189 lines
9.0 KiB
JSON
189 lines
9.0 KiB
JSON
{
|
|
"description": "Order is a type to represent an Order with an ACME server",
|
|
"type": "object",
|
|
"required": [
|
|
"metadata",
|
|
"spec"
|
|
],
|
|
"properties": {
|
|
"apiVersion": {
|
|
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
|
|
"type": "string"
|
|
},
|
|
"kind": {
|
|
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
|
|
"type": "string"
|
|
},
|
|
"metadata": {
|
|
"type": "object"
|
|
},
|
|
"spec": {
|
|
"type": "object",
|
|
"required": [
|
|
"issuerRef",
|
|
"request"
|
|
],
|
|
"properties": {
|
|
"commonName": {
|
|
"description": "CommonName is the common name as specified on the DER encoded CSR.\nIf specified, this value must also be present in `dnsNames` or `ipAddresses`.\nThis field must match the corresponding field on the DER encoded CSR.",
|
|
"type": "string"
|
|
},
|
|
"dnsNames": {
|
|
"description": "DNSNames is a list of DNS names that should be included as part of the Order\nvalidation process.\nThis field must match the corresponding field on the DER encoded CSR.",
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"duration": {
|
|
"description": "Duration is the duration for the not after date for the requested certificate.\nthis is set on order creation as pe the ACME spec.",
|
|
"type": "string"
|
|
},
|
|
"ipAddresses": {
|
|
"description": "IPAddresses is a list of IP addresses that should be included as part of the Order\nvalidation process.\nThis field must match the corresponding field on the DER encoded CSR.",
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"issuerRef": {
|
|
"description": "IssuerRef references a properly configured ACME-type Issuer which should\nbe used to create this Order.\nIf the Issuer does not exist, processing will be retried.\nIf the Issuer is not an 'ACME' Issuer, an error will be returned and the\nOrder will be marked as failed.",
|
|
"type": "object",
|
|
"required": [
|
|
"name"
|
|
],
|
|
"properties": {
|
|
"group": {
|
|
"description": "Group of the resource being referred to.",
|
|
"type": "string"
|
|
},
|
|
"kind": {
|
|
"description": "Kind of the resource being referred to.",
|
|
"type": "string"
|
|
},
|
|
"name": {
|
|
"description": "Name of the resource being referred to.",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"request": {
|
|
"description": "Certificate signing request bytes in DER encoding.\nThis will be used when finalizing the order.\nThis field must be set on the order.",
|
|
"type": "string",
|
|
"format": "byte"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"status": {
|
|
"type": "object",
|
|
"properties": {
|
|
"authorizations": {
|
|
"description": "Authorizations contains data returned from the ACME server on what\nauthorizations must be completed in order to validate the DNS names\nspecified on the Order.",
|
|
"type": "array",
|
|
"items": {
|
|
"description": "ACMEAuthorization contains data returned from the ACME server on an\nauthorization that must be completed in order validate a DNS name on an ACME\nOrder resource.",
|
|
"type": "object",
|
|
"required": [
|
|
"url"
|
|
],
|
|
"properties": {
|
|
"challenges": {
|
|
"description": "Challenges specifies the challenge types offered by the ACME server.\nOne of these challenge types will be selected when validating the DNS\nname and an appropriate Challenge resource will be created to perform\nthe ACME challenge process.",
|
|
"type": "array",
|
|
"items": {
|
|
"description": "Challenge specifies a challenge offered by the ACME server for an Order.\nAn appropriate Challenge resource can be created to perform the ACME\nchallenge process.",
|
|
"type": "object",
|
|
"required": [
|
|
"token",
|
|
"type",
|
|
"url"
|
|
],
|
|
"properties": {
|
|
"token": {
|
|
"description": "Token is the token that must be presented for this challenge.\nThis is used to compute the 'key' that must also be presented.",
|
|
"type": "string"
|
|
},
|
|
"type": {
|
|
"description": "Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',\n'tls-sni-01', etc.\nThis is the raw value retrieved from the ACME server.\nOnly 'http-01' and 'dns-01' are supported by cert-manager, other values\nwill be ignored.",
|
|
"type": "string"
|
|
},
|
|
"url": {
|
|
"description": "URL is the URL of this challenge. It can be used to retrieve additional\nmetadata about the Challenge from the ACME server.",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"identifier": {
|
|
"description": "Identifier is the DNS name to be validated as part of this authorization",
|
|
"type": "string"
|
|
},
|
|
"initialState": {
|
|
"description": "InitialState is the initial state of the ACME authorization when first\nfetched from the ACME server.\nIf an Authorization is already 'valid', the Order controller will not\ncreate a Challenge resource for the authorization. This will occur when\nworking with an ACME server that enables 'authz reuse' (such as Let's\nEncrypt's production endpoint).\nIf not set and 'identifier' is set, the state is assumed to be pending\nand a Challenge will be created.",
|
|
"type": "string",
|
|
"enum": [
|
|
"valid",
|
|
"ready",
|
|
"pending",
|
|
"processing",
|
|
"invalid",
|
|
"expired",
|
|
"errored"
|
|
]
|
|
},
|
|
"url": {
|
|
"description": "URL is the URL of the Authorization that must be completed",
|
|
"type": "string"
|
|
},
|
|
"wildcard": {
|
|
"description": "Wildcard will be true if this authorization is for a wildcard DNS name.\nIf this is true, the identifier will be the *non-wildcard* version of\nthe DNS name.\nFor example, if '*.example.com' is the DNS name being validated, this\nfield will be 'true' and the 'identifier' field will be 'example.com'.",
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"certificate": {
|
|
"description": "Certificate is a copy of the PEM encoded certificate for this Order.\nThis field will be populated after the order has been successfully\nfinalized with the ACME server, and the order has transitioned to the\n'valid' state.",
|
|
"type": "string",
|
|
"format": "byte"
|
|
},
|
|
"failureTime": {
|
|
"description": "FailureTime stores the time that this order failed.\nThis is used to influence garbage collection and back-off.",
|
|
"type": "string",
|
|
"format": "date-time"
|
|
},
|
|
"finalizeURL": {
|
|
"description": "FinalizeURL of the Order.\nThis is used to obtain certificates for this order once it has been completed.",
|
|
"type": "string"
|
|
},
|
|
"reason": {
|
|
"description": "Reason optionally provides more information about a why the order is in\nthe current state.",
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"description": "State contains the current state of this Order resource.\nStates 'success' and 'expired' are 'final'",
|
|
"type": "string",
|
|
"enum": [
|
|
"valid",
|
|
"ready",
|
|
"pending",
|
|
"processing",
|
|
"invalid",
|
|
"expired",
|
|
"errored"
|
|
]
|
|
},
|
|
"url": {
|
|
"description": "URL of the Order.\nThis will initially be empty when the resource is first created.\nThe Order controller will populate this field when the Order is first processed.\nThis field will be immutable after it is initially set.",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
}
|