# coding: utf-8 """ Kubernetes No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator) # noqa: E501 The version of the OpenAPI document: release-1.35 Generated by: https://openapi-generator.tech """ import pprint import re # noqa: F401 import six from kubernetes.client.configuration import Configuration class V1beta1PodCertificateRequestSpec(object): """NOTE: This class is auto generated by OpenAPI Generator. Ref: https://openapi-generator.tech Do not edit the class manually. """ """ Attributes: openapi_types (dict): The key is attribute name and the value is attribute type. attribute_map (dict): The key is attribute name and the value is json key in definition. """ openapi_types = { 'max_expiration_seconds': 'int', 'node_name': 'str', 'node_uid': 'str', 'pkix_public_key': 'str', 'pod_name': 'str', 'pod_uid': 'str', 'proof_of_possession': 'str', 'service_account_name': 'str', 'service_account_uid': 'str', 'signer_name': 'str', 'unverified_user_annotations': 'dict(str, str)' } attribute_map = { 'max_expiration_seconds': 'maxExpirationSeconds', 'node_name': 'nodeName', 'node_uid': 'nodeUID', 'pkix_public_key': 'pkixPublicKey', 'pod_name': 'podName', 'pod_uid': 'podUID', 'proof_of_possession': 'proofOfPossession', 'service_account_name': 'serviceAccountName', 'service_account_uid': 'serviceAccountUID', 'signer_name': 'signerName', 'unverified_user_annotations': 'unverifiedUserAnnotations' } def __init__(self, max_expiration_seconds=None, node_name=None, node_uid=None, pkix_public_key=None, pod_name=None, pod_uid=None, proof_of_possession=None, service_account_name=None, service_account_uid=None, signer_name=None, unverified_user_annotations=None, local_vars_configuration=None): # noqa: E501 """V1beta1PodCertificateRequestSpec - a model defined in OpenAPI""" # noqa: E501 if local_vars_configuration is None: local_vars_configuration = Configuration() self.local_vars_configuration = local_vars_configuration self._max_expiration_seconds = None self._node_name = None self._node_uid = None self._pkix_public_key = None self._pod_name = None self._pod_uid = None self._proof_of_possession = None self._service_account_name = None self._service_account_uid = None self._signer_name = None self._unverified_user_annotations = None self.discriminator = None if max_expiration_seconds is not None: self.max_expiration_seconds = max_expiration_seconds self.node_name = node_name self.node_uid = node_uid self.pkix_public_key = pkix_public_key self.pod_name = pod_name self.pod_uid = pod_uid self.proof_of_possession = proof_of_possession self.service_account_name = service_account_name self.service_account_uid = service_account_uid self.signer_name = signer_name if unverified_user_annotations is not None: self.unverified_user_annotations = unverified_user_annotations @property def max_expiration_seconds(self): """Gets the max_expiration_seconds of this V1beta1PodCertificateRequestSpec. # noqa: E501 maxExpirationSeconds is the maximum lifetime permitted for the certificate. If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days). The signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours. # noqa: E501 :return: The max_expiration_seconds of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: int """ return self._max_expiration_seconds @max_expiration_seconds.setter def max_expiration_seconds(self, max_expiration_seconds): """Sets the max_expiration_seconds of this V1beta1PodCertificateRequestSpec. maxExpirationSeconds is the maximum lifetime permitted for the certificate. If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days). The signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours. # noqa: E501 :param max_expiration_seconds: The max_expiration_seconds of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: int """ self._max_expiration_seconds = max_expiration_seconds @property def node_name(self): """Gets the node_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 nodeName is the name of the node the pod is assigned to. # noqa: E501 :return: The node_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: str """ return self._node_name @node_name.setter def node_name(self, node_name): """Sets the node_name of this V1beta1PodCertificateRequestSpec. nodeName is the name of the node the pod is assigned to. # noqa: E501 :param node_name: The node_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: str """ if self.local_vars_configuration.client_side_validation and node_name is None: # noqa: E501 raise ValueError("Invalid value for `node_name`, must not be `None`") # noqa: E501 self._node_name = node_name @property def node_uid(self): """Gets the node_uid of this V1beta1PodCertificateRequestSpec. # noqa: E501 nodeUID is the UID of the node the pod is assigned to. # noqa: E501 :return: The node_uid of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: str """ return self._node_uid @node_uid.setter def node_uid(self, node_uid): """Sets the node_uid of this V1beta1PodCertificateRequestSpec. nodeUID is the UID of the node the pod is assigned to. # noqa: E501 :param node_uid: The node_uid of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: str """ if self.local_vars_configuration.client_side_validation and node_uid is None: # noqa: E501 raise ValueError("Invalid value for `node_uid`, must not be `None`") # noqa: E501 self._node_uid = node_uid @property def pkix_public_key(self): """Gets the pkix_public_key of this V1beta1PodCertificateRequestSpec. # noqa: E501 pkixPublicKey is the PKIX-serialized public key the signer will issue the certificate to. The key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in the future. Signer implementations do not need to support all key types supported by kube-apiserver and kubelet. If a signer does not support the key type used for a given PodCertificateRequest, it must deny the request by setting a status.conditions entry with a type of \"Denied\" and a reason of \"UnsupportedKeyType\". It may also suggest a key type that it does support in the message field. # noqa: E501 :return: The pkix_public_key of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: str """ return self._pkix_public_key @pkix_public_key.setter def pkix_public_key(self, pkix_public_key): """Sets the pkix_public_key of this V1beta1PodCertificateRequestSpec. pkixPublicKey is the PKIX-serialized public key the signer will issue the certificate to. The key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or ED25519. Note that this list may be expanded in the future. Signer implementations do not need to support all key types supported by kube-apiserver and kubelet. If a signer does not support the key type used for a given PodCertificateRequest, it must deny the request by setting a status.conditions entry with a type of \"Denied\" and a reason of \"UnsupportedKeyType\". It may also suggest a key type that it does support in the message field. # noqa: E501 :param pkix_public_key: The pkix_public_key of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: str """ if self.local_vars_configuration.client_side_validation and pkix_public_key is None: # noqa: E501 raise ValueError("Invalid value for `pkix_public_key`, must not be `None`") # noqa: E501 if (self.local_vars_configuration.client_side_validation and pkix_public_key is not None and not re.search(r'^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$', pkix_public_key)): # noqa: E501 raise ValueError(r"Invalid value for `pkix_public_key`, must be a follow pattern or equal to `/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/`") # noqa: E501 self._pkix_public_key = pkix_public_key @property def pod_name(self): """Gets the pod_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 podName is the name of the pod into which the certificate will be mounted. # noqa: E501 :return: The pod_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: str """ return self._pod_name @pod_name.setter def pod_name(self, pod_name): """Sets the pod_name of this V1beta1PodCertificateRequestSpec. podName is the name of the pod into which the certificate will be mounted. # noqa: E501 :param pod_name: The pod_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: str """ if self.local_vars_configuration.client_side_validation and pod_name is None: # noqa: E501 raise ValueError("Invalid value for `pod_name`, must not be `None`") # noqa: E501 self._pod_name = pod_name @property def pod_uid(self): """Gets the pod_uid of this V1beta1PodCertificateRequestSpec. # noqa: E501 podUID is the UID of the pod into which the certificate will be mounted. # noqa: E501 :return: The pod_uid of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: str """ return self._pod_uid @pod_uid.setter def pod_uid(self, pod_uid): """Sets the pod_uid of this V1beta1PodCertificateRequestSpec. podUID is the UID of the pod into which the certificate will be mounted. # noqa: E501 :param pod_uid: The pod_uid of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: str """ if self.local_vars_configuration.client_side_validation and pod_uid is None: # noqa: E501 raise ValueError("Invalid value for `pod_uid`, must not be `None`") # noqa: E501 self._pod_uid = pod_uid @property def proof_of_possession(self): """Gets the proof_of_possession of this V1beta1PodCertificateRequestSpec. # noqa: E501 proofOfPossession proves that the requesting kubelet holds the private key corresponding to pkixPublicKey. It is contructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`. kube-apiserver validates the proof of possession during creation of the PodCertificateRequest. If the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options). If the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1) If the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign). # noqa: E501 :return: The proof_of_possession of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: str """ return self._proof_of_possession @proof_of_possession.setter def proof_of_possession(self, proof_of_possession): """Sets the proof_of_possession of this V1beta1PodCertificateRequestSpec. proofOfPossession proves that the requesting kubelet holds the private key corresponding to pkixPublicKey. It is contructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`. kube-apiserver validates the proof of possession during creation of the PodCertificateRequest. If the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options). If the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1) If the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign). # noqa: E501 :param proof_of_possession: The proof_of_possession of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: str """ if self.local_vars_configuration.client_side_validation and proof_of_possession is None: # noqa: E501 raise ValueError("Invalid value for `proof_of_possession`, must not be `None`") # noqa: E501 if (self.local_vars_configuration.client_side_validation and proof_of_possession is not None and not re.search(r'^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$', proof_of_possession)): # noqa: E501 raise ValueError(r"Invalid value for `proof_of_possession`, must be a follow pattern or equal to `/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/`") # noqa: E501 self._proof_of_possession = proof_of_possession @property def service_account_name(self): """Gets the service_account_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 serviceAccountName is the name of the service account the pod is running as. # noqa: E501 :return: The service_account_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: str """ return self._service_account_name @service_account_name.setter def service_account_name(self, service_account_name): """Sets the service_account_name of this V1beta1PodCertificateRequestSpec. serviceAccountName is the name of the service account the pod is running as. # noqa: E501 :param service_account_name: The service_account_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: str """ if self.local_vars_configuration.client_side_validation and service_account_name is None: # noqa: E501 raise ValueError("Invalid value for `service_account_name`, must not be `None`") # noqa: E501 self._service_account_name = service_account_name @property def service_account_uid(self): """Gets the service_account_uid of this V1beta1PodCertificateRequestSpec. # noqa: E501 serviceAccountUID is the UID of the service account the pod is running as. # noqa: E501 :return: The service_account_uid of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: str """ return self._service_account_uid @service_account_uid.setter def service_account_uid(self, service_account_uid): """Sets the service_account_uid of this V1beta1PodCertificateRequestSpec. serviceAccountUID is the UID of the service account the pod is running as. # noqa: E501 :param service_account_uid: The service_account_uid of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: str """ if self.local_vars_configuration.client_side_validation and service_account_uid is None: # noqa: E501 raise ValueError("Invalid value for `service_account_uid`, must not be `None`") # noqa: E501 self._service_account_uid = service_account_uid @property def signer_name(self): """Gets the signer_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 signerName indicates the requested signer. All signer names beginning with `kubernetes.io` are reserved for use by the Kubernetes project. There is currently one well-known signer documented by the Kubernetes project, `kubernetes.io/kube-apiserver-client-pod`, which will issue client certificates understood by kube-apiserver. It is currently unimplemented. # noqa: E501 :return: The signer_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: str """ return self._signer_name @signer_name.setter def signer_name(self, signer_name): """Sets the signer_name of this V1beta1PodCertificateRequestSpec. signerName indicates the requested signer. All signer names beginning with `kubernetes.io` are reserved for use by the Kubernetes project. There is currently one well-known signer documented by the Kubernetes project, `kubernetes.io/kube-apiserver-client-pod`, which will issue client certificates understood by kube-apiserver. It is currently unimplemented. # noqa: E501 :param signer_name: The signer_name of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: str """ if self.local_vars_configuration.client_side_validation and signer_name is None: # noqa: E501 raise ValueError("Invalid value for `signer_name`, must not be `None`") # noqa: E501 self._signer_name = signer_name @property def unverified_user_annotations(self): """Gets the unverified_user_annotations of this V1beta1PodCertificateRequestSpec. # noqa: E501 unverifiedUserAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way. Entries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field. Signers should document the keys and values they support. Signers should deny requests that contain keys they do not recognize. # noqa: E501 :return: The unverified_user_annotations of this V1beta1PodCertificateRequestSpec. # noqa: E501 :rtype: dict(str, str) """ return self._unverified_user_annotations @unverified_user_annotations.setter def unverified_user_annotations(self, unverified_user_annotations): """Sets the unverified_user_annotations of this V1beta1PodCertificateRequestSpec. unverifiedUserAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way. Entries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field. Signers should document the keys and values they support. Signers should deny requests that contain keys they do not recognize. # noqa: E501 :param unverified_user_annotations: The unverified_user_annotations of this V1beta1PodCertificateRequestSpec. # noqa: E501 :type: dict(str, str) """ self._unverified_user_annotations = unverified_user_annotations def to_dict(self): """Returns the model properties as a dict""" result = {} for attr, _ in six.iteritems(self.openapi_types): value = getattr(self, attr) if isinstance(value, list): result[attr] = list(map( lambda x: x.to_dict() if hasattr(x, "to_dict") else x, value )) elif hasattr(value, "to_dict"): result[attr] = value.to_dict() elif isinstance(value, dict): result[attr] = dict(map( lambda item: (item[0], item[1].to_dict()) if hasattr(item[1], "to_dict") else item, value.items() )) else: result[attr] = value return result def to_str(self): """Returns the string representation of the model""" return pprint.pformat(self.to_dict()) def __repr__(self): """For `print` and `pprint`""" return self.to_str() def __eq__(self, other): """Returns true if both objects are equal""" if not isinstance(other, V1beta1PodCertificateRequestSpec): return False return self.to_dict() == other.to_dict() def __ne__(self, other): """Returns true if both objects are not equal""" if not isinstance(other, V1beta1PodCertificateRequestSpec): return True return self.to_dict() != other.to_dict()