Package io.kubernetes.client.proto

Interface V1Certificates.CertificateSigningRequestSpecOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
V1Certificates.CertificateSigningRequestSpec, V1Certificates.CertificateSigningRequestSpec.Builder
Enclosing class:
V1Certificates
public static interface V1Certificates.CertificateSigningRequestSpecOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    containsExtra(String key)
    extra contains extra attributes of the user that created the CertificateSigningRequest.
    int
    getExpirationSeconds()
    expirationSeconds is the requested duration of validity of the issued certificate.
    Map<String,V1Certificates.ExtraValue>
    getExtra()
    Deprecated.
    int
    getExtraCount()
    extra contains extra attributes of the user that created the CertificateSigningRequest.
    Map<String,V1Certificates.ExtraValue>
    getExtraMap()
    extra contains extra attributes of the user that created the CertificateSigningRequest.
    V1Certificates.ExtraValue
    getExtraOrDefault(String key, V1Certificates.ExtraValue defaultValue)
    extra contains extra attributes of the user that created the CertificateSigningRequest.
    V1Certificates.ExtraValue
    getExtraOrThrow(String key)
    extra contains extra attributes of the user that created the CertificateSigningRequest.
    String
    getGroups(int index)
    groups contains group membership of the user that created the CertificateSigningRequest.
    com.google.protobuf.ByteString
    getGroupsBytes(int index)
    groups contains group membership of the user that created the CertificateSigningRequest.
    int
    getGroupsCount()
    groups contains group membership of the user that created the CertificateSigningRequest.
    List<String>
    getGroupsList()
    groups contains group membership of the user that created the CertificateSigningRequest.
    com.google.protobuf.ByteString
    getRequest()
    request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
    String
    getSignerName()
    signerName indicates the requested signer, and is a qualified name.
    com.google.protobuf.ByteString
    getSignerNameBytes()
    signerName indicates the requested signer, and is a qualified name.
    String
    getUid()
    uid contains the uid of the user that created the CertificateSigningRequest.
    com.google.protobuf.ByteString
    getUidBytes()
    uid contains the uid of the user that created the CertificateSigningRequest.
    String
    getUsages(int index)
    usages specifies a set of key usages requested in the issued certificate.
    com.google.protobuf.ByteString
    getUsagesBytes(int index)
    usages specifies a set of key usages requested in the issued certificate.
    int
    getUsagesCount()
    usages specifies a set of key usages requested in the issued certificate.
    List<String>
    getUsagesList()
    usages specifies a set of key usages requested in the issued certificate.
    String
    getUsername()
    username contains the name of the user that created the CertificateSigningRequest.
    com.google.protobuf.ByteString
    getUsernameBytes()
    username contains the name of the user that created the CertificateSigningRequest.
    boolean
    hasExpirationSeconds()
    expirationSeconds is the requested duration of validity of the issued certificate.
    boolean
    hasRequest()
    request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
    boolean
    hasSignerName()
    signerName indicates the requested signer, and is a qualified name.
    boolean
    hasUid()
    uid contains the uid of the user that created the CertificateSigningRequest.
    boolean
    hasUsername()
    username contains the name of the user that created the CertificateSigningRequest.

    Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

    isInitialized

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

  • Method Details

    • hasRequest

      boolean hasRequest()
       request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
 When serialized as JSON or YAML, the data is additionally base64-encoded.
 +listType=atomic
      optional bytes request = 1;

    • getRequest

      com.google.protobuf.ByteString getRequest()
       request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
 When serialized as JSON or YAML, the data is additionally base64-encoded.
 +listType=atomic
      optional bytes request = 1;

    • hasSignerName

      boolean hasSignerName()
       signerName indicates the requested signer, and is a qualified name.
 List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 Well-known Kubernetes signers are:
  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 Custom signerNames can also be specified. The signer defines:
  1. Trust distribution: how trust (CA bundles) are distributed.
  2. Permitted subjects: and behavior when a disallowed subject is requested.
  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  4. Required, permitted, or forbidden key usages / extended key usages.
  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
  6. Whether or not requests for CA certificates are allowed.
      optional string signerName = 7;

    • getSignerName

      String getSignerName()
       signerName indicates the requested signer, and is a qualified name.
 List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 Well-known Kubernetes signers are:
  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 Custom signerNames can also be specified. The signer defines:
  1. Trust distribution: how trust (CA bundles) are distributed.
  2. Permitted subjects: and behavior when a disallowed subject is requested.
  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  4. Required, permitted, or forbidden key usages / extended key usages.
  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
  6. Whether or not requests for CA certificates are allowed.
      optional string signerName = 7;

    • getSignerNameBytes

      com.google.protobuf.ByteString getSignerNameBytes()
       signerName indicates the requested signer, and is a qualified name.
 List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 Well-known Kubernetes signers are:
  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 Custom signerNames can also be specified. The signer defines:
  1. Trust distribution: how trust (CA bundles) are distributed.
  2. Permitted subjects: and behavior when a disallowed subject is requested.
  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  4. Required, permitted, or forbidden key usages / extended key usages.
  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
  6. Whether or not requests for CA certificates are allowed.
      optional string signerName = 7;

    • hasExpirationSeconds

      boolean hasExpirationSeconds()
       expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
      optional int32 expirationSeconds = 8;

    • getExpirationSeconds

      int getExpirationSeconds()
       expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
      optional int32 expirationSeconds = 8;

    • getUsagesList

      List<String> getUsagesList()
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • getUsagesCount

      int getUsagesCount()
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • getUsages

      String getUsages(int index)
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • getUsagesBytes

      com.google.protobuf.ByteString getUsagesBytes(int index)
       usages specifies a set of key usages requested in the issued certificate.
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 Valid values are:
  "signing", "digital signature", "content commitment",
  "key encipherment", "key agreement", "data encipherment",
  "cert sign", "crl sign", "encipher only", "decipher only", "any",
  "server auth", "client auth",
  "code signing", "email protection", "s/mime",
  "ipsec end system", "ipsec tunnel", "ipsec user",
  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 +listType=atomic
      repeated string usages = 5;

    • hasUsername

      boolean hasUsername()
       username contains the name of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string username = 2;

    • getUsername

      String getUsername()
       username contains the name of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string username = 2;

    • getUsernameBytes

      com.google.protobuf.ByteString getUsernameBytes()
       username contains the name of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string username = 2;

    • hasUid

      boolean hasUid()
       uid contains the uid of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string uid = 3;

    • getUid

      String getUid()
       uid contains the uid of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string uid = 3;

    • getUidBytes

      com.google.protobuf.ByteString getUidBytes()
       uid contains the uid of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      optional string uid = 3;

    • getGroupsList

      List<String> getGroupsList()
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • getGroupsCount

      int getGroupsCount()
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • getGroups

      String getGroups(int index)
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • getGroupsBytes

      com.google.protobuf.ByteString getGroupsBytes(int index)
       groups contains group membership of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +listType=atomic
 +optional
      repeated string groups = 4;

    • getExtraCount

      int getExtraCount()
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;

    • containsExtra

      boolean containsExtra(String key)
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;

    • getExtra

      @Deprecated Map<String,V1Certificates.ExtraValue> getExtra()
      Deprecated.
      Use getExtraMap() instead.

    • getExtraMap

      Map<String,V1Certificates.ExtraValue> getExtraMap()
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;

    • getExtraOrDefault

      V1Certificates.ExtraValue getExtraOrDefault(String key, V1Certificates.ExtraValue defaultValue)
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;

    • getExtraOrThrow

      V1Certificates.ExtraValue getExtraOrThrow(String key)
       extra contains extra attributes of the user that created the CertificateSigningRequest.
 Populated by the API server on creation and immutable.
 +optional
      map<string, .k8s.io.api.certificates.v1.ExtraValue> extra = 6;