feat: Update cert-manager to 1.5.3

README.md

@@ -127,7 +127,7 @@ Kubernetes Retrofit2 based Java client to be used with kubernetes-api or any of
 ](https://javadoc.io/doc/com.marcnuri.yakc.apis/cert-manager)
 
 [Retrofit](https://square.github.io/retrofit/) API client Java interfaces for
-[Kubernetes cert-manager](https://cert-manager.io/) (1.0.4 - 1.4.3).
+[Kubernetes cert-manager](https://cert-manager.io/) (1.0.4 - 1.5.3).
 
 cert-manager provides support for x509 certificate management for Kubernetes. It's a Kubernetes
 add-on that automates the management and issuance of TLS certificates, making it very easy

apis/cert-manager/build.gradle

@@ -24,7 +24,8 @@ def availableSchemaNames = Arrays.asList(
   "cert-manager-1.0.4.json",
   "cert-manager-1.1.1.json",
   "cert-manager-1.2.0.json",
-  "cert-manager-1.4.3.json"
+  "cert-manager-1.4.3.json",
+  "cert-manager-1.5.3.json"
 )
 def availableSchemas = availableSchemaNames.stream()
     .map { s -> new File(schemaDir, s) }

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/CertificateSpec.java

@@ -113,6 +113,9 @@ public class CertificateSpec implements Model {
   @JsonProperty("secretName")
   private String secretName;
 
+  @JsonProperty("secretTemplate")
+  private CertificateSpecSecretTemplate secretTemplate;
+
   @JsonProperty("subject")
   private CertificateSpecSubject subject;
 

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/CertificateSpecPrivateKey.java

@@ -37,7 +37,7 @@ public class CertificateSpecPrivateKey implements Model {
 
 
   /**
-   * Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm.
+   * Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm.
    */
   @JsonProperty("algorithm")
   private String algorithm;
@@ -55,7 +55,7 @@ public class CertificateSpecPrivateKey implements Model {
   private String rotationPolicy;
 
   /**
-   * Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. No other values are allowed.
+   * Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed.
    */
   @JsonProperty("size")
   private Number size;

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/CertificateSpecSecretTemplate.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2020 Marc Nuri
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.marcnuri.yakc.model.io.certmanager.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.marcnuri.yakc.model.Model;
+import java.util.Map;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import lombok.Singular;
+import lombok.ToString;
+
+/**
+ * SecretTemplate defines annotations and labels to be propagated to the Kubernetes Secret when it is created or updated. Once created, labels and annotations are not yet removed from the Secret when they are removed from the template. See https://github.com/jetstack/cert-manager/issues/4292
+ */
+@SuppressWarnings({"squid:S1192", "WeakerAccess", "unused"})
+@Builder(toBuilder = true, builderClassName = "Builder")
+@AllArgsConstructor
+@NoArgsConstructor
+@Data
+@ToString
+public class CertificateSpecSecretTemplate implements Model {
+
+
+  /**
+   * Annotations is a key value map to be copied to the target Kubernetes Secret.
+   */
+  @JsonProperty("annotations")
+  @Singular(value = "putInAnnotations", ignoreNullCollections = true)
+  private Map<String, String> annotations;
+
+  /**
+   * Labels is a key value map to be copied to the target Kubernetes Secret.
+   */
+  @JsonProperty("labels")
+  @Singular(value = "putInLabels", ignoreNullCollections = true)
+  private Map<String, String> labels;
+
+}
+

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeExternalAccountBinding.java

@@ -38,9 +38,8 @@ public class ClusterIssuerSpecAcmeExternalAccountBinding implements Model {
 
 
   /**
-   * keyAlgorithm is the MAC key algorithm that the key is used for. Valid values are "HS256", "HS384" and "HS512".
+   * Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.
    */
-  @NonNull
   @JsonProperty("keyAlgorithm")
   private String keyAlgorithm;
 

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeHttp01.java

@@ -36,6 +36,9 @@
 public class ClusterIssuerSpecAcmeHttp01 implements Model {
 
 
+  @JsonProperty("gatewayHTTPRoute")
+  private ClusterIssuerSpecAcmeHttp01GatewayHTTPRoute gatewayHTTPRoute;
+
   @JsonProperty("ingress")
   private ClusterIssuerSpecAcmeHttp01Ingress ingress;
 

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeHttp01GatewayHTTPRoute.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright 2020 Marc Nuri
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.marcnuri.yakc.model.io.certmanager.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.marcnuri.yakc.model.Model;
+import java.util.Map;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import lombok.Singular;
+import lombok.ToString;
+
+/**
+ * The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.
+ */
+@SuppressWarnings({"squid:S1192", "WeakerAccess", "unused"})
+@Builder(toBuilder = true, builderClassName = "Builder")
+@AllArgsConstructor
+@NoArgsConstructor
+@Data
+@ToString
+public class ClusterIssuerSpecAcmeHttp01GatewayHTTPRoute implements Model {
+
+
+  /**
+   * The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.
+   */
+  @JsonProperty("labels")
+  @Singular(value = "putInLabels", ignoreNullCollections = true)
+  private Map<String, String> labels;
+
+  /**
+   * Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
+   */
+  @JsonProperty("serviceType")
+  private String serviceType;
+
+}
+

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeHttp01Ingress.java

@@ -55,7 +55,7 @@ public class ClusterIssuerSpecAcmeHttp01Ingress implements Model {
   private ClusterIssuerSpecAcmeHttp01IngressPodTemplate podTemplate;
 
   /**
-   * Optional service type for Kubernetes solver service
+   * Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
    */
   @JsonProperty("serviceType")
   private String serviceType;

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeHttp01IngressIngressTemplate.java

@@ -25,7 +25,7 @@
 import lombok.ToString;
 
 /**
- * Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges
+ * Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.
  */
 @SuppressWarnings({"squid:S1192", "WeakerAccess", "unused"})
 @Builder(toBuilder = true, builderClassName = "Builder")

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeHttp01IngressPodTemplate.java

@@ -25,7 +25,7 @@
 import lombok.ToString;
 
 /**
- * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges
+ * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.
  */
 @SuppressWarnings({"squid:S1192", "WeakerAccess", "unused"})
 @Builder(toBuilder = true, builderClassName = "Builder")

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinityPodAffinityTerm.java

@@ -42,8 +42,11 @@ public class ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinit
   @JsonProperty("labelSelector")
   private ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinityPodAffinityTermLabelSelector labelSelector;
 
+  @JsonProperty("namespaceSelector")
+  private ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinityPodAffinityTermNamespaceSelector namespaceSelector;
+
   /**
-   * namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace"
+   * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
    */
   @JsonProperty("namespaces")
   @Singular(value = "addToNamespaces", ignoreNullCollections = true)

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinityPodAffinityTermNamespaceSelector.java

@@ -0,0 +1,57 @@
+/*
+ * Copyright 2020 Marc Nuri
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.marcnuri.yakc.model.io.certmanager.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.marcnuri.yakc.model.Model;
+import java.util.List;
+import java.util.Map;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import lombok.Singular;
+import lombok.ToString;
+
+/**
+ * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ */
+@SuppressWarnings({"squid:S1192", "WeakerAccess", "unused"})
+@Builder(toBuilder = true, builderClassName = "Builder")
+@AllArgsConstructor
+@NoArgsConstructor
+@Data
+@ToString
+public class ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinityPodAffinityTermNamespaceSelector implements Model {
+
+
+  /**
+   * matchExpressions is a list of label selector requirements. The requirements are ANDed.
+   */
+  @JsonProperty("matchExpressions")
+  @Singular(value = "addToMatchExpressions", ignoreNullCollections = true)
+  private List<ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinityPodAffinityTermLabelSelectorMatchExpressions> matchExpressions;
+
+  /**
+   * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+   */
+  @JsonProperty("matchLabels")
+  @Singular(value = "putInMatchLabels", ignoreNullCollections = true)
+  private Map<String, String> matchLabels;
+
+}
+

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution.java

@@ -42,8 +42,11 @@ public class ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinit
   @JsonProperty("labelSelector")
   private ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinityPodAffinityTermLabelSelector labelSelector;
 
+  @JsonProperty("namespaceSelector")
+  private ClusterIssuerSpecAcmeHttp01IngressPodTemplateSpecAffinityPodAffinityPodAffinityTermNamespaceSelector namespaceSelector;
+
   /**
-   * namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace"
+   * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
    */
   @JsonProperty("namespaces")
   @Singular(value = "addToNamespaces", ignoreNullCollections = true)

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecAcmeSolvers.java

@@ -25,7 +25,7 @@
 import lombok.ToString;
 
 /**
- * Configures an issuer to solve challenges using the specified options. Only one of HTTP01 or DNS01 may be provided.
+ * An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided.
  */
 @SuppressWarnings({"squid:S1192", "WeakerAccess", "unused"})
 @Builder(toBuilder = true, builderClassName = "Builder")

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecCa.java

@@ -47,7 +47,7 @@ public class ClusterIssuerSpecCa implements Model {
   private List<String> crlDistributionPoints;
 
   /**
-   * The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate wil be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
+   * The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
    */
   @JsonProperty("ocspServers")
   @Singular(value = "addToOcspServers", ignoreNullCollections = true)

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerSpecVault.java

@@ -42,7 +42,7 @@ public class ClusterIssuerSpecVault implements Model {
   private ClusterIssuerSpecVaultAuth auth;
 
   /**
-   * PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+   * PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
    */
   @JsonProperty("caBundle")
   private String caBundle;

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1/ClusterIssuerStatusConditions.java

@@ -50,6 +50,12 @@ public class ClusterIssuerStatusConditions implements Model {
   @JsonProperty("message")
   private String message;
 
+  /**
+   * If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.
+   */
+  @JsonProperty("observedGeneration")
+  private Number observedGeneration;
+
   /**
    * Reason is a brief machine readable explanation for the condition's last transition.
    */

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1alpha2/CertificateSpec.java

@@ -19,6 +19,7 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.marcnuri.yakc.model.Model;
 import com.marcnuri.yakc.model.io.certmanager.v1.CertificateSpecIssuerRef;
+import com.marcnuri.yakc.model.io.certmanager.v1.CertificateSpecSecretTemplate;
 import java.util.List;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
@@ -139,6 +140,9 @@ public class CertificateSpec implements Model {
   @JsonProperty("secretName")
   private String secretName;
 
+  @JsonProperty("secretTemplate")
+  private CertificateSpecSecretTemplate secretTemplate;
+
   @JsonProperty("subject")
   private CertificateSpecSubject subject;
 

apis/cert-manager/src/model/java/com/marcnuri/yakc/model/io/certmanager/v1alpha2/ClusterIssuerSpecAcmeHttp01.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright 2020 Marc Nuri
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.marcnuri.yakc.model.io.certmanager.v1alpha2;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.marcnuri.yakc.model.Model;
+import com.marcnuri.yakc.model.io.certmanager.v1.ClusterIssuerSpecAcmeHttp01GatewayHTTPRoute;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import lombok.ToString;
+
+/**
+ * Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
+ */
+@SuppressWarnings({"squid:S1192", "WeakerAccess", "unused"})
+@Builder(toBuilder = true, builderClassName = "Builder")
+@AllArgsConstructor
+@NoArgsConstructor
+@Data
+@ToString
+public class ClusterIssuerSpecAcmeHttp01 implements Model {
+
+
+  @JsonProperty("gatewayHTTPRoute")
+  private ClusterIssuerSpecAcmeHttp01GatewayHTTPRoute gatewayHTTPRoute;
+
+  @JsonProperty("ingress")
+  private ClusterIssuerSpecAcmeHttp01Ingress ingress;
+
+}
+