Class: Kubernetes::V1beta1PodCertificateRequestSpec

Inherits:

Object

• Object
• Kubernetes::V1beta1PodCertificateRequestSpec

Defined in:

lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb

Overview

PodCertificateRequestSpec describes the certificate request. All fields are immutable after creation.

Instance Attribute Summary

• #max_expiration_seconds ⇒ Object

  maxExpirationSeconds is the maximum lifetime permitted for the certificate.

• #node_name ⇒ Object

  nodeName is the name of the node the pod is assigned to.

• #node_uid ⇒ Object

  nodeUID is the UID of the node the pod is assigned to.

• #pkix_public_key ⇒ Object

  The PKIX-serialized public key the signer will issue the certificate to.

• #pod_name ⇒ Object

  podName is the name of the pod into which the certificate will be mounted.

• #pod_uid ⇒ Object

  podUID is the UID of the pod into which the certificate will be mounted.

• #proof_of_possession ⇒ Object

  A proof that the requesting kubelet holds the private key corresponding to pkixPublicKey.

• #service_account_name ⇒ Object

  serviceAccountName is the name of the service account the pod is running as.

• #service_account_uid ⇒ Object

  serviceAccountUID is the UID of the service account the pod is running as.

• #signer_name ⇒ Object

  signerName indicates the requested signer.

• #stub_pkcs10_request ⇒ Object

  A PKCS#10 certificate signing request (DER-serialized) generated by Kubelet using the subject private key.

• #unverified_user_annotations ⇒ Object

  unverifiedUserAnnotations allow pod authors to pass additional information to the signer implementation.

Class Method Summary

• .acceptable_attributes ⇒ Object

  Returns all the JSON keys this model knows about.

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• .openapi_nullable ⇒ Object

  List of attributes with nullable: true.

• .openapi_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(o) ⇒ Object

  Checks equality by comparing each attribute.

• #_deserialize(type, value) ⇒ Object

  Deserializes the data based on type.

• #_to_hash(value) ⇒ Hash

  Outputs non-array value in the form of hash For object, use to_hash.

• #build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• #eql?(o) ⇒ Boolean
• #hash ⇒ Integer

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ V1beta1PodCertificateRequestSpec constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_body ⇒ Hash

  to_body is an alias to to_hash (backward compatibility).

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Constructor Details

#initialize(attributes = {}) ⇒ V1beta1PodCertificateRequestSpec

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 104

def initialize(attributes = {})
  if (!attributes.is_a?(Hash))
    fail ArgumentError, "The input argument (attributes) must be a hash in `Kubernetes::V1beta1PodCertificateRequestSpec` initialize method"
  end

  # check to see if the attribute exists and convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h|
    if (!self.class.attribute_map.key?(k.to_sym))
      fail ArgumentError, "`#{k}` is not a valid attribute in `Kubernetes::V1beta1PodCertificateRequestSpec`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
    end
    h[k.to_sym] = v
  }

  if attributes.key?(:'max_expiration_seconds')
    self.max_expiration_seconds = attributes[:'max_expiration_seconds']
  end

  if attributes.key?(:'node_name')
    self.node_name = attributes[:'node_name']
  end

  if attributes.key?(:'node_uid')
    self.node_uid = attributes[:'node_uid']
  end

  if attributes.key?(:'pkix_public_key')
    self.pkix_public_key = attributes[:'pkix_public_key']
  end

  if attributes.key?(:'pod_name')
    self.pod_name = attributes[:'pod_name']
  end

  if attributes.key?(:'pod_uid')
    self.pod_uid = attributes[:'pod_uid']
  end

  if attributes.key?(:'proof_of_possession')
    self.proof_of_possession = attributes[:'proof_of_possession']
  end

  if attributes.key?(:'service_account_name')
    self.service_account_name = attributes[:'service_account_name']
  end

  if attributes.key?(:'service_account_uid')
    self.service_account_uid = attributes[:'service_account_uid']
  end

  if attributes.key?(:'signer_name')
    self.signer_name = attributes[:'signer_name']
  end

  if attributes.key?(:'stub_pkcs10_request')
    self.stub_pkcs10_request = attributes[:'stub_pkcs10_request']
  end

  if attributes.key?(:'unverified_user_annotations')
    if (value = attributes[:'unverified_user_annotations']).is_a?(Hash)
      self.unverified_user_annotations = value
    end
  end
end

Instance Attribute Details

#max_expiration_seconds ⇒ Object

maxExpirationSeconds is the maximum lifetime permitted for the certificate. If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days). The signer implementation is then free to issue a certificate with any lifetime shorter than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. ‘kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 20

def max_expiration_seconds
  @max_expiration_seconds
end

#node_name ⇒ Object

nodeName is the name of the node the pod is assigned to.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 23

def node_name
  @node_name
end

#node_uid ⇒ Object

nodeUID is the UID of the node the pod is assigned to.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 26

def node_uid
  @node_uid
end

#pkix_public_key ⇒ Object

The PKIX-serialized public key the signer will issue the certificate to. The key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in the future. Signer implementations do not need to support all key types supported by kube-apiserver and kubelet. If a signer does not support the key type used for a given PodCertificateRequest, it must deny the request by setting a status.conditions entry with a type of "Denied" and a reason of "UnsupportedKeyType". It may also suggest a key type that it does support in the message field. Deprecated: This field is replaced by StubPKCS10Request. If StubPKCS10Request is set, this field must be empty. Signer implementations should extract the public key from the StubPKCS10Request field.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 29

def pkix_public_key
  @pkix_public_key
end

#pod_name ⇒ Object

podName is the name of the pod into which the certificate will be mounted.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 32

def pod_name
  @pod_name
end

#pod_uid ⇒ Object

podUID is the UID of the pod into which the certificate will be mounted.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 35

def pod_uid
  @pod_uid
end

#proof_of_possession ⇒ Object

A proof that the requesting kubelet holds the private key corresponding to pkixPublicKey. It is contructed by signing the ASCII bytes of the pod’s UID using ‘pkixPublicKey`. kube-apiserver validates the proof of possession during creation of the PodCertificateRequest. If the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options). If the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1) If the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign). Deprecated: This field is replaced by StubPKCS10Request. If StubPKCS10Request is set, this field must be empty.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 38

def proof_of_possession
  @proof_of_possession
end

#service_account_name ⇒ Object

serviceAccountName is the name of the service account the pod is running as.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 41

def service_account_name
  @service_account_name
end

#service_account_uid ⇒ Object

serviceAccountUID is the UID of the service account the pod is running as.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 44

def service_account_uid
  @service_account_uid
end

#signer_name ⇒ Object

signerName indicates the requested signer. All signer names beginning with ‘kubernetes.io` are reserved for use by the Kubernetes project. There is currently one well-known signer documented by the Kubernetes project, `kubernetes.io/kube-apiserver-client-pod`, which will issue client certificates understood by kube-apiserver. It is currently unimplemented.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 47

def signer_name
  @signer_name
end

#stub_pkcs10_request ⇒ Object

A PKCS#10 certificate signing request (DER-serialized) generated by Kubelet using the subject private key. Most signer implementations will ignore the contents of the CSR except to extract the subject public key. The API server automatically verifies the CSR signature during admission, so the signer does not need to repeat the verification. CSRs generated by kubelet are completely empty. The subject public key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in the future. Signer implementations do not need to support all key types supported by kube-apiserver and kubelet. If a signer does not support the key type used for a given PodCertificateRequest, it must deny the request by setting a status.conditions entry with a type of "Denied" and a reason of "UnsupportedKeyType". It may also suggest a key type that it does support in the message field.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 50

def stub_pkcs10_request
  @stub_pkcs10_request
end

#unverified_user_annotations ⇒ Object

unverifiedUserAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way. Entries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field. Signers should document the keys and values they support. Signers should deny requests that contain keys they do not recognize.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 53

def unverified_user_annotations
  @unverified_user_annotations
end

Class Method Details

.acceptable_attributes ⇒ Object

Returns all the JSON keys this model knows about

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 74

def self.acceptable_attributes
  attribute_map.values
end

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 56

def self.attribute_map
  {
    :'max_expiration_seconds' => :'maxExpirationSeconds',
    :'node_name' => :'nodeName',
    :'node_uid' => :'nodeUID',
    :'pkix_public_key' => :'pkixPublicKey',
    :'pod_name' => :'podName',
    :'pod_uid' => :'podUID',
    :'proof_of_possession' => :'proofOfPossession',
    :'service_account_name' => :'serviceAccountName',
    :'service_account_uid' => :'serviceAccountUID',
    :'signer_name' => :'signerName',
    :'stub_pkcs10_request' => :'stubPKCS10Request',
    :'unverified_user_annotations' => :'unverifiedUserAnnotations'
  }
end

.build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 310

def self.build_from_hash(attributes)
  new.build_from_hash(attributes)
end

.openapi_nullable ⇒ Object

List of attributes with nullable: true

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 97

def self.openapi_nullable
  Set.new([
  ])
end

.openapi_types ⇒ Object

Attribute type mapping.

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 79

def self.openapi_types
  {
    :'max_expiration_seconds' => :'Integer',
    :'node_name' => :'String',
    :'node_uid' => :'String',
    :'pkix_public_key' => :'String',
    :'pod_name' => :'String',
    :'pod_uid' => :'String',
    :'proof_of_possession' => :'String',
    :'service_account_name' => :'String',
    :'service_account_uid' => :'String',
    :'signer_name' => :'String',
    :'stub_pkcs10_request' => :'String',
    :'unverified_user_annotations' => :'Hash<String, String>'
  }
end

Instance Method Details

#==(o) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• Object (Object) —

  to be compared

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 278

def ==(o)
  return true if self.equal?(o)
  self.class == o.class &&
      max_expiration_seconds == o.max_expiration_seconds &&
      node_name == o.node_name &&
      node_uid == o.node_uid &&
      pkix_public_key == o.pkix_public_key &&
      pod_name == o.pod_name &&
      pod_uid == o.pod_uid &&
      proof_of_possession == o.proof_of_possession &&
      service_account_name == o.service_account_name &&
      service_account_uid == o.service_account_uid &&
      signer_name == o.signer_name &&
      stub_pkcs10_request == o.stub_pkcs10_request &&
      unverified_user_annotations == o.unverified_user_annotations
end

#_deserialize(type, value) ⇒ Object

Deserializes the data based on type

Parameters:

• string —

  type Data type

• string —

  value Value to be deserialized

Returns:

• (Object) —

  Deserialized data

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 340

def _deserialize(type, value)
  case type.to_sym
  when :Time
    Time.parse(value)
  when :Date
    Date.parse(value)
  when :String
    value.to_s
  when :Integer
    value.to_i
  when :Float
    value.to_f
  when :Boolean
    if value.to_s =~ /\A(true|t|yes|y|1)\z/i
      true
    else
      false
    end
  when :Object
    # generic object (usually a Hash), return directly
    value
  when /\AArray<(?<inner_type>.+)>\z/
    inner_type = Regexp.last_match[:inner_type]
    value.map { |v| _deserialize(inner_type, v) }
  when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
    k_type = Regexp.last_match[:k_type]
    v_type = Regexp.last_match[:v_type]
    {}.tap do |hash|
      value.each do |k, v|
        hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
      end
    end
  else # model
    # models (e.g. Pet) or oneOf
    klass = Kubernetes.const_get(type)
    klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
  end
end

#_to_hash(value) ⇒ Hash

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value

Parameters:

• value (Object) —

  Any valid value

Returns:

• (Hash) —

  Returns the value in the form of hash

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 411

def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 317

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)
  self.class.openapi_types.each_pair do |key, type|
    if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
      self.send("#{key}=", nil)
    elsif type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
    end
  end

  self
end

#eql?(o) ⇒ Boolean

Parameters:

• Object (Object) —

  to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 297

def eql?(o)
  self == o
end

#hash ⇒ Integer

Calculates hash code according to all attributes.

Returns:

• (Integer) —

  Hash code

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 303

def hash
  [max_expiration_seconds, node_name, node_uid, pkix_public_key, pod_name, pod_uid, proof_of_possession, service_account_name, service_account_uid, signer_name, stub_pkcs10_request, unverified_user_annotations].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

Returns:

• Array for valid properties with the reasons

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 170

def list_invalid_properties
  invalid_properties = Array.new
  if @node_name.nil?
    invalid_properties.push('invalid value for "node_name", node_name cannot be nil.')
  end

  if @node_uid.nil?
    invalid_properties.push('invalid value for "node_uid", node_uid cannot be nil.')
  end

  pattern = Regexp.new(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/)
  if !@pkix_public_key.nil? && @pkix_public_key !~ pattern
    invalid_properties.push("invalid value for \"pkix_public_key\", must conform to the pattern #{pattern}.")
  end

  if @pod_name.nil?
    invalid_properties.push('invalid value for "pod_name", pod_name cannot be nil.')
  end

  if @pod_uid.nil?
    invalid_properties.push('invalid value for "pod_uid", pod_uid cannot be nil.')
  end

  pattern = Regexp.new(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/)
  if !@proof_of_possession.nil? && @proof_of_possession !~ pattern
    invalid_properties.push("invalid value for \"proof_of_possession\", must conform to the pattern #{pattern}.")
  end

  if @service_account_name.nil?
    invalid_properties.push('invalid value for "service_account_name", service_account_name cannot be nil.')
  end

  if @service_account_uid.nil?
    invalid_properties.push('invalid value for "service_account_uid", service_account_uid cannot be nil.')
  end

  if @signer_name.nil?
    invalid_properties.push('invalid value for "signer_name", signer_name cannot be nil.')
  end

  if @stub_pkcs10_request.nil?
    invalid_properties.push('invalid value for "stub_pkcs10_request", stub_pkcs10_request cannot be nil.')
  end

  pattern = Regexp.new(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/)
  if @stub_pkcs10_request !~ pattern
    invalid_properties.push("invalid value for \"stub_pkcs10_request\", must conform to the pattern #{pattern}.")
  end

  invalid_properties
end

#to_body ⇒ Hash

to_body is an alias to to_hash (backward compatibility)

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 387

def to_body
  to_hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 393

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = self.send(attr)
    if value.nil?
      is_nullable = self.class.openapi_nullable.include?(attr)
      next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
    end

    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

Returns:

• (String) —

  String presentation of the object

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 381

def to_s
  to_hash.to_s
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

Returns:

• (Boolean) —

  true if the model is valid

# File 'lib/kubernetes/models/v1beta1_pod_certificate_request_spec.rb', line 224

def valid?
  return false if @node_name.nil?
  return false if @node_uid.nil?
  return false if !@pkix_public_key.nil? && @pkix_public_key !~ Regexp.new(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/)
  return false if @pod_name.nil?
  return false if @pod_uid.nil?
  return false if !@proof_of_possession.nil? && @proof_of_possession !~ Regexp.new(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/)
  return false if @service_account_name.nil?
  return false if @service_account_uid.nil?
  return false if @signer_name.nil?
  return false if @stub_pkcs10_request.nil?
  return false if @stub_pkcs10_request !~ Regexp.new(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/)
  true
end