1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/dcl2crd: "true"
23 cnrm.cloud.google.com/managed-by-kcc: "true"
24 cnrm.cloud.google.com/stability-level: stable
25 cnrm.cloud.google.com/system: "true"
26 name: privatecacertificates.privateca.cnrm.cloud.google.com
27spec:
28 group: privateca.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: PrivateCACertificate
33 plural: privatecacertificates
34 shortNames:
35 - gcpprivatecacertificate
36 - gcpprivatecacertificates
37 singular: privatecacertificate
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 caPoolRef:
75 description: Immutable.
76 oneOf:
77 - not:
78 required:
79 - external
80 required:
81 - name
82 - not:
83 anyOf:
84 - required:
85 - name
86 - required:
87 - namespace
88 required:
89 - external
90 properties:
91 external:
92 description: |-
93 The ca_pool for the resource
94
95 Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`).
96 type: string
97 name:
98 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
99 type: string
100 namespace:
101 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
102 type: string
103 type: object
104 certificateAuthorityRef:
105 description: Immutable.
106 oneOf:
107 - not:
108 required:
109 - external
110 required:
111 - name
112 - not:
113 anyOf:
114 - required:
115 - name
116 - required:
117 - namespace
118 required:
119 - external
120 properties:
121 external:
122 description: |-
123 The certificate authority for the resource
124
125 Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`).
126 type: string
127 name:
128 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
129 type: string
130 namespace:
131 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
132 type: string
133 type: object
134 certificateTemplateRef:
135 description: Immutable.
136 oneOf:
137 - not:
138 required:
139 - external
140 required:
141 - name
142 - not:
143 anyOf:
144 - required:
145 - name
146 - required:
147 - namespace
148 required:
149 - external
150 properties:
151 external:
152 description: |-
153 Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
154
155 Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource.
156 type: string
157 name:
158 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
159 type: string
160 namespace:
161 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
162 type: string
163 type: object
164 config:
165 description: Immutable. Immutable. A description of the certificate
166 and key that does not require X.509 or ASN.1.
167 properties:
168 publicKey:
169 description: Immutable. Optional. The public key that corresponds
170 to this config. This is, for example, used when issuing Certificates,
171 but not when creating a self-signed CertificateAuthority or
172 CertificateAuthority CSR.
173 properties:
174 format:
175 description: 'Immutable. Required. The format of the public
176 key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM'
177 type: string
178 key:
179 description: Immutable. Required. A public key. The padding
180 and encoding must match with the `KeyFormat` value specified
181 for the `format` field.
182 type: string
183 required:
184 - format
185 - key
186 type: object
187 subjectConfig:
188 description: Immutable. Required. Specifies some of the values
189 in a certificate that are related to the subject.
190 properties:
191 subject:
192 description: Immutable. Required. Contains distinguished name
193 fields such as the common name, location and organization.
194 properties:
195 commonName:
196 description: Immutable. The "common name" of the subject.
197 type: string
198 countryCode:
199 description: Immutable. The country code of the subject.
200 type: string
201 locality:
202 description: Immutable. The locality or city of the subject.
203 type: string
204 organization:
205 description: Immutable. The organization of the subject.
206 type: string
207 organizationalUnit:
208 description: Immutable. The organizational_unit of the
209 subject.
210 type: string
211 postalCode:
212 description: Immutable. The postal code of the subject.
213 type: string
214 province:
215 description: Immutable. The province, territory, or regional
216 state of the subject.
217 type: string
218 streetAddress:
219 description: Immutable. The street address of the subject.
220 type: string
221 type: object
222 subjectAltName:
223 description: Immutable. Optional. The subject alternative
224 name fields.
225 properties:
226 dnsNames:
227 description: Immutable. Contains only valid, fully-qualified
228 host names.
229 items:
230 type: string
231 type: array
232 emailAddresses:
233 description: Immutable. Contains only valid RFC 2822 E-mail
234 addresses.
235 items:
236 type: string
237 type: array
238 ipAddresses:
239 description: Immutable. Contains only valid 32-bit IPv4
240 addresses or RFC 4291 IPv6 addresses.
241 items:
242 type: string
243 type: array
244 uris:
245 description: Immutable. Contains only valid RFC 3986 URIs.
246 items:
247 type: string
248 type: array
249 type: object
250 required:
251 - subject
252 type: object
253 x509Config:
254 description: Immutable. Required. Describes how some of the technical
255 X.509 fields in a certificate should be populated.
256 properties:
257 additionalExtensions:
258 description: Immutable. Optional. Describes custom X.509 extensions.
259 items:
260 properties:
261 critical:
262 description: Immutable. Optional. Indicates whether
263 or not this extension is critical (i.e., if the client
264 does not know how to handle this extension, the client
265 should consider this to be an error).
266 type: boolean
267 objectId:
268 description: Immutable. Required. The OID for this X.509
269 extension.
270 properties:
271 objectIdPath:
272 description: Immutable. Required. The parts of an
273 OID path. The most significant parts of the path
274 come first.
275 items:
276 format: int64
277 type: integer
278 type: array
279 required:
280 - objectIdPath
281 type: object
282 value:
283 description: Immutable. Required. The value of this
284 X.509 extension.
285 type: string
286 required:
287 - objectId
288 - value
289 type: object
290 type: array
291 aiaOcspServers:
292 description: Immutable. Optional. Describes Online Certificate
293 Status Protocol (OCSP) endpoint addresses that appear in
294 the "Authority Information Access" extension in the certificate.
295 items:
296 type: string
297 type: array
298 caOptions:
299 description: Immutable. Optional. Describes options in this
300 X509Parameters that are relevant in a CA certificate.
301 properties:
302 isCa:
303 description: Immutable. Optional. When true, the "CA"
304 in Basic Constraints extension will be set to true.
305 type: boolean
306 maxIssuerPathLength:
307 description: Immutable. Optional. Refers to the "path
308 length constraint" in Basic Constraints extension. For
309 a CA certificate, this value describes the depth of
310 subordinate CA certificates that are allowed. If this
311 value is less than 0, the request will fail.
312 format: int64
313 type: integer
314 nonCa:
315 description: Immutable. Optional. When true, the "CA"
316 in Basic Constraints extension will be set to false.
317 If both `is_ca` and `non_ca` are unset, the extension
318 will be omitted from the CA certificate.
319 type: boolean
320 zeroMaxIssuerPathLength:
321 description: Immutable. Optional. When true, the "path
322 length constraint" in Basic Constraints extension will
323 be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length
324 are unset, the max path length will be omitted from
325 the CA certificate.
326 type: boolean
327 type: object
328 keyUsage:
329 description: Immutable. Optional. Indicates the intended use
330 for keys that correspond to a certificate.
331 properties:
332 baseKeyUsage:
333 description: Immutable. Describes high-level ways in which
334 a key may be used.
335 properties:
336 certSign:
337 description: Immutable. The key may be used to sign
338 certificates.
339 type: boolean
340 contentCommitment:
341 description: Immutable. The key may be used for cryptographic
342 commitments. Note that this may also be referred
343 to as "non-repudiation".
344 type: boolean
345 crlSign:
346 description: Immutable. The key may be used sign certificate
347 revocation lists.
348 type: boolean
349 dataEncipherment:
350 description: Immutable. The key may be used to encipher
351 data.
352 type: boolean
353 decipherOnly:
354 description: Immutable. The key may be used to decipher
355 only.
356 type: boolean
357 digitalSignature:
358 description: Immutable. The key may be used for digital
359 signatures.
360 type: boolean
361 encipherOnly:
362 description: Immutable. The key may be used to encipher
363 only.
364 type: boolean
365 keyAgreement:
366 description: Immutable. The key may be used in a key
367 agreement protocol.
368 type: boolean
369 keyEncipherment:
370 description: Immutable. The key may be used to encipher
371 other keys.
372 type: boolean
373 type: object
374 extendedKeyUsage:
375 description: Immutable. Detailed scenarios in which a
376 key may be used.
377 properties:
378 clientAuth:
379 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2.
380 Officially described as "TLS WWW client authentication",
381 though regularly used for non-WWW TLS.
382 type: boolean
383 codeSigning:
384 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3.
385 Officially described as "Signing of downloadable
386 executable code client authentication".
387 type: boolean
388 emailProtection:
389 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4.
390 Officially described as "Email protection".
391 type: boolean
392 ocspSigning:
393 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9.
394 Officially described as "Signing OCSP responses".
395 type: boolean
396 serverAuth:
397 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1.
398 Officially described as "TLS WWW server authentication",
399 though regularly used for non-WWW TLS.
400 type: boolean
401 timeStamping:
402 description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8.
403 Officially described as "Binding the hash of an
404 object to a time".
405 type: boolean
406 type: object
407 unknownExtendedKeyUsages:
408 description: Immutable. Used to describe extended key
409 usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions
410 message.
411 items:
412 properties:
413 objectIdPath:
414 description: Immutable. Required. The parts of an
415 OID path. The most significant parts of the path
416 come first.
417 items:
418 format: int64
419 type: integer
420 type: array
421 required:
422 - objectIdPath
423 type: object
424 type: array
425 type: object
426 policyIds:
427 description: Immutable. Optional. Describes the X.509 certificate
428 policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
429 items:
430 properties:
431 objectIdPath:
432 description: Immutable. Required. The parts of an OID
433 path. The most significant parts of the path come
434 first.
435 items:
436 format: int64
437 type: integer
438 type: array
439 required:
440 - objectIdPath
441 type: object
442 type: array
443 type: object
444 required:
445 - subjectConfig
446 - x509Config
447 type: object
448 lifetime:
449 description: Immutable. Required. Immutable. The desired lifetime
450 of a certificate. Used to create the "not_before_time" and "not_after_time"
451 fields inside an X.509 certificate. Note that the lifetime may be
452 truncated if it would extend past the life of any certificate authority
453 in the issuing chain.
454 type: string
455 location:
456 description: Immutable. The location for the resource
457 type: string
458 pemCsr:
459 description: Immutable. Immutable. A pem-encoded X.509 certificate
460 signing request (CSR).
461 type: string
462 projectRef:
463 description: Immutable. The Project that this resource belongs to.
464 oneOf:
465 - not:
466 required:
467 - external
468 required:
469 - name
470 - not:
471 anyOf:
472 - required:
473 - name
474 - required:
475 - namespace
476 required:
477 - external
478 properties:
479 external:
480 description: |-
481 The project for the resource
482
483 Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).
484 type: string
485 name:
486 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
487 type: string
488 namespace:
489 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
490 type: string
491 type: object
492 resourceID:
493 description: Immutable. Optional. The name of the resource. Used for
494 creation and acquisition. When unset, the value of `metadata.name`
495 is used as the default.
496 type: string
497 subjectMode:
498 description: 'Immutable. Immutable. Specifies how the Certificate''s
499 identity fields are to be decided. If this is omitted, the `DEFAULT`
500 subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED,
501 DEFAULT, REFLECTED_SPIFFE'
502 type: string
503 required:
504 - caPoolRef
505 - lifetime
506 - location
507 - projectRef
508 type: object
509 status:
510 properties:
511 certificateDescription:
512 description: Output only. A structured description of the issued X.509
513 certificate.
514 properties:
515 aiaIssuingCertificateUrls:
516 description: Describes lists of issuer CA certificate URLs that
517 appear in the "Authority Information Access" extension in the
518 certificate.
519 items:
520 type: string
521 type: array
522 authorityKeyId:
523 description: Identifies the subject_key_id of the parent certificate,
524 per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
525 properties:
526 keyId:
527 description: Optional. The value of this KeyId encoded in
528 lowercase hexadecimal. This is most likely the 160 bit SHA-1
529 hash of the public key.
530 type: string
531 type: object
532 certFingerprint:
533 description: The hash of the x.509 certificate.
534 properties:
535 sha256Hash:
536 description: The SHA 256 hash, encoded in hexadecimal, of
537 the DER x509 certificate.
538 type: string
539 type: object
540 crlDistributionPoints:
541 description: Describes a list of locations to obtain CRL information,
542 i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
543 items:
544 type: string
545 type: array
546 publicKey:
547 description: The public key that corresponds to an issued certificate.
548 properties:
549 format:
550 description: 'Required. The format of the public key. Possible
551 values: KEY_FORMAT_UNSPECIFIED, PEM'
552 type: string
553 key:
554 description: Required. A public key. The padding and encoding
555 must match with the `KeyFormat` value specified for the
556 `format` field.
557 type: string
558 type: object
559 subjectDescription:
560 description: Describes some of the values in a certificate that
561 are related to the subject and lifetime.
562 properties:
563 hexSerialNumber:
564 description: The serial number encoded in lowercase hexadecimal.
565 type: string
566 lifetime:
567 description: For convenience, the actual lifetime of an issued
568 certificate.
569 type: string
570 notAfterTime:
571 description: The time after which the certificate is expired.
572 Per RFC 5280, the validity period for a certificate is the
573 period of time from not_before_time through not_after_time,
574 inclusive. Corresponds to 'not_before_time' + 'lifetime'
575 - 1 second.
576 format: date-time
577 type: string
578 notBeforeTime:
579 description: The time at which the certificate becomes valid.
580 format: date-time
581 type: string
582 subject:
583 description: Contains distinguished name fields such as the
584 common name, location and / organization.
585 properties:
586 commonName:
587 description: The "common name" of the subject.
588 type: string
589 countryCode:
590 description: The country code of the subject.
591 type: string
592 locality:
593 description: The locality or city of the subject.
594 type: string
595 organization:
596 description: The organization of the subject.
597 type: string
598 organizationalUnit:
599 description: The organizational_unit of the subject.
600 type: string
601 postalCode:
602 description: The postal code of the subject.
603 type: string
604 province:
605 description: The province, territory, or regional state
606 of the subject.
607 type: string
608 streetAddress:
609 description: The street address of the subject.
610 type: string
611 type: object
612 subjectAltName:
613 description: The subject alternative name fields.
614 properties:
615 customSans:
616 description: Contains additional subject alternative name
617 values.
618 items:
619 properties:
620 critical:
621 description: Optional. Indicates whether or not
622 this extension is critical (i.e., if the client
623 does not know how to handle this extension, the
624 client should consider this to be an error).
625 type: boolean
626 objectId:
627 description: Required. The OID for this X.509 extension.
628 properties:
629 objectIdPath:
630 description: Required. The parts of an OID path.
631 The most significant parts of the path come
632 first.
633 items:
634 format: int64
635 type: integer
636 type: array
637 type: object
638 value:
639 description: Required. The value of this X.509 extension.
640 type: string
641 type: object
642 type: array
643 dnsNames:
644 description: Contains only valid, fully-qualified host
645 names.
646 items:
647 type: string
648 type: array
649 emailAddresses:
650 description: Contains only valid RFC 2822 E-mail addresses.
651 items:
652 type: string
653 type: array
654 ipAddresses:
655 description: Contains only valid 32-bit IPv4 addresses
656 or RFC 4291 IPv6 addresses.
657 items:
658 type: string
659 type: array
660 uris:
661 description: Contains only valid RFC 3986 URIs.
662 items:
663 type: string
664 type: array
665 type: object
666 type: object
667 subjectKeyId:
668 description: Provides a means of identifiying certificates that
669 contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
670 properties:
671 keyId:
672 description: Optional. The value of this KeyId encoded in
673 lowercase hexadecimal. This is most likely the 160 bit SHA-1
674 hash of the public key.
675 type: string
676 type: object
677 x509Description:
678 description: Describes some of the technical X.509 fields in a
679 certificate.
680 properties:
681 additionalExtensions:
682 description: Optional. Describes custom X.509 extensions.
683 items:
684 properties:
685 critical:
686 description: Optional. Indicates whether or not this
687 extension is critical (i.e., if the client does not
688 know how to handle this extension, the client should
689 consider this to be an error).
690 type: boolean
691 objectId:
692 description: Required. The OID for this X.509 extension.
693 properties:
694 objectIdPath:
695 description: Required. The parts of an OID path.
696 The most significant parts of the path come first.
697 items:
698 format: int64
699 type: integer
700 type: array
701 type: object
702 value:
703 description: Required. The value of this X.509 extension.
704 type: string
705 type: object
706 type: array
707 aiaOcspServers:
708 description: Optional. Describes Online Certificate Status
709 Protocol (OCSP) endpoint addresses that appear in the "Authority
710 Information Access" extension in the certificate.
711 items:
712 type: string
713 type: array
714 caOptions:
715 description: Optional. Describes options in this X509Parameters
716 that are relevant in a CA certificate.
717 properties:
718 isCa:
719 description: Optional. Refers to the "CA" X.509 extension,
720 which is a boolean value. When this value is missing,
721 the extension will be omitted from the CA certificate.
722 type: boolean
723 maxIssuerPathLength:
724 description: Optional. Refers to the path length restriction
725 X.509 extension. For a CA certificate, this value describes
726 the depth of subordinate CA certificates that are allowed.
727 If this value is less than 0, the request will fail.
728 If this value is missing, the max path length will be
729 omitted from the CA certificate.
730 format: int64
731 type: integer
732 type: object
733 keyUsage:
734 description: Optional. Indicates the intended use for keys
735 that correspond to a certificate.
736 properties:
737 baseKeyUsage:
738 description: Describes high-level ways in which a key
739 may be used.
740 properties:
741 certSign:
742 description: The key may be used to sign certificates.
743 type: boolean
744 contentCommitment:
745 description: The key may be used for cryptographic
746 commitments. Note that this may also be referred
747 to as "non-repudiation".
748 type: boolean
749 crlSign:
750 description: The key may be used sign certificate
751 revocation lists.
752 type: boolean
753 dataEncipherment:
754 description: The key may be used to encipher data.
755 type: boolean
756 decipherOnly:
757 description: The key may be used to decipher only.
758 type: boolean
759 digitalSignature:
760 description: The key may be used for digital signatures.
761 type: boolean
762 encipherOnly:
763 description: The key may be used to encipher only.
764 type: boolean
765 keyAgreement:
766 description: The key may be used in a key agreement
767 protocol.
768 type: boolean
769 keyEncipherment:
770 description: The key may be used to encipher other
771 keys.
772 type: boolean
773 type: object
774 extendedKeyUsage:
775 description: Detailed scenarios in which a key may be
776 used.
777 properties:
778 clientAuth:
779 description: Corresponds to OID 1.3.6.1.5.5.7.3.2.
780 Officially described as "TLS WWW client authentication",
781 though regularly used for non-WWW TLS.
782 type: boolean
783 codeSigning:
784 description: Corresponds to OID 1.3.6.1.5.5.7.3.3.
785 Officially described as "Signing of downloadable
786 executable code client authentication".
787 type: boolean
788 emailProtection:
789 description: Corresponds to OID 1.3.6.1.5.5.7.3.4.
790 Officially described as "Email protection".
791 type: boolean
792 ocspSigning:
793 description: Corresponds to OID 1.3.6.1.5.5.7.3.9.
794 Officially described as "Signing OCSP responses".
795 type: boolean
796 serverAuth:
797 description: Corresponds to OID 1.3.6.1.5.5.7.3.1.
798 Officially described as "TLS WWW server authentication",
799 though regularly used for non-WWW TLS.
800 type: boolean
801 timeStamping:
802 description: Corresponds to OID 1.3.6.1.5.5.7.3.8.
803 Officially described as "Binding the hash of an
804 object to a time".
805 type: boolean
806 type: object
807 unknownExtendedKeyUsages:
808 description: Used to describe extended key usages that
809 are not listed in the KeyUsage.ExtendedKeyUsageOptions
810 message.
811 items:
812 properties:
813 objectIdPath:
814 description: Required. The parts of an OID path.
815 The most significant parts of the path come first.
816 items:
817 format: int64
818 type: integer
819 type: array
820 type: object
821 type: array
822 type: object
823 policyIds:
824 description: Optional. Describes the X.509 certificate policy
825 object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
826 items:
827 properties:
828 objectIdPath:
829 description: Required. The parts of an OID path. The
830 most significant parts of the path come first.
831 items:
832 format: int64
833 type: integer
834 type: array
835 type: object
836 type: array
837 type: object
838 type: object
839 conditions:
840 description: Conditions represent the latest available observation
841 of the resource's current state.
842 items:
843 properties:
844 lastTransitionTime:
845 description: Last time the condition transitioned from one status
846 to another.
847 type: string
848 message:
849 description: Human-readable message indicating details about
850 last transition.
851 type: string
852 reason:
853 description: Unique, one-word, CamelCase reason for the condition's
854 last transition.
855 type: string
856 status:
857 description: Status is the status of the condition. Can be True,
858 False, Unknown.
859 type: string
860 type:
861 description: Type is the type of the condition.
862 type: string
863 type: object
864 type: array
865 createTime:
866 description: Output only. The time at which this Certificate was created.
867 format: date-time
868 type: string
869 issuerCertificateAuthority:
870 description: Output only. The resource name of the issuing CertificateAuthority
871 in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
872 type: string
873 observedGeneration:
874 description: ObservedGeneration is the generation of the resource
875 that was most recently observed by the Config Connector controller.
876 If this is equal to metadata.generation, then that means that the
877 current reported status reflects the most recent desired state of
878 the resource.
879 type: integer
880 pemCertificate:
881 description: Output only. The pem-encoded, signed X.509 certificate.
882 type: string
883 pemCertificateChain:
884 description: Output only. The chain that may be used to verify the
885 X.509 certificate. Expected to be in issuer-to-root order according
886 to RFC 5246.
887 items:
888 type: string
889 type: array
890 revocationDetails:
891 description: Output only. Details regarding the revocation of this
892 Certificate. This Certificate is considered revoked if and only
893 if this field is present.
894 properties:
895 revocationState:
896 description: 'Indicates why a Certificate was revoked. Possible
897 values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE,
898 AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD,
899 PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE'
900 type: string
901 revocationTime:
902 description: The time at which this Certificate was revoked.
903 format: date-time
904 type: string
905 type: object
906 updateTime:
907 description: Output only. The time at which this Certificate was updated.
908 format: date-time
909 type: string
910 type: object
911 required:
912 - spec
913 type: object
914 served: true
915 storage: true
916 subresources:
917 status: {}
918status:
919 acceptedNames:
920 kind: ""
921 plural: ""
922 conditions: []
923 storedVersions: []
View as plain text