github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #25562 from gtank/certificates-api-v9 

Automatic merge from submit-queue

TLS bootstrap API group (alpha)

This PR only covers the new types and related client/storage code- the vast majority of the line count is codegen. The implementation differs slightly from the current proposal document based on discussions in design thread (#20439). The controller logic and kubelet support mentioned in the proposal are forthcoming in separate requests.

I submit that #18762 ("Creating a new API group is really hard") is, if anything, understating it. I've tried to structure the commits to illustrate the process.

@mikedanese @erictune @smarterclayton @deads2k

```release-note-experimental
An alpha implementation of the the TLS bootstrap API described in docs/proposals/kubelet-tls-bootstrap.md.
```

[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/.github/PULL_REQUEST_TEMPLATE.md?pixel)]()
pull/6/head
k8s-merge-robot 2016-06-28 13:25:22 -07:00 committed by GitHub
parent 13bb931b60 c9c6fff269
commit 32eccd413f
60 changed files with 12201 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
api/swagger-spec/certificates.json Normal file
View File

@ -0,0 +1,110 @@
{
"swaggerVersion": "1.2",
"apiVersion": "",
"basePath": "https://10.10.10.10:6443",
"resourcePath": "/apis/certificates",
"apis": [
{
"path": "/apis/certificates",
"description": "get information of a group",
"operations": [
{
"type": "unversioned.APIGroup",
"method": "GET",
"summary": "get information of a group",
"nickname": "getAPIGroup",
"parameters": [],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"consumes": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
]
}
]
}
],
"models": {
"unversioned.APIGroup": {
"id": "unversioned.APIGroup",
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
],
"properties": {
"kind": {
"type": "string",
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds"
},
"apiVersion": {
"type": "string",
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources"
},
"name": {
"type": "string",
"description": "name is the name of the group."
},
"versions": {
"type": "array",
"items": {
"$ref": "unversioned.GroupVersionForDiscovery"
},
"description": "versions are the versions supported in this group."
},
"preferredVersion": {
"$ref": "unversioned.GroupVersionForDiscovery",
"description": "preferredVersion is the version preferred by the API server, which probably is the storage version."
},
"serverAddressByClientCIDRs": {
"type": "array",
"items": {
"$ref": "unversioned.ServerAddressByClientCIDR"
},
"description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP."
}
}
},
"unversioned.GroupVersionForDiscovery": {
"id": "unversioned.GroupVersionForDiscovery",
"description": "GroupVersion contains the \"group/version\" and \"version\" string of a version. It is made a struct to keep extensiblity.",
"required": [
"groupVersion",
"version"
],
"properties": {
"groupVersion": {
"type": "string",
"description": "groupVersion specifies the API group and version in the form \"group/version\""
},
"version": {
"type": "string",
"description": "version specifies the version in the form of \"version\". This is to save the clients the trouble of splitting the GroupVersion."
}
}
},
"unversioned.ServerAddressByClientCIDR": {
"id": "unversioned.ServerAddressByClientCIDR",
"description": "ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.",
"required": [
"clientCIDR",
"serverAddress"
],
"properties": {
"clientCIDR": {
"type": "string",
"description": "The CIDR with which clients can match their IP to figure out the server address that they should use."
},
"serverAddress": {
"type": "string",
"description": "Address of this server, suitable for a client that matches the above CIDR. This can be a hostname, hostname:port, IP or IP:port."
}
}
}
}
}

1118
api/swagger-spec/certificates_v1alpha1.json Normal file
View File

File diff suppressed because it is too large Load Diff

8
api/swagger-spec/resourceListing.json
View File

@ -61,6 +61,14 @@
"path": "/apis/apps",
"description": "get information of a group"
},
{
"path": "/apis/certificates/v1alpha1",
"description": "API at /apis/certificates/v1alpha1"
},
{
"path": "/apis/certificates",
"description": "get information of a group"
},
{
"path": "/apis/rbac.authorization.k8s.io/v1alpha1",
"description": "API at /apis/rbac.authorization.k8s.io/v1alpha1"

2
cmd/libs/go2idl/client-gen/main.go
View File

@ -34,7 +34,7 @@ import (
var (
test = flag.BoolP("test", "t", false, "set this flag to generate the client code for the testdata")
inputVersions = flag.StringSlice("input", []string{"api/", "extensions/", "autoscaling/", "batch/", "rbac/"}, "group/versions that client-gen will generate clients for. At most one version per group is allowed. Specified in the format \"group1/version1,group2/version2...\". Default to \"api/,extensions/,autoscaling/,batch/,rbac/\"")
inputVersions = flag.StringSlice("input", []string{"api/", "extensions/", "autoscaling/", "batch/", "rbac/", "certificates/"}, "group/versions that client-gen will generate clients for. At most one version per group is allowed. Specified in the format \"group1/version1,group2/version2...\". Default to \"api/,extensions/,autoscaling/,batch/,rbac/\"")
includedTypesOverrides = flag.StringSlice("included-types-overrides", []string{}, "list of group/version/type for which client should be generated. By default, client is generated for all types which have genclient=true in types.go. This overrides that. For each groupVersion in this list, only the types mentioned here will be included. The default check of genclient=true will be used for other group versions.")
basePath = flag.String("input-base", "k8s.io/kubernetes/pkg/apis", "base path to look for the api group. Default to \"k8s.io/kubernetes/pkg/apis\"")
clientsetName = flag.StringP("clientset-name", "n", "internalclientset", "the name of the generated clientset package.")

2
cmd/libs/go2idl/conversion-gen/main.go
View File

@ -46,6 +46,8 @@ func main() {
"k8s.io/kubernetes/pkg/apis/batch/v2alpha1",
"k8s.io/kubernetes/pkg/apis/apps",
"k8s.io/kubernetes/pkg/apis/apps/v1alpha1",
"k8s.io/kubernetes/pkg/apis/certificates",
"k8s.io/kubernetes/pkg/apis/certificates/v1alpha1",
"k8s.io/kubernetes/pkg/apis/componentconfig",
"k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1",
"k8s.io/kubernetes/pkg/apis/policy",

2
cmd/libs/go2idl/deepcopy-gen/main.go
View File

@ -64,6 +64,8 @@ func main() {
"k8s.io/kubernetes/pkg/apis/batch/v2alpha1",
"k8s.io/kubernetes/pkg/apis/apps",
"k8s.io/kubernetes/pkg/apis/apps/v1alpha1",
"k8s.io/kubernetes/pkg/apis/certificates",
"k8s.io/kubernetes/pkg/apis/certificates/v1alpha1",
"k8s.io/kubernetes/pkg/apis/componentconfig",
"k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1",
"k8s.io/kubernetes/pkg/apis/policy",

1
cmd/libs/go2idl/go-to-protobuf/protobuf/cmd.go
View File

@ -74,6 +74,7 @@ func New() *Generator {
`k8s.io/kubernetes/pkg/apis/apps/v1alpha1`,
`k8s.io/kubernetes/pkg/apis/rbac/v1alpha1`,
`k8s.io/kubernetes/federation/apis/federation/v1alpha1`,
`k8s.io/kubernetes/pkg/apis/certificates/v1alpha1`,
}, ","),
DropEmbeddedFields: "k8s.io/kubernetes/pkg/api/unversioned.TypeMeta",
}

1311
docs/api-reference/certificates/v1alpha1/definitions.html Executable file
View File

File diff suppressed because it is too large Load Diff

1879
docs/api-reference/certificates/v1alpha1/operations.html Executable file
View File

File diff suppressed because it is too large Load Diff

2
hack/test-go.sh
View File

@ -60,7 +60,7 @@ KUBE_GOVERALLS_BIN=${KUBE_GOVERALLS_BIN:-}
# "v1,compute/v1alpha1,experimental/v1alpha2;v1,compute/v2,experimental/v1alpha3"
# FIXME: due to current implementation of a test client (see: pkg/api/testapi/testapi.go)
# ONLY the last version is tested in each group.
KUBE_TEST_API_VERSIONS=${KUBE_TEST_API_VERSIONS:-"v1,autoscaling/v1,batch/v1,batch/v2alpha1,extensions/v1beta1,apps/v1alpha1,federation/v1alpha1,policy/v1alpha1,rbac.authorization.k8s.io/v1alpha1"}
KUBE_TEST_API_VERSIONS=${KUBE_TEST_API_VERSIONS:-"v1,autoscaling/v1,batch/v1,batch/v2alpha1,extensions/v1beta1,apps/v1alpha1,federation/v1alpha1,policy/v1alpha1,rbac.authorization.k8s.io/v1alpha1,certificates/v1alpha1"}
# once we have multiple group supports
# Create a junit-style XML test report in this directory if set.
KUBE_JUNIT_REPORT_DIR=${KUBE_JUNIT_REPORT_DIR:-}

2
hack/test-integration.sh
View File

@ -31,7 +31,7 @@ source "${KUBE_ROOT}/hack/lib/init.sh"
# KUBE_TEST_API_VERSIONS=${KUBE_TEST_API_VERSIONS:-"v1,extensions/v1beta1"}
# FIXME: due to current implementation of a test client (see: pkg/api/testapi/testapi.go)
# ONLY the last version is tested in each group.
KUBE_TEST_API_VERSIONS=${KUBE_TEST_API_VERSIONS:-"v1,autoscaling/v1,batch/v1,apps/v1alpha1,policy/v1alpha1,extensions/v1beta1,rbac.authorization.k8s.io/v1alpha1"}
KUBE_TEST_API_VERSIONS=${KUBE_TEST_API_VERSIONS:-"v1,autoscaling/v1,batch/v1,apps/v1alpha1,policy/v1alpha1,extensions/v1beta1,rbac.authorization.k8s.io/v1alpha1,certificates/v1alpha1"}
# Give integration tests longer to run
# TODO: allow a larger value to be passed in

2
hack/update-api-reference-docs.sh
View File

@ -42,7 +42,7 @@ OUTPUT_TMP="${KUBE_ROOT}/${TMP_SUBPATH}"
echo "Generating api reference docs at ${OUTPUT_TMP}"
DEFAULT_GROUP_VERSIONS="v1 extensions/v1beta1 batch/v1 autoscaling/v1"
DEFAULT_GROUP_VERSIONS="v1 extensions/v1beta1 batch/v1 autoscaling/v1 certificates/v1alpha1"
VERSIONS=${VERSIONS:-$DEFAULT_GROUP_VERSIONS}
for ver in $VERSIONS; do
mkdir -p "${OUTPUT_TMP}/${ver}"

2
hack/update-generated-swagger-docs.sh
View File

@ -57,7 +57,7 @@ EOF
mv "$TMPFILE" "pkg/$(kube::util::group-version-to-pkg-path "${group_version}")/types_swagger_doc_generated.go"
}
GROUP_VERSIONS=(unversioned v1 authorization/v1beta1 autoscaling/v1 batch/v1 batch/v2alpha1 extensions/v1beta1 apps/v1alpha1 policy/v1alpha1 rbac/v1alpha1)
GROUP_VERSIONS=(unversioned v1 authorization/v1beta1 autoscaling/v1 batch/v1 batch/v2alpha1 extensions/v1beta1 apps/v1alpha1 policy/v1alpha1 rbac/v1alpha1 certificates/v1alpha1)
# To avoid compile errors, remove the currently existing files.
for group_version in "${GROUP_VERSIONS[@]}"; do
rm -f "pkg/$(kube::util::group-version-to-pkg-path "${group_version}")/types_swagger_doc_generated.go"

2
hack/update-swagger-spec.sh
View File

@ -74,7 +74,7 @@ APISERVER_PID=$!
kube::util::wait_for_url "http://127.0.0.1:${API_PORT}/healthz" "apiserver: "
SWAGGER_API_PATH="http://127.0.0.1:${API_PORT}/swaggerapi/"
DEFAULT_GROUP_VERSIONS="v1 autoscaling/v1 batch/v1 batch/v2alpha1 extensions/v1beta1 apps/v1alpha1 policy/v1alpha1 rbac.authorization.k8s.io/v1alpha1"
DEFAULT_GROUP_VERSIONS="v1 autoscaling/v1 batch/v1 batch/v2alpha1 extensions/v1beta1 apps/v1alpha1 policy/v1alpha1 rbac.authorization.k8s.io/v1alpha1 certificates/v1alpha1"
VERSIONS=${VERSIONS:-$DEFAULT_GROUP_VERSIONS}
kube::log::status "Updating " ${SWAGGER_ROOT_DIR}

29
pkg/api/testapi/testapi.go
View File

@ -32,6 +32,7 @@ import (
"k8s.io/kubernetes/pkg/apis/apps"
"k8s.io/kubernetes/pkg/apis/autoscaling"
"k8s.io/kubernetes/pkg/apis/batch"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/apis/rbac"
@ -43,6 +44,7 @@ import (
_ "k8s.io/kubernetes/pkg/apis/apps/install"
_ "k8s.io/kubernetes/pkg/apis/autoscaling/install"
_ "k8s.io/kubernetes/pkg/apis/batch/install"
_ "k8s.io/kubernetes/pkg/apis/certificates/install"
_ "k8s.io/kubernetes/pkg/apis/componentconfig/install"
_ "k8s.io/kubernetes/pkg/apis/extensions/install"
_ "k8s.io/kubernetes/pkg/apis/policy/install"
@ -50,15 +52,16 @@ import (
)
var (
Groups = make(map[string]TestGroup)
Default TestGroup
Autoscaling TestGroup
Batch TestGroup
Extensions TestGroup
Apps TestGroup
Policy TestGroup
Federation TestGroup
Rbac TestGroup
Groups = make(map[string]TestGroup)
Default TestGroup
Autoscaling TestGroup
Batch TestGroup
Extensions TestGroup
Apps TestGroup
Policy TestGroup
Federation TestGroup
Rbac TestGroup
Certificates TestGroup
serializer runtime.SerializerInfo
storageSerializer runtime.SerializerInfo
@ -190,12 +193,20 @@ func init() {
internalTypes: api.Scheme.KnownTypes(rbac.SchemeGroupVersion),
}
}
if _, ok := Groups[certificates.GroupName]; !ok {
Groups[certificates.GroupName] = TestGroup{
externalGroupVersion: unversioned.GroupVersion{Group: certificates.GroupName, Version: registered.GroupOrDie(certificates.GroupName).GroupVersion.Version},
internalGroupVersion: certificates.SchemeGroupVersion,
internalTypes: api.Scheme.KnownTypes(certificates.SchemeGroupVersion),
}
}
Default = Groups[api.GroupName]
Autoscaling = Groups[autoscaling.GroupName]
Batch = Groups[batch.GroupName]
Apps = Groups[apps.GroupName]
Policy = Groups[policy.GroupName]
Certificates = Groups[certificates.GroupName]
Extensions = Groups[extensions.GroupName]
Federation = Groups[federation.GroupName]
Rbac = Groups[rbac.GroupName]

129
pkg/apis/certificates/deep_copy_generated.go Normal file
View File

@ -0,0 +1,129 @@
// +build !ignore_autogenerated
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by deepcopy-gen. Do not edit it manually!
package certificates
import (
api "k8s.io/kubernetes/pkg/api"
unversioned "k8s.io/kubernetes/pkg/api/unversioned"
conversion "k8s.io/kubernetes/pkg/conversion"
)
func init() {
if err := api.Scheme.AddGeneratedDeepCopyFuncs(
DeepCopy_certificates_CertificateSigningRequest,
DeepCopy_certificates_CertificateSigningRequestCondition,
DeepCopy_certificates_CertificateSigningRequestList,
DeepCopy_certificates_CertificateSigningRequestSpec,
DeepCopy_certificates_CertificateSigningRequestStatus,
); err != nil {
// if one of the deep copy functions is malformed, detect it immediately.
panic(err)
}
}
func DeepCopy_certificates_CertificateSigningRequest(in CertificateSigningRequest, out *CertificateSigningRequest, c *conversion.Cloner) error {
if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil {
return err
}
if err := api.DeepCopy_api_ObjectMeta(in.ObjectMeta, &out.ObjectMeta, c); err != nil {
return err
}
if err := DeepCopy_certificates_CertificateSigningRequestSpec(in.Spec, &out.Spec, c); err != nil {
return err
}
if err := DeepCopy_certificates_CertificateSigningRequestStatus(in.Status, &out.Status, c); err != nil {
return err
}
return nil
}
func DeepCopy_certificates_CertificateSigningRequestCondition(in CertificateSigningRequestCondition, out *CertificateSigningRequestCondition, c *conversion.Cloner) error {
out.Type = in.Type
out.Reason = in.Reason
out.Message = in.Message
if err := unversioned.DeepCopy_unversioned_Time(in.LastUpdateTime, &out.LastUpdateTime, c); err != nil {
return err
}
return nil
}
func DeepCopy_certificates_CertificateSigningRequestList(in CertificateSigningRequestList, out *CertificateSigningRequestList, c *conversion.Cloner) error {
if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil {
return err
}
if err := unversioned.DeepCopy_unversioned_ListMeta(in.ListMeta, &out.ListMeta, c); err != nil {
return err
}
if in.Items != nil {
in, out := in.Items, &out.Items
*out = make([]CertificateSigningRequest, len(in))
for i := range in {
if err := DeepCopy_certificates_CertificateSigningRequest(in[i], &(*out)[i], c); err != nil {
return err
}
}
} else {
out.Items = nil
}
return nil
}
func DeepCopy_certificates_CertificateSigningRequestSpec(in CertificateSigningRequestSpec, out *CertificateSigningRequestSpec, c *conversion.Cloner) error {
if in.Request != nil {
in, out := in.Request, &out.Request
*out = make([]byte, len(in))
copy(*out, in)
} else {
out.Request = nil
}
out.Username = in.Username
out.UID = in.UID
if in.Groups != nil {
in, out := in.Groups, &out.Groups
*out = make([]string, len(in))
copy(*out, in)
} else {
out.Groups = nil
}
return nil
}
func DeepCopy_certificates_CertificateSigningRequestStatus(in CertificateSigningRequestStatus, out *CertificateSigningRequestStatus, c *conversion.Cloner) error {
if in.Conditions != nil {
in, out := in.Conditions, &out.Conditions
*out = make([]CertificateSigningRequestCondition, len(in))
for i := range in {
if err := DeepCopy_certificates_CertificateSigningRequestCondition(in[i], &(*out)[i], c); err != nil {
return err
}
}
} else {
out.Conditions = nil
}
if in.Certificate != nil {
in, out := in.Certificate, &out.Certificate
*out = make([]byte, len(in))
copy(*out, in)
} else {
out.Certificate = nil
}
return nil
}

131
pkg/apis/certificates/install/install.go Normal file
View File

@ -0,0 +1,131 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package install installs the certificates API group, making it available as
// an option to all of the API encoding/decoding machinery.
package install
import (
"fmt"
"github.com/golang/glog"
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/meta"
"k8s.io/kubernetes/pkg/api/unversioned"
"k8s.io/kubernetes/pkg/apimachinery"
"k8s.io/kubernetes/pkg/apimachinery/registered"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/apis/certificates/v1alpha1"
"k8s.io/kubernetes/pkg/runtime"
"k8s.io/kubernetes/pkg/util/sets"
)
const importPrefix = "k8s.io/kubernetes/pkg/apis/certificates"
var accessor = meta.NewAccessor()
// availableVersions lists all known external versions for this group from most preferred to least preferred
var availableVersions = []unversioned.GroupVersion{v1alpha1.SchemeGroupVersion}
func init() {
registered.RegisterVersions(availableVersions)
externalVersions := []unversioned.GroupVersion{}
for _, v := range availableVersions {
if registered.IsAllowedVersion(v) {
externalVersions = append(externalVersions, v)
}
}
if len(externalVersions) == 0 {
glog.V(4).Infof("No version is registered for group %v", certificates.GroupName)
return
}
if err := registered.EnableVersions(externalVersions...); err != nil {
glog.V(4).Infof("%v", err)
return
}
if err := enableVersions(externalVersions); err != nil {
glog.V(4).Infof("%v", err)
return
}
}
// TODO: enableVersions should be centralized rather than spread in each API
// group.
// We can combine registered.RegisterVersions, registered.EnableVersions and
// registered.RegisterGroup once we have moved enableVersions therecertificates
func enableVersions(externalVersions []unversioned.GroupVersion) error {
addVersionsToScheme(externalVersions...)
preferredExternalVersion := externalVersions[0]
groupMeta := apimachinery.GroupMeta{
GroupVersion: preferredExternalVersion,
GroupVersions: externalVersions,
RESTMapper: newRESTMapper(externalVersions),
SelfLinker: runtime.SelfLinker(accessor),
InterfacesFor: interfacesFor,
}
if err := registered.RegisterGroup(groupMeta); err != nil {
return err
}
api.RegisterRESTMapper(groupMeta.RESTMapper)
return nil
}
func newRESTMapper(externalVersions []unversioned.GroupVersion) meta.RESTMapper {
// the list of kinds that are scoped at the root of the api hierarchy
// if a kind is not enumerated here, it is assumed to have a namespace scope
rootScoped := sets.NewString(
"CertificateSigningRequest",
)
ignoredKinds := sets.NewString()
return api.NewDefaultRESTMapper(externalVersions, interfacesFor, importPrefix, ignoredKinds, rootScoped)
}
// interfacesFor returns the default Codec and ResourceVersioner for a given version
// string, or an error if the version is not known.
func interfacesFor(version unversioned.GroupVersion) (*meta.VersionInterfaces, error) {
switch version {
case v1alpha1.SchemeGroupVersion:
return &meta.VersionInterfaces{
ObjectConvertor: api.Scheme,
MetadataAccessor: accessor,
}, nil
default:
g, _ := registered.Group(certificates.GroupName)
return nil, fmt.Errorf("unsupported storage version: %s (valid: %v)", version, g.GroupVersions)
}
}
func addVersionsToScheme(externalVersions ...unversioned.GroupVersion) {
// add the internal version to Scheme
certificates.AddToScheme(api.Scheme)
// add the enabled external versions to Scheme
for _, v := range externalVersions {
if !registered.IsEnabledVersion(v) {
glog.Errorf("Version %s is not enabled, so it will not be added to the Scheme.", v)
continue
}
switch v {
case v1alpha1.SchemeGroupVersion:
v1alpha1.AddToScheme(api.Scheme)
}
}
}

114
pkg/apis/certificates/install/install_test.go Normal file
View File

@ -0,0 +1,114 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package install
import (
"encoding/json"
"testing"
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/unversioned"
"k8s.io/kubernetes/pkg/apimachinery/registered"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/apis/certificates/v1alpha1"
"k8s.io/kubernetes/pkg/runtime"
)
func TestResourceVersioner(t *testing.T) {
csr := certificates.CertificateSigningRequest{ObjectMeta: api.ObjectMeta{ResourceVersion: "10"}}
version, err := accessor.ResourceVersion(&csr)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if version != "10" {
t.Errorf("unexpected version %v", version)
}
csrList := certificates.CertificateSigningRequestList{ListMeta: unversioned.ListMeta{ResourceVersion: "10"}}
version, err = accessor.ResourceVersion(&csrList)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if version != "10" {
t.Errorf("unexpected version %v", version)
}
}
func TestCodec(t *testing.T) {
csr := certificates.CertificateSigningRequest{}
// We do want to use package registered rather than testapi here, because we
// want to test if the package install and package registered work as expected.
data, err := runtime.Encode(api.Codecs.LegacyCodec(registered.GroupOrDie(certificates.GroupName).GroupVersion), &csr)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
other := certificates.CertificateSigningRequest{}
if err := json.Unmarshal(data, &other); err != nil {
t.Fatalf("unexpected error: %v", err)
}
if other.APIVersion != registered.GroupOrDie(certificates.GroupName).GroupVersion.String() || other.Kind != "CertificateSigningRequest" {
t.Errorf("unexpected unmarshalled object %#v", other)
}
}
func TestInterfacesFor(t *testing.T) {
if _, err := registered.GroupOrDie(certificates.GroupName).InterfacesFor(certificates.SchemeGroupVersion); err == nil {
t.Fatalf("unexpected non-error: %v", err)
}
for i, version := range registered.GroupOrDie(certificates.GroupName).GroupVersions {
if vi, err := registered.GroupOrDie(certificates.GroupName).InterfacesFor(version); err != nil || vi == nil {
t.Fatalf("%d: unexpected result: %v", i, err)
}
}
}
func TestRESTMapper(t *testing.T) {
gv := v1alpha1.SchemeGroupVersion
csrGVK := gv.WithKind("CertificateSigningRequest")
if gvk, err := registered.GroupOrDie(certificates.GroupName).RESTMapper.KindFor(gv.WithResource("certificatesigningrequests")); err != nil || gvk != csrGVK {
t.Errorf("unexpected version mapping: %v %v", gvk, err)
}
for _, version := range registered.GroupOrDie(certificates.GroupName).GroupVersions {
mapping, err := registered.GroupOrDie(certificates.GroupName).RESTMapper.RESTMapping(csrGVK.GroupKind(), version.Version)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if mapping.Resource != "certificatesigningrequests" {
t.Errorf("incorrect resource name: %#v", mapping)
}
if mapping.GroupVersionKind.GroupVersion() != version {
t.Errorf("incorrect groupVersion: %v", mapping)
}
interfaces, _ := registered.GroupOrDie(certificates.GroupName).InterfacesFor(version)
if mapping.ObjectConvertor != interfaces.ObjectConvertor {
t.Errorf("unexpected: %#v, expected: %#v", mapping, interfaces)
}
csr := &certificates.CertificateSigningRequest{ObjectMeta: api.ObjectMeta{Name: "foo"}}
name, err := mapping.MetadataAccessor.Name(csr)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if name != "foo" {
t.Errorf("unable to retrieve object meta with: %v", mapping.MetadataAccessor)
}
}
}

57
pkg/apis/certificates/register.go Normal file
View File

@ -0,0 +1,57 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package certificates
import (
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/unversioned"
"k8s.io/kubernetes/pkg/runtime"
)
// GroupName is the group name use in this package
const GroupName = "certificates"
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
// Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Kind(kind string) unversioned.GroupKind {
return SchemeGroupVersion.WithKind(kind).GroupKind()
}
// Resource takes an unqualified resource and returns back a Group qualified GroupResource
func Resource(resource string) unversioned.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
func AddToScheme(scheme *runtime.Scheme) {
// Add the API to Scheme.
addKnownTypes(scheme)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) {
scheme.AddKnownTypes(SchemeGroupVersion,
&CertificateSigningRequest{},
&CertificateSigningRequestList{},
&api.ListOptions{},
&api.DeleteOptions{},
)
}
func (obj *CertificateSigningRequest) GetObjectKind() unversioned.ObjectKind { return &obj.TypeMeta }
func (obj *CertificateSigningRequestList) GetObjectKind() unversioned.ObjectKind { return &obj.TypeMeta }

1963
pkg/apis/certificates/types.generated.go Normal file
View File

File diff suppressed because it is too large Load Diff

84
pkg/apis/certificates/types.go Normal file
View File

@ -0,0 +1,84 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package certificates
import (
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/unversioned"
)
// +genclient=true,nonNamespaced=true
// Describes a certificate signing request
type CertificateSigningRequest struct {
unversioned.TypeMeta `json:",inline"`
api.ObjectMeta `json:"metadata,omitempty"`
// The certificate request itself and any additonal information.
Spec CertificateSigningRequestSpec `json:"spec,omitempty"`
// Derived information about the request.
Status CertificateSigningRequestStatus `json:"status,omitempty"`
}
// This information is immutable after the request is created. Only the Request
// and ExtraInfo fields can be set on creation, other fields are derived by
// Kubernetes and cannot be modified by users.
type CertificateSigningRequestSpec struct {
// Base64-encoded PKCS#10 CSR data
Request []byte `json:"request"`
// Information about the requesting user (if relevant)
// See user.Info interface for details
Username string `json:"username,omitempty"`
UID string `json:"uid,omitempty"`
Groups []string `json:"groups,omitempty"`
}
type CertificateSigningRequestStatus struct {
// Conditions applied to the request, such as approval or denial.
Conditions []CertificateSigningRequestCondition `json:"conditions,omitempty"`
// If request was approved, the controller will place the issued certificate here.
Certificate []byte `json:"certificate,omitempty"`
}
type RequestConditionType string
// These are the possible conditions for a certificate request.
const (
CertificateApproved RequestConditionType = "Approved"
CertificateDenied RequestConditionType = "Denied"
)
type CertificateSigningRequestCondition struct {
// request approval state, currently Approved or Denied.
Type RequestConditionType `json:"type"`
// brief reason for the request state
Reason string `json:"reason,omitempty"`
// human readable message with details about the request state
Message string `json:"message,omitempty"`
// timestamp for the last update to this condition
LastUpdateTime unversioned.Time `json:"lastUpdateTime,omitempty"`
}
type CertificateSigningRequestList struct {
unversioned.TypeMeta `json:",inline"`
unversioned.ListMeta `json:"metadata,omitempty"`
Items []CertificateSigningRequest `json:"items,omitempty"`
}

23
pkg/apis/certificates/v1alpha1/conversion.go Normal file
View File

@ -0,0 +1,23 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import "k8s.io/kubernetes/pkg/runtime"
func addConversionFuncs(scheme *runtime.Scheme) {
// Add non-generated conversion functions here. Currently there are none.
}

237
pkg/apis/certificates/v1alpha1/conversion_generated.go Normal file
View File

@ -0,0 +1,237 @@
// +build !ignore_autogenerated
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by conversion-gen. Do not edit it manually!
package v1alpha1
import (
api "k8s.io/kubernetes/pkg/api"
certificates "k8s.io/kubernetes/pkg/apis/certificates"
conversion "k8s.io/kubernetes/pkg/conversion"
)
func init() {
if err := api.Scheme.AddGeneratedConversionFuncs(
Convert_v1alpha1_CertificateSigningRequest_To_certificates_CertificateSigningRequest,
Convert_certificates_CertificateSigningRequest_To_v1alpha1_CertificateSigningRequest,
Convert_v1alpha1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition,
Convert_certificates_CertificateSigningRequestCondition_To_v1alpha1_CertificateSigningRequestCondition,
Convert_v1alpha1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList,
Convert_certificates_CertificateSigningRequestList_To_v1alpha1_CertificateSigningRequestList,
Convert_v1alpha1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec,
Convert_certificates_CertificateSigningRequestSpec_To_v1alpha1_CertificateSigningRequestSpec,
Convert_v1alpha1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus,
Convert_certificates_CertificateSigningRequestStatus_To_v1alpha1_CertificateSigningRequestStatus,
); err != nil {
// if one of the conversion functions is malformed, detect it immediately.
panic(err)
}
}
func autoConvert_v1alpha1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(in *CertificateSigningRequest, out *certificates.CertificateSigningRequest, s conversion.Scope) error {
if err := api.Convert_unversioned_TypeMeta_To_unversioned_TypeMeta(&in.TypeMeta, &out.TypeMeta, s); err != nil {
return err
}
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.ObjectMeta, &out.ObjectMeta, 0); err != nil {
return err
}
if err := Convert_v1alpha1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(&in.Spec, &out.Spec, s); err != nil {
return err
}
if err := Convert_v1alpha1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(&in.Status, &out.Status, s); err != nil {
return err
}
return nil
}
func Convert_v1alpha1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(in *CertificateSigningRequest, out *certificates.CertificateSigningRequest, s conversion.Scope) error {
return autoConvert_v1alpha1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(in, out, s)
}
func autoConvert_certificates_CertificateSigningRequest_To_v1alpha1_CertificateSigningRequest(in *certificates.CertificateSigningRequest, out *CertificateSigningRequest, s conversion.Scope) error {
if err := api.Convert_unversioned_TypeMeta_To_unversioned_TypeMeta(&in.TypeMeta, &out.TypeMeta, s); err != nil {
return err
}
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.ObjectMeta, &out.ObjectMeta, 0); err != nil {
return err
}
if err := Convert_certificates_CertificateSigningRequestSpec_To_v1alpha1_CertificateSigningRequestSpec(&in.Spec, &out.Spec, s); err != nil {
return err
}
if err := Convert_certificates_CertificateSigningRequestStatus_To_v1alpha1_CertificateSigningRequestStatus(&in.Status, &out.Status, s); err != nil {
return err
}
return nil
}
func Convert_certificates_CertificateSigningRequest_To_v1alpha1_CertificateSigningRequest(in *certificates.CertificateSigningRequest, out *CertificateSigningRequest, s conversion.Scope) error {
return autoConvert_certificates_CertificateSigningRequest_To_v1alpha1_CertificateSigningRequest(in, out, s)
}
func autoConvert_v1alpha1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(in *CertificateSigningRequestCondition, out *certificates.CertificateSigningRequestCondition, s conversion.Scope) error {
out.Type = certificates.RequestConditionType(in.Type)
out.Reason = in.Reason
out.Message = in.Message
if err := api.Convert_unversioned_Time_To_unversioned_Time(&in.LastUpdateTime, &out.LastUpdateTime, s); err != nil {
return err
}
return nil
}
func Convert_v1alpha1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(in *CertificateSigningRequestCondition, out *certificates.CertificateSigningRequestCondition, s conversion.Scope) error {
return autoConvert_v1alpha1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(in, out, s)
}
func autoConvert_certificates_CertificateSigningRequestCondition_To_v1alpha1_CertificateSigningRequestCondition(in *certificates.CertificateSigningRequestCondition, out *CertificateSigningRequestCondition, s conversion.Scope) error {
out.Type = RequestConditionType(in.Type)
out.Reason = in.Reason
out.Message = in.Message
if err := api.Convert_unversioned_Time_To_unversioned_Time(&in.LastUpdateTime, &out.LastUpdateTime, s); err != nil {
return err
}
return nil
}
func Convert_certificates_CertificateSigningRequestCondition_To_v1alpha1_CertificateSigningRequestCondition(in *certificates.CertificateSigningRequestCondition, out *CertificateSigningRequestCondition, s conversion.Scope) error {
return autoConvert_certificates_CertificateSigningRequestCondition_To_v1alpha1_CertificateSigningRequestCondition(in, out, s)
}
func autoConvert_v1alpha1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(in *CertificateSigningRequestList, out *certificates.CertificateSigningRequestList, s conversion.Scope) error {
if err := api.Convert_unversioned_TypeMeta_To_unversioned_TypeMeta(&in.TypeMeta, &out.TypeMeta, s); err != nil {
return err
}
if err := api.Convert_unversioned_ListMeta_To_unversioned_ListMeta(&in.ListMeta, &out.ListMeta, s); err != nil {
return err
}
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]certificates.CertificateSigningRequest, len(*in))
for i := range *in {
if err := Convert_v1alpha1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.Items = nil
}
return nil
}
func Convert_v1alpha1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(in *CertificateSigningRequestList, out *certificates.CertificateSigningRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(in, out, s)
}
func autoConvert_certificates_CertificateSigningRequestList_To_v1alpha1_CertificateSigningRequestList(in *certificates.CertificateSigningRequestList, out *CertificateSigningRequestList, s conversion.Scope) error {
if err := api.Convert_unversioned_TypeMeta_To_unversioned_TypeMeta(&in.TypeMeta, &out.TypeMeta, s); err != nil {
return err
}
if err := api.Convert_unversioned_ListMeta_To_unversioned_ListMeta(&in.ListMeta, &out.ListMeta, s); err != nil {
return err
}
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]CertificateSigningRequest, len(*in))
for i := range *in {
if err := Convert_certificates_CertificateSigningRequest_To_v1alpha1_CertificateSigningRequest(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.Items = nil
}
return nil
}
func Convert_certificates_CertificateSigningRequestList_To_v1alpha1_CertificateSigningRequestList(in *certificates.CertificateSigningRequestList, out *CertificateSigningRequestList, s conversion.Scope) error {
return autoConvert_certificates_CertificateSigningRequestList_To_v1alpha1_CertificateSigningRequestList(in, out, s)
}
func autoConvert_v1alpha1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in *CertificateSigningRequestSpec, out *certificates.CertificateSigningRequestSpec, s conversion.Scope) error {
if err := conversion.Convert_Slice_byte_To_Slice_byte(&in.Request, &out.Request, s); err != nil {
return err
}
out.Username = in.Username
out.UID = in.UID
out.Groups = in.Groups
return nil
}
func Convert_v1alpha1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in *CertificateSigningRequestSpec, out *certificates.CertificateSigningRequestSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in, out, s)
}
func autoConvert_certificates_CertificateSigningRequestSpec_To_v1alpha1_CertificateSigningRequestSpec(in *certificates.CertificateSigningRequestSpec, out *CertificateSigningRequestSpec, s conversion.Scope) error {
if err := conversion.Convert_Slice_byte_To_Slice_byte(&in.Request, &out.Request, s); err != nil {
return err
}
out.Username = in.Username
out.UID = in.UID
out.Groups = in.Groups
return nil
}
func Convert_certificates_CertificateSigningRequestSpec_To_v1alpha1_CertificateSigningRequestSpec(in *certificates.CertificateSigningRequestSpec, out *CertificateSigningRequestSpec, s conversion.Scope) error {
return autoConvert_certificates_CertificateSigningRequestSpec_To_v1alpha1_CertificateSigningRequestSpec(in, out, s)
}
func autoConvert_v1alpha1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(in *CertificateSigningRequestStatus, out *certificates.CertificateSigningRequestStatus, s conversion.Scope) error {
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]certificates.CertificateSigningRequestCondition, len(*in))
for i := range *in {
if err := Convert_v1alpha1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.Conditions = nil
}
if err := conversion.Convert_Slice_byte_To_Slice_byte(&in.Certificate, &out.Certificate, s); err != nil {
return err
}
return nil
}
func Convert_v1alpha1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(in *CertificateSigningRequestStatus, out *certificates.CertificateSigningRequestStatus, s conversion.Scope) error {
return autoConvert_v1alpha1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(in, out, s)
}
func autoConvert_certificates_CertificateSigningRequestStatus_To_v1alpha1_CertificateSigningRequestStatus(in *certificates.CertificateSigningRequestStatus, out *CertificateSigningRequestStatus, s conversion.Scope) error {
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]CertificateSigningRequestCondition, len(*in))
for i := range *in {
if err := Convert_certificates_CertificateSigningRequestCondition_To_v1alpha1_CertificateSigningRequestCondition(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.Conditions = nil
}
if err := conversion.Convert_Slice_byte_To_Slice_byte(&in.Certificate, &out.Certificate, s); err != nil {
return err
}
return nil
}
func Convert_certificates_CertificateSigningRequestStatus_To_v1alpha1_CertificateSigningRequestStatus(in *certificates.CertificateSigningRequestStatus, out *CertificateSigningRequestStatus, s conversion.Scope) error {
return autoConvert_certificates_CertificateSigningRequestStatus_To_v1alpha1_CertificateSigningRequestStatus(in, out, s)
}

130
pkg/apis/certificates/v1alpha1/deep_copy_generated.go Normal file
View File

@ -0,0 +1,130 @@
// +build !ignore_autogenerated
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by deepcopy-gen. Do not edit it manually!
package v1alpha1
import (
api "k8s.io/kubernetes/pkg/api"
unversioned "k8s.io/kubernetes/pkg/api/unversioned"
v1 "k8s.io/kubernetes/pkg/api/v1"
conversion "k8s.io/kubernetes/pkg/conversion"
)
func init() {
if err := api.Scheme.AddGeneratedDeepCopyFuncs(
DeepCopy_v1alpha1_CertificateSigningRequest,
DeepCopy_v1alpha1_CertificateSigningRequestCondition,
DeepCopy_v1alpha1_CertificateSigningRequestList,
DeepCopy_v1alpha1_CertificateSigningRequestSpec,
DeepCopy_v1alpha1_CertificateSigningRequestStatus,
); err != nil {
// if one of the deep copy functions is malformed, detect it immediately.
panic(err)
}
}
func DeepCopy_v1alpha1_CertificateSigningRequest(in CertificateSigningRequest, out *CertificateSigningRequest, c *conversion.Cloner) error {
if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil {
return err
}
if err := v1.DeepCopy_v1_ObjectMeta(in.ObjectMeta, &out.ObjectMeta, c); err != nil {
return err
}
if err := DeepCopy_v1alpha1_CertificateSigningRequestSpec(in.Spec, &out.Spec, c); err != nil {
return err
}
if err := DeepCopy_v1alpha1_CertificateSigningRequestStatus(in.Status, &out.Status, c); err != nil {
return err
}
return nil
}
func DeepCopy_v1alpha1_CertificateSigningRequestCondition(in CertificateSigningRequestCondition, out *CertificateSigningRequestCondition, c *conversion.Cloner) error {
out.Type = in.Type
out.Reason = in.Reason
out.Message = in.Message
if err := unversioned.DeepCopy_unversioned_Time(in.LastUpdateTime, &out.LastUpdateTime, c); err != nil {
return err
}
return nil
}
func DeepCopy_v1alpha1_CertificateSigningRequestList(in CertificateSigningRequestList, out *CertificateSigningRequestList, c *conversion.Cloner) error {
if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil {
return err
}
if err := unversioned.DeepCopy_unversioned_ListMeta(in.ListMeta, &out.ListMeta, c); err != nil {
return err
}
if in.Items != nil {
in, out := in.Items, &out.Items
*out = make([]CertificateSigningRequest, len(in))
for i := range in {
if err := DeepCopy_v1alpha1_CertificateSigningRequest(in[i], &(*out)[i], c); err != nil {
return err
}
}
} else {
out.Items = nil
}
return nil
}
func DeepCopy_v1alpha1_CertificateSigningRequestSpec(in CertificateSigningRequestSpec, out *CertificateSigningRequestSpec, c *conversion.Cloner) error {
if in.Request != nil {
in, out := in.Request, &out.Request
*out = make([]byte, len(in))
copy(*out, in)
} else {
out.Request = nil
}
out.Username = in.Username
out.UID = in.UID
if in.Groups != nil {
in, out := in.Groups, &out.Groups
*out = make([]string, len(in))
copy(*out, in)
} else {
out.Groups = nil
}
return nil
}
func DeepCopy_v1alpha1_CertificateSigningRequestStatus(in CertificateSigningRequestStatus, out *CertificateSigningRequestStatus, c *conversion.Cloner) error {
if in.Conditions != nil {
in, out := in.Conditions, &out.Conditions
*out = make([]CertificateSigningRequestCondition, len(in))
for i := range in {
if err := DeepCopy_v1alpha1_CertificateSigningRequestCondition(in[i], &(*out)[i], c); err != nil {
return err
}
}
} else {
out.Conditions = nil
}
if in.Certificate != nil {
in, out := in.Certificate, &out.Certificate
*out = make([]byte, len(in))
copy(*out, in)
} else {
out.Certificate = nil
}
return nil
}

18
pkg/apis/certificates/v1alpha1/doc.go Normal file
View File

@ -0,0 +1,18 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// +genconversion=true
package v1alpha1

1192
pkg/apis/certificates/v1alpha1/generated.pb.go Normal file
View File

File diff suppressed because it is too large Load Diff

86
pkg/apis/certificates/v1alpha1/generated.proto Normal file
View File

@ -0,0 +1,86 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.certificates.v1alpha1;
import "k8s.io/kubernetes/pkg/api/resource/generated.proto";
import "k8s.io/kubernetes/pkg/api/unversioned/generated.proto";
import "k8s.io/kubernetes/pkg/api/v1/generated.proto";
import "k8s.io/kubernetes/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1alpha1";
// Describes a certificate signing request
message CertificateSigningRequest {
optional k8s.io.kubernetes.pkg.api.v1.ObjectMeta metadata = 1;
// The certificate request itself and any additonal information.
optional CertificateSigningRequestSpec spec = 2;
// Derived information about the request.
optional CertificateSigningRequestStatus status = 3;
}
message CertificateSigningRequestCondition {
// request approval state, currently Approved or Denied.
optional string type = 1;
// brief reason for the request state
optional string reason = 2;
// human readable message with details about the request state
optional string message = 3;
// timestamp for the last update to this condition
optional k8s.io.kubernetes.pkg.api.unversioned.Time lastUpdateTime = 4;
}
message CertificateSigningRequestList {
optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;
repeated CertificateSigningRequest items = 2;
}
// This information is immutable after the request is created. Only the Request
// and ExtraInfo fields can be set on creation, other fields are derived by
// Kubernetes and cannot be modified by users.
message CertificateSigningRequestSpec {
// Base64-encoded PKCS#10 CSR data
optional bytes request = 1;
// Information about the requesting user (if relevant)
// See user.Info interface for details
optional string username = 2;
optional string uid = 3;
repeated string groups = 4;
}
message CertificateSigningRequestStatus {
// Conditions applied to the request, such as approval or denial.
repeated CertificateSigningRequestCondition conditions = 1;
// If request was approved, the controller will place the issued certificate here.
optional bytes certificate = 2;
}

62
pkg/apis/certificates/v1alpha1/register.go Normal file
View File

@ -0,0 +1,62 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
"k8s.io/kubernetes/pkg/api/unversioned"
"k8s.io/kubernetes/pkg/api/v1"
"k8s.io/kubernetes/pkg/runtime"
versionedwatch "k8s.io/kubernetes/pkg/watch/versioned"
)
// GroupName is the group name use in this package
const GroupName = "certificates"
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: "v1alpha1"}
// Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Kind(kind string) unversioned.GroupKind {
return SchemeGroupVersion.WithKind(kind).GroupKind()
}
// Resource takes an unqualified resource and returns back a Group qualified GroupResource
func Resource(resource string) unversioned.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
func AddToScheme(scheme *runtime.Scheme) {
addKnownTypes(scheme)
// addDefaultingFuncs(scheme)
addConversionFuncs(scheme)
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) {
scheme.AddKnownTypes(SchemeGroupVersion,
&CertificateSigningRequest{},
&CertificateSigningRequestList{},
&v1.ListOptions{},
&v1.DeleteOptions{},
)
// Add the watch version that applies
versionedwatch.AddToGroupVersion(scheme, SchemeGroupVersion)
}
func (obj *CertificateSigningRequest) GetObjectKind() unversioned.ObjectKind { return &obj.TypeMeta }
func (obj *CertificateSigningRequestList) GetObjectKind() unversioned.ObjectKind { return &obj.TypeMeta }

1963
pkg/apis/certificates/v1alpha1/types.generated.go Normal file
View File

File diff suppressed because it is too large Load Diff

84
pkg/apis/certificates/v1alpha1/types.go Normal file
View File

@ -0,0 +1,84 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
"k8s.io/kubernetes/pkg/api/unversioned"
"k8s.io/kubernetes/pkg/api/v1"
)
// +genclient=true,nonNamespaced=true
// Describes a certificate signing request
type CertificateSigningRequest struct {
unversioned.TypeMeta `json:",inline"`
v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// The certificate request itself and any additonal information.
Spec CertificateSigningRequestSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
// Derived information about the request.
Status CertificateSigningRequestStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}
// This information is immutable after the request is created. Only the Request
// and ExtraInfo fields can be set on creation, other fields are derived by
// Kubernetes and cannot be modified by users.
type CertificateSigningRequestSpec struct {
// Base64-encoded PKCS#10 CSR data
Request []byte `json:"request" protobuf:"bytes,1,opt,name=request"`
// Information about the requesting user (if relevant)
// See user.Info interface for details
Username string `json:"username,omitempty" protobuf:"bytes,2,opt,name=username"`
UID string `json:"uid,omitempty" protobuf:"bytes,3,opt,name=uid"`
Groups []string `json:"groups,omitempty" protobuf:"bytes,4,rep,name=groups"`
}
type CertificateSigningRequestStatus struct {
// Conditions applied to the request, such as approval or denial.
Conditions []CertificateSigningRequestCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"`
// If request was approved, the controller will place the issued certificate here.
Certificate []byte `json:"certificate,omitempty" protobuf:"bytes,2,opt,name=certificate"`
}
type RequestConditionType string
// These are the possible conditions for a certificate request.
const (
CertificateApproved RequestConditionType = "Approved"
CertificateDenied RequestConditionType = "Denied"
)
type CertificateSigningRequestCondition struct {
// request approval state, currently Approved or Denied.
Type RequestConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RequestConditionType"`
// brief reason for the request state
Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`
// human readable message with details about the request state
Message string `json:"message,omitempty" protobuf:"bytes,3,opt,name=message"`
// timestamp for the last update to this condition
LastUpdateTime unversioned.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,4,opt,name=lastUpdateTime"`
}
type CertificateSigningRequestList struct {
unversioned.TypeMeta `json:",inline"`
unversioned.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Items []CertificateSigningRequest `json:"items,omitempty" protobuf:"bytes,2,rep,name=items"`
}

70
pkg/apis/certificates/v1alpha1/types_swagger_doc_generated.go Normal file
View File

@ -0,0 +1,70 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
// This file contains a collection of methods that can be used from go-restful to
// generate Swagger API documentation for its models. Please read this PR for more
// information on the implementation: https://github.com/emicklei/go-restful/pull/215
//
// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if
// they are on one line! For multiple line or blocks that you want to ignore use ---.
// Any context after a --- is ignored.
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
var map_CertificateSigningRequest = map[string]string{
"": "Describes a certificate signing request",
"spec": "The certificate request itself and any additonal information.",
"status": "Derived information about the request.",
}
func (CertificateSigningRequest) SwaggerDoc() map[string]string {
return map_CertificateSigningRequest
}
var map_CertificateSigningRequestCondition = map[string]string{
"type": "request approval state, currently Approved or Denied.",
"reason": "brief reason for the request state",
"message": "human readable message with details about the request state",
"lastUpdateTime": "timestamp for the last update to this condition",
}
func (CertificateSigningRequestCondition) SwaggerDoc() map[string]string {
return map_CertificateSigningRequestCondition
}
var map_CertificateSigningRequestSpec = map[string]string{
"": "This information is immutable after the request is created. Only the Request and ExtraInfo fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.",
"request": "Base64-encoded PKCS#10 CSR data",
"username": "Information about the requesting user (if relevant) See user.Info interface for details",
}
func (CertificateSigningRequestSpec) SwaggerDoc() map[string]string {
return map_CertificateSigningRequestSpec
}
var map_CertificateSigningRequestStatus = map[string]string{
"conditions": "Conditions applied to the request, such as approval or denial.",
"certificate": "If request was approved, the controller will place the issued certificate here.",
}
func (CertificateSigningRequestStatus) SwaggerDoc() map[string]string {
return map_CertificateSigningRequestStatus
}
// AUTO-GENERATED FUNCTIONS END HERE

63
pkg/apis/certificates/validation/validation.go Normal file
View File

@ -0,0 +1,63 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"fmt"
apivalidation "k8s.io/kubernetes/pkg/api/validation"
"k8s.io/kubernetes/pkg/apis/certificates"
certutil "k8s.io/kubernetes/pkg/util/certificates"
"k8s.io/kubernetes/pkg/util/validation/field"
)
// validateCSR validates the signature and formatting of a base64-wrapped,
// PEM-encoded PKCS#10 certificate signing request. If this is invalid, we must
// not accept the CSR for further processing.
func validateCSR(obj *certificates.CertificateSigningRequest) error {
csr, err := certutil.ParseCertificateRequestObject(obj)
if err != nil {
return err
}
// check that the signature is valid
err = csr.CheckSignature()
if err != nil {
return err
}
return nil
}
// We don't care what you call your certificate requests.
func ValidateCertificateRequestName(name string, prefix bool) []string {
return nil
}
func ValidateCertificateSigningRequest(csr *certificates.CertificateSigningRequest) field.ErrorList {
isNamespaced := false
allErrs := apivalidation.ValidateObjectMeta(&csr.ObjectMeta, isNamespaced, ValidateCertificateRequestName, field.NewPath("metadata"))
err := validateCSR(csr)
if err != nil {
allErrs = append(allErrs, field.Invalid(field.NewPath("request"), csr.Spec.Request, fmt.Sprintf("%v", err)))
}
return allErrs
}
func ValidateCertificateSigningRequestUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList {
validationErrorList := ValidateCertificateSigningRequest(newCSR)
metaUpdateErrorList := apivalidation.ValidateObjectMetaUpdate(&newCSR.ObjectMeta, &oldCSR.ObjectMeta, field.NewPath("metadata"))
return append(validationErrorList, metaUpdateErrorList...)
}

17
pkg/client/clientset_generated/internalclientset/clientset.go
View File

@ -20,6 +20,7 @@ import (
"github.com/golang/glog"
unversionedautoscaling "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/autoscaling/unversioned"
unversionedbatch "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/batch/unversioned"
unversionedcertificates "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned"
unversionedcore "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/unversioned"
unversionedextensions "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned"
unversionedrbac "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/unversioned"
@ -35,6 +36,7 @@ type Interface interface {
Autoscaling() unversionedautoscaling.AutoscalingInterface
Batch() unversionedbatch.BatchInterface
Rbac() unversionedrbac.RbacInterface
Certificates() unversionedcertificates.CertificatesInterface
}
// Clientset contains the clients for groups. Each group has exactly one
@ -46,6 +48,7 @@ type Clientset struct {
*unversionedautoscaling.AutoscalingClient
*unversionedbatch.BatchClient
*unversionedrbac.RbacClient
*unversionedcertificates.CertificatesClient
}
// Core retrieves the CoreClient
@ -88,6 +91,14 @@ func (c *Clientset) Rbac() unversionedrbac.RbacInterface {
return c.RbacClient
}
// Certificates retrieves the CertificatesClient
func (c *Clientset) Certificates() unversionedcertificates.CertificatesInterface {
if c == nil {
return nil
}
return c.CertificatesClient
}
// Discovery retrieves the DiscoveryClient
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
return c.DiscoveryClient
@ -121,6 +132,10 @@ func NewForConfig(c *restclient.Config) (*Clientset, error) {
if err != nil {
return nil, err
}
clientset.CertificatesClient, err = unversionedcertificates.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
clientset.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
if err != nil {
@ -139,6 +154,7 @@ func NewForConfigOrDie(c *restclient.Config) *Clientset {
clientset.AutoscalingClient = unversionedautoscaling.NewForConfigOrDie(c)
clientset.BatchClient = unversionedbatch.NewForConfigOrDie(c)
clientset.RbacClient = unversionedrbac.NewForConfigOrDie(c)
clientset.CertificatesClient = unversionedcertificates.NewForConfigOrDie(c)
clientset.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
return &clientset
@ -152,6 +168,7 @@ func New(c *restclient.RESTClient) *Clientset {
clientset.AutoscalingClient = unversionedautoscaling.New(c)
clientset.BatchClient = unversionedbatch.New(c)
clientset.RbacClient = unversionedrbac.New(c)
clientset.CertificatesClient = unversionedcertificates.New(c)
clientset.DiscoveryClient = discovery.NewDiscoveryClient(c)
return &clientset

7
pkg/client/clientset_generated/internalclientset/fake/clientset_generated.go
View File

@ -24,6 +24,8 @@ import (
fakeunversionedautoscaling "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/autoscaling/unversioned/fake"
unversionedbatch "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/batch/unversioned"
fakeunversionedbatch "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/batch/unversioned/fake"
unversionedcertificates "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned"
fakeunversionedcertificates "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned/fake"
unversionedcore "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/unversioned"
fakeunversionedcore "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/unversioned/fake"
unversionedextensions "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned"
@ -91,3 +93,8 @@ func (c *Clientset) Batch() unversionedbatch.BatchInterface {
func (c *Clientset) Rbac() unversionedrbac.RbacInterface {
return &fakeunversionedrbac.FakeRbac{Fake: &c.Fake}
}
// Certificates retrieves the CertificatesClient
func (c *Clientset) Certificates() unversionedcertificates.CertificatesInterface {
return &fakeunversionedcertificates.FakeCertificates{Fake: &c.Fake}
}

1
pkg/client/clientset_generated/internalclientset/import_known_versions.go
View File

@ -26,6 +26,7 @@ import (
_ "k8s.io/kubernetes/pkg/apis/authorization/install"
_ "k8s.io/kubernetes/pkg/apis/autoscaling/install"
_ "k8s.io/kubernetes/pkg/apis/batch/install"
_ "k8s.io/kubernetes/pkg/apis/certificates/install"
_ "k8s.io/kubernetes/pkg/apis/componentconfig/install"
_ "k8s.io/kubernetes/pkg/apis/extensions/install"
_ "k8s.io/kubernetes/pkg/apis/policy/install"

101
pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned/certificates_client.go Normal file
View File

@ -0,0 +1,101 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package unversioned
import (
api "k8s.io/kubernetes/pkg/api"
registered "k8s.io/kubernetes/pkg/apimachinery/registered"
restclient "k8s.io/kubernetes/pkg/client/restclient"
)
type CertificatesInterface interface {
GetRESTClient() *restclient.RESTClient
CertificateSigningRequestsGetter
}
// CertificatesClient is used to interact with features provided by the Certificates group.
type CertificatesClient struct {
*restclient.RESTClient
}
func (c *CertificatesClient) CertificateSigningRequests() CertificateSigningRequestInterface {
return newCertificateSigningRequests(c)
}
// NewForConfig creates a new CertificatesClient for the given config.
func NewForConfig(c *restclient.Config) (*CertificatesClient, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := restclient.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &CertificatesClient{client}, nil
}
// NewForConfigOrDie creates a new CertificatesClient for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *restclient.Config) *CertificatesClient {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new CertificatesClient for the given RESTClient.
func New(c *restclient.RESTClient) *CertificatesClient {
return &CertificatesClient{c}
}
func setConfigDefaults(config *restclient.Config) error {
// if certificates group is not registered, return an error
g, err := registered.Group("certificates")
if err != nil {
return err
}
config.APIPath = "/apis"
if config.UserAgent == "" {
config.UserAgent = restclient.DefaultKubernetesUserAgent()
}
// TODO: Unconditionally set the config.Version, until we fix the config.
//if config.Version == "" {
copyGroupVersion := g.GroupVersion
config.GroupVersion = &copyGroupVersion
//}
config.NegotiatedSerializer = api.Codecs
if config.QPS == 0 {
config.QPS = 5
}
if config.Burst == 0 {
config.Burst = 10
}
return nil
}
// GetRESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *CertificatesClient) GetRESTClient() *restclient.RESTClient {
if c == nil {
return nil
}
return c.RESTClient
}

153
pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned/certificatesigningrequest.go Normal file
View File

@ -0,0 +1,153 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package unversioned
import (
api "k8s.io/kubernetes/pkg/api"
certificates "k8s.io/kubernetes/pkg/apis/certificates"
watch "k8s.io/kubernetes/pkg/watch"
)
// CertificateSigningRequestsGetter has a method to return a CertificateSigningRequestInterface.
// A group's client should implement this interface.
type CertificateSigningRequestsGetter interface {
CertificateSigningRequests() CertificateSigningRequestInterface
}
// CertificateSigningRequestInterface has methods to work with CertificateSigningRequest resources.
type CertificateSigningRequestInterface interface {
Create(*certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
Update(*certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
UpdateStatus(*certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
Delete(name string, options *api.DeleteOptions) error
DeleteCollection(options *api.DeleteOptions, listOptions api.ListOptions) error
Get(name string) (*certificates.CertificateSigningRequest, error)
List(opts api.ListOptions) (*certificates.CertificateSigningRequestList, error)
Watch(opts api.ListOptions) (watch.Interface, error)
Patch(name string, pt api.PatchType, data []byte) (result *certificates.CertificateSigningRequest, err error)
CertificateSigningRequestExpansion
}
// certificateSigningRequests implements CertificateSigningRequestInterface
type certificateSigningRequests struct {
client *CertificatesClient
}
// newCertificateSigningRequests returns a CertificateSigningRequests
func newCertificateSigningRequests(c *CertificatesClient) *certificateSigningRequests {
return &certificateSigningRequests{
client: c,
}
}
// Create takes the representation of a certificateSigningRequest and creates it. Returns the server's representation of the certificateSigningRequest, and an error, if there is any.
func (c *certificateSigningRequests) Create(certificateSigningRequest *certificates.CertificateSigningRequest) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Post().
Resource("certificatesigningrequests").
Body(certificateSigningRequest).
Do().
Into(result)
return
}
// Update takes the representation of a certificateSigningRequest and updates it. Returns the server's representation of the certificateSigningRequest, and an error, if there is any.
func (c *certificateSigningRequests) Update(certificateSigningRequest *certificates.CertificateSigningRequest) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Put().
Resource("certificatesigningrequests").
Name(certificateSigningRequest.Name).
Body(certificateSigningRequest).
Do().
Into(result)
return
}
func (c *certificateSigningRequests) UpdateStatus(certificateSigningRequest *certificates.CertificateSigningRequest) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Put().
Resource("certificatesigningrequests").
Name(certificateSigningRequest.Name).
SubResource("status").
Body(certificateSigningRequest).
Do().
Into(result)
return
}
// Delete takes name of the certificateSigningRequest and deletes it. Returns an error if one occurs.
func (c *certificateSigningRequests) Delete(name string, options *api.DeleteOptions) error {
return c.client.Delete().
Resource("certificatesigningrequests").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *certificateSigningRequests) DeleteCollection(options *api.DeleteOptions, listOptions api.ListOptions) error {
return c.client.Delete().
Resource("certificatesigningrequests").
VersionedParams(&listOptions, api.ParameterCodec).
Body(options).
Do().
Error()
}
// Get takes name of the certificateSigningRequest, and returns the corresponding certificateSigningRequest object, and an error if there is any.
func (c *certificateSigningRequests) Get(name string) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Get().
Resource("certificatesigningrequests").
Name(name).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of CertificateSigningRequests that match those selectors.
func (c *certificateSigningRequests) List(opts api.ListOptions) (result *certificates.CertificateSigningRequestList, err error) {
result = &certificates.CertificateSigningRequestList{}
err = c.client.Get().
Resource("certificatesigningrequests").
VersionedParams(&opts, api.ParameterCodec).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested certificateSigningRequests.
func (c *certificateSigningRequests) Watch(opts api.ListOptions) (watch.Interface, error) {
return c.client.Get().
Prefix("watch").
Resource("certificatesigningrequests").
VersionedParams(&opts, api.ParameterCodec).
Watch()
}
// Patch applies the patch and returns the patched certificateSigningRequest.
func (c *certificateSigningRequests) Patch(name string, pt api.PatchType, data []byte) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Patch(pt).
Resource("certificatesigningrequests").
Name(name).
Body(data).
Do().
Into(result)
return
}

20
pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned/doc.go Normal file
View File

@ -0,0 +1,20 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with the default arguments.
// This package has the automatically generated typed clients.
package unversioned

20
pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned/fake/doc.go Normal file
View File

@ -0,0 +1,20 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with the default arguments.
// Package fake has the automatically generated clients.
package fake

37
pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned/fake/fake_certificates_client.go Normal file
View File

@ -0,0 +1,37 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (
unversioned "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned"
restclient "k8s.io/kubernetes/pkg/client/restclient"
core "k8s.io/kubernetes/pkg/client/testing/core"
)
type FakeCertificates struct {
*core.Fake
}
func (c *FakeCertificates) CertificateSigningRequests() unversioned.CertificateSigningRequestInterface {
return &FakeCertificateSigningRequests{c}
}
// GetRESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeCertificates) GetRESTClient() *restclient.RESTClient {
return nil
}

118
pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned/fake/fake_certificatesigningrequest.go Normal file
View File

@ -0,0 +1,118 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (
api "k8s.io/kubernetes/pkg/api"
unversioned "k8s.io/kubernetes/pkg/api/unversioned"
certificates "k8s.io/kubernetes/pkg/apis/certificates"
core "k8s.io/kubernetes/pkg/client/testing/core"
labels "k8s.io/kubernetes/pkg/labels"
watch "k8s.io/kubernetes/pkg/watch"
)
// FakeCertificateSigningRequests implements CertificateSigningRequestInterface
type FakeCertificateSigningRequests struct {
Fake *FakeCertificates
}
var certificatesigningrequestsResource = unversioned.GroupVersionResource{Group: "certificates", Version: "", Resource: "certificatesigningrequests"}
func (c *FakeCertificateSigningRequests) Create(certificateSigningRequest *certificates.CertificateSigningRequest) (result *certificates.CertificateSigningRequest, err error) {
obj, err := c.Fake.
Invokes(core.NewRootCreateAction(certificatesigningrequestsResource, certificateSigningRequest), &certificates.CertificateSigningRequest{})
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}
func (c *FakeCertificateSigningRequests) Update(certificateSigningRequest *certificates.CertificateSigningRequest) (result *certificates.CertificateSigningRequest, err error) {
obj, err := c.Fake.
Invokes(core.NewRootUpdateAction(certificatesigningrequestsResource, certificateSigningRequest), &certificates.CertificateSigningRequest{})
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}
func (c *FakeCertificateSigningRequests) UpdateStatus(certificateSigningRequest *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error) {
obj, err := c.Fake.
Invokes(core.NewRootUpdateSubresourceAction(certificatesigningrequestsResource, "status", certificateSigningRequest), &certificates.CertificateSigningRequest{})
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}
func (c *FakeCertificateSigningRequests) Delete(name string, options *api.DeleteOptions) error {
_, err := c.Fake.
Invokes(core.NewRootDeleteAction(certificatesigningrequestsResource, name), &certificates.CertificateSigningRequest{})
return err
}
func (c *FakeCertificateSigningRequests) DeleteCollection(options *api.DeleteOptions, listOptions api.ListOptions) error {
action := core.NewRootDeleteCollectionAction(certificatesigningrequestsResource, listOptions)
_, err := c.Fake.Invokes(action, &certificates.CertificateSigningRequestList{})
return err
}
func (c *FakeCertificateSigningRequests) Get(name string) (result *certificates.CertificateSigningRequest, err error) {
obj, err := c.Fake.
Invokes(core.NewRootGetAction(certificatesigningrequestsResource, name), &certificates.CertificateSigningRequest{})
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}
func (c *FakeCertificateSigningRequests) List(opts api.ListOptions) (result *certificates.CertificateSigningRequestList, err error) {
obj, err := c.Fake.
Invokes(core.NewRootListAction(certificatesigningrequestsResource, opts), &certificates.CertificateSigningRequestList{})
if obj == nil {
return nil, err
}
label := opts.LabelSelector
if label == nil {
label = labels.Everything()
}
list := &certificates.CertificateSigningRequestList{}
for _, item := range obj.(*certificates.CertificateSigningRequestList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested certificateSigningRequests.
func (c *FakeCertificateSigningRequests) Watch(opts api.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(core.NewRootWatchAction(certificatesigningrequestsResource, opts))
}
// Patch applies the patch and returns the patched certificateSigningRequest.
func (c *FakeCertificateSigningRequests) Patch(name string, pt api.PatchType, data []byte) (result *certificates.CertificateSigningRequest, err error) {
obj, err := c.Fake.
Invokes(core.NewRootPatchAction(certificatesigningrequestsResource, name, data), &certificates.CertificateSigningRequest{})
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}

19
pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned/generated_expansion.go Normal file
View File

@ -0,0 +1,19 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package unversioned
type CertificateSigningRequestExpansion interface{}

87
pkg/client/unversioned/certificates.go Normal file
View File

@ -0,0 +1,87 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package unversioned
import (
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/apimachinery/registered"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/client/restclient"
)
// Interface holds the methods for clients of Kubernetes to allow mock testing.
type CertificatesInterface interface {
CertificateSigningRequests() CertificateSigningRequestInterface
}
type CertificatesClient struct {
*restclient.RESTClient
}
func (c *CertificatesClient) CertificateSigningRequests() CertificateSigningRequestInterface {
return newCertificateSigningRequests(c)
}
// NewCertificates creates a new CertificatesClient for the given config.
func NewCertificates(c *restclient.Config) (*CertificatesClient, error) {
config := *c
if err := setCertificatesDefaults(&config); err != nil {
return nil, err
}
client, err := restclient.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &CertificatesClient{client}, nil
}
// NewCertificatesOrDie creates a new CertificatesClient for the given config and
// panics if there is an error in the config.
func NewCertificatesOrDie(c *restclient.Config) *CertificatesClient {
client, err := NewCertificates(c)
if err != nil {
panic(err)
}
return client
}
func setCertificatesDefaults(config *restclient.Config) error {
// if certificates group is not registered, return an error
g, err := registered.Group(certificates.GroupName)
if err != nil {
return err
}
config.APIPath = defaultAPIPath
if config.UserAgent == "" {
config.UserAgent = restclient.DefaultKubernetesUserAgent()
}
// TODO: Unconditionally set the config.Version, until we fix the config.
//if config.Version == "" {
copyGroupVersion := g.GroupVersion
config.GroupVersion = &copyGroupVersion
//}
config.Codec = api.Codecs.LegacyCodec(*config.GroupVersion)
config.NegotiatedSerializer = api.Codecs
if config.QPS == 0 {
config.QPS = 5
}
if config.Burst == 0 {
config.Burst = 10
}
return nil
}

104
pkg/client/unversioned/certificatesigningrequests.go Normal file
View File

@ -0,0 +1,104 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package unversioned
import (
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/watch"
)
// CertificateSigningRequestInterface has methods to work with CertificateSigningRequest resources.
type CertificateSigningRequestInterface interface {
List(opts api.ListOptions) (*certificates.CertificateSigningRequestList, error)
Get(name string) (*certificates.CertificateSigningRequest, error)
Delete(name string, options *api.DeleteOptions) error
Create(certificateSigningRequest *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
Update(certificateSigningRequest *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
UpdateStatus(certificateSigningRequest *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
UpdateApproval(certificateSigningRequest *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
Watch(opts api.ListOptions) (watch.Interface, error)
}
// certificateSigningRequests implements CertificateSigningRequestsNamespacer interface
type certificateSigningRequests struct {
client *CertificatesClient
}
// newCertificateSigningRequests returns a certificateSigningRequests
func newCertificateSigningRequests(c *CertificatesClient) *certificateSigningRequests {
return &certificateSigningRequests{
client: c,
}
}
// List takes label and field selectors, and returns the list of certificateSigningRequests that match those selectors.
func (c *certificateSigningRequests) List(opts api.ListOptions) (result *certificates.CertificateSigningRequestList, err error) {
result = &certificates.CertificateSigningRequestList{}
err = c.client.Get().Resource("certificatesigningrequests").VersionedParams(&opts, api.ParameterCodec).Do().Into(result)
return
}
// Get takes the name of the certificateSigningRequest, and returns the corresponding CertificateSigningRequest object, and an error if it occurs
func (c *certificateSigningRequests) Get(name string) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Get().Resource("certificatesigningrequests").Name(name).Do().Into(result)
return
}
// Delete takes the name of the certificateSigningRequest and deletes it. Returns an error if one occurs.
func (c *certificateSigningRequests) Delete(name string, options *api.DeleteOptions) error {
return c.client.Delete().Resource("certificatesigningrequests").Name(name).Body(options).Do().Error()
}
// Create takes the representation of a certificateSigningRequest and creates it. Returns the server's representation of the certificateSigningRequest, and an error, if it occurs.
func (c *certificateSigningRequests) Create(certificateSigningRequest *certificates.CertificateSigningRequest) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Post().Resource("certificatesigningrequests").Body(certificateSigningRequest).Do().Into(result)
return
}
// Update takes the representation of a certificateSigningRequest and updates it. Returns the server's representation of the certificateSigningRequest, and an error, if it occurs.
func (c *certificateSigningRequests) Update(certificateSigningRequest *certificates.CertificateSigningRequest) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Put().Resource("certificatesigningrequests").Name(certificateSigningRequest.Name).Body(certificateSigningRequest).Do().Into(result)
return
}
// UpdateStatus takes the representation of a certificateSigningRequest and updates it. Returns the server's representation of the certificateSigningRequest, and an error, if it occurs.
func (c *certificateSigningRequests) UpdateStatus(certificateSigningRequest *certificates.CertificateSigningRequest) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Put().Resource("certificatesigningrequests").Name(certificateSigningRequest.Name).SubResource("status").Body(certificateSigningRequest).Do().Into(result)
return
}
// UpdateApproval takes the representation of a certificateSigningRequest and updates it. Returns the server's representation of the certificateSigningRequest, and an error, if it occurs.
func (c *certificateSigningRequests) UpdateApproval(certificateSigningRequest *certificates.CertificateSigningRequest) (result *certificates.CertificateSigningRequest, err error) {
result = &certificates.CertificateSigningRequest{}
err = c.client.Put().Resource("certificatesigningrequests").Name(certificateSigningRequest.Name).SubResource("approval").Body(certificateSigningRequest).Do().Into(result)
return
}
// Watch returns a watch.Interface that watches the requested certificateSigningRequests.
func (c *certificateSigningRequests) Watch(opts api.ListOptions) (watch.Interface, error) {
return c.client.Get().
Prefix("watch").
Namespace(api.NamespaceAll).
Resource("certificatesigningrequests").
VersionedParams(&opts, api.ParameterCodec).
Watch()
}

6
pkg/client/unversioned/client.go
View File

@ -49,6 +49,7 @@ type Interface interface {
Extensions() ExtensionsInterface
Rbac() RbacInterface
Discovery() discovery.DiscoveryInterface
Certificates() CertificatesInterface
}
func (c *Client) ReplicationControllers(namespace string) ReplicationControllerInterface {
@ -124,6 +125,7 @@ type Client struct {
*PolicyClient
*RbacClient
*discovery.DiscoveryClient
*CertificatesClient
}
// IsTimeout tests if this is a timeout error in the underlying transport.
@ -171,3 +173,7 @@ func (c *Client) Rbac() RbacInterface {
func (c *Client) Discovery() discovery.DiscoveryInterface {
return c.DiscoveryClient
}
func (c *Client) Certificates() CertificatesInterface {
return c.CertificatesClient
}

11
pkg/client/unversioned/helper.go
View File

@ -25,6 +25,7 @@ import (
"k8s.io/kubernetes/pkg/apis/apps"
"k8s.io/kubernetes/pkg/apis/autoscaling"
"k8s.io/kubernetes/pkg/apis/batch"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/apis/rbac"
@ -95,6 +96,14 @@ func New(c *restclient.Config) (*Client, error) {
return nil, err
}
}
var certsClient *CertificatesClient
if registered.IsRegistered(certificates.GroupName) {
certsConfig := *c
certsClient, err = NewCertificates(&certsConfig)
if err != nil {
return nil, err
}
}
var appsClient *AppsClient
if registered.IsRegistered(apps.GroupName) {
@ -114,7 +123,7 @@ func New(c *restclient.Config) (*Client, error) {
}
}
return &Client{RESTClient: client, AutoscalingClient: autoscalingClient, BatchClient: batchClient, ExtensionsClient: extensionsClient, DiscoveryClient: discoveryClient, AppsClient: appsClient, PolicyClient: policyClient, RbacClient: rbacClient}, nil
return &Client{RESTClient: client, AutoscalingClient: autoscalingClient, BatchClient: batchClient, CertificatesClient: certsClient, ExtensionsClient: extensionsClient, DiscoveryClient: discoveryClient, AppsClient: appsClient, PolicyClient: policyClient, RbacClient: rbacClient}, nil
}
// MatchesServerVersion queries the server to compares the build version

1
pkg/client/unversioned/import_known_versions.go
View File

@ -27,6 +27,7 @@ import (
_ "k8s.io/kubernetes/pkg/apis/authorization/install"
_ "k8s.io/kubernetes/pkg/apis/autoscaling/install"
_ "k8s.io/kubernetes/pkg/apis/batch/install"
_ "k8s.io/kubernetes/pkg/apis/certificates/install"
_ "k8s.io/kubernetes/pkg/apis/componentconfig/install"
_ "k8s.io/kubernetes/pkg/apis/extensions/install"
_ "k8s.io/kubernetes/pkg/apis/policy/install"

107
pkg/client/unversioned/testclient/fake_certificates.go Normal file
View File

@ -0,0 +1,107 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package testclient
import (
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/client/unversioned"
"k8s.io/kubernetes/pkg/runtime"
"k8s.io/kubernetes/pkg/watch"
)
// NewSimpleFakeCertificate returns a client that will respond with the provided objects
func NewSimpleFakeCertificates(objects ...runtime.Object) *FakeCertificates {
return &FakeCertificates{Fake: NewSimpleFake(objects...)}
}
// FakeCertificates implements CertificatesInterface. Meant to be
// embedded into a struct to get a default implementation. This makes faking
// out just the method you want to test easier.
type FakeCertificates struct {
*Fake
}
func (c *FakeCertificates) CertificateSigningRequests() unversioned.CertificateSigningRequestInterface {
return &FakeCertificateSigningRequest{Fake: c}
}
// FakeCertificateSigningRequest implements CertificateSigningRequestInterface
type FakeCertificateSigningRequest struct {
Fake *FakeCertificates
}
func (c *FakeCertificateSigningRequest) Get(name string) (*certificates.CertificateSigningRequest, error) {
obj, err := c.Fake.Invokes(NewRootGetAction("certificatesigningrequests", name), &certificates.CertificateSigningRequest{})
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}
func (c *FakeCertificateSigningRequest) List(opts api.ListOptions) (*certificates.CertificateSigningRequestList, error) {
obj, err := c.Fake.Invokes(NewRootListAction("certificatesigningrequests", opts), &certificates.CertificateSigningRequestList{})
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequestList), err
}
func (c *FakeCertificateSigningRequest) Create(csr *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error) {
obj, err := c.Fake.Invokes(NewRootCreateAction("certificatesigningrequests", csr), csr)
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}
func (c *FakeCertificateSigningRequest) Update(csr *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error) {
obj, err := c.Fake.Invokes(NewRootUpdateAction("certificatesigningrequests", csr), csr)
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}
func (c *FakeCertificateSigningRequest) UpdateStatus(csr *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error) {
obj, err := c.Fake.Invokes(NewUpdateSubresourceAction("certificatesigningrequests", "status", api.NamespaceAll, csr), csr)
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}
func (c *FakeCertificateSigningRequest) UpdateApproval(csr *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error) {
obj, err := c.Fake.Invokes(NewUpdateSubresourceAction("certificatesigningrequests", "approval", api.NamespaceAll, csr), csr)
if obj == nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), err
}
func (c *FakeCertificateSigningRequest) Delete(name string, opts *api.DeleteOptions) error {
_, err := c.Fake.Invokes(NewRootDeleteAction("certificatesigningrequests", name), &certificates.CertificateSigningRequest{})
return err
}
func (c *FakeCertificateSigningRequest) Watch(opts api.ListOptions) (watch.Interface, error) {
return c.Fake.InvokesWatch(NewRootWatchAction("certificatesigningrequests", opts))
}

4
pkg/client/unversioned/testclient/testclient.go
View File

@ -285,6 +285,10 @@ func (c *Fake) Batch() client.BatchInterface {
return &FakeBatch{c}
}
func (c *Fake) Certificates() client.CertificatesInterface {
return &FakeCertificates{c}
}
func (c *Fake) Extensions() client.ExtensionsInterface {
return &FakeExperimental{c}
}

9
pkg/kubectl/cmd/util/factory.go
View File

@ -48,6 +48,7 @@ import (
"k8s.io/kubernetes/pkg/apis/apps"
"k8s.io/kubernetes/pkg/apis/autoscaling"
"k8s.io/kubernetes/pkg/apis/batch"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/apis/rbac"
@ -366,6 +367,8 @@ func NewFactory(optionalClientConfig clientcmd.ClientConfig) *Factory {
return clients.FederationClientForVersion(&mappingVersion)
case rbac.GroupName:
return c.RbacClient.RESTClient, nil
case certificates.GroupName:
return c.CertificatesClient.RESTClient, nil
default:
if !registered.IsThirdPartyAPIGroupVersion(gvk.GroupVersion()) {
return nil, fmt.Errorf("unknown api group/version: %s", gvk.String())
@ -1104,6 +1107,12 @@ func (c *clientSwaggerSchema) ValidateBytes(data []byte) error {
}
return getSchemaAndValidate(c.fedc, data, "apis/", gvk.GroupVersion().String(), c.cacheDir, c)
}
if gvk.Group == certificates.GroupName {
if c.c.CertificatesClient == nil {
return errors.New("unable to validate: no certificates client")
}
return getSchemaAndValidate(c.c.CertificatesClient.RESTClient, data, "apis/", gvk.GroupVersion().String(), c.cacheDir, c)
}
return getSchemaAndValidate(c.c.RESTClient, data, "api", gvk.GroupVersion().String(), c.cacheDir, c)
}

1
pkg/master/import_known_versions.go
View File

@ -26,6 +26,7 @@ import (
_ "k8s.io/kubernetes/pkg/apis/authorization/install"
_ "k8s.io/kubernetes/pkg/apis/autoscaling/install"
_ "k8s.io/kubernetes/pkg/apis/batch/install"
_ "k8s.io/kubernetes/pkg/apis/certificates/install"
_ "k8s.io/kubernetes/pkg/apis/componentconfig/install"
_ "k8s.io/kubernetes/pkg/apis/extensions/install"
_ "k8s.io/kubernetes/pkg/apis/policy/install"

47
pkg/master/master.go
View File

@ -40,6 +40,8 @@ import (
"k8s.io/kubernetes/pkg/apis/batch"
batchapiv1 "k8s.io/kubernetes/pkg/apis/batch/v1"
batchapiv2alpha1 "k8s.io/kubernetes/pkg/apis/batch/v2alpha1"
"k8s.io/kubernetes/pkg/apis/certificates"
certificatesapiv1alpha1 "k8s.io/kubernetes/pkg/apis/certificates/v1alpha1"
"k8s.io/kubernetes/pkg/apis/extensions"
extensionsapiv1beta1 "k8s.io/kubernetes/pkg/apis/extensions/v1beta1"
"k8s.io/kubernetes/pkg/apis/policy"
@ -53,6 +55,7 @@ import (
"k8s.io/kubernetes/pkg/healthz"
kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
"k8s.io/kubernetes/pkg/master/ports"
certificateetcd "k8s.io/kubernetes/pkg/registry/certificates/etcd"
"k8s.io/kubernetes/pkg/registry/clusterrole"
clusterroleetcd "k8s.io/kubernetes/pkg/registry/clusterrole/etcd"
clusterrolepolicybased "k8s.io/kubernetes/pkg/registry/clusterrole/policybased"
@ -381,6 +384,26 @@ func (m *Master) InstallAPIs(c *Config) {
apiGroupsInfo = append(apiGroupsInfo, apiGroupInfo)
}
if c.APIResourceConfigSource.AnyResourcesForVersionEnabled(certificatesapiv1alpha1.SchemeGroupVersion) {
certificateResources := m.getCertificateResources(c)
certificatesGroupMeta := registered.GroupOrDie(certificates.GroupName)
// Hard code preferred group version to certificates/v1alpha1
certificatesGroupMeta.GroupVersion = certificatesapiv1alpha1.SchemeGroupVersion
apiGroupInfo := genericapiserver.APIGroupInfo{
GroupMeta: *certificatesGroupMeta,
VersionedResourcesStorageMap: map[string]map[string]rest.Storage{
"v1alpha1": certificateResources,
},
OptionsExternalVersion: &registered.GroupOrDie(api.GroupName).GroupVersion,
Scheme: api.Scheme,
ParameterCodec: api.ParameterCodec,
NegotiatedSerializer: api.Codecs,
}
apiGroupsInfo = append(apiGroupsInfo, apiGroupInfo)
}
if c.APIResourceConfigSource.AnyResourcesForVersionEnabled(rbacapi.SchemeGroupVersion) {
rbacResources := m.getRBACResources(c)
rbacGroupMeta := registered.GroupOrDie(rbac.GroupName)
@ -878,6 +901,28 @@ func (m *Master) getAutoscalingResources(c *Config) map[string]rest.Storage {
return storage
}
// getCertificateResources returns the resources for certificates API
func (m *Master) getCertificateResources(c *Config) map[string]rest.Storage {
restOptions := func(resource string) generic.RESTOptions {
return m.GetRESTOptionsOrDie(c, certificates.Resource(resource))
}
// TODO update when we support more than one version of this group
version := certificatesapiv1alpha1.SchemeGroupVersion
storage := map[string]rest.Storage{}
csrStorage, csrStatusStorage, csrApprovalStorage := certificateetcd.NewREST(restOptions("certificatesigningrequests"))
if c.APIResourceConfigSource.ResourceEnabled(version.WithResource("certificatesigningrequests")) {
storage["certificatesigningrequests"] = csrStorage
storage["certificatesigningrequests/status"] = csrStatusStorage
storage["certificatesigningrequests/approval"] = csrApprovalStorage
}
return storage
}
// getBatchResources returns the resources for batch api
func (m *Master) getBatchResources(c *Config, version unversioned.GroupVersion) map[string]rest.Storage {
storage := map[string]rest.Storage{}
@ -1006,7 +1051,7 @@ func (m *Master) IsTunnelSyncHealthy(req *http.Request) error {
func DefaultAPIResourceConfigSource() *genericapiserver.ResourceConfig {
ret := genericapiserver.NewResourceConfig()
ret.EnableVersions(apiv1.SchemeGroupVersion, extensionsapiv1beta1.SchemeGroupVersion, batchapiv1.SchemeGroupVersion, autoscalingapiv1.SchemeGroupVersion, appsapi.SchemeGroupVersion, policyapiv1alpha1.SchemeGroupVersion, rbacapi.SchemeGroupVersion)
ret.EnableVersions(apiv1.SchemeGroupVersion, extensionsapiv1beta1.SchemeGroupVersion, batchapiv1.SchemeGroupVersion, autoscalingapiv1.SchemeGroupVersion, appsapi.SchemeGroupVersion, policyapiv1alpha1.SchemeGroupVersion, rbacapi.SchemeGroupVersion, certificatesapiv1alpha1.SchemeGroupVersion)
// all extensions resources except these are disabled by default
ret.EnableResources(

2
pkg/master/master_test.go
View File

@ -43,6 +43,7 @@ import (
"k8s.io/kubernetes/pkg/apis/batch"
batchapiv1 "k8s.io/kubernetes/pkg/apis/batch/v1"
batchapiv2alpha1 "k8s.io/kubernetes/pkg/apis/batch/v2alpha1"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/apis/extensions"
extensionsapiv1beta1 "k8s.io/kubernetes/pkg/apis/extensions/v1beta1"
"k8s.io/kubernetes/pkg/apis/rbac"
@ -94,6 +95,7 @@ func setUp(t *testing.T) (*Master, *etcdtesting.EtcdTestServer, Config, *assert.
resourceEncoding.SetVersionEncoding(apps.GroupName, *testapi.Apps.GroupVersion(), unversioned.GroupVersion{Group: apps.GroupName, Version: runtime.APIVersionInternal})
resourceEncoding.SetVersionEncoding(extensions.GroupName, *testapi.Extensions.GroupVersion(), unversioned.GroupVersion{Group: extensions.GroupName, Version: runtime.APIVersionInternal})
resourceEncoding.SetVersionEncoding(rbac.GroupName, *testapi.Rbac.GroupVersion(), unversioned.GroupVersion{Group: rbac.GroupName, Version: runtime.APIVersionInternal})
resourceEncoding.SetVersionEncoding(certificates.GroupName, *testapi.Certificates.GroupVersion(), unversioned.GroupVersion{Group: certificates.GroupName, Version: runtime.APIVersionInternal})
storageFactory := genericapiserver.NewDefaultStorageFactory(storageConfig, testapi.StorageMediaType(), api.Codecs, resourceEncoding, DefaultAPIResourceConfigSource())
config.StorageFactory = storageFactory

56
pkg/registry/cachesize/cachesize.go
View File

@ -28,39 +28,41 @@ import (
type Resource string
const (
ClusterRoles Resource = "clusterroles"
ClusterRoleBindings Resource = "clusterrolebindings"
Controllers Resource = "controllers"
Daemonsets Resource = "daemonsets"
Deployments Resource = "deployments"
Endpoints Resource = "endpoints"
HorizontalPodAutoscalers Resource = "horizontalpodautoscalers"
Ingress Resource = "ingress"
PodDisruptionBudget Resource = "poddisruptionbudgets"
PetSet Resource = "petset"
Jobs Resource = "jobs"
LimitRanges Resource = "limitranges"
Namespaces Resource = "namespaces"
NetworkPolicys Resource = "networkpolicies"
Nodes Resource = "nodes"
PersistentVolumes Resource = "persistentvolumes"
PersistentVolumeClaims Resource = "persistentvolumeclaims"
Pods Resource = "pods"
PodTemplates Resource = "podtemplates"
Replicasets Resource = "replicasets"
ResourceQuotas Resource = "resourcequotas"
ScheduledJobs Resource = "scheduledjobs"
Roles Resource = "roles"
RoleBindings Resource = "rolebindings"
Secrets Resource = "secrets"
ServiceAccounts Resource = "serviceaccounts"
Services Resource = "services"
CertificateSigningRequests Resource = "certificatesigningrequests"
ClusterRoles Resource = "clusterroles"
ClusterRoleBindings Resource = "clusterrolebindings"
Controllers Resource = "controllers"
Daemonsets Resource = "daemonsets"
Deployments Resource = "deployments"
Endpoints Resource = "endpoints"
HorizontalPodAutoscalers Resource = "horizontalpodautoscalers"
Ingress Resource = "ingress"
PodDisruptionBudget Resource = "poddisruptionbudgets"
PetSet Resource = "petset"
Jobs Resource = "jobs"
LimitRanges Resource = "limitranges"
Namespaces Resource = "namespaces"
NetworkPolicys Resource = "networkpolicies"
Nodes Resource = "nodes"
PersistentVolumes Resource = "persistentvolumes"
PersistentVolumeClaims Resource = "persistentvolumeclaims"
Pods Resource = "pods"
PodTemplates Resource = "podtemplates"
Replicasets Resource = "replicasets"
ResourceQuotas Resource = "resourcequotas"
ScheduledJobs Resource = "scheduledjobs"
Roles Resource = "roles"
RoleBindings Resource = "rolebindings"
Secrets Resource = "secrets"
ServiceAccounts Resource = "serviceaccounts"
Services Resource = "services"
)
var watchCacheSizes map[Resource]int
func init() {
watchCacheSizes = make(map[Resource]int)
watchCacheSizes[CertificateSigningRequests] = 1000
watchCacheSizes[ClusterRoles] = 100
watchCacheSizes[ClusterRoleBindings] = 100
watchCacheSizes[Controllers] = 100

19
pkg/registry/certificates/doc.go Normal file
View File

@ -0,0 +1,19 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package certificates provides Registry interface and its RESTStorage
// implementation for storing CertificateSigningRequest objects.
package certificates

106
pkg/registry/certificates/etcd/etcd.go Normal file
View File

@ -0,0 +1,106 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package etcd
import (
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/rest"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/fields"
"k8s.io/kubernetes/pkg/labels"
"k8s.io/kubernetes/pkg/registry/cachesize"
csrregistry "k8s.io/kubernetes/pkg/registry/certificates"
"k8s.io/kubernetes/pkg/registry/generic"
"k8s.io/kubernetes/pkg/registry/generic/registry"
"k8s.io/kubernetes/pkg/runtime"
)
// REST implements a RESTStorage for CertificateSigningRequest against etcd
type REST struct {
*registry.Store
}
// NewREST returns a registry which will store CertificateSigningRequest in the given helper
func NewREST(opts generic.RESTOptions) (*REST, *StatusREST, *ApprovalREST) {
prefix := "/certificatesigningrequests"
newListFunc := func() runtime.Object { return &certificates.CertificateSigningRequestList{} }
storageInterface := opts.Decorator(opts.Storage, cachesize.GetWatchCacheSizeByResource(cachesize.CertificateSigningRequests), &certificates.CertificateSigningRequest{}, prefix, csrregistry.Strategy, newListFunc)
store := &registry.Store{
NewFunc: func() runtime.Object { return &certificates.CertificateSigningRequest{} },
NewListFunc: newListFunc,
KeyRootFunc: func(ctx api.Context) string {
return prefix
},
KeyFunc: func(ctx api.Context, id string) (string, error) {
return registry.NoNamespaceKeyFunc(ctx, prefix, id)
},
ObjectNameFunc: func(obj runtime.Object) (string, error) {
return obj.(*certificates.CertificateSigningRequest).Name, nil
},
PredicateFunc: func(label labels.Selector, field fields.Selector) generic.Matcher {
return csrregistry.Matcher(label, field)
},
QualifiedResource: certificates.Resource("certificatesigningrequests"),
DeleteCollectionWorkers: opts.DeleteCollectionWorkers,
CreateStrategy: csrregistry.Strategy,
UpdateStrategy: csrregistry.Strategy,
Storage: storageInterface,
}
// Subresources use the same store and creation strategy, which only
// allows empty subs. Updates to an existing subresource are handled by
// dedicated strategies.
statusStore := *store
statusStore.UpdateStrategy = csrregistry.StatusStrategy
approvalStore := *store
approvalStore.UpdateStrategy = csrregistry.ApprovalStrategy
return &REST{store}, &StatusREST{store: &statusStore}, &ApprovalREST{store: &approvalStore}
}
// StatusREST implements the REST endpoint for changing the status of a CSR.
type StatusREST struct {
store *registry.Store
}
func (r *StatusREST) New() runtime.Object {
return &certificates.CertificateSigningRequest{}
}
// Update alters the status subset of an object.
func (r *StatusREST) Update(ctx api.Context, name string, objInfo rest.UpdatedObjectInfo) (runtime.Object, bool, error) {
return r.store.Update(ctx, name, objInfo)
}
// ApprovalREST implements the REST endpoint for changing the approval state of a CSR.
type ApprovalREST struct {
store *registry.Store
}
func (r *ApprovalREST) New() runtime.Object {
return &certificates.CertificateSigningRequest{}
}
// Update alters the approval subset of an object.
func (r *ApprovalREST) Update(ctx api.Context, name string, objInfo rest.UpdatedObjectInfo) (runtime.Object, bool, error) {
return r.store.Update(ctx, name, objInfo)
}

92
pkg/registry/certificates/registry.go Normal file
View File

@ -0,0 +1,92 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package certificates
import (
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/rest"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/watch"
)
// Registry is an interface for things that know how to store CSRs.
type Registry interface {
ListCSRs(ctx api.Context, options *api.ListOptions) (*certificates.CertificateSigningRequestList, error)
CreateCSR(ctx api.Context, csr *certificates.CertificateSigningRequest) error
UpdateCSR(ctx api.Context, csr *certificates.CertificateSigningRequest) error
GetCSR(ctx api.Context, csrID string) (*certificates.CertificateSigningRequest, error)
DeleteCSR(ctx api.Context, csrID string) error
WatchCSRs(ctx api.Context, options *api.ListOptions) (watch.Interface, error)
}
// storage puts strong typing around storage calls
type storage struct {
rest.StandardStorage
}
// NewRegistry returns a new Registry interface for the given Storage. Any mismatched
// types will panic.
func NewRegistry(s rest.StandardStorage) Registry {
return &storage{s}
}
func (s *storage) ListCSRs(ctx api.Context, options *api.ListOptions) (*certificates.CertificateSigningRequestList, error) {
obj, err := s.List(ctx, options)
if err != nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequestList), nil
}
func (s *storage) CreateCSR(ctx api.Context, csr *certificates.CertificateSigningRequest) error {
// Inject user.Info from request context if available and no
// information was supplied. Don't smash existing user information
// since it should be possible for a broadly-scoped user to request a
// certificate on behalf of a more limited user.
if user, ok := api.UserFrom(ctx); ok {
if csr.Spec.Username == "" {
csr.Spec.Username = user.GetName()
csr.Spec.UID = user.GetUID()
csr.Spec.Groups = user.GetGroups()
}
}
_, err := s.Create(ctx, csr)
return err
}
func (s *storage) UpdateCSR(ctx api.Context, csr *certificates.CertificateSigningRequest) error {
_, _, err := s.Update(ctx, csr.Name, rest.DefaultUpdatedObjectInfo(csr, api.Scheme))
return err
}
func (s *storage) WatchCSRs(ctx api.Context, options *api.ListOptions) (watch.Interface, error) {
return s.Watch(ctx, options)
}
func (s *storage) GetCSR(ctx api.Context, name string) (*certificates.CertificateSigningRequest, error) {
obj, err := s.Get(ctx, name)
if err != nil {
return nil, err
}
return obj.(*certificates.CertificateSigningRequest), nil
}
func (s *storage) DeleteCSR(ctx api.Context, name string) error {
_, err := s.Delete(ctx, name, nil)
return err
}

177
pkg/registry/certificates/strategy.go Normal file
View File

@ -0,0 +1,177 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package certificates
import (
"fmt"
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/apis/certificates/validation"
"k8s.io/kubernetes/pkg/fields"
"k8s.io/kubernetes/pkg/labels"
"k8s.io/kubernetes/pkg/registry/generic"
"k8s.io/kubernetes/pkg/runtime"
"k8s.io/kubernetes/pkg/util/validation/field"
)
// csrStrategy implements behavior for CSRs
type csrStrategy struct {
runtime.ObjectTyper
api.NameGenerator
}
// csrStrategy is the default logic that applies when creating and updating
// CSR objects.
var Strategy = csrStrategy{api.Scheme, api.SimpleNameGenerator}
// NamespaceScoped is true for CSRs.
func (csrStrategy) NamespaceScoped() bool {
return false
}
// AllowCreateOnUpdate is false for CSRs.
func (csrStrategy) AllowCreateOnUpdate() bool {
return false
}
// PrepareForCreate clears fields that are not allowed to be set by end users
// on creation. Users cannot create any derived information, but we expect
// information about the requesting user to be injected by the registry
// interface. Clear everything else.
// TODO: check these ordering assumptions. better way to inject user info?
func (csrStrategy) PrepareForCreate(obj runtime.Object) {
csr := obj.(*certificates.CertificateSigningRequest)
// Be explicit that users cannot create pre-approved certificate requests.
csr.Status = certificates.CertificateSigningRequestStatus{}
csr.Status.Conditions = []certificates.CertificateSigningRequestCondition{}
}
// PrepareForUpdate clears fields that are not allowed to be set by end users
// on update. Certificate requests are immutable after creation except via subresources.
func (csrStrategy) PrepareForUpdate(obj, old runtime.Object) {
newCSR := obj.(*certificates.CertificateSigningRequest)
oldCSR := old.(*certificates.CertificateSigningRequest)
newCSR.Spec = oldCSR.Spec
newCSR.Status = oldCSR.Status
}
// Validate validates a new CSR. Validation must check for a correct signature.
func (csrStrategy) Validate(ctx api.Context, obj runtime.Object) field.ErrorList {
csr := obj.(*certificates.CertificateSigningRequest)
return validation.ValidateCertificateSigningRequest(csr)
}
// Canonicalize normalizes the object after validation (which includes a signature check).
func (csrStrategy) Canonicalize(obj runtime.Object) {}
// ValidateUpdate is the default update validation for an end user.
func (csrStrategy) ValidateUpdate(ctx api.Context, obj, old runtime.Object) field.ErrorList {
oldCSR := old.(*certificates.CertificateSigningRequest)
newCSR := obj.(*certificates.CertificateSigningRequest)
return validation.ValidateCertificateSigningRequestUpdate(newCSR, oldCSR)
}
// If AllowUnconditionalUpdate() is true and the object specified by
// the user does not have a resource version, then generic Update()
// populates it with the latest version. Else, it checks that the
// version specified by the user matches the version of latest etcd
// object.
func (csrStrategy) AllowUnconditionalUpdate() bool {
return true
}
func (s csrStrategy) Export(obj runtime.Object, exact bool) error {
csr, ok := obj.(*certificates.CertificateSigningRequest)
if !ok {
// unexpected programmer error
return fmt.Errorf("unexpected object: %v", obj)
}
s.PrepareForCreate(obj)
if exact {
return nil
}
// CSRs allow direct subresource edits, we clear them without exact so the CSR value can be reused.
csr.Status = certificates.CertificateSigningRequestStatus{}
return nil
}
// Storage strategy for the Status subresource
type csrStatusStrategy struct {
csrStrategy
}
var StatusStrategy = csrStatusStrategy{Strategy}
func (csrStatusStrategy) PrepareForUpdate(obj, old runtime.Object) {
newCSR := obj.(*certificates.CertificateSigningRequest)
oldCSR := old.(*certificates.CertificateSigningRequest)
// Updating the Status should only update the Status and not the spec
// or approval conditions. The intent is to separate the concerns of
// approval and certificate issuance.
newCSR.Spec = oldCSR.Spec
newCSR.Status.Conditions = oldCSR.Status.Conditions
}
func (csrStatusStrategy) ValidateUpdate(ctx api.Context, obj, old runtime.Object) field.ErrorList {
return validation.ValidateCertificateSigningRequestUpdate(obj.(*certificates.CertificateSigningRequest), old.(*certificates.CertificateSigningRequest))
}
// Canonicalize normalizes the object after validation.
func (csrStatusStrategy) Canonicalize(obj runtime.Object) {
}
// Storage strategy for the Approval subresource
type csrApprovalStrategy struct {
csrStrategy
}
var ApprovalStrategy = csrApprovalStrategy{Strategy}
func (csrApprovalStrategy) PrepareForUpdate(obj, old runtime.Object) {
newCSR := obj.(*certificates.CertificateSigningRequest)
oldCSR := old.(*certificates.CertificateSigningRequest)
// Updating the approval should only update the conditions.
newCSR.Spec = oldCSR.Spec
oldCSR.Status.Conditions = newCSR.Status.Conditions
newCSR.Status = oldCSR.Status
}
func (csrApprovalStrategy) ValidateUpdate(ctx api.Context, obj, old runtime.Object) field.ErrorList {
return validation.ValidateCertificateSigningRequestUpdate(obj.(*certificates.CertificateSigningRequest), old.(*certificates.CertificateSigningRequest))
}
// Matcher returns a generic matcher for a given label and field selector.
func Matcher(label labels.Selector, field fields.Selector) generic.Matcher {
return generic.MatcherFunc(func(obj runtime.Object) (bool, error) {
sa, ok := obj.(*certificates.CertificateSigningRequest)
if !ok {
return false, fmt.Errorf("not a CertificateSigningRequest")
}
fields := SelectableFields(sa)
return label.Matches(labels.Set(sa.Labels)) && field.Matches(fields), nil
})
}
// SelectableFields returns a label set that can be used for filter selection
func SelectableFields(obj *certificates.CertificateSigningRequest) labels.Set {
return labels.Set{}
}

40
pkg/util/certificates/csr.go Normal file
View File

@ -0,0 +1,40 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package certificates
import (
"crypto/x509"
"encoding/pem"
"errors"
"k8s.io/kubernetes/pkg/apis/certificates"
)
// ParseCertificateRequestObject extracts the CSR from the API object and decodes it.
func ParseCertificateRequestObject(obj *certificates.CertificateSigningRequest) (*x509.CertificateRequest, error) {
// extract PEM from request object
pemBytes := obj.Spec.Request
block, _ := pem.Decode(pemBytes)
if block == nil || block.Type != "CERTIFICATE REQUEST" {
return nil, errors.New("PEM block type must be CERTIFICATE REQUEST")
}
csr, err := x509.ParseCertificateRequest(block.Bytes)
if err != nil {
return nil, err
}
return csr, nil
}

5
test/integration/framework/master_utils.go
View File

@ -33,6 +33,7 @@ import (
"k8s.io/kubernetes/pkg/apis/apps"
"k8s.io/kubernetes/pkg/apis/autoscaling"
"k8s.io/kubernetes/pkg/apis/batch"
"k8s.io/kubernetes/pkg/apis/certificates"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/apis/rbac"
@ -192,6 +193,10 @@ func NewMasterConfig() *master.Config {
unversioned.GroupResource{Group: rbac.GroupName, Resource: genericapiserver.AllResources},
"",
NewSingleContentTypeSerializer(api.Scheme, testapi.Rbac.Codec(), runtime.ContentTypeJSON))
storageFactory.SetSerializer(
unversioned.GroupResource{Group: certificates.GroupName, Resource: genericapiserver.AllResources},
"",
NewSingleContentTypeSerializer(api.Scheme, testapi.Certificates.Codec(), runtime.ContentTypeJSON))
return &master.Config{
Config: &genericapiserver.Config{