Documentation

Overview

    Package v1 is the v1 version of the API. +k8s:deepcopy-gen=package,register +k8s:conversion-gen=github.com/jetstack/cert-manager/pkg/apis/certmanager +k8s:openapi-gen=true +k8s:defaulter-gen=TypeMeta +groupName=cert-manager.io +groupGoName=Certmanager

    Index

    Constants

    View Source
    const (
    	// minimum permitted certificate duration by cert-manager
    	MinimumCertificateDuration = time.Hour
    
    	// default certificate duration if Issuer.spec.duration is not set
    	DefaultCertificateDuration = time.Hour * 24 * 90
    
    	// minimum certificate duration before certificate expiration
    	MinimumRenewBefore = time.Minute * 5
    
    	// Default duration before certificate expiration if  Issuer.spec.renewBefore is not set
    	DefaultRenewBefore = time.Hour * 24 * 30
    )
    View Source
    const (
    	// Default index key for the Secret reference for Token authentication
    	DefaultVaultTokenAuthSecretKey = "token"
    
    	// Default mount path location for Kubernetes ServiceAccount authentication
    	// (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so
    	// left as the default, `/v1/auth/kubernetes/login` will be called.
    	DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes"
    )
    View Source
    const (
    	// Annotation key for DNS subjectAltNames.
    	AltNamesAnnotationKey = "cert-manager.io/alt-names"
    
    	// Annotation key for IP subjectAltNames.
    	IPSANAnnotationKey = "cert-manager.io/ip-sans"
    
    	// Annotation key for URI subjectAltNames.
    	URISANAnnotationKey = "cert-manager.io/uri-sans"
    
    	// Annotation key for certificate common name.
    	CommonNameAnnotationKey = "cert-manager.io/common-name"
    
    	// Duration key for certificate duration.
    	DurationAnnotationKey = "cert-manager.io/duration"
    
    	// Annotation key for certificate renewBefore.
    	RenewBeforeAnnotationKey = "cert-manager.io/renew-before"
    
    	// Annotation key for certificate key usages.
    	UsagesAnnotationKey = "cert-manager.io/usages"
    
    	// Annotation key the 'name' of the Issuer resource.
    	IssuerNameAnnotationKey = "cert-manager.io/issuer-name"
    
    	// Annotation key for the 'kind' of the Issuer resource.
    	IssuerKindAnnotationKey = "cert-manager.io/issuer-kind"
    
    	// Annotation key for the 'group' of the Issuer resource.
    	IssuerGroupAnnotationKey = "cert-manager.io/issuer-group"
    
    	// Annotation key for the name of the certificate that a resource is related to.
    	CertificateNameKey = "cert-manager.io/certificate-name"
    
    	// Annotation key used to denote whether a Secret is named on a Certificate
    	// as a 'next private key' Secret resource.
    	IsNextPrivateKeySecretLabelKey = "cert-manager.io/next-private-key"
    )

      Common annotation keys added to resources.

      View Source
      const (
      	// issuerNameAnnotation can be used to override the issuer specified on the
      	// created Certificate resource.
      	IngressIssuerNameAnnotationKey = "cert-manager.io/issuer"
      	// clusterIssuerNameAnnotation can be used to override the issuer specified on the
      	// created Certificate resource. The Certificate will reference the
      	// specified *ClusterIssuer* instead of normal issuer.
      	IngressClusterIssuerNameAnnotationKey = "cert-manager.io/cluster-issuer"
      	// acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass
      	// if the challenge type is set to http01
      	IngressACMEIssuerHTTP01IngressClassAnnotationKey = "acme.cert-manager.io/http01-ingress-class"
      
      	// IngressClassAnnotationKey picks a specific "class" for the Ingress. The
      	// controller only processes Ingresses with this annotation either unset, or
      	// set to either the configured value or the empty string.
      	IngressClassAnnotationKey = "kubernetes.io/ingress.class"
      )
      View Source
      const (
      	// Annotation added to CertificateRequest resources to denote the name of
      	// a Secret resource containing the private key used to sign the CSR stored
      	// on the resource.
      	// This annotation *may* not be present, and is used by the 'self signing'
      	// issuer type to self-sign certificates.
      	CertificateRequestPrivateKeyAnnotationKey = "cert-manager.io/private-key-secret-name"
      
      	// Annotation to declare the CertificateRequest "revision", belonging to a Certificate Resource
      	CertificateRequestRevisionAnnotationKey = "cert-manager.io/certificate-revision"
      )

        Annotation names for CertificateRequests

        View Source
        const (
        	ClusterIssuerKind      = "ClusterIssuer"
        	IssuerKind             = "Issuer"
        	CertificateKind        = "Certificate"
        	CertificateRequestKind = "CertificateRequest"
        )

          Common/known resource kinds.

          View Source
          const (
          	// WantInjectAnnotation is the annotation that specifies that a particular
          	// object wants injection of CAs.  It takes the form of a reference to a certificate
          	// as namespace/name.  The certificate is expected to have the is-serving-for annotations.
          	WantInjectAnnotation = "cert-manager.io/inject-ca-from"
          
          	// WantInjectAPIServerCAAnnotation, if set to "true", will make the cainjector
          	// inject the CA certificate for the Kubernetes apiserver into the resource.
          	// It discovers the apiserver's CA by inspecting the service account credentials
          	// mounted into the cainjector pod.
          	WantInjectAPIServerCAAnnotation = "cert-manager.io/inject-apiserver-ca"
          
          	// WantInjectFromSecretAnnotation is the annotation that specifies that a particular
          	// object wants injection of CAs.  It takes the form of a reference to a Secret
          	// as namespace/name.
          	WantInjectFromSecretAnnotation = "cert-manager.io/inject-ca-from-secret"
          
          	// AllowsInjectionFromSecretAnnotation is an annotation that must be added
          	// to Secret resource that want to denote that they can be directly
          	// injected into injectables that have a `inject-ca-from-secret` annotation.
          	// If an injectable references a Secret that does NOT have this annotation,
          	// the cainjector will refuse to inject the secret.
          	AllowsInjectionFromSecretAnnotation = "cert-manager.io/allow-direct-injection"
          )
          View Source
          const (
          	// VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer
          	// This will only work with Venafi TPP v19.3 and higher
          	// The value is an array with objects containing the name and value keys
          	// for example: `[{"name": "custom-field", "value": "custom-value"}]`
          	VenafiCustomFieldsAnnotationKey = "venafi.cert-manager.io/custom-fields"
          
          	// VenafiPickupIDAnnotationKey is the annotation key used to record the
          	// Venafi Pickup ID of a certificate signing request that has been submitted
          	// to the Venafi API for collection later.
          	VenafiPickupIDAnnotationKey = "venafi.cert-manager.io/pickup-id"
          )

            Issuer specific Annotations

            View Source
            const (
            	// Pending indicates that a CertificateRequest is still in progress.
            	CertificateRequestReasonPending = "Pending"
            
            	// Failed indicates that a CertificateRequest has failed, either due to
            	// timing out or some other critical failure.
            	CertificateRequestReasonFailed = "Failed"
            
            	// Issued indicates that a CertificateRequest has been completed, and that
            	// the `status.certificate` field is set.
            	CertificateRequestReasonIssued = "Issued"
            )
            View Source
            const (
            	// IssueTemporaryCertificateAnnotation is an annotation that can be added to
            	// Certificate resources.
            	// If it is present, a temporary internally signed certificate will be
            	// stored in the target Secret resource whilst the real Issuer is processing
            	// the certificate request.
            	IssueTemporaryCertificateAnnotation = "cert-manager.io/issue-temporary-certificate"
            )

            Variables

            View Source
            var (
            	SchemeBuilder runtime.SchemeBuilder
            
            	AddToScheme = localSchemeBuilder.AddToScheme
            )
            View Source
            var SchemeGroupVersion = schema.GroupVersion{Group: certmanager.GroupName, Version: "v1"}

              SchemeGroupVersion is group version used to register these objects

              Functions

              func Resource

              func Resource(resource string) schema.GroupResource

                Resource takes an unqualified resource and returns a Group qualified GroupResource

                Types

                type CAIssuer

                type CAIssuer struct {
                	// SecretName is the name of the secret used to sign Certificates issued
                	// by this Issuer.
                	SecretName string `json:"secretName"`
                
                	// The CRL distribution points is an X.509 v3 certificate extension which identifies
                	// the location of the CRL from which the revocation of this certificate can be checked.
                	// If not set, certificates will be issued without distribution points set.
                	// +optional
                	CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
                
                	// The OCSP server list is an X.509 v3 extension that defines a list of
                	// URLs of OCSP responders. The OCSP responders can be queried for the
                	// revocation status of an issued certificate. If not set, the
                	// certificate wil be issued with no OCSP servers set. For example, an
                	// OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
                	// +optional
                	OCSPServers []string `json:"ocspServers,omitempty"`
                }

                func (*CAIssuer) DeepCopy

                func (in *CAIssuer) DeepCopy() *CAIssuer

                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAIssuer.

                  func (*CAIssuer) DeepCopyInto

                  func (in *CAIssuer) DeepCopyInto(out *CAIssuer)

                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                    type Certificate

                    type Certificate struct {
                    	metav1.TypeMeta   `json:",inline"`
                    	metav1.ObjectMeta `json:"metadata,omitempty"`
                    
                    	// Desired state of the Certificate resource.
                    	Spec CertificateSpec `json:"spec"`
                    
                    	// Status of the Certificate. This is set and managed automatically.
                    	// +optional
                    	Status CertificateStatus `json:"status"`
                    }

                      A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.

                      The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). +k8s:openapi-gen=true

                      func (*Certificate) DeepCopy

                      func (in *Certificate) DeepCopy() *Certificate

                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.

                        func (*Certificate) DeepCopyInto

                        func (in *Certificate) DeepCopyInto(out *Certificate)

                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                          func (*Certificate) DeepCopyObject

                          func (in *Certificate) DeepCopyObject() runtime.Object

                            DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                            type CertificateCondition

                            type CertificateCondition struct {
                            	// Type of the condition, known values are (`Ready`, `Issuing`).
                            	Type CertificateConditionType `json:"type"`
                            
                            	// Status of the condition, one of (`True`, `False`, `Unknown`).
                            	Status cmmeta.ConditionStatus `json:"status"`
                            
                            	// LastTransitionTime is the timestamp corresponding to the last status
                            	// change of this condition.
                            	// +optional
                            	LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
                            
                            	// Reason is a brief machine readable explanation for the condition's last
                            	// transition.
                            	// +optional
                            	Reason string `json:"reason,omitempty"`
                            
                            	// Message is a human readable description of the details of the last
                            	// transition, complementing reason.
                            	// +optional
                            	Message string `json:"message,omitempty"`
                            }

                              CertificateCondition contains condition information for an Certificate.

                              func (*CertificateCondition) DeepCopy

                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition.

                                func (*CertificateCondition) DeepCopyInto

                                func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition)

                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                  type CertificateConditionType

                                  type CertificateConditionType string

                                    CertificateConditionType represents an Certificate condition value.

                                    const (
                                    	// CertificateConditionReady indicates that a certificate is ready for use.
                                    	// This is defined as:
                                    	// - The target secret exists
                                    	// - The target secret contains a certificate that has not expired
                                    	// - The target secret contains a private key valid for the certificate
                                    	// - The commonName and dnsNames attributes match those specified on the Certificate
                                    	CertificateConditionReady CertificateConditionType = "Ready"
                                    
                                    	// A condition added to Certificate resources when an issuance is required.
                                    	// This condition will be automatically added and set to true if:
                                    	//   * No keypair data exists in the target Secret
                                    	//   * The data stored in the Secret cannot be decoded
                                    	//   * The private key and certificate do not have matching public keys
                                    	//   * If a CertificateRequest for the current revision exists and the
                                    	//     certificate data stored in the Secret does not match the
                                    	//    `status.certificate` on the CertificateRequest.
                                    	//   * If no CertificateRequest resource exists for the current revision,
                                    	//     the options on the Certificate resource are compared against the
                                    	//     x509 data in the Secret, similar to what's done in earlier versions.
                                    	//     If there is a mismatch, an issuance is triggered.
                                    	// This condition may also be added by external API consumers to trigger
                                    	// a re-issuance manually for any other reason.
                                    	//
                                    	// It will be removed by the 'issuing' controller upon completing issuance.
                                    	CertificateConditionIssuing CertificateConditionType = "Issuing"
                                    )

                                    type CertificateKeystores

                                    type CertificateKeystores struct {
                                    	// JKS configures options for storing a JKS keystore in the
                                    	// `spec.secretName` Secret resource.
                                    	// +optional
                                    	JKS *JKSKeystore `json:"jks,omitempty"`
                                    
                                    	// PKCS12 configures options for storing a PKCS12 keystore in the
                                    	// `spec.secretName` Secret resource.
                                    	// +optional
                                    	PKCS12 *PKCS12Keystore `json:"pkcs12,omitempty"`
                                    }

                                      CertificateKeystores configures additional keystore output formats to be created in the Certificate's output Secret.

                                      func (*CertificateKeystores) DeepCopy

                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateKeystores.

                                        func (*CertificateKeystores) DeepCopyInto

                                        func (in *CertificateKeystores) DeepCopyInto(out *CertificateKeystores)

                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                          type CertificateList

                                          type CertificateList struct {
                                          	metav1.TypeMeta `json:",inline"`
                                          	metav1.ListMeta `json:"metadata"`
                                          
                                          	Items []Certificate `json:"items"`
                                          }

                                            CertificateList is a list of Certificates

                                            func (*CertificateList) DeepCopy

                                            func (in *CertificateList) DeepCopy() *CertificateList

                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.

                                              func (*CertificateList) DeepCopyInto

                                              func (in *CertificateList) DeepCopyInto(out *CertificateList)

                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                func (*CertificateList) DeepCopyObject

                                                func (in *CertificateList) DeepCopyObject() runtime.Object

                                                  DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                  type CertificatePrivateKey

                                                  type CertificatePrivateKey struct {
                                                  	// RotationPolicy controls how private keys should be regenerated when a
                                                  	// re-issuance is being processed.
                                                  	// If set to Never, a private key will only be generated if one does not
                                                  	// already exist in the target `spec.secretName`. If one does exists but it
                                                  	// does not have the correct algorithm or size, a warning will be raised
                                                  	// to await user intervention.
                                                  	// If set to Always, a private key matching the specified requirements
                                                  	// will be generated whenever a re-issuance occurs.
                                                  	// Default is 'Never' for backward compatibility.
                                                  	// +optional
                                                  	RotationPolicy PrivateKeyRotationPolicy `json:"rotationPolicy,omitempty"`
                                                  
                                                  	// The private key cryptography standards (PKCS) encoding for this
                                                  	// certificate's private key to be encoded in.
                                                  	// If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1
                                                  	// and PKCS#8, respectively.
                                                  	// Defaults to `PKCS1` if not specified.
                                                  	// +optional
                                                  	Encoding PrivateKeyEncoding `json:"encoding,omitempty"`
                                                  
                                                  	// Algorithm is the private key algorithm of the corresponding private key
                                                  	// for this certificate. If provided, allowed values are either `RSA` or `ECDSA`
                                                  	// If `algorithm` is specified and `size` is not provided,
                                                  	// key size of 256 will be used for `ECDSA` key algorithm and
                                                  	// key size of 2048 will be used for `RSA` key algorithm.
                                                  	// +optional
                                                  	Algorithm PrivateKeyAlgorithm `json:"algorithm,omitempty"`
                                                  
                                                  	// Size is the key bit size of the corresponding private key for this certificate.
                                                  	// If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`,
                                                  	// and will default to `2048` if not specified.
                                                  	// If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`,
                                                  	// and will default to `256` if not specified.
                                                  	// No other values are allowed.
                                                  	// +optional
                                                  	Size int `json:"size,omitempty"` // Validated by webhook. Be mindful of adding OpenAPI validation- see https://github.com/jetstack/cert-manager/issues/3644
                                                  }

                                                    CertificatePrivateKey contains configuration options for private keys used by the Certificate controller. This allows control of how private keys are rotated.

                                                    func (*CertificatePrivateKey) DeepCopy

                                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificatePrivateKey.

                                                      func (*CertificatePrivateKey) DeepCopyInto

                                                      func (in *CertificatePrivateKey) DeepCopyInto(out *CertificatePrivateKey)

                                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                        type CertificateRequest

                                                        type CertificateRequest struct {
                                                        	metav1.TypeMeta   `json:",inline"`
                                                        	metav1.ObjectMeta `json:"metadata,omitempty"`
                                                        
                                                        	// Desired state of the CertificateRequest resource.
                                                        	Spec CertificateRequestSpec `json:"spec"`
                                                        
                                                        	// Status of the CertificateRequest. This is set and managed automatically.
                                                        	// +optional
                                                        	Status CertificateRequestStatus `json:"status"`
                                                        }

                                                          A CertificateRequest is used to request a signed certificate from one of the configured issuers.

                                                          All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field.

                                                          A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used. +k8s:openapi-gen=true

                                                          func (*CertificateRequest) DeepCopy

                                                          func (in *CertificateRequest) DeepCopy() *CertificateRequest

                                                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequest.

                                                            func (*CertificateRequest) DeepCopyInto

                                                            func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest)

                                                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                              func (*CertificateRequest) DeepCopyObject

                                                              func (in *CertificateRequest) DeepCopyObject() runtime.Object

                                                                DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                type CertificateRequestCondition

                                                                type CertificateRequestCondition struct {
                                                                	// Type of the condition, known values are (`Ready`, `InvalidRequest`).
                                                                	Type CertificateRequestConditionType `json:"type"`
                                                                
                                                                	// Status of the condition, one of (`True`, `False`, `Unknown`).
                                                                	Status cmmeta.ConditionStatus `json:"status"`
                                                                
                                                                	// LastTransitionTime is the timestamp corresponding to the last status
                                                                	// change of this condition.
                                                                	// +optional
                                                                	LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
                                                                
                                                                	// Reason is a brief machine readable explanation for the condition's last
                                                                	// transition.
                                                                	// +optional
                                                                	Reason string `json:"reason,omitempty"`
                                                                
                                                                	// Message is a human readable description of the details of the last
                                                                	// transition, complementing reason.
                                                                	// +optional
                                                                	Message string `json:"message,omitempty"`
                                                                }

                                                                  CertificateRequestCondition contains condition information for a CertificateRequest.

                                                                  func (*CertificateRequestCondition) DeepCopy

                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestCondition.

                                                                    func (*CertificateRequestCondition) DeepCopyInto

                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                      type CertificateRequestConditionType

                                                                      type CertificateRequestConditionType string

                                                                        CertificateRequestConditionType represents an Certificate condition value.

                                                                        const (
                                                                        	// CertificateRequestConditionReady indicates that a certificate is ready for use.
                                                                        	// This is defined as:
                                                                        	// - The target certificate exists in CertificateRequest.Status
                                                                        	CertificateRequestConditionReady CertificateRequestConditionType = "Ready"
                                                                        
                                                                        	// CertificateRequestConditionInvalidRequest indicates that a certificate
                                                                        	// signer has refused to sign the request due to at least one of the input
                                                                        	// parameters being invalid. Additional information about why the request
                                                                        	// was rejected can be found in the `reason` and `message` fields.
                                                                        	CertificateRequestConditionInvalidRequest CertificateRequestConditionType = "InvalidRequest"
                                                                        )

                                                                        type CertificateRequestList

                                                                        type CertificateRequestList struct {
                                                                        	metav1.TypeMeta `json:",inline"`
                                                                        	metav1.ListMeta `json:"metadata"`
                                                                        
                                                                        	Items []CertificateRequest `json:"items"`
                                                                        }

                                                                          CertificateRequestList is a list of Certificates

                                                                          func (*CertificateRequestList) DeepCopy

                                                                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestList.

                                                                            func (*CertificateRequestList) DeepCopyInto

                                                                            func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList)

                                                                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                              func (*CertificateRequestList) DeepCopyObject

                                                                              func (in *CertificateRequestList) DeepCopyObject() runtime.Object

                                                                                DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                type CertificateRequestSpec

                                                                                type CertificateRequestSpec struct {
                                                                                	// The requested 'duration' (i.e. lifetime) of the Certificate.
                                                                                	// This option may be ignored/overridden by some issuer types.
                                                                                	// +optional
                                                                                	Duration *metav1.Duration `json:"duration,omitempty"`
                                                                                
                                                                                	// IssuerRef is a reference to the issuer for this CertificateRequest.  If
                                                                                	// the `kind` field is not set, or set to `Issuer`, an Issuer resource with
                                                                                	// the given name in the same namespace as the CertificateRequest will be
                                                                                	// used.  If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with
                                                                                	// the provided name will be used. The `name` field in this stanza is
                                                                                	// required at all times. The group field refers to the API group of the
                                                                                	// issuer which defaults to `cert-manager.io` if empty.
                                                                                	IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
                                                                                
                                                                                	// The PEM-encoded x509 certificate signing request to be submitted to the
                                                                                	// CA for signing.
                                                                                	Request []byte `json:"request"`
                                                                                
                                                                                	// IsCA will request to mark the certificate as valid for certificate signing
                                                                                	// when submitting to the issuer.
                                                                                	// This will automatically add the `cert sign` usage to the list of `usages`.
                                                                                	// +optional
                                                                                	IsCA bool `json:"isCA,omitempty"`
                                                                                
                                                                                	// Usages is the set of x509 usages that are requested for the certificate.
                                                                                	// If usages are set they SHOULD be encoded inside the CSR spec
                                                                                	// Defaults to `digital signature` and `key encipherment` if not specified.
                                                                                	// +optional
                                                                                	Usages []KeyUsage `json:"usages,omitempty"`
                                                                                }

                                                                                  CertificateRequestSpec defines the desired state of CertificateRequest

                                                                                  func (*CertificateRequestSpec) DeepCopy

                                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestSpec.

                                                                                    func (*CertificateRequestSpec) DeepCopyInto

                                                                                    func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec)

                                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                      type CertificateRequestStatus

                                                                                      type CertificateRequestStatus struct {
                                                                                      	// List of status conditions to indicate the status of a CertificateRequest.
                                                                                      	// Known condition types are `Ready` and `InvalidRequest`.
                                                                                      	// +optional
                                                                                      	Conditions []CertificateRequestCondition `json:"conditions,omitempty"`
                                                                                      
                                                                                      	// The PEM encoded x509 certificate resulting from the certificate
                                                                                      	// signing request.
                                                                                      	// If not set, the CertificateRequest has either not been completed or has
                                                                                      	// failed. More information on failure can be found by checking the
                                                                                      	// `conditions` field.
                                                                                      	// +optional
                                                                                      	Certificate []byte `json:"certificate,omitempty"`
                                                                                      
                                                                                      	// The PEM encoded x509 certificate of the signer, also known as the CA
                                                                                      	// (Certificate Authority).
                                                                                      	// This is set on a best-effort basis by different issuers.
                                                                                      	// If not set, the CA is assumed to be unknown/not available.
                                                                                      	// +optional
                                                                                      	CA []byte `json:"ca,omitempty"`
                                                                                      
                                                                                      	// FailureTime stores the time that this CertificateRequest failed. This is
                                                                                      	// used to influence garbage collection and back-off.
                                                                                      	// +optional
                                                                                      	FailureTime *metav1.Time `json:"failureTime,omitempty"`
                                                                                      }

                                                                                        CertificateRequestStatus defines the observed state of CertificateRequest and resulting signed certificate.

                                                                                        func (*CertificateRequestStatus) DeepCopy

                                                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestStatus.

                                                                                          func (*CertificateRequestStatus) DeepCopyInto

                                                                                          func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus)

                                                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                            type CertificateSpec

                                                                                            type CertificateSpec struct {
                                                                                            	// Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
                                                                                            	// +optional
                                                                                            	Subject *X509Subject `json:"subject,omitempty"`
                                                                                            
                                                                                            	// CommonName is a common name to be used on the Certificate.
                                                                                            	// The CommonName should have a length of 64 characters or fewer to avoid
                                                                                            	// generating invalid CSRs.
                                                                                            	// This value is ignored by TLS clients when any subject alt name is set.
                                                                                            	// This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4
                                                                                            	// +optional
                                                                                            	CommonName string `json:"commonName,omitempty"`
                                                                                            
                                                                                            	// The requested 'duration' (i.e. lifetime) of the Certificate.
                                                                                            	// This option may be ignored/overridden by some issuer types.
                                                                                            	// If overridden and `renewBefore` is greater than the actual certificate
                                                                                            	// duration, the certificate will be automatically renewed 2/3rds of the
                                                                                            	// way through the certificate's duration.
                                                                                            	// +optional
                                                                                            	Duration *metav1.Duration `json:"duration,omitempty"`
                                                                                            
                                                                                            	// The amount of time before the currently issued certificate's `notAfter`
                                                                                            	// time that cert-manager will begin to attempt to renew the certificate.
                                                                                            	// If this value is greater than the total duration of the certificate
                                                                                            	// (i.e. notAfter - notBefore), it will be automatically renewed 2/3rds of
                                                                                            	// the way through the certificate's duration.
                                                                                            	// +optional
                                                                                            	RenewBefore *metav1.Duration `json:"renewBefore,omitempty"`
                                                                                            
                                                                                            	// DNSNames is a list of DNS subjectAltNames to be set on the Certificate.
                                                                                            	// +optional
                                                                                            	DNSNames []string `json:"dnsNames,omitempty"`
                                                                                            
                                                                                            	// IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.
                                                                                            	// +optional
                                                                                            	IPAddresses []string `json:"ipAddresses,omitempty"`
                                                                                            
                                                                                            	// URIs is a list of URI subjectAltNames to be set on the Certificate.
                                                                                            	// +optional
                                                                                            	URIs []string `json:"uris,omitempty"`
                                                                                            
                                                                                            	// EmailAddresses is a list of email subjectAltNames to be set on the Certificate.
                                                                                            	// +optional
                                                                                            	EmailAddresses []string `json:"emailAddresses,omitempty"`
                                                                                            
                                                                                            	// SecretName is the name of the secret resource that will be automatically
                                                                                            	// created and managed by this Certificate resource.
                                                                                            	// It will be populated with a private key and certificate, signed by the
                                                                                            	// denoted issuer.
                                                                                            	SecretName string `json:"secretName"`
                                                                                            
                                                                                            	// Keystores configures additional keystore output formats stored in the
                                                                                            	// `secretName` Secret resource.
                                                                                            	// +optional
                                                                                            	Keystores *CertificateKeystores `json:"keystores,omitempty"`
                                                                                            
                                                                                            	// IssuerRef is a reference to the issuer for this certificate.
                                                                                            	// If the `kind` field is not set, or set to `Issuer`, an Issuer resource
                                                                                            	// with the given name in the same namespace as the Certificate will be used.
                                                                                            	// If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the
                                                                                            	// provided name will be used.
                                                                                            	// The `name` field in this stanza is required at all times.
                                                                                            	IssuerRef cmmeta.ObjectReference `json:"issuerRef"`
                                                                                            
                                                                                            	// IsCA will mark this Certificate as valid for certificate signing.
                                                                                            	// This will automatically add the `cert sign` usage to the list of `usages`.
                                                                                            	// +optional
                                                                                            	IsCA bool `json:"isCA,omitempty"`
                                                                                            
                                                                                            	// Usages is the set of x509 usages that are requested for the certificate.
                                                                                            	// Defaults to `digital signature` and `key encipherment` if not specified.
                                                                                            	// +optional
                                                                                            	Usages []KeyUsage `json:"usages,omitempty"`
                                                                                            
                                                                                            	// Options to control private keys used for the Certificate.
                                                                                            	// +optional
                                                                                            	PrivateKey *CertificatePrivateKey `json:"privateKey,omitempty"`
                                                                                            
                                                                                            	// EncodeUsagesInRequest controls whether key usages should be present
                                                                                            	// in the CertificateRequest
                                                                                            	// +optional
                                                                                            	EncodeUsagesInRequest *bool `json:"encodeUsagesInRequest,omitempty"`
                                                                                            }

                                                                                              CertificateSpec defines the desired state of Certificate. A valid Certificate requires at least one of a CommonName, DNSName, or URISAN to be valid.

                                                                                              func (*CertificateSpec) DeepCopy

                                                                                              func (in *CertificateSpec) DeepCopy() *CertificateSpec

                                                                                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.

                                                                                                func (*CertificateSpec) DeepCopyInto

                                                                                                func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)

                                                                                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                  type CertificateStatus

                                                                                                  type CertificateStatus struct {
                                                                                                  	// List of status conditions to indicate the status of certificates.
                                                                                                  	// Known condition types are `Ready` and `Issuing`.
                                                                                                  	// +optional
                                                                                                  	Conditions []CertificateCondition `json:"conditions,omitempty"`
                                                                                                  
                                                                                                  	// LastFailureTime is the time as recorded by the Certificate controller
                                                                                                  	// of the most recent failure to complete a CertificateRequest for this
                                                                                                  	// Certificate resource.
                                                                                                  	// If set, cert-manager will not re-request another Certificate until
                                                                                                  	// 1 hour has elapsed from this time.
                                                                                                  	// +optional
                                                                                                  	LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"`
                                                                                                  
                                                                                                  	// The time after which the certificate stored in the secret named
                                                                                                  	// by this resource in spec.secretName is valid.
                                                                                                  	// +optional
                                                                                                  	NotBefore *metav1.Time `json:"notBefore,omitempty"`
                                                                                                  
                                                                                                  	// The expiration time of the certificate stored in the secret named
                                                                                                  	// by this resource in `spec.secretName`.
                                                                                                  	// +optional
                                                                                                  	NotAfter *metav1.Time `json:"notAfter,omitempty"`
                                                                                                  
                                                                                                  	// RenewalTime is the time at which the certificate will be next
                                                                                                  	// renewed.
                                                                                                  	// If not set, no upcoming renewal is scheduled.
                                                                                                  	// +optional
                                                                                                  	RenewalTime *metav1.Time `json:"renewalTime,omitempty"`
                                                                                                  
                                                                                                  	// The current 'revision' of the certificate as issued.
                                                                                                  	//
                                                                                                  	// When a CertificateRequest resource is created, it will have the
                                                                                                  	// `cert-manager.io/certificate-revision` set to one greater than the
                                                                                                  	// current value of this field.
                                                                                                  	//
                                                                                                  	// Upon issuance, this field will be set to the value of the annotation
                                                                                                  	// on the CertificateRequest resource used to issue the certificate.
                                                                                                  	//
                                                                                                  	// Persisting the value on the CertificateRequest resource allows the
                                                                                                  	// certificates controller to know whether a request is part of an old
                                                                                                  	// issuance or if it is part of the ongoing revision's issuance by
                                                                                                  	// checking if the revision value in the annotation is greater than this
                                                                                                  	// field.
                                                                                                  	// +optional
                                                                                                  	Revision *int `json:"revision,omitempty"`
                                                                                                  
                                                                                                  	// The name of the Secret resource containing the private key to be used
                                                                                                  	// for the next certificate iteration.
                                                                                                  	// The keymanager controller will automatically set this field if the
                                                                                                  	// `Issuing` condition is set to `True`.
                                                                                                  	// It will automatically unset this field when the Issuing condition is
                                                                                                  	// not set or False.
                                                                                                  	// +optional
                                                                                                  	NextPrivateKeySecretName *string `json:"nextPrivateKeySecretName,omitempty"`
                                                                                                  }

                                                                                                    CertificateStatus defines the observed state of Certificate

                                                                                                    func (*CertificateStatus) DeepCopy

                                                                                                    func (in *CertificateStatus) DeepCopy() *CertificateStatus

                                                                                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.

                                                                                                      func (*CertificateStatus) DeepCopyInto

                                                                                                      func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus)

                                                                                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                        type ClusterIssuer

                                                                                                        type ClusterIssuer struct {
                                                                                                        	metav1.TypeMeta   `json:",inline"`
                                                                                                        	metav1.ObjectMeta `json:"metadata,omitempty"`
                                                                                                        
                                                                                                        	// Desired state of the ClusterIssuer resource.
                                                                                                        	Spec IssuerSpec `json:"spec"`
                                                                                                        
                                                                                                        	// Status of the ClusterIssuer. This is set and managed automatically.
                                                                                                        	// +optional
                                                                                                        	Status IssuerStatus `json:"status"`
                                                                                                        }

                                                                                                          A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent.

                                                                                                          func (*ClusterIssuer) Copy

                                                                                                          func (c *ClusterIssuer) Copy() GenericIssuer

                                                                                                          func (*ClusterIssuer) DeepCopy

                                                                                                          func (in *ClusterIssuer) DeepCopy() *ClusterIssuer

                                                                                                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuer.

                                                                                                            func (*ClusterIssuer) DeepCopyInto

                                                                                                            func (in *ClusterIssuer) DeepCopyInto(out *ClusterIssuer)

                                                                                                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                              func (*ClusterIssuer) DeepCopyObject

                                                                                                              func (in *ClusterIssuer) DeepCopyObject() runtime.Object

                                                                                                                DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                                                func (*ClusterIssuer) GetObjectMeta

                                                                                                                func (c *ClusterIssuer) GetObjectMeta() *metav1.ObjectMeta

                                                                                                                func (*ClusterIssuer) GetSpec

                                                                                                                func (c *ClusterIssuer) GetSpec() *IssuerSpec

                                                                                                                func (*ClusterIssuer) GetStatus

                                                                                                                func (c *ClusterIssuer) GetStatus() *IssuerStatus

                                                                                                                func (*ClusterIssuer) SetSpec

                                                                                                                func (c *ClusterIssuer) SetSpec(spec IssuerSpec)

                                                                                                                func (*ClusterIssuer) SetStatus

                                                                                                                func (c *ClusterIssuer) SetStatus(status IssuerStatus)

                                                                                                                type ClusterIssuerList

                                                                                                                type ClusterIssuerList struct {
                                                                                                                	metav1.TypeMeta `json:",inline"`
                                                                                                                	metav1.ListMeta `json:"metadata"`
                                                                                                                
                                                                                                                	Items []ClusterIssuer `json:"items"`
                                                                                                                }

                                                                                                                  ClusterIssuerList is a list of Issuers

                                                                                                                  func (*ClusterIssuerList) DeepCopy

                                                                                                                  func (in *ClusterIssuerList) DeepCopy() *ClusterIssuerList

                                                                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuerList.

                                                                                                                    func (*ClusterIssuerList) DeepCopyInto

                                                                                                                    func (in *ClusterIssuerList) DeepCopyInto(out *ClusterIssuerList)

                                                                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                      func (*ClusterIssuerList) DeepCopyObject

                                                                                                                      func (in *ClusterIssuerList) DeepCopyObject() runtime.Object

                                                                                                                        DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                                                        type GenericIssuer

                                                                                                                        type GenericIssuer interface {
                                                                                                                        	runtime.Object
                                                                                                                        	metav1.Object
                                                                                                                        
                                                                                                                        	GetObjectMeta() *metav1.ObjectMeta
                                                                                                                        	GetSpec() *IssuerSpec
                                                                                                                        	GetStatus() *IssuerStatus
                                                                                                                        }

                                                                                                                        type Issuer

                                                                                                                        type Issuer struct {
                                                                                                                        	metav1.TypeMeta   `json:",inline"`
                                                                                                                        	metav1.ObjectMeta `json:"metadata,omitempty"`
                                                                                                                        
                                                                                                                        	// Desired state of the Issuer resource.
                                                                                                                        	Spec IssuerSpec `json:"spec"`
                                                                                                                        
                                                                                                                        	// Status of the Issuer. This is set and managed automatically.
                                                                                                                        	// +optional
                                                                                                                        	Status IssuerStatus `json:"status"`
                                                                                                                        }

                                                                                                                          An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace.

                                                                                                                          func (*Issuer) Copy

                                                                                                                          func (c *Issuer) Copy() GenericIssuer

                                                                                                                          func (*Issuer) DeepCopy

                                                                                                                          func (in *Issuer) DeepCopy() *Issuer

                                                                                                                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.

                                                                                                                            func (*Issuer) DeepCopyInto

                                                                                                                            func (in *Issuer) DeepCopyInto(out *Issuer)

                                                                                                                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                              func (*Issuer) DeepCopyObject

                                                                                                                              func (in *Issuer) DeepCopyObject() runtime.Object

                                                                                                                                DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                                                                func (*Issuer) GetObjectMeta

                                                                                                                                func (c *Issuer) GetObjectMeta() *metav1.ObjectMeta

                                                                                                                                func (*Issuer) GetSpec

                                                                                                                                func (c *Issuer) GetSpec() *IssuerSpec

                                                                                                                                func (*Issuer) GetStatus

                                                                                                                                func (c *Issuer) GetStatus() *IssuerStatus

                                                                                                                                func (*Issuer) SetSpec

                                                                                                                                func (c *Issuer) SetSpec(spec IssuerSpec)

                                                                                                                                func (*Issuer) SetStatus

                                                                                                                                func (c *Issuer) SetStatus(status IssuerStatus)

                                                                                                                                type IssuerCondition

                                                                                                                                type IssuerCondition struct {
                                                                                                                                	// Type of the condition, known values are (`Ready`).
                                                                                                                                	Type IssuerConditionType `json:"type"`
                                                                                                                                
                                                                                                                                	// Status of the condition, one of (`True`, `False`, `Unknown`).
                                                                                                                                	Status cmmeta.ConditionStatus `json:"status"`
                                                                                                                                
                                                                                                                                	// LastTransitionTime is the timestamp corresponding to the last status
                                                                                                                                	// change of this condition.
                                                                                                                                	// +optional
                                                                                                                                	LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
                                                                                                                                
                                                                                                                                	// Reason is a brief machine readable explanation for the condition's last
                                                                                                                                	// transition.
                                                                                                                                	// +optional
                                                                                                                                	Reason string `json:"reason,omitempty"`
                                                                                                                                
                                                                                                                                	// Message is a human readable description of the details of the last
                                                                                                                                	// transition, complementing reason.
                                                                                                                                	// +optional
                                                                                                                                	Message string `json:"message,omitempty"`
                                                                                                                                }

                                                                                                                                  IssuerCondition contains condition information for an Issuer.

                                                                                                                                  func (*IssuerCondition) DeepCopy

                                                                                                                                  func (in *IssuerCondition) DeepCopy() *IssuerCondition

                                                                                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerCondition.

                                                                                                                                    func (*IssuerCondition) DeepCopyInto

                                                                                                                                    func (in *IssuerCondition) DeepCopyInto(out *IssuerCondition)

                                                                                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                      type IssuerConditionType

                                                                                                                                      type IssuerConditionType string

                                                                                                                                        IssuerConditionType represents an Issuer condition value.

                                                                                                                                        const (
                                                                                                                                        	// IssuerConditionReady represents the fact that a given Issuer condition
                                                                                                                                        	// is in ready state and able to issue certificates.
                                                                                                                                        	// If the `status` of this condition is `False`, CertificateRequest controllers
                                                                                                                                        	// should prevent attempts to sign certificates.
                                                                                                                                        	IssuerConditionReady IssuerConditionType = "Ready"
                                                                                                                                        )

                                                                                                                                        type IssuerConfig

                                                                                                                                        type IssuerConfig struct {
                                                                                                                                        	// ACME configures this issuer to communicate with a RFC8555 (ACME) server
                                                                                                                                        	// to obtain signed x509 certificates.
                                                                                                                                        	// +optional
                                                                                                                                        	ACME *cmacme.ACMEIssuer `json:"acme,omitempty"`
                                                                                                                                        
                                                                                                                                        	// CA configures this issuer to sign certificates using a signing CA keypair
                                                                                                                                        	// stored in a Secret resource.
                                                                                                                                        	// This is used to build internal PKIs that are managed by cert-manager.
                                                                                                                                        	// +optional
                                                                                                                                        	CA *CAIssuer `json:"ca,omitempty"`
                                                                                                                                        
                                                                                                                                        	// Vault configures this issuer to sign certificates using a HashiCorp Vault
                                                                                                                                        	// PKI backend.
                                                                                                                                        	// +optional
                                                                                                                                        	Vault *VaultIssuer `json:"vault,omitempty"`
                                                                                                                                        
                                                                                                                                        	// SelfSigned configures this issuer to 'self sign' certificates using the
                                                                                                                                        	// private key used to create the CertificateRequest object.
                                                                                                                                        	// +optional
                                                                                                                                        	SelfSigned *SelfSignedIssuer `json:"selfSigned,omitempty"`
                                                                                                                                        
                                                                                                                                        	// Venafi configures this issuer to sign certificates using a Venafi TPP
                                                                                                                                        	// or Venafi Cloud policy zone.
                                                                                                                                        	// +optional
                                                                                                                                        	Venafi *VenafiIssuer `json:"venafi,omitempty"`
                                                                                                                                        }

                                                                                                                                          The configuration for the issuer. Only one of these can be set.

                                                                                                                                          func (*IssuerConfig) DeepCopy

                                                                                                                                          func (in *IssuerConfig) DeepCopy() *IssuerConfig

                                                                                                                                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerConfig.

                                                                                                                                            func (*IssuerConfig) DeepCopyInto

                                                                                                                                            func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig)

                                                                                                                                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                              type IssuerList

                                                                                                                                              type IssuerList struct {
                                                                                                                                              	metav1.TypeMeta `json:",inline"`
                                                                                                                                              	metav1.ListMeta `json:"metadata"`
                                                                                                                                              
                                                                                                                                              	Items []Issuer `json:"items"`
                                                                                                                                              }

                                                                                                                                                IssuerList is a list of Issuers

                                                                                                                                                func (*IssuerList) DeepCopy

                                                                                                                                                func (in *IssuerList) DeepCopy() *IssuerList

                                                                                                                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerList.

                                                                                                                                                  func (*IssuerList) DeepCopyInto

                                                                                                                                                  func (in *IssuerList) DeepCopyInto(out *IssuerList)

                                                                                                                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                    func (*IssuerList) DeepCopyObject

                                                                                                                                                    func (in *IssuerList) DeepCopyObject() runtime.Object

                                                                                                                                                      DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                                                                                      type IssuerSpec

                                                                                                                                                      type IssuerSpec struct {
                                                                                                                                                      	IssuerConfig `json:",inline"`
                                                                                                                                                      }

                                                                                                                                                        IssuerSpec is the specification of an Issuer. This includes any configuration required for the issuer.

                                                                                                                                                        func (*IssuerSpec) DeepCopy

                                                                                                                                                        func (in *IssuerSpec) DeepCopy() *IssuerSpec

                                                                                                                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerSpec.

                                                                                                                                                          func (*IssuerSpec) DeepCopyInto

                                                                                                                                                          func (in *IssuerSpec) DeepCopyInto(out *IssuerSpec)

                                                                                                                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                            type IssuerStatus

                                                                                                                                                            type IssuerStatus struct {
                                                                                                                                                            	// List of status conditions to indicate the status of a CertificateRequest.
                                                                                                                                                            	// Known condition types are `Ready`.
                                                                                                                                                            	// +optional
                                                                                                                                                            	Conditions []IssuerCondition `json:"conditions,omitempty"`
                                                                                                                                                            
                                                                                                                                                            	// ACME specific status options.
                                                                                                                                                            	// This field should only be set if the Issuer is configured to use an ACME
                                                                                                                                                            	// server to issue certificates.
                                                                                                                                                            	// +optional
                                                                                                                                                            	ACME *cmacme.ACMEIssuerStatus `json:"acme,omitempty"`
                                                                                                                                                            }

                                                                                                                                                              IssuerStatus contains status information about an Issuer

                                                                                                                                                              func (*IssuerStatus) ACMEStatus

                                                                                                                                                              func (i *IssuerStatus) ACMEStatus() *cmacme.ACMEIssuerStatus

                                                                                                                                                                TODO: refactor these functions away

                                                                                                                                                                func (*IssuerStatus) DeepCopy

                                                                                                                                                                func (in *IssuerStatus) DeepCopy() *IssuerStatus

                                                                                                                                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerStatus.

                                                                                                                                                                  func (*IssuerStatus) DeepCopyInto

                                                                                                                                                                  func (in *IssuerStatus) DeepCopyInto(out *IssuerStatus)

                                                                                                                                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                    type JKSKeystore

                                                                                                                                                                    type JKSKeystore struct {
                                                                                                                                                                    	// Create enables JKS keystore creation for the Certificate.
                                                                                                                                                                    	// If true, a file named `keystore.jks` will be created in the target
                                                                                                                                                                    	// Secret resource, encrypted using the password stored in
                                                                                                                                                                    	// `passwordSecretRef`.
                                                                                                                                                                    	// The keystore file will only be updated upon re-issuance.
                                                                                                                                                                    	// A file named `truststore.jks` will also be created in the target
                                                                                                                                                                    	// Secret resource, encrypted using the password stored in
                                                                                                                                                                    	// `passwordSecretRef` containing the issuing Certificate Authority
                                                                                                                                                                    	Create bool `json:"create"`
                                                                                                                                                                    
                                                                                                                                                                    	// PasswordSecretRef is a reference to a key in a Secret resource
                                                                                                                                                                    	// containing the password used to encrypt the JKS keystore.
                                                                                                                                                                    	PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"`
                                                                                                                                                                    }

                                                                                                                                                                      JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.

                                                                                                                                                                      func (*JKSKeystore) DeepCopy

                                                                                                                                                                      func (in *JKSKeystore) DeepCopy() *JKSKeystore

                                                                                                                                                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JKSKeystore.

                                                                                                                                                                        func (*JKSKeystore) DeepCopyInto

                                                                                                                                                                        func (in *JKSKeystore) DeepCopyInto(out *JKSKeystore)

                                                                                                                                                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                          type KeyUsage

                                                                                                                                                                          type KeyUsage string

                                                                                                                                                                            KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3

                                                                                                                                                                            https://tools.ietf.org/html/rfc5280#section-4.2.1.12
                                                                                                                                                                            

                                                                                                                                                                            Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" +kubebuilder:validation:Enum="signing";"digital signature";"content commitment";"key encipherment";"key agreement";"data encipherment";"cert sign";"crl sign";"encipher only";"decipher only";"any";"server auth";"client auth";"code signing";"email protection";"s/mime";"ipsec end system";"ipsec tunnel";"ipsec user";"timestamping";"ocsp signing";"microsoft sgc";"netscape sgc"

                                                                                                                                                                            const (
                                                                                                                                                                            	UsageSigning            KeyUsage = "signing"
                                                                                                                                                                            	UsageDigitalSignature   KeyUsage = "digital signature"
                                                                                                                                                                            	UsageContentCommittment KeyUsage = "content commitment"
                                                                                                                                                                            	UsageKeyEncipherment    KeyUsage = "key encipherment"
                                                                                                                                                                            	UsageKeyAgreement       KeyUsage = "key agreement"
                                                                                                                                                                            	UsageDataEncipherment   KeyUsage = "data encipherment"
                                                                                                                                                                            	UsageCertSign           KeyUsage = "cert sign"
                                                                                                                                                                            	UsageCRLSign            KeyUsage = "crl sign"
                                                                                                                                                                            	UsageEncipherOnly       KeyUsage = "encipher only"
                                                                                                                                                                            	UsageDecipherOnly       KeyUsage = "decipher only"
                                                                                                                                                                            	UsageAny                KeyUsage = "any"
                                                                                                                                                                            	UsageServerAuth         KeyUsage = "server auth"
                                                                                                                                                                            	UsageClientAuth         KeyUsage = "client auth"
                                                                                                                                                                            	UsageCodeSigning        KeyUsage = "code signing"
                                                                                                                                                                            	UsageEmailProtection    KeyUsage = "email protection"
                                                                                                                                                                            	UsageSMIME              KeyUsage = "s/mime"
                                                                                                                                                                            	UsageIPsecEndSystem     KeyUsage = "ipsec end system"
                                                                                                                                                                            	UsageIPsecTunnel        KeyUsage = "ipsec tunnel"
                                                                                                                                                                            	UsageIPsecUser          KeyUsage = "ipsec user"
                                                                                                                                                                            	UsageTimestamping       KeyUsage = "timestamping"
                                                                                                                                                                            	UsageOCSPSigning        KeyUsage = "ocsp signing"
                                                                                                                                                                            	UsageMicrosoftSGC       KeyUsage = "microsoft sgc"
                                                                                                                                                                            	UsageNetscapeSGC        KeyUsage = "netscape sgc"
                                                                                                                                                                            )

                                                                                                                                                                            func DefaultKeyUsages

                                                                                                                                                                            func DefaultKeyUsages() []KeyUsage

                                                                                                                                                                              DefaultKeyUsages contains the default list of key usages

                                                                                                                                                                              type PKCS12Keystore

                                                                                                                                                                              type PKCS12Keystore struct {
                                                                                                                                                                              	// Create enables PKCS12 keystore creation for the Certificate.
                                                                                                                                                                              	// If true, a file named `keystore.p12` will be created in the target
                                                                                                                                                                              	// Secret resource, encrypted using the password stored in
                                                                                                                                                                              	// `passwordSecretRef`.
                                                                                                                                                                              	// The keystore file will only be updated upon re-issuance.
                                                                                                                                                                              	// A file named `truststore.p12` will also be created in the target
                                                                                                                                                                              	// Secret resource, encrypted using the password stored in
                                                                                                                                                                              	// `passwordSecretRef` containing the issuing Certificate Authority
                                                                                                                                                                              	Create bool `json:"create"`
                                                                                                                                                                              
                                                                                                                                                                              	// PasswordSecretRef is a reference to a key in a Secret resource
                                                                                                                                                                              	// containing the password used to encrypt the PKCS12 keystore.
                                                                                                                                                                              	PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"`
                                                                                                                                                                              }

                                                                                                                                                                                PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource.

                                                                                                                                                                                func (*PKCS12Keystore) DeepCopy

                                                                                                                                                                                func (in *PKCS12Keystore) DeepCopy() *PKCS12Keystore

                                                                                                                                                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKCS12Keystore.

                                                                                                                                                                                  func (*PKCS12Keystore) DeepCopyInto

                                                                                                                                                                                  func (in *PKCS12Keystore) DeepCopyInto(out *PKCS12Keystore)

                                                                                                                                                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                                    type PrivateKeyAlgorithm

                                                                                                                                                                                    type PrivateKeyAlgorithm string

                                                                                                                                                                                      +kubebuilder:validation:Enum=RSA;ECDSA

                                                                                                                                                                                      const (
                                                                                                                                                                                      	// Denotes the RSA private key type.
                                                                                                                                                                                      	RSAKeyAlgorithm PrivateKeyAlgorithm = "RSA"
                                                                                                                                                                                      
                                                                                                                                                                                      	// Denotes the ECDSA private key type.
                                                                                                                                                                                      	ECDSAKeyAlgorithm PrivateKeyAlgorithm = "ECDSA"
                                                                                                                                                                                      )

                                                                                                                                                                                      type PrivateKeyEncoding

                                                                                                                                                                                      type PrivateKeyEncoding string

                                                                                                                                                                                        +kubebuilder:validation:Enum=PKCS1;PKCS8

                                                                                                                                                                                        const (
                                                                                                                                                                                        	// PKCS1 key encoding will produce PEM files that include the type of
                                                                                                                                                                                        	// private key as part of the PEM header, e.g. `BEGIN RSA PRIVATE KEY`.
                                                                                                                                                                                        	// If the keyAlgorithm is set to 'ECDSA', this will produce private keys
                                                                                                                                                                                        	// that use the `BEGIN EC PRIVATE KEY` header.
                                                                                                                                                                                        	PKCS1 PrivateKeyEncoding = "PKCS1"
                                                                                                                                                                                        
                                                                                                                                                                                        	// PKCS8 key encoding will produce PEM files with the `BEGIN PRIVATE KEY`
                                                                                                                                                                                        	// header. It encodes the keyAlgorithm of the private key as part of the
                                                                                                                                                                                        	// DER encoded PEM block.
                                                                                                                                                                                        	PKCS8 PrivateKeyEncoding = "PKCS8"
                                                                                                                                                                                        )

                                                                                                                                                                                        type PrivateKeyRotationPolicy

                                                                                                                                                                                        type PrivateKeyRotationPolicy string

                                                                                                                                                                                          Denotes how private keys should be generated or sourced when a Certificate is being issued.

                                                                                                                                                                                          var (
                                                                                                                                                                                          	// RotationPolicyNever means a private key will only be generated if one
                                                                                                                                                                                          	// does not already exist in the target `spec.secretName`.
                                                                                                                                                                                          	// If one does exists but it does not have the correct algorithm or size,
                                                                                                                                                                                          	// a warning will be raised to await user intervention.
                                                                                                                                                                                          	RotationPolicyNever PrivateKeyRotationPolicy = "Never"
                                                                                                                                                                                          
                                                                                                                                                                                          	// RotationPolicyAlways means a private key matching the specified
                                                                                                                                                                                          	// requirements will be generated whenever a re-issuance occurs.
                                                                                                                                                                                          	RotationPolicyAlways PrivateKeyRotationPolicy = "Always"
                                                                                                                                                                                          )

                                                                                                                                                                                          type SelfSignedIssuer

                                                                                                                                                                                          type SelfSignedIssuer struct {
                                                                                                                                                                                          	// The CRL distribution points is an X.509 v3 certificate extension which identifies
                                                                                                                                                                                          	// the location of the CRL from which the revocation of this certificate can be checked.
                                                                                                                                                                                          	// If not set certificate will be issued without CDP. Values are strings.
                                                                                                                                                                                          	// +optional
                                                                                                                                                                                          	CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
                                                                                                                                                                                          }

                                                                                                                                                                                            Configures an issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.

                                                                                                                                                                                            func (*SelfSignedIssuer) DeepCopy

                                                                                                                                                                                            func (in *SelfSignedIssuer) DeepCopy() *SelfSignedIssuer

                                                                                                                                                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSignedIssuer.

                                                                                                                                                                                              func (*SelfSignedIssuer) DeepCopyInto

                                                                                                                                                                                              func (in *SelfSignedIssuer) DeepCopyInto(out *SelfSignedIssuer)

                                                                                                                                                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                                                type VaultAppRole

                                                                                                                                                                                                type VaultAppRole struct {
                                                                                                                                                                                                	// Path where the App Role authentication backend is mounted in Vault, e.g:
                                                                                                                                                                                                	// "approle"
                                                                                                                                                                                                	Path string `json:"path"`
                                                                                                                                                                                                
                                                                                                                                                                                                	// RoleID configured in the App Role authentication backend when setting
                                                                                                                                                                                                	// up the authentication backend in Vault.
                                                                                                                                                                                                	RoleId string `json:"roleId"`
                                                                                                                                                                                                
                                                                                                                                                                                                	// Reference to a key in a Secret that contains the App Role secret used
                                                                                                                                                                                                	// to authenticate with Vault.
                                                                                                                                                                                                	// The `key` field must be specified and denotes which entry within the Secret
                                                                                                                                                                                                	// resource is used as the app role secret.
                                                                                                                                                                                                	SecretRef cmmeta.SecretKeySelector `json:"secretRef"`
                                                                                                                                                                                                }

                                                                                                                                                                                                  VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.

                                                                                                                                                                                                  func (*VaultAppRole) DeepCopy

                                                                                                                                                                                                  func (in *VaultAppRole) DeepCopy() *VaultAppRole

                                                                                                                                                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.

                                                                                                                                                                                                    func (*VaultAppRole) DeepCopyInto

                                                                                                                                                                                                    func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)

                                                                                                                                                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                                                      type VaultAuth

                                                                                                                                                                                                      type VaultAuth struct {
                                                                                                                                                                                                      	// TokenSecretRef authenticates with Vault by presenting a token.
                                                                                                                                                                                                      	// +optional
                                                                                                                                                                                                      	TokenSecretRef *cmmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`
                                                                                                                                                                                                      
                                                                                                                                                                                                      	// AppRole authenticates with Vault using the App Role auth mechanism,
                                                                                                                                                                                                      	// with the role and secret stored in a Kubernetes Secret resource.
                                                                                                                                                                                                      	// +optional
                                                                                                                                                                                                      	AppRole *VaultAppRole `json:"appRole,omitempty"`
                                                                                                                                                                                                      
                                                                                                                                                                                                      	// Kubernetes authenticates with Vault by passing the ServiceAccount
                                                                                                                                                                                                      	// token stored in the named Secret resource to the Vault server.
                                                                                                                                                                                                      	// +optional
                                                                                                                                                                                                      	Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`
                                                                                                                                                                                                      }

                                                                                                                                                                                                        Configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole` or `kubernetes` may be specified.

                                                                                                                                                                                                        func (*VaultAuth) DeepCopy

                                                                                                                                                                                                        func (in *VaultAuth) DeepCopy() *VaultAuth

                                                                                                                                                                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.

                                                                                                                                                                                                          func (*VaultAuth) DeepCopyInto

                                                                                                                                                                                                          func (in *VaultAuth) DeepCopyInto(out *VaultAuth)

                                                                                                                                                                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                                                            type VaultIssuer

                                                                                                                                                                                                            type VaultIssuer struct {
                                                                                                                                                                                                            	// Auth configures how cert-manager authenticates with the Vault server.
                                                                                                                                                                                                            	Auth VaultAuth `json:"auth"`
                                                                                                                                                                                                            
                                                                                                                                                                                                            	// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
                                                                                                                                                                                                            	Server string `json:"server"`
                                                                                                                                                                                                            
                                                                                                                                                                                                            	// Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g:
                                                                                                                                                                                                            	// "my_pki_mount/sign/my-role-name".
                                                                                                                                                                                                            	Path string `json:"path"`
                                                                                                                                                                                                            
                                                                                                                                                                                                            	// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1"
                                                                                                                                                                                                            	// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
                                                                                                                                                                                                            	// +optional
                                                                                                                                                                                                            	Namespace string `json:"namespace,omitempty"`
                                                                                                                                                                                                            
                                                                                                                                                                                                            	// PEM encoded CA bundle used to validate Vault server certificate. Only used
                                                                                                                                                                                                            	// if the Server URL is using HTTPS protocol. This parameter is ignored for
                                                                                                                                                                                                            	// plain HTTP protocol connection. If not set the system root certificates
                                                                                                                                                                                                            	// are used to validate the TLS connection.
                                                                                                                                                                                                            	// +optional
                                                                                                                                                                                                            	CABundle []byte `json:"caBundle,omitempty"`
                                                                                                                                                                                                            }

                                                                                                                                                                                                              Configures an issuer to sign certificates using a HashiCorp Vault PKI backend.

                                                                                                                                                                                                              func (*VaultIssuer) DeepCopy

                                                                                                                                                                                                              func (in *VaultIssuer) DeepCopy() *VaultIssuer

                                                                                                                                                                                                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIssuer.

                                                                                                                                                                                                                func (*VaultIssuer) DeepCopyInto

                                                                                                                                                                                                                func (in *VaultIssuer) DeepCopyInto(out *VaultIssuer)

                                                                                                                                                                                                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                                                                  type VaultKubernetesAuth

                                                                                                                                                                                                                  type VaultKubernetesAuth struct {
                                                                                                                                                                                                                  	// The Vault mountPath here is the mount path to use when authenticating with
                                                                                                                                                                                                                  	// Vault. For example, setting a value to `/v1/auth/foo`, will use the path
                                                                                                                                                                                                                  	// `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the
                                                                                                                                                                                                                  	// default value "/v1/auth/kubernetes" will be used.
                                                                                                                                                                                                                  	// +optional
                                                                                                                                                                                                                  	Path string `json:"mountPath,omitempty"`
                                                                                                                                                                                                                  
                                                                                                                                                                                                                  	// The required Secret field containing a Kubernetes ServiceAccount JWT used
                                                                                                                                                                                                                  	// for authenticating with Vault. Use of 'ambient credentials' is not
                                                                                                                                                                                                                  	// supported.
                                                                                                                                                                                                                  	SecretRef cmmeta.SecretKeySelector `json:"secretRef"`
                                                                                                                                                                                                                  
                                                                                                                                                                                                                  	// A required field containing the Vault Role to assume. A Role binds a
                                                                                                                                                                                                                  	// Kubernetes ServiceAccount with a set of Vault policies.
                                                                                                                                                                                                                  	Role string `json:"role"`
                                                                                                                                                                                                                  }

                                                                                                                                                                                                                    Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.

                                                                                                                                                                                                                    func (*VaultKubernetesAuth) DeepCopy

                                                                                                                                                                                                                    func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth

                                                                                                                                                                                                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.

                                                                                                                                                                                                                      func (*VaultKubernetesAuth) DeepCopyInto

                                                                                                                                                                                                                      func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)

                                                                                                                                                                                                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                                                                        type VenafiCloud

                                                                                                                                                                                                                        type VenafiCloud struct {
                                                                                                                                                                                                                        	// URL is the base URL for Venafi Cloud.
                                                                                                                                                                                                                        	// Defaults to "https://api.venafi.cloud/v1".
                                                                                                                                                                                                                        	// +optional
                                                                                                                                                                                                                        	URL string `json:"url,omitempty"`
                                                                                                                                                                                                                        
                                                                                                                                                                                                                        	// APITokenSecretRef is a secret key selector for the Venafi Cloud API token.
                                                                                                                                                                                                                        	APITokenSecretRef cmmeta.SecretKeySelector `json:"apiTokenSecretRef"`
                                                                                                                                                                                                                        }

                                                                                                                                                                                                                          VenafiCloud defines connection configuration details for Venafi Cloud

                                                                                                                                                                                                                          func (*VenafiCloud) DeepCopy

                                                                                                                                                                                                                          func (in *VenafiCloud) DeepCopy() *VenafiCloud

                                                                                                                                                                                                                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiCloud.

                                                                                                                                                                                                                            func (*VenafiCloud) DeepCopyInto

                                                                                                                                                                                                                            func (in *VenafiCloud) DeepCopyInto(out *VenafiCloud)

                                                                                                                                                                                                                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                                                                              type VenafiIssuer

                                                                                                                                                                                                                              type VenafiIssuer struct {
                                                                                                                                                                                                                              	// Zone is the Venafi Policy Zone to use for this issuer.
                                                                                                                                                                                                                              	// All requests made to the Venafi platform will be restricted by the named
                                                                                                                                                                                                                              	// zone policy.
                                                                                                                                                                                                                              	// This field is required.
                                                                                                                                                                                                                              	Zone string `json:"zone"`
                                                                                                                                                                                                                              
                                                                                                                                                                                                                              	// TPP specifies Trust Protection Platform configuration settings.
                                                                                                                                                                                                                              	// Only one of TPP or Cloud may be specified.
                                                                                                                                                                                                                              	// +optional
                                                                                                                                                                                                                              	TPP *VenafiTPP `json:"tpp,omitempty"`
                                                                                                                                                                                                                              
                                                                                                                                                                                                                              	// Cloud specifies the Venafi cloud configuration settings.
                                                                                                                                                                                                                              	// Only one of TPP or Cloud may be specified.
                                                                                                                                                                                                                              	// +optional
                                                                                                                                                                                                                              	Cloud *VenafiCloud `json:"cloud,omitempty"`
                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                Configures an issuer to sign certificates using a Venafi TPP or Cloud policy zone.

                                                                                                                                                                                                                                func (*VenafiIssuer) DeepCopy

                                                                                                                                                                                                                                func (in *VenafiIssuer) DeepCopy() *VenafiIssuer

                                                                                                                                                                                                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiIssuer.

                                                                                                                                                                                                                                  func (*VenafiIssuer) DeepCopyInto

                                                                                                                                                                                                                                  func (in *VenafiIssuer) DeepCopyInto(out *VenafiIssuer)

                                                                                                                                                                                                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                                                                                    type VenafiTPP

                                                                                                                                                                                                                                    type VenafiTPP struct {
                                                                                                                                                                                                                                    	// URL is the base URL for the vedsdk endpoint of the Venafi TPP instance,
                                                                                                                                                                                                                                    	// for example: "https://tpp.example.com/vedsdk".
                                                                                                                                                                                                                                    	URL string `json:"url"`
                                                                                                                                                                                                                                    
                                                                                                                                                                                                                                    	// CredentialsRef is a reference to a Secret containing the username and
                                                                                                                                                                                                                                    	// password for the TPP server.
                                                                                                                                                                                                                                    	// The secret must contain two keys, 'username' and 'password'.
                                                                                                                                                                                                                                    	CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"`
                                                                                                                                                                                                                                    
                                                                                                                                                                                                                                    	// CABundle is a PEM encoded TLS certificate to use to verify connections to
                                                                                                                                                                                                                                    	// the TPP instance.
                                                                                                                                                                                                                                    	// If specified, system roots will not be used and the issuing CA for the
                                                                                                                                                                                                                                    	// TPP instance must be verifiable using the provided root.
                                                                                                                                                                                                                                    	// If not specified, the connection will be verified using the cert-manager
                                                                                                                                                                                                                                    	// system root certificates.
                                                                                                                                                                                                                                    	// +optional
                                                                                                                                                                                                                                    	CABundle []byte `json:"caBundle,omitempty"`
                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                      VenafiTPP defines connection configuration details for a Venafi TPP instance

                                                                                                                                                                                                                                      func (*VenafiTPP) DeepCopy

                                                                                                                                                                                                                                      func (in *VenafiTPP) DeepCopy() *VenafiTPP

                                                                                                                                                                                                                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiTPP.

                                                                                                                                                                                                                                        func (*VenafiTPP) DeepCopyInto

                                                                                                                                                                                                                                        func (in *VenafiTPP) DeepCopyInto(out *VenafiTPP)

                                                                                                                                                                                                                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                                                                                                                          type X509Subject

                                                                                                                                                                                                                                          type X509Subject struct {
                                                                                                                                                                                                                                          	// Organizations to be used on the Certificate.
                                                                                                                                                                                                                                          	// +optional
                                                                                                                                                                                                                                          	Organizations []string `json:"organizations,omitempty"`
                                                                                                                                                                                                                                          	// Countries to be used on the Certificate.
                                                                                                                                                                                                                                          	// +optional
                                                                                                                                                                                                                                          	Countries []string `json:"countries,omitempty"`
                                                                                                                                                                                                                                          	// Organizational Units to be used on the Certificate.
                                                                                                                                                                                                                                          	// +optional
                                                                                                                                                                                                                                          	OrganizationalUnits []string `json:"organizationalUnits,omitempty"`
                                                                                                                                                                                                                                          	// Cities to be used on the Certificate.
                                                                                                                                                                                                                                          	// +optional
                                                                                                                                                                                                                                          	Localities []string `json:"localities,omitempty"`
                                                                                                                                                                                                                                          	// State/Provinces to be used on the Certificate.
                                                                                                                                                                                                                                          	// +optional
                                                                                                                                                                                                                                          	Provinces []string `json:"provinces,omitempty"`
                                                                                                                                                                                                                                          	// Street addresses to be used on the Certificate.
                                                                                                                                                                                                                                          	// +optional
                                                                                                                                                                                                                                          	StreetAddresses []string `json:"streetAddresses,omitempty"`
                                                                                                                                                                                                                                          	// Postal codes to be used on the Certificate.
                                                                                                                                                                                                                                          	// +optional
                                                                                                                                                                                                                                          	PostalCodes []string `json:"postalCodes,omitempty"`
                                                                                                                                                                                                                                          	// Serial number to be used on the Certificate.
                                                                                                                                                                                                                                          	// +optional
                                                                                                                                                                                                                                          	SerialNumber string `json:"serialNumber,omitempty"`
                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                            X509Subject Full X509 name specification

                                                                                                                                                                                                                                            func (*X509Subject) DeepCopy

                                                                                                                                                                                                                                            func (in *X509Subject) DeepCopy() *X509Subject

                                                                                                                                                                                                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509Subject.

                                                                                                                                                                                                                                              func (*X509Subject) DeepCopyInto

                                                                                                                                                                                                                                              func (in *X509Subject) DeepCopyInto(out *X509Subject)

                                                                                                                                                                                                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.