v1

type CertWatchActionEmail struct {
	// ConfigFile is the configuration file with information about the email server
	// to use
	ConfigFile string `json:"configFile,omitempty"`

	// From is the header that identifies the sender of the e-mail. If not specified
	// here, the value must be specified in configuration file.
	From string `json:"from,omitempty"`

	// To is the header that identifies the recipients of the e-mail. A comma
	// separated list of e-mail addresses.
	To string `json:"to"`

	// Cc is the header that identifies carbon copy receivers of the e-mail. A comma
	// separated list of e-mail addresses.
	Cc string `json:"cc,omitempty"`

	// Bcc is the header that identifies blind carbon copy receivers of the e-mail. A
	// comma separated list of e-mail addresses.
	Bcc string `json:"bcc,omitempty"`

	// Subject is the header that informs the subject of the e-mail.
	Subject string `json:"subject,omitempty"`

	// BodyTemplate is the full contents of the e-mail body to send.
	BodyTemplate string `json:"bodyTemplate,omitempty"`

	// BodyContentType is the header that identifies the type of content the e-mail
	// will have: text/plain or text/html
	BodyContentType string `json:"bodyContentType,omitempty"`

	// Attachments is the list of attachments to send with the e-mail. Paths are
	// relative to a temporary workspace directory where different versions of the
	// certificate files are saved before sending the email. Files will be available
	// in popular formats, like PEM and PKCS#12, zipped and unzipped.
	Attachments []string `json:"attachments,omitempty"`
}

type CertWatchActionJob struct {
	// Name identifies the job that will be executed.
	Name string `json:"name"`

	// VolumeName controls the name of the volume that will be created to mount
	// certificate files into the Job's containers. Defaults to "certs".
	VolumeName string `json:"volumeName,omitempty"`

	// MountPath controls the mountPath used in the volume created to mount
	// certificate files into the Job's containers. Defaults to "/workspace".
	MountPath string `json:"mountPath,omitempty"`

	// Spec is a standard Kubernetes job spec.
	Spec v1.JobSpec `json:"spec"`
}

type CertWatchActionScp struct {
	// Hostname is the remote hostname to connect to.
	Hostname string `json:"hostname"`

	// Port number to connect to. Defaults to 22.
	Port int `json:"port,omitempty"`

	// CredentialSecret is the name of the Secret containing credentials to authenticate. Depending on
	// AuthType, it may contain username, password, key or passphrase values.
	// The reference to the Secret should be in the form namespace/secret-name.
	CredentialSecret string `json:"credentialSecret"`

	// AuthType is the authentication type to use: password|key. Defaults to `password`.
	AuthType string `json:"authType,omitempty"`

	// Files is the list of files to copy. Filenames are relative to a temporary
	// workspace where certificates are stored while they are being processed. After
	// processing, this temporary directory and all its files are removed.
	Files []CertWatchScpFile `json:"files"`
}

type CertWatchScpFile struct {
	// Name is the name of the local certificate file. Filenames are relative to the
	// temporary workspace directory.
	Name string `json:"name"`

	// RemotePath is the full directory path in the remote host where the certificate
	// will be copied to.
	RemotePath string `json:"remotePath"`

	// Mode is the file mode the file on the remote host will have. A string in
	// numeric form, such as 0644.
	Mode string `json:"mode,omitempty"`
}

type CertWatcher struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   CertWatcherSpec   `json:"spec,omitempty"`
	Status CertWatcherStatus `json:"status,omitempty"`
}

type CertWatcherAction struct {
	// Dummy action used for testing and debugging.
	Echo *CertWatcherActionEcho `json:"echo,omitempty"`

	// React to Secret change by sending e-mails.
	Email *CertWatchActionEmail `json:"email,omitempty"`

	// React to Secret change by copying files to a remote host via SCP (ssh).
	Scp *CertWatchActionScp `json:"scp,omitempty"`

	// React to Secret change by running a custom Kubernetes Job. Follow the same spec from batch/v1 API.
	Job *CertWatchActionJob `json:"job,omitempty"`
}

type CertWatcherActionEcho struct {
}

type CertWatcherList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []CertWatcher `json:"items"`
}

type CertWatcherSecret struct {
	// Name of the Secret watched by CertWatcher
	Name string `json:"name"`

	// Namespace of the Secret watched by CertWatcher.
	Namespace string `json:"namespace"`
}

type CertWatcherSpec struct {

	// Secret watched by CertWatcher
	Secret CertWatcherSecret `json:"secret"`

	// ZipFilesPassword is the password that should be used to zip certificate files.
	// Zipped versions of each certificates are kept along with the raw files. If
	// this values is empty, zip files will no tbe protected with any password.
	ZipFilesPassword string `json:"zipFilesPassword,omitempty"`

	// Pkcs12Password is the password that should be used in the PKCS#12 envelope. If
	// empty, p12 certificate files will not be protected by any password.
	Pkcs12Password string `json:"pkcs12Password,omitempty"`

	// FilenamesPrefix is the prefix that should be used in the exported certificate
	// filenames. If empty, defaults to "tls", so files will be created in the
	// temporary workspace directory as tls.key, tls.crt, tls.p12, etc...
	FilenamesPrefix string `json:"filenamesPrefix,omitempty"`

	// Actions that should be performed when the watched Secret changes.
	Actions CertWatcherAction `json:"actions,omitempty"`
}

type CertWatcherStatus struct {
	Status       string      `json:"status,omitempty"`
	LastUpdate   metav1.Time `json:"lastUpdate,omitempty"`
	LastChecksum string      `json:"lastChecksum,omitempty"`
	ActionStatus string      `json:"actionStatus,omitempty"`
	Message      string      `json:"message,omitempty"`
}