subresource: "approval",
				oldObj: &certificatesapi.CertificateSigningRequest{Spec: certificatesapi.CertificateSigningRequestSpec{
					SignerName: "notallowed.com/xyz",
				}},
				obj: &certificatesapi.CertificateSigningRequest{Spec: certificatesapi.CertificateSigningRequestSpec{
					SignerName: "allowed.com/xyz",
				}},
				operation: admission.Update,
			},
			allowed: false,
		},
	}

func (in *CertificateSigningRequest) DeepCopyInto(out *CertificateSigningRequest) {
	*out = *in
	out.TypeMeta = in.TypeMeta
	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
	in.Spec.DeepCopyInto(&out.Spec)
	in.Status.DeepCopyInto(&out.Status)
	return
}

// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequest.

	csr, ok := obj.(*certificates.CertificateSigningRequest)
	if !ok {
		return nil, nil, fmt.Errorf("not a certificatesigningrequest")
	}
	return labels.Set(csr.Labels), SelectableFields(csr), nil
}

// SelectableFields returns a field set that can be used for filter selection
func SelectableFields(obj *certificates.CertificateSigningRequest) fields.Set {

}

func ValidateCertificateSigningRequestUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList {
	opts := getValidationOptions(newCSR, oldCSR)
	return validateCertificateSigningRequestUpdate(newCSR, oldCSR, opts)
}

func ValidateCertificateSigningRequestStatusUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList {
	opts := getValidationOptions(newCSR, oldCSR)

		NewListFunc:               func() runtime.Object { return &certificates.CertificateSigningRequestList{} },
		DefaultQualifiedResource:  certificates.Resource("certificatesigningrequests"),
		SingularQualifiedResource: certificates.Resource("certificatesigningrequest"),

		CreateStrategy:      csrregistry.Strategy,
		UpdateStrategy:      csrregistry.Strategy,

	csr, ok := a.GetOldObject().(*api.CertificateSigningRequest)
	if !ok {
		return admission.NewForbidden(a, fmt.Errorf("expected type CertificateSigningRequest, got: %T", a.GetOldObject()))
	}

	if !certificates.IsAuthorizedForSignerName(ctx, p.authz, a.GetUserInfo(), "approve", csr.Spec.SignerName) {
		klog.V(4).Infof("user not permitted to approve CertificateSigningRequest %q with signerName %q", csr.Name, csr.Spec.SignerName)

	WorkloadEntry
	WorkloadGroup
)

func (k Kind) String() string {
	switch k {
	case Address:
		return "Address"
	case AuthorizationPolicy:
		return "AuthorizationPolicy"
	case CertificateSigningRequest:
		return "CertificateSigningRequest"
	case ConfigMap:
		return "ConfigMap"
	case CustomResourceDefinition:
		return "CustomResourceDefinition"
	case DNSName:
		return "DNSName"
	case DaemonSet:
		return "DaemonSet"

          "group": "certificates.k8s.io",
          "kind": "CertificateSigningRequest",
          "version": "v1"
        }
      }
    },
    "/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}": {
      "delete": {
        "description": "delete a CertificateSigningRequest",
        "operationId": "deleteCertificatesV1CertificateSigningRequest",
        "parameters": [
          {

func (in *CertificateSigningRequest) DeepCopyInto(out *CertificateSigningRequest) {
	*out = *in
	out.TypeMeta = in.TypeMeta
	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
	in.Spec.DeepCopyInto(&out.Spec)
	in.Status.DeepCopyInto(&out.Status)
	return
}

// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequest.

					t.Errorf("got: %v, expected: %v", got, expected)
				}
				if got, expected := a.Subresource, "approval"; got != expected {
					t.Errorf("got: %v, expected: %v", got, expected)
				}
				csr := a.Object.(*capi.CertificateSigningRequest)
				if len(csr.Status.Conditions) != 1 {