kubernetes/pkg/apis/certificates/validation/validation.go

var trueConditionTypes

var trueStatusOnly

var allStatusValues

type certificateValidationOptions

// validateCSR validates the signature and formatting of a base64-wrapped,
// PEM-encoded PKCS#10 certificate signing request. If this is invalid, we must
// not accept the CSR for further processing.
func validateCSR(obj *certificates.CertificateSigningRequest) error {}

func validateCertificate(pemData []byte) error {}

// We don't care what you call your certificate requests.
func ValidateCertificateRequestName(name string, prefix bool) []string {}

func ValidateCertificateSigningRequestCreate(csr *certificates.CertificateSigningRequest) field.ErrorList {}

var allValidUsages

func validateCertificateSigningRequest(csr *certificates.CertificateSigningRequest, opts certificateValidationOptions) field.ErrorList {}

func validateConditions(fldPath *field.Path, csr *certificates.CertificateSigningRequest, opts certificateValidationOptions) field.ErrorList {}

func ValidateCertificateSigningRequestUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList {}

func ValidateCertificateSigningRequestStatusUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList {}

func ValidateCertificateSigningRequestApprovalUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList {}

func validateCertificateSigningRequestUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest, opts certificateValidationOptions) field.ErrorList {}

// findConditions returns all instances of conditions of the specified type
func findConditions(csr *certificates.CertificateSigningRequest, conditionType certificates.RequestConditionType) []certificates.CertificateSigningRequestCondition {}

// getValidationOptions returns the validation options to be
// compatible with the specified version and existing CSR.
// oldCSR may be nil if this is a create request.
// validation options related to subresource-specific capabilities are set to false.
func getValidationOptions(newCSR, oldCSR *certificates.CertificateSigningRequest) certificateValidationOptions {}

func allowBothApprovedAndDenied(oldCSR *certificates.CertificateSigningRequest) bool {}

func allowLegacySignerName(oldCSR *certificates.CertificateSigningRequest) bool {}

func allowDuplicateConditionTypes(oldCSR *certificates.CertificateSigningRequest) bool {}

func hasDuplicateConditionTypes(csr *certificates.CertificateSigningRequest) bool {}

func allowEmptyConditionType(oldCSR *certificates.CertificateSigningRequest) bool {}

func hasEmptyConditionType(csr *certificates.CertificateSigningRequest) bool {}

func allowArbitraryCertificate(newCSR, oldCSR *certificates.CertificateSigningRequest) bool {}

func allowUnknownUsages(oldCSR *certificates.CertificateSigningRequest) bool {}

func hasUnknownUsage(usages []certificates.KeyUsage) bool {}

func allowDuplicateUsages(oldCSR *certificates.CertificateSigningRequest) bool {}

func hasDuplicateUsage(usages []certificates.KeyUsage) bool {}

type ValidateClusterTrustBundleOptions

// ValidateClusterTrustBundle runs all validation checks on bundle.
func ValidateClusterTrustBundle(bundle *certificates.ClusterTrustBundle, opts ValidateClusterTrustBundleOptions) field.ErrorList {}

// ValidateClusterTrustBundleUpdate runs all update validation checks on an
// update.
func ValidateClusterTrustBundleUpdate(newBundle, oldBundle *certificates.ClusterTrustBundle) field.ErrorList {}

// validateTrustBundle rejects intra-block headers, blocks
// that don't parse as X.509 CA certificates, and duplicate trust anchors.  It
// requires that at least one trust anchor is provided.
func validateTrustBundle(path *field.Path, in string) field.ErrorList {}