Initial Code

Signed-off-by: Jake Sanders <i@am.so-aweso.me>

.gitignore

@@ -0,0 +1,24 @@
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+*.swp
+*.swo
+*~

Dockerfile

@@ -0,0 +1,27 @@
+# Build the manager binary
+FROM golang:1.13 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+COPY api/ api/
+COPY controllers/ controllers/
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER nonroot:nonroot
+
+ENTRYPOINT ["/manager"]

Makefile

@@ -0,0 +1,80 @@
+
+# Image URL to use all building/pushing image targets
+IMG ?= controller:latest
+# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
+CRD_OPTIONS ?= "crd:trivialVersions=true"
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+all: manager
+
+# Run tests
+test: generate fmt vet manifests
+	go test ./... -coverprofile cover.out
+
+# Build manager binary
+manager: generate fmt vet
+	go build -o bin/manager main.go
+
+# Run against the configured Kubernetes cluster in ~/.kube/config
+run: generate fmt vet manifests
+	go run ./main.go
+
+# Install CRDs into a cluster
+install: manifests
+	kustomize build config/crd | kubectl apply -f -
+
+# Uninstall CRDs from a cluster
+uninstall: manifests
+	kustomize build config/crd | kubectl delete -f -
+
+# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
+deploy: manifests
+	cd config/manager && kustomize edit set image controller=${IMG}
+	kustomize build config/default | kubectl apply -f -
+
+# Generate manifests e.g. CRD, RBAC etc.
+manifests: controller-gen
+	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+
+# Run go fmt against code
+fmt:
+	go fmt ./...
+
+# Run go vet against code
+vet:
+	go vet ./...
+
+# Generate code
+generate: controller-gen
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+
+# Build the docker image
+docker-build: test
+	docker build . -t ${IMG}
+
+# Push the docker image
+docker-push:
+	docker push ${IMG}
+
+# find or download controller-gen
+# download controller-gen if necessary
+controller-gen:
+ifeq (, $(shell which controller-gen))
+	@{ \
+	set -e ;\
+	CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
+	cd $$CONTROLLER_GEN_TMP_DIR ;\
+	go mod init tmp ;\
+	go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\
+	rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
+	}
+CONTROLLER_GEN=$(GOBIN)/controller-gen
+else
+CONTROLLER_GEN=$(shell which controller-gen)
+endif

PROJECT

@@ -0,0 +1,10 @@
+domain: jetstack.io
+repo: github.com/jetstack/google-cas-issuer
+resources:
+- group: issuers
+  kind: GoogleCASIssuer
+  version: v1alpha1
+- group: issuers
+  kind: GoogleCASClusterIssuer
+  version: v1alpha1
+version: "2"

api/v1alpha1/googlecasclusterissuer_types.go

@@ -0,0 +1,89 @@
+/*
+Copyright 2020 the cert-manager authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// GoogleCASClusterIssuerSpec defines the desired state of GoogleCASClusterIssuer
+type GoogleCASClusterIssuerSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Project is the Google Cloud Project ID
+	Project string `json:"project,omitempty"`
+
+	// Location is the Google Cloud Project Location
+	Location string `json:"location,omitempty"`
+
+	// CertificateAuthorityID is The ID of the Google Private certificate authority that will sign certificates
+	CertificateAuthorityID string `json:"certificateAuthorityID,omitempty"`
+
+	// Credentials is a reference to a Kubernetes Secret Key that contains Google Service Account Credentials
+	// +optional
+	Credentials NamespaceSecretKeySelector `json:"credentials,omitempty"`
+}
+
+// NamespaceSecretKeySelector contains the reference to a secret in a namespace.
+type NamespaceSecretKeySelector struct {
+	// The name of the secret in the given namespace to select from.
+	Name string `json:"name,omitempty"`
+
+	// The Namespace in which to get the secret
+	Namespace string `json:"namespace,omitempty"`
+
+	// The key of the secret to select from. Must be a valid secret key.
+	Key string `json:"key,omitempty"`
+}
+
+// GoogleCASClusterIssuerStatus defines the observed state of GoogleCASClusterIssuer
+type GoogleCASClusterIssuerStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// +optional
+	Conditions []GoogleCASIssuerCondition `json:"conditions,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope=Cluster
+
+// GoogleCASClusterIssuer is the Schema for the googlecasclusterissuers API
+type GoogleCASClusterIssuer struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   GoogleCASClusterIssuerSpec   `json:"spec,omitempty"`
+	Status GoogleCASClusterIssuerStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// GoogleCASClusterIssuerList contains a list of GoogleCASClusterIssuer
+type GoogleCASClusterIssuerList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []GoogleCASClusterIssuer `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&GoogleCASClusterIssuer{}, &GoogleCASClusterIssuerList{})
+}

api/v1alpha1/googlecasissuer_types.go

@@ -0,0 +1,139 @@
+/*
+Copyright 2020 the cert-manager authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// GoogleCASIssuerSpec defines the desired state of GoogleCASIssuer
+type GoogleCASIssuerSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Project is the Google Cloud Project ID
+	Project string `json:"project,omitempty"`
+
+	// Location is the Google Cloud Project Location
+	Location string `json:"location,omitempty"`
+
+	// CertificateAuthorityID is The ID of the Google Private certificate authority that will sign certificates
+	CertificateAuthorityID string `json:"certificateAuthorityID,omitempty"`
+
+	// Credentials is a reference to a Kubernetes Secret Key that contains Google Service Account Credentials
+	// +optional
+	Credentials SecretKeySelector `json:"credentials,omitempty"`
+}
+
+// GoogleCASIssuerStatus defines the observed state of GoogleCASIssuer
+type GoogleCASIssuerStatus struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// +optional
+	Conditions []GoogleCASIssuerCondition `json:"conditions,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// GoogleCASIssuer is the Schema for the googlecasissuers API
+type GoogleCASIssuer struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   GoogleCASIssuerSpec   `json:"spec,omitempty"`
+	Status GoogleCASIssuerStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// GoogleCASIssuerList contains a list of GoogleCASIssuer
+type GoogleCASIssuerList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []GoogleCASIssuer `json:"items"`
+}
+
+// SecretKeySelector contains the reference to a secret.
+type SecretKeySelector struct {
+	// The name of the secret in the pod's namespace to select from.
+	Name string `json:"name"`
+
+	// The key of the secret to select from. Must be a valid secret key.
+	Key string `json:"key,omitempty"`
+}
+
+// +kubebuilder:validation:Enum=Ready
+type GoogleCASIssuerConditionType string
+
+const (
+	// IssuerConditionReady indicates that a CAS Issuer is ready for use.
+	// This is defined as:
+	IssuerConditionReady GoogleCASIssuerConditionType = "Ready"
+)
+
+// ConditionStatus represents a condition's status.
+// +kubebuilder:validation:Enum=True;False;Unknown
+type ConditionStatus string
+
+// These are valid condition statuses. "ConditionTrue" means a resource is in
+// the condition; "ConditionFalse" means a resource is not in the condition;
+// "ConditionUnknown" means kubernetes can't decide if a resource is in the
+// condition or not. In the future, we could add other intermediate
+// conditions, e.g. ConditionDegraded.
+const (
+	// ConditionTrue represents the fact that a given condition is true
+	ConditionTrue ConditionStatus = "True"
+
+	// ConditionFalse represents the fact that a given condition is false
+	ConditionFalse ConditionStatus = "False"
+
+	// ConditionUnknown represents the fact that a given condition is unknown
+	ConditionUnknown ConditionStatus = "Unknown"
+)
+
+// IssuerCondition contains condition information for a CAS Issuer.
+type GoogleCASIssuerCondition struct {
+	// Type of the condition, currently ('Ready').
+	Type GoogleCASIssuerConditionType `json:"type"`
+
+	// Status of the condition, one of ('True', 'False', 'Unknown').
+	// +kubebuilder:validation:Enum=True;False;Unknown
+	Status ConditionStatus `json:"status"`
+
+	// LastTransitionTime is the timestamp corresponding to the last status
+	// change of this condition.
+	// +optional
+	LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
+
+	// Reason is a brief machine readable explanation for the condition's last
+	// transition.
+	// +optional
+	Reason string `json:"reason,omitempty"`
+
+	// Message is a human readable description of the details of the last
+	// transition, complementing reason.
+	// +optional
+	Message string `json:"message,omitempty"`
+}
+
+func init() {
+	SchemeBuilder.Register(&GoogleCASIssuer{}, &GoogleCASIssuerList{})
+}