-
Notifications
You must be signed in to change notification settings - Fork 202
/
binaryauthorizationattestor_types.go
133 lines (109 loc) · 7.34 KB
/
binaryauthorizationattestor_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
//
// ----------------------------------------------------------------------------
//
// This file is automatically generated by Config Connector and manual
// changes will be clobbered when the file is regenerated.
//
// ----------------------------------------------------------------------------
// *** DISCLAIMER ***
// Config Connector's go-client for CRDs is currently in ALPHA, which means
// that future versions of the go-client may include breaking changes.
// Please try it out and give us feedback!
package v1beta1
import (
"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type AttestorPkixPublicKey struct {
/* A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13 */
// +optional
PublicKeyPem *string `json:"publicKeyPem,omitempty"`
/* The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key). Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512 */
// +optional
SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty"`
}
type AttestorPublicKeys struct {
/* ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID. */
// +optional
AsciiArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty"`
/* Optional. A descriptive comment. This field may be updated. */
// +optional
Comment *string `json:"comment,omitempty"`
/* The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details. */
// +optional
Id *string `json:"id,omitempty"`
/* A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key. */
// +optional
PkixPublicKey *AttestorPkixPublicKey `json:"pkixPublicKey,omitempty"`
}
type AttestorUserOwnedDrydockNote struct {
/* */
NoteRef v1alpha1.ResourceRef `json:"noteRef"`
/* Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. */
// +optional
PublicKeys []AttestorPublicKeys `json:"publicKeys,omitempty"`
}
type BinaryAuthorizationAttestorSpec struct {
/* Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs. */
// +optional
Description *string `json:"description,omitempty"`
/* The Project that this resource belongs to. */
ProjectRef v1alpha1.ResourceRef `json:"projectRef"`
/* Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */
// +optional
ResourceID *string `json:"resourceID,omitempty"`
/* This specifies how an attestation will be read, and how it will be used during policy enforcement. */
// +optional
UserOwnedDrydockNote *AttestorUserOwnedDrydockNote `json:"userOwnedDrydockNote,omitempty"`
}
type AttestorUserOwnedDrydockNoteStatus struct {
/* Output only. This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern. */
DelegationServiceAccountEmail string `json:"delegationServiceAccountEmail,omitempty"`
}
type BinaryAuthorizationAttestorStatus struct {
/* Conditions represent the latest available observations of the
BinaryAuthorizationAttestor's current state. */
Conditions []v1alpha1.Condition `json:"conditions,omitempty"`
/* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */
ObservedGeneration int `json:"observedGeneration,omitempty"`
/* Output only. Time when the attestor was last updated. */
UpdateTime string `json:"updateTime,omitempty"`
/* */
UserOwnedDrydockNote AttestorUserOwnedDrydockNoteStatus `json:"userOwnedDrydockNote,omitempty"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// BinaryAuthorizationAttestor is the Schema for the binaryauthorization API
// +k8s:openapi-gen=true
type BinaryAuthorizationAttestor struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec BinaryAuthorizationAttestorSpec `json:"spec,omitempty"`
Status BinaryAuthorizationAttestorStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// BinaryAuthorizationAttestorList contains a list of BinaryAuthorizationAttestor
type BinaryAuthorizationAttestorList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []BinaryAuthorizationAttestor `json:"items"`
}
func init() {
SchemeBuilder.Register(&BinaryAuthorizationAttestor{}, &BinaryAuthorizationAttestorList{})
}