1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/dcl2crd: "true"
9 cnrm.cloud.google.com/managed-by-kcc: "true"
10 cnrm.cloud.google.com/stability-level: stable
11 cnrm.cloud.google.com/system: "true"
12 name: privatecacertificates.privateca.cnrm.cloud.google.com
13spec:
14 group: privateca.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: PrivateCACertificate
19 plural: privatecacertificates
20 shortNames:
21 - gcpprivatecacertificate
22 - gcpprivatecacertificates
23 singular: privatecacertificate
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 caPoolRef:
62 description: Immutable.
63 oneOf:
64 - not:
65 required:
66 - external
67 required:
68 - name
69 - not:
70 anyOf:
71 - required:
72 - name
73 - required:
74 - namespace
75 required:
76 - external
77 properties:
78 external:
79 description: |-
80 The ca_pool for the resource
81
82 Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`).
83 type: string
84 name:
85 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
86 type: string
87 namespace:
88 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
89 type: string
90 type: object
91 certificateAuthorityRef:
92 description: Immutable.
93 oneOf:
94 - not:
95 required:
96 - external
97 required:
98 - name
99 - not:
100 anyOf:
101 - required:
102 - name
103 - required:
104 - namespace
105 required:
106 - external
107 properties:
108 external:
109 description: |-
110 The certificate authority for the resource
111
112 Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`).
113 type: string
114 name:
115 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
116 type: string
117 namespace:
118 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
119 type: string
120 type: object
121 certificateTemplateRef:
122 description: Immutable.
123 oneOf:
124 - not:
125 required:
126 - external
127 required:
128 - name
129 - not:
130 anyOf:
131 - required:
132 - name
133 - required:
134 - namespace
135 required:
136 - external
137 properties:
138 external:
139 description: |-
140 Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
141
142 Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource.
143 type: string
144 name:
145 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
146 type: string
147 namespace:
148 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
149 type: string
150 type: object
151 config:
152 description: Immutable. Immutable. A description of the certificate
153 and key that does not require X.509 or ASN.1.
154 properties:
155 publicKey:
156 description: Immutable. Optional. The public key that corresponds
157 to this config. This is, for example, used when issuing Certificates,
158 but not when creating a self-signed CertificateAuthority or
159 CertificateAuthority CSR.
160 properties:
161 format:
162 description: 'Immutable. Required. The format of the public
163 key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM'
164 type: string
165 key:
166 description: Immutable. Required. A public key. The padding
167 and encoding must match with the `KeyFormat` value specified
168 for the `format` field.
169 type: string
170 required:
171 - format
172 - key
173 type: object
174 subjectConfig:
175 description: Immutable. Required. Specifies some of the values
176 in a certificate that are related to the subject.
177 properties:
178 subject:
179 description: Immutable. Required. Contains distinguished name
180 fields such as the common name, location and organization.
181 properties:
182 commonName:
183 description: Immutable. The "common name" of the subject.
184 type: string
185 countryCode:
186 description: Immutable. The country code of the subject.
187 type: string
188 locality:
189 description: Immutable. The locality or city of the subject.
190 type: string
191 organization:
192 description: Immutable. The organization of the subject.
193 type: string
194 organizationalUnit:
195 description: Immutable. The organizational_unit of the
196 subject.
197 type: string
198 postalCode:
199 description: Immutable. The postal code of the subject.
200 type: string
201 province:
202 description: Immutable. The province, territory, or regional
203 state of the subject.
204 type: string
205 streetAddress:
206 description: Immutable. The street address of the subject.
207 type: string
208 type: object
209 subjectAltName:
210 description: Immutable. Optional. The subject alternative
211 name fields.
212 properties:
213 dnsNames:
214 description: Immutable. Contains only valid, fully-qualified
215 host names.
216 items:
217 type: string
218 type: array
219 emailAddresses:
220 description: Immutable. Contains only valid RFC 2822 E-mail
221 addresses.
222 items:
223 type: string
224 type: array
225 ipAddresses:
226 description: Immutable. Contains only valid 32-bit IPv4
227 addresses or RFC 4291 IPv6 addresses.
228 items:
229 type: string
230 type: array
231 uris:
232 description: Immutable. Contains only valid RFC 3986 URIs.
233 items:
234 type: string
235 type: array
236 type: object
237 required:
238 - subject
239 type: object
240 x509Config:
241 description: Immutable. Required. Describes how some of the technical
242 X.509 fields in a certificate should be populated.
243 properties:
244 additionalExtensions:
245 description: Immutable. Optional. Describes custom X.509 extensions.
246 items:
247 properties:
248 critical:
249 description: Immutable. Optional. Indicates whether
250 or not this extension is critical (i.e., if the client
251 does not know how to handle this extension, the client
252 should consider this to be an error).
253 type: boolean
254 objectId:
255 description: Immutable. Required. The OID for this X.509
256 extension.
257 properties:
258 objectIdPath:
259 description: Immutable. Required. The parts of an
260 OID path. The most significant parts of the path
261 come first.
262 items:
263 format: int64
264 type: integer
265 type: array
266 required:
267 - objectIdPath
268 type: object
269 value:
270 description: Immutable. Required. The value of this
271 X.509 extension.
272 type: string
273 required:
274 - objectId
275 - value
276 type: object
277 type: array
278 aiaOcspServers:
279 description: Immutable. Optional. Describes Online Certificate
280 Status Protocol (OCSP) endpoint addresses that appear in
281 the "Authority Information Access" extension in the certificate.
282 items:
283 type: string
284 type: array
285 caOptions:
286 description: Immutable. Optional. Describes options in this
287 X509Parameters that are relevant in a CA certificate.
288 properties:
289 isCa:
290 description: Immutable. Optional. When true, the "CA"
291 in Basic Constraints extension will be set to true.
292 type: boolean
293 maxIssuerPathLength:
294 description: Immutable. Optional. Refers to the "path
295 length constraint" in Basic Constraints extension. For
296 a CA certificate, this value describes the depth of
297 subordinate CA certificates that are allowed. If this
298 value is less than 0, the request will fail.
299 format: int64
300 type: integer
301 nonCa:
302 description: Immutable. Optional. When true, the "CA"
303 in Basic Constraints extension will be set to false.
304 If both `is_ca` and `non_ca` are unset, the extension
305 will be omitted from the CA certificate.
306 type: boolean
307 zeroMaxIssuerPathLength:
308 description: Immutable. Optional. When true, the "path
309 length constraint" in Basic Constraints extension will
310 be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length
311 are unset, the max path length will be omitted from
312 the CA certificate.
313 type: boolean
314 type: object
315 keyUsage:
316 description: Immutable. Optional. Indicates the intended use
317 for keys that correspond to a certificate.
318 properties:
319 baseKeyUsage:
320 description: Immutable. Describes high-level ways in which
321 a key may be used.
322 properties:
323 certSign:
324 description: Immutable. The key may be used to sign
325 certificates.
326 type: boolean
327 contentCommitment:
328 description: Immutable. The key may be used for cryptographic
329 commitments. Note that this may also be referred
330 to as "non-repudiation".
331 type: boolean
332 crlSign:
333 description: Immutable. The key may be used sign certificate
334 revocation lists.
335 type: boolean
336 dataEncipherment:
337 description: Immutable. The key may be used to encipher
338 data.
339 type: boolean
340 decipherOnly:
341 description: Immutable. The key may be used to decipher
342 only.
343 type: boolean
344 digitalSignature:
345 description: Immutable. The key may be used for digital
346 signatures.
347 type: boolean
348 encipherOnly:
349 description: Immutable. The key may be used to encipher
350 only.
351 type: boolean
352 keyAgreement:
353 description: Immutable. The key may be used in a key
354 agreement protocol.
355 type: boolean
356 keyEncipherment:
357 description: Immutable. The key may be used to encipher
358 other keys.
359 type: boolean
360 type: object
361 extendedKeyUsage:
362 description: Immutable. Detailed scenarios in which a
363 key may be used.
364 properties:
365 clientAuth:
366 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2.
367 Officially described as "TLS WWW client authentication",
368 though regularly used for non-WWW TLS.
369 type: boolean
370 codeSigning:
371 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3.
372 Officially described as "Signing of downloadable
373 executable code client authentication".
374 type: boolean
375 emailProtection:
376 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4.
377 Officially described as "Email protection".
378 type: boolean
379 ocspSigning:
380 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9.
381 Officially described as "Signing OCSP responses".
382 type: boolean
383 serverAuth:
384 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1.
385 Officially described as "TLS WWW server authentication",
386 though regularly used for non-WWW TLS.
387 type: boolean
388 timeStamping:
389 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8.
390 Officially described as "Binding the hash of an
391 object to a time".
392 type: boolean
393 type: object
394 unknownExtendedKeyUsages:
395 description: Immutable. Used to describe extended key
396 usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions
397 message.
398 items:
399 properties:
400 objectIdPath:
401 description: Immutable. Required. The parts of an
402 OID path. The most significant parts of the path
403 come first.
404 items:
405 format: int64
406 type: integer
407 type: array
408 required:
409 - objectIdPath
410 type: object
411 type: array
412 type: object
413 policyIds:
414 description: Immutable. Optional. Describes the X.509 certificate
415 policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
416 items:
417 properties:
418 objectIdPath:
419 description: Immutable. Required. The parts of an OID
420 path. The most significant parts of the path come
421 first.
422 items:
423 format: int64
424 type: integer
425 type: array
426 required:
427 - objectIdPath
428 type: object
429 type: array
430 type: object
431 required:
432 - subjectConfig
433 - x509Config
434 type: object
435 lifetime:
436 description: Immutable. Required. Immutable. The desired lifetime
437 of a certificate. Used to create the "not_before_time" and "not_after_time"
438 fields inside an X.509 certificate. Note that the lifetime may be
439 truncated if it would extend past the life of any certificate authority
440 in the issuing chain.
441 type: string
442 location:
443 description: Immutable. The location for the resource
444 type: string
445 pemCsr:
446 description: Immutable. Immutable. A pem-encoded X.509 certificate
447 signing request (CSR).
448 type: string
449 projectRef:
450 description: Immutable. The Project that this resource belongs to.
451 oneOf:
452 - not:
453 required:
454 - external
455 required:
456 - name
457 - not:
458 anyOf:
459 - required:
460 - name
461 - required:
462 - namespace
463 required:
464 - external
465 properties:
466 external:
467 description: |-
468 The project for the resource
469
470 Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).
471 type: string
472 name:
473 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
474 type: string
475 namespace:
476 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
477 type: string
478 type: object
479 resourceID:
480 description: Immutable. Optional. The name of the resource. Used for
481 creation and acquisition. When unset, the value of `metadata.name`
482 is used as the default.
483 type: string
484 subjectMode:
485 description: 'Immutable. Immutable. Specifies how the Certificate''s
486 identity fields are to be decided. If this is omitted, the `DEFAULT`
487 subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED,
488 DEFAULT, REFLECTED_SPIFFE'
489 type: string
490 required:
491 - caPoolRef
492 - lifetime
493 - location
494 - projectRef
495 type: object
496 status:
497 properties:
498 certificateDescription:
499 description: Output only. A structured description of the issued X.509
500 certificate.
501 properties:
502 aiaIssuingCertificateUrls:
503 description: Describes lists of issuer CA certificate URLs that
504 appear in the "Authority Information Access" extension in the
505 certificate.
506 items:
507 type: string
508 type: array
509 authorityKeyId:
510 description: Identifies the subject_key_id of the parent certificate,
511 per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
512 properties:
513 keyId:
514 description: Optional. The value of this KeyId encoded in
515 lowercase hexadecimal. This is most likely the 160 bit SHA-1
516 hash of the public key.
517 type: string
518 type: object
519 certFingerprint:
520 description: The hash of the x.509 certificate.
521 properties:
522 sha256Hash:
523 description: The SHA 256 hash, encoded in hexadecimal, of
524 the DER x509 certificate.
525 type: string
526 type: object
527 crlDistributionPoints:
528 description: Describes a list of locations to obtain CRL information,
529 i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
530 items:
531 type: string
532 type: array
533 publicKey:
534 description: The public key that corresponds to an issued certificate.
535 properties:
536 format:
537 description: 'Required. The format of the public key. Possible
538 values: KEY_FORMAT_UNSPECIFIED, PEM'
539 type: string
540 key:
541 description: Required. A public key. The padding and encoding
542 must match with the `KeyFormat` value specified for the
543 `format` field.
544 type: string
545 type: object
546 subjectDescription:
547 description: Describes some of the values in a certificate that
548 are related to the subject and lifetime.
549 properties:
550 hexSerialNumber:
551 description: The serial number encoded in lowercase hexadecimal.
552 type: string
553 lifetime:
554 description: For convenience, the actual lifetime of an issued
555 certificate.
556 type: string
557 notAfterTime:
558 description: The time after which the certificate is expired.
559 Per RFC 5280, the validity period for a certificate is the
560 period of time from not_before_time through not_after_time,
561 inclusive. Corresponds to 'not_before_time' + 'lifetime'
562 - 1 second.
563 format: date-time
564 type: string
565 notBeforeTime:
566 description: The time at which the certificate becomes valid.
567 format: date-time
568 type: string
569 subject:
570 description: Contains distinguished name fields such as the
571 common name, location and / organization.
572 properties:
573 commonName:
574 description: The "common name" of the subject.
575 type: string
576 countryCode:
577 description: The country code of the subject.
578 type: string
579 locality:
580 description: The locality or city of the subject.
581 type: string
582 organization:
583 description: The organization of the subject.
584 type: string
585 organizationalUnit:
586 description: The organizational_unit of the subject.
587 type: string
588 postalCode:
589 description: The postal code of the subject.
590 type: string
591 province:
592 description: The province, territory, or regional state
593 of the subject.
594 type: string
595 streetAddress:
596 description: The street address of the subject.
597 type: string
598 type: object
599 subjectAltName:
600 description: The subject alternative name fields.
601 properties:
602 customSans:
603 description: Contains additional subject alternative name
604 values.
605 items:
606 properties:
607 critical:
608 description: Optional. Indicates whether or not
609 this extension is critical (i.e., if the client
610 does not know how to handle this extension, the
611 client should consider this to be an error).
612 type: boolean
613 objectId:
614 description: Required. The OID for this X.509 extension.
615 properties:
616 objectIdPath:
617 description: Required. The parts of an OID path.
618 The most significant parts of the path come
619 first.
620 items:
621 format: int64
622 type: integer
623 type: array
624 type: object
625 value:
626 description: Required. The value of this X.509 extension.
627 type: string
628 type: object
629 type: array
630 dnsNames:
631 description: Contains only valid, fully-qualified host
632 names.
633 items:
634 type: string
635 type: array
636 emailAddresses:
637 description: Contains only valid RFC 2822 E-mail addresses.
638 items:
639 type: string
640 type: array
641 ipAddresses:
642 description: Contains only valid 32-bit IPv4 addresses
643 or RFC 4291 IPv6 addresses.
644 items:
645 type: string
646 type: array
647 uris:
648 description: Contains only valid RFC 3986 URIs.
649 items:
650 type: string
651 type: array
652 type: object
653 type: object
654 subjectKeyId:
655 description: Provides a means of identifiying certificates that
656 contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
657 properties:
658 keyId:
659 description: Optional. The value of this KeyId encoded in
660 lowercase hexadecimal. This is most likely the 160 bit SHA-1
661 hash of the public key.
662 type: string
663 type: object
664 x509Description:
665 description: Describes some of the technical X.509 fields in a
666 certificate.
667 properties:
668 additionalExtensions:
669 description: Optional. Describes custom X.509 extensions.
670 items:
671 properties:
672 critical:
673 description: Optional. Indicates whether or not this
674 extension is critical (i.e., if the client does not
675 know how to handle this extension, the client should
676 consider this to be an error).
677 type: boolean
678 objectId:
679 description: Required. The OID for this X.509 extension.
680 properties:
681 objectIdPath:
682 description: Required. The parts of an OID path.
683 The most significant parts of the path come first.
684 items:
685 format: int64
686 type: integer
687 type: array
688 type: object
689 value:
690 description: Required. The value of this X.509 extension.
691 type: string
692 type: object
693 type: array
694 aiaOcspServers:
695 description: Optional. Describes Online Certificate Status
696 Protocol (OCSP) endpoint addresses that appear in the "Authority
697 Information Access" extension in the certificate.
698 items:
699 type: string
700 type: array
701 caOptions:
702 description: Optional. Describes options in this X509Parameters
703 that are relevant in a CA certificate.
704 properties:
705 isCa:
706 description: Optional. Refers to the "CA" X.509 extension,
707 which is a boolean value. When this value is missing,
708 the extension will be omitted from the CA certificate.
709 type: boolean
710 maxIssuerPathLength:
711 description: Optional. Refers to the path length restriction
712 X.509 extension. For a CA certificate, this value describes
713 the depth of subordinate CA certificates that are allowed.
714 If this value is less than 0, the request will fail.
715 If this value is missing, the max path length will be
716 omitted from the CA certificate.
717 format: int64
718 type: integer
719 type: object
720 keyUsage:
721 description: Optional. Indicates the intended use for keys
722 that correspond to a certificate.
723 properties:
724 baseKeyUsage:
725 description: Describes high-level ways in which a key
726 may be used.
727 properties:
728 certSign:
729 description: The key may be used to sign certificates.
730 type: boolean
731 contentCommitment:
732 description: The key may be used for cryptographic
733 commitments. Note that this may also be referred
734 to as "non-repudiation".
735 type: boolean
736 crlSign:
737 description: The key may be used sign certificate
738 revocation lists.
739 type: boolean
740 dataEncipherment:
741 description: The key may be used to encipher data.
742 type: boolean
743 decipherOnly:
744 description: The key may be used to decipher only.
745 type: boolean
746 digitalSignature:
747 description: The key may be used for digital signatures.
748 type: boolean
749 encipherOnly:
750 description: The key may be used to encipher only.
751 type: boolean
752 keyAgreement:
753 description: The key may be used in a key agreement
754 protocol.
755 type: boolean
756 keyEncipherment:
757 description: The key may be used to encipher other
758 keys.
759 type: boolean
760 type: object
761 extendedKeyUsage:
762 description: Detailed scenarios in which a key may be
763 used.
764 properties:
765 clientAuth:
766 description: Corresponds to OID 1.3.6.1.5.5.7.3.2.
767 Officially described as "TLS WWW client authentication",
768 though regularly used for non-WWW TLS.
769 type: boolean
770 codeSigning:
771 description: Corresponds to OID 1.3.6.1.5.5.7.3.3.
772 Officially described as "Signing of downloadable
773 executable code client authentication".
774 type: boolean
775 emailProtection:
776 description: Corresponds to OID 1.3.6.1.5.5.7.3.4.
777 Officially described as "Email protection".
778 type: boolean
779 ocspSigning:
780 description: Corresponds to OID 1.3.6.1.5.5.7.3.9.
781 Officially described as "Signing OCSP responses".
782 type: boolean
783 serverAuth:
784 description: Corresponds to OID 1.3.6.1.5.5.7.3.1.
785 Officially described as "TLS WWW server authentication",
786 though regularly used for non-WWW TLS.
787 type: boolean
788 timeStamping:
789 description: Corresponds to OID 1.3.6.1.5.5.7.3.8.
790 Officially described as "Binding the hash of an
791 object to a time".
792 type: boolean
793 type: object
794 unknownExtendedKeyUsages:
795 description: Used to describe extended key usages that
796 are not listed in the KeyUsage.ExtendedKeyUsageOptions
797 message.
798 items:
799 properties:
800 objectIdPath:
801 description: Required. The parts of an OID path.
802 The most significant parts of the path come first.
803 items:
804 format: int64
805 type: integer
806 type: array
807 type: object
808 type: array
809 type: object
810 policyIds:
811 description: Optional. Describes the X.509 certificate policy
812 object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
813 items:
814 properties:
815 objectIdPath:
816 description: Required. The parts of an OID path. The
817 most significant parts of the path come first.
818 items:
819 format: int64
820 type: integer
821 type: array
822 type: object
823 type: array
824 type: object
825 type: object
826 conditions:
827 description: Conditions represent the latest available observation
828 of the resource's current state.
829 items:
830 properties:
831 lastTransitionTime:
832 description: Last time the condition transitioned from one status
833 to another.
834 type: string
835 message:
836 description: Human-readable message indicating details about
837 last transition.
838 type: string
839 reason:
840 description: Unique, one-word, CamelCase reason for the condition's
841 last transition.
842 type: string
843 status:
844 description: Status is the status of the condition. Can be True,
845 False, Unknown.
846 type: string
847 type:
848 description: Type is the type of the condition.
849 type: string
850 type: object
851 type: array
852 createTime:
853 description: Output only. The time at which this Certificate was created.
854 format: date-time
855 type: string
856 issuerCertificateAuthority:
857 description: Output only. The resource name of the issuing CertificateAuthority
858 in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
859 type: string
860 observedGeneration:
861 description: ObservedGeneration is the generation of the resource
862 that was most recently observed by the Config Connector controller.
863 If this is equal to metadata.generation, then that means that the
864 current reported status reflects the most recent desired state of
865 the resource.
866 type: integer
867 pemCertificate:
868 description: Output only. The pem-encoded, signed X.509 certificate.
869 type: string
870 pemCertificateChain:
871 description: Output only. The chain that may be used to verify the
872 X.509 certificate. Expected to be in issuer-to-root order according
873 to RFC 5246.
874 items:
875 type: string
876 type: array
877 revocationDetails:
878 description: Output only. Details regarding the revocation of this
879 Certificate. This Certificate is considered revoked if and only
880 if this field is present.
881 properties:
882 revocationState:
883 description: 'Indicates why a Certificate was revoked. Possible
884 values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE,
885 AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD,
886 PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE'
887 type: string
888 revocationTime:
889 description: The time at which this Certificate was revoked.
890 format: date-time
891 type: string
892 type: object
893 updateTime:
894 description: Output only. The time at which this Certificate was updated.
895 format: date-time
896 type: string
897 type: object
898 required:
899 - spec
900 type: object
901 served: true
902 storage: true
903 subresources:
904 status: {}
905status:
906 acceptedNames:
907 kind: ""
908 plural: ""
909 conditions: []
910 storedVersions: []
View as plain text