diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..0907944 --- /dev/null +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,88 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + versioned "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + internalinterfaces "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/informers/externalversions/internalinterfaces" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/listers/anthoscertmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &anthoscertmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&anthoscertmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..0907944 --- /dev/null +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,88 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + versioned "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + internalinterfaces "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/informers/externalversions/internalinterfaces" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/listers/anthoscertmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &anthoscertmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&anthoscertmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go index 95d5b86..b76a1f2 100644 --- a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go @@ -27,6 +27,8 @@ Certificates() CertificateInformer // CertificateRequests returns a CertificateRequestInformer. CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer // Issuers returns a IssuerInformer. Issuers() IssuerInformer } @@ -52,6 +54,11 @@ return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // Issuers returns a IssuerInformer. func (v *version) Issuers() IssuerInformer { return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..0907944 --- /dev/null +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,88 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + versioned "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + internalinterfaces "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/informers/externalversions/internalinterfaces" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/listers/anthoscertmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &anthoscertmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&anthoscertmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go index 95d5b86..b76a1f2 100644 --- a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go @@ -27,6 +27,8 @@ Certificates() CertificateInformer // CertificateRequests returns a CertificateRequestInformer. CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer // Issuers returns a IssuerInformer. Issuers() IssuerInformer } @@ -52,6 +54,11 @@ return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // Issuers returns a IssuerInformer. func (v *version) Issuers() IssuerInformer { return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index ebe467b..751e25e 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -56,6 +56,8 @@ return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Certificates().Informer()}, nil case v1.SchemeGroupVersion.WithResource("certificaterequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().CertificateRequests().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("clusterissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().ClusterIssuers().Informer()}, nil case v1.SchemeGroupVersion.WithResource("issuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Issuers().Informer()}, nil diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..0907944 --- /dev/null +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,88 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + versioned "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + internalinterfaces "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/informers/externalversions/internalinterfaces" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/listers/anthoscertmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &anthoscertmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&anthoscertmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go index 95d5b86..b76a1f2 100644 --- a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go @@ -27,6 +27,8 @@ Certificates() CertificateInformer // CertificateRequests returns a CertificateRequestInformer. CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer // Issuers returns a IssuerInformer. Issuers() IssuerInformer } @@ -52,6 +54,11 @@ return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // Issuers returns a IssuerInformer. func (v *version) Issuers() IssuerInformer { return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index ebe467b..751e25e 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -56,6 +56,8 @@ return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Certificates().Informer()}, nil case v1.SchemeGroupVersion.WithResource("certificaterequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().CertificateRequests().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("clusterissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().ClusterIssuers().Informer()}, nil case v1.SchemeGroupVersion.WithResource("issuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Issuers().Informer()}, nil diff --git a/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..deab0ab --- /dev/null +++ b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,67 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerLister helps list ClusterIssuers. +// All objects returned here must be treated as read-only. +type ClusterIssuerLister interface { + // List lists all ClusterIssuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) + // Get retrieves the ClusterIssuer from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterIssuer, error) + ClusterIssuerListerExpansion +} + +// clusterIssuerLister implements the ClusterIssuerLister interface. +type clusterIssuerLister struct { + indexer cache.Indexer +} + +// NewClusterIssuerLister returns a new ClusterIssuerLister. +func NewClusterIssuerLister(indexer cache.Indexer) ClusterIssuerLister { + return &clusterIssuerLister{indexer: indexer} +} + +// List lists all ClusterIssuers in the indexer. +func (s *clusterIssuerLister) List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterIssuer)) + }) + return ret, err +} + +// Get retrieves the ClusterIssuer from the index for a given name. +func (s *clusterIssuerLister) Get(name string) (*v1.ClusterIssuer, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusterissuer"), name) + } + return obj.(*v1.ClusterIssuer), nil +} diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..0907944 --- /dev/null +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,88 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + versioned "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + internalinterfaces "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/informers/externalversions/internalinterfaces" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/listers/anthoscertmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &anthoscertmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&anthoscertmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go index 95d5b86..b76a1f2 100644 --- a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go @@ -27,6 +27,8 @@ Certificates() CertificateInformer // CertificateRequests returns a CertificateRequestInformer. CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer // Issuers returns a IssuerInformer. Issuers() IssuerInformer } @@ -52,6 +54,11 @@ return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // Issuers returns a IssuerInformer. func (v *version) Issuers() IssuerInformer { return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index ebe467b..751e25e 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -56,6 +56,8 @@ return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Certificates().Informer()}, nil case v1.SchemeGroupVersion.WithResource("certificaterequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().CertificateRequests().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("clusterissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().ClusterIssuers().Informer()}, nil case v1.SchemeGroupVersion.WithResource("issuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Issuers().Informer()}, nil diff --git a/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..deab0ab --- /dev/null +++ b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,67 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerLister helps list ClusterIssuers. +// All objects returned here must be treated as read-only. +type ClusterIssuerLister interface { + // List lists all ClusterIssuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) + // Get retrieves the ClusterIssuer from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterIssuer, error) + ClusterIssuerListerExpansion +} + +// clusterIssuerLister implements the ClusterIssuerLister interface. +type clusterIssuerLister struct { + indexer cache.Indexer +} + +// NewClusterIssuerLister returns a new ClusterIssuerLister. +func NewClusterIssuerLister(indexer cache.Indexer) ClusterIssuerLister { + return &clusterIssuerLister{indexer: indexer} +} + +// List lists all ClusterIssuers in the indexer. +func (s *clusterIssuerLister) List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterIssuer)) + }) + return ret, err +} + +// Get retrieves the ClusterIssuer from the index for a given name. +func (s *clusterIssuerLister) Get(name string) (*v1.ClusterIssuer, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusterissuer"), name) + } + return obj.(*v1.ClusterIssuer), nil +} diff --git a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go index 4ed83ef..4946431 100644 --- a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go +++ b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go @@ -33,6 +33,10 @@ // CertificateRequestNamespaceLister. type CertificateRequestNamespaceListerExpansion interface{} +// ClusterIssuerListerExpansion allows custom methods to be added to +// ClusterIssuerLister. +type ClusterIssuerListerExpansion interface{} + // IssuerListerExpansion allows custom methods to be added to // IssuerLister. type IssuerListerExpansion interface{} diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..0907944 --- /dev/null +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,88 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + versioned "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + internalinterfaces "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/informers/externalversions/internalinterfaces" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/listers/anthoscertmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &anthoscertmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&anthoscertmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go index 95d5b86..b76a1f2 100644 --- a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go @@ -27,6 +27,8 @@ Certificates() CertificateInformer // CertificateRequests returns a CertificateRequestInformer. CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer // Issuers returns a IssuerInformer. Issuers() IssuerInformer } @@ -52,6 +54,11 @@ return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // Issuers returns a IssuerInformer. func (v *version) Issuers() IssuerInformer { return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index ebe467b..751e25e 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -56,6 +56,8 @@ return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Certificates().Informer()}, nil case v1.SchemeGroupVersion.WithResource("certificaterequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().CertificateRequests().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("clusterissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().ClusterIssuers().Informer()}, nil case v1.SchemeGroupVersion.WithResource("issuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Issuers().Informer()}, nil diff --git a/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..deab0ab --- /dev/null +++ b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,67 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerLister helps list ClusterIssuers. +// All objects returned here must be treated as read-only. +type ClusterIssuerLister interface { + // List lists all ClusterIssuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) + // Get retrieves the ClusterIssuer from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterIssuer, error) + ClusterIssuerListerExpansion +} + +// clusterIssuerLister implements the ClusterIssuerLister interface. +type clusterIssuerLister struct { + indexer cache.Indexer +} + +// NewClusterIssuerLister returns a new ClusterIssuerLister. +func NewClusterIssuerLister(indexer cache.Indexer) ClusterIssuerLister { + return &clusterIssuerLister{indexer: indexer} +} + +// List lists all ClusterIssuers in the indexer. +func (s *clusterIssuerLister) List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterIssuer)) + }) + return ret, err +} + +// Get retrieves the ClusterIssuer from the index for a given name. +func (s *clusterIssuerLister) Get(name string) (*v1.ClusterIssuer, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusterissuer"), name) + } + return obj.(*v1.ClusterIssuer), nil +} diff --git a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go index 4ed83ef..4946431 100644 --- a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go +++ b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go @@ -33,6 +33,10 @@ // CertificateRequestNamespaceLister. type CertificateRequestNamespaceListerExpansion interface{} +// ClusterIssuerListerExpansion allows custom methods to be added to +// ClusterIssuerLister. +type ClusterIssuerListerExpansion interface{} + // IssuerListerExpansion allows custom methods to be added to // IssuerLister. type IssuerListerExpansion interface{} diff --git a/pkg/controller/context.go b/pkg/controller/context.go index d4183bc..c0d93bd 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -209,6 +209,7 @@ ctx.FieldManager = util.PrefixFromUserAgent(restConfig.UserAgent) ctx.RESTConfig = restConfig ctx.Client = clients.kubeClient + ctx.ACMClient = clients.acmClient ctx.DiscoveryClient = clients.kubeClient.Discovery() ctx.Recorder = recorder diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..0907944 --- /dev/null +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,88 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + versioned "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + internalinterfaces "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/informers/externalversions/internalinterfaces" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/listers/anthoscertmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &anthoscertmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&anthoscertmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go index 95d5b86..b76a1f2 100644 --- a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go @@ -27,6 +27,8 @@ Certificates() CertificateInformer // CertificateRequests returns a CertificateRequestInformer. CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer // Issuers returns a IssuerInformer. Issuers() IssuerInformer } @@ -52,6 +54,11 @@ return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // Issuers returns a IssuerInformer. func (v *version) Issuers() IssuerInformer { return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index ebe467b..751e25e 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -56,6 +56,8 @@ return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Certificates().Informer()}, nil case v1.SchemeGroupVersion.WithResource("certificaterequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().CertificateRequests().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("clusterissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().ClusterIssuers().Informer()}, nil case v1.SchemeGroupVersion.WithResource("issuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Issuers().Informer()}, nil diff --git a/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..deab0ab --- /dev/null +++ b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,67 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerLister helps list ClusterIssuers. +// All objects returned here must be treated as read-only. +type ClusterIssuerLister interface { + // List lists all ClusterIssuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) + // Get retrieves the ClusterIssuer from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterIssuer, error) + ClusterIssuerListerExpansion +} + +// clusterIssuerLister implements the ClusterIssuerLister interface. +type clusterIssuerLister struct { + indexer cache.Indexer +} + +// NewClusterIssuerLister returns a new ClusterIssuerLister. +func NewClusterIssuerLister(indexer cache.Indexer) ClusterIssuerLister { + return &clusterIssuerLister{indexer: indexer} +} + +// List lists all ClusterIssuers in the indexer. +func (s *clusterIssuerLister) List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterIssuer)) + }) + return ret, err +} + +// Get retrieves the ClusterIssuer from the index for a given name. +func (s *clusterIssuerLister) Get(name string) (*v1.ClusterIssuer, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusterissuer"), name) + } + return obj.(*v1.ClusterIssuer), nil +} diff --git a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go index 4ed83ef..4946431 100644 --- a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go +++ b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go @@ -33,6 +33,10 @@ // CertificateRequestNamespaceLister. type CertificateRequestNamespaceListerExpansion interface{} +// ClusterIssuerListerExpansion allows custom methods to be added to +// ClusterIssuerLister. +type ClusterIssuerListerExpansion interface{} + // IssuerListerExpansion allows custom methods to be added to // IssuerLister. type IssuerListerExpansion interface{} diff --git a/pkg/controller/context.go b/pkg/controller/context.go index d4183bc..c0d93bd 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -209,6 +209,7 @@ ctx.FieldManager = util.PrefixFromUserAgent(restConfig.UserAgent) ctx.RESTConfig = restConfig ctx.Client = clients.kubeClient + ctx.ACMClient = clients.acmClient ctx.DiscoveryClient = clients.kubeClient.Discovery() ctx.Recorder = recorder diff --git a/pkg/controller/issuers/controller.go b/pkg/controller/issuers/controller.go index 05fd1c7..29c0937 100644 --- a/pkg/controller/issuers/controller.go +++ b/pkg/controller/issuers/controller.go @@ -67,7 +67,7 @@ secretInformer.Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{WorkFunc: c.secreMutated}) // instantiate additional helpers used by this controller - // c.issuerFactory = issuer.NewFactory(ctx) + c.issuerFactory = issuer.NewFactory(ctx) c.acmClient = ctx.ACMClient c.fieldManager = ctx.FieldManager c.recorder = ctx.Recorder @@ -116,7 +116,6 @@ log.Error(err, "issuer in work queue on longer exists") return nil } - return err } diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..0907944 --- /dev/null +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,88 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + versioned "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + internalinterfaces "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/informers/externalversions/internalinterfaces" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/listers/anthoscertmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &anthoscertmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&anthoscertmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go index 95d5b86..b76a1f2 100644 --- a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go @@ -27,6 +27,8 @@ Certificates() CertificateInformer // CertificateRequests returns a CertificateRequestInformer. CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer // Issuers returns a IssuerInformer. Issuers() IssuerInformer } @@ -52,6 +54,11 @@ return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // Issuers returns a IssuerInformer. func (v *version) Issuers() IssuerInformer { return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index ebe467b..751e25e 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -56,6 +56,8 @@ return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Certificates().Informer()}, nil case v1.SchemeGroupVersion.WithResource("certificaterequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().CertificateRequests().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("clusterissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().ClusterIssuers().Informer()}, nil case v1.SchemeGroupVersion.WithResource("issuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Issuers().Informer()}, nil diff --git a/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..deab0ab --- /dev/null +++ b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,67 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerLister helps list ClusterIssuers. +// All objects returned here must be treated as read-only. +type ClusterIssuerLister interface { + // List lists all ClusterIssuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) + // Get retrieves the ClusterIssuer from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterIssuer, error) + ClusterIssuerListerExpansion +} + +// clusterIssuerLister implements the ClusterIssuerLister interface. +type clusterIssuerLister struct { + indexer cache.Indexer +} + +// NewClusterIssuerLister returns a new ClusterIssuerLister. +func NewClusterIssuerLister(indexer cache.Indexer) ClusterIssuerLister { + return &clusterIssuerLister{indexer: indexer} +} + +// List lists all ClusterIssuers in the indexer. +func (s *clusterIssuerLister) List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterIssuer)) + }) + return ret, err +} + +// Get retrieves the ClusterIssuer from the index for a given name. +func (s *clusterIssuerLister) Get(name string) (*v1.ClusterIssuer, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusterissuer"), name) + } + return obj.(*v1.ClusterIssuer), nil +} diff --git a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go index 4ed83ef..4946431 100644 --- a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go +++ b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go @@ -33,6 +33,10 @@ // CertificateRequestNamespaceLister. type CertificateRequestNamespaceListerExpansion interface{} +// ClusterIssuerListerExpansion allows custom methods to be added to +// ClusterIssuerLister. +type ClusterIssuerListerExpansion interface{} + // IssuerListerExpansion allows custom methods to be added to // IssuerLister. type IssuerListerExpansion interface{} diff --git a/pkg/controller/context.go b/pkg/controller/context.go index d4183bc..c0d93bd 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -209,6 +209,7 @@ ctx.FieldManager = util.PrefixFromUserAgent(restConfig.UserAgent) ctx.RESTConfig = restConfig ctx.Client = clients.kubeClient + ctx.ACMClient = clients.acmClient ctx.DiscoveryClient = clients.kubeClient.Discovery() ctx.Recorder = recorder diff --git a/pkg/controller/issuers/controller.go b/pkg/controller/issuers/controller.go index 05fd1c7..29c0937 100644 --- a/pkg/controller/issuers/controller.go +++ b/pkg/controller/issuers/controller.go @@ -67,7 +67,7 @@ secretInformer.Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{WorkFunc: c.secreMutated}) // instantiate additional helpers used by this controller - // c.issuerFactory = issuer.NewFactory(ctx) + c.issuerFactory = issuer.NewFactory(ctx) c.acmClient = ctx.ACMClient c.fieldManager = ctx.FieldManager c.recorder = ctx.Recorder @@ -116,7 +116,6 @@ log.Error(err, "issuer in work queue on longer exists") return nil } - return err } diff --git a/pkg/controller/issuers/sync.go b/pkg/controller/issuers/sync.go index f800825..ba4c72e 100644 --- a/pkg/controller/issuers/sync.go +++ b/pkg/controller/issuers/sync.go @@ -2,6 +2,7 @@ import ( "context" + "fmt" corev1 "k8s.io/api/core/v1" @@ -25,14 +26,16 @@ defer cancel() issuerCopy := iss.DeepCopy() + + // Sync the status at the end. defer func() { if saveErr := c.updateIssuerStatus(ctx, iss, issuerCopy); saveErr != nil { err = errors.NewAggregate([]error{saveErr, err}) + log.Error(err, "error update the issuer status") } }() i, err := c.issuerFactory.IssuerFor(issuerCopy) - if err != nil { return err } @@ -53,6 +56,8 @@ if apiequality.Semantic.DeepEqual(old.Status, new.Status) { return nil } + log := logf.FromContext(ctx) + log.Info(fmt.Sprintf("new issuer structure: %+v", new)) _, err := c.acmClient.AnthosCertmanagerV1().Issuers(new.Namespace).UpdateStatus(ctx, new, metav1.UpdateOptions{}) return err } diff --git a/Makefile b/Makefile index 330fcfd..c867be8 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,9 @@ .PHONY: generate-client generate-client: client-gen informer-gen lister-gen ## Generate code containing ClientSet, Client Informer and Client Lister method implementations. - # rm -rf ./pkg/client/clientset - # rm -rf ./pkg/client/listers - # rm -rf ./pkg/client/informers + rm -rf ./pkg/client/clientset + rm -rf ./pkg/client/listers + rm -rf ./pkg/client/informers $(CLIENT_GEN) --go-header-file $(LICENSE_PATH) \ --clientset-name versioned \ diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8706a1e..d14b2d8 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -5,6 +5,7 @@ "strings" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/certificates/issuing" + "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" ) @@ -20,10 +21,12 @@ allControllers = []string{ // certificate controllers issuing.ControllerName, + issuers.ControllerName, } defaultEnabledControllers = []string{ issuing.ControllerName, + issuers.ControllerName, } ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index fcab846..3a3d0d3 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -4,6 +4,8 @@ "fmt" options "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/cmd/controller/app/options" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/controller/issuers" + _ "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/issuer/selfsigned" logf "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/logs" "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util" "github.com/spf13/cobra" diff --git a/config/crd/bases/anthos-cert-manager.io_issuers.yaml b/config/crd/bases/anthos-cert-manager.io_issuers.yaml index 5cdedc0..f57ed38 100644 --- a/config/crd/bases/anthos-cert-manager.io_issuers.yaml +++ b/config/crd/bases/anthos-cert-manager.io_issuers.yaml @@ -133,7 +133,6 @@ type: object required: - spec - - status type: object served: true storage: true diff --git a/config/rbac/issuers_clusterrole.yaml b/config/rbac/issuers_clusterrole.yaml new file mode 100644 index 0000000..8ccc0f6 --- /dev/null +++ b/config/rbac/issuers_clusterrole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: anthoscertmanager-issuers-update-role +rules: +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/finalizers + verbs: + - update +- apiGroups: + - anthos-cert-manager.io + resources: + - issuers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/issuers_clusterrolebinding.yaml b/config/rbac/issuers_clusterrolebinding.yaml new file mode 100644 index 0000000..f35c7b0 --- /dev/null +++ b/config/rbac/issuers_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: anthoscertmanager-issuers-update-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: anthoscertmanager + app.kubernetes.io/part-of: anthoscertmanager + app.kubernetes.io/managed-by: kustomize + name: anthoscertmanager-issuers-update-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: anthoscertmanager-issuers-update-role +subjects: +- kind: ServiceAccount + name: anthos-certificate-manager + namespace: anthoscertmanager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ecca895..ebff82f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -21,3 +21,5 @@ - certificate_request_clusterrole.yaml - secret_viewer_clusterrole.yaml - secret_viewer_clusterrole_binding.yaml +- issuers_clusterrole.yaml +- issuers_clusterrolebinding.yaml diff --git a/examples/certificate.yaml b/examples/certificate.yaml new file mode 100644 index 0000000..8a2cc3e --- /dev/null +++ b/examples/certificate.yaml @@ -0,0 +1,53 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Certificate +metadata: + name: user-cert + namespace: anthoscertmanager +spec: + # Secret names are always required. + secretName: user-issued-cert + + # secretTemplate is optional. If set, these annotations and labels will be + # copied to the Secret named anthos-example-cert. These labels and annotations will + # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate + # is also enforced, so relevant label and annotation changes on the Secret by a + # third party will be overwriten by cert-manager to match the secretTemplate. + secretTemplate: + annotations: + my-secret-annotation-1: "foo" + my-secret-annotation-2: "bar" + labels: + my-secret-label: foo + duration: 1h # 90d + renewBefore: 5m # 15d + subject: + organizations: + - anthos-onprem + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: example.com + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + # usages: + # - server auth + # - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - anthos.google.com + - anthos.onprem.google.com + # uris: + # - spiffe://cluster.local/ns/sandbox/sa/example + ipAddresses: + - 192.168.0.5 + # Issuer references are always required. + issuerRef: + name: selfsigned-user-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: anthos-cert-manager.io \ No newline at end of file diff --git a/examples/issuer.yaml b/examples/issuer.yaml new file mode 100644 index 0000000..28d8474 --- /dev/null +++ b/examples/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: anthos-cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-user-issuer + namespace: anthoscertmanager +spec: + selfSigned: {} \ No newline at end of file diff --git a/pkg/apis/anthoscertmanager/v1/certificate_types.go b/pkg/apis/anthoscertmanager/v1/certificate_types.go index 93df4ac..739b2f3 100644 --- a/pkg/apis/anthoscertmanager/v1/certificate_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificate_types.go @@ -411,7 +411,7 @@ SerialNumber string `json:"serialNumber,omitempty"` } -//+kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateList contains a list of Certificate type CertificateList struct { diff --git a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go index 14aac3f..7175fa0 100644 --- a/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go +++ b/pkg/apis/anthoscertmanager/v1/certificaterequest_types.go @@ -50,7 +50,6 @@ } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CertificateRequestList is a list of Certificates type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/anthoscertmanager/v1/generic_issuer.go b/pkg/apis/anthoscertmanager/v1/generic_issuer.go index 686f714..be13546 100644 --- a/pkg/apis/anthoscertmanager/v1/generic_issuer.go +++ b/pkg/apis/anthoscertmanager/v1/generic_issuer.go @@ -5,7 +5,6 @@ "k8s.io/apimachinery/pkg/runtime" ) -// +kubebuilder:object:generate=false type GenericIssuer interface { runtime.Object metav1.Object diff --git a/pkg/apis/anthoscertmanager/v1/issuer_types.go b/pkg/apis/anthoscertmanager/v1/issuer_types.go index 26a1443..ce6a138 100644 --- a/pkg/apis/anthoscertmanager/v1/issuer_types.go +++ b/pkg/apis/anthoscertmanager/v1/issuer_types.go @@ -20,7 +20,11 @@ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -66,6 +70,7 @@ Spec IssuerSpec `json:"spec"` // Status of the Issuer. This is set and managed automatically. + // +optional Status IssuerStatus `json:"status"` } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go index c462f69..60b7d8a 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/anthoscertmanager_client.go @@ -29,6 +29,7 @@ RESTClient() rest.Interface CertificatesGetter CertificateRequestsGetter + ClusterIssuersGetter IssuersGetter } @@ -45,6 +46,10 @@ return newCertificateRequests(c, namespace) } +func (c *AnthosCertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + func (c *AnthosCertmanagerV1Client) Issuers(namespace string) IssuerInterface { return newIssuers(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..a0f9bd0 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,183 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + scheme "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *AnthosCertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go index 33201ee..24f9bed 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_anthoscertmanager_client.go @@ -35,6 +35,10 @@ return &FakeCertificateRequests{c, namespace} } +func (c *FakeAnthosCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + func (c *FakeAnthosCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { return &FakeIssuers{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 0000000..8932fdc --- /dev/null +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeAnthosCertmanagerV1 +} + +var clusterissuersResource = schema.GroupVersionResource{Group: "anthos-cert-manager.io", Version: "v1", Resource: "clusterissuers"} + +var clusterissuersKind = schema.GroupVersionKind{Group: "anthos-cert-manager.io", Version: "v1", Kind: "ClusterIssuer"} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts v1.ListOptions) (result *anthoscertmanagerv1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &anthoscertmanagerv1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &anthoscertmanagerv1.ClusterIssuerList{ListMeta: obj.(*anthoscertmanagerv1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*anthoscertmanagerv1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.CreateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *anthoscertmanagerv1.ClusterIssuer, opts v1.UpdateOptions) (*anthoscertmanagerv1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &anthoscertmanagerv1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &anthoscertmanagerv1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *anthoscertmanagerv1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &anthoscertmanagerv1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*anthoscertmanagerv1.ClusterIssuer), err +} diff --git a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go index 5b1cf5c..873b116 100644 --- a/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/anthoscertmanager/v1/generated_expansion.go @@ -21,4 +21,6 @@ type CertificateRequestExpansion interface{} +type ClusterIssuerExpansion interface{} + type IssuerExpansion interface{} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..0907944 --- /dev/null +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,88 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + anthoscertmanagerv1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + versioned "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + internalinterfaces "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/informers/externalversions/internalinterfaces" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/listers/anthoscertmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AnthosCertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &anthoscertmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&anthoscertmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go index 95d5b86..b76a1f2 100644 --- a/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go +++ b/pkg/client/informers/externalversions/anthoscertmanager/v1/interface.go @@ -27,6 +27,8 @@ Certificates() CertificateInformer // CertificateRequests returns a CertificateRequestInformer. CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer // Issuers returns a IssuerInformer. Issuers() IssuerInformer } @@ -52,6 +54,11 @@ return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // Issuers returns a IssuerInformer. func (v *version) Issuers() IssuerInformer { return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index ebe467b..751e25e 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -56,6 +56,8 @@ return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Certificates().Informer()}, nil case v1.SchemeGroupVersion.WithResource("certificaterequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().CertificateRequests().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("clusterissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().ClusterIssuers().Informer()}, nil case v1.SchemeGroupVersion.WithResource("issuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.AnthosCertmanager().V1().Issuers().Informer()}, nil diff --git a/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go new file mode 100644 index 0000000..deab0ab --- /dev/null +++ b/pkg/client/listers/anthoscertmanager/v1/clusterissuer.go @@ -0,0 +1,67 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerLister helps list ClusterIssuers. +// All objects returned here must be treated as read-only. +type ClusterIssuerLister interface { + // List lists all ClusterIssuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) + // Get retrieves the ClusterIssuer from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterIssuer, error) + ClusterIssuerListerExpansion +} + +// clusterIssuerLister implements the ClusterIssuerLister interface. +type clusterIssuerLister struct { + indexer cache.Indexer +} + +// NewClusterIssuerLister returns a new ClusterIssuerLister. +func NewClusterIssuerLister(indexer cache.Indexer) ClusterIssuerLister { + return &clusterIssuerLister{indexer: indexer} +} + +// List lists all ClusterIssuers in the indexer. +func (s *clusterIssuerLister) List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterIssuer)) + }) + return ret, err +} + +// Get retrieves the ClusterIssuer from the index for a given name. +func (s *clusterIssuerLister) Get(name string) (*v1.ClusterIssuer, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusterissuer"), name) + } + return obj.(*v1.ClusterIssuer), nil +} diff --git a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go index 4ed83ef..4946431 100644 --- a/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go +++ b/pkg/client/listers/anthoscertmanager/v1/expansion_generated.go @@ -33,6 +33,10 @@ // CertificateRequestNamespaceLister. type CertificateRequestNamespaceListerExpansion interface{} +// ClusterIssuerListerExpansion allows custom methods to be added to +// ClusterIssuerLister. +type ClusterIssuerListerExpansion interface{} + // IssuerListerExpansion allows custom methods to be added to // IssuerLister. type IssuerListerExpansion interface{} diff --git a/pkg/controller/context.go b/pkg/controller/context.go index d4183bc..c0d93bd 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -209,6 +209,7 @@ ctx.FieldManager = util.PrefixFromUserAgent(restConfig.UserAgent) ctx.RESTConfig = restConfig ctx.Client = clients.kubeClient + ctx.ACMClient = clients.acmClient ctx.DiscoveryClient = clients.kubeClient.Discovery() ctx.Recorder = recorder diff --git a/pkg/controller/issuers/controller.go b/pkg/controller/issuers/controller.go index 05fd1c7..29c0937 100644 --- a/pkg/controller/issuers/controller.go +++ b/pkg/controller/issuers/controller.go @@ -67,7 +67,7 @@ secretInformer.Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{WorkFunc: c.secreMutated}) // instantiate additional helpers used by this controller - // c.issuerFactory = issuer.NewFactory(ctx) + c.issuerFactory = issuer.NewFactory(ctx) c.acmClient = ctx.ACMClient c.fieldManager = ctx.FieldManager c.recorder = ctx.Recorder @@ -116,7 +116,6 @@ log.Error(err, "issuer in work queue on longer exists") return nil } - return err } diff --git a/pkg/controller/issuers/sync.go b/pkg/controller/issuers/sync.go index f800825..ba4c72e 100644 --- a/pkg/controller/issuers/sync.go +++ b/pkg/controller/issuers/sync.go @@ -2,6 +2,7 @@ import ( "context" + "fmt" corev1 "k8s.io/api/core/v1" @@ -25,14 +26,16 @@ defer cancel() issuerCopy := iss.DeepCopy() + + // Sync the status at the end. defer func() { if saveErr := c.updateIssuerStatus(ctx, iss, issuerCopy); saveErr != nil { err = errors.NewAggregate([]error{saveErr, err}) + log.Error(err, "error update the issuer status") } }() i, err := c.issuerFactory.IssuerFor(issuerCopy) - if err != nil { return err } @@ -53,6 +56,8 @@ if apiequality.Semantic.DeepEqual(old.Status, new.Status) { return nil } + log := logf.FromContext(ctx) + log.Info(fmt.Sprintf("new issuer structure: %+v", new)) _, err := c.acmClient.AnthosCertmanagerV1().Issuers(new.Namespace).UpdateStatus(ctx, new, metav1.UpdateOptions{}) return err } diff --git a/pkg/controller/issuers/sync_test.go b/pkg/controller/issuers/sync_test.go new file mode 100644 index 0000000..2ac7257 --- /dev/null +++ b/pkg/controller/issuers/sync_test.go @@ -0,0 +1,66 @@ +package issuers + +import ( + "context" + "encoding/json" + "net/http" + "net/http/httptest" + "testing" + + acmapi "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1" + v1 "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/meta/v1" + clientset "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/client/clientset/versioned" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + restclient "k8s.io/client-go/rest" +) + +func getClientServer(h func(http.ResponseWriter, *http.Request)) (*clientset.Clientset, *httptest.Server, error) { + srv := httptest.NewServer(http.HandlerFunc(h)) + cl, err := clientset.NewForConfig(&restclient.Config{ + Host: srv.URL, + }) + if err != nil { + srv.Close() + return nil, nil, err + } + return cl, srv, nil +} + +func TestUpdateIssuerStatus(t *testing.T) { + new := &acmapi.Issuer{ + ObjectMeta: metav1.ObjectMeta{ + Name: "selfsigned-user-issuer", + Namespace: "anthoscertmanager", + }, + Status: acmapi.IssuerStatus{ + Conditions: []acmapi.IssuerCondition{ + { + Type: acmapi.IssuerConditionReady, + Status: v1.ConditionTrue, + }, + }, + }, + } + + cl, srv, err := getClientServer(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", runtime.ContentTypeJSON) + desiredPath := "/apis/anthos-cert-manager.io/v1/namespaces/anthoscertmanager/issuers/selfsigned-user-issuer/status" + if r.URL.Path != desiredPath { + t.Errorf("Patch request got path %s. wanted %s", r.URL.Path, desiredPath) + } + res, _ := json.Marshal(new) + w.Write(res) + }) + defer srv.Close() + if err != nil { + t.Errorf("Unable to create the fake HTTP server with error: %v", err) + } + controller := &controller{acmClient: cl} + + old := &acmapi.Issuer{} + if err := controller.updateIssuerStatus(context.TODO(), old, new); err != nil { + t.Errorf("Unable to update the issuer due to the error : %v", err) + } + +}