstack/cert-manager/LICENSES generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

9
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,9 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["doc.go"],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/acme",
importpath = "github.com/jetstack/cert-manager/pkg/apis/acme",
visibility = ["//visibility:public"],
)

22
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/doc.go generated vendored Normal file
View File

@ -0,0 +1,22 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// +groupName=acme.cert-manager.io
// Package acme contains types in the acme cert-manager API group
package acme
const GroupName = "acme.cert-manager.io"

27
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,27 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"const.go",
"doc.go",
"register.go",
"types.go",
"types_challenge.go",
"types_issuer.go",
"types_order.go",
"zz_generated.deepcopy.go",
],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1",
importpath = "github.com/jetstack/cert-manager/pkg/apis/acme/v1",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/jetstack/cert-manager/pkg/apis/acme:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)

21
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1/const.go generated vendored Normal file
View File

@ -0,0 +1,21 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
const (
ACMEFinalizer = "finalizer.acme.cert-manager.io"
)

23
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1/doc.go generated vendored Normal file
View File

@ -0,0 +1,23 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1 is the v1 version of the API.
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/acme
// +k8s:openapi-gen=true
// +k8s:defaulter-gen=TypeMeta
// +groupName=acme.cert-manager.io
package v1

58
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1/register.go generated vendored Normal file
View File

@ -0,0 +1,58 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/jetstack/cert-manager/pkg/apis/acme"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: acme.GroupName, Version: "v1"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Order{},
&OrderList{},
&Challenge{},
&ChallengeList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

55
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1/types.go generated vendored Normal file
View File

@ -0,0 +1,55 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
const (
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.name field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users of Ingress controllers that maintain
// a 1:1 mapping between endpoint IP and Ingress resource.
ACMECertificateHTTP01IngressNameOverride = "acme.cert-manager.io/http01-override-ingress-name"
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.class field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users deploying many different ingress
// classes into a single cluster that want to be able to re-use a single
// solver for each ingress class.
ACMECertificateHTTP01IngressClassOverride = "acme.cert-manager.io/http01-override-ingress-class"
// IngressEditInPlaceAnnotation is used to toggle the use of ingressClass instead
// of ingress on the created Certificate resource
IngressEditInPlaceAnnotationKey = "acme.cert-manager.io/http01-edit-in-place"
// DomainLabelKey is added to the labels of a Pod serving an ACME challenge.
// Its value will be the hash of the domain name that is being verified.
DomainLabelKey = "acme.cert-manager.io/http-domain"
// TokenLabelKey is added to the labels of a Pod serving an ACME challenge.
// Its value will be the hash of the challenge token that is being served by the pod.
TokenLabelKey = "acme.cert-manager.io/http-token"
// SolverIdentificationLabelKey is added to the labels of a Pod serving an ACME challenge.
// Its value will be the "true" if the Pod is an HTTP-01 solver.
SolverIdentificationLabelKey = "acme.cert-manager.io/http01-solver"
)
const (
OrderKind = "Order"
ChallengeKind = "Challenge"
)

146
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1/types_challenge.go generated vendored Normal file
View File

@ -0,0 +1,146 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
// Challenge is a type to represent a Challenge request with an ACME server
// +k8s:openapi-gen=true
// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state"
// +kubebuilder:printcolumn:name="Domain",type="string",JSONPath=".spec.dnsName"
// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason",description="",priority=1
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC."
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=challenges
type Challenge struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec ChallengeSpec `json:"spec"`
// +optional
Status ChallengeStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ChallengeList is a list of Challenges
type ChallengeList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Challenge `json:"items"`
}
type ChallengeSpec struct {
// The URL of the ACME Challenge resource for this challenge.
// This can be used to lookup details about the status of this challenge.
URL string `json:"url"`
// The URL to the ACME Authorization resource that this
// challenge is a part of.
AuthorizationURL string `json:"authorizationURL"`
// dnsName is the identifier that this challenge is for, e.g. example.com.
// If the requested DNSName is a 'wildcard', this field MUST be set to the
// non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
DNSName string `json:"dnsName"`
// wildcard will be true if this challenge is for a wildcard identifier,
// for example '*.example.com'.
// +optional
Wildcard bool `json:"wildcard"`
// The type of ACME challenge this resource represents.
// One of "HTTP-01" or "DNS-01".
Type ACMEChallengeType `json:"type"`
// The ACME challenge token for this challenge.
// This is the raw value returned from the ACME server.
Token string `json:"token"`
// The ACME challenge key for this challenge
// For HTTP01 challenges, this is the value that must be responded with to
// complete the HTTP01 challenge in the format:
// `<private key JWK thumbprint>.<key from acme server for challenge>`.
// For DNS01 challenges, this is the base64 encoded SHA256 sum of the
// `<private key JWK thumbprint>.<key from acme server for challenge>`
// text that must be set as the TXT record content.
Key string `json:"key"`
// Contains the domain solving configuration that should be used to
// solve this challenge resource.
Solver ACMEChallengeSolver `json:"solver"`
// References a properly configured ACME-type Issuer which should
// be used to create this Challenge.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Challenge will be marked as failed.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
}
// The type of ACME challenge. Only HTTP-01 and DNS-01 are supported.
// +kubebuilder:validation:Enum=HTTP-01;DNS-01
type ACMEChallengeType string
const (
// ACMEChallengeTypeHTTP01 denotes a Challenge is of type http-01
// More info: https://letsencrypt.org/docs/challenge-types/#http-01-challenge
ACMEChallengeTypeHTTP01 ACMEChallengeType = "HTTP-01"
// ACMEChallengeTypeDNS01 denotes a Challenge is of type dns-01
// More info: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
ACMEChallengeTypeDNS01 ACMEChallengeType = "DNS-01"
)
type ChallengeStatus struct {
// Used to denote whether this challenge should be processed or not.
// This field will only be set to true by the 'scheduling' component.
// It will only be set to false by the 'challenges' controller, after the
// challenge has reached a final state or timed out.
// If this field is set to false, the challenge controller will not take
// any more action.
// +optional
Processing bool `json:"processing"`
// presented will be set to true if the challenge values for this challenge
// are currently 'presented'.
// This *does not* imply the self check is passing. Only that the values
// have been 'submitted' for the appropriate challenge mechanism (i.e. the
// DNS01 TXT record has been presented, or the HTTP01 configuration has been
// configured).
// +optional
Presented bool `json:"presented"`
// Contains human readable information on why the Challenge is in the
// current state.
// +optional
Reason string `json:"reason,omitempty"`
// Contains the current 'state' of the challenge.
// If not set, the state of the challenge is unknown.
// +optional
State State `json:"state,omitempty"`
}

556
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1/types_issuer.go generated vendored Normal file
View File

@ -0,0 +1,556 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
corev1 "k8s.io/api/core/v1"
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// ACMEIssuer contains the specification for an ACME issuer.
// This uses the RFC8555 specification to obtain certificates by completing
// 'challenges' to prove ownership of domain identifiers.
// Earlier draft versions of the ACME specification are not supported.
type ACMEIssuer struct {
// Email is the email address to be associated with the ACME account.
// This field is optional, but it is strongly recommended to be set.
// It will be used to contact you in case of issues with your account or
// certificates, including expiry notification emails.
// This field may be updated after the account is initially registered.
// +optional
Email string `json:"email,omitempty"`
// Server is the URL used to access the ACME server's 'directory' endpoint.
// For example, for Let's Encrypt's staging endpoint, you would use:
// "https://acme-staging-v02.api.letsencrypt.org/directory".
// Only ACME v2 endpoints (i.e. RFC 8555) are supported.
Server string `json:"server"`
// PreferredChain is the chain to use if the ACME server outputs multiple.
// PreferredChain is no guarantee that this one gets delivered by the ACME
// endpoint.
// For example, for Let's Encrypt's DST crosssign you would use:
// "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA.
// This value picks the first certificate bundle in the ACME alternative
// chains that has a certificate with this value as its issuer's CN
// +optional
// +kubebuilder:validation:MaxLength=64
PreferredChain string `json:"preferredChain"`
// Enables or disables validation of the ACME server TLS certificate.
// If true, requests to the ACME server will not have their TLS certificate
// validated (i.e. insecure connections will be allowed).
// Only enable this option in development environments.
// The cert-manager system installed roots will be used to verify connections
// to the ACME server if this is false.
// Defaults to false.
// +optional
SkipTLSVerify bool `json:"skipTLSVerify,omitempty"`
// ExternalAccountBinding is a reference to a CA external account of the ACME
// server.
// If set, upon registration cert-manager will attempt to associate the given
// external account credentials with the registered ACME account.
// +optional
ExternalAccountBinding *ACMEExternalAccountBinding `json:"externalAccountBinding,omitempty"`
// PrivateKey is the name of a Kubernetes Secret resource that will be used to
// store the automatically generated ACME account private key.
// Optionally, a `key` may be specified to select a specific entry within
// the named Secret resource.
// If `key` is not specified, a default of `tls.key` will be used.
PrivateKey cmmeta.SecretKeySelector `json:"privateKeySecretRef"`
// Solvers is a list of challenge solvers that will be used to solve
// ACME challenges for the matching domains.
// Solver configurations must be provided in order to obtain certificates
// from an ACME server.
// For more information, see: https://cert-manager.io/docs/configuration/acme/
// +optional
Solvers []ACMEChallengeSolver `json:"solvers,omitempty"`
// Enables or disables generating a new ACME account key.
// If true, the Issuer resource will *not* request a new account but will expect
// the account key to be supplied via an existing secret.
// If false, the cert-manager system will generate a new ACME account key
// for the Issuer.
// Defaults to false.
// +optional
DisableAccountKeyGeneration bool `json:"disableAccountKeyGeneration,omitempty"`
// Enables requesting a Not After date on certificates that matches the
// duration of the certificate. This is not supported by all ACME servers
// like Let's Encrypt. If set to true when the ACME server does not support
// it it will create an error on the Order.
// Defaults to false.
// +optional
EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
}
// ACMEExternalAccountBinding is a reference to a CA external account of the ACME
// server.
type ACMEExternalAccountBinding struct {
// keyID is the ID of the CA key that the External Account is bound to.
KeyID string `json:"keyID"`
// keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes
// Secret which holds the symmetric MAC key of the External Account Binding.
// The `key` is the index string that is paired with the key data in the
// Secret and should not be confused with the key data itself, or indeed with
// the External Account Binding keyID above.
// The secret key stored in the Secret **must** be un-padded, base64 URL
// encoded data.
Key cmmeta.SecretKeySelector `json:"keySecretRef"`
// keyAlgorithm is the MAC key algorithm that the key is used for.
// Valid values are "HS256", "HS384" and "HS512".
KeyAlgorithm HMACKeyAlgorithm `json:"keyAlgorithm"`
}
// HMACKeyAlgorithm is the name of a key algorithm used for HMAC encryption
// +kubebuilder:validation:Enum=HS256;HS384;HS512
type HMACKeyAlgorithm string
const (
HS256 HMACKeyAlgorithm = "HS256"
HS384 HMACKeyAlgorithm = "HS384"
HS512 HMACKeyAlgorithm = "HS512"
)
// Configures an issuer to solve challenges using the specified options.
// Only one of HTTP01 or DNS01 may be provided.
type ACMEChallengeSolver struct {
// Selector selects a set of DNSNames on the Certificate resource that
// should be solved using this challenge solver.
// If not specified, the solver will be treated as the 'default' solver
// with the lowest priority, i.e. if any other solver has a more specific
// match, it will be used instead.
// +optional
Selector *CertificateDNSNameSelector `json:"selector,omitempty"`
// Configures cert-manager to attempt to complete authorizations by
// performing the HTTP01 challenge flow.
// It is not possible to obtain certificates for wildcard domain names
// (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
// +optional
HTTP01 *ACMEChallengeSolverHTTP01 `json:"http01,omitempty"`
// Configures cert-manager to attempt to complete authorizations by
// performing the DNS01 challenge flow.
// +optional
DNS01 *ACMEChallengeSolverDNS01 `json:"dns01,omitempty"`
}
// CertificateDomainSelector selects certificates using a label selector, and
// can optionally select individual DNS names within those certificates.
// If both MatchLabels and DNSNames are empty, this selector will match all
// certificates and DNS names within them.
type CertificateDNSNameSelector struct {
// A label selector that is used to refine the set of certificate's that
// this challenge solver will apply to.
// +optional
MatchLabels map[string]string `json:"matchLabels,omitempty"`
// List of DNSNames that this solver will be used to solve.
// If specified and a match is found, a dnsNames selector will take
// precedence over a dnsZones selector.
// If multiple solvers match with the same dnsNames value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
DNSNames []string `json:"dnsNames,omitempty"`
// List of DNSZones that this solver will be used to solve.
// The most specific DNS zone match specified here will take precedence
// over other DNS zone matches, so a solver specifying sys.example.com
// will be selected over one specifying example.com for the domain
// www.sys.example.com.
// If multiple solvers match with the same dnsZones value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
DNSZones []string `json:"dnsZones,omitempty"`
}
// ACMEChallengeSolverHTTP01 contains configuration detailing how to solve
// HTTP01 challenges within a Kubernetes cluster.
// Typically this is accomplished through creating 'routes' of some description
// that configure ingress controllers to direct traffic to 'solver pods', which
// are responsible for responding to the ACME server's HTTP requests.
type ACMEChallengeSolverHTTP01 struct {
// The ingress based HTTP01 challenge solver will solve challenges by
// creating or modifying Ingress resources in order to route requests for
// '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are
// provisioned by cert-manager for each Challenge to be completed.
// +optional
Ingress *ACMEChallengeSolverHTTP01Ingress `json:"ingress,omitempty"`
}
type ACMEChallengeSolverHTTP01Ingress struct {
// Optional service type for Kubernetes solver service
// +optional
ServiceType corev1.ServiceType `json:"serviceType,omitempty"`
// The ingress class to use when creating Ingress resources to solve ACME
// challenges that use this challenge solver.
// Only one of 'class' or 'name' may be specified.
// +optional
Class *string `json:"class,omitempty"`
// The name of the ingress resource that should have ACME challenge solving
// routes inserted into it in order to solve HTTP01 challenges.
// This is typically used in conjunction with ingress controllers like
// ingress-gce, which maintains a 1:1 mapping between external IPs and
// ingress resources.
// +optional
Name string `json:"name,omitempty"`
// Optional pod template used to configure the ACME challenge solver pods
// used for HTTP01 challenges
// +optional
PodTemplate *ACMEChallengeSolverHTTP01IngressPodTemplate `json:"podTemplate,omitempty"`
// Optional ingress template used to configure the ACME challenge solver
// ingress used for HTTP01 challenges
// +optional
IngressTemplate *ACMEChallengeSolverHTTP01IngressTemplate `json:"ingressTemplate,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressPodTemplate struct {
// ObjectMeta overrides for the pod used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
ACMEChallengeSolverHTTP01IngressPodObjectMeta `json:"metadata"`
// PodSpec defines overrides for the HTTP01 challenge solver pod.
// Only the 'priorityClassName', 'nodeSelector', 'affinity',
// 'serviceAccountName' and 'tolerations' fields are supported currently.
// All other fields will be ignored.
// +optional
Spec ACMEChallengeSolverHTTP01IngressPodSpec `json:"spec"`
}
type ACMEChallengeSolverHTTP01IngressPodObjectMeta struct {
// Annotations that should be added to the create ACME HTTP01 solver pods.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// Labels that should be added to the created ACME HTTP01 solver pods.
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressPodSpec struct {
// NodeSelector is a selector which must be true for the pod to fit on a node.
// Selector which must match a node's labels for the pod to be scheduled on that node.
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// If specified, the pod's scheduling constraints
// +optional
Affinity *corev1.Affinity `json:"affinity,omitempty"`
// If specified, the pod's tolerations.
// +optional
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// If specified, the pod's priorityClassName.
// +optional
PriorityClassName string `json:"priorityClassName,omitempty"`
// If specified, the pod's service account
// +optional
ServiceAccountName string `json:"serviceAccountName,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressTemplate struct {
// ObjectMeta overrides for the ingress used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
ACMEChallengeSolverHTTP01IngressObjectMeta `json:"metadata"`
}
type ACMEChallengeSolverHTTP01IngressObjectMeta struct {
// Annotations that should be added to the created ACME HTTP01 solver ingress.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// Labels that should be added to the created ACME HTTP01 solver ingress.
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
// Used to configure a DNS01 challenge provider to be used when solving DNS01
// challenges.
// Only one DNS provider may be configured per solver.
type ACMEChallengeSolverDNS01 struct {
// CNAMEStrategy configures how the DNS01 provider should handle CNAME
// records when found in DNS zones.
// +optional
CNAMEStrategy CNAMEStrategy `json:"cnameStrategy,omitempty"`
// Use the Akamai DNS zone management API to manage DNS01 challenge records.
// +optional
Akamai *ACMEIssuerDNS01ProviderAkamai `json:"akamai,omitempty"`
// Use the Google Cloud DNS API to manage DNS01 challenge records.
// +optional
CloudDNS *ACMEIssuerDNS01ProviderCloudDNS `json:"cloudDNS,omitempty"`
// Use the Cloudflare API to manage DNS01 challenge records.
// +optional
Cloudflare *ACMEIssuerDNS01ProviderCloudflare `json:"cloudflare,omitempty"`
// Use the AWS Route53 API to manage DNS01 challenge records.
// +optional
Route53 *ACMEIssuerDNS01ProviderRoute53 `json:"route53,omitempty"`
// Use the Microsoft Azure DNS API to manage DNS01 challenge records.
// +optional
AzureDNS *ACMEIssuerDNS01ProviderAzureDNS `json:"azureDNS,omitempty"`
// Use the DigitalOcean DNS API to manage DNS01 challenge records.
// +optional
DigitalOcean *ACMEIssuerDNS01ProviderDigitalOcean `json:"digitalocean,omitempty"`
// Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage
// DNS01 challenge records.
// +optional
AcmeDNS *ACMEIssuerDNS01ProviderAcmeDNS `json:"acmeDNS,omitempty"`
// Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/)
// to manage DNS01 challenge records.
// +optional
RFC2136 *ACMEIssuerDNS01ProviderRFC2136 `json:"rfc2136,omitempty"`
// Configure an external webhook based DNS01 challenge solver to manage
// DNS01 challenge records.
// +optional
Webhook *ACMEIssuerDNS01ProviderWebhook `json:"webhook,omitempty"`
}
// CNAMEStrategy configures how the DNS01 provider should handle CNAME records
// when found in DNS zones.
// By default, the None strategy will be applied (i.e. do not follow CNAMEs).
// +kubebuilder:validation:Enum=None;Follow
type CNAMEStrategy string
const (
// NoneStrategy indicates that no CNAME resolution strategy should be used
// when determining which DNS zone to update during DNS01 challenges.
NoneStrategy = "None"
// FollowStrategy will cause cert-manager to recurse through CNAMEs in
// order to determine which DNS zone to update during DNS01 challenges.
// This is useful if you do not want to grant cert-manager access to your
// root DNS zone, and instead delegate the _acme-challenge.example.com
// subdomain to some other, less privileged domain.
FollowStrategy = "Follow"
)
// ACMEIssuerDNS01ProviderAkamai is a structure containing the DNS
// configuration for Akamai DNS—Zone Record Management API
type ACMEIssuerDNS01ProviderAkamai struct {
ServiceConsumerDomain string `json:"serviceConsumerDomain"`
ClientToken cmmeta.SecretKeySelector `json:"clientTokenSecretRef"`
ClientSecret cmmeta.SecretKeySelector `json:"clientSecretSecretRef"`
AccessToken cmmeta.SecretKeySelector `json:"accessTokenSecretRef"`
}
// ACMEIssuerDNS01ProviderCloudDNS is a structure containing the DNS
// configuration for Google Cloud DNS
type ACMEIssuerDNS01ProviderCloudDNS struct {
// +optional
ServiceAccount *cmmeta.SecretKeySelector `json:"serviceAccountSecretRef,omitempty"`
Project string `json:"project"`
// HostedZoneName is an optional field that tells cert-manager in which
// Cloud DNS zone the challenge record has to be created.
// If left empty cert-manager will automatically choose a zone.
// +optional
HostedZoneName string `json:"hostedZoneName,omitempty"`
}
// ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS
// configuration for Cloudflare.
// One of `apiKeySecretRef` or `apiTokenSecretRef` must be provided.
type ACMEIssuerDNS01ProviderCloudflare struct {
// Email of the account, only required when using API key based authentication.
// +optional
Email string `json:"email,omitempty"`
// API key to use to authenticate with Cloudflare.
// Note: using an API token to authenticate is now the recommended method
// as it allows greater control of permissions.
// +optional
APIKey *cmmeta.SecretKeySelector `json:"apiKeySecretRef,omitempty"`
// API token used to authenticate with Cloudflare.
// +optional
APIToken *cmmeta.SecretKeySelector `json:"apiTokenSecretRef,omitempty"`
}
// ACMEIssuerDNS01ProviderDigitalOcean is a structure containing the DNS
// configuration for DigitalOcean Domains
type ACMEIssuerDNS01ProviderDigitalOcean struct {
Token cmmeta.SecretKeySelector `json:"tokenSecretRef"`
}
// ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53
// configuration for AWS
type ACMEIssuerDNS01ProviderRoute53 struct {
// The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
AccessKeyID string `json:"accessKeyID,omitempty"`
// The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
SecretAccessKey cmmeta.SecretKeySelector `json:"secretAccessKeySecretRef"`
// Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey
// or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
// +optional
Role string `json:"role,omitempty"`
// If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
// +optional
HostedZoneID string `json:"hostedZoneID,omitempty"`
// Always set the region when using AccessKeyID and SecretAccessKey
Region string `json:"region"`
}
// ACMEIssuerDNS01ProviderAzureDNS is a structure containing the
// configuration for Azure DNS
type ACMEIssuerDNS01ProviderAzureDNS struct {
// if both this and ClientSecret are left unset MSI will be used
// +optional
ClientID string `json:"clientID,omitempty"`
// if both this and ClientID are left unset MSI will be used
// +optional
ClientSecret *cmmeta.SecretKeySelector `json:"clientSecretSecretRef,omitempty"`
SubscriptionID string `json:"subscriptionID"`
// when specifying ClientID and ClientSecret then this field is also needed
// +optional
TenantID string `json:"tenantID,omitempty"`
ResourceGroupName string `json:"resourceGroupName"`
// +optional
HostedZoneName string `json:"hostedZoneName,omitempty"`
// +optional
Environment AzureDNSEnvironment `json:"environment,omitempty"`
}
// +kubebuilder:validation:Enum=AzurePublicCloud;AzureChinaCloud;AzureGermanCloud;AzureUSGovernmentCloud
type AzureDNSEnvironment string
const (
AzurePublicCloud AzureDNSEnvironment = "AzurePublicCloud"
AzureChinaCloud AzureDNSEnvironment = "AzureChinaCloud"
AzureGermanCloud AzureDNSEnvironment = "AzureGermanCloud"
AzureUSGovernmentCloud AzureDNSEnvironment = "AzureUSGovernmentCloud"
)
// ACMEIssuerDNS01ProviderAcmeDNS is a structure containing the
// configuration for ACME-DNS servers
type ACMEIssuerDNS01ProviderAcmeDNS struct {
Host string `json:"host"`
AccountSecret cmmeta.SecretKeySelector `json:"accountSecretRef"`
}
// ACMEIssuerDNS01ProviderRFC2136 is a structure containing the
// configuration for RFC2136 DNS
type ACMEIssuerDNS01ProviderRFC2136 struct {
// The IP address or hostname of an authoritative DNS server supporting
// RFC2136 in the form host:port. If the host is an IPv6 address it must be
// enclosed in square brackets (e.g [2001:db8::1]) ; port is optional.
// This field is required.
Nameserver string `json:"nameserver"`
// The name of the secret containing the TSIG value.
// If ``tsigKeyName`` is defined, this field is required.
// +optional
TSIGSecret cmmeta.SecretKeySelector `json:"tsigSecretSecretRef,omitempty"`
// The TSIG Key name configured in the DNS.
// If ``tsigSecretSecretRef`` is defined, this field is required.
// +optional
TSIGKeyName string `json:"tsigKeyName,omitempty"`
// The TSIG Algorithm configured in the DNS supporting RFC2136. Used only
// when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined.
// Supported values are (case-insensitive): ``HMACMD5`` (default),
// ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.
// +optional
TSIGAlgorithm string `json:"tsigAlgorithm,omitempty"`
}
// ACMEIssuerDNS01ProviderWebhook specifies configuration for a webhook DNS01
// provider, including where to POST ChallengePayload resources.
type ACMEIssuerDNS01ProviderWebhook struct {
// The API group name that should be used when POSTing ChallengePayload
// resources to the webhook apiserver.
// This should be the same as the GroupName specified in the webhook
// provider implementation.
GroupName string `json:"groupName"`
// The name of the solver to use, as defined in the webhook provider
// implementation.
// This will typically be the name of the provider, e.g. 'cloudflare'.
SolverName string `json:"solverName"`
// Additional configuration that should be passed to the webhook apiserver
// when challenges are processed.
// This can contain arbitrary JSON data.
// Secret values should not be specified in this stanza.
// If secret values are needed (e.g. credentials for a DNS service), you
// should use a SecretKeySelector to reference a Secret resource.
// For details on the schema of this field, consult the webhook provider
// implementation's documentation.
// +optional
Config *apiext.JSON `json:"config,omitempty"`
}
type ACMEIssuerStatus struct {
// URI is the unique account identifier, which can also be used to retrieve
// account details from the CA
// +optional
URI string `json:"uri,omitempty"`
// LastRegisteredEmail is the email associated with the latest registered
// ACME account, in order to track changes made to registered account
// associated with the Issuer
// +optional
LastRegisteredEmail string `json:"lastRegisteredEmail,omitempty"`
}

240
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1/types_order.go generated vendored Normal file
View File

@ -0,0 +1,240 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
// Order is a type to represent an Order with an ACME server
// +k8s:openapi-gen=true
type Order struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec OrderSpec `json:"spec"`
// +optional
Status OrderStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OrderList is a list of Orders
type OrderList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Order `json:"items"`
}
type OrderSpec struct {
// Certificate signing request bytes in DER encoding.
// This will be used when finalizing the order.
// This field must be set on the order.
Request []byte `json:"request"`
// IssuerRef references a properly configured ACME-type Issuer which should
// be used to create this Order.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Order will be marked as failed.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// CommonName is the common name as specified on the DER encoded CSR.
// If specified, this value must also be present in `dnsNames` or `ipAddresses`.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
CommonName string `json:"commonName,omitempty"`
// DNSNames is a list of DNS names that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
//+optional
DNSNames []string `json:"dnsNames,omitempty"`
// IPAddresses is a list of IP addresses that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
IPAddresses []string `json:"ipAddresses,omitempty"`
// Duration is the duration for the not after date for the requested certificate.
// this is set on order creation as pe the ACME spec.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
}
type OrderStatus struct {
// URL of the Order.
// This will initially be empty when the resource is first created.
// The Order controller will populate this field when the Order is first processed.
// This field will be immutable after it is initially set.
// +optional
URL string `json:"url,omitempty"`
// FinalizeURL of the Order.
// This is used to obtain certificates for this order once it has been completed.
// +optional
FinalizeURL string `json:"finalizeURL,omitempty"`
// Authorizations contains data returned from the ACME server on what
// authorizations must be completed in order to validate the DNS names
// specified on the Order.
// +optional
Authorizations []ACMEAuthorization `json:"authorizations,omitempty"`
// Certificate is a copy of the PEM encoded certificate for this Order.
// This field will be populated after the order has been successfully
// finalized with the ACME server, and the order has transitioned to the
// 'valid' state.
// +optional
Certificate []byte `json:"certificate,omitempty"`
// State contains the current state of this Order resource.
// States 'success' and 'expired' are 'final'
// +optional
State State `json:"state,omitempty"`
// Reason optionally provides more information about a why the order is in
// the current state.
// +optional
Reason string `json:"reason,omitempty"`
// FailureTime stores the time that this order failed.
// This is used to influence garbage collection and back-off.
// +optional
FailureTime *metav1.Time `json:"failureTime,omitempty"`
}
// ACMEAuthorization contains data returned from the ACME server on an
// authorization that must be completed in order validate a DNS name on an ACME
// Order resource.
type ACMEAuthorization struct {
// URL is the URL of the Authorization that must be completed
URL string `json:"url"`
// Identifier is the DNS name to be validated as part of this authorization
// +optional
Identifier string `json:"identifier,omitempty"`
// Wildcard will be true if this authorization is for a wildcard DNS name.
// If this is true, the identifier will be the *non-wildcard* version of
// the DNS name.
// For example, if '*.example.com' is the DNS name being validated, this
// field will be 'true' and the 'identifier' field will be 'example.com'.
// +optional
Wildcard *bool `json:"wildcard,omitempty"`
// InitialState is the initial state of the ACME authorization when first
// fetched from the ACME server.
// If an Authorization is already 'valid', the Order controller will not
// create a Challenge resource for the authorization. This will occur when
// working with an ACME server that enables 'authz reuse' (such as Let's
// Encrypt's production endpoint).
// If not set and 'identifier' is set, the state is assumed to be pending
// and a Challenge will be created.
// +optional
InitialState State `json:"initialState,omitempty"`
// Challenges specifies the challenge types offered by the ACME server.
// One of these challenge types will be selected when validating the DNS
// name and an appropriate Challenge resource will be created to perform
// the ACME challenge process.
// +optional
Challenges []ACMEChallenge `json:"challenges,omitempty"`
}
// Challenge specifies a challenge offered by the ACME server for an Order.
// An appropriate Challenge resource can be created to perform the ACME
// challenge process.
type ACMEChallenge struct {
// URL is the URL of this challenge. It can be used to retrieve additional
// metadata about the Challenge from the ACME server.
URL string `json:"url"`
// Token is the token that must be presented for this challenge.
// This is used to compute the 'key' that must also be presented.
Token string `json:"token"`
// Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',
// 'tls-sni-01', etc.
// This is the raw value retrieved from the ACME server.
// Only 'http-01' and 'dns-01' are supported by cert-manager, other values
// will be ignored.
Type string `json:"type"`
}
// State represents the state of an ACME resource, such as an Order.
// The possible options here map to the corresponding values in the
// ACME specification.
// Full details of these values can be found here: https://tools.ietf.org/html/draft-ietf-acme-acme-15#section-7.1.6
// Clients utilising this type must also gracefully handle unknown
// values, as the contents of this enumeration may be added to over time.
// +kubebuilder:validation:Enum=valid;ready;pending;processing;invalid;expired;errored
type State string
const (
// Unknown is not a real state as part of the ACME spec.
// It is used to represent an unrecognised value.
Unknown State = ""
// Valid signifies that an ACME resource is in a valid state.
// If an order is 'valid', it has been finalized with the ACME server and
// the certificate can be retrieved from the ACME server using the
// certificate URL stored in the Order's status subresource.
// This is a final state.
Valid State = "valid"
// Ready signifies that an ACME resource is in a ready state.
// If an order is 'ready', all of its challenges have been completed
// successfully and the order is ready to be finalized.
// Once finalized, it will transition to the Valid state.
// This is a transient state.
Ready State = "ready"
// Pending signifies that an ACME resource is still pending and is not yet ready.
// If an Order is marked 'Pending', the validations for that Order are still in progress.
// This is a transient state.
Pending State = "pending"
// Processing signifies that an ACME resource is being processed by the server.
// If an Order is marked 'Processing', the validations for that Order are currently being processed.
// This is a transient state.
Processing State = "processing"
// Invalid signifies that an ACME resource is invalid for some reason.
// If an Order is marked 'invalid', one of its validations be have invalid for some reason.
// This is a final state.
Invalid State = "invalid"
// Expired signifies that an ACME resource has expired.
// If an Order is marked 'Expired', one of its validations may have expired or the Order itself.
// This is a final state.
Expired State = "expired"
// Errored signifies that the ACME resource has errored for some reason.
// This is a catch-all state, and is used for marking internal cert-manager
// errors such as validation failures.
// This is a final state.
Errored State = "errored"
)

841
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go generated vendored Normal file
View File

@ -0,0 +1,841 @@
// +build !ignore_autogenerated
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1
import (
metav1 "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
corev1 "k8s.io/api/core/v1"
v1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEAuthorization) DeepCopyInto(out *ACMEAuthorization) {
*out = *in
if in.Wildcard != nil {
in, out := &in.Wildcard, &out.Wildcard
*out = new(bool)
**out = **in
}
if in.Challenges != nil {
in, out := &in.Challenges, &out.Challenges
*out = make([]ACMEChallenge, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEAuthorization.
func (in *ACMEAuthorization) DeepCopy() *ACMEAuthorization {
if in == nil {
return nil
}
out := new(ACMEAuthorization)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallenge) DeepCopyInto(out *ACMEChallenge) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallenge.
func (in *ACMEChallenge) DeepCopy() *ACMEChallenge {
if in == nil {
return nil
}
out := new(ACMEChallenge)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolver) DeepCopyInto(out *ACMEChallengeSolver) {
*out = *in
if in.Selector != nil {
in, out := &in.Selector, &out.Selector
*out = new(CertificateDNSNameSelector)
(*in).DeepCopyInto(*out)
}
if in.HTTP01 != nil {
in, out := &in.HTTP01, &out.HTTP01
*out = new(ACMEChallengeSolverHTTP01)
(*in).DeepCopyInto(*out)
}
if in.DNS01 != nil {
in, out := &in.DNS01, &out.DNS01
*out = new(ACMEChallengeSolverDNS01)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolver.
func (in *ACMEChallengeSolver) DeepCopy() *ACMEChallengeSolver {
if in == nil {
return nil
}
out := new(ACMEChallengeSolver)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverDNS01) DeepCopyInto(out *ACMEChallengeSolverDNS01) {
*out = *in
if in.Akamai != nil {
in, out := &in.Akamai, &out.Akamai
*out = new(ACMEIssuerDNS01ProviderAkamai)
**out = **in
}
if in.CloudDNS != nil {
in, out := &in.CloudDNS, &out.CloudDNS
*out = new(ACMEIssuerDNS01ProviderCloudDNS)
(*in).DeepCopyInto(*out)
}
if in.Cloudflare != nil {
in, out := &in.Cloudflare, &out.Cloudflare
*out = new(ACMEIssuerDNS01ProviderCloudflare)
(*in).DeepCopyInto(*out)
}
if in.Route53 != nil {
in, out := &in.Route53, &out.Route53
*out = new(ACMEIssuerDNS01ProviderRoute53)
**out = **in
}
if in.AzureDNS != nil {
in, out := &in.AzureDNS, &out.AzureDNS
*out = new(ACMEIssuerDNS01ProviderAzureDNS)
(*in).DeepCopyInto(*out)
}
if in.DigitalOcean != nil {
in, out := &in.DigitalOcean, &out.DigitalOcean
*out = new(ACMEIssuerDNS01ProviderDigitalOcean)
**out = **in
}
if in.AcmeDNS != nil {
in, out := &in.AcmeDNS, &out.AcmeDNS
*out = new(ACMEIssuerDNS01ProviderAcmeDNS)
**out = **in
}
if in.RFC2136 != nil {
in, out := &in.RFC2136, &out.RFC2136
*out = new(ACMEIssuerDNS01ProviderRFC2136)
**out = **in
}
if in.Webhook != nil {
in, out := &in.Webhook, &out.Webhook
*out = new(ACMEIssuerDNS01ProviderWebhook)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverDNS01.
func (in *ACMEChallengeSolverDNS01) DeepCopy() *ACMEChallengeSolverDNS01 {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverDNS01)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01) DeepCopyInto(out *ACMEChallengeSolverHTTP01) {
*out = *in
if in.Ingress != nil {
in, out := &in.Ingress, &out.Ingress
*out = new(ACMEChallengeSolverHTTP01Ingress)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01.
func (in *ACMEChallengeSolverHTTP01) DeepCopy() *ACMEChallengeSolverHTTP01 {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopyInto(out *ACMEChallengeSolverHTTP01Ingress) {
*out = *in
if in.Class != nil {
in, out := &in.Class, &out.Class
*out = new(string)
**out = **in
}
if in.PodTemplate != nil {
in, out := &in.PodTemplate, &out.PodTemplate
*out = new(ACMEChallengeSolverHTTP01IngressPodTemplate)
(*in).DeepCopyInto(*out)
}
if in.IngressTemplate != nil {
in, out := &in.IngressTemplate, &out.IngressTemplate
*out = new(ACMEChallengeSolverHTTP01IngressTemplate)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01Ingress.
func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopy() *ACMEChallengeSolverHTTP01Ingress {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01Ingress)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressObjectMeta) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressObjectMeta.
func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressObjectMeta {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodObjectMeta) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodObjectMeta.
func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodObjectMeta {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodSpec) {
*out = *in
if in.NodeSelector != nil {
in, out := &in.NodeSelector, &out.NodeSelector
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Affinity != nil {
in, out := &in.Affinity, &out.Affinity
*out = new(corev1.Affinity)
(*in).DeepCopyInto(*out)
}
if in.Tolerations != nil {
in, out := &in.Tolerations, &out.Tolerations
*out = make([]corev1.Toleration, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodSpec.
func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodSpec {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodTemplate) {
*out = *in
in.ACMEChallengeSolverHTTP01IngressPodObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressPodObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodTemplate.
func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodTemplate {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressTemplate) {
*out = *in
in.ACMEChallengeSolverHTTP01IngressObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressObjectMeta)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressTemplate.
func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressTemplate {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEExternalAccountBinding) DeepCopyInto(out *ACMEExternalAccountBinding) {
*out = *in
out.Key = in.Key
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEExternalAccountBinding.
func (in *ACMEExternalAccountBinding) DeepCopy() *ACMEExternalAccountBinding {
if in == nil {
return nil
}
out := new(ACMEExternalAccountBinding)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuer) DeepCopyInto(out *ACMEIssuer) {
*out = *in
if in.ExternalAccountBinding != nil {
in, out := &in.ExternalAccountBinding, &out.ExternalAccountBinding
*out = new(ACMEExternalAccountBinding)
**out = **in
}
out.PrivateKey = in.PrivateKey
if in.Solvers != nil {
in, out := &in.Solvers, &out.Solvers
*out = make([]ACMEChallengeSolver, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuer.
func (in *ACMEIssuer) DeepCopy() *ACMEIssuer {
if in == nil {
return nil
}
out := new(ACMEIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAcmeDNS) {
*out = *in
out.AccountSecret = in.AccountSecret
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAcmeDNS.
func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopy() *ACMEIssuerDNS01ProviderAcmeDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAcmeDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopyInto(out *ACMEIssuerDNS01ProviderAkamai) {
*out = *in
out.ClientToken = in.ClientToken
out.ClientSecret = in.ClientSecret
out.AccessToken = in.AccessToken
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAkamai.
func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopy() *ACMEIssuerDNS01ProviderAkamai {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAkamai)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAzureDNS) {
*out = *in
if in.ClientSecret != nil {
in, out := &in.ClientSecret, &out.ClientSecret
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAzureDNS.
func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopy() *ACMEIssuerDNS01ProviderAzureDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAzureDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudDNS) {
*out = *in
if in.ServiceAccount != nil {
in, out := &in.ServiceAccount, &out.ServiceAccount
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudDNS.
func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopy() *ACMEIssuerDNS01ProviderCloudDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderCloudDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudflare) {
*out = *in
if in.APIKey != nil {
in, out := &in.APIKey, &out.APIKey
*out = new(metav1.SecretKeySelector)
**out = **in
}
if in.APIToken != nil {
in, out := &in.APIToken, &out.APIToken
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudflare.
func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopy() *ACMEIssuerDNS01ProviderCloudflare {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderCloudflare)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopyInto(out *ACMEIssuerDNS01ProviderDigitalOcean) {
*out = *in
out.Token = in.Token
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderDigitalOcean.
func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopy() *ACMEIssuerDNS01ProviderDigitalOcean {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderDigitalOcean)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopyInto(out *ACMEIssuerDNS01ProviderRFC2136) {
*out = *in
out.TSIGSecret = in.TSIGSecret
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRFC2136.
func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC2136 {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderRFC2136)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) {
*out = *in
out.SecretAccessKey = in.SecretAccessKey
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRoute53.
func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopy() *ACMEIssuerDNS01ProviderRoute53 {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderRoute53)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopyInto(out *ACMEIssuerDNS01ProviderWebhook) {
*out = *in
if in.Config != nil {
in, out := &in.Config, &out.Config
*out = new(v1beta1.JSON)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderWebhook.
func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopy() *ACMEIssuerDNS01ProviderWebhook {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderWebhook)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerStatus) DeepCopyInto(out *ACMEIssuerStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerStatus.
func (in *ACMEIssuerStatus) DeepCopy() *ACMEIssuerStatus {
if in == nil {
return nil
}
out := new(ACMEIssuerStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateDNSNameSelector) DeepCopyInto(out *CertificateDNSNameSelector) {
*out = *in
if in.MatchLabels != nil {
in, out := &in.MatchLabels, &out.MatchLabels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DNSZones != nil {
in, out := &in.DNSZones, &out.DNSZones
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateDNSNameSelector.
func (in *CertificateDNSNameSelector) DeepCopy() *CertificateDNSNameSelector {
if in == nil {
return nil
}
out := new(CertificateDNSNameSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Challenge) DeepCopyInto(out *Challenge) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Challenge.
func (in *Challenge) DeepCopy() *Challenge {
if in == nil {
return nil
}
out := new(Challenge)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Challenge) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeList) DeepCopyInto(out *ChallengeList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Challenge, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeList.
func (in *ChallengeList) DeepCopy() *ChallengeList {
if in == nil {
return nil
}
out := new(ChallengeList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ChallengeList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeSpec) DeepCopyInto(out *ChallengeSpec) {
*out = *in
in.Solver.DeepCopyInto(&out.Solver)
out.IssuerRef = in.IssuerRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeSpec.
func (in *ChallengeSpec) DeepCopy() *ChallengeSpec {
if in == nil {
return nil
}
out := new(ChallengeSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeStatus) DeepCopyInto(out *ChallengeStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeStatus.
func (in *ChallengeStatus) DeepCopy() *ChallengeStatus {
if in == nil {
return nil
}
out := new(ChallengeStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Order) DeepCopyInto(out *Order) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Order.
func (in *Order) DeepCopy() *Order {
if in == nil {
return nil
}
out := new(Order)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Order) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderList) DeepCopyInto(out *OrderList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Order, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderList.
func (in *OrderList) DeepCopy() *OrderList {
if in == nil {
return nil
}
out := new(OrderList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OrderList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderSpec) DeepCopyInto(out *OrderSpec) {
*out = *in
if in.Request != nil {
in, out := &in.Request, &out.Request
*out = make([]byte, len(*in))
copy(*out, *in)
}
out.IssuerRef = in.IssuerRef
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPAddresses != nil {
in, out := &in.IPAddresses, &out.IPAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(apismetav1.Duration)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderSpec.
func (in *OrderSpec) DeepCopy() *OrderSpec {
if in == nil {
return nil
}
out := new(OrderSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderStatus) DeepCopyInto(out *OrderStatus) {
*out = *in
if in.Authorizations != nil {
in, out := &in.Authorizations, &out.Authorizations
*out = make([]ACMEAuthorization, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Certificate != nil {
in, out := &in.Certificate, &out.Certificate
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.FailureTime != nil {
in, out := &in.FailureTime, &out.FailureTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderStatus.
func (in *OrderStatus) DeepCopy() *OrderStatus {
if in == nil {
return nil
}
out := new(OrderStatus)
in.DeepCopyInto(out)
return out
}

27
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,27 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"const.go",
"doc.go",
"register.go",
"types.go",
"types_challenge.go",
"types_issuer.go",
"types_order.go",
"zz_generated.deepcopy.go",
],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2",
importpath = "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/jetstack/cert-manager/pkg/apis/acme:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)

21
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2/const.go generated vendored Normal file
View File

@ -0,0 +1,21 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
const (
ACMEFinalizer = "finalizer.acme.cert-manager.io"
)

23
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2/doc.go generated vendored Normal file
View File

@ -0,0 +1,23 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1alpha2 is the v1alpha2 version of the API.
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/acme
// +k8s:openapi-gen=true
// +k8s:defaulter-gen=TypeMeta
// +groupName=acme.cert-manager.io
package v1alpha2

58
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2/register.go generated vendored Normal file
View File

@ -0,0 +1,58 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/jetstack/cert-manager/pkg/apis/acme"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: acme.GroupName, Version: "v1alpha2"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Order{},
&OrderList{},
&Challenge{},
&ChallengeList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

38
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2/types.go generated vendored Normal file
View File

@ -0,0 +1,38 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
const (
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.name field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users of Ingress controllers that maintain
// a 1:1 mapping between endpoint IP and Ingress resource.
ACMECertificateHTTP01IngressNameOverride = "acme.cert-manager.io/http01-override-ingress-name"
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.class field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users deploying many different ingress
// classes into a single cluster that want to be able to re-use a single
// solver for each ingress class.
ACMECertificateHTTP01IngressClassOverride = "acme.cert-manager.io/http01-override-ingress-class"
// IngressEditInPlaceAnnotation is used to toggle the use of ingressClass instead
// of ingress on the created Certificate resource
IngressEditInPlaceAnnotationKey = "acme.cert-manager.io/http01-edit-in-place"
)

145
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2/types_challenge.go generated vendored Normal file
View File

@ -0,0 +1,145 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Challenge is a type to represent a Challenge request with an ACME server
// +k8s:openapi-gen=true
// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state"
// +kubebuilder:printcolumn:name="Domain",type="string",JSONPath=".spec.dnsName"
// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason",description="",priority=1
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC."
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=challenges
type Challenge struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec ChallengeSpec `json:"spec,omitempty"`
Status ChallengeStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ChallengeList is a list of Challenges
type ChallengeList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Challenge `json:"items"`
}
type ChallengeSpec struct {
// URL is the URL of the ACME Challenge resource for this challenge.
// This can be used to lookup details about the status of this challenge.
URL string `json:"url"`
// AuthzURL is the URL to the ACME Authorization resource that this
// challenge is a part of.
AuthzURL string `json:"authzURL"`
// DNSName is the identifier that this challenge is for, e.g. example.com.
// If the requested DNSName is a 'wildcard', this field MUST be set to the
// non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
DNSName string `json:"dnsName"`
// Wildcard will be true if this challenge is for a wildcard identifier,
// for example '*.example.com'.
// +optional
Wildcard bool `json:"wildcard"`
// Type is the type of ACME challenge this resource represents.
// One of "http-01" or "dns-01".
Type ACMEChallengeType `json:"type"`
// Token is the ACME challenge token for this challenge.
// This is the raw value returned from the ACME server.
Token string `json:"token"`
// Key is the ACME challenge key for this challenge
// For HTTP01 challenges, this is the value that must be responded with to
// complete the HTTP01 challenge in the format:
// `<private key JWK thumbprint>.<key from acme server for challenge>`.
// For DNS01 challenges, this is the base64 encoded SHA256 sum of the
// `<private key JWK thumbprint>.<key from acme server for challenge>`
// text that must be set as the TXT record content.
Key string `json:"key"`
// Solver contains the domain solving configuration that should be used to
// solve this challenge resource.
Solver ACMEChallengeSolver `json:"solver"`
// IssuerRef references a properly configured ACME-type Issuer which should
// be used to create this Challenge.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Challenge will be marked as failed.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
}
// The type of ACME challenge. Only http-01 and dns-01 are supported.
// +kubebuilder:validation:Enum=http-01;dns-01
type ACMEChallengeType string
const (
// ACMEChallengeTypeHTTP01 denotes a Challenge is of type http-01
// More info: https://letsencrypt.org/docs/challenge-types/#http-01-challenge
ACMEChallengeTypeHTTP01 ACMEChallengeType = "http-01"
// ACMEChallengeTypeDNS01 denotes a Challenge is of type dns-01
// More info: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
ACMEChallengeTypeDNS01 ACMEChallengeType = "dns-01"
)
type ChallengeStatus struct {
// Processing is used to denote whether this challenge should be processed
// or not.
// This field will only be set to true by the 'scheduling' component.
// It will only be set to false by the 'challenges' controller, after the
// challenge has reached a final state or timed out.
// If this field is set to false, the challenge controller will not take
// any more action.
// +optional
Processing bool `json:"processing"`
// Presented will be set to true if the challenge values for this challenge
// are currently 'presented'.
// This *does not* imply the self check is passing. Only that the values
// have been 'submitted' for the appropriate challenge mechanism (i.e. the
// DNS01 TXT record has been presented, or the HTTP01 configuration has been
// configured).
// +optional
Presented bool `json:"presented"`
// Reason contains human readable information on why the Challenge is in the
// current state.
// +optional
Reason string `json:"reason,omitempty"`
// State contains the current 'state' of the challenge.
// If not set, the state of the challenge is unknown.
// +optional
State State `json:"state,omitempty"`
}

556
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2/types_issuer.go generated vendored Normal file
View File

@ -0,0 +1,556 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
corev1 "k8s.io/api/core/v1"
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// ACMEIssuer contains the specification for an ACME issuer.
// This uses the RFC8555 specification to obtain certificates by completing
// 'challenges' to prove ownership of domain identifiers.
// Earlier draft versions of the ACME specification are not supported.
type ACMEIssuer struct {
// Email is the email address to be associated with the ACME account.
// This field is optional, but it is strongly recommended to be set.
// It will be used to contact you in case of issues with your account or
// certificates, including expiry notification emails.
// This field may be updated after the account is initially registered.
// +optional
Email string `json:"email,omitempty"`
// Server is the URL used to access the ACME server's 'directory' endpoint.
// For example, for Let's Encrypt's staging endpoint, you would use:
// "https://acme-staging-v02.api.letsencrypt.org/directory".
// Only ACME v2 endpoints (i.e. RFC 8555) are supported.
Server string `json:"server"`
// PreferredChain is the chain to use if the ACME server outputs multiple.
// PreferredChain is no guarantee that this one gets delivered by the ACME
// endpoint.
// For example, for Let's Encrypt's DST crosssign you would use:
// "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA.
// This value picks the first certificate bundle in the ACME alternative
// chains that has a certificate with this value as its issuer's CN
// +optional
// +kubebuilder:validation:MaxLength=64
PreferredChain string `json:"preferredChain"`
// Enables or disables validation of the ACME server TLS certificate.
// If true, requests to the ACME server will not have their TLS certificate
// validated (i.e. insecure connections will be allowed).
// Only enable this option in development environments.
// The cert-manager system installed roots will be used to verify connections
// to the ACME server if this is false.
// Defaults to false.
// +optional
SkipTLSVerify bool `json:"skipTLSVerify,omitempty"`
// ExternalAccountBinding is a reference to a CA external account of the ACME
// server.
// If set, upon registration cert-manager will attempt to associate the given
// external account credentials with the registered ACME account.
// +optional
ExternalAccountBinding *ACMEExternalAccountBinding `json:"externalAccountBinding,omitempty"`
// PrivateKey is the name of a Kubernetes Secret resource that will be used to
// store the automatically generated ACME account private key.
// Optionally, a `key` may be specified to select a specific entry within
// the named Secret resource.
// If `key` is not specified, a default of `tls.key` will be used.
PrivateKey cmmeta.SecretKeySelector `json:"privateKeySecretRef"`
// Solvers is a list of challenge solvers that will be used to solve
// ACME challenges for the matching domains.
// Solver configurations must be provided in order to obtain certificates
// from an ACME server.
// For more information, see: https://cert-manager.io/docs/configuration/acme/
// +optional
Solvers []ACMEChallengeSolver `json:"solvers,omitempty"`
// Enables or disables generating a new ACME account key.
// If true, the Issuer resource will *not* request a new account but will expect
// the account key to be supplied via an existing secret.
// If false, the cert-manager system will generate a new ACME account key
// for the Issuer.
// Defaults to false.
// +optional
DisableAccountKeyGeneration bool `json:"disableAccountKeyGeneration,omitempty"`
// Enables requesting a Not After date on certificates that matches the
// duration of the certificate. This is not supported by all ACME servers
// like Let's Encrypt. If set to true when the ACME server does not support
// it it will create an error on the Order.
// Defaults to false.
// +optional
EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
}
// ACMEExternalAccountBinding is a reference to a CA external account of the ACME
// server.
type ACMEExternalAccountBinding struct {
// keyID is the ID of the CA key that the External Account is bound to.
KeyID string `json:"keyID"`
// keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes
// Secret which holds the symmetric MAC key of the External Account Binding.
// The `key` is the index string that is paired with the key data in the
// Secret and should not be confused with the key data itself, or indeed with
// the External Account Binding keyID above.
// The secret key stored in the Secret **must** be un-padded, base64 URL
// encoded data.
Key cmmeta.SecretKeySelector `json:"keySecretRef"`
// keyAlgorithm is the MAC key algorithm that the key is used for.
// Valid values are "HS256", "HS384" and "HS512".
KeyAlgorithm HMACKeyAlgorithm `json:"keyAlgorithm"`
}
// HMACKeyAlgorithm is the name of a key algorithm used for HMAC encryption
// +kubebuilder:validation:Enum=HS256;HS384;HS512
type HMACKeyAlgorithm string
const (
HS256 HMACKeyAlgorithm = "HS256"
HS384 HMACKeyAlgorithm = "HS384"
HS512 HMACKeyAlgorithm = "HS512"
)
// Configures an issuer to solve challenges using the specified options.
// Only one of HTTP01 or DNS01 may be provided.
type ACMEChallengeSolver struct {
// Selector selects a set of DNSNames on the Certificate resource that
// should be solved using this challenge solver.
// If not specified, the solver will be treated as the 'default' solver
// with the lowest priority, i.e. if any other solver has a more specific
// match, it will be used instead.
// +optional
Selector *CertificateDNSNameSelector `json:"selector,omitempty"`
// Configures cert-manager to attempt to complete authorizations by
// performing the HTTP01 challenge flow.
// It is not possible to obtain certificates for wildcard domain names
// (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
// +optional
HTTP01 *ACMEChallengeSolverHTTP01 `json:"http01,omitempty"`
// Configures cert-manager to attempt to complete authorizations by
// performing the DNS01 challenge flow.
// +optional
DNS01 *ACMEChallengeSolverDNS01 `json:"dns01,omitempty"`
}
// CertificateDomainSelector selects certificates using a label selector, and
// can optionally select individual DNS names within those certificates.
// If both MatchLabels and DNSNames are empty, this selector will match all
// certificates and DNS names within them.
type CertificateDNSNameSelector struct {
// A label selector that is used to refine the set of certificate's that
// this challenge solver will apply to.
// +optional
MatchLabels map[string]string `json:"matchLabels,omitempty"`
// List of DNSNames that this solver will be used to solve.
// If specified and a match is found, a dnsNames selector will take
// precedence over a dnsZones selector.
// If multiple solvers match with the same dnsNames value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
DNSNames []string `json:"dnsNames,omitempty"`
// List of DNSZones that this solver will be used to solve.
// The most specific DNS zone match specified here will take precedence
// over other DNS zone matches, so a solver specifying sys.example.com
// will be selected over one specifying example.com for the domain
// www.sys.example.com.
// If multiple solvers match with the same dnsZones value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
DNSZones []string `json:"dnsZones,omitempty"`
}
// ACMEChallengeSolverHTTP01 contains configuration detailing how to solve
// HTTP01 challenges within a Kubernetes cluster.
// Typically this is accomplished through creating 'routes' of some description
// that configure ingress controllers to direct traffic to 'solver pods', which
// are responsible for responding to the ACME server's HTTP requests.
type ACMEChallengeSolverHTTP01 struct {
// The ingress based HTTP01 challenge solver will solve challenges by
// creating or modifying Ingress resources in order to route requests for
// '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are
// provisioned by cert-manager for each Challenge to be completed.
// +optional
Ingress *ACMEChallengeSolverHTTP01Ingress `json:"ingress,omitempty"`
}
type ACMEChallengeSolverHTTP01Ingress struct {
// Optional service type for Kubernetes solver service
// +optional
ServiceType corev1.ServiceType `json:"serviceType,omitempty"`
// The ingress class to use when creating Ingress resources to solve ACME
// challenges that use this challenge solver.
// Only one of 'class' or 'name' may be specified.
// +optional
Class *string `json:"class,omitempty"`
// The name of the ingress resource that should have ACME challenge solving
// routes inserted into it in order to solve HTTP01 challenges.
// This is typically used in conjunction with ingress controllers like
// ingress-gce, which maintains a 1:1 mapping between external IPs and
// ingress resources.
// +optional
Name string `json:"name,omitempty"`
// Optional pod template used to configure the ACME challenge solver pods
// used for HTTP01 challenges
// +optional
PodTemplate *ACMEChallengeSolverHTTP01IngressPodTemplate `json:"podTemplate,omitempty"`
// Optional ingress template used to configure the ACME challenge solver
// ingress used for HTTP01 challenges
// +optional
IngressTemplate *ACMEChallengeSolverHTTP01IngressTemplate `json:"ingressTemplate,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressPodTemplate struct {
// ObjectMeta overrides for the pod used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
ACMEChallengeSolverHTTP01IngressPodObjectMeta `json:"metadata"`
// PodSpec defines overrides for the HTTP01 challenge solver pod.
// Only the 'priorityClassName', 'nodeSelector', 'affinity',
// 'serviceAccountName' and 'tolerations' fields are supported currently.
// All other fields will be ignored.
// +optional
Spec ACMEChallengeSolverHTTP01IngressPodSpec `json:"spec"`
}
type ACMEChallengeSolverHTTP01IngressPodObjectMeta struct {
// Annotations that should be added to the create ACME HTTP01 solver pods.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// Labels that should be added to the created ACME HTTP01 solver pods.
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressPodSpec struct {
// NodeSelector is a selector which must be true for the pod to fit on a node.
// Selector which must match a node's labels for the pod to be scheduled on that node.
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// If specified, the pod's scheduling constraints
// +optional
Affinity *corev1.Affinity `json:"affinity,omitempty"`
// If specified, the pod's tolerations.
// +optional
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// If specified, the pod's priorityClassName.
// +optional
PriorityClassName string `json:"priorityClassName,omitempty"`
// If specified, the pod's service account
// +optional
ServiceAccountName string `json:"serviceAccountName,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressTemplate struct {
// ObjectMeta overrides for the ingress used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
ACMEChallengeSolverHTTP01IngressObjectMeta `json:"metadata"`
}
type ACMEChallengeSolverHTTP01IngressObjectMeta struct {
// Annotations that should be added to the created ACME HTTP01 solver ingress.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// Labels that should be added to the created ACME HTTP01 solver ingress.
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
// Used to configure a DNS01 challenge provider to be used when solving DNS01
// challenges.
// Only one DNS provider may be configured per solver.
type ACMEChallengeSolverDNS01 struct {
// CNAMEStrategy configures how the DNS01 provider should handle CNAME
// records when found in DNS zones.
// +optional
CNAMEStrategy CNAMEStrategy `json:"cnameStrategy,omitempty"`
// Use the Akamai DNS zone management API to manage DNS01 challenge records.
// +optional
Akamai *ACMEIssuerDNS01ProviderAkamai `json:"akamai,omitempty"`
// Use the Google Cloud DNS API to manage DNS01 challenge records.
// +optional
CloudDNS *ACMEIssuerDNS01ProviderCloudDNS `json:"clouddns,omitempty"`
// Use the Cloudflare API to manage DNS01 challenge records.
// +optional
Cloudflare *ACMEIssuerDNS01ProviderCloudflare `json:"cloudflare,omitempty"`
// Use the AWS Route53 API to manage DNS01 challenge records.
// +optional
Route53 *ACMEIssuerDNS01ProviderRoute53 `json:"route53,omitempty"`
// Use the Microsoft Azure DNS API to manage DNS01 challenge records.
// +optional
AzureDNS *ACMEIssuerDNS01ProviderAzureDNS `json:"azuredns,omitempty"`
// Use the DigitalOcean DNS API to manage DNS01 challenge records.
// +optional
DigitalOcean *ACMEIssuerDNS01ProviderDigitalOcean `json:"digitalocean,omitempty"`
// Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage
// DNS01 challenge records.
// +optional
AcmeDNS *ACMEIssuerDNS01ProviderAcmeDNS `json:"acmedns,omitempty"`
// Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/)
// to manage DNS01 challenge records.
// +optional
RFC2136 *ACMEIssuerDNS01ProviderRFC2136 `json:"rfc2136,omitempty"`
// Configure an external webhook based DNS01 challenge solver to manage
// DNS01 challenge records.
// +optional
Webhook *ACMEIssuerDNS01ProviderWebhook `json:"webhook,omitempty"`
}
// CNAMEStrategy configures how the DNS01 provider should handle CNAME records
// when found in DNS zones.
// By default, the None strategy will be applied (i.e. do not follow CNAMEs).
// +kubebuilder:validation:Enum=None;Follow
type CNAMEStrategy string
const (
// NoneStrategy indicates that no CNAME resolution strategy should be used
// when determining which DNS zone to update during DNS01 challenges.
NoneStrategy = "None"
// FollowStrategy will cause cert-manager to recurse through CNAMEs in
// order to determine which DNS zone to update during DNS01 challenges.
// This is useful if you do not want to grant cert-manager access to your
// root DNS zone, and instead delegate the _acme-challenge.example.com
// subdomain to some other, less privileged domain.
FollowStrategy = "Follow"
)
// ACMEIssuerDNS01ProviderAkamai is a structure containing the DNS
// configuration for Akamai DNS—Zone Record Management API
type ACMEIssuerDNS01ProviderAkamai struct {
ServiceConsumerDomain string `json:"serviceConsumerDomain"`
ClientToken cmmeta.SecretKeySelector `json:"clientTokenSecretRef"`
ClientSecret cmmeta.SecretKeySelector `json:"clientSecretSecretRef"`
AccessToken cmmeta.SecretKeySelector `json:"accessTokenSecretRef"`
}
// ACMEIssuerDNS01ProviderCloudDNS is a structure containing the DNS
// configuration for Google Cloud DNS
type ACMEIssuerDNS01ProviderCloudDNS struct {
// +optional
ServiceAccount *cmmeta.SecretKeySelector `json:"serviceAccountSecretRef,omitempty"`
Project string `json:"project"`
// HostedZoneName is an optional field that tells cert-manager in which
// Cloud DNS zone the challenge record has to be created.
// If left empty cert-manager will automatically choose a zone.
// +optional
HostedZoneName string `json:"hostedZoneName,omitempty"`
}
// ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS
// configuration for Cloudflare.
// One of `apiKeySecretRef` or `apiTokenSecretRef` must be provided.
type ACMEIssuerDNS01ProviderCloudflare struct {
// Email of the account, only required when using API key based authentication.
// +optional
Email string `json:"email,omitempty"`
// API key to use to authenticate with Cloudflare.
// Note: using an API token to authenticate is now the recommended method
// as it allows greater control of permissions.
// +optional
APIKey *cmmeta.SecretKeySelector `json:"apiKeySecretRef,omitempty"`
// API token used to authenticate with Cloudflare.
// +optional
APIToken *cmmeta.SecretKeySelector `json:"apiTokenSecretRef,omitempty"`
}
// ACMEIssuerDNS01ProviderDigitalOcean is a structure containing the DNS
// configuration for DigitalOcean Domains
type ACMEIssuerDNS01ProviderDigitalOcean struct {
Token cmmeta.SecretKeySelector `json:"tokenSecretRef"`
}
// ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53
// configuration for AWS
type ACMEIssuerDNS01ProviderRoute53 struct {
// The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
AccessKeyID string `json:"accessKeyID,omitempty"`
// The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
SecretAccessKey cmmeta.SecretKeySelector `json:"secretAccessKeySecretRef"`
// Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey
// or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
// +optional
Role string `json:"role,omitempty"`
// If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
// +optional
HostedZoneID string `json:"hostedZoneID,omitempty"`
// Always set the region when using AccessKeyID and SecretAccessKey
Region string `json:"region"`
}
// ACMEIssuerDNS01ProviderAzureDNS is a structure containing the
// configuration for Azure DNS
type ACMEIssuerDNS01ProviderAzureDNS struct {
// if both this and ClientSecret are left unset MSI will be used
// +optional
ClientID string `json:"clientID,omitempty"`
// if both this and ClientID are left unset MSI will be used
// +optional
ClientSecret *cmmeta.SecretKeySelector `json:"clientSecretSecretRef,omitempty"`
SubscriptionID string `json:"subscriptionID"`
// when specifying ClientID and ClientSecret then this field is also needed
// +optional
TenantID string `json:"tenantID,omitempty"`
ResourceGroupName string `json:"resourceGroupName"`
// +optional
HostedZoneName string `json:"hostedZoneName,omitempty"`
// +optional
Environment AzureDNSEnvironment `json:"environment,omitempty"`
}
// +kubebuilder:validation:Enum=AzurePublicCloud;AzureChinaCloud;AzureGermanCloud;AzureUSGovernmentCloud
type AzureDNSEnvironment string
const (
AzurePublicCloud AzureDNSEnvironment = "AzurePublicCloud"
AzureChinaCloud AzureDNSEnvironment = "AzureChinaCloud"
AzureGermanCloud AzureDNSEnvironment = "AzureGermanCloud"
AzureUSGovernmentCloud AzureDNSEnvironment = "AzureUSGovernmentCloud"
)
// ACMEIssuerDNS01ProviderAcmeDNS is a structure containing the
// configuration for ACME-DNS servers
type ACMEIssuerDNS01ProviderAcmeDNS struct {
Host string `json:"host"`
AccountSecret cmmeta.SecretKeySelector `json:"accountSecretRef"`
}
// ACMEIssuerDNS01ProviderRFC2136 is a structure containing the
// configuration for RFC2136 DNS
type ACMEIssuerDNS01ProviderRFC2136 struct {
// The IP address or hostname of an authoritative DNS server supporting
// RFC2136 in the form host:port. If the host is an IPv6 address it must be
// enclosed in square brackets (e.g [2001:db8::1]) ; port is optional.
// This field is required.
Nameserver string `json:"nameserver"`
// The name of the secret containing the TSIG value.
// If ``tsigKeyName`` is defined, this field is required.
// +optional
TSIGSecret cmmeta.SecretKeySelector `json:"tsigSecretSecretRef,omitempty"`
// The TSIG Key name configured in the DNS.
// If ``tsigSecretSecretRef`` is defined, this field is required.
// +optional
TSIGKeyName string `json:"tsigKeyName,omitempty"`
// The TSIG Algorithm configured in the DNS supporting RFC2136. Used only
// when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined.
// Supported values are (case-insensitive): ``HMACMD5`` (default),
// ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.
// +optional
TSIGAlgorithm string `json:"tsigAlgorithm,omitempty"`
}
// ACMEIssuerDNS01ProviderWebhook specifies configuration for a webhook DNS01
// provider, including where to POST ChallengePayload resources.
type ACMEIssuerDNS01ProviderWebhook struct {
// The API group name that should be used when POSTing ChallengePayload
// resources to the webhook apiserver.
// This should be the same as the GroupName specified in the webhook
// provider implementation.
GroupName string `json:"groupName"`
// The name of the solver to use, as defined in the webhook provider
// implementation.
// This will typically be the name of the provider, e.g. 'cloudflare'.
SolverName string `json:"solverName"`
// Additional configuration that should be passed to the webhook apiserver
// when challenges are processed.
// This can contain arbitrary JSON data.
// Secret values should not be specified in this stanza.
// If secret values are needed (e.g. credentials for a DNS service), you
// should use a SecretKeySelector to reference a Secret resource.
// For details on the schema of this field, consult the webhook provider
// implementation's documentation.
// +optional
Config *apiext.JSON `json:"config,omitempty"`
}
type ACMEIssuerStatus struct {
// URI is the unique account identifier, which can also be used to retrieve
// account details from the CA
// +optional
URI string `json:"uri,omitempty"`
// LastRegisteredEmail is the email associated with the latest registered
// ACME account, in order to track changes made to registered account
// associated with the Issuer
// +optional
LastRegisteredEmail string `json:"lastRegisteredEmail,omitempty"`
}

238
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2/types_order.go generated vendored Normal file
View File

@ -0,0 +1,238 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Order is a type to represent an Order with an ACME server
// +k8s:openapi-gen=true
type Order struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec OrderSpec `json:"spec,omitempty"`
Status OrderStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OrderList is a list of Orders
type OrderList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Order `json:"items"`
}
type OrderSpec struct {
// Certificate signing request bytes in DER encoding.
// This will be used when finalizing the order.
// This field must be set on the order.
CSR []byte `json:"csr"`
// IssuerRef references a properly configured ACME-type Issuer which should
// be used to create this Order.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Order will be marked as failed.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// CommonName is the common name as specified on the DER encoded CSR.
// If specified, this value must also be present in `dnsNames` or `ipAddresses`.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
CommonName string `json:"commonName,omitempty"`
// DNSNames is a list of DNS names that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
//+optional
DNSNames []string `json:"dnsNames,omitempty"`
// IPAddresses is a list of IP addresses that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
IPAddresses []string `json:"ipAddresses,omitempty"`
// Duration is the duration for the not after date for the requested certificate.
// this is set on order creation as pe the ACME spec.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
}
type OrderStatus struct {
// URL of the Order.
// This will initially be empty when the resource is first created.
// The Order controller will populate this field when the Order is first processed.
// This field will be immutable after it is initially set.
// +optional
URL string `json:"url,omitempty"`
// FinalizeURL of the Order.
// This is used to obtain certificates for this order once it has been completed.
// +optional
FinalizeURL string `json:"finalizeURL,omitempty"`
// Authorizations contains data returned from the ACME server on what
// authorizations must be completed in order to validate the DNS names
// specified on the Order.
// +optional
Authorizations []ACMEAuthorization `json:"authorizations,omitempty"`
// Certificate is a copy of the PEM encoded certificate for this Order.
// This field will be populated after the order has been successfully
// finalized with the ACME server, and the order has transitioned to the
// 'valid' state.
// +optional
Certificate []byte `json:"certificate,omitempty"`
// State contains the current state of this Order resource.
// States 'success' and 'expired' are 'final'
// +optional
State State `json:"state,omitempty"`
// Reason optionally provides more information about a why the order is in
// the current state.
// +optional
Reason string `json:"reason,omitempty"`
// FailureTime stores the time that this order failed.
// This is used to influence garbage collection and back-off.
// +optional
FailureTime *metav1.Time `json:"failureTime,omitempty"`
}
// ACMEAuthorization contains data returned from the ACME server on an
// authorization that must be completed in order validate a DNS name on an ACME
// Order resource.
type ACMEAuthorization struct {
// URL is the URL of the Authorization that must be completed
URL string `json:"url"`
// Identifier is the DNS name to be validated as part of this authorization
// +optional
Identifier string `json:"identifier,omitempty"`
// Wildcard will be true if this authorization is for a wildcard DNS name.
// If this is true, the identifier will be the *non-wildcard* version of
// the DNS name.
// For example, if '*.example.com' is the DNS name being validated, this
// field will be 'true' and the 'identifier' field will be 'example.com'.
// +optional
Wildcard *bool `json:"wildcard,omitempty"`
// InitialState is the initial state of the ACME authorization when first
// fetched from the ACME server.
// If an Authorization is already 'valid', the Order controller will not
// create a Challenge resource for the authorization. This will occur when
// working with an ACME server that enables 'authz reuse' (such as Let's
// Encrypt's production endpoint).
// If not set and 'identifier' is set, the state is assumed to be pending
// and a Challenge will be created.
// +optional
InitialState State `json:"initialState,omitempty"`
// Challenges specifies the challenge types offered by the ACME server.
// One of these challenge types will be selected when validating the DNS
// name and an appropriate Challenge resource will be created to perform
// the ACME challenge process.
// +optional
Challenges []ACMEChallenge `json:"challenges,omitempty"`
}
// Challenge specifies a challenge offered by the ACME server for an Order.
// An appropriate Challenge resource can be created to perform the ACME
// challenge process.
type ACMEChallenge struct {
// URL is the URL of this challenge. It can be used to retrieve additional
// metadata about the Challenge from the ACME server.
URL string `json:"url"`
// Token is the token that must be presented for this challenge.
// This is used to compute the 'key' that must also be presented.
Token string `json:"token"`
// Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',
// 'tls-sni-01', etc.
// This is the raw value retrieved from the ACME server.
// Only 'http-01' and 'dns-01' are supported by cert-manager, other values
// will be ignored.
Type string `json:"type"`
}
// State represents the state of an ACME resource, such as an Order.
// The possible options here map to the corresponding values in the
// ACME specification.
// Full details of these values can be found here: https://tools.ietf.org/html/draft-ietf-acme-acme-15#section-7.1.6
// Clients utilising this type must also gracefully handle unknown
// values, as the contents of this enumeration may be added to over time.
// +kubebuilder:validation:Enum=valid;ready;pending;processing;invalid;expired;errored
type State string
const (
// Unknown is not a real state as part of the ACME spec.
// It is used to represent an unrecognised value.
Unknown State = ""
// Valid signifies that an ACME resource is in a valid state.
// If an order is 'valid', it has been finalized with the ACME server and
// the certificate can be retrieved from the ACME server using the
// certificate URL stored in the Order's status subresource.
// This is a final state.
Valid State = "valid"
// Ready signifies that an ACME resource is in a ready state.
// If an order is 'ready', all of its challenges have been completed
// successfully and the order is ready to be finalized.
// Once finalized, it will transition to the Valid state.
// This is a transient state.
Ready State = "ready"
// Pending signifies that an ACME resource is still pending and is not yet ready.
// If an Order is marked 'Pending', the validations for that Order are still in progress.
// This is a transient state.
Pending State = "pending"
// Processing signifies that an ACME resource is being processed by the server.
// If an Order is marked 'Processing', the validations for that Order are currently being processed.
// This is a transient state.
Processing State = "processing"
// Invalid signifies that an ACME resource is invalid for some reason.
// If an Order is marked 'invalid', one of its validations be have invalid for some reason.
// This is a final state.
Invalid State = "invalid"
// Expired signifies that an ACME resource has expired.
// If an Order is marked 'Expired', one of its validations may have expired or the Order itself.
// This is a final state.
Expired State = "expired"
// Errored signifies that the ACME resource has errored for some reason.
// This is a catch-all state, and is used for marking internal cert-manager
// errors such as validation failures.
// This is a final state.
Errored State = "errored"
)

841
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2/zz_generated.deepcopy.go generated vendored Normal file
View File

@ -0,0 +1,841 @@
// +build !ignore_autogenerated
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha2
import (
metav1 "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
v1 "k8s.io/api/core/v1"
v1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEAuthorization) DeepCopyInto(out *ACMEAuthorization) {
*out = *in
if in.Wildcard != nil {
in, out := &in.Wildcard, &out.Wildcard
*out = new(bool)
**out = **in
}
if in.Challenges != nil {
in, out := &in.Challenges, &out.Challenges
*out = make([]ACMEChallenge, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEAuthorization.
func (in *ACMEAuthorization) DeepCopy() *ACMEAuthorization {
if in == nil {
return nil
}
out := new(ACMEAuthorization)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallenge) DeepCopyInto(out *ACMEChallenge) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallenge.
func (in *ACMEChallenge) DeepCopy() *ACMEChallenge {
if in == nil {
return nil
}
out := new(ACMEChallenge)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolver) DeepCopyInto(out *ACMEChallengeSolver) {
*out = *in
if in.Selector != nil {
in, out := &in.Selector, &out.Selector
*out = new(CertificateDNSNameSelector)
(*in).DeepCopyInto(*out)
}
if in.HTTP01 != nil {
in, out := &in.HTTP01, &out.HTTP01
*out = new(ACMEChallengeSolverHTTP01)
(*in).DeepCopyInto(*out)
}
if in.DNS01 != nil {
in, out := &in.DNS01, &out.DNS01
*out = new(ACMEChallengeSolverDNS01)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolver.
func (in *ACMEChallengeSolver) DeepCopy() *ACMEChallengeSolver {
if in == nil {
return nil
}
out := new(ACMEChallengeSolver)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverDNS01) DeepCopyInto(out *ACMEChallengeSolverDNS01) {
*out = *in
if in.Akamai != nil {
in, out := &in.Akamai, &out.Akamai
*out = new(ACMEIssuerDNS01ProviderAkamai)
**out = **in
}
if in.CloudDNS != nil {
in, out := &in.CloudDNS, &out.CloudDNS
*out = new(ACMEIssuerDNS01ProviderCloudDNS)
(*in).DeepCopyInto(*out)
}
if in.Cloudflare != nil {
in, out := &in.Cloudflare, &out.Cloudflare
*out = new(ACMEIssuerDNS01ProviderCloudflare)
(*in).DeepCopyInto(*out)
}
if in.Route53 != nil {
in, out := &in.Route53, &out.Route53
*out = new(ACMEIssuerDNS01ProviderRoute53)
**out = **in
}
if in.AzureDNS != nil {
in, out := &in.AzureDNS, &out.AzureDNS
*out = new(ACMEIssuerDNS01ProviderAzureDNS)
(*in).DeepCopyInto(*out)
}
if in.DigitalOcean != nil {
in, out := &in.DigitalOcean, &out.DigitalOcean
*out = new(ACMEIssuerDNS01ProviderDigitalOcean)
**out = **in
}
if in.AcmeDNS != nil {
in, out := &in.AcmeDNS, &out.AcmeDNS
*out = new(ACMEIssuerDNS01ProviderAcmeDNS)
**out = **in
}
if in.RFC2136 != nil {
in, out := &in.RFC2136, &out.RFC2136
*out = new(ACMEIssuerDNS01ProviderRFC2136)
**out = **in
}
if in.Webhook != nil {
in, out := &in.Webhook, &out.Webhook
*out = new(ACMEIssuerDNS01ProviderWebhook)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverDNS01.
func (in *ACMEChallengeSolverDNS01) DeepCopy() *ACMEChallengeSolverDNS01 {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverDNS01)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01) DeepCopyInto(out *ACMEChallengeSolverHTTP01) {
*out = *in
if in.Ingress != nil {
in, out := &in.Ingress, &out.Ingress
*out = new(ACMEChallengeSolverHTTP01Ingress)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01.
func (in *ACMEChallengeSolverHTTP01) DeepCopy() *ACMEChallengeSolverHTTP01 {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopyInto(out *ACMEChallengeSolverHTTP01Ingress) {
*out = *in
if in.Class != nil {
in, out := &in.Class, &out.Class
*out = new(string)
**out = **in
}
if in.PodTemplate != nil {
in, out := &in.PodTemplate, &out.PodTemplate
*out = new(ACMEChallengeSolverHTTP01IngressPodTemplate)
(*in).DeepCopyInto(*out)
}
if in.IngressTemplate != nil {
in, out := &in.IngressTemplate, &out.IngressTemplate
*out = new(ACMEChallengeSolverHTTP01IngressTemplate)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01Ingress.
func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopy() *ACMEChallengeSolverHTTP01Ingress {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01Ingress)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressObjectMeta) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressObjectMeta.
func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressObjectMeta {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodObjectMeta) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodObjectMeta.
func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodObjectMeta {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodSpec) {
*out = *in
if in.NodeSelector != nil {
in, out := &in.NodeSelector, &out.NodeSelector
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Affinity != nil {
in, out := &in.Affinity, &out.Affinity
*out = new(v1.Affinity)
(*in).DeepCopyInto(*out)
}
if in.Tolerations != nil {
in, out := &in.Tolerations, &out.Tolerations
*out = make([]v1.Toleration, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodSpec.
func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodSpec {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodTemplate) {
*out = *in
in.ACMEChallengeSolverHTTP01IngressPodObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressPodObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodTemplate.
func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodTemplate {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressTemplate) {
*out = *in
in.ACMEChallengeSolverHTTP01IngressObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressObjectMeta)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressTemplate.
func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressTemplate {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEExternalAccountBinding) DeepCopyInto(out *ACMEExternalAccountBinding) {
*out = *in
out.Key = in.Key
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEExternalAccountBinding.
func (in *ACMEExternalAccountBinding) DeepCopy() *ACMEExternalAccountBinding {
if in == nil {
return nil
}
out := new(ACMEExternalAccountBinding)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuer) DeepCopyInto(out *ACMEIssuer) {
*out = *in
if in.ExternalAccountBinding != nil {
in, out := &in.ExternalAccountBinding, &out.ExternalAccountBinding
*out = new(ACMEExternalAccountBinding)
**out = **in
}
out.PrivateKey = in.PrivateKey
if in.Solvers != nil {
in, out := &in.Solvers, &out.Solvers
*out = make([]ACMEChallengeSolver, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuer.
func (in *ACMEIssuer) DeepCopy() *ACMEIssuer {
if in == nil {
return nil
}
out := new(ACMEIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAcmeDNS) {
*out = *in
out.AccountSecret = in.AccountSecret
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAcmeDNS.
func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopy() *ACMEIssuerDNS01ProviderAcmeDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAcmeDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopyInto(out *ACMEIssuerDNS01ProviderAkamai) {
*out = *in
out.ClientToken = in.ClientToken
out.ClientSecret = in.ClientSecret
out.AccessToken = in.AccessToken
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAkamai.
func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopy() *ACMEIssuerDNS01ProviderAkamai {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAkamai)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAzureDNS) {
*out = *in
if in.ClientSecret != nil {
in, out := &in.ClientSecret, &out.ClientSecret
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAzureDNS.
func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopy() *ACMEIssuerDNS01ProviderAzureDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAzureDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudDNS) {
*out = *in
if in.ServiceAccount != nil {
in, out := &in.ServiceAccount, &out.ServiceAccount
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudDNS.
func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopy() *ACMEIssuerDNS01ProviderCloudDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderCloudDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudflare) {
*out = *in
if in.APIKey != nil {
in, out := &in.APIKey, &out.APIKey
*out = new(metav1.SecretKeySelector)
**out = **in
}
if in.APIToken != nil {
in, out := &in.APIToken, &out.APIToken
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudflare.
func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopy() *ACMEIssuerDNS01ProviderCloudflare {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderCloudflare)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopyInto(out *ACMEIssuerDNS01ProviderDigitalOcean) {
*out = *in
out.Token = in.Token
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderDigitalOcean.
func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopy() *ACMEIssuerDNS01ProviderDigitalOcean {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderDigitalOcean)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopyInto(out *ACMEIssuerDNS01ProviderRFC2136) {
*out = *in
out.TSIGSecret = in.TSIGSecret
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRFC2136.
func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC2136 {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderRFC2136)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) {
*out = *in
out.SecretAccessKey = in.SecretAccessKey
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRoute53.
func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopy() *ACMEIssuerDNS01ProviderRoute53 {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderRoute53)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopyInto(out *ACMEIssuerDNS01ProviderWebhook) {
*out = *in
if in.Config != nil {
in, out := &in.Config, &out.Config
*out = new(v1beta1.JSON)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderWebhook.
func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopy() *ACMEIssuerDNS01ProviderWebhook {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderWebhook)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerStatus) DeepCopyInto(out *ACMEIssuerStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerStatus.
func (in *ACMEIssuerStatus) DeepCopy() *ACMEIssuerStatus {
if in == nil {
return nil
}
out := new(ACMEIssuerStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateDNSNameSelector) DeepCopyInto(out *CertificateDNSNameSelector) {
*out = *in
if in.MatchLabels != nil {
in, out := &in.MatchLabels, &out.MatchLabels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DNSZones != nil {
in, out := &in.DNSZones, &out.DNSZones
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateDNSNameSelector.
func (in *CertificateDNSNameSelector) DeepCopy() *CertificateDNSNameSelector {
if in == nil {
return nil
}
out := new(CertificateDNSNameSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Challenge) DeepCopyInto(out *Challenge) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Challenge.
func (in *Challenge) DeepCopy() *Challenge {
if in == nil {
return nil
}
out := new(Challenge)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Challenge) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeList) DeepCopyInto(out *ChallengeList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Challenge, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeList.
func (in *ChallengeList) DeepCopy() *ChallengeList {
if in == nil {
return nil
}
out := new(ChallengeList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ChallengeList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeSpec) DeepCopyInto(out *ChallengeSpec) {
*out = *in
in.Solver.DeepCopyInto(&out.Solver)
out.IssuerRef = in.IssuerRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeSpec.
func (in *ChallengeSpec) DeepCopy() *ChallengeSpec {
if in == nil {
return nil
}
out := new(ChallengeSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeStatus) DeepCopyInto(out *ChallengeStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeStatus.
func (in *ChallengeStatus) DeepCopy() *ChallengeStatus {
if in == nil {
return nil
}
out := new(ChallengeStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Order) DeepCopyInto(out *Order) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Order.
func (in *Order) DeepCopy() *Order {
if in == nil {
return nil
}
out := new(Order)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Order) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderList) DeepCopyInto(out *OrderList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Order, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderList.
func (in *OrderList) DeepCopy() *OrderList {
if in == nil {
return nil
}
out := new(OrderList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OrderList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderSpec) DeepCopyInto(out *OrderSpec) {
*out = *in
if in.CSR != nil {
in, out := &in.CSR, &out.CSR
*out = make([]byte, len(*in))
copy(*out, *in)
}
out.IssuerRef = in.IssuerRef
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPAddresses != nil {
in, out := &in.IPAddresses, &out.IPAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(apismetav1.Duration)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderSpec.
func (in *OrderSpec) DeepCopy() *OrderSpec {
if in == nil {
return nil
}
out := new(OrderSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderStatus) DeepCopyInto(out *OrderStatus) {
*out = *in
if in.Authorizations != nil {
in, out := &in.Authorizations, &out.Authorizations
*out = make([]ACMEAuthorization, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Certificate != nil {
in, out := &in.Certificate, &out.Certificate
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.FailureTime != nil {
in, out := &in.FailureTime, &out.FailureTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderStatus.
func (in *OrderStatus) DeepCopy() *OrderStatus {
if in == nil {
return nil
}
out := new(OrderStatus)
in.DeepCopyInto(out)
return out
}

27
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,27 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"const.go",
"doc.go",
"register.go",
"types.go",
"types_challenge.go",
"types_issuer.go",
"types_order.go",
"zz_generated.deepcopy.go",
],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3",
importpath = "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/jetstack/cert-manager/pkg/apis/acme:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)

21
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3/const.go generated vendored Normal file
View File

@ -0,0 +1,21 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
const (
ACMEFinalizer = "finalizer.acme.cert-manager.io"
)

23
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3/doc.go generated vendored Normal file
View File

@ -0,0 +1,23 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1alpha3 is the v1alpha3 version of the API.
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/acme
// +k8s:openapi-gen=true
// +k8s:defaulter-gen=TypeMeta
// +groupName=acme.cert-manager.io
package v1alpha3

58
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3/register.go generated vendored Normal file
View File

@ -0,0 +1,58 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/jetstack/cert-manager/pkg/apis/acme"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: acme.GroupName, Version: "v1alpha3"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Order{},
&OrderList{},
&Challenge{},
&ChallengeList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

43
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3/types.go generated vendored Normal file
View File

@ -0,0 +1,43 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
const (
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.name field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users of Ingress controllers that maintain
// a 1:1 mapping between endpoint IP and Ingress resource.
ACMECertificateHTTP01IngressNameOverride = "acme.cert-manager.io/http01-override-ingress-name"
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.class field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users deploying many different ingress
// classes into a single cluster that want to be able to re-use a single
// solver for each ingress class.
ACMECertificateHTTP01IngressClassOverride = "acme.cert-manager.io/http01-override-ingress-class"
// IngressEditInPlaceAnnotation is used to toggle the use of ingressClass instead
// of ingress on the created Certificate resource
IngressEditInPlaceAnnotationKey = "acme.cert-manager.io/http01-edit-in-place"
)
const (
OrderKind = "Order"
ChallengeKind = "Challenge"
)

145
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3/types_challenge.go generated vendored Normal file
View File

@ -0,0 +1,145 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Challenge is a type to represent a Challenge request with an ACME server
// +k8s:openapi-gen=true
// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state"
// +kubebuilder:printcolumn:name="Domain",type="string",JSONPath=".spec.dnsName"
// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason",description="",priority=1
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC."
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=challenges
type Challenge struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec ChallengeSpec `json:"spec,omitempty"`
Status ChallengeStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ChallengeList is a list of Challenges
type ChallengeList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Challenge `json:"items"`
}
type ChallengeSpec struct {
// URL is the URL of the ACME Challenge resource for this challenge.
// This can be used to lookup details about the status of this challenge.
URL string `json:"url"`
// AuthzURL is the URL to the ACME Authorization resource that this
// challenge is a part of.
AuthzURL string `json:"authzURL"`
// DNSName is the identifier that this challenge is for, e.g. example.com.
// If the requested DNSName is a 'wildcard', this field MUST be set to the
// non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
DNSName string `json:"dnsName"`
// Wildcard will be true if this challenge is for a wildcard identifier,
// for example '*.example.com'.
// +optional
Wildcard bool `json:"wildcard"`
// Type is the type of ACME challenge this resource represents.
// One of "http-01" or "dns-01".
Type ACMEChallengeType `json:"type"`
// Token is the ACME challenge token for this challenge.
// This is the raw value returned from the ACME server.
Token string `json:"token"`
// Key is the ACME challenge key for this challenge
// For HTTP01 challenges, this is the value that must be responded with to
// complete the HTTP01 challenge in the format:
// `<private key JWK thumbprint>.<key from acme server for challenge>`.
// For DNS01 challenges, this is the base64 encoded SHA256 sum of the
// `<private key JWK thumbprint>.<key from acme server for challenge>`
// text that must be set as the TXT record content.
Key string `json:"key"`
// Solver contains the domain solving configuration that should be used to
// solve this challenge resource.
Solver ACMEChallengeSolver `json:"solver"`
// IssuerRef references a properly configured ACME-type Issuer which should
// be used to create this Challenge.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Challenge will be marked as failed.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
}
// The type of ACME challenge. Only http-01 and dns-01 are supported.
// +kubebuilder:validation:Enum=http-01;dns-01
type ACMEChallengeType string
const (
// ACMEChallengeTypeHTTP01 denotes a Challenge is of type http-01
// More info: https://letsencrypt.org/docs/challenge-types/#http-01-challenge
ACMEChallengeTypeHTTP01 ACMEChallengeType = "http-01"
// ACMEChallengeTypeDNS01 denotes a Challenge is of type dns-01
// More info: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
ACMEChallengeTypeDNS01 ACMEChallengeType = "dns-01"
)
type ChallengeStatus struct {
// Processing is used to denote whether this challenge should be processed
// or not.
// This field will only be set to true by the 'scheduling' component.
// It will only be set to false by the 'challenges' controller, after the
// challenge has reached a final state or timed out.
// If this field is set to false, the challenge controller will not take
// any more action.
// +optional
Processing bool `json:"processing"`
// Presented will be set to true if the challenge values for this challenge
// are currently 'presented'.
// This *does not* imply the self check is passing. Only that the values
// have been 'submitted' for the appropriate challenge mechanism (i.e. the
// DNS01 TXT record has been presented, or the HTTP01 configuration has been
// configured).
// +optional
Presented bool `json:"presented"`
// Reason contains human readable information on why the Challenge is in the
// current state.
// +optional
Reason string `json:"reason,omitempty"`
// State contains the current 'state' of the challenge.
// If not set, the state of the challenge is unknown.
// +optional
State State `json:"state,omitempty"`
}

556
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3/types_issuer.go generated vendored Normal file
View File

@ -0,0 +1,556 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
corev1 "k8s.io/api/core/v1"
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// ACMEIssuer contains the specification for an ACME issuer.
// This uses the RFC8555 specification to obtain certificates by completing
// 'challenges' to prove ownership of domain identifiers.
// Earlier draft versions of the ACME specification are not supported.
type ACMEIssuer struct {
// Email is the email address to be associated with the ACME account.
// This field is optional, but it is strongly recommended to be set.
// It will be used to contact you in case of issues with your account or
// certificates, including expiry notification emails.
// This field may be updated after the account is initially registered.
// +optional
Email string `json:"email,omitempty"`
// Server is the URL used to access the ACME server's 'directory' endpoint.
// For example, for Let's Encrypt's staging endpoint, you would use:
// "https://acme-staging-v02.api.letsencrypt.org/directory".
// Only ACME v2 endpoints (i.e. RFC 8555) are supported.
Server string `json:"server"`
// PreferredChain is the chain to use if the ACME server outputs multiple.
// PreferredChain is no guarantee that this one gets delivered by the ACME
// endpoint.
// For example, for Let's Encrypt's DST crosssign you would use:
// "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA.
// This value picks the first certificate bundle in the ACME alternative
// chains that has a certificate with this value as its issuer's CN
// +optional
// +kubebuilder:validation:MaxLength=64
PreferredChain string `json:"preferredChain"`
// Enables or disables validation of the ACME server TLS certificate.
// If true, requests to the ACME server will not have their TLS certificate
// validated (i.e. insecure connections will be allowed).
// Only enable this option in development environments.
// The cert-manager system installed roots will be used to verify connections
// to the ACME server if this is false.
// Defaults to false.
// +optional
SkipTLSVerify bool `json:"skipTLSVerify,omitempty"`
// ExternalAccountBinding is a reference to a CA external account of the ACME
// server.
// If set, upon registration cert-manager will attempt to associate the given
// external account credentials with the registered ACME account.
// +optional
ExternalAccountBinding *ACMEExternalAccountBinding `json:"externalAccountBinding,omitempty"`
// PrivateKey is the name of a Kubernetes Secret resource that will be used to
// store the automatically generated ACME account private key.
// Optionally, a `key` may be specified to select a specific entry within
// the named Secret resource.
// If `key` is not specified, a default of `tls.key` will be used.
PrivateKey cmmeta.SecretKeySelector `json:"privateKeySecretRef"`
// Solvers is a list of challenge solvers that will be used to solve
// ACME challenges for the matching domains.
// Solver configurations must be provided in order to obtain certificates
// from an ACME server.
// For more information, see: https://cert-manager.io/docs/configuration/acme/
// +optional
Solvers []ACMEChallengeSolver `json:"solvers,omitempty"`
// Enables or disables generating a new ACME account key.
// If true, the Issuer resource will *not* request a new account but will expect
// the account key to be supplied via an existing secret.
// If false, the cert-manager system will generate a new ACME account key
// for the Issuer.
// Defaults to false.
// +optional
DisableAccountKeyGeneration bool `json:"disableAccountKeyGeneration,omitempty"`
// Enables requesting a Not After date on certificates that matches the
// duration of the certificate. This is not supported by all ACME servers
// like Let's Encrypt. If set to true when the ACME server does not support
// it it will create an error on the Order.
// Defaults to false.
// +optional
EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
}
// ACMEExternalAccountBinding is a reference to a CA external account of the ACME
// server.
type ACMEExternalAccountBinding struct {
// keyID is the ID of the CA key that the External Account is bound to.
KeyID string `json:"keyID"`
// keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes
// Secret which holds the symmetric MAC key of the External Account Binding.
// The `key` is the index string that is paired with the key data in the
// Secret and should not be confused with the key data itself, or indeed with
// the External Account Binding keyID above.
// The secret key stored in the Secret **must** be un-padded, base64 URL
// encoded data.
Key cmmeta.SecretKeySelector `json:"keySecretRef"`
// keyAlgorithm is the MAC key algorithm that the key is used for.
// Valid values are "HS256", "HS384" and "HS512".
KeyAlgorithm HMACKeyAlgorithm `json:"keyAlgorithm"`
}
// HMACKeyAlgorithm is the name of a key algorithm used for HMAC encryption
// +kubebuilder:validation:Enum=HS256;HS384;HS512
type HMACKeyAlgorithm string
const (
HS256 HMACKeyAlgorithm = "HS256"
HS384 HMACKeyAlgorithm = "HS384"
HS512 HMACKeyAlgorithm = "HS512"
)
// Configures an issuer to solve challenges using the specified options.
// Only one of HTTP01 or DNS01 may be provided.
type ACMEChallengeSolver struct {
// Selector selects a set of DNSNames on the Certificate resource that
// should be solved using this challenge solver.
// If not specified, the solver will be treated as the 'default' solver
// with the lowest priority, i.e. if any other solver has a more specific
// match, it will be used instead.
// +optional
Selector *CertificateDNSNameSelector `json:"selector,omitempty"`
// Configures cert-manager to attempt to complete authorizations by
// performing the HTTP01 challenge flow.
// It is not possible to obtain certificates for wildcard domain names
// (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
// +optional
HTTP01 *ACMEChallengeSolverHTTP01 `json:"http01,omitempty"`
// Configures cert-manager to attempt to complete authorizations by
// performing the DNS01 challenge flow.
// +optional
DNS01 *ACMEChallengeSolverDNS01 `json:"dns01,omitempty"`
}
// CertificateDomainSelector selects certificates using a label selector, and
// can optionally select individual DNS names within those certificates.
// If both MatchLabels and DNSNames are empty, this selector will match all
// certificates and DNS names within them.
type CertificateDNSNameSelector struct {
// A label selector that is used to refine the set of certificate's that
// this challenge solver will apply to.
// +optional
MatchLabels map[string]string `json:"matchLabels,omitempty"`
// List of DNSNames that this solver will be used to solve.
// If specified and a match is found, a dnsNames selector will take
// precedence over a dnsZones selector.
// If multiple solvers match with the same dnsNames value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
DNSNames []string `json:"dnsNames,omitempty"`
// List of DNSZones that this solver will be used to solve.
// The most specific DNS zone match specified here will take precedence
// over other DNS zone matches, so a solver specifying sys.example.com
// will be selected over one specifying example.com for the domain
// www.sys.example.com.
// If multiple solvers match with the same dnsZones value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
DNSZones []string `json:"dnsZones,omitempty"`
}
// ACMEChallengeSolverHTTP01 contains configuration detailing how to solve
// HTTP01 challenges within a Kubernetes cluster.
// Typically this is accomplished through creating 'routes' of some description
// that configure ingress controllers to direct traffic to 'solver pods', which
// are responsible for responding to the ACME server's HTTP requests.
type ACMEChallengeSolverHTTP01 struct {
// The ingress based HTTP01 challenge solver will solve challenges by
// creating or modifying Ingress resources in order to route requests for
// '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are
// provisioned by cert-manager for each Challenge to be completed.
// +optional
Ingress *ACMEChallengeSolverHTTP01Ingress `json:"ingress,omitempty"`
}
type ACMEChallengeSolverHTTP01Ingress struct {
// Optional service type for Kubernetes solver service
// +optional
ServiceType corev1.ServiceType `json:"serviceType,omitempty"`
// The ingress class to use when creating Ingress resources to solve ACME
// challenges that use this challenge solver.
// Only one of 'class' or 'name' may be specified.
// +optional
Class *string `json:"class,omitempty"`
// The name of the ingress resource that should have ACME challenge solving
// routes inserted into it in order to solve HTTP01 challenges.
// This is typically used in conjunction with ingress controllers like
// ingress-gce, which maintains a 1:1 mapping between external IPs and
// ingress resources.
// +optional
Name string `json:"name,omitempty"`
// Optional pod template used to configure the ACME challenge solver pods
// used for HTTP01 challenges
// +optional
PodTemplate *ACMEChallengeSolverHTTP01IngressPodTemplate `json:"podTemplate,omitempty"`
// Optional ingress template used to configure the ACME challenge solver
// ingress used for HTTP01 challenges
// +optional
IngressTemplate *ACMEChallengeSolverHTTP01IngressTemplate `json:"ingressTemplate,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressPodTemplate struct {
// ObjectMeta overrides for the pod used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
ACMEChallengeSolverHTTP01IngressPodObjectMeta `json:"metadata"`
// PodSpec defines overrides for the HTTP01 challenge solver pod.
// Only the 'priorityClassName', 'nodeSelector', 'affinity',
// 'serviceAccountName' and 'tolerations' fields are supported currently.
// All other fields will be ignored.
// +optional
Spec ACMEChallengeSolverHTTP01IngressPodSpec `json:"spec"`
}
type ACMEChallengeSolverHTTP01IngressPodObjectMeta struct {
// Annotations that should be added to the create ACME HTTP01 solver pods.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// Labels that should be added to the created ACME HTTP01 solver pods.
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressPodSpec struct {
// NodeSelector is a selector which must be true for the pod to fit on a node.
// Selector which must match a node's labels for the pod to be scheduled on that node.
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// If specified, the pod's scheduling constraints
// +optional
Affinity *corev1.Affinity `json:"affinity,omitempty"`
// If specified, the pod's tolerations.
// +optional
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// If specified, the pod's priorityClassName.
// +optional
PriorityClassName string `json:"priorityClassName,omitempty"`
// If specified, the pod's service account
// +optional
ServiceAccountName string `json:"serviceAccountName,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressTemplate struct {
// ObjectMeta overrides for the ingress used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
ACMEChallengeSolverHTTP01IngressObjectMeta `json:"metadata"`
}
type ACMEChallengeSolverHTTP01IngressObjectMeta struct {
// Annotations that should be added to the created ACME HTTP01 solver ingress.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// Labels that should be added to the created ACME HTTP01 solver ingress.
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
// Used to configure a DNS01 challenge provider to be used when solving DNS01
// challenges.
// Only one DNS provider may be configured per solver.
type ACMEChallengeSolverDNS01 struct {
// CNAMEStrategy configures how the DNS01 provider should handle CNAME
// records when found in DNS zones.
// +optional
CNAMEStrategy CNAMEStrategy `json:"cnameStrategy,omitempty"`
// Use the Akamai DNS zone management API to manage DNS01 challenge records.
// +optional
Akamai *ACMEIssuerDNS01ProviderAkamai `json:"akamai,omitempty"`
// Use the Google Cloud DNS API to manage DNS01 challenge records.
// +optional
CloudDNS *ACMEIssuerDNS01ProviderCloudDNS `json:"clouddns,omitempty"`
// Use the Cloudflare API to manage DNS01 challenge records.
// +optional
Cloudflare *ACMEIssuerDNS01ProviderCloudflare `json:"cloudflare,omitempty"`
// Use the AWS Route53 API to manage DNS01 challenge records.
// +optional
Route53 *ACMEIssuerDNS01ProviderRoute53 `json:"route53,omitempty"`
// Use the Microsoft Azure DNS API to manage DNS01 challenge records.
// +optional
AzureDNS *ACMEIssuerDNS01ProviderAzureDNS `json:"azuredns,omitempty"`
// Use the DigitalOcean DNS API to manage DNS01 challenge records.
// +optional
DigitalOcean *ACMEIssuerDNS01ProviderDigitalOcean `json:"digitalocean,omitempty"`
// Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage
// DNS01 challenge records.
// +optional
AcmeDNS *ACMEIssuerDNS01ProviderAcmeDNS `json:"acmedns,omitempty"`
// Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/)
// to manage DNS01 challenge records.
// +optional
RFC2136 *ACMEIssuerDNS01ProviderRFC2136 `json:"rfc2136,omitempty"`
// Configure an external webhook based DNS01 challenge solver to manage
// DNS01 challenge records.
// +optional
Webhook *ACMEIssuerDNS01ProviderWebhook `json:"webhook,omitempty"`
}
// CNAMEStrategy configures how the DNS01 provider should handle CNAME records
// when found in DNS zones.
// By default, the None strategy will be applied (i.e. do not follow CNAMEs).
// +kubebuilder:validation:Enum=None;Follow
type CNAMEStrategy string
const (
// NoneStrategy indicates that no CNAME resolution strategy should be used
// when determining which DNS zone to update during DNS01 challenges.
NoneStrategy = "None"
// FollowStrategy will cause cert-manager to recurse through CNAMEs in
// order to determine which DNS zone to update during DNS01 challenges.
// This is useful if you do not want to grant cert-manager access to your
// root DNS zone, and instead delegate the _acme-challenge.example.com
// subdomain to some other, less privileged domain.
FollowStrategy = "Follow"
)
// ACMEIssuerDNS01ProviderAkamai is a structure containing the DNS
// configuration for Akamai DNS—Zone Record Management API
type ACMEIssuerDNS01ProviderAkamai struct {
ServiceConsumerDomain string `json:"serviceConsumerDomain"`
ClientToken cmmeta.SecretKeySelector `json:"clientTokenSecretRef"`
ClientSecret cmmeta.SecretKeySelector `json:"clientSecretSecretRef"`
AccessToken cmmeta.SecretKeySelector `json:"accessTokenSecretRef"`
}
// ACMEIssuerDNS01ProviderCloudDNS is a structure containing the DNS
// configuration for Google Cloud DNS
type ACMEIssuerDNS01ProviderCloudDNS struct {
// +optional
ServiceAccount *cmmeta.SecretKeySelector `json:"serviceAccountSecretRef,omitempty"`
Project string `json:"project"`
// HostedZoneName is an optional field that tells cert-manager in which
// Cloud DNS zone the challenge record has to be created.
// If left empty cert-manager will automatically choose a zone.
// +optional
HostedZoneName string `json:"hostedZoneName,omitempty"`
}
// ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS
// configuration for Cloudflare.
// One of `apiKeySecretRef` or `apiTokenSecretRef` must be provided.
type ACMEIssuerDNS01ProviderCloudflare struct {
// Email of the account, only required when using API key based authentication.
// +optional
Email string `json:"email,omitempty"`
// API key to use to authenticate with Cloudflare.
// Note: using an API token to authenticate is now the recommended method
// as it allows greater control of permissions.
// +optional
APIKey *cmmeta.SecretKeySelector `json:"apiKeySecretRef,omitempty"`
// API token used to authenticate with Cloudflare.
// +optional
APIToken *cmmeta.SecretKeySelector `json:"apiTokenSecretRef,omitempty"`
}
// ACMEIssuerDNS01ProviderDigitalOcean is a structure containing the DNS
// configuration for DigitalOcean Domains
type ACMEIssuerDNS01ProviderDigitalOcean struct {
Token cmmeta.SecretKeySelector `json:"tokenSecretRef"`
}
// ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53
// configuration for AWS
type ACMEIssuerDNS01ProviderRoute53 struct {
// The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
AccessKeyID string `json:"accessKeyID,omitempty"`
// The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
SecretAccessKey cmmeta.SecretKeySelector `json:"secretAccessKeySecretRef"`
// Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey
// or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
// +optional
Role string `json:"role,omitempty"`
// If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
// +optional
HostedZoneID string `json:"hostedZoneID,omitempty"`
// Always set the region when using AccessKeyID and SecretAccessKey
Region string `json:"region"`
}
// ACMEIssuerDNS01ProviderAzureDNS is a structure containing the
// configuration for Azure DNS
type ACMEIssuerDNS01ProviderAzureDNS struct {
// if both this and ClientSecret are left unset MSI will be used
// +optional
ClientID string `json:"clientID,omitempty"`
// if both this and ClientID are left unset MSI will be used
// +optional
ClientSecret *cmmeta.SecretKeySelector `json:"clientSecretSecretRef,omitempty"`
SubscriptionID string `json:"subscriptionID"`
// when specifying ClientID and ClientSecret then this field is also needed
// +optional
TenantID string `json:"tenantID,omitempty"`
ResourceGroupName string `json:"resourceGroupName"`
// +optional
HostedZoneName string `json:"hostedZoneName,omitempty"`
// +optional
Environment AzureDNSEnvironment `json:"environment,omitempty"`
}
// +kubebuilder:validation:Enum=AzurePublicCloud;AzureChinaCloud;AzureGermanCloud;AzureUSGovernmentCloud
type AzureDNSEnvironment string
const (
AzurePublicCloud AzureDNSEnvironment = "AzurePublicCloud"
AzureChinaCloud AzureDNSEnvironment = "AzureChinaCloud"
AzureGermanCloud AzureDNSEnvironment = "AzureGermanCloud"
AzureUSGovernmentCloud AzureDNSEnvironment = "AzureUSGovernmentCloud"
)
// ACMEIssuerDNS01ProviderAcmeDNS is a structure containing the
// configuration for ACME-DNS servers
type ACMEIssuerDNS01ProviderAcmeDNS struct {
Host string `json:"host"`
AccountSecret cmmeta.SecretKeySelector `json:"accountSecretRef"`
}
// ACMEIssuerDNS01ProviderRFC2136 is a structure containing the
// configuration for RFC2136 DNS
type ACMEIssuerDNS01ProviderRFC2136 struct {
// The IP address or hostname of an authoritative DNS server supporting
// RFC2136 in the form host:port. If the host is an IPv6 address it must be
// enclosed in square brackets (e.g [2001:db8::1]) ; port is optional.
// This field is required.
Nameserver string `json:"nameserver"`
// The name of the secret containing the TSIG value.
// If ``tsigKeyName`` is defined, this field is required.
// +optional
TSIGSecret cmmeta.SecretKeySelector `json:"tsigSecretSecretRef,omitempty"`
// The TSIG Key name configured in the DNS.
// If ``tsigSecretSecretRef`` is defined, this field is required.
// +optional
TSIGKeyName string `json:"tsigKeyName,omitempty"`
// The TSIG Algorithm configured in the DNS supporting RFC2136. Used only
// when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined.
// Supported values are (case-insensitive): ``HMACMD5`` (default),
// ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.
// +optional
TSIGAlgorithm string `json:"tsigAlgorithm,omitempty"`
}
// ACMEIssuerDNS01ProviderWebhook specifies configuration for a webhook DNS01
// provider, including where to POST ChallengePayload resources.
type ACMEIssuerDNS01ProviderWebhook struct {
// The API group name that should be used when POSTing ChallengePayload
// resources to the webhook apiserver.
// This should be the same as the GroupName specified in the webhook
// provider implementation.
GroupName string `json:"groupName"`
// The name of the solver to use, as defined in the webhook provider
// implementation.
// This will typically be the name of the provider, e.g. 'cloudflare'.
SolverName string `json:"solverName"`
// Additional configuration that should be passed to the webhook apiserver
// when challenges are processed.
// This can contain arbitrary JSON data.
// Secret values should not be specified in this stanza.
// If secret values are needed (e.g. credentials for a DNS service), you
// should use a SecretKeySelector to reference a Secret resource.
// For details on the schema of this field, consult the webhook provider
// implementation's documentation.
// +optional
Config *apiext.JSON `json:"config,omitempty"`
}
type ACMEIssuerStatus struct {
// URI is the unique account identifier, which can also be used to retrieve
// account details from the CA
// +optional
URI string `json:"uri,omitempty"`
// LastRegisteredEmail is the email associated with the latest registered
// ACME account, in order to track changes made to registered account
// associated with the Issuer
// +optional
LastRegisteredEmail string `json:"lastRegisteredEmail,omitempty"`
}

238
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3/types_order.go generated vendored Normal file
View File

@ -0,0 +1,238 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Order is a type to represent an Order with an ACME server
// +k8s:openapi-gen=true
type Order struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec OrderSpec `json:"spec,omitempty"`
Status OrderStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OrderList is a list of Orders
type OrderList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Order `json:"items"`
}
type OrderSpec struct {
// Certificate signing request bytes in DER encoding.
// This will be used when finalizing the order.
// This field must be set on the order.
CSR []byte `json:"csr"`
// IssuerRef references a properly configured ACME-type Issuer which should
// be used to create this Order.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Order will be marked as failed.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// CommonName is the common name as specified on the DER encoded CSR.
// If specified, this value must also be present in `dnsNames` or `ipAddresses`.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
CommonName string `json:"commonName,omitempty"`
// DNSNames is a list of DNS names that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
//+optional
DNSNames []string `json:"dnsNames,omitempty"`
// IPAddresses is a list of IP addresses that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
IPAddresses []string `json:"ipAddresses,omitempty"`
// Duration is the duration for the not after date for the requested certificate.
// this is set on order creation as pe the ACME spec.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
}
type OrderStatus struct {
// URL of the Order.
// This will initially be empty when the resource is first created.
// The Order controller will populate this field when the Order is first processed.
// This field will be immutable after it is initially set.
// +optional
URL string `json:"url,omitempty"`
// FinalizeURL of the Order.
// This is used to obtain certificates for this order once it has been completed.
// +optional
FinalizeURL string `json:"finalizeURL,omitempty"`
// Authorizations contains data returned from the ACME server on what
// authorizations must be completed in order to validate the DNS names
// specified on the Order.
// +optional
Authorizations []ACMEAuthorization `json:"authorizations,omitempty"`
// Certificate is a copy of the PEM encoded certificate for this Order.
// This field will be populated after the order has been successfully
// finalized with the ACME server, and the order has transitioned to the
// 'valid' state.
// +optional
Certificate []byte `json:"certificate,omitempty"`
// State contains the current state of this Order resource.
// States 'success' and 'expired' are 'final'
// +optional
State State `json:"state,omitempty"`
// Reason optionally provides more information about a why the order is in
// the current state.
// +optional
Reason string `json:"reason,omitempty"`
// FailureTime stores the time that this order failed.
// This is used to influence garbage collection and back-off.
// +optional
FailureTime *metav1.Time `json:"failureTime,omitempty"`
}
// ACMEAuthorization contains data returned from the ACME server on an
// authorization that must be completed in order validate a DNS name on an ACME
// Order resource.
type ACMEAuthorization struct {
// URL is the URL of the Authorization that must be completed
URL string `json:"url"`
// Identifier is the DNS name to be validated as part of this authorization
// +optional
Identifier string `json:"identifier,omitempty"`
// Wildcard will be true if this authorization is for a wildcard DNS name.
// If this is true, the identifier will be the *non-wildcard* version of
// the DNS name.
// For example, if '*.example.com' is the DNS name being validated, this
// field will be 'true' and the 'identifier' field will be 'example.com'.
// +optional
Wildcard *bool `json:"wildcard,omitempty"`
// InitialState is the initial state of the ACME authorization when first
// fetched from the ACME server.
// If an Authorization is already 'valid', the Order controller will not
// create a Challenge resource for the authorization. This will occur when
// working with an ACME server that enables 'authz reuse' (such as Let's
// Encrypt's production endpoint).
// If not set and 'identifier' is set, the state is assumed to be pending
// and a Challenge will be created.
// +optional
InitialState State `json:"initialState,omitempty"`
// Challenges specifies the challenge types offered by the ACME server.
// One of these challenge types will be selected when validating the DNS
// name and an appropriate Challenge resource will be created to perform
// the ACME challenge process.
// +optional
Challenges []ACMEChallenge `json:"challenges,omitempty"`
}
// Challenge specifies a challenge offered by the ACME server for an Order.
// An appropriate Challenge resource can be created to perform the ACME
// challenge process.
type ACMEChallenge struct {
// URL is the URL of this challenge. It can be used to retrieve additional
// metadata about the Challenge from the ACME server.
URL string `json:"url"`
// Token is the token that must be presented for this challenge.
// This is used to compute the 'key' that must also be presented.
Token string `json:"token"`
// Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',
// 'tls-sni-01', etc.
// This is the raw value retrieved from the ACME server.
// Only 'http-01' and 'dns-01' are supported by cert-manager, other values
// will be ignored.
Type string `json:"type"`
}
// State represents the state of an ACME resource, such as an Order.
// The possible options here map to the corresponding values in the
// ACME specification.
// Full details of these values can be found here: https://tools.ietf.org/html/draft-ietf-acme-acme-15#section-7.1.6
// Clients utilising this type must also gracefully handle unknown
// values, as the contents of this enumeration may be added to over time.
// +kubebuilder:validation:Enum=valid;ready;pending;processing;invalid;expired;errored
type State string
const (
// Unknown is not a real state as part of the ACME spec.
// It is used to represent an unrecognised value.
Unknown State = ""
// Valid signifies that an ACME resource is in a valid state.
// If an order is 'valid', it has been finalized with the ACME server and
// the certificate can be retrieved from the ACME server using the
// certificate URL stored in the Order's status subresource.
// This is a final state.
Valid State = "valid"
// Ready signifies that an ACME resource is in a ready state.
// If an order is 'ready', all of its challenges have been completed
// successfully and the order is ready to be finalized.
// Once finalized, it will transition to the Valid state.
// This is a transient state.
Ready State = "ready"
// Pending signifies that an ACME resource is still pending and is not yet ready.
// If an Order is marked 'Pending', the validations for that Order are still in progress.
// This is a transient state.
Pending State = "pending"
// Processing signifies that an ACME resource is being processed by the server.
// If an Order is marked 'Processing', the validations for that Order are currently being processed.
// This is a transient state.
Processing State = "processing"
// Invalid signifies that an ACME resource is invalid for some reason.
// If an Order is marked 'invalid', one of its validations be have invalid for some reason.
// This is a final state.
Invalid State = "invalid"
// Expired signifies that an ACME resource has expired.
// If an Order is marked 'Expired', one of its validations may have expired or the Order itself.
// This is a final state.
Expired State = "expired"
// Errored signifies that the ACME resource has errored for some reason.
// This is a catch-all state, and is used for marking internal cert-manager
// errors such as validation failures.
// This is a final state.
Errored State = "errored"
)

841
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3/zz_generated.deepcopy.go generated vendored Normal file
View File

@ -0,0 +1,841 @@
// +build !ignore_autogenerated
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha3
import (
metav1 "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
v1 "k8s.io/api/core/v1"
v1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEAuthorization) DeepCopyInto(out *ACMEAuthorization) {
*out = *in
if in.Wildcard != nil {
in, out := &in.Wildcard, &out.Wildcard
*out = new(bool)
**out = **in
}
if in.Challenges != nil {
in, out := &in.Challenges, &out.Challenges
*out = make([]ACMEChallenge, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEAuthorization.
func (in *ACMEAuthorization) DeepCopy() *ACMEAuthorization {
if in == nil {
return nil
}
out := new(ACMEAuthorization)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallenge) DeepCopyInto(out *ACMEChallenge) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallenge.
func (in *ACMEChallenge) DeepCopy() *ACMEChallenge {
if in == nil {
return nil
}
out := new(ACMEChallenge)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolver) DeepCopyInto(out *ACMEChallengeSolver) {
*out = *in
if in.Selector != nil {
in, out := &in.Selector, &out.Selector
*out = new(CertificateDNSNameSelector)
(*in).DeepCopyInto(*out)
}
if in.HTTP01 != nil {
in, out := &in.HTTP01, &out.HTTP01
*out = new(ACMEChallengeSolverHTTP01)
(*in).DeepCopyInto(*out)
}
if in.DNS01 != nil {
in, out := &in.DNS01, &out.DNS01
*out = new(ACMEChallengeSolverDNS01)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolver.
func (in *ACMEChallengeSolver) DeepCopy() *ACMEChallengeSolver {
if in == nil {
return nil
}
out := new(ACMEChallengeSolver)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverDNS01) DeepCopyInto(out *ACMEChallengeSolverDNS01) {
*out = *in
if in.Akamai != nil {
in, out := &in.Akamai, &out.Akamai
*out = new(ACMEIssuerDNS01ProviderAkamai)
**out = **in
}
if in.CloudDNS != nil {
in, out := &in.CloudDNS, &out.CloudDNS
*out = new(ACMEIssuerDNS01ProviderCloudDNS)
(*in).DeepCopyInto(*out)
}
if in.Cloudflare != nil {
in, out := &in.Cloudflare, &out.Cloudflare
*out = new(ACMEIssuerDNS01ProviderCloudflare)
(*in).DeepCopyInto(*out)
}
if in.Route53 != nil {
in, out := &in.Route53, &out.Route53
*out = new(ACMEIssuerDNS01ProviderRoute53)
**out = **in
}
if in.AzureDNS != nil {
in, out := &in.AzureDNS, &out.AzureDNS
*out = new(ACMEIssuerDNS01ProviderAzureDNS)
(*in).DeepCopyInto(*out)
}
if in.DigitalOcean != nil {
in, out := &in.DigitalOcean, &out.DigitalOcean
*out = new(ACMEIssuerDNS01ProviderDigitalOcean)
**out = **in
}
if in.AcmeDNS != nil {
in, out := &in.AcmeDNS, &out.AcmeDNS
*out = new(ACMEIssuerDNS01ProviderAcmeDNS)
**out = **in
}
if in.RFC2136 != nil {
in, out := &in.RFC2136, &out.RFC2136
*out = new(ACMEIssuerDNS01ProviderRFC2136)
**out = **in
}
if in.Webhook != nil {
in, out := &in.Webhook, &out.Webhook
*out = new(ACMEIssuerDNS01ProviderWebhook)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverDNS01.
func (in *ACMEChallengeSolverDNS01) DeepCopy() *ACMEChallengeSolverDNS01 {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverDNS01)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01) DeepCopyInto(out *ACMEChallengeSolverHTTP01) {
*out = *in
if in.Ingress != nil {
in, out := &in.Ingress, &out.Ingress
*out = new(ACMEChallengeSolverHTTP01Ingress)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01.
func (in *ACMEChallengeSolverHTTP01) DeepCopy() *ACMEChallengeSolverHTTP01 {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopyInto(out *ACMEChallengeSolverHTTP01Ingress) {
*out = *in
if in.Class != nil {
in, out := &in.Class, &out.Class
*out = new(string)
**out = **in
}
if in.PodTemplate != nil {
in, out := &in.PodTemplate, &out.PodTemplate
*out = new(ACMEChallengeSolverHTTP01IngressPodTemplate)
(*in).DeepCopyInto(*out)
}
if in.IngressTemplate != nil {
in, out := &in.IngressTemplate, &out.IngressTemplate
*out = new(ACMEChallengeSolverHTTP01IngressTemplate)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01Ingress.
func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopy() *ACMEChallengeSolverHTTP01Ingress {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01Ingress)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressObjectMeta) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressObjectMeta.
func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressObjectMeta {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodObjectMeta) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodObjectMeta.
func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodObjectMeta {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodSpec) {
*out = *in
if in.NodeSelector != nil {
in, out := &in.NodeSelector, &out.NodeSelector
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Affinity != nil {
in, out := &in.Affinity, &out.Affinity
*out = new(v1.Affinity)
(*in).DeepCopyInto(*out)
}
if in.Tolerations != nil {
in, out := &in.Tolerations, &out.Tolerations
*out = make([]v1.Toleration, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodSpec.
func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodSpec {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodTemplate) {
*out = *in
in.ACMEChallengeSolverHTTP01IngressPodObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressPodObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodTemplate.
func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodTemplate {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressTemplate) {
*out = *in
in.ACMEChallengeSolverHTTP01IngressObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressObjectMeta)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressTemplate.
func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressTemplate {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEExternalAccountBinding) DeepCopyInto(out *ACMEExternalAccountBinding) {
*out = *in
out.Key = in.Key
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEExternalAccountBinding.
func (in *ACMEExternalAccountBinding) DeepCopy() *ACMEExternalAccountBinding {
if in == nil {
return nil
}
out := new(ACMEExternalAccountBinding)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuer) DeepCopyInto(out *ACMEIssuer) {
*out = *in
if in.ExternalAccountBinding != nil {
in, out := &in.ExternalAccountBinding, &out.ExternalAccountBinding
*out = new(ACMEExternalAccountBinding)
**out = **in
}
out.PrivateKey = in.PrivateKey
if in.Solvers != nil {
in, out := &in.Solvers, &out.Solvers
*out = make([]ACMEChallengeSolver, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuer.
func (in *ACMEIssuer) DeepCopy() *ACMEIssuer {
if in == nil {
return nil
}
out := new(ACMEIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAcmeDNS) {
*out = *in
out.AccountSecret = in.AccountSecret
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAcmeDNS.
func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopy() *ACMEIssuerDNS01ProviderAcmeDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAcmeDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopyInto(out *ACMEIssuerDNS01ProviderAkamai) {
*out = *in
out.ClientToken = in.ClientToken
out.ClientSecret = in.ClientSecret
out.AccessToken = in.AccessToken
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAkamai.
func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopy() *ACMEIssuerDNS01ProviderAkamai {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAkamai)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAzureDNS) {
*out = *in
if in.ClientSecret != nil {
in, out := &in.ClientSecret, &out.ClientSecret
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAzureDNS.
func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopy() *ACMEIssuerDNS01ProviderAzureDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAzureDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudDNS) {
*out = *in
if in.ServiceAccount != nil {
in, out := &in.ServiceAccount, &out.ServiceAccount
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudDNS.
func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopy() *ACMEIssuerDNS01ProviderCloudDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderCloudDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudflare) {
*out = *in
if in.APIKey != nil {
in, out := &in.APIKey, &out.APIKey
*out = new(metav1.SecretKeySelector)
**out = **in
}
if in.APIToken != nil {
in, out := &in.APIToken, &out.APIToken
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudflare.
func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopy() *ACMEIssuerDNS01ProviderCloudflare {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderCloudflare)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopyInto(out *ACMEIssuerDNS01ProviderDigitalOcean) {
*out = *in
out.Token = in.Token
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderDigitalOcean.
func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopy() *ACMEIssuerDNS01ProviderDigitalOcean {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderDigitalOcean)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopyInto(out *ACMEIssuerDNS01ProviderRFC2136) {
*out = *in
out.TSIGSecret = in.TSIGSecret
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRFC2136.
func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC2136 {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderRFC2136)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) {
*out = *in
out.SecretAccessKey = in.SecretAccessKey
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRoute53.
func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopy() *ACMEIssuerDNS01ProviderRoute53 {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderRoute53)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopyInto(out *ACMEIssuerDNS01ProviderWebhook) {
*out = *in
if in.Config != nil {
in, out := &in.Config, &out.Config
*out = new(v1beta1.JSON)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderWebhook.
func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopy() *ACMEIssuerDNS01ProviderWebhook {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderWebhook)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerStatus) DeepCopyInto(out *ACMEIssuerStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerStatus.
func (in *ACMEIssuerStatus) DeepCopy() *ACMEIssuerStatus {
if in == nil {
return nil
}
out := new(ACMEIssuerStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateDNSNameSelector) DeepCopyInto(out *CertificateDNSNameSelector) {
*out = *in
if in.MatchLabels != nil {
in, out := &in.MatchLabels, &out.MatchLabels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DNSZones != nil {
in, out := &in.DNSZones, &out.DNSZones
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateDNSNameSelector.
func (in *CertificateDNSNameSelector) DeepCopy() *CertificateDNSNameSelector {
if in == nil {
return nil
}
out := new(CertificateDNSNameSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Challenge) DeepCopyInto(out *Challenge) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Challenge.
func (in *Challenge) DeepCopy() *Challenge {
if in == nil {
return nil
}
out := new(Challenge)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Challenge) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeList) DeepCopyInto(out *ChallengeList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Challenge, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeList.
func (in *ChallengeList) DeepCopy() *ChallengeList {
if in == nil {
return nil
}
out := new(ChallengeList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ChallengeList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeSpec) DeepCopyInto(out *ChallengeSpec) {
*out = *in
in.Solver.DeepCopyInto(&out.Solver)
out.IssuerRef = in.IssuerRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeSpec.
func (in *ChallengeSpec) DeepCopy() *ChallengeSpec {
if in == nil {
return nil
}
out := new(ChallengeSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeStatus) DeepCopyInto(out *ChallengeStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeStatus.
func (in *ChallengeStatus) DeepCopy() *ChallengeStatus {
if in == nil {
return nil
}
out := new(ChallengeStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Order) DeepCopyInto(out *Order) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Order.
func (in *Order) DeepCopy() *Order {
if in == nil {
return nil
}
out := new(Order)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Order) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderList) DeepCopyInto(out *OrderList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Order, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderList.
func (in *OrderList) DeepCopy() *OrderList {
if in == nil {
return nil
}
out := new(OrderList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OrderList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderSpec) DeepCopyInto(out *OrderSpec) {
*out = *in
if in.CSR != nil {
in, out := &in.CSR, &out.CSR
*out = make([]byte, len(*in))
copy(*out, *in)
}
out.IssuerRef = in.IssuerRef
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPAddresses != nil {
in, out := &in.IPAddresses, &out.IPAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(apismetav1.Duration)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderSpec.
func (in *OrderSpec) DeepCopy() *OrderSpec {
if in == nil {
return nil
}
out := new(OrderSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderStatus) DeepCopyInto(out *OrderStatus) {
*out = *in
if in.Authorizations != nil {
in, out := &in.Authorizations, &out.Authorizations
*out = make([]ACMEAuthorization, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Certificate != nil {
in, out := &in.Certificate, &out.Certificate
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.FailureTime != nil {
in, out := &in.FailureTime, &out.FailureTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderStatus.
func (in *OrderStatus) DeepCopy() *OrderStatus {
if in == nil {
return nil
}
out := new(OrderStatus)
in.DeepCopyInto(out)
return out
}

27
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,27 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"const.go",
"doc.go",
"register.go",
"types.go",
"types_challenge.go",
"types_issuer.go",
"types_order.go",
"zz_generated.deepcopy.go",
],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1",
importpath = "github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/jetstack/cert-manager/pkg/apis/acme:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)

21
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1/const.go generated vendored Normal file
View File

@ -0,0 +1,21 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
const (
ACMEFinalizer = "finalizer.acme.cert-manager.io"
)

23
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1/doc.go generated vendored Normal file
View File

@ -0,0 +1,23 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1beta1 is the v1beta1 version of the API.
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/acme
// +k8s:openapi-gen=true
// +k8s:defaulter-gen=TypeMeta
// +groupName=acme.cert-manager.io
package v1beta1

58
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1/register.go generated vendored Normal file
View File

@ -0,0 +1,58 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/jetstack/cert-manager/pkg/apis/acme"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: acme.GroupName, Version: "v1beta1"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Order{},
&OrderList{},
&Challenge{},
&ChallengeList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

43
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1/types.go generated vendored Normal file
View File

@ -0,0 +1,43 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
const (
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.name field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users of Ingress controllers that maintain
// a 1:1 mapping between endpoint IP and Ingress resource.
ACMECertificateHTTP01IngressNameOverride = "acme.cert-manager.io/http01-override-ingress-name"
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.class field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users deploying many different ingress
// classes into a single cluster that want to be able to re-use a single
// solver for each ingress class.
ACMECertificateHTTP01IngressClassOverride = "acme.cert-manager.io/http01-override-ingress-class"
// IngressEditInPlaceAnnotation is used to toggle the use of ingressClass instead
// of ingress on the created Certificate resource
IngressEditInPlaceAnnotationKey = "acme.cert-manager.io/http01-edit-in-place"
)
const (
OrderKind = "Order"
ChallengeKind = "Challenge"
)

145
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1/types_challenge.go generated vendored Normal file
View File

@ -0,0 +1,145 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Challenge is a type to represent a Challenge request with an ACME server
// +k8s:openapi-gen=true
// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state"
// +kubebuilder:printcolumn:name="Domain",type="string",JSONPath=".spec.dnsName"
// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason",description="",priority=1
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC."
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=challenges
type Challenge struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec ChallengeSpec `json:"spec"`
// +optional
Status ChallengeStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ChallengeList is a list of Challenges
type ChallengeList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Challenge `json:"items"`
}
type ChallengeSpec struct {
// The URL of the ACME Challenge resource for this challenge.
// This can be used to lookup details about the status of this challenge.
URL string `json:"url"`
// The URL to the ACME Authorization resource that this
// challenge is a part of.
AuthorizationURL string `json:"authorizationURL"`
// dnsName is the identifier that this challenge is for, e.g. example.com.
// If the requested DNSName is a 'wildcard', this field MUST be set to the
// non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
DNSName string `json:"dnsName"`
// wildcard will be true if this challenge is for a wildcard identifier,
// for example '*.example.com'.
// +optional
Wildcard bool `json:"wildcard"`
// The type of ACME challenge this resource represents.
// One of "HTTP-01" or "DNS-01".
Type ACMEChallengeType `json:"type"`
// The ACME challenge token for this challenge.
// This is the raw value returned from the ACME server.
Token string `json:"token"`
// The ACME challenge key for this challenge
// For HTTP01 challenges, this is the value that must be responded with to
// complete the HTTP01 challenge in the format:
// `<private key JWK thumbprint>.<key from acme server for challenge>`.
// For DNS01 challenges, this is the base64 encoded SHA256 sum of the
// `<private key JWK thumbprint>.<key from acme server for challenge>`
// text that must be set as the TXT record content.
Key string `json:"key"`
// Contains the domain solving configuration that should be used to
// solve this challenge resource.
Solver ACMEChallengeSolver `json:"solver"`
// References a properly configured ACME-type Issuer which should
// be used to create this Challenge.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Challenge will be marked as failed.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
}
// The type of ACME challenge. Only HTTP-01 and DNS-01 are supported.
// +kubebuilder:validation:Enum=HTTP-01;DNS-01
type ACMEChallengeType string
const (
// ACMEChallengeTypeHTTP01 denotes a Challenge is of type http-01
// More info: https://letsencrypt.org/docs/challenge-types/#http-01-challenge
ACMEChallengeTypeHTTP01 ACMEChallengeType = "HTTP-01"
// ACMEChallengeTypeDNS01 denotes a Challenge is of type dns-01
// More info: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
ACMEChallengeTypeDNS01 ACMEChallengeType = "DNS-01"
)
type ChallengeStatus struct {
// Used to denote whether this challenge should be processed or not.
// This field will only be set to true by the 'scheduling' component.
// It will only be set to false by the 'challenges' controller, after the
// challenge has reached a final state or timed out.
// If this field is set to false, the challenge controller will not take
// any more action.
// +optional
Processing bool `json:"processing"`
// presented will be set to true if the challenge values for this challenge
// are currently 'presented'.
// This *does not* imply the self check is passing. Only that the values
// have been 'submitted' for the appropriate challenge mechanism (i.e. the
// DNS01 TXT record has been presented, or the HTTP01 configuration has been
// configured).
// +optional
Presented bool `json:"presented"`
// Contains human readable information on why the Challenge is in the
// current state.
// +optional
Reason string `json:"reason,omitempty"`
// Contains the current 'state' of the challenge.
// If not set, the state of the challenge is unknown.
// +optional
State State `json:"state,omitempty"`
}

556
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1/types_issuer.go generated vendored Normal file
View File

@ -0,0 +1,556 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
corev1 "k8s.io/api/core/v1"
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// ACMEIssuer contains the specification for an ACME issuer.
// This uses the RFC8555 specification to obtain certificates by completing
// 'challenges' to prove ownership of domain identifiers.
// Earlier draft versions of the ACME specification are not supported.
type ACMEIssuer struct {
// Email is the email address to be associated with the ACME account.
// This field is optional, but it is strongly recommended to be set.
// It will be used to contact you in case of issues with your account or
// certificates, including expiry notification emails.
// This field may be updated after the account is initially registered.
// +optional
Email string `json:"email,omitempty"`
// Server is the URL used to access the ACME server's 'directory' endpoint.
// For example, for Let's Encrypt's staging endpoint, you would use:
// "https://acme-staging-v02.api.letsencrypt.org/directory".
// Only ACME v2 endpoints (i.e. RFC 8555) are supported.
Server string `json:"server"`
// PreferredChain is the chain to use if the ACME server outputs multiple.
// PreferredChain is no guarantee that this one gets delivered by the ACME
// endpoint.
// For example, for Let's Encrypt's DST crosssign you would use:
// "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA.
// This value picks the first certificate bundle in the ACME alternative
// chains that has a certificate with this value as its issuer's CN
// +optional
// +kubebuilder:validation:MaxLength=64
PreferredChain string `json:"preferredChain"`
// Enables or disables validation of the ACME server TLS certificate.
// If true, requests to the ACME server will not have their TLS certificate
// validated (i.e. insecure connections will be allowed).
// Only enable this option in development environments.
// The cert-manager system installed roots will be used to verify connections
// to the ACME server if this is false.
// Defaults to false.
// +optional
SkipTLSVerify bool `json:"skipTLSVerify,omitempty"`
// ExternalAccountBinding is a reference to a CA external account of the ACME
// server.
// If set, upon registration cert-manager will attempt to associate the given
// external account credentials with the registered ACME account.
// +optional
ExternalAccountBinding *ACMEExternalAccountBinding `json:"externalAccountBinding,omitempty"`
// PrivateKey is the name of a Kubernetes Secret resource that will be used to
// store the automatically generated ACME account private key.
// Optionally, a `key` may be specified to select a specific entry within
// the named Secret resource.
// If `key` is not specified, a default of `tls.key` will be used.
PrivateKey cmmeta.SecretKeySelector `json:"privateKeySecretRef"`
// Solvers is a list of challenge solvers that will be used to solve
// ACME challenges for the matching domains.
// Solver configurations must be provided in order to obtain certificates
// from an ACME server.
// For more information, see: https://cert-manager.io/docs/configuration/acme/
// +optional
Solvers []ACMEChallengeSolver `json:"solvers,omitempty"`
// Enables or disables generating a new ACME account key.
// If true, the Issuer resource will *not* request a new account but will expect
// the account key to be supplied via an existing secret.
// If false, the cert-manager system will generate a new ACME account key
// for the Issuer.
// Defaults to false.
// +optional
DisableAccountKeyGeneration bool `json:"disableAccountKeyGeneration,omitempty"`
// Enables requesting a Not After date on certificates that matches the
// duration of the certificate. This is not supported by all ACME servers
// like Let's Encrypt. If set to true when the ACME server does not support
// it it will create an error on the Order.
// Defaults to false.
// +optional
EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
}
// ACMEExternalAccountBinding is a reference to a CA external account of the ACME
// server.
type ACMEExternalAccountBinding struct {
// keyID is the ID of the CA key that the External Account is bound to.
KeyID string `json:"keyID"`
// keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes
// Secret which holds the symmetric MAC key of the External Account Binding.
// The `key` is the index string that is paired with the key data in the
// Secret and should not be confused with the key data itself, or indeed with
// the External Account Binding keyID above.
// The secret key stored in the Secret **must** be un-padded, base64 URL
// encoded data.
Key cmmeta.SecretKeySelector `json:"keySecretRef"`
// keyAlgorithm is the MAC key algorithm that the key is used for.
// Valid values are "HS256", "HS384" and "HS512".
KeyAlgorithm HMACKeyAlgorithm `json:"keyAlgorithm"`
}
// HMACKeyAlgorithm is the name of a key algorithm used for HMAC encryption
// +kubebuilder:validation:Enum=HS256;HS384;HS512
type HMACKeyAlgorithm string
const (
HS256 HMACKeyAlgorithm = "HS256"
HS384 HMACKeyAlgorithm = "HS384"
HS512 HMACKeyAlgorithm = "HS512"
)
// Configures an issuer to solve challenges using the specified options.
// Only one of HTTP01 or DNS01 may be provided.
type ACMEChallengeSolver struct {
// Selector selects a set of DNSNames on the Certificate resource that
// should be solved using this challenge solver.
// If not specified, the solver will be treated as the 'default' solver
// with the lowest priority, i.e. if any other solver has a more specific
// match, it will be used instead.
// +optional
Selector *CertificateDNSNameSelector `json:"selector,omitempty"`
// Configures cert-manager to attempt to complete authorizations by
// performing the HTTP01 challenge flow.
// It is not possible to obtain certificates for wildcard domain names
// (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
// +optional
HTTP01 *ACMEChallengeSolverHTTP01 `json:"http01,omitempty"`
// Configures cert-manager to attempt to complete authorizations by
// performing the DNS01 challenge flow.
// +optional
DNS01 *ACMEChallengeSolverDNS01 `json:"dns01,omitempty"`
}
// CertificateDomainSelector selects certificates using a label selector, and
// can optionally select individual DNS names within those certificates.
// If both MatchLabels and DNSNames are empty, this selector will match all
// certificates and DNS names within them.
type CertificateDNSNameSelector struct {
// A label selector that is used to refine the set of certificate's that
// this challenge solver will apply to.
// +optional
MatchLabels map[string]string `json:"matchLabels,omitempty"`
// List of DNSNames that this solver will be used to solve.
// If specified and a match is found, a dnsNames selector will take
// precedence over a dnsZones selector.
// If multiple solvers match with the same dnsNames value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
DNSNames []string `json:"dnsNames,omitempty"`
// List of DNSZones that this solver will be used to solve.
// The most specific DNS zone match specified here will take precedence
// over other DNS zone matches, so a solver specifying sys.example.com
// will be selected over one specifying example.com for the domain
// www.sys.example.com.
// If multiple solvers match with the same dnsZones value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
DNSZones []string `json:"dnsZones,omitempty"`
}
// ACMEChallengeSolverHTTP01 contains configuration detailing how to solve
// HTTP01 challenges within a Kubernetes cluster.
// Typically this is accomplished through creating 'routes' of some description
// that configure ingress controllers to direct traffic to 'solver pods', which
// are responsible for responding to the ACME server's HTTP requests.
type ACMEChallengeSolverHTTP01 struct {
// The ingress based HTTP01 challenge solver will solve challenges by
// creating or modifying Ingress resources in order to route requests for
// '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are
// provisioned by cert-manager for each Challenge to be completed.
// +optional
Ingress *ACMEChallengeSolverHTTP01Ingress `json:"ingress,omitempty"`
}
type ACMEChallengeSolverHTTP01Ingress struct {
// Optional service type for Kubernetes solver service
// +optional
ServiceType corev1.ServiceType `json:"serviceType,omitempty"`
// The ingress class to use when creating Ingress resources to solve ACME
// challenges that use this challenge solver.
// Only one of 'class' or 'name' may be specified.
// +optional
Class *string `json:"class,omitempty"`
// The name of the ingress resource that should have ACME challenge solving
// routes inserted into it in order to solve HTTP01 challenges.
// This is typically used in conjunction with ingress controllers like
// ingress-gce, which maintains a 1:1 mapping between external IPs and
// ingress resources.
// +optional
Name string `json:"name,omitempty"`
// Optional pod template used to configure the ACME challenge solver pods
// used for HTTP01 challenges
// +optional
PodTemplate *ACMEChallengeSolverHTTP01IngressPodTemplate `json:"podTemplate,omitempty"`
// Optional ingress template used to configure the ACME challenge solver
// ingress used for HTTP01 challenges
// +optional
IngressTemplate *ACMEChallengeSolverHTTP01IngressTemplate `json:"ingressTemplate,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressPodTemplate struct {
// ObjectMeta overrides for the pod used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
ACMEChallengeSolverHTTP01IngressPodObjectMeta `json:"metadata"`
// PodSpec defines overrides for the HTTP01 challenge solver pod.
// Only the 'priorityClassName', 'nodeSelector', 'affinity',
// 'serviceAccountName' and 'tolerations' fields are supported currently.
// All other fields will be ignored.
// +optional
Spec ACMEChallengeSolverHTTP01IngressPodSpec `json:"spec"`
}
type ACMEChallengeSolverHTTP01IngressPodObjectMeta struct {
// Annotations that should be added to the create ACME HTTP01 solver pods.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// Labels that should be added to the created ACME HTTP01 solver pods.
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressPodSpec struct {
// NodeSelector is a selector which must be true for the pod to fit on a node.
// Selector which must match a node's labels for the pod to be scheduled on that node.
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// If specified, the pod's scheduling constraints
// +optional
Affinity *corev1.Affinity `json:"affinity,omitempty"`
// If specified, the pod's tolerations.
// +optional
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// If specified, the pod's priorityClassName.
// +optional
PriorityClassName string `json:"priorityClassName,omitempty"`
// If specified, the pod's service account
// +optional
ServiceAccountName string `json:"serviceAccountName,omitempty"`
}
type ACMEChallengeSolverHTTP01IngressTemplate struct {
// ObjectMeta overrides for the ingress used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
ACMEChallengeSolverHTTP01IngressObjectMeta `json:"metadata"`
}
type ACMEChallengeSolverHTTP01IngressObjectMeta struct {
// Annotations that should be added to the created ACME HTTP01 solver ingress.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// Labels that should be added to the created ACME HTTP01 solver ingress.
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
// Used to configure a DNS01 challenge provider to be used when solving DNS01
// challenges.
// Only one DNS provider may be configured per solver.
type ACMEChallengeSolverDNS01 struct {
// CNAMEStrategy configures how the DNS01 provider should handle CNAME
// records when found in DNS zones.
// +optional
CNAMEStrategy CNAMEStrategy `json:"cnameStrategy,omitempty"`
// Use the Akamai DNS zone management API to manage DNS01 challenge records.
// +optional
Akamai *ACMEIssuerDNS01ProviderAkamai `json:"akamai,omitempty"`
// Use the Google Cloud DNS API to manage DNS01 challenge records.
// +optional
CloudDNS *ACMEIssuerDNS01ProviderCloudDNS `json:"cloudDNS,omitempty"`
// Use the Cloudflare API to manage DNS01 challenge records.
// +optional
Cloudflare *ACMEIssuerDNS01ProviderCloudflare `json:"cloudflare,omitempty"`
// Use the AWS Route53 API to manage DNS01 challenge records.
// +optional
Route53 *ACMEIssuerDNS01ProviderRoute53 `json:"route53,omitempty"`
// Use the Microsoft Azure DNS API to manage DNS01 challenge records.
// +optional
AzureDNS *ACMEIssuerDNS01ProviderAzureDNS `json:"azureDNS,omitempty"`
// Use the DigitalOcean DNS API to manage DNS01 challenge records.
// +optional
DigitalOcean *ACMEIssuerDNS01ProviderDigitalOcean `json:"digitalocean,omitempty"`
// Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage
// DNS01 challenge records.
// +optional
AcmeDNS *ACMEIssuerDNS01ProviderAcmeDNS `json:"acmeDNS,omitempty"`
// Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/)
// to manage DNS01 challenge records.
// +optional
RFC2136 *ACMEIssuerDNS01ProviderRFC2136 `json:"rfc2136,omitempty"`
// Configure an external webhook based DNS01 challenge solver to manage
// DNS01 challenge records.
// +optional
Webhook *ACMEIssuerDNS01ProviderWebhook `json:"webhook,omitempty"`
}
// CNAMEStrategy configures how the DNS01 provider should handle CNAME records
// when found in DNS zones.
// By default, the None strategy will be applied (i.e. do not follow CNAMEs).
// +kubebuilder:validation:Enum=None;Follow
type CNAMEStrategy string
const (
// NoneStrategy indicates that no CNAME resolution strategy should be used
// when determining which DNS zone to update during DNS01 challenges.
NoneStrategy = "None"
// FollowStrategy will cause cert-manager to recurse through CNAMEs in
// order to determine which DNS zone to update during DNS01 challenges.
// This is useful if you do not want to grant cert-manager access to your
// root DNS zone, and instead delegate the _acme-challenge.example.com
// subdomain to some other, less privileged domain.
FollowStrategy = "Follow"
)
// ACMEIssuerDNS01ProviderAkamai is a structure containing the DNS
// configuration for Akamai DNS—Zone Record Management API
type ACMEIssuerDNS01ProviderAkamai struct {
ServiceConsumerDomain string `json:"serviceConsumerDomain"`
ClientToken cmmeta.SecretKeySelector `json:"clientTokenSecretRef"`
ClientSecret cmmeta.SecretKeySelector `json:"clientSecretSecretRef"`
AccessToken cmmeta.SecretKeySelector `json:"accessTokenSecretRef"`
}
// ACMEIssuerDNS01ProviderCloudDNS is a structure containing the DNS
// configuration for Google Cloud DNS
type ACMEIssuerDNS01ProviderCloudDNS struct {
// +optional
ServiceAccount *cmmeta.SecretKeySelector `json:"serviceAccountSecretRef,omitempty"`
Project string `json:"project"`
// HostedZoneName is an optional field that tells cert-manager in which
// Cloud DNS zone the challenge record has to be created.
// If left empty cert-manager will automatically choose a zone.
// +optional
HostedZoneName string `json:"hostedZoneName,omitempty"`
}
// ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS
// configuration for Cloudflare.
// One of `apiKeySecretRef` or `apiTokenSecretRef` must be provided.
type ACMEIssuerDNS01ProviderCloudflare struct {
// Email of the account, only required when using API key based authentication.
// +optional
Email string `json:"email,omitempty"`
// API key to use to authenticate with Cloudflare.
// Note: using an API token to authenticate is now the recommended method
// as it allows greater control of permissions.
// +optional
APIKey *cmmeta.SecretKeySelector `json:"apiKeySecretRef,omitempty"`
// API token used to authenticate with Cloudflare.
// +optional
APIToken *cmmeta.SecretKeySelector `json:"apiTokenSecretRef,omitempty"`
}
// ACMEIssuerDNS01ProviderDigitalOcean is a structure containing the DNS
// configuration for DigitalOcean Domains
type ACMEIssuerDNS01ProviderDigitalOcean struct {
Token cmmeta.SecretKeySelector `json:"tokenSecretRef"`
}
// ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53
// configuration for AWS
type ACMEIssuerDNS01ProviderRoute53 struct {
// The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
AccessKeyID string `json:"accessKeyID,omitempty"`
// The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
SecretAccessKey cmmeta.SecretKeySelector `json:"secretAccessKeySecretRef"`
// Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey
// or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
// +optional
Role string `json:"role,omitempty"`
// If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
// +optional
HostedZoneID string `json:"hostedZoneID,omitempty"`
// Always set the region when using AccessKeyID and SecretAccessKey
Region string `json:"region"`
}
// ACMEIssuerDNS01ProviderAzureDNS is a structure containing the
// configuration for Azure DNS
type ACMEIssuerDNS01ProviderAzureDNS struct {
// if both this and ClientSecret are left unset MSI will be used
// +optional
ClientID string `json:"clientID,omitempty"`
// if both this and ClientID are left unset MSI will be used
// +optional
ClientSecret *cmmeta.SecretKeySelector `json:"clientSecretSecretRef,omitempty"`
SubscriptionID string `json:"subscriptionID"`
// when specifying ClientID and ClientSecret then this field is also needed
// +optional
TenantID string `json:"tenantID,omitempty"`
ResourceGroupName string `json:"resourceGroupName"`
// +optional
HostedZoneName string `json:"hostedZoneName,omitempty"`
// +optional
Environment AzureDNSEnvironment `json:"environment,omitempty"`
}
// +kubebuilder:validation:Enum=AzurePublicCloud;AzureChinaCloud;AzureGermanCloud;AzureUSGovernmentCloud
type AzureDNSEnvironment string
const (
AzurePublicCloud AzureDNSEnvironment = "AzurePublicCloud"
AzureChinaCloud AzureDNSEnvironment = "AzureChinaCloud"
AzureGermanCloud AzureDNSEnvironment = "AzureGermanCloud"
AzureUSGovernmentCloud AzureDNSEnvironment = "AzureUSGovernmentCloud"
)
// ACMEIssuerDNS01ProviderAcmeDNS is a structure containing the
// configuration for ACME-DNS servers
type ACMEIssuerDNS01ProviderAcmeDNS struct {
Host string `json:"host"`
AccountSecret cmmeta.SecretKeySelector `json:"accountSecretRef"`
}
// ACMEIssuerDNS01ProviderRFC2136 is a structure containing the
// configuration for RFC2136 DNS
type ACMEIssuerDNS01ProviderRFC2136 struct {
// The IP address or hostname of an authoritative DNS server supporting
// RFC2136 in the form host:port. If the host is an IPv6 address it must be
// enclosed in square brackets (e.g [2001:db8::1]) ; port is optional.
// This field is required.
Nameserver string `json:"nameserver"`
// The name of the secret containing the TSIG value.
// If ``tsigKeyName`` is defined, this field is required.
// +optional
TSIGSecret cmmeta.SecretKeySelector `json:"tsigSecretSecretRef,omitempty"`
// The TSIG Key name configured in the DNS.
// If ``tsigSecretSecretRef`` is defined, this field is required.
// +optional
TSIGKeyName string `json:"tsigKeyName,omitempty"`
// The TSIG Algorithm configured in the DNS supporting RFC2136. Used only
// when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined.
// Supported values are (case-insensitive): ``HMACMD5`` (default),
// ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.
// +optional
TSIGAlgorithm string `json:"tsigAlgorithm,omitempty"`
}
// ACMEIssuerDNS01ProviderWebhook specifies configuration for a webhook DNS01
// provider, including where to POST ChallengePayload resources.
type ACMEIssuerDNS01ProviderWebhook struct {
// The API group name that should be used when POSTing ChallengePayload
// resources to the webhook apiserver.
// This should be the same as the GroupName specified in the webhook
// provider implementation.
GroupName string `json:"groupName"`
// The name of the solver to use, as defined in the webhook provider
// implementation.
// This will typically be the name of the provider, e.g. 'cloudflare'.
SolverName string `json:"solverName"`
// Additional configuration that should be passed to the webhook apiserver
// when challenges are processed.
// This can contain arbitrary JSON data.
// Secret values should not be specified in this stanza.
// If secret values are needed (e.g. credentials for a DNS service), you
// should use a SecretKeySelector to reference a Secret resource.
// For details on the schema of this field, consult the webhook provider
// implementation's documentation.
// +optional
Config *apiext.JSON `json:"config,omitempty"`
}
type ACMEIssuerStatus struct {
// URI is the unique account identifier, which can also be used to retrieve
// account details from the CA
// +optional
URI string `json:"uri,omitempty"`
// LastRegisteredEmail is the email associated with the latest registered
// ACME account, in order to track changes made to registered account
// associated with the Issuer
// +optional
LastRegisteredEmail string `json:"lastRegisteredEmail,omitempty"`
}

239
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1/types_order.go generated vendored Normal file
View File

@ -0,0 +1,239 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Order is a type to represent an Order with an ACME server
// +k8s:openapi-gen=true
type Order struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec OrderSpec `json:"spec"`
// +optional
Status OrderStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OrderList is a list of Orders
type OrderList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Order `json:"items"`
}
type OrderSpec struct {
// Certificate signing request bytes in DER encoding.
// This will be used when finalizing the order.
// This field must be set on the order.
Request []byte `json:"request"`
// IssuerRef references a properly configured ACME-type Issuer which should
// be used to create this Order.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Order will be marked as failed.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// CommonName is the common name as specified on the DER encoded CSR.
// If specified, this value must also be present in `dnsNames` or `ipAddresses`.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
CommonName string `json:"commonName,omitempty"`
// DNSNames is a list of DNS names that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
//+optional
DNSNames []string `json:"dnsNames,omitempty"`
// IPAddresses is a list of IP addresses that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
IPAddresses []string `json:"ipAddresses,omitempty"`
// Duration is the duration for the not after date for the requested certificate.
// this is set on order creation as pe the ACME spec.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
}
type OrderStatus struct {
// URL of the Order.
// This will initially be empty when the resource is first created.
// The Order controller will populate this field when the Order is first processed.
// This field will be immutable after it is initially set.
// +optional
URL string `json:"url,omitempty"`
// FinalizeURL of the Order.
// This is used to obtain certificates for this order once it has been completed.
// +optional
FinalizeURL string `json:"finalizeURL,omitempty"`
// Authorizations contains data returned from the ACME server on what
// authorizations must be completed in order to validate the DNS names
// specified on the Order.
// +optional
Authorizations []ACMEAuthorization `json:"authorizations,omitempty"`
// Certificate is a copy of the PEM encoded certificate for this Order.
// This field will be populated after the order has been successfully
// finalized with the ACME server, and the order has transitioned to the
// 'valid' state.
// +optional
Certificate []byte `json:"certificate,omitempty"`
// State contains the current state of this Order resource.
// States 'success' and 'expired' are 'final'
// +optional
State State `json:"state,omitempty"`
// Reason optionally provides more information about a why the order is in
// the current state.
// +optional
Reason string `json:"reason,omitempty"`
// FailureTime stores the time that this order failed.
// This is used to influence garbage collection and back-off.
// +optional
FailureTime *metav1.Time `json:"failureTime,omitempty"`
}
// ACMEAuthorization contains data returned from the ACME server on an
// authorization that must be completed in order validate a DNS name on an ACME
// Order resource.
type ACMEAuthorization struct {
// URL is the URL of the Authorization that must be completed
URL string `json:"url"`
// Identifier is the DNS name to be validated as part of this authorization
// +optional
Identifier string `json:"identifier,omitempty"`
// Wildcard will be true if this authorization is for a wildcard DNS name.
// If this is true, the identifier will be the *non-wildcard* version of
// the DNS name.
// For example, if '*.example.com' is the DNS name being validated, this
// field will be 'true' and the 'identifier' field will be 'example.com'.
// +optional
Wildcard *bool `json:"wildcard,omitempty"`
// InitialState is the initial state of the ACME authorization when first
// fetched from the ACME server.
// If an Authorization is already 'valid', the Order controller will not
// create a Challenge resource for the authorization. This will occur when
// working with an ACME server that enables 'authz reuse' (such as Let's
// Encrypt's production endpoint).
// If not set and 'identifier' is set, the state is assumed to be pending
// and a Challenge will be created.
// +optional
InitialState State `json:"initialState,omitempty"`
// Challenges specifies the challenge types offered by the ACME server.
// One of these challenge types will be selected when validating the DNS
// name and an appropriate Challenge resource will be created to perform
// the ACME challenge process.
// +optional
Challenges []ACMEChallenge `json:"challenges,omitempty"`
}
// Challenge specifies a challenge offered by the ACME server for an Order.
// An appropriate Challenge resource can be created to perform the ACME
// challenge process.
type ACMEChallenge struct {
// URL is the URL of this challenge. It can be used to retrieve additional
// metadata about the Challenge from the ACME server.
URL string `json:"url"`
// Token is the token that must be presented for this challenge.
// This is used to compute the 'key' that must also be presented.
Token string `json:"token"`
// Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',
// 'tls-sni-01', etc.
// This is the raw value retrieved from the ACME server.
// Only 'http-01' and 'dns-01' are supported by cert-manager, other values
// will be ignored.
Type string `json:"type"`
}
// State represents the state of an ACME resource, such as an Order.
// The possible options here map to the corresponding values in the
// ACME specification.
// Full details of these values can be found here: https://tools.ietf.org/html/draft-ietf-acme-acme-15#section-7.1.6
// Clients utilising this type must also gracefully handle unknown
// values, as the contents of this enumeration may be added to over time.
// +kubebuilder:validation:Enum=valid;ready;pending;processing;invalid;expired;errored
type State string
const (
// Unknown is not a real state as part of the ACME spec.
// It is used to represent an unrecognised value.
Unknown State = ""
// Valid signifies that an ACME resource is in a valid state.
// If an order is 'valid', it has been finalized with the ACME server and
// the certificate can be retrieved from the ACME server using the
// certificate URL stored in the Order's status subresource.
// This is a final state.
Valid State = "valid"
// Ready signifies that an ACME resource is in a ready state.
// If an order is 'ready', all of its challenges have been completed
// successfully and the order is ready to be finalized.
// Once finalized, it will transition to the Valid state.
// This is a transient state.
Ready State = "ready"
// Pending signifies that an ACME resource is still pending and is not yet ready.
// If an Order is marked 'Pending', the validations for that Order are still in progress.
// This is a transient state.
Pending State = "pending"
// Processing signifies that an ACME resource is being processed by the server.
// If an Order is marked 'Processing', the validations for that Order are currently being processed.
// This is a transient state.
Processing State = "processing"
// Invalid signifies that an ACME resource is invalid for some reason.
// If an Order is marked 'invalid', one of its validations be have invalid for some reason.
// This is a final state.
Invalid State = "invalid"
// Expired signifies that an ACME resource has expired.
// If an Order is marked 'Expired', one of its validations may have expired or the Order itself.
// This is a final state.
Expired State = "expired"
// Errored signifies that the ACME resource has errored for some reason.
// This is a catch-all state, and is used for marking internal cert-manager
// errors such as validation failures.
// This is a final state.
Errored State = "errored"
)

841
vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1/zz_generated.deepcopy.go generated vendored Normal file
View File

@ -0,0 +1,841 @@
// +build !ignore_autogenerated
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1beta1
import (
metav1 "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
v1 "k8s.io/api/core/v1"
apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEAuthorization) DeepCopyInto(out *ACMEAuthorization) {
*out = *in
if in.Wildcard != nil {
in, out := &in.Wildcard, &out.Wildcard
*out = new(bool)
**out = **in
}
if in.Challenges != nil {
in, out := &in.Challenges, &out.Challenges
*out = make([]ACMEChallenge, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEAuthorization.
func (in *ACMEAuthorization) DeepCopy() *ACMEAuthorization {
if in == nil {
return nil
}
out := new(ACMEAuthorization)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallenge) DeepCopyInto(out *ACMEChallenge) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallenge.
func (in *ACMEChallenge) DeepCopy() *ACMEChallenge {
if in == nil {
return nil
}
out := new(ACMEChallenge)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolver) DeepCopyInto(out *ACMEChallengeSolver) {
*out = *in
if in.Selector != nil {
in, out := &in.Selector, &out.Selector
*out = new(CertificateDNSNameSelector)
(*in).DeepCopyInto(*out)
}
if in.HTTP01 != nil {
in, out := &in.HTTP01, &out.HTTP01
*out = new(ACMEChallengeSolverHTTP01)
(*in).DeepCopyInto(*out)
}
if in.DNS01 != nil {
in, out := &in.DNS01, &out.DNS01
*out = new(ACMEChallengeSolverDNS01)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolver.
func (in *ACMEChallengeSolver) DeepCopy() *ACMEChallengeSolver {
if in == nil {
return nil
}
out := new(ACMEChallengeSolver)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverDNS01) DeepCopyInto(out *ACMEChallengeSolverDNS01) {
*out = *in
if in.Akamai != nil {
in, out := &in.Akamai, &out.Akamai
*out = new(ACMEIssuerDNS01ProviderAkamai)
**out = **in
}
if in.CloudDNS != nil {
in, out := &in.CloudDNS, &out.CloudDNS
*out = new(ACMEIssuerDNS01ProviderCloudDNS)
(*in).DeepCopyInto(*out)
}
if in.Cloudflare != nil {
in, out := &in.Cloudflare, &out.Cloudflare
*out = new(ACMEIssuerDNS01ProviderCloudflare)
(*in).DeepCopyInto(*out)
}
if in.Route53 != nil {
in, out := &in.Route53, &out.Route53
*out = new(ACMEIssuerDNS01ProviderRoute53)
**out = **in
}
if in.AzureDNS != nil {
in, out := &in.AzureDNS, &out.AzureDNS
*out = new(ACMEIssuerDNS01ProviderAzureDNS)
(*in).DeepCopyInto(*out)
}
if in.DigitalOcean != nil {
in, out := &in.DigitalOcean, &out.DigitalOcean
*out = new(ACMEIssuerDNS01ProviderDigitalOcean)
**out = **in
}
if in.AcmeDNS != nil {
in, out := &in.AcmeDNS, &out.AcmeDNS
*out = new(ACMEIssuerDNS01ProviderAcmeDNS)
**out = **in
}
if in.RFC2136 != nil {
in, out := &in.RFC2136, &out.RFC2136
*out = new(ACMEIssuerDNS01ProviderRFC2136)
**out = **in
}
if in.Webhook != nil {
in, out := &in.Webhook, &out.Webhook
*out = new(ACMEIssuerDNS01ProviderWebhook)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverDNS01.
func (in *ACMEChallengeSolverDNS01) DeepCopy() *ACMEChallengeSolverDNS01 {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverDNS01)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01) DeepCopyInto(out *ACMEChallengeSolverHTTP01) {
*out = *in
if in.Ingress != nil {
in, out := &in.Ingress, &out.Ingress
*out = new(ACMEChallengeSolverHTTP01Ingress)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01.
func (in *ACMEChallengeSolverHTTP01) DeepCopy() *ACMEChallengeSolverHTTP01 {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopyInto(out *ACMEChallengeSolverHTTP01Ingress) {
*out = *in
if in.Class != nil {
in, out := &in.Class, &out.Class
*out = new(string)
**out = **in
}
if in.PodTemplate != nil {
in, out := &in.PodTemplate, &out.PodTemplate
*out = new(ACMEChallengeSolverHTTP01IngressPodTemplate)
(*in).DeepCopyInto(*out)
}
if in.IngressTemplate != nil {
in, out := &in.IngressTemplate, &out.IngressTemplate
*out = new(ACMEChallengeSolverHTTP01IngressTemplate)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01Ingress.
func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopy() *ACMEChallengeSolverHTTP01Ingress {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01Ingress)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressObjectMeta) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressObjectMeta.
func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressObjectMeta {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodObjectMeta) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodObjectMeta.
func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodObjectMeta {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodSpec) {
*out = *in
if in.NodeSelector != nil {
in, out := &in.NodeSelector, &out.NodeSelector
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Affinity != nil {
in, out := &in.Affinity, &out.Affinity
*out = new(v1.Affinity)
(*in).DeepCopyInto(*out)
}
if in.Tolerations != nil {
in, out := &in.Tolerations, &out.Tolerations
*out = make([]v1.Toleration, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodSpec.
func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodSpec {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodTemplate) {
*out = *in
in.ACMEChallengeSolverHTTP01IngressPodObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressPodObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodTemplate.
func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodTemplate {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressPodTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressTemplate) {
*out = *in
in.ACMEChallengeSolverHTTP01IngressObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressObjectMeta)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressTemplate.
func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressTemplate {
if in == nil {
return nil
}
out := new(ACMEChallengeSolverHTTP01IngressTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEExternalAccountBinding) DeepCopyInto(out *ACMEExternalAccountBinding) {
*out = *in
out.Key = in.Key
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEExternalAccountBinding.
func (in *ACMEExternalAccountBinding) DeepCopy() *ACMEExternalAccountBinding {
if in == nil {
return nil
}
out := new(ACMEExternalAccountBinding)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuer) DeepCopyInto(out *ACMEIssuer) {
*out = *in
if in.ExternalAccountBinding != nil {
in, out := &in.ExternalAccountBinding, &out.ExternalAccountBinding
*out = new(ACMEExternalAccountBinding)
**out = **in
}
out.PrivateKey = in.PrivateKey
if in.Solvers != nil {
in, out := &in.Solvers, &out.Solvers
*out = make([]ACMEChallengeSolver, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuer.
func (in *ACMEIssuer) DeepCopy() *ACMEIssuer {
if in == nil {
return nil
}
out := new(ACMEIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAcmeDNS) {
*out = *in
out.AccountSecret = in.AccountSecret
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAcmeDNS.
func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopy() *ACMEIssuerDNS01ProviderAcmeDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAcmeDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopyInto(out *ACMEIssuerDNS01ProviderAkamai) {
*out = *in
out.ClientToken = in.ClientToken
out.ClientSecret = in.ClientSecret
out.AccessToken = in.AccessToken
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAkamai.
func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopy() *ACMEIssuerDNS01ProviderAkamai {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAkamai)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAzureDNS) {
*out = *in
if in.ClientSecret != nil {
in, out := &in.ClientSecret, &out.ClientSecret
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAzureDNS.
func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopy() *ACMEIssuerDNS01ProviderAzureDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderAzureDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudDNS) {
*out = *in
if in.ServiceAccount != nil {
in, out := &in.ServiceAccount, &out.ServiceAccount
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudDNS.
func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopy() *ACMEIssuerDNS01ProviderCloudDNS {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderCloudDNS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudflare) {
*out = *in
if in.APIKey != nil {
in, out := &in.APIKey, &out.APIKey
*out = new(metav1.SecretKeySelector)
**out = **in
}
if in.APIToken != nil {
in, out := &in.APIToken, &out.APIToken
*out = new(metav1.SecretKeySelector)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudflare.
func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopy() *ACMEIssuerDNS01ProviderCloudflare {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderCloudflare)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopyInto(out *ACMEIssuerDNS01ProviderDigitalOcean) {
*out = *in
out.Token = in.Token
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderDigitalOcean.
func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopy() *ACMEIssuerDNS01ProviderDigitalOcean {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderDigitalOcean)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopyInto(out *ACMEIssuerDNS01ProviderRFC2136) {
*out = *in
out.TSIGSecret = in.TSIGSecret
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRFC2136.
func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC2136 {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderRFC2136)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) {
*out = *in
out.SecretAccessKey = in.SecretAccessKey
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRoute53.
func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopy() *ACMEIssuerDNS01ProviderRoute53 {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderRoute53)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopyInto(out *ACMEIssuerDNS01ProviderWebhook) {
*out = *in
if in.Config != nil {
in, out := &in.Config, &out.Config
*out = new(apiextensionsv1beta1.JSON)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderWebhook.
func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopy() *ACMEIssuerDNS01ProviderWebhook {
if in == nil {
return nil
}
out := new(ACMEIssuerDNS01ProviderWebhook)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEIssuerStatus) DeepCopyInto(out *ACMEIssuerStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerStatus.
func (in *ACMEIssuerStatus) DeepCopy() *ACMEIssuerStatus {
if in == nil {
return nil
}
out := new(ACMEIssuerStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateDNSNameSelector) DeepCopyInto(out *CertificateDNSNameSelector) {
*out = *in
if in.MatchLabels != nil {
in, out := &in.MatchLabels, &out.MatchLabels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DNSZones != nil {
in, out := &in.DNSZones, &out.DNSZones
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateDNSNameSelector.
func (in *CertificateDNSNameSelector) DeepCopy() *CertificateDNSNameSelector {
if in == nil {
return nil
}
out := new(CertificateDNSNameSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Challenge) DeepCopyInto(out *Challenge) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Challenge.
func (in *Challenge) DeepCopy() *Challenge {
if in == nil {
return nil
}
out := new(Challenge)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Challenge) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeList) DeepCopyInto(out *ChallengeList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Challenge, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeList.
func (in *ChallengeList) DeepCopy() *ChallengeList {
if in == nil {
return nil
}
out := new(ChallengeList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ChallengeList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeSpec) DeepCopyInto(out *ChallengeSpec) {
*out = *in
in.Solver.DeepCopyInto(&out.Solver)
out.IssuerRef = in.IssuerRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeSpec.
func (in *ChallengeSpec) DeepCopy() *ChallengeSpec {
if in == nil {
return nil
}
out := new(ChallengeSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ChallengeStatus) DeepCopyInto(out *ChallengeStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeStatus.
func (in *ChallengeStatus) DeepCopy() *ChallengeStatus {
if in == nil {
return nil
}
out := new(ChallengeStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Order) DeepCopyInto(out *Order) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Order.
func (in *Order) DeepCopy() *Order {
if in == nil {
return nil
}
out := new(Order)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Order) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderList) DeepCopyInto(out *OrderList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Order, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderList.
func (in *OrderList) DeepCopy() *OrderList {
if in == nil {
return nil
}
out := new(OrderList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OrderList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderSpec) DeepCopyInto(out *OrderSpec) {
*out = *in
if in.Request != nil {
in, out := &in.Request, &out.Request
*out = make([]byte, len(*in))
copy(*out, *in)
}
out.IssuerRef = in.IssuerRef
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPAddresses != nil {
in, out := &in.IPAddresses, &out.IPAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(apismetav1.Duration)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderSpec.
func (in *OrderSpec) DeepCopy() *OrderSpec {
if in == nil {
return nil
}
out := new(OrderSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OrderStatus) DeepCopyInto(out *OrderStatus) {
*out = *in
if in.Authorizations != nil {
in, out := &in.Authorizations, &out.Authorizations
*out = make([]ACMEAuthorization, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Certificate != nil {
in, out := &in.Certificate, &out.Certificate
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.FailureTime != nil {
in, out := &in.FailureTime, &out.FailureTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderStatus.
func (in *OrderStatus) DeepCopy() *OrderStatus {
if in == nil {
return nil
}
out := new(OrderStatus)
in.DeepCopyInto(out)
return out
}

9
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,9 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["doc.go"],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager",
importpath = "github.com/jetstack/cert-manager/pkg/apis/certmanager",
visibility = ["//visibility:public"],
)

23
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/doc.go generated vendored Normal file
View File

@ -0,0 +1,23 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// +groupName=cert-manager.io
// +groupGoName=Certmanager
// Package certmanager is the internal version of the API.
package certmanager
const GroupName = "cert-manager.io"

27
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,27 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"const.go",
"doc.go",
"generic_issuer.go",
"register.go",
"types.go",
"types_certificate.go",
"types_certificaterequest.go",
"types_issuer.go",
"zz_generated.deepcopy.go",
],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1",
importpath = "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)

43
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/const.go generated vendored Normal file
View File

@ -0,0 +1,43 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import "time"
const (
// minimum permitted certificate duration by cert-manager
MinimumCertificateDuration = time.Hour
// default certificate duration if Issuer.spec.duration is not set
DefaultCertificateDuration = time.Hour * 24 * 90
// minimum certificate duration before certificate expiration
MinimumRenewBefore = time.Minute * 5
// Default duration before certificate expiration if Issuer.spec.renewBefore is not set
DefaultRenewBefore = time.Hour * 24 * 30
)
const (
// Default index key for the Secret reference for Token authentication
DefaultVaultTokenAuthSecretKey = "token"
// Default mount path location for Kubernetes ServiceAccount authentication
// (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so
// left as the default, `/v1/auth/kubernetes/login` will be called.
DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes"
)

24
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/doc.go generated vendored Normal file
View File

@ -0,0 +1,24 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1 is the v1 version of the API.
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/certmanager
// +k8s:openapi-gen=true
// +k8s:defaulter-gen=TypeMeta
// +groupName=cert-manager.io
// +groupGoName=Certmanager
package v1

85
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go generated vendored Normal file
View File

@ -0,0 +1,85 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1"
)
type GenericIssuer interface {
runtime.Object
metav1.Object
GetObjectMeta() *metav1.ObjectMeta
GetSpec() *IssuerSpec
GetStatus() *IssuerStatus
}
var _ GenericIssuer = &Issuer{}
var _ GenericIssuer = &ClusterIssuer{}
func (c *ClusterIssuer) GetObjectMeta() *metav1.ObjectMeta {
return &c.ObjectMeta
}
func (c *ClusterIssuer) GetSpec() *IssuerSpec {
return &c.Spec
}
func (c *ClusterIssuer) GetStatus() *IssuerStatus {
return &c.Status
}
func (c *ClusterIssuer) SetSpec(spec IssuerSpec) {
c.Spec = spec
}
func (c *ClusterIssuer) SetStatus(status IssuerStatus) {
c.Status = status
}
func (c *ClusterIssuer) Copy() GenericIssuer {
return c.DeepCopy()
}
func (c *Issuer) GetObjectMeta() *metav1.ObjectMeta {
return &c.ObjectMeta
}
func (c *Issuer) GetSpec() *IssuerSpec {
return &c.Spec
}
func (c *Issuer) GetStatus() *IssuerStatus {
return &c.Status
}
func (c *Issuer) SetSpec(spec IssuerSpec) {
c.Spec = spec
}
func (c *Issuer) SetStatus(status IssuerStatus) {
c.Status = status
}
func (c *Issuer) Copy() GenericIssuer {
return c.DeepCopy()
}
// TODO: refactor these functions away
func (i *IssuerStatus) ACMEStatus() *cmacme.ACMEIssuerStatus {
// this is an edge case, but this will prevent panics
if i == nil {
return &cmacme.ACMEIssuerStatus{}
}
if i.ACME == nil {
i.ACME = &cmacme.ACMEIssuerStatus{}
}
return i.ACME
}

62
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/register.go generated vendored Normal file
View File

@ -0,0 +1,62 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/jetstack/cert-manager/pkg/apis/certmanager"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: certmanager.GroupName, Version: "v1"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Certificate{},
&CertificateList{},
&Issuer{},
&IssuerList{},
&ClusterIssuer{},
&ClusterIssuerList{},
&CertificateRequest{},
&CertificateRequestList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

201
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/types.go generated vendored Normal file
View File

@ -0,0 +1,201 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
// Common annotation keys added to resources.
const (
// Annotation key for DNS subjectAltNames.
AltNamesAnnotationKey = "cert-manager.io/alt-names"
// Annotation key for IP subjectAltNames.
IPSANAnnotationKey = "cert-manager.io/ip-sans"
// Annotation key for URI subjectAltNames.
URISANAnnotationKey = "cert-manager.io/uri-sans"
// Annotation key for certificate common name.
CommonNameAnnotationKey = "cert-manager.io/common-name"
// Annotation key the 'name' of the Issuer resource.
IssuerNameAnnotationKey = "cert-manager.io/issuer-name"
// Annotation key for the 'kind' of the Issuer resource.
IssuerKindAnnotationKey = "cert-manager.io/issuer-kind"
// Annotation key for the 'group' of the Issuer resource.
IssuerGroupAnnotationKey = "cert-manager.io/issuer-group"
// Annotation key for the name of the certificate that a resource is related to.
CertificateNameKey = "cert-manager.io/certificate-name"
// Annotation key used to denote whether a Secret is named on a Certificate
// as a 'next private key' Secret resource.
IsNextPrivateKeySecretLabelKey = "cert-manager.io/next-private-key"
)
const (
// issuerNameAnnotation can be used to override the issuer specified on the
// created Certificate resource.
IngressIssuerNameAnnotationKey = "cert-manager.io/issuer"
// clusterIssuerNameAnnotation can be used to override the issuer specified on the
// created Certificate resource. The Certificate will reference the
// specified *ClusterIssuer* instead of normal issuer.
IngressClusterIssuerNameAnnotationKey = "cert-manager.io/cluster-issuer"
// acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass
// if the challenge type is set to http01
IngressACMEIssuerHTTP01IngressClassAnnotationKey = "acme.cert-manager.io/http01-ingress-class"
// IngressClassAnnotationKey picks a specific "class" for the Ingress. The
// controller only processes Ingresses with this annotation either unset, or
// set to either the configured value or the empty string.
IngressClassAnnotationKey = "kubernetes.io/ingress.class"
)
// Annotation names for CertificateRequests
const (
// Annotation added to CertificateRequest resources to denote the name of
// a Secret resource containing the private key used to sign the CSR stored
// on the resource.
// This annotation *may* not be present, and is used by the 'self signing'
// issuer type to self-sign certificates.
CertificateRequestPrivateKeyAnnotationKey = "cert-manager.io/private-key-secret-name"
// Annotation to declare the CertificateRequest "revision", belonging to a Certificate Resource
CertificateRequestRevisionAnnotationKey = "cert-manager.io/certificate-revision"
)
const (
// IssueTemporaryCertificateAnnotation is an annotation that can be added to
// Certificate resources.
// If it is present, a temporary internally signed certificate will be
// stored in the target Secret resource whilst the real Issuer is processing
// the certificate request.
IssueTemporaryCertificateAnnotation = "cert-manager.io/issue-temporary-certificate"
)
// Common/known resource kinds.
const (
ClusterIssuerKind = "ClusterIssuer"
IssuerKind = "Issuer"
CertificateKind = "Certificate"
CertificateRequestKind = "CertificateRequest"
)
const (
// WantInjectAnnotation is the annotation that specifies that a particular
// object wants injection of CAs. It takes the form of a reference to a certificate
// as namespace/name. The certificate is expected to have the is-serving-for annotations.
WantInjectAnnotation = "cert-manager.io/inject-ca-from"
// WantInjectAPIServerCAAnnotation, if set to "true", will make the cainjector
// inject the CA certificate for the Kubernetes apiserver into the resource.
// It discovers the apiserver's CA by inspecting the service account credentials
// mounted into the cainjector pod.
WantInjectAPIServerCAAnnotation = "cert-manager.io/inject-apiserver-ca"
// WantInjectFromSecretAnnotation is the annotation that specifies that a particular
// object wants injection of CAs. It takes the form of a reference to a Secret
// as namespace/name.
WantInjectFromSecretAnnotation = "cert-manager.io/inject-ca-from-secret"
// AllowsInjectionFromSecretAnnotation is an annotation that must be added
// to Secret resource that want to denote that they can be directly
// injected into injectables that have a `inject-ca-from-secret` annotation.
// If an injectable references a Secret that does NOT have this annotation,
// the cainjector will refuse to inject the secret.
AllowsInjectionFromSecretAnnotation = "cert-manager.io/allow-direct-injection"
)
// Issuer specific Annotations
const (
// VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer
// This will only work with Venafi TPP v19.3 and higher
// The value is an array with objects containing the name and value keys
// for example: `[{"name": "custom-field", "value": "custom-value"}]`
VenafiCustomFieldsAnnotationKey = "venafi.cert-manager.io/custom-fields"
// VenafiPickupIDAnnotationKey is the annotation key used to record the
// Venafi Pickup ID of a certificate signing request that has been submitted
// to the Venafi API for collection later.
VenafiPickupIDAnnotationKey = "venafi.cert-manager.io/pickup-id"
)
// KeyUsage specifies valid usage contexts for keys.
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
// Valid KeyUsage values are as follows:
// "signing",
// "digital signature",
// "content commitment",
// "key encipherment",
// "key agreement",
// "data encipherment",
// "cert sign",
// "crl sign",
// "encipher only",
// "decipher only",
// "any",
// "server auth",
// "client auth",
// "code signing",
// "email protection",
// "s/mime",
// "ipsec end system",
// "ipsec tunnel",
// "ipsec user",
// "timestamping",
// "ocsp signing",
// "microsoft sgc",
// "netscape sgc"
// +kubebuilder:validation:Enum="signing";"digital signature";"content commitment";"key encipherment";"key agreement";"data encipherment";"cert sign";"crl sign";"encipher only";"decipher only";"any";"server auth";"client auth";"code signing";"email protection";"s/mime";"ipsec end system";"ipsec tunnel";"ipsec user";"timestamping";"ocsp signing";"microsoft sgc";"netscape sgc"
type KeyUsage string
const (
UsageSigning KeyUsage = "signing"
UsageDigitalSignature KeyUsage = "digital signature"
UsageContentCommittment KeyUsage = "content commitment"
UsageKeyEncipherment KeyUsage = "key encipherment"
UsageKeyAgreement KeyUsage = "key agreement"
UsageDataEncipherment KeyUsage = "data encipherment"
UsageCertSign KeyUsage = "cert sign"
UsageCRLSign KeyUsage = "crl sign"
UsageEncipherOnly KeyUsage = "encipher only"
UsageDecipherOnly KeyUsage = "decipher only"
UsageAny KeyUsage = "any"
UsageServerAuth KeyUsage = "server auth"
UsageClientAuth KeyUsage = "client auth"
UsageCodeSigning KeyUsage = "code signing"
UsageEmailProtection KeyUsage = "email protection"
UsageSMIME KeyUsage = "s/mime"
UsageIPsecEndSystem KeyUsage = "ipsec end system"
UsageIPsecTunnel KeyUsage = "ipsec tunnel"
UsageIPsecUser KeyUsage = "ipsec user"
UsageTimestamping KeyUsage = "timestamping"
UsageOCSPSigning KeyUsage = "ocsp signing"
UsageMicrosoftSGC KeyUsage = "microsoft sgc"
UsageNetscapeSGC KeyUsage = "netscape sgc"
)
// DefaultKeyUsages contains the default list of key usages
func DefaultKeyUsages() []KeyUsage {
// The serverAuth EKU is required as of Mac OS Catalina: https://support.apple.com/en-us/HT210176
// Without this usage, certificates will _always_ flag a warning in newer Mac OS browsers.
// We don't explicitly add it here as it leads to strange behaviour when a user sets isCA: true
// (in which case, 'serverAuth' on the CA can break a lot of clients).
// CAs can (and often do) opt to automatically add usages.
return []KeyUsage{UsageDigitalSignature, UsageKeyEncipherment}
}

415
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/types_certificate.go generated vendored Normal file
View File

@ -0,0 +1,415 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
// A Certificate resource should be created to ensure an up to date and signed
// x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.
//
// The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).
// +k8s:openapi-gen=true
type Certificate struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the Certificate resource.
Spec CertificateSpec `json:"spec"`
// Status of the Certificate. This is set and managed automatically.
// +optional
Status CertificateStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// CertificateList is a list of Certificates
type CertificateList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Certificate `json:"items"`
}
// +kubebuilder:validation:Enum=RSA;ECDSA
type PrivateKeyAlgorithm string
const (
// Denotes the RSA private key type.
RSAKeyAlgorithm PrivateKeyAlgorithm = "RSA"
// Denotes the ECDSA private key type.
ECDSAKeyAlgorithm PrivateKeyAlgorithm = "ECDSA"
)
// +kubebuilder:validation:Enum=PKCS1;PKCS8
type PrivateKeyEncoding string
const (
// PKCS1 key encoding will produce PEM files that include the type of
// private key as part of the PEM header, e.g. "BEGIN RSA PRIVATE KEY".
// If the keyAlgorithm is set to 'ECDSA', this will produce private keys
// that use the "BEGIN EC PRIVATE KEY" header.
PKCS1 PrivateKeyEncoding = "PKCS1"
// PKCS8 key encoding will produce PEM files with the "BEGIN PRIVATE KEY"
// header. It encodes the keyAlgorithm of the private key as part of the
// DER encoded PEM block.
PKCS8 PrivateKeyEncoding = "PKCS8"
)
// CertificateSpec defines the desired state of Certificate.
// A valid Certificate requires at least one of a CommonName, DNSName, or
// URISAN to be valid.
type CertificateSpec struct {
// Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
// +optional
Subject *X509Subject `json:"subject,omitempty"`
// CommonName is a common name to be used on the Certificate.
// The CommonName should have a length of 64 characters or fewer to avoid
// generating invalid CSRs.
// This value is ignored by TLS clients when any subject alt name is set.
// This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4
// +optional
CommonName string `json:"commonName,omitempty"`
// The requested 'duration' (i.e. lifetime) of the Certificate.
// This option may be ignored/overridden by some issuer types.
// If overridden and `renewBefore` is greater than the actual certificate
// duration, the certificate will be automatically renewed 2/3rds of the
// way through the certificate's duration.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
// The amount of time before the currently issued certificate's `notAfter`
// time that cert-manager will begin to attempt to renew the certificate.
// If this value is greater than the total duration of the certificate
// (i.e. notAfter - notBefore), it will be automatically renewed 2/3rds of
// the way through the certificate's duration.
// +optional
RenewBefore *metav1.Duration `json:"renewBefore,omitempty"`
// DNSNames is a list of DNS subjectAltNames to be set on the Certificate.
// +optional
DNSNames []string `json:"dnsNames,omitempty"`
// IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.
// +optional
IPAddresses []string `json:"ipAddresses,omitempty"`
// URIs is a list of URI subjectAltNames to be set on the Certificate.
// +optional
URIs []string `json:"uris,omitempty"`
// EmailAddresses is a list of email subjectAltNames to be set on the Certificate.
// +optional
EmailAddresses []string `json:"emailAddresses,omitempty"`
// SecretName is the name of the secret resource that will be automatically
// created and managed by this Certificate resource.
// It will be populated with a private key and certificate, signed by the
// denoted issuer.
SecretName string `json:"secretName"`
// Keystores configures additional keystore output formats stored in the
// `secretName` Secret resource.
// +optional
Keystores *CertificateKeystores `json:"keystores,omitempty"`
// IssuerRef is a reference to the issuer for this certificate.
// If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
// with the given name in the same namespace as the Certificate will be used.
// If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with the
// provided name will be used.
// The 'name' field in this stanza is required at all times.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// IsCA will mark this Certificate as valid for certificate signing.
// This will automatically add the `cert sign` usage to the list of `usages`.
// +optional
IsCA bool `json:"isCA,omitempty"`
// Usages is the set of x509 usages that are requested for the certificate.
// Defaults to `digital signature` and `key encipherment` if not specified.
// +optional
Usages []KeyUsage `json:"usages,omitempty"`
// Options to control private keys used for the Certificate.
// +optional
PrivateKey *CertificatePrivateKey `json:"privateKey,omitempty"`
// EncodeUsagesInRequest controls whether key usages should be present
// in the CertificateRequest
// +optional
EncodeUsagesInRequest *bool `json:"encodeUsagesInRequest,omitempty"`
}
// CertificatePrivateKey contains configuration options for private keys
// used by the Certificate controller.
// This allows control of how private keys are rotated.
type CertificatePrivateKey struct {
// RotationPolicy controls how private keys should be regenerated when a
// re-issuance is being processed.
// If set to Never, a private key will only be generated if one does not
// already exist in the target `spec.secretName`. If one does exists but it
// does not have the correct algorithm or size, a warning will be raised
// to await user intervention.
// If set to Always, a private key matching the specified requirements
// will be generated whenever a re-issuance occurs.
// Default is 'Never' for backward compatibility.
// +optional
RotationPolicy PrivateKeyRotationPolicy `json:"rotationPolicy,omitempty"`
// The private key cryptography standards (PKCS) encoding for this
// certificate's private key to be encoded in.
// If provided, allowed values are "pkcs1" and "pkcs8" standing for PKCS#1
// and PKCS#8, respectively.
// Defaults to PKCS#1 if not specified.
// +optional
Encoding PrivateKeyEncoding `json:"encoding,omitempty"`
// Algorithm is the private key algorithm of the corresponding private key
// for this certificate. If provided, allowed values are either "rsa" or "ecdsa"
// If `algorithm` is specified and `size` is not provided,
// key size of 256 will be used for "ecdsa" key algorithm and
// key size of 2048 will be used for "rsa" key algorithm.
// +optional
Algorithm PrivateKeyAlgorithm `json:"algorithm,omitempty"`
// Size is the key bit size of the corresponding private key for this certificate.
// If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`,
// and will default to `2048` if not specified.
// If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`,
// and will default to `256` if not specified.
// No other values are allowed.
// +kubebuilder:validation:ExclusiveMaximum=false
// +kubebuilder:validation:Maximum=8192
// +kubebuilder:validation:ExclusiveMinimum=false
// +kubebuilder:validation:Minimum=0
// +optional
Size int `json:"size,omitempty"`
}
// Denotes how private keys should be generated or sourced when a Certificate
// is being issued.
type PrivateKeyRotationPolicy string
var (
// RotationPolicyNever means a private key will only be generated if one
// does not already exist in the target `spec.secretName`.
// If one does exists but it does not have the correct algorithm or size,
// a warning will be raised to await user intervention.
RotationPolicyNever PrivateKeyRotationPolicy = "Never"
// RotationPolicyAlways means a private key matching the specified
// requirements will be generated whenever a re-issuance occurs.
RotationPolicyAlways PrivateKeyRotationPolicy = "Always"
)
// X509Subject Full X509 name specification
type X509Subject struct {
// Organizations to be used on the Certificate.
// +optional
Organizations []string `json:"organizations,omitempty"`
// Countries to be used on the Certificate.
// +optional
Countries []string `json:"countries,omitempty"`
// Organizational Units to be used on the Certificate.
// +optional
OrganizationalUnits []string `json:"organizationalUnits,omitempty"`
// Cities to be used on the Certificate.
// +optional
Localities []string `json:"localities,omitempty"`
// State/Provinces to be used on the Certificate.
// +optional
Provinces []string `json:"provinces,omitempty"`
// Street addresses to be used on the Certificate.
// +optional
StreetAddresses []string `json:"streetAddresses,omitempty"`
// Postal codes to be used on the Certificate.
// +optional
PostalCodes []string `json:"postalCodes,omitempty"`
// Serial number to be used on the Certificate.
// +optional
SerialNumber string `json:"serialNumber,omitempty"`
}
// CertificateKeystores configures additional keystore output formats to be
// created in the Certificate's output Secret.
type CertificateKeystores struct {
// JKS configures options for storing a JKS keystore in the
// `spec.secretName` Secret resource.
// +optional
JKS *JKSKeystore `json:"jks,omitempty"`
// PKCS12 configures options for storing a PKCS12 keystore in the
// `spec.secretName` Secret resource.
// +optional
PKCS12 *PKCS12Keystore `json:"pkcs12,omitempty"`
}
// JKS configures options for storing a JKS keystore in the `spec.secretName`
// Secret resource.
type JKSKeystore struct {
// Create enables JKS keystore creation for the Certificate.
// If true, a file named `keystore.jks` will be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef`.
// The keystore file will only be updated upon re-issuance.
Create bool `json:"create"`
// PasswordSecretRef is a reference to a key in a Secret resource
// containing the password used to encrypt the JKS keystore.
PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"`
}
// PKCS12 configures options for storing a PKCS12 keystore in the
// `spec.secretName` Secret resource.
type PKCS12Keystore struct {
// Create enables PKCS12 keystore creation for the Certificate.
// If true, a file named `keystore.p12` will be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef`.
// The keystore file will only be updated upon re-issuance.
Create bool `json:"create"`
// PasswordSecretRef is a reference to a key in a Secret resource
// containing the password used to encrypt the PKCS12 keystore.
PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"`
}
// CertificateStatus defines the observed state of Certificate
type CertificateStatus struct {
// List of status conditions to indicate the status of certificates.
// Known condition types are `Ready` and `Issuing`.
// +optional
Conditions []CertificateCondition `json:"conditions,omitempty"`
// LastFailureTime is the time as recorded by the Certificate controller
// of the most recent failure to complete a CertificateRequest for this
// Certificate resource.
// If set, cert-manager will not re-request another Certificate until
// 1 hour has elapsed from this time.
// +optional
LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"`
// The time after which the certificate stored in the secret named
// by this resource in spec.secretName is valid.
// +optional
NotBefore *metav1.Time `json:"notBefore,omitempty"`
// The expiration time of the certificate stored in the secret named
// by this resource in `spec.secretName`.
// +optional
NotAfter *metav1.Time `json:"notAfter,omitempty"`
// RenewalTime is the time at which the certificate will be next
// renewed.
// If not set, no upcoming renewal is scheduled.
// +optional
RenewalTime *metav1.Time `json:"renewalTime,omitempty"`
// The current 'revision' of the certificate as issued.
//
// When a CertificateRequest resource is created, it will have the
// `cert-manager.io/certificate-revision` set to one greater than the
// current value of this field.
//
// Upon issuance, this field will be set to the value of the annotation
// on the CertificateRequest resource used to issue the certificate.
//
// Persisting the value on the CertificateRequest resource allows the
// certificates controller to know whether a request is part of an old
// issuance or if it is part of the ongoing revision's issuance by
// checking if the revision value in the annotation is greater than this
// field.
// +optional
Revision *int `json:"revision,omitempty"`
// The name of the Secret resource containing the private key to be used
// for the next certificate iteration.
// The keymanager controller will automatically set this field if the
// `Issuing` condition is set to `True`.
// It will automatically unset this field when the Issuing condition is
// not set or False.
// +optional
NextPrivateKeySecretName *string `json:"nextPrivateKeySecretName,omitempty"`
}
// CertificateCondition contains condition information for an Certificate.
type CertificateCondition struct {
// Type of the condition, known values are ('Ready', `Issuing`).
Type CertificateConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status cmmeta.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
// CertificateConditionType represents an Certificate condition value.
type CertificateConditionType string
const (
// CertificateConditionReady indicates that a certificate is ready for use.
// This is defined as:
// - The target secret exists
// - The target secret contains a certificate that has not expired
// - The target secret contains a private key valid for the certificate
// - The commonName and dnsNames attributes match those specified on the Certificate
CertificateConditionReady CertificateConditionType = "Ready"
// A condition added to Certificate resources when an issuance is required.
// This condition will be automatically added and set to true if:
// * No keypair data exists in the target Secret
// * The data stored in the Secret cannot be decoded
// * The private key and certificate do not have matching public keys
// * If a CertificateRequest for the current revision exists and the
// certificate data stored in the Secret does not match the
// `status.certificate` on the CertificateRequest.
// * If no CertificateRequest resource exists for the current revision,
// the options on the Certificate resource are compared against the
// x509 data in the Secret, similar to what's done in earlier versions.
// If there is a mismatch, an issuance is triggered.
// This condition may also be added by external API consumers to trigger
// a re-issuance manually for any other reason.
//
// It will be removed by the 'issuing' controller upon completing issuance.
CertificateConditionIssuing CertificateConditionType = "Issuing"
)

174
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go generated vendored Normal file
View File

@ -0,0 +1,174 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
const (
// Pending indicates that a CertificateRequest is still in progress.
CertificateRequestReasonPending = "Pending"
// Failed indicates that a CertificateRequest has failed, either due to
// timing out or some other critical failure.
CertificateRequestReasonFailed = "Failed"
// Issued indicates that a CertificateRequest has been completed, and that
// the `status.certificate` field is set.
CertificateRequestReasonIssued = "Issued"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
// A CertificateRequest is used to request a signed certificate from one of the
// configured issuers.
//
// All fields within the CertificateRequest's `spec` are immutable after creation.
// A CertificateRequest will either succeed or fail, as denoted by its `status.state`
// field.
//
// A CertificateRequest is a 'one-shot' resource, meaning it represents a single
// point in time request for a certificate and cannot be re-used.
// +k8s:openapi-gen=true
type CertificateRequest struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the CertificateRequest resource.
Spec CertificateRequestSpec `json:"spec"`
// Status of the CertificateRequest. This is set and managed automatically.
// +optional
Status CertificateRequestStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// CertificateRequestList is a list of Certificates
type CertificateRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []CertificateRequest `json:"items"`
}
// CertificateRequestSpec defines the desired state of CertificateRequest
type CertificateRequestSpec struct {
// The requested 'duration' (i.e. lifetime) of the Certificate.
// This option may be ignored/overridden by some issuer types.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
// IssuerRef is a reference to the issuer for this CertificateRequest. If
// the 'kind' field is not set, or set to 'Issuer', an Issuer resource with
// the given name in the same namespace as the CertificateRequest will be
// used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with
// the provided name will be used. The 'name' field in this stanza is
// required at all times. The group field refers to the API group of the
// issuer which defaults to 'cert-manager.io' if empty.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// The PEM-encoded x509 certificate signing request to be submitted to the
// CA for signing.
Request []byte `json:"request"`
// IsCA will request to mark the certificate as valid for certificate signing
// when submitting to the issuer.
// This will automatically add the `cert sign` usage to the list of `usages`.
// +optional
IsCA bool `json:"isCA,omitempty"`
// Usages is the set of x509 usages that are requested for the certificate.
// If usages are set they SHOULD be encoded inside the CSR spec
// Defaults to `digital signature` and `key encipherment` if not specified.
// +optional
Usages []KeyUsage `json:"usages,omitempty"`
}
// CertificateRequestStatus defines the observed state of CertificateRequest and
// resulting signed certificate.
type CertificateRequestStatus struct {
// List of status conditions to indicate the status of a CertificateRequest.
// Known condition types are `Ready` and `InvalidRequest`.
// +optional
Conditions []CertificateRequestCondition `json:"conditions,omitempty"`
// The PEM encoded x509 certificate resulting from the certificate
// signing request.
// If not set, the CertificateRequest has either not been completed or has
// failed. More information on failure can be found by checking the
// `conditions` field.
// +optional
Certificate []byte `json:"certificate,omitempty"`
// The PEM encoded x509 certificate of the signer, also known as the CA
// (Certificate Authority).
// This is set on a best-effort basis by different issuers.
// If not set, the CA is assumed to be unknown/not available.
// +optional
CA []byte `json:"ca,omitempty"`
// FailureTime stores the time that this CertificateRequest failed. This is
// used to influence garbage collection and back-off.
// +optional
FailureTime *metav1.Time `json:"failureTime,omitempty"`
}
// CertificateRequestCondition contains condition information for a CertificateRequest.
type CertificateRequestCondition struct {
// Type of the condition, known values are ('Ready', 'InvalidRequest').
Type CertificateRequestConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status cmmeta.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
// CertificateRequestConditionType represents an Certificate condition value.
type CertificateRequestConditionType string
const (
// CertificateRequestConditionReady indicates that a certificate is ready for use.
// This is defined as:
// - The target certificate exists in CertificateRequest.Status
CertificateRequestConditionReady CertificateRequestConditionType = "Ready"
// CertificateRequestConditionInvalidRequest indicates that a certificate
// signer has refused to sign the request due to at least one of the input
// parameters being invalid. Additional information about why the request
// was rejected can be found in the `reason` and `message` fields.
CertificateRequestConditionInvalidRequest CertificateRequestConditionType = "InvalidRequest"
)

329
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/types_issuer.go generated vendored Normal file
View File

@ -0,0 +1,329 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
// A ClusterIssuer represents a certificate issuing authority which can be
// referenced as part of `issuerRef` fields.
// It is similar to an Issuer, however it is cluster-scoped and therefore can
// be referenced by resources that exist in *any* namespace, not just the same
// namespace as the referent.
type ClusterIssuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the ClusterIssuer resource.
Spec IssuerSpec `json:"spec"`
// Status of the ClusterIssuer. This is set and managed automatically.
// +optional
Status IssuerStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterIssuerList is a list of Issuers
type ClusterIssuerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterIssuer `json:"items"`
}
// +genclient
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
// An Issuer represents a certificate issuing authority which can be
// referenced as part of `issuerRef` fields.
// It is scoped to a single namespace and can therefore only be referenced by
// resources within the same namespace.
type Issuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the Issuer resource.
Spec IssuerSpec `json:"spec"`
// Status of the Issuer. This is set and managed automatically.
// +optional
Status IssuerStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// IssuerList is a list of Issuers
type IssuerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Issuer `json:"items"`
}
// IssuerSpec is the specification of an Issuer. This includes any
// configuration required for the issuer.
type IssuerSpec struct {
IssuerConfig `json:",inline"`
}
// The configuration for the issuer.
// Only one of these can be set.
type IssuerConfig struct {
// ACME configures this issuer to communicate with a RFC8555 (ACME) server
// to obtain signed x509 certificates.
// +optional
ACME *cmacme.ACMEIssuer `json:"acme,omitempty"`
// CA configures this issuer to sign certificates using a signing CA keypair
// stored in a Secret resource.
// This is used to build internal PKIs that are managed by cert-manager.
// +optional
CA *CAIssuer `json:"ca,omitempty"`
// Vault configures this issuer to sign certificates using a HashiCorp Vault
// PKI backend.
// +optional
Vault *VaultIssuer `json:"vault,omitempty"`
// SelfSigned configures this issuer to 'self sign' certificates using the
// private key used to create the CertificateRequest object.
// +optional
SelfSigned *SelfSignedIssuer `json:"selfSigned,omitempty"`
// Venafi configures this issuer to sign certificates using a Venafi TPP
// or Venafi Cloud policy zone.
// +optional
Venafi *VenafiIssuer `json:"venafi,omitempty"`
}
// Configures an issuer to sign certificates using a Venafi TPP
// or Cloud policy zone.
type VenafiIssuer struct {
// Zone is the Venafi Policy Zone to use for this issuer.
// All requests made to the Venafi platform will be restricted by the named
// zone policy.
// This field is required.
Zone string `json:"zone"`
// TPP specifies Trust Protection Platform configuration settings.
// Only one of TPP or Cloud may be specified.
// +optional
TPP *VenafiTPP `json:"tpp,omitempty"`
// Cloud specifies the Venafi cloud configuration settings.
// Only one of TPP or Cloud may be specified.
// +optional
Cloud *VenafiCloud `json:"cloud,omitempty"`
}
// VenafiTPP defines connection configuration details for a Venafi TPP instance
type VenafiTPP struct {
// URL is the base URL for the vedsdk endpoint of the Venafi TPP instance,
// for example: "https://tpp.example.com/vedsdk".
URL string `json:"url"`
// CredentialsRef is a reference to a Secret containing the username and
// password for the TPP server.
// The secret must contain two keys, 'username' and 'password'.
CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"`
// CABundle is a PEM encoded TLS certificate to use to verify connections to
// the TPP instance.
// If specified, system roots will not be used and the issuing CA for the
// TPP instance must be verifiable using the provided root.
// If not specified, the connection will be verified using the cert-manager
// system root certificates.
// +optional
CABundle []byte `json:"caBundle,omitempty"`
}
// VenafiCloud defines connection configuration details for Venafi Cloud
type VenafiCloud struct {
// URL is the base URL for Venafi Cloud.
// Defaults to "https://api.venafi.cloud/v1".
// +optional
URL string `json:"url,omitempty"`
// APITokenSecretRef is a secret key selector for the Venafi Cloud API token.
APITokenSecretRef cmmeta.SecretKeySelector `json:"apiTokenSecretRef"`
}
// Configures an issuer to 'self sign' certificates using the
// private key used to create the CertificateRequest object.
type SelfSignedIssuer struct {
// The CRL distribution points is an X.509 v3 certificate extension which identifies
// the location of the CRL from which the revocation of this certificate can be checked.
// If not set certificate will be issued without CDP. Values are strings.
// +optional
CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
}
// Configures an issuer to sign certificates using a HashiCorp Vault
// PKI backend.
type VaultIssuer struct {
// Auth configures how cert-manager authenticates with the Vault server.
Auth VaultAuth `json:"auth"`
// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
Server string `json:"server"`
// Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g:
// "my_pki_mount/sign/my-role-name".
Path string `json:"path"`
// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1"
// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
// +optional
Namespace string `json:"namespace,omitempty"`
// PEM encoded CA bundle used to validate Vault server certificate. Only used
// if the Server URL is using HTTPS protocol. This parameter is ignored for
// plain HTTP protocol connection. If not set the system root certificates
// are used to validate the TLS connection.
// +optional
CABundle []byte `json:"caBundle,omitempty"`
}
// Configuration used to authenticate with a Vault server.
// Only one of `tokenSecretRef`, `appRole` or `kubernetes` may be specified.
type VaultAuth struct {
// TokenSecretRef authenticates with Vault by presenting a token.
// +optional
TokenSecretRef *cmmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`
// AppRole authenticates with Vault using the App Role auth mechanism,
// with the role and secret stored in a Kubernetes Secret resource.
// +optional
AppRole *VaultAppRole `json:"appRole,omitempty"`
// Kubernetes authenticates with Vault by passing the ServiceAccount
// token stored in the named Secret resource to the Vault server.
// +optional
Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`
}
// VaultAppRole authenticates with Vault using the App Role auth mechanism,
// with the role and secret stored in a Kubernetes Secret resource.
type VaultAppRole struct {
// Path where the App Role authentication backend is mounted in Vault, e.g:
// "approle"
Path string `json:"path"`
// RoleID configured in the App Role authentication backend when setting
// up the authentication backend in Vault.
RoleId string `json:"roleId"`
// Reference to a key in a Secret that contains the App Role secret used
// to authenticate with Vault.
// The `key` field must be specified and denotes which entry within the Secret
// resource is used as the app role secret.
SecretRef cmmeta.SecretKeySelector `json:"secretRef"`
}
// Authenticate against Vault using a Kubernetes ServiceAccount token stored in
// a Secret.
type VaultKubernetesAuth struct {
// The Vault mountPath here is the mount path to use when authenticating with
// Vault. For example, setting a value to `/v1/auth/foo`, will use the path
// `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the
// default value "/v1/auth/kubernetes" will be used.
// +optional
Path string `json:"mountPath,omitempty"`
// The required Secret field containing a Kubernetes ServiceAccount JWT used
// for authenticating with Vault. Use of 'ambient credentials' is not
// supported.
SecretRef cmmeta.SecretKeySelector `json:"secretRef"`
// A required field containing the Vault Role to assume. A Role binds a
// Kubernetes ServiceAccount with a set of Vault policies.
Role string `json:"role"`
}
type CAIssuer struct {
// SecretName is the name of the secret used to sign Certificates issued
// by this Issuer.
SecretName string `json:"secretName"`
// The CRL distribution points is an X.509 v3 certificate extension which identifies
// the location of the CRL from which the revocation of this certificate can be checked.
// If not set, certificates will be issued without distribution points set.
// +optional
CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
}
// IssuerStatus contains status information about an Issuer
type IssuerStatus struct {
// List of status conditions to indicate the status of a CertificateRequest.
// Known condition types are `Ready`.
// +optional
Conditions []IssuerCondition `json:"conditions,omitempty"`
// ACME specific status options.
// This field should only be set if the Issuer is configured to use an ACME
// server to issue certificates.
// +optional
ACME *cmacme.ACMEIssuerStatus `json:"acme,omitempty"`
}
// IssuerCondition contains condition information for an Issuer.
type IssuerCondition struct {
// Type of the condition, known values are ('Ready').
Type IssuerConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status cmmeta.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
// IssuerConditionType represents an Issuer condition value.
type IssuerConditionType string
const (
// IssuerConditionReady represents the fact that a given Issuer condition
// is in ready state and able to issue certificates.
// If the `status` of this condition is `False`, CertificateRequest controllers
// should prevent attempts to sign certificates.
IssuerConditionReady IssuerConditionType = "Ready"
)

929
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go generated vendored Normal file
View File

@ -0,0 +1,929 @@
// +build !ignore_autogenerated
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1
import (
acmev1 "github.com/jetstack/cert-manager/pkg/apis/acme/v1"
apismetav1 "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CAIssuer) DeepCopyInto(out *CAIssuer) {
*out = *in
if in.CRLDistributionPoints != nil {
in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAIssuer.
func (in *CAIssuer) DeepCopy() *CAIssuer {
if in == nil {
return nil
}
out := new(CAIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Certificate) DeepCopyInto(out *Certificate) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.
func (in *Certificate) DeepCopy() *Certificate {
if in == nil {
return nil
}
out := new(Certificate)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Certificate) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition) {
*out = *in
if in.LastTransitionTime != nil {
in, out := &in.LastTransitionTime, &out.LastTransitionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition.
func (in *CertificateCondition) DeepCopy() *CertificateCondition {
if in == nil {
return nil
}
out := new(CertificateCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateKeystores) DeepCopyInto(out *CertificateKeystores) {
*out = *in
if in.JKS != nil {
in, out := &in.JKS, &out.JKS
*out = new(JKSKeystore)
**out = **in
}
if in.PKCS12 != nil {
in, out := &in.PKCS12, &out.PKCS12
*out = new(PKCS12Keystore)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateKeystores.
func (in *CertificateKeystores) DeepCopy() *CertificateKeystores {
if in == nil {
return nil
}
out := new(CertificateKeystores)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateList) DeepCopyInto(out *CertificateList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Certificate, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.
func (in *CertificateList) DeepCopy() *CertificateList {
if in == nil {
return nil
}
out := new(CertificateList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *CertificateList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificatePrivateKey) DeepCopyInto(out *CertificatePrivateKey) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificatePrivateKey.
func (in *CertificatePrivateKey) DeepCopy() *CertificatePrivateKey {
if in == nil {
return nil
}
out := new(CertificatePrivateKey)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequest.
func (in *CertificateRequest) DeepCopy() *CertificateRequest {
if in == nil {
return nil
}
out := new(CertificateRequest)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *CertificateRequest) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestCondition) DeepCopyInto(out *CertificateRequestCondition) {
*out = *in
if in.LastTransitionTime != nil {
in, out := &in.LastTransitionTime, &out.LastTransitionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestCondition.
func (in *CertificateRequestCondition) DeepCopy() *CertificateRequestCondition {
if in == nil {
return nil
}
out := new(CertificateRequestCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]CertificateRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestList.
func (in *CertificateRequestList) DeepCopy() *CertificateRequestList {
if in == nil {
return nil
}
out := new(CertificateRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *CertificateRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec) {
*out = *in
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(metav1.Duration)
**out = **in
}
out.IssuerRef = in.IssuerRef
if in.Request != nil {
in, out := &in.Request, &out.Request
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.Usages != nil {
in, out := &in.Usages, &out.Usages
*out = make([]KeyUsage, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestSpec.
func (in *CertificateRequestSpec) DeepCopy() *CertificateRequestSpec {
if in == nil {
return nil
}
out := new(CertificateRequestSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]CertificateRequestCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Certificate != nil {
in, out := &in.Certificate, &out.Certificate
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.CA != nil {
in, out := &in.CA, &out.CA
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.FailureTime != nil {
in, out := &in.FailureTime, &out.FailureTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestStatus.
func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus {
if in == nil {
return nil
}
out := new(CertificateRequestStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
*out = *in
if in.Subject != nil {
in, out := &in.Subject, &out.Subject
*out = new(X509Subject)
(*in).DeepCopyInto(*out)
}
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(metav1.Duration)
**out = **in
}
if in.RenewBefore != nil {
in, out := &in.RenewBefore, &out.RenewBefore
*out = new(metav1.Duration)
**out = **in
}
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPAddresses != nil {
in, out := &in.IPAddresses, &out.IPAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.URIs != nil {
in, out := &in.URIs, &out.URIs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.EmailAddresses != nil {
in, out := &in.EmailAddresses, &out.EmailAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Keystores != nil {
in, out := &in.Keystores, &out.Keystores
*out = new(CertificateKeystores)
(*in).DeepCopyInto(*out)
}
out.IssuerRef = in.IssuerRef
if in.Usages != nil {
in, out := &in.Usages, &out.Usages
*out = make([]KeyUsage, len(*in))
copy(*out, *in)
}
if in.PrivateKey != nil {
in, out := &in.PrivateKey, &out.PrivateKey
*out = new(CertificatePrivateKey)
**out = **in
}
if in.EncodeUsagesInRequest != nil {
in, out := &in.EncodeUsagesInRequest, &out.EncodeUsagesInRequest
*out = new(bool)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.
func (in *CertificateSpec) DeepCopy() *CertificateSpec {
if in == nil {
return nil
}
out := new(CertificateSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]CertificateCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.LastFailureTime != nil {
in, out := &in.LastFailureTime, &out.LastFailureTime
*out = (*in).DeepCopy()
}
if in.NotBefore != nil {
in, out := &in.NotBefore, &out.NotBefore
*out = (*in).DeepCopy()
}
if in.NotAfter != nil {
in, out := &in.NotAfter, &out.NotAfter
*out = (*in).DeepCopy()
}
if in.RenewalTime != nil {
in, out := &in.RenewalTime, &out.RenewalTime
*out = (*in).DeepCopy()
}
if in.Revision != nil {
in, out := &in.Revision, &out.Revision
*out = new(int)
**out = **in
}
if in.NextPrivateKeySecretName != nil {
in, out := &in.NextPrivateKeySecretName, &out.NextPrivateKeySecretName
*out = new(string)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.
func (in *CertificateStatus) DeepCopy() *CertificateStatus {
if in == nil {
return nil
}
out := new(CertificateStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterIssuer) DeepCopyInto(out *ClusterIssuer) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuer.
func (in *ClusterIssuer) DeepCopy() *ClusterIssuer {
if in == nil {
return nil
}
out := new(ClusterIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterIssuer) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterIssuerList) DeepCopyInto(out *ClusterIssuerList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ClusterIssuer, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuerList.
func (in *ClusterIssuerList) DeepCopy() *ClusterIssuerList {
if in == nil {
return nil
}
out := new(ClusterIssuerList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterIssuerList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Issuer) DeepCopyInto(out *Issuer) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.
func (in *Issuer) DeepCopy() *Issuer {
if in == nil {
return nil
}
out := new(Issuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Issuer) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerCondition) DeepCopyInto(out *IssuerCondition) {
*out = *in
if in.LastTransitionTime != nil {
in, out := &in.LastTransitionTime, &out.LastTransitionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerCondition.
func (in *IssuerCondition) DeepCopy() *IssuerCondition {
if in == nil {
return nil
}
out := new(IssuerCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig) {
*out = *in
if in.ACME != nil {
in, out := &in.ACME, &out.ACME
*out = new(acmev1.ACMEIssuer)
(*in).DeepCopyInto(*out)
}
if in.CA != nil {
in, out := &in.CA, &out.CA
*out = new(CAIssuer)
(*in).DeepCopyInto(*out)
}
if in.Vault != nil {
in, out := &in.Vault, &out.Vault
*out = new(VaultIssuer)
(*in).DeepCopyInto(*out)
}
if in.SelfSigned != nil {
in, out := &in.SelfSigned, &out.SelfSigned
*out = new(SelfSignedIssuer)
(*in).DeepCopyInto(*out)
}
if in.Venafi != nil {
in, out := &in.Venafi, &out.Venafi
*out = new(VenafiIssuer)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerConfig.
func (in *IssuerConfig) DeepCopy() *IssuerConfig {
if in == nil {
return nil
}
out := new(IssuerConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerList) DeepCopyInto(out *IssuerList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Issuer, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerList.
func (in *IssuerList) DeepCopy() *IssuerList {
if in == nil {
return nil
}
out := new(IssuerList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *IssuerList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerSpec) DeepCopyInto(out *IssuerSpec) {
*out = *in
in.IssuerConfig.DeepCopyInto(&out.IssuerConfig)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerSpec.
func (in *IssuerSpec) DeepCopy() *IssuerSpec {
if in == nil {
return nil
}
out := new(IssuerSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerStatus) DeepCopyInto(out *IssuerStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]IssuerCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.ACME != nil {
in, out := &in.ACME, &out.ACME
*out = new(acmev1.ACMEIssuerStatus)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerStatus.
func (in *IssuerStatus) DeepCopy() *IssuerStatus {
if in == nil {
return nil
}
out := new(IssuerStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *JKSKeystore) DeepCopyInto(out *JKSKeystore) {
*out = *in
out.PasswordSecretRef = in.PasswordSecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JKSKeystore.
func (in *JKSKeystore) DeepCopy() *JKSKeystore {
if in == nil {
return nil
}
out := new(JKSKeystore)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PKCS12Keystore) DeepCopyInto(out *PKCS12Keystore) {
*out = *in
out.PasswordSecretRef = in.PasswordSecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKCS12Keystore.
func (in *PKCS12Keystore) DeepCopy() *PKCS12Keystore {
if in == nil {
return nil
}
out := new(PKCS12Keystore)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SelfSignedIssuer) DeepCopyInto(out *SelfSignedIssuer) {
*out = *in
if in.CRLDistributionPoints != nil {
in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSignedIssuer.
func (in *SelfSignedIssuer) DeepCopy() *SelfSignedIssuer {
if in == nil {
return nil
}
out := new(SelfSignedIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole) {
*out = *in
out.SecretRef = in.SecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.
func (in *VaultAppRole) DeepCopy() *VaultAppRole {
if in == nil {
return nil
}
out := new(VaultAppRole)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultAuth) DeepCopyInto(out *VaultAuth) {
*out = *in
if in.TokenSecretRef != nil {
in, out := &in.TokenSecretRef, &out.TokenSecretRef
*out = new(apismetav1.SecretKeySelector)
**out = **in
}
if in.AppRole != nil {
in, out := &in.AppRole, &out.AppRole
*out = new(VaultAppRole)
**out = **in
}
if in.Kubernetes != nil {
in, out := &in.Kubernetes, &out.Kubernetes
*out = new(VaultKubernetesAuth)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
func (in *VaultAuth) DeepCopy() *VaultAuth {
if in == nil {
return nil
}
out := new(VaultAuth)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultIssuer) DeepCopyInto(out *VaultIssuer) {
*out = *in
in.Auth.DeepCopyInto(&out.Auth)
if in.CABundle != nil {
in, out := &in.CABundle, &out.CABundle
*out = make([]byte, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIssuer.
func (in *VaultIssuer) DeepCopy() *VaultIssuer {
if in == nil {
return nil
}
out := new(VaultIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth) {
*out = *in
out.SecretRef = in.SecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.
func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth {
if in == nil {
return nil
}
out := new(VaultKubernetesAuth)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VenafiCloud) DeepCopyInto(out *VenafiCloud) {
*out = *in
out.APITokenSecretRef = in.APITokenSecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiCloud.
func (in *VenafiCloud) DeepCopy() *VenafiCloud {
if in == nil {
return nil
}
out := new(VenafiCloud)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VenafiIssuer) DeepCopyInto(out *VenafiIssuer) {
*out = *in
if in.TPP != nil {
in, out := &in.TPP, &out.TPP
*out = new(VenafiTPP)
(*in).DeepCopyInto(*out)
}
if in.Cloud != nil {
in, out := &in.Cloud, &out.Cloud
*out = new(VenafiCloud)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiIssuer.
func (in *VenafiIssuer) DeepCopy() *VenafiIssuer {
if in == nil {
return nil
}
out := new(VenafiIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VenafiTPP) DeepCopyInto(out *VenafiTPP) {
*out = *in
out.CredentialsRef = in.CredentialsRef
if in.CABundle != nil {
in, out := &in.CABundle, &out.CABundle
*out = make([]byte, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiTPP.
func (in *VenafiTPP) DeepCopy() *VenafiTPP {
if in == nil {
return nil
}
out := new(VenafiTPP)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *X509Subject) DeepCopyInto(out *X509Subject) {
*out = *in
if in.Organizations != nil {
in, out := &in.Organizations, &out.Organizations
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Countries != nil {
in, out := &in.Countries, &out.Countries
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.OrganizationalUnits != nil {
in, out := &in.OrganizationalUnits, &out.OrganizationalUnits
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Localities != nil {
in, out := &in.Localities, &out.Localities
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Provinces != nil {
in, out := &in.Provinces, &out.Provinces
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.StreetAddresses != nil {
in, out := &in.StreetAddresses, &out.StreetAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.PostalCodes != nil {
in, out := &in.PostalCodes, &out.PostalCodes
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509Subject.
func (in *X509Subject) DeepCopy() *X509Subject {
if in == nil {
return nil
}
out := new(X509Subject)
in.DeepCopyInto(out)
return out
}

27
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,27 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"const.go",
"doc.go",
"generic_issuer.go",
"register.go",
"types.go",
"types_certificate.go",
"types_certificaterequest.go",
"types_issuer.go",
"zz_generated.deepcopy.go",
],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2",
importpath = "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)

43
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/const.go generated vendored Normal file
View File

@ -0,0 +1,43 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import "time"
const (
// minimum permitted certificate duration by cert-manager
MinimumCertificateDuration = time.Hour
// default certificate duration if Issuer.spec.duration is not set
DefaultCertificateDuration = time.Hour * 24 * 90
// minimum certificate duration before certificate expiration
MinimumRenewBefore = time.Minute * 5
// Default duration before certificate expiration if Issuer.spec.renewBefore is not set
DefaultRenewBefore = time.Hour * 24 * 30
)
const (
// Default index key for the Secret reference for Token authentication
DefaultVaultTokenAuthSecretKey = "token"
// Default mount path location for Kubernetes ServiceAccount authentication
// (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so
// left as the default, `/v1/auth/kubernetes/login` will be called.
DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes"
)

24
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/doc.go generated vendored Normal file
View File

@ -0,0 +1,24 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1alpha2 is the v1alpha2 version of the API.
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/certmanager
// +k8s:openapi-gen=true
// +k8s:defaulter-gen=TypeMeta
// +groupName=cert-manager.io
// +groupGoName=Certmanager
package v1alpha2

85
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/generic_issuer.go generated vendored Normal file
View File

@ -0,0 +1,85 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2"
)
type GenericIssuer interface {
runtime.Object
metav1.Object
GetObjectMeta() *metav1.ObjectMeta
GetSpec() *IssuerSpec
GetStatus() *IssuerStatus
}
var _ GenericIssuer = &Issuer{}
var _ GenericIssuer = &ClusterIssuer{}
func (c *ClusterIssuer) GetObjectMeta() *metav1.ObjectMeta {
return &c.ObjectMeta
}
func (c *ClusterIssuer) GetSpec() *IssuerSpec {
return &c.Spec
}
func (c *ClusterIssuer) GetStatus() *IssuerStatus {
return &c.Status
}
func (c *ClusterIssuer) SetSpec(spec IssuerSpec) {
c.Spec = spec
}
func (c *ClusterIssuer) SetStatus(status IssuerStatus) {
c.Status = status
}
func (c *ClusterIssuer) Copy() GenericIssuer {
return c.DeepCopy()
}
func (c *Issuer) GetObjectMeta() *metav1.ObjectMeta {
return &c.ObjectMeta
}
func (c *Issuer) GetSpec() *IssuerSpec {
return &c.Spec
}
func (c *Issuer) GetStatus() *IssuerStatus {
return &c.Status
}
func (c *Issuer) SetSpec(spec IssuerSpec) {
c.Spec = spec
}
func (c *Issuer) SetStatus(status IssuerStatus) {
c.Status = status
}
func (c *Issuer) Copy() GenericIssuer {
return c.DeepCopy()
}
// TODO: refactor these functions away
func (i *IssuerStatus) ACMEStatus() *cmacme.ACMEIssuerStatus {
// this is an edge case, but this will prevent panics
if i == nil {
return &cmacme.ACMEIssuerStatus{}
}
if i.ACME == nil {
i.ACME = &cmacme.ACMEIssuerStatus{}
}
return i.ACME
}

62
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/register.go generated vendored Normal file
View File

@ -0,0 +1,62 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/jetstack/cert-manager/pkg/apis/certmanager"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: certmanager.GroupName, Version: "v1alpha2"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Certificate{},
&CertificateList{},
&Issuer{},
&IssuerList{},
&ClusterIssuer{},
&ClusterIssuerList{},
&CertificateRequest{},
&CertificateRequestList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

203
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/types.go generated vendored Normal file
View File

@ -0,0 +1,203 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
// Common annotation keys added to resources.
const (
// Annotation key for DNS subjectAltNames.
AltNamesAnnotationKey = "cert-manager.io/alt-names"
// Annotation key for IP subjectAltNames.
IPSANAnnotationKey = "cert-manager.io/ip-sans"
// Annotation key for URI subjectAltNames.
URISANAnnotationKey = "cert-manager.io/uri-sans"
// Annotation key for certificate common name.
CommonNameAnnotationKey = "cert-manager.io/common-name"
// Annotation key the 'name' of the Issuer resource.
IssuerNameAnnotationKey = "cert-manager.io/issuer-name"
// Annotation key for the 'kind' of the Issuer resource.
IssuerKindAnnotationKey = "cert-manager.io/issuer-kind"
// Annotation key for the 'group' of the Issuer resource.
IssuerGroupAnnotationKey = "cert-manager.io/issuer-group"
// Annotation key for the name of the certificate that a resource is related to.
CertificateNameKey = "cert-manager.io/certificate-name"
// Annotation key used to denote whether a Secret is named on a Certificate
// as a 'next private key' Secret resource.
IsNextPrivateKeySecretLabelKey = "cert-manager.io/next-private-key"
)
// Deprecated annotation names for Secrets
// These will be removed in a future release.
const (
DeprecatedIssuerNameAnnotationKey = "certmanager.k8s.io/issuer-name"
DeprecatedIssuerKindAnnotationKey = "certmanager.k8s.io/issuer-kind"
)
const (
// issuerNameAnnotation can be used to override the issuer specified on the
// created Certificate resource.
IngressIssuerNameAnnotationKey = "cert-manager.io/issuer"
// clusterIssuerNameAnnotation can be used to override the issuer specified on the
// created Certificate resource. The Certificate will reference the
// specified *ClusterIssuer* instead of normal issuer.
IngressClusterIssuerNameAnnotationKey = "cert-manager.io/cluster-issuer"
// acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass
// if the challenge type is set to http01
IngressACMEIssuerHTTP01IngressClassAnnotationKey = "acme.cert-manager.io/http01-ingress-class"
// IngressClassAnnotationKey picks a specific "class" for the Ingress. The
// controller only processes Ingresses with this annotation either unset, or
// set to either the configured value or the empty string.
IngressClassAnnotationKey = "kubernetes.io/ingress.class"
)
// Annotation names for CertificateRequests
const (
// Annotation added to CertificateRequest resources to denote the name of
// a Secret resource containing the private key used to sign the CSR stored
// on the resource.
// This annotation *may* not be present, and is used by the 'self signing'
// issuer type to self-sign certificates.
CertificateRequestPrivateKeyAnnotationKey = "cert-manager.io/private-key-secret-name"
// Annotation to declare the CertificateRequest "revision", belonging to a Certificate Resource
CertificateRequestRevisionAnnotationKey = "cert-manager.io/certificate-revision"
)
const (
// IssueTemporaryCertificateAnnotation is an annotation that can be added to
// Certificate resources.
// If it is present, a temporary internally signed certificate will be
// stored in the target Secret resource whilst the real Issuer is processing
// the certificate request.
IssueTemporaryCertificateAnnotation = "cert-manager.io/issue-temporary-certificate"
)
// Common/known resource kinds.
const (
ClusterIssuerKind = "ClusterIssuer"
IssuerKind = "Issuer"
CertificateKind = "Certificate"
CertificateRequestKind = "CertificateRequest"
)
const (
// WantInjectAnnotation is the annotation that specifies that a particular
// object wants injection of CAs. It takes the form of a reference to a certificate
// as namespace/name.
WantInjectAnnotation = "cert-manager.io/inject-ca-from"
// WantInjectAPIServerCAAnnotation, if set to "true", will make the cainjector
// inject the CA certificate for the Kubernetes apiserver into the resource.
// It discovers the apiserver's CA by inspecting the service account credentials
// mounted into the cainjector pod.
WantInjectAPIServerCAAnnotation = "cert-manager.io/inject-apiserver-ca"
// WantInjectFromSecretAnnotation is the annotation that specifies that a particular
// object wants injection of CAs. It takes the form of a reference to a Secret
// as namespace/name.
WantInjectFromSecretAnnotation = "cert-manager.io/inject-ca-from-secret"
// AllowsInjectionFromSecretAnnotation is an annotation that must be added
// to Secret resource that want to denote that they can be directly
// injected into injectables that have a `inject-ca-from-secret` annotation.
// If an injectable references a Secret that does NOT have this annotation,
// the cainjector will refuse to inject the secret.
AllowsInjectionFromSecretAnnotation = "cert-manager.io/allow-direct-injection"
)
// Issuer specific Annotations
const (
// VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer
// This will only work with Venafi TPP v19.3 and higher
// The value is an array with objects containing the name and value keys
// for example: `[{"name": "custom-field", "value": "custom-value"}]`
VenafiCustomFieldsAnnotationKey = "venafi.cert-manager.io/custom-fields"
)
// KeyUsage specifies valid usage contexts for keys.
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
// Valid KeyUsage values are as follows:
// "signing",
// "digital signature",
// "content commitment",
// "key encipherment",
// "key agreement",
// "data encipherment",
// "cert sign",
// "crl sign",
// "encipher only",
// "decipher only",
// "any",
// "server auth",
// "client auth",
// "code signing",
// "email protection",
// "s/mime",
// "ipsec end system",
// "ipsec tunnel",
// "ipsec user",
// "timestamping",
// "ocsp signing",
// "microsoft sgc",
// "netscape sgc"
// +kubebuilder:validation:Enum="signing";"digital signature";"content commitment";"key encipherment";"key agreement";"data encipherment";"cert sign";"crl sign";"encipher only";"decipher only";"any";"server auth";"client auth";"code signing";"email protection";"s/mime";"ipsec end system";"ipsec tunnel";"ipsec user";"timestamping";"ocsp signing";"microsoft sgc";"netscape sgc"
type KeyUsage string
const (
UsageSigning KeyUsage = "signing"
UsageDigitalSignature KeyUsage = "digital signature"
UsageContentCommittment KeyUsage = "content commitment"
UsageKeyEncipherment KeyUsage = "key encipherment"
UsageKeyAgreement KeyUsage = "key agreement"
UsageDataEncipherment KeyUsage = "data encipherment"
UsageCertSign KeyUsage = "cert sign"
UsageCRLSign KeyUsage = "crl sign"
UsageEncipherOnly KeyUsage = "encipher only"
UsageDecipherOnly KeyUsage = "decipher only"
UsageAny KeyUsage = "any"
UsageServerAuth KeyUsage = "server auth"
UsageClientAuth KeyUsage = "client auth"
UsageCodeSigning KeyUsage = "code signing"
UsageEmailProtection KeyUsage = "email protection"
UsageSMIME KeyUsage = "s/mime"
UsageIPsecEndSystem KeyUsage = "ipsec end system"
UsageIPsecTunnel KeyUsage = "ipsec tunnel"
UsageIPsecUser KeyUsage = "ipsec user"
UsageTimestamping KeyUsage = "timestamping"
UsageOCSPSigning KeyUsage = "ocsp signing"
UsageMicrosoftSGC KeyUsage = "microsoft sgc"
UsageNetscapeSGC KeyUsage = "netscape sgc"
)
// DefaultKeyUsages contains the default list of key usages
func DefaultKeyUsages() []KeyUsage {
// The serverAuth EKU is required as of Mac OS Catalina: https://support.apple.com/en-us/HT210176
// Without this usage, certificates will _always_ flag a warning in newer Mac OS browsers.
// We don't explicitly add it here as it leads to strange behaviour when a user sets isCA: true
// (in which case, 'serverAuth' on the CA can break a lot of clients).
// CAs can (and often do) opt to automatically add usages.
return []KeyUsage{UsageDigitalSignature, UsageKeyEncipherment}
}

409
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/types_certificate.go generated vendored Normal file
View File

@ -0,0 +1,409 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// A Certificate resource should be created to ensure an up to date and signed
// x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.
//
// The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).
// +k8s:openapi-gen=true
type Certificate struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the Certificate resource.
Spec CertificateSpec `json:"spec,omitempty"`
// Status of the Certificate. This is set and managed automatically.
Status CertificateStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// CertificateList is a list of Certificates
type CertificateList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Certificate `json:"items"`
}
// +kubebuilder:validation:Enum=rsa;ecdsa
type KeyAlgorithm string
const (
// Denotes the RSA private key type.
RSAKeyAlgorithm KeyAlgorithm = "rsa"
// Denotes the ECDSA private key type.
ECDSAKeyAlgorithm KeyAlgorithm = "ecdsa"
)
// +kubebuilder:validation:Enum=pkcs1;pkcs8
type KeyEncoding string
const (
// PKCS1 key encoding will produce PEM files that include the type of
// private key as part of the PEM header, e.g. "BEGIN RSA PRIVATE KEY".
// If the keyAlgorithm is set to 'ECDSA', this will produce private keys
// that use the "BEGIN EC PRIVATE KEY" header.
PKCS1 KeyEncoding = "pkcs1"
// PKCS8 key encoding will produce PEM files with the "BEGIN PRIVATE KEY"
// header. It encodes the keyAlgorithm of the private key as part of the
// DER encoded PEM block.
PKCS8 KeyEncoding = "pkcs8"
)
// CertificateSpec defines the desired state of Certificate.
type CertificateSpec struct {
// Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
// +optional
Subject *X509Subject `json:"subject,omitempty"`
// CommonName is a common name to be used on the Certificate.
// The CommonName should have a length of 64 characters or fewer to avoid
// generating invalid CSRs.
// This value is ignored by TLS clients when any subject alt name is set.
// This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4
// +optional
CommonName string `json:"commonName,omitempty"`
// Organization is a list of organizations to be used on the Certificate.
// +optional
Organization []string `json:"organization,omitempty"`
// The requested 'duration' (i.e. lifetime) of the Certificate.
// This option may be ignored/overridden by some issuer types.
// If overridden and `renewBefore` is greater than the actual certificate
// duration, the certificate will be automatically renewed 2/3rds of the
// way through the certificate's duration.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
// The amount of time before the currently issued certificate's `notAfter`
// time that cert-manager will begin to attempt to renew the certificate.
// If this value is greater than the total duration of the certificate
// (i.e. notAfter - notBefore), it will be automatically renewed 2/3rds of
// the way through the certificate's duration.
// +optional
RenewBefore *metav1.Duration `json:"renewBefore,omitempty"`
// DNSNames is a list of DNS subjectAltNames to be set on the Certificate.
// +optional
DNSNames []string `json:"dnsNames,omitempty"`
// IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.
// +optional
IPAddresses []string `json:"ipAddresses,omitempty"`
// URISANs is a list of URI subjectAltNames to be set on the Certificate.
// +optional
URISANs []string `json:"uriSANs,omitempty"`
// EmailSANs is a list of email subjectAltNames to be set on the Certificate.
// +optional
EmailSANs []string `json:"emailSANs,omitempty"`
// SecretName is the name of the secret resource that will be automatically
// created and managed by this Certificate resource.
// It will be populated with a private key and certificate, signed by the
// denoted issuer.
SecretName string `json:"secretName"`
// Keystores configures additional keystore output formats stored in the
// `secretName` Secret resource.
// +optional
Keystores *CertificateKeystores `json:"keystores,omitempty"`
// IssuerRef is a reference to the issuer for this certificate.
// If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
// with the given name in the same namespace as the Certificate will be used.
// If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with the
// provided name will be used.
// The 'name' field in this stanza is required at all times.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// IsCA will mark this Certificate as valid for certificate signing.
// This will automatically add the `cert sign` usage to the list of `usages`.
// +optional
IsCA bool `json:"isCA,omitempty"`
// Usages is the set of x509 usages that are requested for the certificate.
// Defaults to `digital signature` and `key encipherment` if not specified.
// +optional
Usages []KeyUsage `json:"usages,omitempty"`
// KeySize is the key bit size of the corresponding private key for this certificate.
// If `keyAlgorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`,
// and will default to `2048` if not specified.
// If `keyAlgorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`,
// and will default to `256` if not specified.
// No other values are allowed.
// +kubebuilder:validation:ExclusiveMaximum=false
// +kubebuilder:validation:Maximum=8192
// +kubebuilder:validation:ExclusiveMinimum=false
// +kubebuilder:validation:Minimum=0
// +optional
KeySize int `json:"keySize,omitempty"`
// KeyAlgorithm is the private key algorithm of the corresponding private key
// for this certificate. If provided, allowed values are either "rsa" or "ecdsa"
// If `keyAlgorithm` is specified and `keySize` is not provided,
// key size of 256 will be used for "ecdsa" key algorithm and
// key size of 2048 will be used for "rsa" key algorithm.
// +optional
KeyAlgorithm KeyAlgorithm `json:"keyAlgorithm,omitempty"`
// KeyEncoding is the private key cryptography standards (PKCS)
// for this certificate's private key to be encoded in. If provided, allowed
// values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8, respectively.
// If KeyEncoding is not specified, then PKCS#1 will be used by default.
// +optional
KeyEncoding KeyEncoding `json:"keyEncoding,omitempty"`
// Options to control private keys used for the Certificate.
// +optional
PrivateKey *CertificatePrivateKey `json:"privateKey,omitempty"`
// EncodeUsagesInRequest controls whether key usages should be present
// in the CertificateRequest
// +optional
EncodeUsagesInRequest *bool `json:"encodeUsagesInRequest,omitempty"`
}
// CertificatePrivateKey contains configuration options for private keys
// used by the Certificate controller.
// This allows control of how private keys are rotated.
type CertificatePrivateKey struct {
// RotationPolicy controls how private keys should be regenerated when a
// re-issuance is being processed.
// If set to Never, a private key will only be generated if one does not
// already exist in the target `spec.secretName`. If one does exists but it
// does not have the correct algorithm or size, a warning will be raised
// to await user intervention.
// If set to Always, a private key matching the specified requirements
// will be generated whenever a re-issuance occurs.
// Default is 'Never' for backward compatibility.
// +optional
RotationPolicy PrivateKeyRotationPolicy `json:"rotationPolicy,omitempty"`
}
// Denotes how private keys should be generated or sourced when a Certificate
// is being issued.
type PrivateKeyRotationPolicy string
var (
// RotationPolicyNever means a private key will only be generated if one
// does not already exist in the target `spec.secretName`.
// If one does exists but it does not have the correct algorithm or size,
// a warning will be raised to await user intervention.
RotationPolicyNever PrivateKeyRotationPolicy = "Never"
// RotationPolicyAlways means a private key matching the specified
// requirements will be generated whenever a re-issuance occurs.
RotationPolicyAlways PrivateKeyRotationPolicy = "Always"
)
// X509Subject Full X509 name specification
type X509Subject struct {
// Countries to be used on the Certificate.
// +optional
Countries []string `json:"countries,omitempty"`
// Organizational Units to be used on the Certificate.
// +optional
OrganizationalUnits []string `json:"organizationalUnits,omitempty"`
// Cities to be used on the Certificate.
// +optional
Localities []string `json:"localities,omitempty"`
// State/Provinces to be used on the Certificate.
// +optional
Provinces []string `json:"provinces,omitempty"`
// Street addresses to be used on the Certificate.
// +optional
StreetAddresses []string `json:"streetAddresses,omitempty"`
// Postal codes to be used on the Certificate.
// +optional
PostalCodes []string `json:"postalCodes,omitempty"`
// Serial number to be used on the Certificate.
// +optional
SerialNumber string `json:"serialNumber,omitempty"`
}
// CertificateKeystores configures additional keystore output formats to be
// created in the Certificate's output Secret.
type CertificateKeystores struct {
// JKS configures options for storing a JKS keystore in the
// `spec.secretName` Secret resource.
JKS *JKSKeystore `json:"jks,omitempty"`
// PKCS12 configures options for storing a PKCS12 keystore in the
// `spec.secretName` Secret resource.
PKCS12 *PKCS12Keystore `json:"pkcs12,omitempty"`
}
// JKS configures options for storing a JKS keystore in the `spec.secretName`
// Secret resource.
type JKSKeystore struct {
// Create enables JKS keystore creation for the Certificate.
// If true, a file named `keystore.jks` will be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef`.
// The keystore file will only be updated upon re-issuance.
Create bool `json:"create"`
// PasswordSecretRef is a reference to a key in a Secret resource
// containing the password used to encrypt the JKS keystore.
PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"`
}
// PKCS12 configures options for storing a PKCS12 keystore in the
// `spec.secretName` Secret resource.
type PKCS12Keystore struct {
// Create enables PKCS12 keystore creation for the Certificate.
// If true, a file named `keystore.p12` will be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef`.
// The keystore file will only be updated upon re-issuance.
Create bool `json:"create"`
// PasswordSecretRef is a reference to a key in a Secret resource
// containing the password used to encrypt the PKCS12 keystore.
PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"`
}
// CertificateStatus defines the observed state of Certificate
type CertificateStatus struct {
// List of status conditions to indicate the status of certificates.
// Known condition types are `Ready` and `Issuing`.
// +optional
Conditions []CertificateCondition `json:"conditions,omitempty"`
// LastFailureTime is the time as recorded by the Certificate controller
// of the most recent failure to complete a CertificateRequest for this
// Certificate resource.
// If set, cert-manager will not re-request another Certificate until
// 1 hour has elapsed from this time.
// +optional
LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"`
// The time after which the certificate stored in the secret named
// by this resource in spec.secretName is valid.
// +optional
NotBefore *metav1.Time `json:"notBefore,omitempty"`
// The expiration time of the certificate stored in the secret named
// by this resource in `spec.secretName`.
// +optional
NotAfter *metav1.Time `json:"notAfter,omitempty"`
// RenewalTime is the time at which the certificate will be next
// renewed.
// If not set, no upcoming renewal is scheduled.
// +optional
RenewalTime *metav1.Time `json:"renewalTime,omitempty"`
// The current 'revision' of the certificate as issued.
//
// When a CertificateRequest resource is created, it will have the
// `cert-manager.io/certificate-revision` set to one greater than the
// current value of this field.
//
// Upon issuance, this field will be set to the value of the annotation
// on the CertificateRequest resource used to issue the certificate.
//
// Persisting the value on the CertificateRequest resource allows the
// certificates controller to know whether a request is part of an old
// issuance or if it is part of the ongoing revision's issuance by
// checking if the revision value in the annotation is greater than this
// field.
// +optional
Revision *int `json:"revision,omitempty"`
// The name of the Secret resource containing the private key to be used
// for the next certificate iteration.
// The keymanager controller will automatically set this field if the
// `Issuing` condition is set to `True`.
// It will automatically unset this field when the Issuing condition is
// not set or False.
// +optional
NextPrivateKeySecretName *string `json:"nextPrivateKeySecretName,omitempty"`
}
// CertificateCondition contains condition information for an Certificate.
type CertificateCondition struct {
// Type of the condition, known values are ('Ready', `Issuing`).
Type CertificateConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status cmmeta.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
// CertificateConditionType represents an Certificate condition value.
type CertificateConditionType string
const (
// CertificateConditionReady indicates that a certificate is ready for use.
// This is defined as:
// - The target secret exists
// - The target secret contains a certificate that has not expired
// - The target secret contains a private key valid for the certificate
// - The commonName and dnsNames attributes match those specified on the Certificate
CertificateConditionReady CertificateConditionType = "Ready"
// A condition added to Certificate resources when an issuance is required.
// This condition will be automatically added and set to true if:
// * No keypair data exists in the target Secret
// * The data stored in the Secret cannot be decoded
// * The private key and certificate do not have matching public keys
// * If a CertificateRequest for the current revision exists and the
// certificate data stored in the Secret does not match the
// `status.certificate` on the CertificateRequest.
// * If no CertificateRequest resource exists for the current revision,
// the options on the Certificate resource are compared against the
// x509 data in the Secret, similar to what's done in earlier versions.
// If there is a mismatch, an issuance is triggered.
// This condition may also be added by external API consumers to trigger
// a re-issuance manually for any other reason.
//
// It will be removed by the 'issuing' controller upon completing issuance.
CertificateConditionIssuing CertificateConditionType = "Issuing"
)

171
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/types_certificaterequest.go generated vendored Normal file
View File

@ -0,0 +1,171 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
const (
// Pending indicates that a CertificateRequest is still in progress.
CertificateRequestReasonPending = "Pending"
// Failed indicates that a CertificateRequest has failed, either due to
// timing out or some other critical failure.
CertificateRequestReasonFailed = "Failed"
// Issued indicates that a CertificateRequest has been completed, and that
// the `status.certificate` field is set.
CertificateRequestReasonIssued = "Issued"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// A CertificateRequest is used to request a signed certificate from one of the
// configured issuers.
//
// All fields within the CertificateRequest's `spec` are immutable after creation.
// A CertificateRequest will either succeed or fail, as denoted by its `status.state`
// field.
//
// A CertificateRequest is a 'one-shot' resource, meaning it represents a single
// point in time request for a certificate and cannot be re-used.
// +k8s:openapi-gen=true
type CertificateRequest struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the CertificateRequest resource.
Spec CertificateRequestSpec `json:"spec,omitempty"`
// Status of the CertificateRequest. This is set and managed automatically.
Status CertificateRequestStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// CertificateRequestList is a list of Certificates
type CertificateRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []CertificateRequest `json:"items"`
}
// CertificateRequestSpec defines the desired state of CertificateRequest
type CertificateRequestSpec struct {
// The requested 'duration' (i.e. lifetime) of the Certificate.
// This option may be ignored/overridden by some issuer types.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
// IssuerRef is a reference to the issuer for this CertificateRequest. If
// the 'kind' field is not set, or set to 'Issuer', an Issuer resource with
// the given name in the same namespace as the CertificateRequest will be
// used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with
// the provided name will be used. The 'name' field in this stanza is
// required at all times. The group field refers to the API group of the
// issuer which defaults to 'cert-manager.io' if empty.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// The PEM-encoded x509 certificate signing request to be submitted to the
// CA for signing.
CSRPEM []byte `json:"csr"`
// IsCA will request to mark the certificate as valid for certificate signing
// when submitting to the issuer.
// This will automatically add the `cert sign` usage to the list of `usages`.
// +optional
IsCA bool `json:"isCA,omitempty"`
// Usages is the set of x509 usages that are requested for the certificate.
// Defaults to `digital signature` and `key encipherment` if not specified.
// +optional
Usages []KeyUsage `json:"usages,omitempty"`
}
// CertificateRequestStatus defines the observed state of CertificateRequest and
// resulting signed certificate.
type CertificateRequestStatus struct {
// List of status conditions to indicate the status of a CertificateRequest.
// Known condition types are `Ready` and `InvalidRequest`.
// +optional
Conditions []CertificateRequestCondition `json:"conditions,omitempty"`
// The PEM encoded x509 certificate resulting from the certificate
// signing request.
// If not set, the CertificateRequest has either not been completed or has
// failed. More information on failure can be found by checking the
// `conditions` field.
// +optional
Certificate []byte `json:"certificate,omitempty"`
// The PEM encoded x509 certificate of the signer, also known as the CA
// (Certificate Authority).
// This is set on a best-effort basis by different issuers.
// If not set, the CA is assumed to be unknown/not available.
// +optional
CA []byte `json:"ca,omitempty"`
// FailureTime stores the time that this CertificateRequest failed. This is
// used to influence garbage collection and back-off.
// +optional
FailureTime *metav1.Time `json:"failureTime,omitempty"`
}
// CertificateRequestCondition contains condition information for a CertificateRequest.
type CertificateRequestCondition struct {
// Type of the condition, known values are ('Ready', 'InvalidRequest').
Type CertificateRequestConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status cmmeta.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
// CertificateRequestConditionType represents an Certificate condition value.
type CertificateRequestConditionType string
const (
// CertificateRequestConditionReady indicates that a certificate is ready for use.
// This is defined as:
// - The target certificate exists in CertificateRequest.Status
CertificateRequestConditionReady CertificateRequestConditionType = "Ready"
// CertificateRequestConditionInvalidRequest indicates that a certificate
// signer has refused to sign the request due to at least one of the input
// parameters being invalid. Additional information about why the request
// was rejected can be found in the `reason` and `message` fields.
CertificateRequestConditionInvalidRequest CertificateRequestConditionType = "InvalidRequest"
)

325
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/types_issuer.go generated vendored Normal file
View File

@ -0,0 +1,325 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// A ClusterIssuer represents a certificate issuing authority which can be
// referenced as part of `issuerRef` fields.
// It is similar to an Issuer, however it is cluster-scoped and therefore can
// be referenced by resources that exist in *any* namespace, not just the same
// namespace as the referent.
type ClusterIssuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the ClusterIssuer resource.
Spec IssuerSpec `json:"spec,omitempty"`
// Status of the ClusterIssuer. This is set and managed automatically.
Status IssuerStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterIssuerList is a list of Issuers
type ClusterIssuerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterIssuer `json:"items"`
}
// +genclient
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// An Issuer represents a certificate issuing authority which can be
// referenced as part of `issuerRef` fields.
// It is scoped to a single namespace and can therefore only be referenced by
// resources within the same namespace.
type Issuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the Issuer resource.
Spec IssuerSpec `json:"spec,omitempty"`
// Status of the Issuer. This is set and managed automatically.
Status IssuerStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// IssuerList is a list of Issuers
type IssuerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Issuer `json:"items"`
}
// IssuerSpec is the specification of an Issuer. This includes any
// configuration required for the issuer.
type IssuerSpec struct {
IssuerConfig `json:",inline"`
}
// The configuration for the issuer.
// Only one of these can be set.
type IssuerConfig struct {
// ACME configures this issuer to communicate with a RFC8555 (ACME) server
// to obtain signed x509 certificates.
// +optional
ACME *cmacme.ACMEIssuer `json:"acme,omitempty"`
// CA configures this issuer to sign certificates using a signing CA keypair
// stored in a Secret resource.
// This is used to build internal PKIs that are managed by cert-manager.
// +optional
CA *CAIssuer `json:"ca,omitempty"`
// Vault configures this issuer to sign certificates using a HashiCorp Vault
// PKI backend.
// +optional
Vault *VaultIssuer `json:"vault,omitempty"`
// SelfSigned configures this issuer to 'self sign' certificates using the
// private key used to create the CertificateRequest object.
// +optional
SelfSigned *SelfSignedIssuer `json:"selfSigned,omitempty"`
// Venafi configures this issuer to sign certificates using a Venafi TPP
// or Venafi Cloud policy zone.
// +optional
Venafi *VenafiIssuer `json:"venafi,omitempty"`
}
// Configures an issuer to sign certificates using a Venafi TPP
// or Cloud policy zone.
type VenafiIssuer struct {
// Zone is the Venafi Policy Zone to use for this issuer.
// All requests made to the Venafi platform will be restricted by the named
// zone policy.
// This field is required.
Zone string `json:"zone"`
// TPP specifies Trust Protection Platform configuration settings.
// Only one of TPP or Cloud may be specified.
// +optional
TPP *VenafiTPP `json:"tpp,omitempty"`
// Cloud specifies the Venafi cloud configuration settings.
// Only one of TPP or Cloud may be specified.
// +optional
Cloud *VenafiCloud `json:"cloud,omitempty"`
}
// VenafiTPP defines connection configuration details for a Venafi TPP instance
type VenafiTPP struct {
// URL is the base URL for the vedsdk endpoint of the Venafi TPP instance,
// for example: "https://tpp.example.com/vedsdk".
URL string `json:"url"`
// CredentialsRef is a reference to a Secret containing the username and
// password for the TPP server.
// The secret must contain two keys, 'username' and 'password'.
CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"`
// CABundle is a PEM encoded TLS certificate to use to verify connections to
// the TPP instance.
// If specified, system roots will not be used and the issuing CA for the
// TPP instance must be verifiable using the provided root.
// If not specified, the connection will be verified using the cert-manager
// system root certificates.
// +optional
CABundle []byte `json:"caBundle,omitempty"`
}
// VenafiCloud defines connection configuration details for Venafi Cloud
type VenafiCloud struct {
// URL is the base URL for Venafi Cloud.
// Defaults to "https://api.venafi.cloud/v1".
// +optional
URL string `json:"url,omitempty"`
// APITokenSecretRef is a secret key selector for the Venafi Cloud API token.
APITokenSecretRef cmmeta.SecretKeySelector `json:"apiTokenSecretRef"`
}
// Configures an issuer to 'self sign' certificates using the
// private key used to create the CertificateRequest object.
type SelfSignedIssuer struct {
// The CRL distribution points is an X.509 v3 certificate extension which identifies
// the location of the CRL from which the revocation of this certificate can be checked.
// If not set certificate will be issued without CDP. Values are strings.
// +optional
CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
}
// Configures an issuer to sign certificates using a HashiCorp Vault
// PKI backend.
type VaultIssuer struct {
// Auth configures how cert-manager authenticates with the Vault server.
Auth VaultAuth `json:"auth"`
// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
Server string `json:"server"`
// Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g:
// "my_pki_mount/sign/my-role-name".
Path string `json:"path"`
// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1"
// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
// +optional
Namespace string `json:"namespace,omitempty"`
// PEM encoded CA bundle used to validate Vault server certificate. Only used
// if the Server URL is using HTTPS protocol. This parameter is ignored for
// plain HTTP protocol connection. If not set the system root certificates
// are used to validate the TLS connection.
// +optional
CABundle []byte `json:"caBundle,omitempty"`
}
// Configuration used to authenticate with a Vault server.
// Only one of `tokenSecretRef`, `appRole` or `kubernetes` may be specified.
type VaultAuth struct {
// TokenSecretRef authenticates with Vault by presenting a token.
// +optional
TokenSecretRef *cmmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`
// AppRole authenticates with Vault using the App Role auth mechanism,
// with the role and secret stored in a Kubernetes Secret resource.
// +optional
AppRole *VaultAppRole `json:"appRole,omitempty"`
// Kubernetes authenticates with Vault by passing the ServiceAccount
// token stored in the named Secret resource to the Vault server.
// +optional
Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`
}
// VaultAppRole authenticates with Vault using the App Role auth mechanism,
// with the role and secret stored in a Kubernetes Secret resource.
type VaultAppRole struct {
// Path where the App Role authentication backend is mounted in Vault, e.g:
// "approle"
Path string `json:"path"`
// RoleID configured in the App Role authentication backend when setting
// up the authentication backend in Vault.
RoleId string `json:"roleId"`
// Reference to a key in a Secret that contains the App Role secret used
// to authenticate with Vault.
// The `key` field must be specified and denotes which entry within the Secret
// resource is used as the app role secret.
SecretRef cmmeta.SecretKeySelector `json:"secretRef"`
}
// Authenticate against Vault using a Kubernetes ServiceAccount token stored in
// a Secret.
type VaultKubernetesAuth struct {
// The Vault mountPath here is the mount path to use when authenticating with
// Vault. For example, setting a value to `/v1/auth/foo`, will use the path
// `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the
// default value "/v1/auth/kubernetes" will be used.
// +optional
Path string `json:"mountPath,omitempty"`
// The required Secret field containing a Kubernetes ServiceAccount JWT used
// for authenticating with Vault. Use of 'ambient credentials' is not
// supported.
SecretRef cmmeta.SecretKeySelector `json:"secretRef"`
// A required field containing the Vault Role to assume. A Role binds a
// Kubernetes ServiceAccount with a set of Vault policies.
Role string `json:"role"`
}
type CAIssuer struct {
// SecretName is the name of the secret used to sign Certificates issued
// by this Issuer.
SecretName string `json:"secretName"`
// The CRL distribution points is an X.509 v3 certificate extension which identifies
// the location of the CRL from which the revocation of this certificate can be checked.
// If not set, certificates will be issued without distribution points set.
// +optional
CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
}
// IssuerStatus contains status information about an Issuer
type IssuerStatus struct {
// List of status conditions to indicate the status of a CertificateRequest.
// Known condition types are `Ready`.
// +optional
Conditions []IssuerCondition `json:"conditions,omitempty"`
// ACME specific status options.
// This field should only be set if the Issuer is configured to use an ACME
// server to issue certificates.
// +optional
ACME *cmacme.ACMEIssuerStatus `json:"acme,omitempty"`
}
// IssuerCondition contains condition information for an Issuer.
type IssuerCondition struct {
// Type of the condition, known values are ('Ready').
Type IssuerConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status cmmeta.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
// IssuerConditionType represents an Issuer condition value.
type IssuerConditionType string
const (
// IssuerConditionReady represents the fact that a given Issuer condition
// is in ready state and able to issue certificates.
// If the `status` of this condition is `False`, CertificateRequest controllers
// should prevent attempts to sign certificates.
IssuerConditionReady IssuerConditionType = "Ready"
)

929
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2/zz_generated.deepcopy.go generated vendored Normal file
View File

@ -0,0 +1,929 @@
// +build !ignore_autogenerated
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha2
import (
acmev1alpha2 "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2"
metav1 "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CAIssuer) DeepCopyInto(out *CAIssuer) {
*out = *in
if in.CRLDistributionPoints != nil {
in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAIssuer.
func (in *CAIssuer) DeepCopy() *CAIssuer {
if in == nil {
return nil
}
out := new(CAIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Certificate) DeepCopyInto(out *Certificate) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.
func (in *Certificate) DeepCopy() *Certificate {
if in == nil {
return nil
}
out := new(Certificate)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Certificate) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition) {
*out = *in
if in.LastTransitionTime != nil {
in, out := &in.LastTransitionTime, &out.LastTransitionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition.
func (in *CertificateCondition) DeepCopy() *CertificateCondition {
if in == nil {
return nil
}
out := new(CertificateCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateKeystores) DeepCopyInto(out *CertificateKeystores) {
*out = *in
if in.JKS != nil {
in, out := &in.JKS, &out.JKS
*out = new(JKSKeystore)
**out = **in
}
if in.PKCS12 != nil {
in, out := &in.PKCS12, &out.PKCS12
*out = new(PKCS12Keystore)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateKeystores.
func (in *CertificateKeystores) DeepCopy() *CertificateKeystores {
if in == nil {
return nil
}
out := new(CertificateKeystores)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateList) DeepCopyInto(out *CertificateList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Certificate, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.
func (in *CertificateList) DeepCopy() *CertificateList {
if in == nil {
return nil
}
out := new(CertificateList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *CertificateList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificatePrivateKey) DeepCopyInto(out *CertificatePrivateKey) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificatePrivateKey.
func (in *CertificatePrivateKey) DeepCopy() *CertificatePrivateKey {
if in == nil {
return nil
}
out := new(CertificatePrivateKey)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequest.
func (in *CertificateRequest) DeepCopy() *CertificateRequest {
if in == nil {
return nil
}
out := new(CertificateRequest)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *CertificateRequest) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestCondition) DeepCopyInto(out *CertificateRequestCondition) {
*out = *in
if in.LastTransitionTime != nil {
in, out := &in.LastTransitionTime, &out.LastTransitionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestCondition.
func (in *CertificateRequestCondition) DeepCopy() *CertificateRequestCondition {
if in == nil {
return nil
}
out := new(CertificateRequestCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]CertificateRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestList.
func (in *CertificateRequestList) DeepCopy() *CertificateRequestList {
if in == nil {
return nil
}
out := new(CertificateRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *CertificateRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec) {
*out = *in
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(v1.Duration)
**out = **in
}
out.IssuerRef = in.IssuerRef
if in.CSRPEM != nil {
in, out := &in.CSRPEM, &out.CSRPEM
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.Usages != nil {
in, out := &in.Usages, &out.Usages
*out = make([]KeyUsage, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestSpec.
func (in *CertificateRequestSpec) DeepCopy() *CertificateRequestSpec {
if in == nil {
return nil
}
out := new(CertificateRequestSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]CertificateRequestCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Certificate != nil {
in, out := &in.Certificate, &out.Certificate
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.CA != nil {
in, out := &in.CA, &out.CA
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.FailureTime != nil {
in, out := &in.FailureTime, &out.FailureTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestStatus.
func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus {
if in == nil {
return nil
}
out := new(CertificateRequestStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
*out = *in
if in.Subject != nil {
in, out := &in.Subject, &out.Subject
*out = new(X509Subject)
(*in).DeepCopyInto(*out)
}
if in.Organization != nil {
in, out := &in.Organization, &out.Organization
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(v1.Duration)
**out = **in
}
if in.RenewBefore != nil {
in, out := &in.RenewBefore, &out.RenewBefore
*out = new(v1.Duration)
**out = **in
}
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPAddresses != nil {
in, out := &in.IPAddresses, &out.IPAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.URISANs != nil {
in, out := &in.URISANs, &out.URISANs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.EmailSANs != nil {
in, out := &in.EmailSANs, &out.EmailSANs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Keystores != nil {
in, out := &in.Keystores, &out.Keystores
*out = new(CertificateKeystores)
(*in).DeepCopyInto(*out)
}
out.IssuerRef = in.IssuerRef
if in.Usages != nil {
in, out := &in.Usages, &out.Usages
*out = make([]KeyUsage, len(*in))
copy(*out, *in)
}
if in.PrivateKey != nil {
in, out := &in.PrivateKey, &out.PrivateKey
*out = new(CertificatePrivateKey)
**out = **in
}
if in.EncodeUsagesInRequest != nil {
in, out := &in.EncodeUsagesInRequest, &out.EncodeUsagesInRequest
*out = new(bool)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.
func (in *CertificateSpec) DeepCopy() *CertificateSpec {
if in == nil {
return nil
}
out := new(CertificateSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]CertificateCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.LastFailureTime != nil {
in, out := &in.LastFailureTime, &out.LastFailureTime
*out = (*in).DeepCopy()
}
if in.NotBefore != nil {
in, out := &in.NotBefore, &out.NotBefore
*out = (*in).DeepCopy()
}
if in.NotAfter != nil {
in, out := &in.NotAfter, &out.NotAfter
*out = (*in).DeepCopy()
}
if in.RenewalTime != nil {
in, out := &in.RenewalTime, &out.RenewalTime
*out = (*in).DeepCopy()
}
if in.Revision != nil {
in, out := &in.Revision, &out.Revision
*out = new(int)
**out = **in
}
if in.NextPrivateKeySecretName != nil {
in, out := &in.NextPrivateKeySecretName, &out.NextPrivateKeySecretName
*out = new(string)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.
func (in *CertificateStatus) DeepCopy() *CertificateStatus {
if in == nil {
return nil
}
out := new(CertificateStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterIssuer) DeepCopyInto(out *ClusterIssuer) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuer.
func (in *ClusterIssuer) DeepCopy() *ClusterIssuer {
if in == nil {
return nil
}
out := new(ClusterIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterIssuer) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterIssuerList) DeepCopyInto(out *ClusterIssuerList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ClusterIssuer, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuerList.
func (in *ClusterIssuerList) DeepCopy() *ClusterIssuerList {
if in == nil {
return nil
}
out := new(ClusterIssuerList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterIssuerList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Issuer) DeepCopyInto(out *Issuer) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.
func (in *Issuer) DeepCopy() *Issuer {
if in == nil {
return nil
}
out := new(Issuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Issuer) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerCondition) DeepCopyInto(out *IssuerCondition) {
*out = *in
if in.LastTransitionTime != nil {
in, out := &in.LastTransitionTime, &out.LastTransitionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerCondition.
func (in *IssuerCondition) DeepCopy() *IssuerCondition {
if in == nil {
return nil
}
out := new(IssuerCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig) {
*out = *in
if in.ACME != nil {
in, out := &in.ACME, &out.ACME
*out = new(acmev1alpha2.ACMEIssuer)
(*in).DeepCopyInto(*out)
}
if in.CA != nil {
in, out := &in.CA, &out.CA
*out = new(CAIssuer)
(*in).DeepCopyInto(*out)
}
if in.Vault != nil {
in, out := &in.Vault, &out.Vault
*out = new(VaultIssuer)
(*in).DeepCopyInto(*out)
}
if in.SelfSigned != nil {
in, out := &in.SelfSigned, &out.SelfSigned
*out = new(SelfSignedIssuer)
(*in).DeepCopyInto(*out)
}
if in.Venafi != nil {
in, out := &in.Venafi, &out.Venafi
*out = new(VenafiIssuer)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerConfig.
func (in *IssuerConfig) DeepCopy() *IssuerConfig {
if in == nil {
return nil
}
out := new(IssuerConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerList) DeepCopyInto(out *IssuerList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Issuer, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerList.
func (in *IssuerList) DeepCopy() *IssuerList {
if in == nil {
return nil
}
out := new(IssuerList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *IssuerList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerSpec) DeepCopyInto(out *IssuerSpec) {
*out = *in
in.IssuerConfig.DeepCopyInto(&out.IssuerConfig)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerSpec.
func (in *IssuerSpec) DeepCopy() *IssuerSpec {
if in == nil {
return nil
}
out := new(IssuerSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerStatus) DeepCopyInto(out *IssuerStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]IssuerCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.ACME != nil {
in, out := &in.ACME, &out.ACME
*out = new(acmev1alpha2.ACMEIssuerStatus)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerStatus.
func (in *IssuerStatus) DeepCopy() *IssuerStatus {
if in == nil {
return nil
}
out := new(IssuerStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *JKSKeystore) DeepCopyInto(out *JKSKeystore) {
*out = *in
out.PasswordSecretRef = in.PasswordSecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JKSKeystore.
func (in *JKSKeystore) DeepCopy() *JKSKeystore {
if in == nil {
return nil
}
out := new(JKSKeystore)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PKCS12Keystore) DeepCopyInto(out *PKCS12Keystore) {
*out = *in
out.PasswordSecretRef = in.PasswordSecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKCS12Keystore.
func (in *PKCS12Keystore) DeepCopy() *PKCS12Keystore {
if in == nil {
return nil
}
out := new(PKCS12Keystore)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SelfSignedIssuer) DeepCopyInto(out *SelfSignedIssuer) {
*out = *in
if in.CRLDistributionPoints != nil {
in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSignedIssuer.
func (in *SelfSignedIssuer) DeepCopy() *SelfSignedIssuer {
if in == nil {
return nil
}
out := new(SelfSignedIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole) {
*out = *in
out.SecretRef = in.SecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.
func (in *VaultAppRole) DeepCopy() *VaultAppRole {
if in == nil {
return nil
}
out := new(VaultAppRole)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultAuth) DeepCopyInto(out *VaultAuth) {
*out = *in
if in.TokenSecretRef != nil {
in, out := &in.TokenSecretRef, &out.TokenSecretRef
*out = new(metav1.SecretKeySelector)
**out = **in
}
if in.AppRole != nil {
in, out := &in.AppRole, &out.AppRole
*out = new(VaultAppRole)
**out = **in
}
if in.Kubernetes != nil {
in, out := &in.Kubernetes, &out.Kubernetes
*out = new(VaultKubernetesAuth)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
func (in *VaultAuth) DeepCopy() *VaultAuth {
if in == nil {
return nil
}
out := new(VaultAuth)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultIssuer) DeepCopyInto(out *VaultIssuer) {
*out = *in
in.Auth.DeepCopyInto(&out.Auth)
if in.CABundle != nil {
in, out := &in.CABundle, &out.CABundle
*out = make([]byte, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIssuer.
func (in *VaultIssuer) DeepCopy() *VaultIssuer {
if in == nil {
return nil
}
out := new(VaultIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth) {
*out = *in
out.SecretRef = in.SecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.
func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth {
if in == nil {
return nil
}
out := new(VaultKubernetesAuth)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VenafiCloud) DeepCopyInto(out *VenafiCloud) {
*out = *in
out.APITokenSecretRef = in.APITokenSecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiCloud.
func (in *VenafiCloud) DeepCopy() *VenafiCloud {
if in == nil {
return nil
}
out := new(VenafiCloud)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VenafiIssuer) DeepCopyInto(out *VenafiIssuer) {
*out = *in
if in.TPP != nil {
in, out := &in.TPP, &out.TPP
*out = new(VenafiTPP)
(*in).DeepCopyInto(*out)
}
if in.Cloud != nil {
in, out := &in.Cloud, &out.Cloud
*out = new(VenafiCloud)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiIssuer.
func (in *VenafiIssuer) DeepCopy() *VenafiIssuer {
if in == nil {
return nil
}
out := new(VenafiIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VenafiTPP) DeepCopyInto(out *VenafiTPP) {
*out = *in
out.CredentialsRef = in.CredentialsRef
if in.CABundle != nil {
in, out := &in.CABundle, &out.CABundle
*out = make([]byte, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiTPP.
func (in *VenafiTPP) DeepCopy() *VenafiTPP {
if in == nil {
return nil
}
out := new(VenafiTPP)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *X509Subject) DeepCopyInto(out *X509Subject) {
*out = *in
if in.Countries != nil {
in, out := &in.Countries, &out.Countries
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.OrganizationalUnits != nil {
in, out := &in.OrganizationalUnits, &out.OrganizationalUnits
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Localities != nil {
in, out := &in.Localities, &out.Localities
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Provinces != nil {
in, out := &in.Provinces, &out.Provinces
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.StreetAddresses != nil {
in, out := &in.StreetAddresses, &out.StreetAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.PostalCodes != nil {
in, out := &in.PostalCodes, &out.PostalCodes
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509Subject.
func (in *X509Subject) DeepCopy() *X509Subject {
if in == nil {
return nil
}
out := new(X509Subject)
in.DeepCopyInto(out)
return out
}

27
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,27 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"const.go",
"doc.go",
"generic_issuer.go",
"register.go",
"types.go",
"types_certificate.go",
"types_certificaterequest.go",
"types_issuer.go",
"zz_generated.deepcopy.go",
],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3",
importpath = "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)

43
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/const.go generated vendored Normal file
View File

@ -0,0 +1,43 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import "time"
const (
// minimum permitted certificate duration by cert-manager
MinimumCertificateDuration = time.Hour
// default certificate duration if Issuer.spec.duration is not set
DefaultCertificateDuration = time.Hour * 24 * 90
// minimum certificate duration before certificate expiration
MinimumRenewBefore = time.Minute * 5
// Default duration before certificate expiration if Issuer.spec.renewBefore is not set
DefaultRenewBefore = time.Hour * 24 * 30
)
const (
// Default index key for the Secret reference for Token authentication
DefaultVaultTokenAuthSecretKey = "token"
// Default mount path location for Kubernetes ServiceAccount authentication
// (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so
// left as the default, `/v1/auth/kubernetes/login` will be called.
DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes"
)

24
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/doc.go generated vendored Normal file
View File

@ -0,0 +1,24 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1alpha3 is the v1alpha3 version of the API.
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/certmanager
// +k8s:openapi-gen=true
// +k8s:defaulter-gen=TypeMeta
// +groupName=cert-manager.io
// +groupGoName=Certmanager
package v1alpha3

85
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/generic_issuer.go generated vendored Normal file
View File

@ -0,0 +1,85 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3"
)
type GenericIssuer interface {
runtime.Object
metav1.Object
GetObjectMeta() *metav1.ObjectMeta
GetSpec() *IssuerSpec
GetStatus() *IssuerStatus
}
var _ GenericIssuer = &Issuer{}
var _ GenericIssuer = &ClusterIssuer{}
func (c *ClusterIssuer) GetObjectMeta() *metav1.ObjectMeta {
return &c.ObjectMeta
}
func (c *ClusterIssuer) GetSpec() *IssuerSpec {
return &c.Spec
}
func (c *ClusterIssuer) GetStatus() *IssuerStatus {
return &c.Status
}
func (c *ClusterIssuer) SetSpec(spec IssuerSpec) {
c.Spec = spec
}
func (c *ClusterIssuer) SetStatus(status IssuerStatus) {
c.Status = status
}
func (c *ClusterIssuer) Copy() GenericIssuer {
return c.DeepCopy()
}
func (c *Issuer) GetObjectMeta() *metav1.ObjectMeta {
return &c.ObjectMeta
}
func (c *Issuer) GetSpec() *IssuerSpec {
return &c.Spec
}
func (c *Issuer) GetStatus() *IssuerStatus {
return &c.Status
}
func (c *Issuer) SetSpec(spec IssuerSpec) {
c.Spec = spec
}
func (c *Issuer) SetStatus(status IssuerStatus) {
c.Status = status
}
func (c *Issuer) Copy() GenericIssuer {
return c.DeepCopy()
}
// TODO: refactor these functions away
func (i *IssuerStatus) ACMEStatus() *cmacme.ACMEIssuerStatus {
// this is an edge case, but this will prevent panics
if i == nil {
return &cmacme.ACMEIssuerStatus{}
}
if i.ACME == nil {
i.ACME = &cmacme.ACMEIssuerStatus{}
}
return i.ACME
}

62
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/register.go generated vendored Normal file
View File

@ -0,0 +1,62 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/jetstack/cert-manager/pkg/apis/certmanager"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: certmanager.GroupName, Version: "v1alpha3"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Certificate{},
&CertificateList{},
&Issuer{},
&IssuerList{},
&ClusterIssuer{},
&ClusterIssuerList{},
&CertificateRequest{},
&CertificateRequestList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

193
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/types.go generated vendored Normal file
View File

@ -0,0 +1,193 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
// Common annotation keys added to resources.
const (
// Annotation key for DNS subjectAltNames.
AltNamesAnnotationKey = "cert-manager.io/alt-names"
// Annotation key for IP subjectAltNames.
IPSANAnnotationKey = "cert-manager.io/ip-sans"
// Annotation key for URI subjectAltNames.
URISANAnnotationKey = "cert-manager.io/uri-sans"
// Annotation key for certificate common name.
CommonNameAnnotationKey = "cert-manager.io/common-name"
// Annotation key the 'name' of the Issuer resource.
IssuerNameAnnotationKey = "cert-manager.io/issuer-name"
// Annotation key for the 'kind' of the Issuer resource.
IssuerKindAnnotationKey = "cert-manager.io/issuer-kind"
// Annotation key for the 'group' of the Issuer resource.
IssuerGroupAnnotationKey = "cert-manager.io/issuer-group"
// Annotation key for the name of the certificate that a resource is related to.
CertificateNameKey = "cert-manager.io/certificate-name"
// Annotation key used to denote whether a Secret is named on a Certificate
// as a 'next private key' Secret resource.
IsNextPrivateKeySecretLabelKey = "cert-manager.io/next-private-key"
)
// Deprecated annotation names for Secrets
// These will be removed in a future release.
const (
DeprecatedIssuerNameAnnotationKey = "certmanager.k8s.io/issuer-name"
DeprecatedIssuerKindAnnotationKey = "certmanager.k8s.io/issuer-kind"
)
const (
// issuerNameAnnotation can be used to override the issuer specified on the
// created Certificate resource.
IngressIssuerNameAnnotationKey = "cert-manager.io/issuer"
// clusterIssuerNameAnnotation can be used to override the issuer specified on the
// created Certificate resource. The Certificate will reference the
// specified *ClusterIssuer* instead of normal issuer.
IngressClusterIssuerNameAnnotationKey = "cert-manager.io/cluster-issuer"
// acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass
// if the challenge type is set to http01
IngressACMEIssuerHTTP01IngressClassAnnotationKey = "acme.cert-manager.io/http01-ingress-class"
// IngressClassAnnotationKey picks a specific "class" for the Ingress. The
// controller only processes Ingresses with this annotation either unset, or
// set to either the configured value or the empty string.
IngressClassAnnotationKey = "kubernetes.io/ingress.class"
)
// Annotation names for CertificateRequests
const (
// Annotation added to CertificateRequest resources to denote the name of
// a Secret resource containing the private key used to sign the CSR stored
// on the resource.
// This annotation *may* not be present, and is used by the 'self signing'
// issuer type to self-sign certificates.
CertificateRequestPrivateKeyAnnotationKey = "cert-manager.io/private-key-secret-name"
// Annotation to declare the CertificateRequest "revision", belonging to a Certificate Resource
CertificateRequestRevisionAnnotationKey = "cert-manager.io/certificate-revision"
)
const (
// IssueTemporaryCertificateAnnotation is an annotation that can be added to
// Certificate resources.
// If it is present, a temporary internally signed certificate will be
// stored in the target Secret resource whilst the real Issuer is processing
// the certificate request.
IssueTemporaryCertificateAnnotation = "cert-manager.io/issue-temporary-certificate"
)
// Common/known resource kinds.
const (
ClusterIssuerKind = "ClusterIssuer"
IssuerKind = "Issuer"
CertificateKind = "Certificate"
CertificateRequestKind = "CertificateRequest"
)
const (
// WantInjectAnnotation is the annotation that specifies that a particular
// object wants injection of CAs. It takes the form of a reference to a certificate
// as namespace/name. The certificate is expected to have the is-serving-for annotations.
WantInjectAnnotation = "cert-manager.io/inject-ca-from"
// WantInjectAPIServerCAAnnotation, if set to "true", will make the cainjector
// inject the CA certificate for the Kubernetes apiserver into the resource.
// It discovers the apiserver's CA by inspecting the service account credentials
// mounted into the cainjector pod.
WantInjectAPIServerCAAnnotation = "cert-manager.io/inject-apiserver-ca"
// WantInjectFromSecretAnnotation is the annotation that specifies that a particular
// object wants injection of CAs. It takes the form of a reference to a Secret
// as namespace/name.
WantInjectFromSecretAnnotation = "cert-manager.io/inject-ca-from-secret"
// AllowsInjectionFromSecretAnnotation is an annotation that must be added
// to Secret resource that want to denote that they can be directly
// injected into injectables that have a `inject-ca-from-secret` annotation.
// If an injectable references a Secret that does NOT have this annotation,
// the cainjector will refuse to inject the secret.
AllowsInjectionFromSecretAnnotation = "cert-manager.io/allow-direct-injection"
)
// Issuer specific Annotations
const (
// VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer
// This will only work with Venafi TPP v19.3 and higher
// The value is an array with objects containing the name and value keys
// for example: `[{"name": "custom-field", "value": "custom-value"}]`
VenafiCustomFieldsAnnotationKey = "venafi.cert-manager.io/custom-fields"
)
// KeyUsage specifies valid usage contexts for keys.
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
// Valid KeyUsage values are as follows:
// "signing",
// "digital signature",
// "content commitment",
// "key encipherment",
// "key agreement",
// "data encipherment",
// "cert sign",
// "crl sign",
// "encipher only",
// "decipher only",
// "any",
// "server auth",
// "client auth",
// "code signing",
// "email protection",
// "s/mime",
// "ipsec end system",
// "ipsec tunnel",
// "ipsec user",
// "timestamping",
// "ocsp signing",
// "microsoft sgc",
// "netscape sgc"
// +kubebuilder:validation:Enum="signing";"digital signature";"content commitment";"key encipherment";"key agreement";"data encipherment";"cert sign";"crl sign";"encipher only";"decipher only";"any";"server auth";"client auth";"code signing";"email protection";"s/mime";"ipsec end system";"ipsec tunnel";"ipsec user";"timestamping";"ocsp signing";"microsoft sgc";"netscape sgc"
type KeyUsage string
const (
UsageSigning KeyUsage = "signing"
UsageDigitalSignature KeyUsage = "digital signature"
UsageContentCommittment KeyUsage = "content commitment"
UsageKeyEncipherment KeyUsage = "key encipherment"
UsageKeyAgreement KeyUsage = "key agreement"
UsageDataEncipherment KeyUsage = "data encipherment"
UsageCertSign KeyUsage = "cert sign"
UsageCRLSign KeyUsage = "crl sign"
UsageEncipherOnly KeyUsage = "encipher only"
UsageDecipherOnly KeyUsage = "decipher only"
UsageAny KeyUsage = "any"
UsageServerAuth KeyUsage = "server auth"
UsageClientAuth KeyUsage = "client auth"
UsageCodeSigning KeyUsage = "code signing"
UsageEmailProtection KeyUsage = "email protection"
UsageSMIME KeyUsage = "s/mime"
UsageIPsecEndSystem KeyUsage = "ipsec end system"
UsageIPsecTunnel KeyUsage = "ipsec tunnel"
UsageIPsecUser KeyUsage = "ipsec user"
UsageTimestamping KeyUsage = "timestamping"
UsageOCSPSigning KeyUsage = "ocsp signing"
UsageMicrosoftSGC KeyUsage = "microsoft sgc"
UsageNetscapeSGC KeyUsage = "netscape sgc"
)

410
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/types_certificate.go generated vendored Normal file
View File

@ -0,0 +1,410 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// A Certificate resource should be created to ensure an up to date and signed
// x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.
//
// The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).
// +k8s:openapi-gen=true
type Certificate struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the Certificate resource.
Spec CertificateSpec `json:"spec,omitempty"`
// Status of the Certificate. This is set and managed automatically.
Status CertificateStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// CertificateList is a list of Certificates
type CertificateList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Certificate `json:"items"`
}
// +kubebuilder:validation:Enum=rsa;ecdsa
type KeyAlgorithm string
const (
// Denotes the RSA private key type.
RSAKeyAlgorithm KeyAlgorithm = "rsa"
// Denotes the ECDSA private key type.
ECDSAKeyAlgorithm KeyAlgorithm = "ecdsa"
)
// +kubebuilder:validation:Enum=pkcs1;pkcs8
type KeyEncoding string
const (
// PKCS1 key encoding will produce PEM files that include the type of
// private key as part of the PEM header, e.g. "BEGIN RSA PRIVATE KEY".
// If the keyAlgorithm is set to 'ECDSA', this will produce private keys
// that use the "BEGIN EC PRIVATE KEY" header.
PKCS1 KeyEncoding = "pkcs1"
// PKCS8 key encoding will produce PEM files with the "BEGIN PRIVATE KEY"
// header. It encodes the keyAlgorithm of the private key as part of the
// DER encoded PEM block.
PKCS8 KeyEncoding = "pkcs8"
)
// CertificateSpec defines the desired state of Certificate.
// A valid Certificate requires at least one of a CommonName, DNSName, or
// URISAN to be valid.
type CertificateSpec struct {
// Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
// +optional
Subject *X509Subject `json:"subject,omitempty"`
// CommonName is a common name to be used on the Certificate.
// The CommonName should have a length of 64 characters or fewer to avoid
// generating invalid CSRs.
// This value is ignored by TLS clients when any subject alt name is set.
// This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4
// +optional
CommonName string `json:"commonName,omitempty"`
// The requested 'duration' (i.e. lifetime) of the Certificate.
// This option may be ignored/overridden by some issuer types.
// If overridden and `renewBefore` is greater than the actual certificate
// duration, the certificate will be automatically renewed 2/3rds of the
// way through the certificate's duration.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
// The amount of time before the currently issued certificate's `notAfter`
// time that cert-manager will begin to attempt to renew the certificate.
// If this value is greater than the total duration of the certificate
// (i.e. notAfter - notBefore), it will be automatically renewed 2/3rds of
// the way through the certificate's duration.
// +optional
RenewBefore *metav1.Duration `json:"renewBefore,omitempty"`
// DNSNames is a list of DNS subjectAltNames to be set on the Certificate.
// +optional
DNSNames []string `json:"dnsNames,omitempty"`
// IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.
// +optional
IPAddresses []string `json:"ipAddresses,omitempty"`
// URISANs is a list of URI subjectAltNames to be set on the Certificate.
// +optional
URISANs []string `json:"uriSANs,omitempty"`
// EmailSANs is a list of email subjectAltNames to be set on the Certificate.
// +optional
EmailSANs []string `json:"emailSANs,omitempty"`
// SecretName is the name of the secret resource that will be automatically
// created and managed by this Certificate resource.
// It will be populated with a private key and certificate, signed by the
// denoted issuer.
SecretName string `json:"secretName"`
// Keystores configures additional keystore output formats stored in the
// `secretName` Secret resource.
// +optional
Keystores *CertificateKeystores `json:"keystores,omitempty"`
// IssuerRef is a reference to the issuer for this certificate.
// If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
// with the given name in the same namespace as the Certificate will be used.
// If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with the
// provided name will be used.
// The 'name' field in this stanza is required at all times.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// IsCA will mark this Certificate as valid for certificate signing.
// This will automatically add the `cert sign` usage to the list of `usages`.
// +optional
IsCA bool `json:"isCA,omitempty"`
// Usages is the set of x509 usages that are requested for the certificate.
// Defaults to `digital signature` and `key encipherment` if not specified.
// +optional
Usages []KeyUsage `json:"usages,omitempty"`
// KeySize is the key bit size of the corresponding private key for this certificate.
// If `keyAlgorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`,
// and will default to `2048` if not specified.
// If `keyAlgorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`,
// and will default to `256` if not specified.
// No other values are allowed.
// +kubebuilder:validation:ExclusiveMaximum=false
// +kubebuilder:validation:Maximum=8192
// +kubebuilder:validation:ExclusiveMinimum=false
// +kubebuilder:validation:Minimum=0
// +optional
KeySize int `json:"keySize,omitempty"`
// KeyAlgorithm is the private key algorithm of the corresponding private key
// for this certificate. If provided, allowed values are either "rsa" or "ecdsa"
// If `keyAlgorithm` is specified and `keySize` is not provided,
// key size of 256 will be used for "ecdsa" key algorithm and
// key size of 2048 will be used for "rsa" key algorithm.
// +optional
KeyAlgorithm KeyAlgorithm `json:"keyAlgorithm,omitempty"`
// KeyEncoding is the private key cryptography standards (PKCS)
// for this certificate's private key to be encoded in. If provided, allowed
// values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8, respectively.
// If KeyEncoding is not specified, then PKCS#1 will be used by default.
// +optional
KeyEncoding KeyEncoding `json:"keyEncoding,omitempty"`
// Options to control private keys used for the Certificate.
// +optional
PrivateKey *CertificatePrivateKey `json:"privateKey,omitempty"`
// EncodeUsagesInRequest controls whether key usages should be present
// in the CertificateRequest
// +optional
EncodeUsagesInRequest *bool `json:"encodeUsagesInRequest,omitempty"`
}
// CertificatePrivateKey contains configuration options for private keys
// used by the Certificate controller.
// This allows control of how private keys are rotated.
type CertificatePrivateKey struct {
// RotationPolicy controls how private keys should be regenerated when a
// re-issuance is being processed.
// If set to Never, a private key will only be generated if one does not
// already exist in the target `spec.secretName`. If one does exists but it
// does not have the correct algorithm or size, a warning will be raised
// to await user intervention.
// If set to Always, a private key matching the specified requirements
// will be generated whenever a re-issuance occurs.
// Default is 'Never' for backward compatibility.
// +optional
RotationPolicy PrivateKeyRotationPolicy `json:"rotationPolicy,omitempty"`
}
// Denotes how private keys should be generated or sourced when a Certificate
// is being issued.
type PrivateKeyRotationPolicy string
var (
// RotationPolicyNever means a private key will only be generated if one
// does not already exist in the target `spec.secretName`.
// If one does exists but it does not have the correct algorithm or size,
// a warning will be raised to await user intervention.
RotationPolicyNever PrivateKeyRotationPolicy = "Never"
// RotationPolicyAlways means a private key matching the specified
// requirements will be generated whenever a re-issuance occurs.
RotationPolicyAlways PrivateKeyRotationPolicy = "Always"
)
// X509Subject Full X509 name specification
type X509Subject struct {
// Organizations to be used on the Certificate.
// +optional
Organizations []string `json:"organizations,omitempty"`
// Countries to be used on the Certificate.
// +optional
Countries []string `json:"countries,omitempty"`
// Organizational Units to be used on the Certificate.
// +optional
OrganizationalUnits []string `json:"organizationalUnits,omitempty"`
// Cities to be used on the Certificate.
// +optional
Localities []string `json:"localities,omitempty"`
// State/Provinces to be used on the Certificate.
// +optional
Provinces []string `json:"provinces,omitempty"`
// Street addresses to be used on the Certificate.
// +optional
StreetAddresses []string `json:"streetAddresses,omitempty"`
// Postal codes to be used on the Certificate.
// +optional
PostalCodes []string `json:"postalCodes,omitempty"`
// Serial number to be used on the Certificate.
// +optional
SerialNumber string `json:"serialNumber,omitempty"`
}
// CertificateKeystores configures additional keystore output formats to be
// created in the Certificate's output Secret.
type CertificateKeystores struct {
// JKS configures options for storing a JKS keystore in the
// `spec.secretName` Secret resource.
JKS *JKSKeystore `json:"jks,omitempty"`
// PKCS12 configures options for storing a PKCS12 keystore in the
// `spec.secretName` Secret resource.
PKCS12 *PKCS12Keystore `json:"pkcs12,omitempty"`
}
// JKS configures options for storing a JKS keystore in the `spec.secretName`
// Secret resource.
type JKSKeystore struct {
// Create enables JKS keystore creation for the Certificate.
// If true, a file named `keystore.jks` will be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef`.
// The keystore file will only be updated upon re-issuance.
Create bool `json:"create"`
// PasswordSecretRef is a reference to a key in a Secret resource
// containing the password used to encrypt the JKS keystore.
PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"`
}
// PKCS12 configures options for storing a PKCS12 keystore in the
// `spec.secretName` Secret resource.
type PKCS12Keystore struct {
// Create enables PKCS12 keystore creation for the Certificate.
// If true, a file named `keystore.p12` will be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef`.
// The keystore file will only be updated upon re-issuance.
Create bool `json:"create"`
// PasswordSecretRef is a reference to a key in a Secret resource
// containing the password used to encrypt the PKCS12 keystore.
PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"`
}
// CertificateStatus defines the observed state of Certificate
type CertificateStatus struct {
// List of status conditions to indicate the status of certificates.
// Known condition types are `Ready` and `Issuing`.
// +optional
Conditions []CertificateCondition `json:"conditions,omitempty"`
// LastFailureTime is the time as recorded by the Certificate controller
// of the most recent failure to complete a CertificateRequest for this
// Certificate resource.
// If set, cert-manager will not re-request another Certificate until
// 1 hour has elapsed from this time.
// +optional
LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"`
// The time after which the certificate stored in the secret named
// by this resource in spec.secretName is valid.
// +optional
NotBefore *metav1.Time `json:"notBefore,omitempty"`
// The expiration time of the certificate stored in the secret named
// by this resource in `spec.secretName`.
// +optional
NotAfter *metav1.Time `json:"notAfter,omitempty"`
// RenewalTime is the time at which the certificate will be next
// renewed.
// If not set, no upcoming renewal is scheduled.
// +optional
RenewalTime *metav1.Time `json:"renewalTime,omitempty"`
// The current 'revision' of the certificate as issued.
//
// When a CertificateRequest resource is created, it will have the
// `cert-manager.io/certificate-revision` set to one greater than the
// current value of this field.
//
// Upon issuance, this field will be set to the value of the annotation
// on the CertificateRequest resource used to issue the certificate.
//
// Persisting the value on the CertificateRequest resource allows the
// certificates controller to know whether a request is part of an old
// issuance or if it is part of the ongoing revision's issuance by
// checking if the revision value in the annotation is greater than this
// field.
// +optional
Revision *int `json:"revision,omitempty"`
// The name of the Secret resource containing the private key to be used
// for the next certificate iteration.
// The keymanager controller will automatically set this field if the
// `Issuing` condition is set to `True`.
// It will automatically unset this field when the Issuing condition is
// not set or False.
// +optional
NextPrivateKeySecretName *string `json:"nextPrivateKeySecretName,omitempty"`
}
// CertificateCondition contains condition information for an Certificate.
type CertificateCondition struct {
// Type of the condition, known values are ('Ready', `Issuing`).
Type CertificateConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status cmmeta.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
// CertificateConditionType represents an Certificate condition value.
type CertificateConditionType string
const (
// CertificateConditionReady indicates that a certificate is ready for use.
// This is defined as:
// - The target secret exists
// - The target secret contains a certificate that has not expired
// - The target secret contains a private key valid for the certificate
// - The commonName and dnsNames attributes match those specified on the Certificate
CertificateConditionReady CertificateConditionType = "Ready"
// A condition added to Certificate resources when an issuance is required.
// This condition will be automatically added and set to true if:
// * No keypair data exists in the target Secret
// * The data stored in the Secret cannot be decoded
// * The private key and certificate do not have matching public keys
// * If a CertificateRequest for the current revision exists and the
// certificate data stored in the Secret does not match the
// `status.certificate` on the CertificateRequest.
// * If no CertificateRequest resource exists for the current revision,
// the options on the Certificate resource are compared against the
// x509 data in the Secret, similar to what's done in earlier versions.
// If there is a mismatch, an issuance is triggered.
// This condition may also be added by external API consumers to trigger
// a re-issuance manually for any other reason.
//
// It will be removed by the 'issuing' controller upon completing issuance.
CertificateConditionIssuing CertificateConditionType = "Issuing"
)

171
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/types_certificaterequest.go generated vendored Normal file
View File

@ -0,0 +1,171 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
const (
// Pending indicates that a CertificateRequest is still in progress.
CertificateRequestReasonPending = "Pending"
// Failed indicates that a CertificateRequest has failed, either due to
// timing out or some other critical failure.
CertificateRequestReasonFailed = "Failed"
// Issued indicates that a CertificateRequest has been completed, and that
// the `status.certificate` field is set.
CertificateRequestReasonIssued = "Issued"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// A CertificateRequest is used to request a signed certificate from one of the
// configured issuers.
//
// All fields within the CertificateRequest's `spec` are immutable after creation.
// A CertificateRequest will either succeed or fail, as denoted by its `status.state`
// field.
//
// A CertificateRequest is a 'one-shot' resource, meaning it represents a single
// point in time request for a certificate and cannot be re-used.
// +k8s:openapi-gen=true
type CertificateRequest struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the CertificateRequest resource.
Spec CertificateRequestSpec `json:"spec,omitempty"`
// Status of the CertificateRequest. This is set and managed automatically.
Status CertificateRequestStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// CertificateRequestList is a list of Certificates
type CertificateRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []CertificateRequest `json:"items"`
}
// CertificateRequestSpec defines the desired state of CertificateRequest
type CertificateRequestSpec struct {
// The requested 'duration' (i.e. lifetime) of the Certificate.
// This option may be ignored/overridden by some issuer types.
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
// IssuerRef is a reference to the issuer for this CertificateRequest. If
// the 'kind' field is not set, or set to 'Issuer', an Issuer resource with
// the given name in the same namespace as the CertificateRequest will be
// used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with
// the provided name will be used. The 'name' field in this stanza is
// required at all times. The group field refers to the API group of the
// issuer which defaults to 'cert-manager.io' if empty.
IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
// The PEM-encoded x509 certificate signing request to be submitted to the
// CA for signing.
CSRPEM []byte `json:"csr"`
// IsCA will request to mark the certificate as valid for certificate signing
// when submitting to the issuer.
// This will automatically add the `cert sign` usage to the list of `usages`.
// +optional
IsCA bool `json:"isCA,omitempty"`
// Usages is the set of x509 usages that are requested for the certificate.
// Defaults to `digital signature` and `key encipherment` if not specified.
// +optional
Usages []KeyUsage `json:"usages,omitempty"`
}
// CertificateRequestStatus defines the observed state of CertificateRequest and
// resulting signed certificate.
type CertificateRequestStatus struct {
// List of status conditions to indicate the status of a CertificateRequest.
// Known condition types are `Ready` and `InvalidRequest`.
// +optional
Conditions []CertificateRequestCondition `json:"conditions,omitempty"`
// The PEM encoded x509 certificate resulting from the certificate
// signing request.
// If not set, the CertificateRequest has either not been completed or has
// failed. More information on failure can be found by checking the
// `conditions` field.
// +optional
Certificate []byte `json:"certificate,omitempty"`
// The PEM encoded x509 certificate of the signer, also known as the CA
// (Certificate Authority).
// This is set on a best-effort basis by different issuers.
// If not set, the CA is assumed to be unknown/not available.
// +optional
CA []byte `json:"ca,omitempty"`
// FailureTime stores the time that this CertificateRequest failed. This is
// used to influence garbage collection and back-off.
// +optional
FailureTime *metav1.Time `json:"failureTime,omitempty"`
}
// CertificateRequestCondition contains condition information for a CertificateRequest.
type CertificateRequestCondition struct {
// Type of the condition, known values are ('Ready', 'InvalidRequest').
Type CertificateRequestConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status cmmeta.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
// CertificateRequestConditionType represents an Certificate condition value.
type CertificateRequestConditionType string
const (
// CertificateRequestConditionReady indicates that a certificate is ready for use.
// This is defined as:
// - The target certificate exists in CertificateRequest.Status
CertificateRequestConditionReady CertificateRequestConditionType = "Ready"
// CertificateRequestConditionInvalidRequest indicates that a certificate
// signer has refused to sign the request due to at least one of the input
// parameters being invalid. Additional information about why the request
// was rejected can be found in the `reason` and `message` fields.
CertificateRequestConditionInvalidRequest CertificateRequestConditionType = "InvalidRequest"
)

325
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/types_issuer.go generated vendored Normal file
View File

@ -0,0 +1,325 @@
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// A ClusterIssuer represents a certificate issuing authority which can be
// referenced as part of `issuerRef` fields.
// It is similar to an Issuer, however it is cluster-scoped and therefore can
// be referenced by resources that exist in *any* namespace, not just the same
// namespace as the referent.
type ClusterIssuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the ClusterIssuer resource.
Spec IssuerSpec `json:"spec,omitempty"`
// Status of the ClusterIssuer. This is set and managed automatically.
Status IssuerStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterIssuerList is a list of Issuers
type ClusterIssuerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterIssuer `json:"items"`
}
// +genclient
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// An Issuer represents a certificate issuing authority which can be
// referenced as part of `issuerRef` fields.
// It is scoped to a single namespace and can therefore only be referenced by
// resources within the same namespace.
type Issuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Desired state of the Issuer resource.
Spec IssuerSpec `json:"spec,omitempty"`
// Status of the Issuer. This is set and managed automatically.
Status IssuerStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// IssuerList is a list of Issuers
type IssuerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Issuer `json:"items"`
}
// IssuerSpec is the specification of an Issuer. This includes any
// configuration required for the issuer.
type IssuerSpec struct {
IssuerConfig `json:",inline"`
}
// The configuration for the issuer.
// Only one of these can be set.
type IssuerConfig struct {
// ACME configures this issuer to communicate with a RFC8555 (ACME) server
// to obtain signed x509 certificates.
// +optional
ACME *cmacme.ACMEIssuer `json:"acme,omitempty"`
// CA configures this issuer to sign certificates using a signing CA keypair
// stored in a Secret resource.
// This is used to build internal PKIs that are managed by cert-manager.
// +optional
CA *CAIssuer `json:"ca,omitempty"`
// Vault configures this issuer to sign certificates using a HashiCorp Vault
// PKI backend.
// +optional
Vault *VaultIssuer `json:"vault,omitempty"`
// SelfSigned configures this issuer to 'self sign' certificates using the
// private key used to create the CertificateRequest object.
// +optional
SelfSigned *SelfSignedIssuer `json:"selfSigned,omitempty"`
// Venafi configures this issuer to sign certificates using a Venafi TPP
// or Venafi Cloud policy zone.
// +optional
Venafi *VenafiIssuer `json:"venafi,omitempty"`
}
// Configures an issuer to sign certificates using a Venafi TPP
// or Cloud policy zone.
type VenafiIssuer struct {
// Zone is the Venafi Policy Zone to use for this issuer.
// All requests made to the Venafi platform will be restricted by the named
// zone policy.
// This field is required.
Zone string `json:"zone"`
// TPP specifies Trust Protection Platform configuration settings.
// Only one of TPP or Cloud may be specified.
// +optional
TPP *VenafiTPP `json:"tpp,omitempty"`
// Cloud specifies the Venafi cloud configuration settings.
// Only one of TPP or Cloud may be specified.
// +optional
Cloud *VenafiCloud `json:"cloud,omitempty"`
}
// VenafiTPP defines connection configuration details for a Venafi TPP instance
type VenafiTPP struct {
// URL is the base URL for the vedsdk endpoint of the Venafi TPP instance,
// for example: "https://tpp.example.com/vedsdk".
URL string `json:"url"`
// CredentialsRef is a reference to a Secret containing the username and
// password for the TPP server.
// The secret must contain two keys, 'username' and 'password'.
CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"`
// CABundle is a PEM encoded TLS certificate to use to verify connections to
// the TPP instance.
// If specified, system roots will not be used and the issuing CA for the
// TPP instance must be verifiable using the provided root.
// If not specified, the connection will be verified using the cert-manager
// system root certificates.
// +optional
CABundle []byte `json:"caBundle,omitempty"`
}
// VenafiCloud defines connection configuration details for Venafi Cloud
type VenafiCloud struct {
// URL is the base URL for Venafi Cloud.
// Defaults to "https://api.venafi.cloud/v1".
// +optional
URL string `json:"url,omitempty"`
// APITokenSecretRef is a secret key selector for the Venafi Cloud API token.
APITokenSecretRef cmmeta.SecretKeySelector `json:"apiTokenSecretRef"`
}
// Configures an issuer to 'self sign' certificates using the
// private key used to create the CertificateRequest object.
type SelfSignedIssuer struct {
// The CRL distribution points is an X.509 v3 certificate extension which identifies
// the location of the CRL from which the revocation of this certificate can be checked.
// If not set certificate will be issued without CDP. Values are strings.
// +optional
CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
}
// Configures an issuer to sign certificates using a HashiCorp Vault
// PKI backend.
type VaultIssuer struct {
// Auth configures how cert-manager authenticates with the Vault server.
Auth VaultAuth `json:"auth"`
// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
Server string `json:"server"`
// Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g:
// "my_pki_mount/sign/my-role-name".
Path string `json:"path"`
// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1"
// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
// +optional
Namespace string `json:"namespace,omitempty"`
// PEM encoded CA bundle used to validate Vault server certificate. Only used
// if the Server URL is using HTTPS protocol. This parameter is ignored for
// plain HTTP protocol connection. If not set the system root certificates
// are used to validate the TLS connection.
// +optional
CABundle []byte `json:"caBundle,omitempty"`
}
// Configuration used to authenticate with a Vault server.
// Only one of `tokenSecretRef`, `appRole` or `kubernetes` may be specified.
type VaultAuth struct {
// TokenSecretRef authenticates with Vault by presenting a token.
// +optional
TokenSecretRef *cmmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`
// AppRole authenticates with Vault using the App Role auth mechanism,
// with the role and secret stored in a Kubernetes Secret resource.
// +optional
AppRole *VaultAppRole `json:"appRole,omitempty"`
// Kubernetes authenticates with Vault by passing the ServiceAccount
// token stored in the named Secret resource to the Vault server.
// +optional
Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`
}
// VaultAppRole authenticates with Vault using the App Role auth mechanism,
// with the role and secret stored in a Kubernetes Secret resource.
type VaultAppRole struct {
// Path where the App Role authentication backend is mounted in Vault, e.g:
// "approle"
Path string `json:"path"`
// RoleID configured in the App Role authentication backend when setting
// up the authentication backend in Vault.
RoleId string `json:"roleId"`
// Reference to a key in a Secret that contains the App Role secret used
// to authenticate with Vault.
// The `key` field must be specified and denotes which entry within the Secret
// resource is used as the app role secret.
SecretRef cmmeta.SecretKeySelector `json:"secretRef"`
}
// Authenticate against Vault using a Kubernetes ServiceAccount token stored in
// a Secret.
type VaultKubernetesAuth struct {
// The Vault mountPath here is the mount path to use when authenticating with
// Vault. For example, setting a value to `/v1/auth/foo`, will use the path
// `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the
// default value "/v1/auth/kubernetes" will be used.
// +optional
Path string `json:"mountPath,omitempty"`
// The required Secret field containing a Kubernetes ServiceAccount JWT used
// for authenticating with Vault. Use of 'ambient credentials' is not
// supported.
SecretRef cmmeta.SecretKeySelector `json:"secretRef"`
// A required field containing the Vault Role to assume. A Role binds a
// Kubernetes ServiceAccount with a set of Vault policies.
Role string `json:"role"`
}
type CAIssuer struct {
// SecretName is the name of the secret used to sign Certificates issued
// by this Issuer.
SecretName string `json:"secretName"`
// The CRL distribution points is an X.509 v3 certificate extension which identifies
// the location of the CRL from which the revocation of this certificate can be checked.
// If not set, certificates will be issued without distribution points set.
// +optional
CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
}
// IssuerStatus contains status information about an Issuer
type IssuerStatus struct {
// List of status conditions to indicate the status of a CertificateRequest.
// Known condition types are `Ready`.
// +optional
Conditions []IssuerCondition `json:"conditions,omitempty"`
// ACME specific status options.
// This field should only be set if the Issuer is configured to use an ACME
// server to issue certificates.
// +optional
ACME *cmacme.ACMEIssuerStatus `json:"acme,omitempty"`
}
// IssuerCondition contains condition information for an Issuer.
type IssuerCondition struct {
// Type of the condition, known values are ('Ready').
Type IssuerConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status cmmeta.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
// IssuerConditionType represents an Issuer condition value.
type IssuerConditionType string
const (
// IssuerConditionReady represents the fact that a given Issuer condition
// is in ready state and able to issue certificates.
// If the `status` of this condition is `False`, CertificateRequest controllers
// should prevent attempts to sign certificates.
IssuerConditionReady IssuerConditionType = "Ready"
)

929
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go generated vendored Normal file
View File

@ -0,0 +1,929 @@
// +build !ignore_autogenerated
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha3
import (
acmev1alpha3 "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha3"
metav1 "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CAIssuer) DeepCopyInto(out *CAIssuer) {
*out = *in
if in.CRLDistributionPoints != nil {
in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAIssuer.
func (in *CAIssuer) DeepCopy() *CAIssuer {
if in == nil {
return nil
}
out := new(CAIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Certificate) DeepCopyInto(out *Certificate) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.
func (in *Certificate) DeepCopy() *Certificate {
if in == nil {
return nil
}
out := new(Certificate)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Certificate) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition) {
*out = *in
if in.LastTransitionTime != nil {
in, out := &in.LastTransitionTime, &out.LastTransitionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition.
func (in *CertificateCondition) DeepCopy() *CertificateCondition {
if in == nil {
return nil
}
out := new(CertificateCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateKeystores) DeepCopyInto(out *CertificateKeystores) {
*out = *in
if in.JKS != nil {
in, out := &in.JKS, &out.JKS
*out = new(JKSKeystore)
**out = **in
}
if in.PKCS12 != nil {
in, out := &in.PKCS12, &out.PKCS12
*out = new(PKCS12Keystore)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateKeystores.
func (in *CertificateKeystores) DeepCopy() *CertificateKeystores {
if in == nil {
return nil
}
out := new(CertificateKeystores)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateList) DeepCopyInto(out *CertificateList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Certificate, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.
func (in *CertificateList) DeepCopy() *CertificateList {
if in == nil {
return nil
}
out := new(CertificateList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *CertificateList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificatePrivateKey) DeepCopyInto(out *CertificatePrivateKey) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificatePrivateKey.
func (in *CertificatePrivateKey) DeepCopy() *CertificatePrivateKey {
if in == nil {
return nil
}
out := new(CertificatePrivateKey)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequest.
func (in *CertificateRequest) DeepCopy() *CertificateRequest {
if in == nil {
return nil
}
out := new(CertificateRequest)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *CertificateRequest) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestCondition) DeepCopyInto(out *CertificateRequestCondition) {
*out = *in
if in.LastTransitionTime != nil {
in, out := &in.LastTransitionTime, &out.LastTransitionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestCondition.
func (in *CertificateRequestCondition) DeepCopy() *CertificateRequestCondition {
if in == nil {
return nil
}
out := new(CertificateRequestCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]CertificateRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestList.
func (in *CertificateRequestList) DeepCopy() *CertificateRequestList {
if in == nil {
return nil
}
out := new(CertificateRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *CertificateRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec) {
*out = *in
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(v1.Duration)
**out = **in
}
out.IssuerRef = in.IssuerRef
if in.CSRPEM != nil {
in, out := &in.CSRPEM, &out.CSRPEM
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.Usages != nil {
in, out := &in.Usages, &out.Usages
*out = make([]KeyUsage, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestSpec.
func (in *CertificateRequestSpec) DeepCopy() *CertificateRequestSpec {
if in == nil {
return nil
}
out := new(CertificateRequestSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]CertificateRequestCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Certificate != nil {
in, out := &in.Certificate, &out.Certificate
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.CA != nil {
in, out := &in.CA, &out.CA
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.FailureTime != nil {
in, out := &in.FailureTime, &out.FailureTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestStatus.
func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus {
if in == nil {
return nil
}
out := new(CertificateRequestStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
*out = *in
if in.Subject != nil {
in, out := &in.Subject, &out.Subject
*out = new(X509Subject)
(*in).DeepCopyInto(*out)
}
if in.Duration != nil {
in, out := &in.Duration, &out.Duration
*out = new(v1.Duration)
**out = **in
}
if in.RenewBefore != nil {
in, out := &in.RenewBefore, &out.RenewBefore
*out = new(v1.Duration)
**out = **in
}
if in.DNSNames != nil {
in, out := &in.DNSNames, &out.DNSNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPAddresses != nil {
in, out := &in.IPAddresses, &out.IPAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.URISANs != nil {
in, out := &in.URISANs, &out.URISANs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.EmailSANs != nil {
in, out := &in.EmailSANs, &out.EmailSANs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Keystores != nil {
in, out := &in.Keystores, &out.Keystores
*out = new(CertificateKeystores)
(*in).DeepCopyInto(*out)
}
out.IssuerRef = in.IssuerRef
if in.Usages != nil {
in, out := &in.Usages, &out.Usages
*out = make([]KeyUsage, len(*in))
copy(*out, *in)
}
if in.PrivateKey != nil {
in, out := &in.PrivateKey, &out.PrivateKey
*out = new(CertificatePrivateKey)
**out = **in
}
if in.EncodeUsagesInRequest != nil {
in, out := &in.EncodeUsagesInRequest, &out.EncodeUsagesInRequest
*out = new(bool)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.
func (in *CertificateSpec) DeepCopy() *CertificateSpec {
if in == nil {
return nil
}
out := new(CertificateSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]CertificateCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.LastFailureTime != nil {
in, out := &in.LastFailureTime, &out.LastFailureTime
*out = (*in).DeepCopy()
}
if in.NotBefore != nil {
in, out := &in.NotBefore, &out.NotBefore
*out = (*in).DeepCopy()
}
if in.NotAfter != nil {
in, out := &in.NotAfter, &out.NotAfter
*out = (*in).DeepCopy()
}
if in.RenewalTime != nil {
in, out := &in.RenewalTime, &out.RenewalTime
*out = (*in).DeepCopy()
}
if in.Revision != nil {
in, out := &in.Revision, &out.Revision
*out = new(int)
**out = **in
}
if in.NextPrivateKeySecretName != nil {
in, out := &in.NextPrivateKeySecretName, &out.NextPrivateKeySecretName
*out = new(string)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.
func (in *CertificateStatus) DeepCopy() *CertificateStatus {
if in == nil {
return nil
}
out := new(CertificateStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterIssuer) DeepCopyInto(out *ClusterIssuer) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuer.
func (in *ClusterIssuer) DeepCopy() *ClusterIssuer {
if in == nil {
return nil
}
out := new(ClusterIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterIssuer) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterIssuerList) DeepCopyInto(out *ClusterIssuerList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ClusterIssuer, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuerList.
func (in *ClusterIssuerList) DeepCopy() *ClusterIssuerList {
if in == nil {
return nil
}
out := new(ClusterIssuerList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterIssuerList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Issuer) DeepCopyInto(out *Issuer) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.
func (in *Issuer) DeepCopy() *Issuer {
if in == nil {
return nil
}
out := new(Issuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Issuer) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerCondition) DeepCopyInto(out *IssuerCondition) {
*out = *in
if in.LastTransitionTime != nil {
in, out := &in.LastTransitionTime, &out.LastTransitionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerCondition.
func (in *IssuerCondition) DeepCopy() *IssuerCondition {
if in == nil {
return nil
}
out := new(IssuerCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig) {
*out = *in
if in.ACME != nil {
in, out := &in.ACME, &out.ACME
*out = new(acmev1alpha3.ACMEIssuer)
(*in).DeepCopyInto(*out)
}
if in.CA != nil {
in, out := &in.CA, &out.CA
*out = new(CAIssuer)
(*in).DeepCopyInto(*out)
}
if in.Vault != nil {
in, out := &in.Vault, &out.Vault
*out = new(VaultIssuer)
(*in).DeepCopyInto(*out)
}
if in.SelfSigned != nil {
in, out := &in.SelfSigned, &out.SelfSigned
*out = new(SelfSignedIssuer)
(*in).DeepCopyInto(*out)
}
if in.Venafi != nil {
in, out := &in.Venafi, &out.Venafi
*out = new(VenafiIssuer)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerConfig.
func (in *IssuerConfig) DeepCopy() *IssuerConfig {
if in == nil {
return nil
}
out := new(IssuerConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerList) DeepCopyInto(out *IssuerList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Issuer, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerList.
func (in *IssuerList) DeepCopy() *IssuerList {
if in == nil {
return nil
}
out := new(IssuerList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *IssuerList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerSpec) DeepCopyInto(out *IssuerSpec) {
*out = *in
in.IssuerConfig.DeepCopyInto(&out.IssuerConfig)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerSpec.
func (in *IssuerSpec) DeepCopy() *IssuerSpec {
if in == nil {
return nil
}
out := new(IssuerSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IssuerStatus) DeepCopyInto(out *IssuerStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]IssuerCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.ACME != nil {
in, out := &in.ACME, &out.ACME
*out = new(acmev1alpha3.ACMEIssuerStatus)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerStatus.
func (in *IssuerStatus) DeepCopy() *IssuerStatus {
if in == nil {
return nil
}
out := new(IssuerStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *JKSKeystore) DeepCopyInto(out *JKSKeystore) {
*out = *in
out.PasswordSecretRef = in.PasswordSecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JKSKeystore.
func (in *JKSKeystore) DeepCopy() *JKSKeystore {
if in == nil {
return nil
}
out := new(JKSKeystore)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PKCS12Keystore) DeepCopyInto(out *PKCS12Keystore) {
*out = *in
out.PasswordSecretRef = in.PasswordSecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKCS12Keystore.
func (in *PKCS12Keystore) DeepCopy() *PKCS12Keystore {
if in == nil {
return nil
}
out := new(PKCS12Keystore)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SelfSignedIssuer) DeepCopyInto(out *SelfSignedIssuer) {
*out = *in
if in.CRLDistributionPoints != nil {
in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSignedIssuer.
func (in *SelfSignedIssuer) DeepCopy() *SelfSignedIssuer {
if in == nil {
return nil
}
out := new(SelfSignedIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole) {
*out = *in
out.SecretRef = in.SecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.
func (in *VaultAppRole) DeepCopy() *VaultAppRole {
if in == nil {
return nil
}
out := new(VaultAppRole)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultAuth) DeepCopyInto(out *VaultAuth) {
*out = *in
if in.TokenSecretRef != nil {
in, out := &in.TokenSecretRef, &out.TokenSecretRef
*out = new(metav1.SecretKeySelector)
**out = **in
}
if in.AppRole != nil {
in, out := &in.AppRole, &out.AppRole
*out = new(VaultAppRole)
**out = **in
}
if in.Kubernetes != nil {
in, out := &in.Kubernetes, &out.Kubernetes
*out = new(VaultKubernetesAuth)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
func (in *VaultAuth) DeepCopy() *VaultAuth {
if in == nil {
return nil
}
out := new(VaultAuth)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultIssuer) DeepCopyInto(out *VaultIssuer) {
*out = *in
in.Auth.DeepCopyInto(&out.Auth)
if in.CABundle != nil {
in, out := &in.CABundle, &out.CABundle
*out = make([]byte, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIssuer.
func (in *VaultIssuer) DeepCopy() *VaultIssuer {
if in == nil {
return nil
}
out := new(VaultIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth) {
*out = *in
out.SecretRef = in.SecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.
func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth {
if in == nil {
return nil
}
out := new(VaultKubernetesAuth)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VenafiCloud) DeepCopyInto(out *VenafiCloud) {
*out = *in
out.APITokenSecretRef = in.APITokenSecretRef
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiCloud.
func (in *VenafiCloud) DeepCopy() *VenafiCloud {
if in == nil {
return nil
}
out := new(VenafiCloud)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VenafiIssuer) DeepCopyInto(out *VenafiIssuer) {
*out = *in
if in.TPP != nil {
in, out := &in.TPP, &out.TPP
*out = new(VenafiTPP)
(*in).DeepCopyInto(*out)
}
if in.Cloud != nil {
in, out := &in.Cloud, &out.Cloud
*out = new(VenafiCloud)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiIssuer.
func (in *VenafiIssuer) DeepCopy() *VenafiIssuer {
if in == nil {
return nil
}
out := new(VenafiIssuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VenafiTPP) DeepCopyInto(out *VenafiTPP) {
*out = *in
out.CredentialsRef = in.CredentialsRef
if in.CABundle != nil {
in, out := &in.CABundle, &out.CABundle
*out = make([]byte, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiTPP.
func (in *VenafiTPP) DeepCopy() *VenafiTPP {
if in == nil {
return nil
}
out := new(VenafiTPP)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *X509Subject) DeepCopyInto(out *X509Subject) {
*out = *in
if in.Organizations != nil {
in, out := &in.Organizations, &out.Organizations
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Countries != nil {
in, out := &in.Countries, &out.Countries
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.OrganizationalUnits != nil {
in, out := &in.OrganizationalUnits, &out.OrganizationalUnits
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Localities != nil {
in, out := &in.Localities, &out.Localities
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Provinces != nil {
in, out := &in.Provinces, &out.Provinces
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.StreetAddresses != nil {
in, out := &in.StreetAddresses, &out.StreetAddresses
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.PostalCodes != nil {
in, out := &in.PostalCodes, &out.PostalCodes
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509Subject.
func (in *X509Subject) DeepCopy() *X509Subject {
if in == nil {
return nil
}
out := new(X509Subject)
in.DeepCopyInto(out)
return out
}

26
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1beta1/BUILD.bazel generated vendored Normal file
View File

@ -0,0 +1,26 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"const.go",
"doc.go",
"register.go",
"types.go",
"types_certificate.go",
"types_certificaterequest.go",
"types_issuer.go",
"zz_generated.deepcopy.go",
],
importmap = "k8s.io/kops/vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1beta1",
importpath = "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1beta1",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/jetstack/cert-manager/pkg/apis/acme/v1beta1:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager:go_default_library",
"//vendor/github.com/jetstack/cert-manager/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)

43
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1beta1/const.go generated vendored Normal file
View File

@ -0,0 +1,43 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import "time"
const (
// minimum permitted certificate duration by cert-manager
MinimumCertificateDuration = time.Hour
// default certificate duration if Issuer.spec.duration is not set
DefaultCertificateDuration = time.Hour * 24 * 90
// minimum certificate duration before certificate expiration
MinimumRenewBefore = time.Minute * 5
// Default duration before certificate expiration if Issuer.spec.renewBefore is not set
DefaultRenewBefore = time.Hour * 24 * 30
)
const (
// Default index key for the Secret reference for Token authentication
DefaultVaultTokenAuthSecretKey = "token"
// Default mount path location for Kubernetes ServiceAccount authentication
// (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so
// left as the default, `/v1/auth/kubernetes/login` will be called.
DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes"
)

24
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1beta1/doc.go generated vendored Normal file
View File

@ -0,0 +1,24 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1beta1 is the v1beta1 version of the API.
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/certmanager
// +k8s:openapi-gen=true
// +k8s:defaulter-gen=TypeMeta
// +groupName=cert-manager.io
// +groupGoName=Certmanager
package v1beta1

62
vendor/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1beta1/register.go generated vendored Normal file
View File

@ -0,0 +1,62 @@
/*
Copyright 2020 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/jetstack/cert-manager/pkg/apis/certmanager"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: certmanager.GroupName, Version: "v1beta1"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Certificate{},
&CertificateList{},
&Issuer{},
&IssuerList{},
&ClusterIssuer{},
&ClusterIssuerList{},
&CertificateRequest{},
&CertificateRequestList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

Some files were not shown because too many files have changed in this diff Show More