k8s_openapi/v1_34/api/certificates/v1alpha1/
pod_certificate_request_status.rs

1// Generated from definition io.k8s.api.certificates.v1alpha1.PodCertificateRequestStatus
2
3/// PodCertificateRequestStatus describes the status of the request, and holds the certificate data if the request is issued.
4#[derive(Clone, Debug, Default, PartialEq)]
5pub struct PodCertificateRequestStatus {
6    /// beginRefreshAt is the time at which the kubelet should begin trying to refresh the certificate.  This field is set via the /status subresource, and must be set at the same time as certificateChain.  Once populated, this field is immutable.
7    ///
8    /// This field is only a hint.  Kubelet may start refreshing before or after this time if necessary.
9    pub begin_refresh_at: Option<crate::apimachinery::pkg::apis::meta::v1::Time>,
10
11    /// certificateChain is populated with an issued certificate by the signer. This field is set via the /status subresource. Once populated, this field is immutable.
12    ///
13    /// If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty.
14    ///
15    /// Validation requirements:
16    ///  1. certificateChain must consist of one or more PEM-formatted certificates.
17    ///  2. Each entry must be a valid PEM-wrapped, DER-encoded ASN.1 Certificate as
18    ///     described in section 4 of RFC5280.
19    ///
20    /// If more than one block is present, and the definition of the requested spec.signerName does not indicate otherwise, the first block is the issued certificate, and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes.  When projecting the chain into a pod volume, kubelet will drop any data in-between the PEM blocks, as well as any PEM block headers.
21    pub certificate_chain: Option<std::string::String>,
22
23    /// conditions applied to the request.
24    ///
25    /// The types "Issued", "Denied", and "Failed" have special handling.  At most one of these conditions may be present, and they must have status "True".
26    ///
27    /// If the request is denied with `Reason=UnsupportedKeyType`, the signer may suggest a key type that will work in the message field.
28    pub conditions: Option<std::vec::Vec<crate::apimachinery::pkg::apis::meta::v1::Condition>>,
29
30    /// notAfter is the time at which the certificate expires.  The value must be the same as the notAfter value in the leaf certificate in certificateChain.  This field is set via the /status subresource.  Once populated, it is immutable.  The signer must set this field at the same time it sets certificateChain.
31    pub not_after: Option<crate::apimachinery::pkg::apis::meta::v1::Time>,
32
33    /// notBefore is the time at which the certificate becomes valid.  The value must be the same as the notBefore value in the leaf certificate in certificateChain.  This field is set via the /status subresource.  Once populated, it is immutable. The signer must set this field at the same time it sets certificateChain.
34    pub not_before: Option<crate::apimachinery::pkg::apis::meta::v1::Time>,
35}
36
37impl crate::DeepMerge for PodCertificateRequestStatus {
38    fn merge_from(&mut self, other: Self) {
39        crate::DeepMerge::merge_from(&mut self.begin_refresh_at, other.begin_refresh_at);
40        crate::DeepMerge::merge_from(&mut self.certificate_chain, other.certificate_chain);
41        crate::merge_strategies::list::map(
42            &mut self.conditions,
43            other.conditions,
44            &[|lhs, rhs| lhs.type_ == rhs.type_],
45            |current_item, other_item| {
46                crate::DeepMerge::merge_from(current_item, other_item);
47            },
48        );
49        crate::DeepMerge::merge_from(&mut self.not_after, other.not_after);
50        crate::DeepMerge::merge_from(&mut self.not_before, other.not_before);
51    }
52}
53
54impl<'de> crate::serde::Deserialize<'de> for PodCertificateRequestStatus {
55    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
56        #[allow(non_camel_case_types)]
57        enum Field {
58            Key_begin_refresh_at,
59            Key_certificate_chain,
60            Key_conditions,
61            Key_not_after,
62            Key_not_before,
63            Other,
64        }
65
66        impl<'de> crate::serde::Deserialize<'de> for Field {
67            fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
68                struct Visitor;
69
70                impl crate::serde::de::Visitor<'_> for Visitor {
71                    type Value = Field;
72
73                    fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
74                        f.write_str("field identifier")
75                    }
76
77                    fn visit_str<E>(self, v: &str) -> Result<Self::Value, E> where E: crate::serde::de::Error {
78                        Ok(match v {
79                            "beginRefreshAt" => Field::Key_begin_refresh_at,
80                            "certificateChain" => Field::Key_certificate_chain,
81                            "conditions" => Field::Key_conditions,
82                            "notAfter" => Field::Key_not_after,
83                            "notBefore" => Field::Key_not_before,
84                            _ => Field::Other,
85                        })
86                    }
87                }
88
89                deserializer.deserialize_identifier(Visitor)
90            }
91        }
92
93        struct Visitor;
94
95        impl<'de> crate::serde::de::Visitor<'de> for Visitor {
96            type Value = PodCertificateRequestStatus;
97
98            fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
99                f.write_str("PodCertificateRequestStatus")
100            }
101
102            fn visit_map<A>(self, mut map: A) -> Result<Self::Value, A::Error> where A: crate::serde::de::MapAccess<'de> {
103                let mut value_begin_refresh_at: Option<crate::apimachinery::pkg::apis::meta::v1::Time> = None;
104                let mut value_certificate_chain: Option<std::string::String> = None;
105                let mut value_conditions: Option<std::vec::Vec<crate::apimachinery::pkg::apis::meta::v1::Condition>> = None;
106                let mut value_not_after: Option<crate::apimachinery::pkg::apis::meta::v1::Time> = None;
107                let mut value_not_before: Option<crate::apimachinery::pkg::apis::meta::v1::Time> = None;
108
109                while let Some(key) = crate::serde::de::MapAccess::next_key::<Field>(&mut map)? {
110                    match key {
111                        Field::Key_begin_refresh_at => value_begin_refresh_at = crate::serde::de::MapAccess::next_value(&mut map)?,
112                        Field::Key_certificate_chain => value_certificate_chain = crate::serde::de::MapAccess::next_value(&mut map)?,
113                        Field::Key_conditions => value_conditions = crate::serde::de::MapAccess::next_value(&mut map)?,
114                        Field::Key_not_after => value_not_after = crate::serde::de::MapAccess::next_value(&mut map)?,
115                        Field::Key_not_before => value_not_before = crate::serde::de::MapAccess::next_value(&mut map)?,
116                        Field::Other => { let _: crate::serde::de::IgnoredAny = crate::serde::de::MapAccess::next_value(&mut map)?; },
117                    }
118                }
119
120                Ok(PodCertificateRequestStatus {
121                    begin_refresh_at: value_begin_refresh_at,
122                    certificate_chain: value_certificate_chain,
123                    conditions: value_conditions,
124                    not_after: value_not_after,
125                    not_before: value_not_before,
126                })
127            }
128        }
129
130        deserializer.deserialize_struct(
131            "PodCertificateRequestStatus",
132            &[
133                "beginRefreshAt",
134                "certificateChain",
135                "conditions",
136                "notAfter",
137                "notBefore",
138            ],
139            Visitor,
140        )
141    }
142}
143
144impl crate::serde::Serialize for PodCertificateRequestStatus {
145    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: crate::serde::Serializer {
146        let mut state = serializer.serialize_struct(
147            "PodCertificateRequestStatus",
148            self.begin_refresh_at.as_ref().map_or(0, |_| 1) +
149            self.certificate_chain.as_ref().map_or(0, |_| 1) +
150            self.conditions.as_ref().map_or(0, |_| 1) +
151            self.not_after.as_ref().map_or(0, |_| 1) +
152            self.not_before.as_ref().map_or(0, |_| 1),
153        )?;
154        if let Some(value) = &self.begin_refresh_at {
155            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "beginRefreshAt", value)?;
156        }
157        if let Some(value) = &self.certificate_chain {
158            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "certificateChain", value)?;
159        }
160        if let Some(value) = &self.conditions {
161            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "conditions", value)?;
162        }
163        if let Some(value) = &self.not_after {
164            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "notAfter", value)?;
165        }
166        if let Some(value) = &self.not_before {
167            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "notBefore", value)?;
168        }
169        crate::serde::ser::SerializeStruct::end(state)
170    }
171}
172
173#[cfg(feature = "schemars")]
174impl crate::schemars::JsonSchema for PodCertificateRequestStatus {
175    fn schema_name() -> std::borrow::Cow<'static, str> {
176        "io.k8s.api.certificates.v1alpha1.PodCertificateRequestStatus".into()
177    }
178
179    fn json_schema(__gen: &mut crate::schemars::SchemaGenerator) -> crate::schemars::Schema {
180        crate::schemars::json_schema!({
181            "description": "PodCertificateRequestStatus describes the status of the request, and holds the certificate data if the request is issued.",
182            "type": "object",
183            "properties": {
184                "beginRefreshAt": ({
185                    let mut schema_obj = __gen.subschema_for::<crate::apimachinery::pkg::apis::meta::v1::Time>();
186                    schema_obj.ensure_object().insert("description".into(), "beginRefreshAt is the time at which the kubelet should begin trying to refresh the certificate.  This field is set via the /status subresource, and must be set at the same time as certificateChain.  Once populated, this field is immutable.\n\nThis field is only a hint.  Kubelet may start refreshing before or after this time if necessary.".into());
187                    schema_obj
188                }),
189                "certificateChain": {
190                    "description": "certificateChain is populated with an issued certificate by the signer. This field is set via the /status subresource. Once populated, this field is immutable.\n\nIf the certificate signing request is denied, a condition of type \"Denied\" is added and this field remains empty. If the signer cannot issue the certificate, a condition of type \"Failed\" is added and this field remains empty.\n\nValidation requirements:\n 1. certificateChain must consist of one or more PEM-formatted certificates.\n 2. Each entry must be a valid PEM-wrapped, DER-encoded ASN.1 Certificate as\n    described in section 4 of RFC5280.\n\nIf more than one block is present, and the definition of the requested spec.signerName does not indicate otherwise, the first block is the issued certificate, and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes.  When projecting the chain into a pod volume, kubelet will drop any data in-between the PEM blocks, as well as any PEM block headers.",
191                    "type": "string",
192                },
193                "conditions": {
194                    "description": "conditions applied to the request.\n\nThe types \"Issued\", \"Denied\", and \"Failed\" have special handling.  At most one of these conditions may be present, and they must have status \"True\".\n\nIf the request is denied with `Reason=UnsupportedKeyType`, the signer may suggest a key type that will work in the message field.",
195                    "type": "array",
196                    "items": (__gen.subschema_for::<crate::apimachinery::pkg::apis::meta::v1::Condition>()),
197                },
198                "notAfter": ({
199                    let mut schema_obj = __gen.subschema_for::<crate::apimachinery::pkg::apis::meta::v1::Time>();
200                    schema_obj.ensure_object().insert("description".into(), "notAfter is the time at which the certificate expires.  The value must be the same as the notAfter value in the leaf certificate in certificateChain.  This field is set via the /status subresource.  Once populated, it is immutable.  The signer must set this field at the same time it sets certificateChain.".into());
201                    schema_obj
202                }),
203                "notBefore": ({
204                    let mut schema_obj = __gen.subschema_for::<crate::apimachinery::pkg::apis::meta::v1::Time>();
205                    schema_obj.ensure_object().insert("description".into(), "notBefore is the time at which the certificate becomes valid.  The value must be the same as the notBefore value in the leaf certificate in certificateChain.  This field is set via the /status subresource.  Once populated, it is immutable. The signer must set this field at the same time it sets certificateChain.".into());
206                    schema_obj
207                }),
208            },
209        })
210    }
211}