k8s.io/kube-openapi@v0.0.0-20240228011516-70dd3763d340/pkg/schemaconv/testdata/crds/openapiv3/privateca_v1beta1_privatecacertificate.json

k8s.io/kube-openapi@v0.0.0-20240228011516-70dd3763d340/pkg/schemaconv/testdata/crds/openapiv3/privateca_v1beta1_privatecacertificate.json (about)

     1  {"openapi":"3.0.0","info":{"title":"Kubernetes CRD Swagger","version":"v0.1.0"},"components":{"schemas":{"com.google.cloud.cnrm.privateca.v1beta1.PrivateCACertificate":{"type":"object","required":["spec"],"properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"description":"Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata","allOf":[{"$ref":"#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"}]},"spec":{"type":"object","required":["caPoolRef","lifetime","location","projectRef"],"properties":{"caPoolRef":{"description":"Immutable.","type":"object","oneOf":[{"required":["name"],"not":{"required":["external"]}},{"required":["external"],"not":{"anyOf":[{"required":["name"]},{"required":["namespace"]}]}}],"properties":{"external":{"description":"The ca_pool for the resource\n\nAllowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`).","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"namespace":{"description":"Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/","type":"string"}}},"certificateAuthorityRef":{"description":"Immutable.","type":"object","oneOf":[{"required":["name"],"not":{"required":["external"]}},{"required":["external"],"not":{"anyOf":[{"required":["name"]},{"required":["namespace"]}]}}],"properties":{"external":{"description":"The certificate authority for the resource\n\nAllowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`).","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"namespace":{"description":"Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/","type":"string"}}},"certificateTemplateRef":{"description":"Immutable.","type":"object","oneOf":[{"required":["name"],"not":{"required":["external"]}},{"required":["external"],"not":{"anyOf":[{"required":["name"]},{"required":["namespace"]}]}}],"properties":{"external":{"description":"Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.\n\nAllowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"namespace":{"description":"Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/","type":"string"}}},"config":{"description":"Immutable. Immutable. A description of the certificate and key that does not require X.509 or ASN.1.","type":"object","required":["subjectConfig","x509Config"],"properties":{"publicKey":{"description":"Immutable. Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.","type":"object","required":["format","key"],"properties":{"format":{"description":"Immutable. Required. The format of the public key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM","type":"string"},"key":{"description":"Immutable. Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field.","type":"string"}}},"subjectConfig":{"description":"Immutable. Required. Specifies some of the values in a certificate that are related to the subject.","type":"object","required":["subject"],"properties":{"subject":{"description":"Immutable. Required. Contains distinguished name fields such as the common name, location and organization.","type":"object","properties":{"commonName":{"description":"Immutable. The \"common name\" of the subject.","type":"string"},"countryCode":{"description":"Immutable. The country code of the subject.","type":"string"},"locality":{"description":"Immutable. The locality or city of the subject.","type":"string"},"organization":{"description":"Immutable. The organization of the subject.","type":"string"},"organizationalUnit":{"description":"Immutable. The organizational_unit of the subject.","type":"string"},"postalCode":{"description":"Immutable. The postal code of the subject.","type":"string"},"province":{"description":"Immutable. The province, territory, or regional state of the subject.","type":"string"},"streetAddress":{"description":"Immutable. The street address of the subject.","type":"string"}}},"subjectAltName":{"description":"Immutable. Optional. The subject alternative name fields.","type":"object","properties":{"dnsNames":{"description":"Immutable. Contains only valid, fully-qualified host names.","type":"array","items":{"type":"string"}},"emailAddresses":{"description":"Immutable. Contains only valid RFC 2822 E-mail addresses.","type":"array","items":{"type":"string"}},"ipAddresses":{"description":"Immutable. Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","type":"array","items":{"type":"string"}},"uris":{"description":"Immutable. Contains only valid RFC 3986 URIs.","type":"array","items":{"type":"string"}}}}}},"x509Config":{"description":"Immutable. Required. Describes how some of the technical X.509 fields in a certificate should be populated.","type":"object","properties":{"additionalExtensions":{"description":"Immutable. Optional. Describes custom X.509 extensions.","type":"array","items":{"type":"object","required":["objectId","value"],"properties":{"critical":{"description":"Immutable. Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).","type":"boolean"},"objectId":{"description":"Immutable. Required. The OID for this X.509 extension.","type":"object","required":["objectIdPath"],"properties":{"objectIdPath":{"description":"Immutable. Required. The parts of an OID path. The most significant parts of the path come first.","type":"array","items":{"type":"integer","format":"int64"}}}},"value":{"description":"Immutable. Required. The value of this X.509 extension.","type":"string"}}}},"aiaOcspServers":{"description":"Immutable. Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.","type":"array","items":{"type":"string"}},"caOptions":{"description":"Immutable. Optional. Describes options in this X509Parameters that are relevant in a CA certificate.","type":"object","properties":{"isCa":{"description":"Immutable. Optional. When true, the \"CA\" in Basic Constraints extension will be set to true.","type":"boolean"},"maxIssuerPathLength":{"description":"Immutable. Optional. Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","type":"integer","format":"int64"},"nonCa":{"description":"Immutable. Optional. When true, the \"CA\" in Basic Constraints extension will be set to false. If both `is_ca` and `non_ca` are unset, the extension will be omitted from the CA certificate.","type":"boolean"},"zeroMaxIssuerPathLength":{"description":"Immutable. Optional. When true, the \"path length constraint\" in Basic Constraints extension will be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length are unset, the max path length will be omitted from the CA certificate.","type":"boolean"}}},"keyUsage":{"description":"Immutable. Optional. Indicates the intended use for keys that correspond to a certificate.","type":"object","properties":{"baseKeyUsage":{"description":"Immutable. Describes high-level ways in which a key may be used.","type":"object","properties":{"certSign":{"description":"Immutable. The key may be used to sign certificates.","type":"boolean"},"contentCommitment":{"description":"Immutable. The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","type":"boolean"},"crlSign":{"description":"Immutable. The key may be used sign certificate revocation lists.","type":"boolean"},"dataEncipherment":{"description":"Immutable. The key may be used to encipher data.","type":"boolean"},"decipherOnly":{"description":"Immutable. The key may be used to decipher only.","type":"boolean"},"digitalSignature":{"description":"Immutable. The key may be used for digital signatures.","type":"boolean"},"encipherOnly":{"description":"Immutable. The key may be used to encipher only.","type":"boolean"},"keyAgreement":{"description":"Immutable. The key may be used in a key agreement protocol.","type":"boolean"},"keyEncipherment":{"description":"Immutable. The key may be used to encipher other keys.","type":"boolean"}}},"extendedKeyUsage":{"description":"Immutable. Detailed scenarios in which a key may be used.","type":"object","properties":{"clientAuth":{"description":"Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","type":"boolean"},"codeSigning":{"description":"Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","type":"boolean"},"emailProtection":{"description":"Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","type":"boolean"},"ocspSigning":{"description":"Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","type":"boolean"},"serverAuth":{"description":"Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","type":"boolean"},"timeStamping":{"description":"Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","type":"boolean"}}},"unknownExtendedKeyUsages":{"description":"Immutable. Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.","type":"array","items":{"type":"object","required":["objectIdPath"],"properties":{"objectIdPath":{"description":"Immutable. Required. The parts of an OID path. The most significant parts of the path come first.","type":"array","items":{"type":"integer","format":"int64"}}}}}}},"policyIds":{"description":"Immutable. Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","type":"array","items":{"type":"object","required":["objectIdPath"],"properties":{"objectIdPath":{"description":"Immutable. Required. The parts of an OID path. The most significant parts of the path come first.","type":"array","items":{"type":"integer","format":"int64"}}}}}}}}},"lifetime":{"description":"Immutable. Required. Immutable. The desired lifetime of a certificate. Used to create the \"not_before_time\" and \"not_after_time\" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.","type":"string"},"location":{"description":"Immutable. The location for the resource","type":"string"},"pemCsr":{"description":"Immutable. Immutable. A pem-encoded X.509 certificate signing request (CSR).","type":"string"},"projectRef":{"description":"Immutable. The Project that this resource belongs to.","type":"object","oneOf":[{"required":["name"],"not":{"required":["external"]}},{"required":["external"],"not":{"anyOf":[{"required":["name"]},{"required":["namespace"]}]}}],"properties":{"external":{"description":"The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"namespace":{"description":"Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/","type":"string"}}},"resourceID":{"description":"Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.","type":"string"},"subjectMode":{"description":"Immutable. Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the `DEFAULT` subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, DEFAULT, REFLECTED_SPIFFE","type":"string"}}},"status":{"type":"object","properties":{"certificateDescription":{"description":"Output only. A structured description of the issued X.509 certificate.","type":"object","properties":{"aiaIssuingCertificateUrls":{"description":"Describes lists of issuer CA certificate URLs that appear in the \"Authority Information Access\" extension in the certificate.","type":"array","items":{"type":"string"}},"authorityKeyId":{"description":"Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1","type":"object","properties":{"keyId":{"description":"Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.","type":"string"}}},"certFingerprint":{"description":"The hash of the x.509 certificate.","type":"object","properties":{"sha256Hash":{"description":"The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.","type":"string"}}},"crlDistributionPoints":{"description":"Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13","type":"array","items":{"type":"string"}},"publicKey":{"description":"The public key that corresponds to an issued certificate.","type":"object","properties":{"format":{"description":"Required. The format of the public key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM","type":"string"},"key":{"description":"Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field.","type":"string"}}},"subjectDescription":{"description":"Describes some of the values in a certificate that are related to the subject and lifetime.","type":"object","properties":{"hexSerialNumber":{"description":"The serial number encoded in lowercase hexadecimal.","type":"string"},"lifetime":{"description":"For convenience, the actual lifetime of an issued certificate.","type":"string"},"notAfterTime":{"description":"The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.","type":"string","format":"date-time"},"notBeforeTime":{"description":"The time at which the certificate becomes valid.","type":"string","format":"date-time"},"subject":{"description":"Contains distinguished name fields such as the common name, location and / organization.","type":"object","properties":{"commonName":{"description":"The \"common name\" of the subject.","type":"string"},"countryCode":{"description":"The country code of the subject.","type":"string"},"locality":{"description":"The locality or city of the subject.","type":"string"},"organization":{"description":"The organization of the subject.","type":"string"},"organizationalUnit":{"description":"The organizational_unit of the subject.","type":"string"},"postalCode":{"description":"The postal code of the subject.","type":"string"},"province":{"description":"The province, territory, or regional state of the subject.","type":"string"},"streetAddress":{"description":"The street address of the subject.","type":"string"}}},"subjectAltName":{"description":"The subject alternative name fields.","type":"object","properties":{"customSans":{"description":"Contains additional subject alternative name values.","type":"array","items":{"type":"object","properties":{"critical":{"description":"Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).","type":"boolean"},"objectId":{"description":"Required. The OID for this X.509 extension.","type":"object","properties":{"objectIdPath":{"description":"Required. The parts of an OID path. The most significant parts of the path come first.","type":"array","items":{"type":"integer","format":"int64"}}}},"value":{"description":"Required. The value of this X.509 extension.","type":"string"}}}},"dnsNames":{"description":"Contains only valid, fully-qualified host names.","type":"array","items":{"type":"string"}},"emailAddresses":{"description":"Contains only valid RFC 2822 E-mail addresses.","type":"array","items":{"type":"string"}},"ipAddresses":{"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","type":"array","items":{"type":"string"}},"uris":{"description":"Contains only valid RFC 3986 URIs.","type":"array","items":{"type":"string"}}}}}},"subjectKeyId":{"description":"Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.","type":"object","properties":{"keyId":{"description":"Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.","type":"string"}}},"x509Description":{"description":"Describes some of the technical X.509 fields in a certificate.","type":"object","properties":{"additionalExtensions":{"description":"Optional. Describes custom X.509 extensions.","type":"array","items":{"type":"object","properties":{"critical":{"description":"Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).","type":"boolean"},"objectId":{"description":"Required. The OID for this X.509 extension.","type":"object","properties":{"objectIdPath":{"description":"Required. The parts of an OID path. The most significant parts of the path come first.","type":"array","items":{"type":"integer","format":"int64"}}}},"value":{"description":"Required. The value of this X.509 extension.","type":"string"}}}},"aiaOcspServers":{"description":"Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.","type":"array","items":{"type":"string"}},"caOptions":{"description":"Optional. Describes options in this X509Parameters that are relevant in a CA certificate.","type":"object","properties":{"isCa":{"description":"Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.","type":"boolean"},"maxIssuerPathLength":{"description":"Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.","type":"integer","format":"int64"}}},"keyUsage":{"description":"Optional. Indicates the intended use for keys that correspond to a certificate.","type":"object","properties":{"baseKeyUsage":{"description":"Describes high-level ways in which a key may be used.","type":"object","properties":{"certSign":{"description":"The key may be used to sign certificates.","type":"boolean"},"contentCommitment":{"description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","type":"boolean"},"crlSign":{"description":"The key may be used sign certificate revocation lists.","type":"boolean"},"dataEncipherment":{"description":"The key may be used to encipher data.","type":"boolean"},"decipherOnly":{"description":"The key may be used to decipher only.","type":"boolean"},"digitalSignature":{"description":"The key may be used for digital signatures.","type":"boolean"},"encipherOnly":{"description":"The key may be used to encipher only.","type":"boolean"},"keyAgreement":{"description":"The key may be used in a key agreement protocol.","type":"boolean"},"keyEncipherment":{"description":"The key may be used to encipher other keys.","type":"boolean"}}},"extendedKeyUsage":{"description":"Detailed scenarios in which a key may be used.","type":"object","properties":{"clientAuth":{"description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","type":"boolean"},"codeSigning":{"description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","type":"boolean"},"emailProtection":{"description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","type":"boolean"},"ocspSigning":{"description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","type":"boolean"},"serverAuth":{"description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","type":"boolean"},"timeStamping":{"description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","type":"boolean"}}},"unknownExtendedKeyUsages":{"description":"Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.","type":"array","items":{"type":"object","properties":{"objectIdPath":{"description":"Required. The parts of an OID path. The most significant parts of the path come first.","type":"array","items":{"type":"integer","format":"int64"}}}}}}},"policyIds":{"description":"Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","type":"array","items":{"type":"object","properties":{"objectIdPath":{"description":"Required. The parts of an OID path. The most significant parts of the path come first.","type":"array","items":{"type":"integer","format":"int64"}}}}}}}}},"conditions":{"description":"Conditions represent the latest available observation of the resource's current state.","type":"array","items":{"type":"object","properties":{"lastTransitionTime":{"description":"Last time the condition transitioned from one status to another.","type":"string"},"message":{"description":"Human-readable message indicating details about last transition.","type":"string"},"reason":{"description":"Unique, one-word, CamelCase reason for the condition's last transition.","type":"string"},"status":{"description":"Status is the status of the condition. Can be True, False, Unknown.","type":"string"},"type":{"description":"Type is the type of the condition.","type":"string"}}}},"createTime":{"description":"Output only. The time at which this Certificate was created.","type":"string","format":"date-time"},"issuerCertificateAuthority":{"description":"Output only. The resource name of the issuing CertificateAuthority in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.","type":"string"},"observedGeneration":{"description":"ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.","type":"integer"},"pemCertificate":{"description":"Output only. The pem-encoded, signed X.509 certificate.","type":"string"},"pemCertificateChain":{"description":"Output only. The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.","type":"array","items":{"type":"string"}},"revocationDetails":{"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.","type":"object","properties":{"revocationState":{"description":"Indicates why a Certificate was revoked. Possible values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE","type":"string"},"revocationTime":{"description":"The time at which this Certificate was revoked.","type":"string","format":"date-time"}}},"updateTime":{"description":"Output only. The time at which this Certificate was updated.","type":"string","format":"date-time"}}}},"x-kubernetes-group-version-kind":[{"group":"privateca.cnrm.cloud.google.com","kind":"PrivateCACertificate","version":"v1beta1"}]},"com.google.cloud.cnrm.privateca.v1beta1.PrivateCACertificateList":{"description":"PrivateCACertificateList is a list of PrivateCACertificate","type":"object","required":["items"],"properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"items":{"description":"List of privatecacertificates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md","type":"array","items":{"$ref":"#/components/schemas/com.google.cloud.cnrm.privateca.v1beta1.PrivateCACertificate"}},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"description":"Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","allOf":[{"$ref":"#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"}]}},"x-kubernetes-group-version-kind":[{"group":"privateca.cnrm.cloud.google.com","kind":"PrivateCACertificateList","version":"v1beta1"}]},"io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1":{"description":"FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:\u003cname\u003e', where \u003cname\u003e is the name of a field in a struct, or key in a map 'v:\u003cvalue\u003e', where \u003cvalue\u003e is the exact json formatted value of a list item 'i:\u003cindex\u003e', where \u003cindex\u003e is position of a item in a list 'k:\u003ckeys\u003e', where \u003ckeys\u003e is a map of  a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff","type":"object"},"io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta":{"description":"ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.","type":"object","properties":{"continue":{"description":"continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.","type":"string"},"remainingItemCount":{"description":"remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.","type":"integer","format":"int64"},"resourceVersion":{"description":"String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency","type":"string"},"selfLink":{"description":"Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.","type":"string"}}},"io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry":{"description":"ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.","type":"object","properties":{"apiVersion":{"description":"APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.","type":"string"},"fieldsType":{"description":"FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"","type":"string"},"fieldsV1":{"description":"FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type.","allOf":[{"$ref":"#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1"}]},"manager":{"description":"Manager is an identifier of the workflow managing these fields.","type":"string"},"operation":{"description":"Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.","type":"string"},"subresource":{"description":"Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.","type":"string"},"time":{"description":"Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over.","allOf":[{"$ref":"#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time"}]}}},"io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta":{"description":"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.","type":"object","properties":{"annotations":{"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object","additionalProperties":{"type":"string","default":""}},"creationTimestamp":{"description":"CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata","default":{},"allOf":[{"$ref":"#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time"}]},"deletionGracePeriodSeconds":{"description":"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.","type":"integer","format":"int64"},"deletionTimestamp":{"description":"DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata","allOf":[{"$ref":"#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time"}]},"finalizers":{"description":"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.","type":"array","items":{"type":"string","default":""},"x-kubernetes-patch-strategy":"merge"},"generateName":{"description":"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will return a 409.\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency","type":"string"},"generation":{"description":"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.","type":"integer","format":"int64"},"labels":{"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object","additionalProperties":{"type":"string","default":""}},"managedFields":{"description":"ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.","type":"array","items":{"default":{},"allOf":[{"$ref":"#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry"}]}},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"},"namespace":{"description":"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces","type":"string"},"ownerReferences":{"description":"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.","type":"array","items":{"default":{},"allOf":[{"$ref":"#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference"}]},"x-kubernetes-patch-merge-key":"uid","x-kubernetes-patch-strategy":"merge"},"resourceVersion":{"description":"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency","type":"string"},"selfLink":{"description":"Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.","type":"string"},"uid":{"description":"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids","type":"string"}}},"io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference":{"description":"OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.","type":"object","required":["apiVersion","kind","name","uid"],"properties":{"apiVersion":{"description":"API version of the referent.","type":"string","default":""},"blockOwnerDeletion":{"description":"If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.","type":"boolean"},"controller":{"description":"If true, this reference points to the managing controller.","type":"boolean"},"kind":{"description":"Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string","default":""},"name":{"description":"Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string","default":""},"uid":{"description":"UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids","type":"string","default":""}},"x-kubernetes-map-type":"atomic"},"io.k8s.apimachinery.pkg.apis.meta.v1.Time":{"description":"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON.  Wrappers are provided for many of the factory methods that the time package offers.","type":"string","format":"date-time"}}}}