Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the tcs.intel.com v1 API group +kubebuilder:object:generate=true +groupName=tcs.intel.com
Index ¶
- Constants
- Variables
- type ConditionReason
- type ConditionType
- type IssuerConditionType
- type QuoteAttestation
- type QuoteAttestationCondition
- type QuoteAttestationList
- type QuoteAttestationRequestType
- type QuoteAttestationSecret
- type QuoteAttestationSpec
- type QuoteAttestationStatus
- func (in *QuoteAttestationStatus) DeepCopy() *QuoteAttestationStatus
- func (in *QuoteAttestationStatus) DeepCopyInto(out *QuoteAttestationStatus)
- func (qas *QuoteAttestationStatus) GetCondition(t ConditionType) *QuoteAttestationCondition
- func (qas *QuoteAttestationStatus) SetCondition(t ConditionType, status v1.ConditionStatus, reason ConditionReason, ...)
- type TCSClusterIssuer
- type TCSClusterIssuerList
- type TCSIssuer
- type TCSIssuerCondition
- type TCSIssuerList
- type TCSIssuerSpec
- type TCSIssuerStatus
- func (in *TCSIssuerStatus) DeepCopy() *TCSIssuerStatus
- func (in *TCSIssuerStatus) DeepCopyInto(out *TCSIssuerStatus)
- func (status *TCSIssuerStatus) GetCondition(ct IssuerConditionType) *TCSIssuerCondition
- func (status *TCSIssuerStatus) SetCondition(ct IssuerConditionType, condStatus v1.ConditionStatus, reason, message string)
Constants ¶
const ( // ConditionStatusInit indicates the condition for object status // has just initiated. This is just to allow manual status patching // using kubectl, where no attestation-controller is running. // NOTE: This must be removed in near feature. ConditionStatusInit ConditionType = "Init" // ConditionReady indicates the condition for the request is ready // This should be set by the attestation-controller upon request has // been resolved, i.e. either success or failure. ConditionReady ConditionType = "Ready" ReasonTCSReconcile ConditionReason = "TCSReconcile" ReasonControllerReconcile ConditionReason = "AttestationControllerReconcile" // ECDSAQuoteVersion3 indicates the SGX ECDSA quote version 3. This is the only // supported version by the QVE. ECDSAQuoteVersion3 = "ECDSA Quote 3" )
Well-known condition types for certificate requests.
const ( // RequestTypeQuoteAttestation represents the type of request // is for only quote verification RequestTypeQuoteAttestation = "QuoteAttestation" // RequestTypeKeyProvisioning represents the type of request // is for CA key provisioning where quote verification is a // pre-requisite RequestTypeKeyProvisioning = "KeyProvisioning" )
Variables ¶
var ( // GroupName is the group name of the objects GroupName = "tcs.intel.com" // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type ConditionReason ¶
type ConditionReason string
ConditionReason is the shaort machine readable reason for the occurred condition.
type ConditionType ¶
type ConditionType string
ConditionType is the type of a QuoteAttestationCondition
type IssuerConditionType ¶
type IssuerConditionType string
IssuerConditionType represents an Issuer condition value.
const ( // IssuerConditionReady represents the fact that a given Issuer condition // is in ready state and able to issue certificates. // If the `status` of this condition is `False`, CertificateRequest controllers // should prevent attempts to sign certificates. IssuerConditionReady IssuerConditionType = "Ready" )
type QuoteAttestation ¶
type QuoteAttestation struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec QuoteAttestationSpec `json:"spec,omitempty"`
Status QuoteAttestationStatus `json:"status,omitempty"`
}
QuoteAttestation is the Schema for the quoteattestations API
func (*QuoteAttestation) DeepCopy ¶
func (in *QuoteAttestation) DeepCopy() *QuoteAttestation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestation.
func (*QuoteAttestation) DeepCopyInto ¶
func (in *QuoteAttestation) DeepCopyInto(out *QuoteAttestation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*QuoteAttestation) DeepCopyObject ¶
func (in *QuoteAttestation) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type QuoteAttestationCondition ¶
type QuoteAttestationCondition struct {
// type of the condition. One of QuoteVerified, CASecretReady adn Ready
Type ConditionType `json:"type,omitempty"`
// Status indicates the status of a condition (true, false, or unknown).
Status v1.ConditionStatus `json:"status,omitempty"`
// Reason indicates current request state
// +optional
Reason ConditionReason `json:"reason,omitempty"`
// message contains a human readable message with details about the request state
// +optional
Message string `json:"message,omitempty"`
// lastUpdateTime is the time of the last update to this condition
// +optional
LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"`
}
QuoteAttestationCondition describes a condition of a QuoteAttestation object
func (*QuoteAttestationCondition) DeepCopy ¶
func (in *QuoteAttestationCondition) DeepCopy() *QuoteAttestationCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestationCondition.
func (*QuoteAttestationCondition) DeepCopyInto ¶
func (in *QuoteAttestationCondition) DeepCopyInto(out *QuoteAttestationCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type QuoteAttestationList ¶
type QuoteAttestationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []QuoteAttestation `json:"items"`
}
QuoteAttestationList contains a list of QuoteAttestation
func (*QuoteAttestationList) DeepCopy ¶
func (in *QuoteAttestationList) DeepCopy() *QuoteAttestationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestationList.
func (*QuoteAttestationList) DeepCopyInto ¶
func (in *QuoteAttestationList) DeepCopyInto(out *QuoteAttestationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*QuoteAttestationList) DeepCopyObject ¶
func (in *QuoteAttestationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type QuoteAttestationRequestType ¶
type QuoteAttestationRequestType string
QuoteAttestationRequestType type definition for representing the type of attestation request
type QuoteAttestationSecret ¶
type QuoteAttestationSecret struct {
// SecretName represents name of the Secret object (in the same namespace)
// which is opeque type. The secret data must contain two map elements `tls.key`
// and `tls.cert` and the values are the base64 encoded encrypted CA key and
// base64 encoded x509(PEM encoded) certificate. This must bed added only after a successful
// quote validation and before updating the status condition.
// +optional
SecretName string `json:"secretName,omitempty"`
// SecretType defines the internal structure of secret fetched from the
// Key Management Service, as there might be different formats accordingly.
// +optional
SecretType string `json:"secretType,omitempty"`
}
QuoteAttestationSecret defines the secret get from the Key Management Service
func (*QuoteAttestationSecret) DeepCopy ¶
func (in *QuoteAttestationSecret) DeepCopy() *QuoteAttestationSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestationSecret.
func (*QuoteAttestationSecret) DeepCopyInto ¶
func (in *QuoteAttestationSecret) DeepCopyInto(out *QuoteAttestationSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type QuoteAttestationSpec ¶
type QuoteAttestationSpec struct {
// Type represents the type of the request, one of "QuoteAttestation", "KeyProvisioning".
// +kubebuilder:validation:Enum=QuoteAttestation;KeyProvisioning
// +kubebuilder:validation:default=KeyProvisioning
Type QuoteAttestationRequestType `json:"type"`
// Quote to be verified, base64-encoded.
// +kubebuilder:listType=atomic
Quote []byte `json:"quote"`
// QuoteVersion used to for generated quote, default is ECDSA quote "3"
// +kubebuilder:optional
QuoteVersion string `json:"quoteVersion,omitempty"`
//// ServiceID holds the unique identifier(name?) that represents service
// which is requesting for the secret.
// To be decided wether this should be SPIFFE trust domain!
ServiceID string `json:"serviceId"`
// PublicKey for encrypting the secret, hash is part of the quote data,
// base-64 encoded.
// +kubebuilder:listType=atomic
PublicKey []byte `json:"publicKey"`
// SignerNames refers to the list of Kubernetes CSR signer names used by
// this request.
SignerNames []string `json:"signerNames"`
}
QuoteAttestationSpec defines the desired state of QuoteAttestation
func (*QuoteAttestationSpec) DeepCopy ¶
func (in *QuoteAttestationSpec) DeepCopy() *QuoteAttestationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestationSpec.
func (*QuoteAttestationSpec) DeepCopyInto ¶
func (in *QuoteAttestationSpec) DeepCopyInto(out *QuoteAttestationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type QuoteAttestationStatus ¶
type QuoteAttestationStatus struct {
// conditions applied to the request. Known conditions are "QuoteVerified",
// "CASecretsReady" and "Ready".
// +optional
Conditions []QuoteAttestationCondition `json:"conditions,omitempty"`
// Secrets fetched after the request has been processed successfully
// The map keys are the signer names(Spec.SignerNames) passed by the
// request.
// +optional
Secrets map[string]QuoteAttestationSecret `json:"secrets,omitempty"`
}
QuoteAttestationStatus defines the observed state of QuoteAttestation
func (*QuoteAttestationStatus) DeepCopy ¶
func (in *QuoteAttestationStatus) DeepCopy() *QuoteAttestationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestationStatus.
func (*QuoteAttestationStatus) DeepCopyInto ¶
func (in *QuoteAttestationStatus) DeepCopyInto(out *QuoteAttestationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*QuoteAttestationStatus) GetCondition ¶
func (qas *QuoteAttestationStatus) GetCondition(t ConditionType) *QuoteAttestationCondition
func (*QuoteAttestationStatus) SetCondition ¶
func (qas *QuoteAttestationStatus) SetCondition(t ConditionType, status v1.ConditionStatus, reason ConditionReason, message string)
type TCSClusterIssuer ¶
type TCSClusterIssuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec TCSIssuerSpec `json:"spec,omitempty"`
Status TCSIssuerStatus `json:"status,omitempty"`
}
+kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster +kubebuilder:printcolumn:name="Age",type="date",JSONPath=`.metadata.creationTimestamp` +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].status` +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].reason` +kubebuilder:printcolumn:name="Message",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].message` TCSClusterIssuer is the Schema for the clusterissuers API
func (*TCSClusterIssuer) DeepCopy ¶
func (in *TCSClusterIssuer) DeepCopy() *TCSClusterIssuer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSClusterIssuer.
func (*TCSClusterIssuer) DeepCopyInto ¶
func (in *TCSClusterIssuer) DeepCopyInto(out *TCSClusterIssuer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TCSClusterIssuer) DeepCopyObject ¶
func (in *TCSClusterIssuer) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TCSClusterIssuerList ¶
type TCSClusterIssuerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []TCSClusterIssuer `json:"items"`
}
TCSClusterIssuerList contains a list of TCSClusterIssuer
func (*TCSClusterIssuerList) DeepCopy ¶
func (in *TCSClusterIssuerList) DeepCopy() *TCSClusterIssuerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSClusterIssuerList.
func (*TCSClusterIssuerList) DeepCopyInto ¶
func (in *TCSClusterIssuerList) DeepCopyInto(out *TCSClusterIssuerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TCSClusterIssuerList) DeepCopyObject ¶
func (in *TCSClusterIssuerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TCSIssuer ¶
type TCSIssuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec TCSIssuerSpec `json:"spec,omitempty"`
Status TCSIssuerStatus `json:"status,omitempty"`
}
+kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Age",type="date",JSONPath=`.metadata.creationTimestamp` +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].status` +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].reason` +kubebuilder:printcolumn:name="Message",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].message` TCSIssuer is the Schema for the issuers API
func (*TCSIssuer) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuer.
func (*TCSIssuer) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TCSIssuer) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TCSIssuerCondition ¶
type TCSIssuerCondition struct {
// Type of the condition, known values are ('Ready').
Type IssuerConditionType `json:"type"`
// Status of the condition, one of ('True', 'False', 'Unknown').
Status v1.ConditionStatus `json:"status"`
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
Message string `json:"message,omitempty"`
}
IssuerCondition contains condition information for an Issuer.
func (*TCSIssuerCondition) DeepCopy ¶
func (in *TCSIssuerCondition) DeepCopy() *TCSIssuerCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuerCondition.
func (*TCSIssuerCondition) DeepCopyInto ¶
func (in *TCSIssuerCondition) DeepCopyInto(out *TCSIssuerCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TCSIssuerList ¶
type TCSIssuerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []TCSIssuer `json:"items"`
}
+kubebuilder:object:root=true TCSIssuerList contains a list of TCSIssuer
func (*TCSIssuerList) DeepCopy ¶
func (in *TCSIssuerList) DeepCopy() *TCSIssuerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuerList.
func (*TCSIssuerList) DeepCopyInto ¶
func (in *TCSIssuerList) DeepCopyInto(out *TCSIssuerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TCSIssuerList) DeepCopyObject ¶
func (in *TCSIssuerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TCSIssuerSpec ¶
type TCSIssuerSpec struct {
// SecretName is the name of the secret object to be
// created by issuer controller to hold ca certificate
SecretName string `json:"secretName,omitempty"`
// SelfSignCertificate defines weather to generate a self-signed certificate
// for this CA issuer. When it set false, the CA is expected to get provisioned
// by an external key server using QuoteAttestaion CRD.
// Default to True.
// +kubebuilder:default=true
SelfSignCertificate bool `json:"selfSign,omitempty"`
}
TCSIssuerSpec defines the desired state of Issuer
func (*TCSIssuerSpec) DeepCopy ¶
func (in *TCSIssuerSpec) DeepCopy() *TCSIssuerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuerSpec.
func (*TCSIssuerSpec) DeepCopyInto ¶
func (in *TCSIssuerSpec) DeepCopyInto(out *TCSIssuerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TCSIssuerStatus ¶
type TCSIssuerStatus struct {
// List of status conditions to indicate the status of a CertificateRequest.
// Known condition types are `Ready`.
// +optional
Conditions []TCSIssuerCondition `json:"conditions,omitempty"`
}
TCSIssuerStatus defines the observed state of Issuer
func (*TCSIssuerStatus) DeepCopy ¶
func (in *TCSIssuerStatus) DeepCopy() *TCSIssuerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuerStatus.
func (*TCSIssuerStatus) DeepCopyInto ¶
func (in *TCSIssuerStatus) DeepCopyInto(out *TCSIssuerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TCSIssuerStatus) GetCondition ¶
func (status *TCSIssuerStatus) GetCondition(ct IssuerConditionType) *TCSIssuerCondition
func (*TCSIssuerStatus) SetCondition ¶
func (status *TCSIssuerStatus) SetCondition(ct IssuerConditionType, condStatus v1.ConditionStatus, reason, message string)
Source Files