io.kubernetes.client.proto

Interface V1beta1Certificates.CertificateSigningRequestSpecOrBuilder

All Superinterfaces:

com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder

All Known Implementing Classes:

V1beta1Certificates.CertificateSigningRequestSpec, V1beta1Certificates.CertificateSigningRequestSpec.Builder

Enclosing class:

V1beta1Certificates

public static interface V1beta1Certificates.CertificateSigningRequestSpecOrBuilder
extends com.google.protobuf.MessageOrBuilder

Method Summary

Modifier and Type	Method and Description
boolean	containsExtra(String key) Extra information about the requesting user.
int	getExpirationSeconds() expirationSeconds is the requested duration of validity of the issued certificate.
Map<String,V1beta1Certificates.ExtraValue>	getExtra() Deprecated.
int	getExtraCount() Extra information about the requesting user.
Map<String,V1beta1Certificates.ExtraValue>	getExtraMap() Extra information about the requesting user.
V1beta1Certificates.ExtraValue	getExtraOrDefault(String key, V1beta1Certificates.ExtraValue defaultValue) Extra information about the requesting user.
V1beta1Certificates.ExtraValue	getExtraOrThrow(String key) Extra information about the requesting user.
String	getGroups(int index) Group information about the requesting user.
com.google.protobuf.ByteString	getGroupsBytes(int index) Group information about the requesting user.
int	getGroupsCount() Group information about the requesting user.
List<String>	getGroupsList() Group information about the requesting user.
com.google.protobuf.ByteString	getRequest() Base64-encoded PKCS#10 CSR data +listType=atomic
String	getSignerName() Requested signer for the request.
com.google.protobuf.ByteString	getSignerNameBytes() Requested signer for the request.
String	getUid() UID information about the requesting user.
com.google.protobuf.ByteString	getUidBytes() UID information about the requesting user.
String	getUsages(int index) allowedUsages specifies a set of usage contexts the key will be valid for.
com.google.protobuf.ByteString	getUsagesBytes(int index) allowedUsages specifies a set of usage contexts the key will be valid for.
int	getUsagesCount() allowedUsages specifies a set of usage contexts the key will be valid for.
List<String>	getUsagesList() allowedUsages specifies a set of usage contexts the key will be valid for.
String	getUsername() Information about the requesting user.
com.google.protobuf.ByteString	getUsernameBytes() Information about the requesting user.
boolean	hasExpirationSeconds() expirationSeconds is the requested duration of validity of the issued certificate.
boolean	hasRequest() Base64-encoded PKCS#10 CSR data +listType=atomic
boolean	hasSignerName() Requested signer for the request.
boolean	hasUid() UID information about the requesting user.
boolean	hasUsername() Information about the requesting user.

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

isInitialized

Method Detail

hasRequest

boolean hasRequest()

 Base64-encoded PKCS#10 CSR data
 +listType=atomic
 

optional bytes request = 1;

getRequest

com.google.protobuf.ByteString getRequest()

 Base64-encoded PKCS#10 CSR data
 +listType=atomic
 

optional bytes request = 1;

hasSignerName

boolean hasSignerName()

 Requested signer for the request. It is a qualified name in the form:
 `scope-hostname.io/name`.
 If empty, it will be defaulted:
  1. If it's a kubelet client certificate, it is assigned
     "kubernetes.io/kube-apiserver-client-kubelet".
  2. If it's a kubelet serving certificate, it is assigned
     "kubernetes.io/kubelet-serving".
  3. Otherwise, it is assigned "kubernetes.io/legacy-unknown".
 Distribution of trust for signers happens out of band.
 You can select on this field using `spec.signerName`.
 +optional
 

optional string signerName = 7;

getSignerName

String getSignerName()

 Requested signer for the request. It is a qualified name in the form:
 `scope-hostname.io/name`.
 If empty, it will be defaulted:
  1. If it's a kubelet client certificate, it is assigned
     "kubernetes.io/kube-apiserver-client-kubelet".
  2. If it's a kubelet serving certificate, it is assigned
     "kubernetes.io/kubelet-serving".
  3. Otherwise, it is assigned "kubernetes.io/legacy-unknown".
 Distribution of trust for signers happens out of band.
 You can select on this field using `spec.signerName`.
 +optional
 

optional string signerName = 7;

getSignerNameBytes

com.google.protobuf.ByteString getSignerNameBytes()

 Requested signer for the request. It is a qualified name in the form:
 `scope-hostname.io/name`.
 If empty, it will be defaulted:
  1. If it's a kubelet client certificate, it is assigned
     "kubernetes.io/kube-apiserver-client-kubelet".
  2. If it's a kubelet serving certificate, it is assigned
     "kubernetes.io/kubelet-serving".
  3. Otherwise, it is assigned "kubernetes.io/legacy-unknown".
 Distribution of trust for signers happens out of band.
 You can select on this field using `spec.signerName`.
 +optional
 

optional string signerName = 7;

hasExpirationSeconds

boolean hasExpirationSeconds()

 expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
 

optional int32 expirationSeconds = 8;

getExpirationSeconds

int getExpirationSeconds()

 expirationSeconds is the requested duration of validity of the issued
 certificate. The certificate signer may issue a certificate with a different
 validity duration so a client must check the delta between the notBefore and
 and notAfter fields in the issued certificate to determine the actual duration.
 The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 honor this field as long as the requested duration is not greater than the
 maximum duration they will honor per the --cluster-signing-duration CLI
 flag to the Kubernetes controller manager.
 Certificate signers may not honor this field for various reasons:
   1. Old signer that is unaware of the field (such as the in-tree
      implementations prior to v1.22)
   2. Signer whose configured maximum is shorter than the requested duration
   3. Signer whose configured minimum is longer than the requested duration
 The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
 +optional
 

optional int32 expirationSeconds = 8;

getUsagesList

List<String> getUsagesList()

 allowedUsages specifies a set of usage contexts the key will be
 valid for.
 See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 Valid values are:
  "signing",
  "digital signature",
  "content commitment",
  "key encipherment",
  "key agreement",
  "data encipherment",
  "cert sign",
  "crl sign",
  "encipher only",
  "decipher only",
  "any",
  "server auth",
  "client auth",
  "code signing",
  "email protection",
  "s/mime",
  "ipsec end system",
  "ipsec tunnel",
  "ipsec user",
  "timestamping",
  "ocsp signing",
  "microsoft sgc",
  "netscape sgc"
 +listType=atomic
 

repeated string usages = 5;

getUsagesCount

int getUsagesCount()

 allowedUsages specifies a set of usage contexts the key will be
 valid for.
 See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 Valid values are:
  "signing",
  "digital signature",
  "content commitment",
  "key encipherment",
  "key agreement",
  "data encipherment",
  "cert sign",
  "crl sign",
  "encipher only",
  "decipher only",
  "any",
  "server auth",
  "client auth",
  "code signing",
  "email protection",
  "s/mime",
  "ipsec end system",
  "ipsec tunnel",
  "ipsec user",
  "timestamping",
  "ocsp signing",
  "microsoft sgc",
  "netscape sgc"
 +listType=atomic
 

repeated string usages = 5;

getUsages

String getUsages(int index)

 allowedUsages specifies a set of usage contexts the key will be
 valid for.
 See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 Valid values are:
  "signing",
  "digital signature",
  "content commitment",
  "key encipherment",
  "key agreement",
  "data encipherment",
  "cert sign",
  "crl sign",
  "encipher only",
  "decipher only",
  "any",
  "server auth",
  "client auth",
  "code signing",
  "email protection",
  "s/mime",
  "ipsec end system",
  "ipsec tunnel",
  "ipsec user",
  "timestamping",
  "ocsp signing",
  "microsoft sgc",
  "netscape sgc"
 +listType=atomic
 

repeated string usages = 5;

getUsagesBytes

com.google.protobuf.ByteString getUsagesBytes(int index)

 allowedUsages specifies a set of usage contexts the key will be
 valid for.
 See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 Valid values are:
  "signing",
  "digital signature",
  "content commitment",
  "key encipherment",
  "key agreement",
  "data encipherment",
  "cert sign",
  "crl sign",
  "encipher only",
  "decipher only",
  "any",
  "server auth",
  "client auth",
  "code signing",
  "email protection",
  "s/mime",
  "ipsec end system",
  "ipsec tunnel",
  "ipsec user",
  "timestamping",
  "ocsp signing",
  "microsoft sgc",
  "netscape sgc"
 +listType=atomic
 

repeated string usages = 5;

hasUsername

boolean hasUsername()

 Information about the requesting user.
 See user.Info interface for details.
 +optional
 

optional string username = 2;

getUsername

String getUsername()

 Information about the requesting user.
 See user.Info interface for details.
 +optional
 

optional string username = 2;

getUsernameBytes

com.google.protobuf.ByteString getUsernameBytes()

 Information about the requesting user.
 See user.Info interface for details.
 +optional
 

optional string username = 2;

hasUid

boolean hasUid()

 UID information about the requesting user.
 See user.Info interface for details.
 +optional
 

optional string uid = 3;

getUid

String getUid()

 UID information about the requesting user.
 See user.Info interface for details.
 +optional
 

optional string uid = 3;

getUidBytes

com.google.protobuf.ByteString getUidBytes()

 UID information about the requesting user.
 See user.Info interface for details.
 +optional
 

optional string uid = 3;

getGroupsList

List<String> getGroupsList()

 Group information about the requesting user.
 See user.Info interface for details.
 +listType=atomic
 +optional
 

repeated string groups = 4;

getGroupsCount

int getGroupsCount()

 Group information about the requesting user.
 See user.Info interface for details.
 +listType=atomic
 +optional
 

repeated string groups = 4;

getGroups

String getGroups(int index)

 Group information about the requesting user.
 See user.Info interface for details.
 +listType=atomic
 +optional
 

repeated string groups = 4;

getGroupsBytes

com.google.protobuf.ByteString getGroupsBytes(int index)

 Group information about the requesting user.
 See user.Info interface for details.
 +listType=atomic
 +optional
 

repeated string groups = 4;

getExtraCount

int getExtraCount()

 Extra information about the requesting user.
 See user.Info interface for details.
 +optional
 

map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;

containsExtra

boolean containsExtra(String key)

 Extra information about the requesting user.
 See user.Info interface for details.
 +optional
 

map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;

getExtra

@Deprecated
Map<String,V1beta1Certificates.ExtraValue> getExtra()

Deprecated.

Use getExtraMap() instead.

getExtraMap

Map<String,V1beta1Certificates.ExtraValue> getExtraMap()

 Extra information about the requesting user.
 See user.Info interface for details.
 +optional
 

map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;

getExtraOrDefault

V1beta1Certificates.ExtraValue getExtraOrDefault(String key,
                                                 V1beta1Certificates.ExtraValue defaultValue)

 Extra information about the requesting user.
 See user.Info interface for details.
 +optional
 

map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;

getExtraOrThrow

V1beta1Certificates.ExtraValue getExtraOrThrow(String key)

 Extra information about the requesting user.
 See user.Info interface for details.
 +optional
 

map<string, .k8s.io.api.certificates.v1beta1.ExtraValue> extra = 6;