Added cluster issuer

Author: chojnack

PROJECT

@@ -8,3 +8,6 @@ resources:
 - group: adcs
   version: v1
   kind: AdcsIssuer
+- group: adcs
+  version: v1
+  kind: ClusterAdcsIssuer

adcs/util.go.bak

@@ -58,6 +58,7 @@ type AdcsIssuerStatus struct {
 }
 
 // +kubebuilder:object:root=true
+// +kubebuilder:resource:path=adcsissuers,scope=Namespaced
 // +kubebuilder:subresource:status
 
 // AdcsIssuer is the Schema for the adcsissuers API

api/v1/adcsissuer_types.go

@@ -95,6 +95,7 @@ const (
 
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
+// +kubebuilder:resource:path=adcsrequests,scope=Namespaced
 // +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state"
 
 // AdcsRequest is the Schema for the adcsrequests API

api/v1/adcsrequest_types.go

@@ -0,0 +1,84 @@
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// ClusterAdcsIssuerSpec defines the desired state of ClusterAdcsIssuer
+type ClusterAdcsIssuerSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// URL is the base URL for the ADCS instance
+	URL string `json:"url"`
+
+	// CredentialsRef is a reference to a Secret containing the username and
+	// password for the ADCS server.
+	// The secret must contain two keys, 'username' and 'password'.
+	CredentialsRef LocalObjectReference `json:"credentialsRef"`
+
+	// CABundle is a PEM encoded TLS certifiate to use to verify connections to
+	// the ADCS server.
+	// +optional
+	CABundle []byte `json:"caBundle,omitempty"`
+
+	// How often to check for request status in the server (in time.ParseDuration() format)
+	// Default 6 hours.
+	// +optional
+	StatusCheckInterval string `json:"statusCheckInterval,omitempty"`
+
+	// How often to retry in case of communication errors (in time.ParseDuration() format)
+	// Default 1 hour.
+	// +optional
+	RetryInterval string `json:"retryInterval,omitempty"`
+}
+
+// ClusterAdcsIssuerStatus defines the observed state of ClusterAdcsIssuer
+type ClusterAdcsIssuerStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=clusteradcsissuers,scope=Cluster
+// +kubebuilder:subresource:status
+
+// ClusterAdcsIssuer is the Schema for the clusteradcsissuers API
+type ClusterAdcsIssuer struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   ClusterAdcsIssuerSpec   `json:"spec,omitempty"`
+	Status ClusterAdcsIssuerStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// ClusterAdcsIssuerList contains a list of ClusterAdcsIssuer
+type ClusterAdcsIssuerList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterAdcsIssuer `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ClusterAdcsIssuer{}, &ClusterAdcsIssuerList{})
+}

api/v1/clusteradcsissuer_types.go

@@ -12,7 +12,7 @@ spec:
     listKind: AdcsIssuerList
     plural: adcsissuers
     singular: adcsissuer
-  scope: ""
+  scope: Namespaced
   subresources:
     status: {}
   validation:

api/v1/zz_generated.deepcopy.go

@@ -7,7 +7,7 @@ metadata:
   name: adcsrequests.adcs.certmanager.csf.nokia.com
 spec:
   additionalPrinterColumns:
-  - JSONPath: .spec.status.State
+  - JSONPath: .status.state
     name: State
     type: string
   group: adcs.certmanager.csf.nokia.com
@@ -16,7 +16,7 @@ spec:
     listKind: AdcsRequestList
     plural: adcsrequests
     singular: adcsrequest
-  scope: ""
+  scope: Namespaced
   subresources:
     status: {}
   validation:

config/crd/bases/adcs.certmanager.csf.nokia.com_adcsissuers.yaml

@@ -0,0 +1,82 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  name: clusteradcsissuers.adcs.certmanager.csf.nokia.com
+spec:
+  group: adcs.certmanager.csf.nokia.com
+  names:
+    kind: ClusterAdcsIssuer
+    listKind: ClusterAdcsIssuerList
+    plural: clusteradcsissuers
+    singular: clusteradcsissuer
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      description: ClusterAdcsIssuer is the Schema for the clusteradcsissuers API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: ClusterAdcsIssuerSpec defines the desired state of ClusterAdcsIssuer
+          properties:
+            caBundle:
+              description: CABundle is a PEM encoded TLS certifiate to use to verify
+                connections to the ADCS server.
+              format: byte
+              type: string
+            credentialsRef:
+              description: CredentialsRef is a reference to a Secret containing the
+                username and password for the ADCS server. The secret must contain
+                two keys, 'username' and 'password'.
+              properties:
+                name:
+                  description: Name of the referent.
+                  type: string
+              required:
+              - name
+              type: object
+            retryInterval:
+              description: How often to retry in case of communication errors (in
+                time.ParseDuration() format) Default 1 hour.
+              type: string
+            statusCheckInterval:
+              description: How often to check for request status in the server (in
+                time.ParseDuration() format) Default 6 hours.
+              type: string
+            url:
+              description: URL is the base URL for the ADCS instance
+              type: string
+          required:
+          - credentialsRef
+          - url
+          type: object
+        status:
+          description: ClusterAdcsIssuerStatus defines the observed state of ClusterAdcsIssuer
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crd/bases/adcs.certmanager.csf.nokia.com_adcsrequests.yaml

@@ -4,19 +4,22 @@
 resources:
 - bases/adcs.certmanager.csf.nokia.com_adcsrequests.yaml
 - bases/adcs.certmanager.csf.nokia.com_adcsissuers.yaml
+- bases/adcs.certmanager.csf.nokia.com_clusteradcsissuers.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_adcsrequests.yaml
 #- patches/webhook_in_adcsissuers.yaml
+#- patches/webhook_in_clusteradcsissuers.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_adcsrequests.yaml
 #- patches/cainjection_in_adcsissuers.yaml
+#- patches/cainjection_in_clusteradcsissuers.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.