switch sample-external-issuer to issuer-lib

Signed-off-by: Tim Ramlot <[email protected]>
cert-manager · Sep 5, 2024 · 59235ef · 59235ef
1 parent 531ebd6
commit 59235ef
Show file tree

Hide file tree

Showing 19 changed files with 582 additions and 2,275 deletions.
diff --git a/api/v1alpha1/clusterissuer_types.go b/api/v1alpha1/clusterissuer_types.go
@@ -17,22 +17,40 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"github.com/cert-manager/issuer-lib/api/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
-//+kubebuilder:resource:scope=Cluster
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status"
+// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].reason"
+// +kubebuilder:printcolumn:name="Message",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message"
+// +kubebuilder:printcolumn:name="LastTransition",type="string",type="date",JSONPath=".status.conditions[?(@.type==\"Ready\")].lastTransitionTime"
+// +kubebuilder:printcolumn:name="ObservedGeneration",type="integer",JSONPath=".status.conditions[?(@.type==\"Ready\")].observedGeneration"
+// +kubebuilder:printcolumn:name="Generation",type="integer",JSONPath=".metadata.generation"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
 
 // ClusterIssuer is the Schema for the clusterissuers API
 type ClusterIssuer struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec   IssuerSpec   `json:"spec,omitempty"`
-	Status IssuerStatus `json:"status,omitempty"`
+	Spec   IssuerSpec            `json:"spec,omitempty"`
+	Status v1alpha1.IssuerStatus `json:"status,omitempty"`
+}
+
+func (vi *ClusterIssuer) GetStatus() *v1alpha1.IssuerStatus {
+	return &vi.Status
 }
 
+func (vi *ClusterIssuer) GetIssuerTypeIdentifier() string {
+	return "clusterissuers.sample-issuer.example.com"
+}
+
+var _ v1alpha1.Issuer = &ClusterIssuer{}
+
 //+kubebuilder:object:root=true
 
 // ClusterIssuerList contains a list of ClusterIssuer

diff --git a/api/v1alpha1/issuer_types.go b/api/v1alpha1/issuer_types.go
@@ -17,9 +17,29 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"github.com/cert-manager/issuer-lib/api/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status"
+// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].reason"
+// +kubebuilder:printcolumn:name="Message",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message"
+// +kubebuilder:printcolumn:name="LastTransition",type="string",type="date",JSONPath=".status.conditions[?(@.type==\"Ready\")].lastTransitionTime"
+// +kubebuilder:printcolumn:name="ObservedGeneration",type="integer",JSONPath=".status.conditions[?(@.type==\"Ready\")].observedGeneration"
+// +kubebuilder:printcolumn:name="Generation",type="integer",JSONPath=".metadata.generation"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// Issuer is the Schema for the issuers API
+type Issuer struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   IssuerSpec            `json:"spec,omitempty"`
+	Status v1alpha1.IssuerStatus `json:"status,omitempty"`
+}
+
 // IssuerSpec defines the desired state of Issuer
 type IssuerSpec struct {
 	// URL is the base URL for the endpoint of the signing service,
@@ -34,26 +54,16 @@ type IssuerSpec struct {
 	AuthSecretName string `json:"authSecretName"`
 }
 
-// IssuerStatus defines the observed state of Issuer
-type IssuerStatus struct {
-	// List of status conditions to indicate the status of a CertificateRequest.
-	// Known condition types are `Ready`.
-	// +optional
-	Conditions []IssuerCondition `json:"conditions,omitempty"`
+func (vi *Issuer) GetStatus() *v1alpha1.IssuerStatus {
+	return &vi.Status
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
-
-// Issuer is the Schema for the issuers API
-type Issuer struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   IssuerSpec   `json:"spec,omitempty"`
-	Status IssuerStatus `json:"status,omitempty"`
+func (vi *Issuer) GetIssuerTypeIdentifier() string {
+	return "issuers.sample-issuer.example.com"
 }
 
+var _ v1alpha1.Issuer = &Issuer{}
+
 //+kubebuilder:object:root=true
 
 // IssuerList contains a list of Issuer
@@ -63,61 +73,6 @@ type IssuerList struct {
 	Items           []Issuer `json:"items"`
 }
 
-// IssuerCondition contains condition information for an Issuer.
-type IssuerCondition struct {
-	// Type of the condition, known values are ('Ready').
-	Type IssuerConditionType `json:"type"`
-
-	// Status of the condition, one of ('True', 'False', 'Unknown').
-	Status ConditionStatus `json:"status"`
-
-	// LastTransitionTime is the timestamp corresponding to the last status
-	// change of this condition.
-	// +optional
-	LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
-
-	// Reason is a brief machine readable explanation for the condition's last
-	// transition.
-	// +optional
-	Reason string `json:"reason,omitempty"`
-
-	// Message is a human readable description of the details of the last
-	// transition, complementing reason.
-	// +optional
-	Message string `json:"message,omitempty"`
-}
-
-// IssuerConditionType represents an Issuer condition value.
-type IssuerConditionType string
-
-const (
-	// IssuerConditionReady represents the fact that a given Issuer condition
-	// is in ready state and able to issue certificates.
-	// If the `status` of this condition is `False`, CertificateRequest controllers
-	// should prevent attempts to sign certificates.
-	IssuerConditionReady IssuerConditionType = "Ready"
-)
-
-// ConditionStatus represents a condition's status.
-// +kubebuilder:validation:Enum=True;False;Unknown
-type ConditionStatus string
-
-// These are valid condition statuses. "ConditionTrue" means a resource is in
-// the condition; "ConditionFalse" means a resource is not in the condition;
-// "ConditionUnknown" means kubernetes can't decide if a resource is in the
-// condition or not. In the future, we could add other intermediate
-// conditions, e.g. ConditionDegraded.
-const (
-	// ConditionTrue represents the fact that a given condition is true
-	ConditionTrue ConditionStatus = "True"
-
-	// ConditionFalse represents the fact that a given condition is false
-	ConditionFalse ConditionStatus = "False"
-
-	// ConditionUnknown represents the fact that a given condition is unknown
-	ConditionUnknown ConditionStatus = "Unknown"
-)
-
 func init() {
 	SchemeBuilder.Register(&Issuer{}, &IssuerList{})
 }
diff --git a/api/v1alpha1/types.go b/api/v1alpha1/types.go
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -5,52 +5,41 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - cert-manager.io
-  resources:
-  - certificaterequests
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - cert-manager.io
-  resources:
-  - certificaterequests/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - sample-issuer.example.com
-  resources:
-  - clusterissuers
-  - issuers
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - sample-issuer.example.com
-  resources:
-  - clusterissuers/status
-  - issuers/status
-  verbs:
-  - get
-  - patch
-  - update
+- apiGroups: [ "" ]
+  resources: [ "events" ]
+  verbs: ["create", "patch"]
+
+- apiGroups: [ "" ]
+  resources: [ "secrets" ]
+  verbs: ["get", "list", "watch"]
+
+- apiGroups: [ "sample-issuer.example.com" ]
+  resources: [ "clusterissuers", "issuers" ]
+  verbs: ["get", "list", "watch"]
+
+- apiGroups: [ "sample-issuer.example.com" ]
+  resources: [ "clusterissuers/status", "issuers/status" ]
+  verbs: [ "patch" ]
+
+
+- apiGroups: [ "cert-manager.io" ]
+  resources: [ "certificaterequests" ]
+  verbs: [ "get", "list", "watch" ]
+
+- apiGroups: [ "cert-manager.io" ]
+  resources: [ "certificaterequests/status" ]
+  verbs: [ "patch" ]
+
+- apiGroups: [ "certificates.k8s.io" ]
+  resources: [ "certificatesigningrequests" ]
+  verbs: [ "get", "list", "watch" ]
+
+- apiGroups: [ "certificates.k8s.io" ]
+  resources: [ "certificatesigningrequests/status" ]
+  verbs: [ "patch" ]
+
+- apiGroups: [ "certificates.k8s.io" ]
+  resources: [ "signers" ]
+  verbs: [ "sign" ]
+  resourceNames:
+  - clusterissuers.sample-issuer.example.com/*