k8s_openapi/v1_33/api/certificates/v1beta1/
cluster_trust_bundle_spec.rs

1// Generated from definition io.k8s.api.certificates.v1beta1.ClusterTrustBundleSpec
2
3/// ClusterTrustBundleSpec contains the signer and trust anchors.
4#[derive(Clone, Debug, Default, PartialEq)]
5pub struct ClusterTrustBundleSpec {
6    /// signerName indicates the associated signer, if any.
7    ///
8    /// In order to create or update a ClusterTrustBundle that sets signerName, you must have the following cluster-scoped permission: group=certificates.k8s.io resource=signers resourceName=\<the signer name\> verb=attest.
9    ///
10    /// If signerName is not empty, then the ClusterTrustBundle object must be named with the signer name as a prefix (translating slashes to colons). For example, for the signer name `example.com/foo`, valid ClusterTrustBundle object names include `example.com:foo:abc` and `example.com:foo:v1`.
11    ///
12    /// If signerName is empty, then the ClusterTrustBundle object's name must not have such a prefix.
13    ///
14    /// List/watch requests for ClusterTrustBundles can filter on this field using a `spec.signerName=NAME` field selector.
15    pub signer_name: Option<std::string::String>,
16
17    /// trustBundle contains the individual X.509 trust anchors for this bundle, as PEM bundle of PEM-wrapped, DER-formatted X.509 certificates.
18    ///
19    /// The data must consist only of PEM certificate blocks that parse as valid X.509 certificates.  Each certificate must include a basic constraints extension with the CA bit set.  The API server will reject objects that contain duplicate certificates, or that use PEM block headers.
20    ///
21    /// Users of ClusterTrustBundles, including Kubelet, are free to reorder and deduplicate certificate blocks in this file according to their own logic, as well as to drop PEM block headers and inter-block data.
22    pub trust_bundle: std::string::String,
23}
24
25impl crate::DeepMerge for ClusterTrustBundleSpec {
26    fn merge_from(&mut self, other: Self) {
27        crate::DeepMerge::merge_from(&mut self.signer_name, other.signer_name);
28        crate::DeepMerge::merge_from(&mut self.trust_bundle, other.trust_bundle);
29    }
30}
31
32impl<'de> crate::serde::Deserialize<'de> for ClusterTrustBundleSpec {
33    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
34        #[allow(non_camel_case_types)]
35        enum Field {
36            Key_signer_name,
37            Key_trust_bundle,
38            Other,
39        }
40
41        impl<'de> crate::serde::Deserialize<'de> for Field {
42            fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
43                struct Visitor;
44
45                impl crate::serde::de::Visitor<'_> for Visitor {
46                    type Value = Field;
47
48                    fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
49                        f.write_str("field identifier")
50                    }
51
52                    fn visit_str<E>(self, v: &str) -> Result<Self::Value, E> where E: crate::serde::de::Error {
53                        Ok(match v {
54                            "signerName" => Field::Key_signer_name,
55                            "trustBundle" => Field::Key_trust_bundle,
56                            _ => Field::Other,
57                        })
58                    }
59                }
60
61                deserializer.deserialize_identifier(Visitor)
62            }
63        }
64
65        struct Visitor;
66
67        impl<'de> crate::serde::de::Visitor<'de> for Visitor {
68            type Value = ClusterTrustBundleSpec;
69
70            fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
71                f.write_str("ClusterTrustBundleSpec")
72            }
73
74            fn visit_map<A>(self, mut map: A) -> Result<Self::Value, A::Error> where A: crate::serde::de::MapAccess<'de> {
75                let mut value_signer_name: Option<std::string::String> = None;
76                let mut value_trust_bundle: Option<std::string::String> = None;
77
78                while let Some(key) = crate::serde::de::MapAccess::next_key::<Field>(&mut map)? {
79                    match key {
80                        Field::Key_signer_name => value_signer_name = crate::serde::de::MapAccess::next_value(&mut map)?,
81                        Field::Key_trust_bundle => value_trust_bundle = crate::serde::de::MapAccess::next_value(&mut map)?,
82                        Field::Other => { let _: crate::serde::de::IgnoredAny = crate::serde::de::MapAccess::next_value(&mut map)?; },
83                    }
84                }
85
86                Ok(ClusterTrustBundleSpec {
87                    signer_name: value_signer_name,
88                    trust_bundle: value_trust_bundle.unwrap_or_default(),
89                })
90            }
91        }
92
93        deserializer.deserialize_struct(
94            "ClusterTrustBundleSpec",
95            &[
96                "signerName",
97                "trustBundle",
98            ],
99            Visitor,
100        )
101    }
102}
103
104impl crate::serde::Serialize for ClusterTrustBundleSpec {
105    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: crate::serde::Serializer {
106        let mut state = serializer.serialize_struct(
107            "ClusterTrustBundleSpec",
108            1 +
109            self.signer_name.as_ref().map_or(0, |_| 1),
110        )?;
111        if let Some(value) = &self.signer_name {
112            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "signerName", value)?;
113        }
114        crate::serde::ser::SerializeStruct::serialize_field(&mut state, "trustBundle", &self.trust_bundle)?;
115        crate::serde::ser::SerializeStruct::end(state)
116    }
117}
118
119#[cfg(feature = "schemars")]
120impl crate::schemars::JsonSchema for ClusterTrustBundleSpec {
121    fn schema_name() -> std::string::String {
122        "io.k8s.api.certificates.v1beta1.ClusterTrustBundleSpec".into()
123    }
124
125    fn json_schema(__gen: &mut crate::schemars::gen::SchemaGenerator) -> crate::schemars::schema::Schema {
126        crate::schemars::schema::Schema::Object(crate::schemars::schema::SchemaObject {
127            metadata: Some(std::boxed::Box::new(crate::schemars::schema::Metadata {
128                description: Some("ClusterTrustBundleSpec contains the signer and trust anchors.".into()),
129                ..Default::default()
130            })),
131            instance_type: Some(crate::schemars::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars::schema::InstanceType::Object))),
132            object: Some(std::boxed::Box::new(crate::schemars::schema::ObjectValidation {
133                properties: [
134                    (
135                        "signerName".into(),
136                        crate::schemars::schema::Schema::Object(crate::schemars::schema::SchemaObject {
137                            metadata: Some(std::boxed::Box::new(crate::schemars::schema::Metadata {
138                                description: Some("signerName indicates the associated signer, if any.\n\nIn order to create or update a ClusterTrustBundle that sets signerName, you must have the following cluster-scoped permission: group=certificates.k8s.io resource=signers resourceName=<the signer name> verb=attest.\n\nIf signerName is not empty, then the ClusterTrustBundle object must be named with the signer name as a prefix (translating slashes to colons). For example, for the signer name `example.com/foo`, valid ClusterTrustBundle object names include `example.com:foo:abc` and `example.com:foo:v1`.\n\nIf signerName is empty, then the ClusterTrustBundle object's name must not have such a prefix.\n\nList/watch requests for ClusterTrustBundles can filter on this field using a `spec.signerName=NAME` field selector.".into()),
139                                ..Default::default()
140                            })),
141                            instance_type: Some(crate::schemars::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars::schema::InstanceType::String))),
142                            ..Default::default()
143                        }),
144                    ),
145                    (
146                        "trustBundle".into(),
147                        crate::schemars::schema::Schema::Object(crate::schemars::schema::SchemaObject {
148                            metadata: Some(std::boxed::Box::new(crate::schemars::schema::Metadata {
149                                description: Some("trustBundle contains the individual X.509 trust anchors for this bundle, as PEM bundle of PEM-wrapped, DER-formatted X.509 certificates.\n\nThe data must consist only of PEM certificate blocks that parse as valid X.509 certificates.  Each certificate must include a basic constraints extension with the CA bit set.  The API server will reject objects that contain duplicate certificates, or that use PEM block headers.\n\nUsers of ClusterTrustBundles, including Kubelet, are free to reorder and deduplicate certificate blocks in this file according to their own logic, as well as to drop PEM block headers and inter-block data.".into()),
150                                ..Default::default()
151                            })),
152                            instance_type: Some(crate::schemars::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars::schema::InstanceType::String))),
153                            ..Default::default()
154                        }),
155                    ),
156                ].into(),
157                required: [
158                    "trustBundle".into(),
159                ].into(),
160                ..Default::default()
161            })),
162            ..Default::default()
163        })
164    }
165}