pulumi-kubernetes-kotlin/com.pulumi.kubernetes.certificates.v1.kotlin.inputs/CertificateSigningRequestSpecArgs

CertificateSigningRequestSpecArgs

data class CertificateSigningRequestSpecArgs(val expirationSeconds: Output<Int>? = null, val extra: Output<Map<String, List<String>>>? = null, val groups: Output<List<String>>? = null, val request: Output<String>, val signerName: Output<String>, val uid: Output<String>? = null, val usages: Output<List<String>>? = null, val username: Output<String>? = null) : ConvertibleToJava<CertificateSigningRequestSpecArgs>

CertificateSigningRequestSpec contains the certificate request.

Constructors

Link copied to clipboard
fun CertificateSigningRequestSpecArgs(expirationSeconds: Output<Int>? = null, extra: Output<Map<String, List<String>>>? = null, groups: Output<List<String>>? = null, request: Output<String>, signerName: Output<String>, uid: Output<String>? = null, usages: Output<List<String>>? = null, username: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): CertificateSigningRequestSpecArgs

Properties

Link copied to clipboard
val expirationSeconds: Output<Int>? = null

expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration. The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager. Certificate signers may not honor this field for various reasons:

Link copied to clipboard
val extra: Output<Map<String, List<String>>>? = null

extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

Link copied to clipboard
val groups: Output<List<String>>? = null

groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

Link copied to clipboard
val request: Output<String>

request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded.

Link copied to clipboard
val signerName: Output<String>

signerName indicates the requested signer, and is a qualified name. List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector. Well-known Kubernetes signers are:

Link copied to clipboard
val uid: Output<String>? = null

uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

Link copied to clipboard
val usages: Output<List<String>>? = null

usages specifies a set of key usages requested in the issued certificate. Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth". Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth". Valid values are: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"

Link copied to clipboard
val username: Output<String>? = null

username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.