ziggi/mstore
1
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Wiki Activity

updated vendor

Browse Source
This commit is contained in:
Олег Бородин
2026-06-16 08:02:19 +02:00
parent 2f7f99d3f0
commit 77299d0c64
1283 changed files with 67302 additions and 208958 deletions
Download Patch File Download Diff File Expand all files Collapse all files
vendor/k8s.io/api/certificates/v1beta1/generated.pb.go
Generated Vendored
+46
View File
@@ -642,6 +642,13 @@ func (m *PodCertificateRequestSpec) MarshalToSizedBuffer(dAtA []byte) (int, erro
_ = i
var l int
_ = l
if m.StubPKCS10Request != nil {
i -= len(m.StubPKCS10Request)
copy(dAtA[i:], m.StubPKCS10Request)
i = encodeVarintGenerated(dAtA, i, uint64(len(m.StubPKCS10Request)))
i--
dAtA[i] = 0x62
}
if len(m.UnverifiedUserAnnotations) > 0 {
keysForUnverifiedUserAnnotations := make([]string, 0, len(m.UnverifiedUserAnnotations))
for k := range m.UnverifiedUserAnnotations {
@@ -1058,6 +1065,10 @@ func (m *PodCertificateRequestSpec) Size() (n int) {
n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
}
}
if m.StubPKCS10Request != nil {
l = len(m.StubPKCS10Request)
n += 1 + l + sovGenerated(uint64(l))
}
return n
}
@@ -1274,6 +1285,7 @@ func (this *PodCertificateRequestSpec) String() string {
`PKIXPublicKey:` + valueToStringGenerated(this.PKIXPublicKey) + `,`,
`ProofOfPossession:` + valueToStringGenerated(this.ProofOfPossession) + `,`,
`UnverifiedUserAnnotations:` + mapStringForUnverifiedUserAnnotations + `,`,
`StubPKCS10Request:` + valueToStringGenerated(this.StubPKCS10Request) + `,`,
`}`,
}, "")
return s
@@ -3490,6 +3502,40 @@ func (m *PodCertificateRequestSpec) Unmarshal(dAtA []byte) error {
}
m.UnverifiedUserAnnotations[mapkey] = mapvalue
iNdEx = postIndex
case 12:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field StubPKCS10Request", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.StubPKCS10Request = append(m.StubPKCS10Request[:0], dAtA[iNdEx:postIndex]...)
if m.StubPKCS10Request == nil {
m.StubPKCS10Request = []byte{}
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
vendor/k8s.io/api/certificates/v1beta1/generated.proto
Generated Vendored
+44 -16
View File
@@ -30,8 +30,8 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
option go_package = "k8s.io/api/certificates/v1beta1";
// Describes a certificate signing request
// +k8s:supportsSubresource=/status
// +k8s:supportsSubresource=/approval
// +k8s:supportsSubresource="/status"
// +k8s:supportsSubresource="/approval"
message CertificateSigningRequest {
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
@@ -183,12 +183,12 @@ message CertificateSigningRequestStatus {
// +listType=map
// +listMapKey=type
// +optional
// +k8s:listType=map
// +k8s:listMapKey=type
// +k8s:customUnique
// +k8s:optional
// +k8s:item(type: "Approved")=+k8s:zeroOrOneOfMember
// +k8s:item(type: "Denied")=+k8s:zeroOrOneOfMember
// +k8s:alpha(since: "1.36")=+k8s:listType=map
// +k8s:alpha(since: "1.36")=+k8s:listMapKey=type
// +k8s:alpha(since: "1.36")=+k8s:customUnique
// +k8s:alpha(since: "1.36")=+k8s:optional
// +k8s:alpha(since: "1.36")=+k8s:item(type: "Approved")=+k8s:zeroOrOneOfMember
// +k8s:alpha(since: "1.36")=+k8s:item(type: "Denied")=+k8s:zeroOrOneOfMember
repeated CertificateSigningRequestCondition conditions = 1;
// If request was approved, the controller will place the issued certificate here.
@@ -289,6 +289,7 @@ message PodCertificateRequest {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// spec contains the details about the certificate being requested.
// +required
optional PodCertificateRequestSpec spec = 2;
// status contains the issued certificate, and a standard set of conditions.
@@ -369,8 +370,7 @@ message PodCertificateRequestSpec {
// +default=86400
optional int32 maxExpirationSeconds = 8;
// pkixPublicKey is the PKIX-serialized public key the signer will issue the
// certificate to.
// The PKIX-serialized public key the signer will issue the certificate to.
//
// The key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521,
// or ED25519. Note that this list may be expanded in the future.
@@ -382,11 +382,16 @@ message PodCertificateRequestSpec {
// "UnsupportedKeyType". It may also suggest a key type that it does support
// in the message field.
//
// +required
// Deprecated: This field is replaced by StubPKCS10Request. If
// StubPKCS10Request is set, this field must be empty. Signer
// implementations should extract the public key from the StubPKCS10Request
// field.
//
// +optional
optional bytes pkixPublicKey = 9;
// proofOfPossession proves that the requesting kubelet holds the private
// key corresponding to pkixPublicKey.
// A proof that the requesting kubelet holds the private key corresponding
// to pkixPublicKey.
//
// It is contructed by signing the ASCII bytes of the pod's UID using
// `pkixPublicKey`.
@@ -403,12 +408,35 @@ message PodCertificateRequestSpec {
// golang library function crypto/ecdsa.SignASN1)
//
// If the key is an ED25519 key, the the signature is as described by the
// [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by
// the golang library crypto/ed25519.Sign).
// [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the
// golang library crypto/ed25519.Sign).
//
// +required
// Deprecated: This field is replaced by StubPKCS10Request. If
// StubPKCS10Request is set, this field must be empty.
//
// +optional
optional bytes proofOfPossession = 10;
// A PKCS#10 certificate signing request (DER-serialized) generated by
// Kubelet using the subject private key.
//
// Most signer implementations will ignore the contents of the CSR except to
// extract the subject public key. The API server automatically verifies the
// CSR signature during admission, so the signer does not need to repeat the
// verification. CSRs generated by kubelet are completely empty.
//
// The subject public key must be one of RSA3072, RSA4096, ECDSAP256,
// ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in
// the future.
//
// Signer implementations do not need to support all key types supported by
// kube-apiserver and kubelet. If a signer does not support the key type
// used for a given PodCertificateRequest, it must deny the request by
// setting a status.conditions entry with a type of "Denied" and a reason of
// "UnsupportedKeyType". It may also suggest a key type that it does support
// in the message field.
optional bytes stubPKCS10Request = 12;
// unverifiedUserAnnotations allow pod authors to pass additional information to
// the signer implementation. Kubernetes does not restrict or validate this
// metadata in any way.
vendor/k8s.io/api/certificates/v1beta1/generated.protomessage.pb.go
Generated Vendored
-48
View File
@@ -1,48 +0,0 @@
//go:build kubernetes_protomessage_one_more_release
// +build kubernetes_protomessage_one_more_release
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by go-to-protobuf. DO NOT EDIT.
package v1beta1
func (*CertificateSigningRequest) ProtoMessage() {}
func (*CertificateSigningRequestCondition) ProtoMessage() {}
func (*CertificateSigningRequestList) ProtoMessage() {}
func (*CertificateSigningRequestSpec) ProtoMessage() {}
func (*CertificateSigningRequestStatus) ProtoMessage() {}
func (*ClusterTrustBundle) ProtoMessage() {}
func (*ClusterTrustBundleList) ProtoMessage() {}
func (*ClusterTrustBundleSpec) ProtoMessage() {}
func (*ExtraValue) ProtoMessage() {}
func (*PodCertificateRequest) ProtoMessage() {}
func (*PodCertificateRequestList) ProtoMessage() {}
func (*PodCertificateRequestSpec) ProtoMessage() {}
func (*PodCertificateRequestStatus) ProtoMessage() {}
vendor/k8s.io/api/certificates/v1beta1/types.go
Generated Vendored
+46 -16
View File
@@ -32,8 +32,8 @@ import (
// +k8s:prerelease-lifecycle-gen:replacement=certificates.k8s.io,v1,CertificateSigningRequest
// Describes a certificate signing request
// +k8s:supportsSubresource=/status
// +k8s:supportsSubresource=/approval
// +k8s:supportsSubresource="/status"
// +k8s:supportsSubresource="/approval"
type CertificateSigningRequest struct {
metav1.TypeMeta `json:",inline"`
// +optional
@@ -177,12 +177,12 @@ type CertificateSigningRequestStatus struct {
// +listType=map
// +listMapKey=type
// +optional
// +k8s:listType=map
// +k8s:listMapKey=type
// +k8s:customUnique
// +k8s:optional
// +k8s:item(type: "Approved")=+k8s:zeroOrOneOfMember
// +k8s:item(type: "Denied")=+k8s:zeroOrOneOfMember
// +k8s:alpha(since: "1.36")=+k8s:listType=map
// +k8s:alpha(since: "1.36")=+k8s:listMapKey=type
// +k8s:alpha(since: "1.36")=+k8s:customUnique
// +k8s:alpha(since: "1.36")=+k8s:optional
// +k8s:alpha(since: "1.36")=+k8s:item(type: "Approved")=+k8s:zeroOrOneOfMember
// +k8s:alpha(since: "1.36")=+k8s:item(type: "Denied")=+k8s:zeroOrOneOfMember
Conditions []CertificateSigningRequestCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"`
// If request was approved, the controller will place the issued certificate here.
@@ -273,6 +273,7 @@ const (
// +genclient
// +genclient:nonNamespaced
// +k8s:prerelease-lifecycle-gen:introduced=1.33
// +k8s:prerelease-lifecycle-gen:deprecated=1.37
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterTrustBundle is a cluster-scoped container for X.509 trust anchors
@@ -340,6 +341,7 @@ type ClusterTrustBundleSpec struct {
}
// +k8s:prerelease-lifecycle-gen:introduced=1.33
// +k8s:prerelease-lifecycle-gen:deprecated=1.37
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterTrustBundleList is a collection of ClusterTrustBundle objects
@@ -372,6 +374,7 @@ type PodCertificateRequest struct {
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// spec contains the details about the certificate being requested.
// +required
Spec PodCertificateRequestSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
// status contains the issued certificate, and a standard set of conditions.
@@ -438,8 +441,7 @@ type PodCertificateRequestSpec struct {
// +default=86400
MaxExpirationSeconds *int32 `json:"maxExpirationSeconds,omitempty" protobuf:"varint,8,opt,name=maxExpirationSeconds"`
// pkixPublicKey is the PKIX-serialized public key the signer will issue the
// certificate to.
// The PKIX-serialized public key the signer will issue the certificate to.
//
// The key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521,
// or ED25519. Note that this list may be expanded in the future.
@@ -451,11 +453,16 @@ type PodCertificateRequestSpec struct {
// "UnsupportedKeyType". It may also suggest a key type that it does support
// in the message field.
//
// +required
// Deprecated: This field is replaced by StubPKCS10Request. If
// StubPKCS10Request is set, this field must be empty. Signer
// implementations should extract the public key from the StubPKCS10Request
// field.
//
// +optional
PKIXPublicKey []byte `json:"pkixPublicKey" protobuf:"bytes,9,opt,name=pkixPublicKey"`
// proofOfPossession proves that the requesting kubelet holds the private
// key corresponding to pkixPublicKey.
// A proof that the requesting kubelet holds the private key corresponding
// to pkixPublicKey.
//
// It is contructed by signing the ASCII bytes of the pod's UID using
// `pkixPublicKey`.
@@ -472,12 +479,35 @@ type PodCertificateRequestSpec struct {
// golang library function crypto/ecdsa.SignASN1)
//
// If the key is an ED25519 key, the the signature is as described by the
// [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by
// the golang library crypto/ed25519.Sign).
// [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the
// golang library crypto/ed25519.Sign).
//
// +required
// Deprecated: This field is replaced by StubPKCS10Request. If
// StubPKCS10Request is set, this field must be empty.
//
// +optional
ProofOfPossession []byte `json:"proofOfPossession" protobuf:"bytes,10,opt,name=proofOfPossession"`
// A PKCS#10 certificate signing request (DER-serialized) generated by
// Kubelet using the subject private key.
//
// Most signer implementations will ignore the contents of the CSR except to
// extract the subject public key. The API server automatically verifies the
// CSR signature during admission, so the signer does not need to repeat the
// verification. CSRs generated by kubelet are completely empty.
//
// The subject public key must be one of RSA3072, RSA4096, ECDSAP256,
// ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in
// the future.
//
// Signer implementations do not need to support all key types supported by
// kube-apiserver and kubelet. If a signer does not support the key type
// used for a given PodCertificateRequest, it must deny the request by
// setting a status.conditions entry with a type of "Denied" and a reason of
// "UnsupportedKeyType". It may also suggest a key type that it does support
// in the message field.
StubPKCS10Request []byte `json:"stubPKCS10Request" protobuf:"bytes,12,opt,name=stubPKCS10Request"`
// unverifiedUserAnnotations allow pod authors to pass additional information to
// the signer implementation. Kubernetes does not restrict or validate this
// metadata in any way.
vendor/k8s.io/api/certificates/v1beta1/types_swagger_doc_generated.go
Generated Vendored
+3 -2
View File
@@ -136,8 +136,9 @@ var map_PodCertificateRequestSpec = map[string]string{
"nodeName": "nodeName is the name of the node the pod is assigned to.",
"nodeUID": "nodeUID is the UID of the node the pod is assigned to.",
"maxExpirationSeconds": "maxExpirationSeconds is the maximum lifetime permitted for the certificate.\n\nIf omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days).\n\nThe signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours.",
"pkixPublicKey": "pkixPublicKey is the PKIX-serialized public key the signer will issue the certificate to.\n\nThe key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in the future.\n\nSigner implementations do not need to support all key types supported by kube-apiserver and kubelet. If a signer does not support the key type used for a given PodCertificateRequest, it must deny the request by setting a status.conditions entry with a type of \"Denied\" and a reason of \"UnsupportedKeyType\". It may also suggest a key type that it does support in the message field.",
"proofOfPossession": "proofOfPossession proves that the requesting kubelet holds the private key corresponding to pkixPublicKey.\n\nIt is contructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`.\n\nkube-apiserver validates the proof of possession during creation of the PodCertificateRequest.\n\nIf the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options).\n\nIf the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1)\n\nIf the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign).",
"pkixPublicKey": "The PKIX-serialized public key the signer will issue the certificate to.\n\nThe key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in the future.\n\nSigner implementations do not need to support all key types supported by kube-apiserver and kubelet. If a signer does not support the key type used for a given PodCertificateRequest, it must deny the request by setting a status.conditions entry with a type of \"Denied\" and a reason of \"UnsupportedKeyType\". It may also suggest a key type that it does support in the message field.\n\nDeprecated: This field is replaced by StubPKCS10Request. If StubPKCS10Request is set, this field must be empty. Signer implementations should extract the public key from the StubPKCS10Request field.",
"proofOfPossession": "A proof that the requesting kubelet holds the private key corresponding to pkixPublicKey.\n\nIt is contructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`.\n\nkube-apiserver validates the proof of possession during creation of the PodCertificateRequest.\n\nIf the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options).\n\nIf the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1)\n\nIf the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign).\n\nDeprecated: This field is replaced by StubPKCS10Request. If StubPKCS10Request is set, this field must be empty.",
"stubPKCS10Request": "A PKCS#10 certificate signing request (DER-serialized) generated by Kubelet using the subject private key.\n\nMost signer implementations will ignore the contents of the CSR except to extract the subject public key. The API server automatically verifies the CSR signature during admission, so the signer does not need to repeat the verification. CSRs generated by kubelet are completely empty.\n\nThe subject public key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in the future.\n\nSigner implementations do not need to support all key types supported by kube-apiserver and kubelet. If a signer does not support the key type used for a given PodCertificateRequest, it must deny the request by setting a status.conditions entry with a type of \"Denied\" and a reason of \"UnsupportedKeyType\". It may also suggest a key type that it does support in the message field.",
"unverifiedUserAnnotations": "unverifiedUserAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way.\n\nEntries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field.\n\nSigners should document the keys and values they support. Signers should deny requests that contain keys they do not recognize.",
}
vendor/k8s.io/api/certificates/v1beta1/zz_generated.deepcopy.go
Generated Vendored
+5
View File
@@ -364,6 +364,11 @@ func (in *PodCertificateRequestSpec) DeepCopyInto(out *PodCertificateRequestSpec
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.StubPKCS10Request != nil {
in, out := &in.StubPKCS10Request, &out.StubPKCS10Request
*out = make([]byte, len(*in))
copy(*out, *in)
}
if in.UnverifiedUserAnnotations != nil {
in, out := &in.UnverifiedUserAnnotations, &out.UnverifiedUserAnnotations
*out = make(map[string]string, len(*in))
vendor/k8s.io/api/certificates/v1beta1/zz_generated.prerelease-lifecycle.go
Generated Vendored
+4 -4
View File
@@ -82,13 +82,13 @@ func (in *ClusterTrustBundle) APILifecycleIntroduced() (major, minor int) {
// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (in *ClusterTrustBundle) APILifecycleDeprecated() (major, minor int) {
return 1, 36
return 1, 37
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *ClusterTrustBundle) APILifecycleRemoved() (major, minor int) {
return 1, 39
return 1, 40
}
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
@@ -100,13 +100,13 @@ func (in *ClusterTrustBundleList) APILifecycleIntroduced() (major, minor int) {
// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (in *ClusterTrustBundleList) APILifecycleDeprecated() (major, minor int) {
return 1, 36
return 1, 37
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *ClusterTrustBundleList) APILifecycleRemoved() (major, minor int) {
return 1, 39
return 1, 40
}
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.