Package io.kubernetes.client.proto

Interface V1beta1Certificates.CertificateSigningRequestSpecOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
V1beta1Certificates.CertificateSigningRequestSpec, V1beta1Certificates.CertificateSigningRequestSpec.Builder
Enclosing class:
V1beta1Certificates
public static interface V1beta1Certificates.CertificateSigningRequestSpecOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Details

    • hasRequest

      boolean hasRequest()
       Base64-encoded PKCS#10 CSR data
 +listType=atomic
      optional bytes request = 1;

    • getRequest

      com.google.protobuf.ByteString getRequest()
       Base64-encoded PKCS#10 CSR data
 +listType=atomic
      optional bytes request = 1;

    • hasSignerName

      boolean hasSignerName()
       Requested signer for the request. It is a qualified name in the form:
 `scope-hostname.io/name`.
 If empty, it will be defaulted:
  1. If it's a kubelet client certificate, it is assigned
     "kubernetes.io/kube-apiserver-client-kubelet".
  2. If it's a kubelet serving certificate, it is assigned
     "kubernetes.io/kubelet-serving".
  3. Otherwise, it is assigned "kubernetes.io/legacy-unknown".
 Distribution of trust for signers happens out of band.
 You can select on this field using `spec.signerName`.
 +optional
      optional string signerName = 7;

    • getSignerName

      String getSignerName()
       Requested signer for the request. It is a qualified name in the form:
 `scope-hostname.io/name`.
 If empty, it will be defaulted:
  1. If it's a kubelet client certificate, it is assigned
     "kubernetes.io/kube-apiserver-client-kubelet".
  2. If it's a kubelet serving certificate, it is assigned
     "kubernetes.io/kubelet-serving".
  3. Otherwise, it is assigned "kubernetes.io/legacy-unknown".
 Distribution of trust for signers happens out of band.
 You can select on this field using `spec.signerName`.
 +optional
      optional string signerName = 7;

    • getSignerNameBytes

      com.google.protobuf.ByteString getSignerNameBytes()
       Requested signer for the request. It is a qualified name in the form:
 `scope-hostname.io/name`.
 If empty, it will be defaulted:
  1. If it's a kubelet client certificate, it is assigned
     "kubernetes.io/kube-apiserver-client-kubelet".
  2. If it's a kubelet serving certificate, it is assigned
     "kubernetes.io/kubelet-serving".
  3. Otherwise, it is assigned "kubernetes.io/legacy-unknown".
 Distribution of trust for signers happens out of band.
 You can select on this field using `spec.signerName`.
 +optional
      optional string signerName = 7;

    • hasExpirationSeconds

      boolean hasExpirationSeconds()
       expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
      optional int32 expirationSeconds = 8;

    • getExpirationSeconds

      int getExpirationSeconds()
       expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
      optional int32 expirationSeconds = 8;

    • getUsagesList

      List<String> getUsagesList()
       allowedUsages specifies a set of usage contexts the key will be
 valid for.
 See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 Valid values are:
  "signing",
  "digital signature",
  "content commitment",
  "key encipherment",
  "key agreement",
  "data encipherment",
  "cert sign",
  "crl sign",
  "encipher only",
  "decipher only",
  "any",
  "server auth",
  "client auth",
  "code signing",
  "email protection",
  "s/mime",
  "ipsec end system",
  "ipsec tunnel",
  "ipsec user",
  "timestamping",
  "ocsp signing",
  "microsoft sgc",
  "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • getUsagesCount

      int getUsagesCount()
       allowedUsages specifies a set of usage contexts the key will be
 valid for.
 See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 Valid values are:
  "signing",
  "digital signature",
  "content commitment",
  "key encipherment",
  "key agreement",
  "data encipherment",
  "cert sign",
  "crl sign",
  "encipher only",
  "decipher only",
  "any",
  "server auth",
  "client auth",
  "code signing",
  "email protection",
  "s/mime",
  "ipsec end system",
  "ipsec tunnel",
  "ipsec user",
  "timestamping",
  "ocsp signing",
  "microsoft sgc",
  "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • getUsages

      String getUsages(int index)
       allowedUsages specifies a set of usage contexts the key will be
 valid for.
 See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 Valid values are:
  "signing",
  "digital signature",
  "content commitment",
  "key encipherment",
  "key agreement",
  "data encipherment",
  "cert sign",
  "crl sign",
  "encipher only",
  "decipher only",
  "any",
  "server auth",
  "client auth",
  "code signing",
  "email protection",
  "s/mime",
  "ipsec end system",
  "ipsec tunnel",
  "ipsec user",
  "timestamping",
  "ocsp signing",
  "microsoft sgc",
  "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • getUsagesBytes

      com.google.protobuf.ByteString getUsagesBytes(int index)
       allowedUsages specifies a set of usage contexts the key will be
 valid for.
 See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 Valid values are:
  "signing",
  "digital signature",
  "content commitment",
  "key encipherment",
  "key agreement",
  "data encipherment",
  "cert sign",
  "crl sign",
  "encipher only",
  "decipher only",
  "any",
  "server auth",
  "client auth",
  "code signing",
  "email protection",
  "s/mime",
  "ipsec end system",
  "ipsec tunnel",
  "ipsec user",
  "timestamping",
  "ocsp signing",
  "microsoft sgc",
  "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • hasUsername

      boolean hasUsername()
       Information about the requesting user.
 See user.Info interface for details.
 +optional
      optional string username = 2;

    • getUsername

      String getUsername()
       Information about the requesting user.
 See user.Info interface for details.
 +optional
      optional string username = 2;

    • getUsernameBytes

      com.google.protobuf.ByteString getUsernameBytes()
       Information about the requesting user.
 See user.Info interface for details.
 +optional
      optional string username = 2;

    • hasUid

      boolean hasUid()
       UID information about the requesting user.
 See user.Info interface for details.
 +optional
      optional string uid = 3;

    • getUid

      String getUid()
       UID information about the requesting user.
 See user.Info interface for details.
 +optional
      optional string uid = 3;

    • getUidBytes

      com.google.protobuf.ByteString getUidBytes()
       UID information about the requesting user.
 See user.Info interface for details.
 +optional
      optional string uid = 3;

    • getGroupsList

      List<String> getGroupsList()
       Group information about the requesting user.
 See user.Info interface for details.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • getGroupsCount

      int getGroupsCount()
       Group information about the requesting user.
 See user.Info interface for details.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • getGroups

      String getGroups(int index)
       Group information about the requesting user.
 See user.Info interface for details.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • getGroupsBytes

      com.google.protobuf.ByteString getGroupsBytes(int index)
       Group information about the requesting user.
 See user.Info interface for details.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • getExtraCount

      int getExtraCount()
       Extra information about the requesting user.
 See user.Info interface for details.
 +optional
      map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;

    • containsExtra

      boolean containsExtra(String key)
       Extra information about the requesting user.
 See user.Info interface for details.
 +optional
      map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;

    • getExtra

      @Deprecated Map<String,V1beta1Certificates.ExtraValue> getExtra()
      Deprecated.
      Use getExtraMap() instead.

    • getExtraMap

      Map<String,V1beta1Certificates.ExtraValue> getExtraMap()
       Extra information about the requesting user.
 See user.Info interface for details.
 +optional
      map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;

    • getExtraOrDefault

      V1beta1Certificates.ExtraValue getExtraOrDefault(String key, V1beta1Certificates.ExtraValue defaultValue)
       Extra information about the requesting user.
 See user.Info interface for details.
 +optional
      map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;

    • getExtraOrThrow

      V1beta1Certificates.ExtraValue getExtraOrThrow(String key)
       Extra information about the requesting user.
 See user.Info interface for details.
 +optional
      map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;