v1alpha1

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 22, 2022 License: Apache-2.0 Imports: 5 Imported by: 6

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the tcs.intel.com v1 API group +kubebuilder:object:generate=true +groupName=tcs.intel.com

Index

Constants

View Source 
const (

	// ConditionStatusInit indicates the condition for object status
	// has just initiated. This is just to allow manual status patching
	// using kubectl, where no attestation-controller is running.
	// NOTE: This must be removed in near feature.
	ConditionStatusInit ConditionType = "Init"

	// ConditionReady indicates the condition for the request is ready
	// This should be set by the attestation-controller upon request has
	// been resolved, i.e. either success or failure.
	ConditionReady ConditionType = "Ready"

	ReasonTCSReconcile        ConditionReason = "TCSReconcile"
	ReasonControllerReconcile ConditionReason = "AttestationControllerReconcile"

	// ECDSAQuoteVersion3 indicates the SGX ECDSA quote version 3. This is the only
	// supported version by the QVE.
	ECDSAQuoteVersion3 = "ECDSA Quote 3"
)

Well-known condition types for certificate requests.

View Source 
const (
	// RequestTypeQuoteAttestation represents the type of request
	// is for only quote verification
	RequestTypeQuoteAttestation = "QuoteAttestation"
	// RequestTypeKeyProvisioning represents the type of request
	// is for CA key provisioning where quote verification is a
	// pre-requisite
	RequestTypeKeyProvisioning = "KeyProvisioning"
)

Variables

View Source 
var (
	// GroupName is the group name of the objects
	GroupName = "tcs.intel.com"

	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type ConditionReason 

type ConditionReason string

ConditionReason is the shaort machine readable reason for the occurred condition.

type ConditionType 

type ConditionType string

ConditionType is the type of a QuoteAttestationCondition

type IssuerConditionType 

type IssuerConditionType string

IssuerConditionType represents an Issuer condition value. 

const (
	// IssuerConditionReady represents the fact that a given Issuer condition
	// is in ready state and able to issue certificates.
	// If the `status` of this condition is `False`, CertificateRequest controllers
	// should prevent attempts to sign certificates.
	IssuerConditionReady IssuerConditionType = "Ready"
)

type QuoteAttestation 

type QuoteAttestation struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   QuoteAttestationSpec   `json:"spec,omitempty"`
	Status QuoteAttestationStatus `json:"status,omitempty"`
}

QuoteAttestation is the Schema for the quoteattestations API

func (*QuoteAttestation) DeepCopy 

func (in *QuoteAttestation) DeepCopy() *QuoteAttestation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestation.

func (*QuoteAttestation) DeepCopyInto 

func (in *QuoteAttestation) DeepCopyInto(out *QuoteAttestation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuoteAttestation) DeepCopyObject 

func (in *QuoteAttestation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type QuoteAttestationCondition 

type QuoteAttestationCondition struct {
	// type of the condition. One of QuoteVerified, CASecretReady adn Ready
	Type ConditionType `json:"type,omitempty"`
	// Status indicates the status of a condition (true, false, or unknown).
	Status v1.ConditionStatus `json:"status,omitempty"`
	// Reason indicates current request state
	// +optional
	Reason ConditionReason `json:"reason,omitempty"`
	// message contains a human readable message with details about the request state
	// +optional
	Message string `json:"message,omitempty"`
	// lastUpdateTime is the time of the last update to this condition
	// +optional
	LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"`
}

QuoteAttestationCondition describes a condition of a QuoteAttestation object

func (*QuoteAttestationCondition) DeepCopy 

func (in *QuoteAttestationCondition) DeepCopy() *QuoteAttestationCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestationCondition.

func (*QuoteAttestationCondition) DeepCopyInto 

func (in *QuoteAttestationCondition) DeepCopyInto(out *QuoteAttestationCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuoteAttestationList 

type QuoteAttestationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []QuoteAttestation `json:"items"`
}

QuoteAttestationList contains a list of QuoteAttestation

func (*QuoteAttestationList) DeepCopy 

func (in *QuoteAttestationList) DeepCopy() *QuoteAttestationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestationList.

func (*QuoteAttestationList) DeepCopyInto 

func (in *QuoteAttestationList) DeepCopyInto(out *QuoteAttestationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuoteAttestationList) DeepCopyObject 

func (in *QuoteAttestationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type QuoteAttestationRequestType 

type QuoteAttestationRequestType string

QuoteAttestationRequestType type definition for representing the type of attestation request

type QuoteAttestationSpec 

type QuoteAttestationSpec struct {
	// Type represents the type of the request, one of "QuoteAttestation", "KeyProvisioning".
	// +kubebuilder:validation:Enum=QuoteAttestation;KeyProvisioning
	// +kubebuilder:validation:default=KeyProvisioning
	Type QuoteAttestationRequestType `json:"type"`
	// Quote to be verified, base64-encoded.
	// +kubebuilder:listType=atomic
	Quote []byte `json:"quote"`

	// QuoteVersion used to for generated quote, default is ECDSA quote "3"
	// +kubebuilder:optional
	QuoteVersion string `json:"quoteVersion,omitempty"`

	//// ServiceID holds the unique identifier(name?) that represents service
	// which is requesting for the secret.
	// To be decided wether this should be SPIFFE trust domain!
	ServiceID string `json:"serviceId"`

	// PublicKey for encrypting the secret, hash is part of the quote data,
	// base-64 encoded.
	// +kubebuilder:listType=atomic
	PublicKey []byte `json:"publicKey"`

	// SignerName refers to the Kubernetes CSR signer name used by
	// this request.
	SignerName string `json:"signerName"`

	// SecretName is name of the Secret object (in the same namespace)
	// to keep the wrapped on secrets (only needed for KeyProvisioning request type)
	// which is an opeque type. The secret data must contain two map elements `tls.key`
	// and `tls.cert` and the values are the base64 encoded encrypted CA key and
	// base64 encoded x509(PEM encoded) certificate. This must be added only after
	// a successful quote validation and before updating the status condition.
	// +optional
	SecretName string `json:"secretName,omitempty"`
}

QuoteAttestationSpec defines the desired state of QuoteAttestation

func (*QuoteAttestationSpec) DeepCopy 

func (in *QuoteAttestationSpec) DeepCopy() *QuoteAttestationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestationSpec.

func (*QuoteAttestationSpec) DeepCopyInto 

func (in *QuoteAttestationSpec) DeepCopyInto(out *QuoteAttestationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuoteAttestationStatus 

type QuoteAttestationStatus struct {
	// conditions applied to the request. Known conditions are "QuoteVerified",
	// "CASecretsReady" and "Ready".
	// +optional
	Conditions []QuoteAttestationCondition `json:"conditions,omitempty"`
}

QuoteAttestationStatus defines the observed state of QuoteAttestation

func (*QuoteAttestationStatus) DeepCopy 

func (in *QuoteAttestationStatus) DeepCopy() *QuoteAttestationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuoteAttestationStatus.

func (*QuoteAttestationStatus) DeepCopyInto 

func (in *QuoteAttestationStatus) DeepCopyInto(out *QuoteAttestationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuoteAttestationStatus) GetCondition 

func (qas *QuoteAttestationStatus) GetCondition(t ConditionType) *QuoteAttestationCondition

func (*QuoteAttestationStatus) SetCondition 

func (qas *QuoteAttestationStatus) SetCondition(t ConditionType, status v1.ConditionStatus, reason ConditionReason, message string)

type TCSClusterIssuer 

type TCSClusterIssuer struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TCSIssuerSpec   `json:"spec,omitempty"`
	Status TCSIssuerStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster +kubebuilder:printcolumn:name="Age",type="date",JSONPath=`.metadata.creationTimestamp` +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].status` +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].reason` +kubebuilder:printcolumn:name="Message",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].message` TCSClusterIssuer is the Schema for the clusterissuers API

func (*TCSClusterIssuer) DeepCopy 

func (in *TCSClusterIssuer) DeepCopy() *TCSClusterIssuer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSClusterIssuer.

func (*TCSClusterIssuer) DeepCopyInto 

func (in *TCSClusterIssuer) DeepCopyInto(out *TCSClusterIssuer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TCSClusterIssuer) DeepCopyObject 

func (in *TCSClusterIssuer) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TCSClusterIssuerList 

type TCSClusterIssuerList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TCSClusterIssuer `json:"items"`
}

TCSClusterIssuerList contains a list of TCSClusterIssuer

func (*TCSClusterIssuerList) DeepCopy 

func (in *TCSClusterIssuerList) DeepCopy() *TCSClusterIssuerList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSClusterIssuerList.

func (*TCSClusterIssuerList) DeepCopyInto 

func (in *TCSClusterIssuerList) DeepCopyInto(out *TCSClusterIssuerList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TCSClusterIssuerList) DeepCopyObject 

func (in *TCSClusterIssuerList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TCSIssuer 

type TCSIssuer struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TCSIssuerSpec   `json:"spec,omitempty"`
	Status TCSIssuerStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Age",type="date",JSONPath=`.metadata.creationTimestamp` +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].status` +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].reason` +kubebuilder:printcolumn:name="Message",type="string",JSONPath=`.status.conditions[?(@.type=='Ready')].message` TCSIssuer is the Schema for the issuers API

func (*TCSIssuer) DeepCopy 

func (in *TCSIssuer) DeepCopy() *TCSIssuer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuer.

func (*TCSIssuer) DeepCopyInto 

func (in *TCSIssuer) DeepCopyInto(out *TCSIssuer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TCSIssuer) DeepCopyObject 

func (in *TCSIssuer) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TCSIssuerCondition 

type TCSIssuerCondition struct {
	// Type of the condition, known values are ('Ready').
	Type IssuerConditionType `json:"type"`

	// Status of the condition, one of ('True', 'False', 'Unknown').
	Status v1.ConditionStatus `json:"status"`

	// LastTransitionTime is the timestamp corresponding to the last status
	// change of this condition.
	// +optional
	LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`

	// Reason is a brief machine readable explanation for the condition's last
	// transition.
	// +optional
	Reason string `json:"reason,omitempty"`

	// Message is a human readable description of the details of the last
	// transition, complementing reason.
	// +optional
	Message string `json:"message,omitempty"`
}

IssuerCondition contains condition information for an Issuer.

func (*TCSIssuerCondition) DeepCopy 

func (in *TCSIssuerCondition) DeepCopy() *TCSIssuerCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuerCondition.

func (*TCSIssuerCondition) DeepCopyInto 

func (in *TCSIssuerCondition) DeepCopyInto(out *TCSIssuerCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TCSIssuerList 

type TCSIssuerList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TCSIssuer `json:"items"`
}

+kubebuilder:object:root=true TCSIssuerList contains a list of TCSIssuer

func (*TCSIssuerList) DeepCopy 

func (in *TCSIssuerList) DeepCopy() *TCSIssuerList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuerList.

func (*TCSIssuerList) DeepCopyInto 

func (in *TCSIssuerList) DeepCopyInto(out *TCSIssuerList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TCSIssuerList) DeepCopyObject 

func (in *TCSIssuerList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TCSIssuerSpec 

type TCSIssuerSpec struct {
	// Labels to set for the sub-objects (QuoteAttestation, Secret etc.,)
	// created for this issuer.
	// +optional
	Labels map[string]string `json:"labels,omitempty"`

	// SecretName is the name of the secret object to be
	// created by issuer controller to hold ca certificate
	SecretName string `json:"secretName,omitempty"`
	// SelfSignCertificate defines weather to generate a self-signed certificate
	// for this CA issuer. When it set false, the CA is expected to get provisioned
	// by an external key server using QuoteAttestation CRD.
	// Default to True.
	// +kubebuilder:default=true
	SelfSignCertificate *bool `json:"selfSign,omitempty"`
}

TCSIssuerSpec defines the desired state of Issuer

func (*TCSIssuerSpec) DeepCopy 

func (in *TCSIssuerSpec) DeepCopy() *TCSIssuerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuerSpec.

func (*TCSIssuerSpec) DeepCopyInto 

func (in *TCSIssuerSpec) DeepCopyInto(out *TCSIssuerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TCSIssuerStatus 

type TCSIssuerStatus struct {
	// List of status conditions to indicate the status of a CertificateRequest.
	// Known condition types are `Ready`.
	// +optional
	Conditions []TCSIssuerCondition `json:"conditions,omitempty"`
}

TCSIssuerStatus defines the observed state of Issuer

func (*TCSIssuerStatus) DeepCopy 

func (in *TCSIssuerStatus) DeepCopy() *TCSIssuerStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCSIssuerStatus.

func (*TCSIssuerStatus) DeepCopyInto 

func (in *TCSIssuerStatus) DeepCopyInto(out *TCSIssuerStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TCSIssuerStatus) GetCondition 

func (status *TCSIssuerStatus) GetCondition(ct IssuerConditionType) *TCSIssuerCondition

func (*TCSIssuerStatus) SetCondition 

func (status *TCSIssuerStatus) SetCondition(ct IssuerConditionType, condStatus v1.ConditionStatus, reason, message string)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.