-
Notifications
You must be signed in to change notification settings - Fork 362
/
certificateauthority_types.go
218 lines (169 loc) · 7.15 KB
/
certificateauthority_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
/*
Copyright 2020 The Crossplane Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
"github.com/aws/aws-sdk-go-v2/service/acmpca/types"
xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// CertificateAuthorityParameters defines the desired state of an AWS CertificateAuthority.
type CertificateAuthorityParameters struct {
// Region is the region you'd like your CertificateAuthority to be created in.
Region string `json:"region"`
// Type of the certificate authority
// +kubebuilder:validation:Enum=ROOT;SUBORDINATE
Type types.CertificateAuthorityType `json:"type"`
// RevocationConfiguration to associate with the certificateAuthority.
// +optional
RevocationConfiguration *RevocationConfiguration `json:"revocationConfiguration,omitempty"`
// CertificateAuthorityConfiguration to associate with the certificateAuthority.
CertificateAuthorityConfiguration CertificateAuthorityConfiguration `json:"certificateAuthorityConfiguration"`
// The number of days to make a CA restorable after it has been deleted
// +optional
PermanentDeletionTimeInDays *int32 `json:"permanentDeletionTimeInDays,omitempty"`
// Status of the certificate authority.
// This value cannot be configured at creation, but can be updated to set a
// CA to ACTIVE or DISABLED.
// +optional
// +kubebuilder:validation:Enum=ACTIVE;DISABLED
Status *string `json:"status,omitempty"`
// One or more resource tags to associate with the certificateAuthority.
Tags []Tag `json:"tags"`
}
// Tag represents user-provided metadata that can be associated
type Tag struct {
// The key name that can be used to look up or retrieve the associated value.
Key string `json:"key"`
// The value associated with this tag.
Value string `json:"value"`
}
// RevocationConfiguration is configuration of the certificate revocation list
type RevocationConfiguration struct {
// Boolean value that specifies certificate revocation
Enabled bool `json:"enabled"`
// Name of the S3 bucket that contains the CRL
// +optional
S3BucketName *string `json:"s3BucketName,omitempty"`
// Alias for the CRL distribution point
// +optional
CustomCname *string `json:"customCname,omitempty"`
// Number of days until a certificate expires
// +optional
ExpirationInDays *int32 `json:"expirationInDays,omitempty"`
}
// CertificateAuthorityConfiguration is
type CertificateAuthorityConfiguration struct {
// Type of the public key algorithm
// +kubebuilder:validation:Enum=RSA_2048;EC_secp384r1;EC_prime256v1;RSA_4096
KeyAlgorithm types.KeyAlgorithm `json:"keyAlgorithm"`
// Algorithm that private CA uses to sign certificate requests
// +kubebuilder:validation:Enum=SHA512WITHECDSA;SHA256WITHECDSA;SHA384WITHECDSA;SHA512WITHRSA;SHA256WITHRSA;SHA384WITHRSA
SigningAlgorithm types.SigningAlgorithm `json:"signingAlgorithm"`
// Subject is information of Certificate Authority
Subject Subject `json:"subject"`
}
// Subject is
type Subject struct {
// Organization legal name
// +immutable
Organization string `json:"organization"`
// Organization's subdivision or unit
// +immutable
OrganizationalUnit string `json:"organizationalUnit"`
// Two-digit code that specifies the country
// +immutable
Country string `json:"country"`
// State in which the subject of the certificate is located
// +immutable
State string `json:"state"`
// The locality such as a city or town
// +immutable
Locality string `json:"locality"`
// FQDN associated with the certificate subject
// +immutable
CommonName string `json:"commonName"`
// Disambiguating information for the certificate subject.
// +optional
// +immutable
DistinguishedNameQualifier *string `json:"distinguishedNameQualifier,omitempty"`
// Typically a qualifier appended to the name of an individual
// +optional
// +immutable
GenerationQualifier *string `json:"generationQualifier,omitempty"`
// Concatenation of first letter of the GivenName, Middle name and SurName.
// +optional
// +immutable
Initials *string `json:"initials,omitempty"`
// First name
// +optional
// +immutable
GivenName *string `json:"givenName,omitempty"`
// Shortened version of a longer GivenName
// +optional
// +immutable
Pseudonym *string `json:"pseudonym,omitempty"`
// The certificate serial number.
// +optional
// +immutable
SerialNumber *string `json:"serialNumber,omitempty"`
// Surname
// +optional
// +immutable
Surname *string `json:"surname,omitempty"`
// Title
// +optional
// +immutable
Title *string `json:"title,omitempty"`
}
// CertificateAuthorityExternalStatus keeps the state of external resource
type CertificateAuthorityExternalStatus struct {
// String that contains the ARN of the issued certificate Authority
CertificateAuthorityARN string `json:"certificateAuthorityARN,omitempty"`
// Serial of the Certificate Authority
Serial string `json:"serial,omitempty"`
// Status is the current status of the CertificateAuthority.
Status string `json:"status,omitempty"`
}
// CertificateAuthoritySpec defines the desired state of CertificateAuthority
type CertificateAuthoritySpec struct {
xpv1.ResourceSpec `json:",inline"`
ForProvider CertificateAuthorityParameters `json:"forProvider"`
}
// An CertificateAuthorityStatus represents the observed state of an CertificateAuthority manager.
type CertificateAuthorityStatus struct {
xpv1.ResourceStatus `json:",inline"`
AtProvider CertificateAuthorityExternalStatus `json:"atProvider,omitempty"`
}
// +kubebuilder:object:root=true
// +kubebuilder:storageversion
// CertificateAuthority is a managed resource that represents an AWS CertificateAuthority Manager.
// +kubebuilder:printcolumn:name="TYPE",type="string",JSONPath=".spec.forProvider.type"
// +kubebuilder:printcolumn:name="STATUS",type="string",JSONPath=".spec.forProvider.status"
// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws}
type CertificateAuthority struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec CertificateAuthoritySpec `json:"spec"`
Status CertificateAuthorityStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// CertificateAuthorityList contains a list of CertificateAuthority
type CertificateAuthorityList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []CertificateAuthority `json:"items"`
}