Add new fields to the internal API types

Signed-off-by: Richard Wall <[email protected]>

Author: wallrj-cyberark

pkg/convert/internal/apis/acme/types_issuer.go

@@ -102,6 +102,11 @@ type ACMEIssuer struct {
 	// it, it will create an error on the Order.
 	// Defaults to false.
 	EnableDurationFeature bool
+
+	// Profile allows requesting a certificate profile from the ACME server.
+	// Supported profiles are listed by the server's ACME directory URL.
+	// +optional
+	Profile string `json:"profile,omitempty"`
 }
 
 // ACMEExternalAccountBinding is a reference to a CA external account of the ACME

pkg/convert/internal/apis/acme/types_order.go

@@ -74,6 +74,11 @@ type OrderSpec struct {
 	// Duration is the duration for the not after date for the requested certificate.
 	// this is set on order creation as pe the ACME spec.
 	Duration *metav1.Duration
+
+	// Profile allows requesting a certificate profile from the ACME server.
+	// Supported profiles are listed by the server's ACME directory URL.
+	// +optional
+	Profile string `json:"profile,omitempty"`
 }
 
 type OrderStatus struct {

pkg/convert/internal/apis/acme/v1alpha2/types_issuer.go

@@ -112,6 +112,11 @@ type ACMEIssuer struct {
 	// Defaults to false.
 	// +optional
 	EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
+
+	// Profile allows requesting a certificate profile from the ACME server.
+	// Supported profiles are listed by the server's ACME directory URL.
+	// +optional
+	Profile string `json:"profile,omitempty"`
 }
 
 // ACMEExternalAccountBinding is a reference to a CA external account of the ACME

pkg/convert/internal/apis/acme/v1alpha2/types_order.go

@@ -79,6 +79,11 @@ type OrderSpec struct {
 	// this is set on order creation as pe the ACME spec.
 	// +optional
 	Duration *metav1.Duration `json:"duration,omitempty"`
+
+	// Profile allows requesting a certificate profile from the ACME server.
+	// Supported profiles are listed by the server's ACME directory URL.
+	// +optional
+	Profile string `json:"profile,omitempty"`
 }
 
 type OrderStatus struct {

pkg/convert/internal/apis/acme/v1alpha3/types_issuer.go

@@ -112,6 +112,11 @@ type ACMEIssuer struct {
 	// Defaults to false.
 	// +optional
 	EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
+
+	// Profile allows requesting a certificate profile from the ACME server.
+	// Supported profiles are listed by the server's ACME directory URL.
+	// +optional
+	Profile string `json:"profile,omitempty"`
 }
 
 // ACMEExternalAccountBinding is a reference to a CA external account of the ACME

pkg/convert/internal/apis/acme/v1alpha3/types_order.go

@@ -79,6 +79,11 @@ type OrderSpec struct {
 	// this is set on order creation as pe the ACME spec.
 	// +optional
 	Duration *metav1.Duration `json:"duration,omitempty"`
+
+	// Profile allows requesting a certificate profile from the ACME server.
+	// Supported profiles are listed by the server's ACME directory URL.
+	// +optional
+	Profile string `json:"profile,omitempty"`
 }
 
 type OrderStatus struct {

pkg/convert/internal/apis/acme/v1beta1/types_issuer.go

@@ -112,6 +112,11 @@ type ACMEIssuer struct {
 	// Defaults to false.
 	// +optional
 	EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
+
+	// Profile allows requesting a certificate profile from the ACME server.
+	// Supported profiles are listed by the server's ACME directory URL.
+	// +optional
+	Profile string `json:"profile,omitempty"`
 }
 
 // ACMEExternalAccountBinding is a reference to a CA external account of the ACME

pkg/convert/internal/apis/acme/v1beta1/types_order.go

@@ -80,6 +80,11 @@ type OrderSpec struct {
 	// this is set on order creation as pe the ACME spec.
 	// +optional
 	Duration *metav1.Duration `json:"duration,omitempty"`
+
+	// Profile allows requesting a certificate profile from the ACME server.
+	// Supported profiles are listed by the server's ACME directory URL.
+	// +optional
+	Profile string `json:"profile,omitempty"`
 }
 
 type OrderStatus struct {

pkg/convert/internal/apis/certmanager/types_certificate.go

@@ -89,6 +89,19 @@ const (
 	PKCS8 PrivateKeyEncoding = "PKCS8"
 )
 
+// +kubebuilder:validation:Enum=SHA256WithRSA;SHA384WithRSA;SHA512WithRSA;ECDSAWithSHA256;ECDSAWithSHA384;ECDSAWithSHA512;PureEd25519
+type SignatureAlgorithm string
+
+const (
+	SHA256WithRSA   SignatureAlgorithm = "SHA256WithRSA"
+	SHA384WithRSA   SignatureAlgorithm = "SHA384WithRSA"
+	SHA512WithRSA   SignatureAlgorithm = "SHA512WithRSA"
+	ECDSAWithSHA256 SignatureAlgorithm = "ECDSAWithSHA256"
+	ECDSAWithSHA384 SignatureAlgorithm = "ECDSAWithSHA384"
+	ECDSAWithSHA512 SignatureAlgorithm = "ECDSAWithSHA512"
+	PureEd25519     SignatureAlgorithm = "PureEd25519"
+)
+
 // CertificateSpec defines the desired state of Certificate.
 //
 // NOTE: The specification contains a lot of "requested" certificate attributes, it is
@@ -236,6 +249,13 @@ type CertificateSpec struct {
 	// encoding and the rotation policy.
 	PrivateKey *CertificatePrivateKey
 
+	// Signature algorithm to use.
+	// Allowed values for RSA keys: SHA256WithRSA, SHA384WithRSA, SHA512WithRSA.
+	// Allowed values for ECDSA keys: ECDSAWithSHA256, ECDSAWithSHA384, ECDSAWithSHA512.
+	// Allowed values for Ed25519 keys: PureEd25519.
+	// +optional
+	SignatureAlgorithm SignatureAlgorithm `json:"signatureAlgorithm,omitempty"`
+
 	// Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR.
 	//
 	// This option defaults to true, and should only be disabled if the target

pkg/convert/internal/apis/certmanager/types_issuer.go

@@ -179,6 +179,11 @@ type VaultIssuer struct {
 	// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
 	Server string
 
+	// ServerName is used to verify the hostname on the returned certificates
+	// by the Vault server.
+	// +optional
+	ServerName string `json:"serverName,omitempty"`
+
 	// Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g:
 	// "my_pki_mount/sign/my-role-name".
 	Path string