diff --git a/.github/workflows/kind-e2e.yaml b/.github/workflows/kind-e2e.yaml index da3b477f5501..2017d81ae1da 100644 --- a/.github/workflows/kind-e2e.yaml +++ b/.github/workflows/kind-e2e.yaml @@ -87,7 +87,7 @@ jobs: ingress: - kourier - # - kourier-tls + - kourier-tls - istio - istio-tls # Disabled due to flakiness: https://github.com/knative/serving/issues/14637 @@ -130,10 +130,9 @@ jobs: # ingress-class: istio # ambient: 1 - # Disabled due to flakiness: https://github.com/knative/serving/issues/15052 - # - ingress: kourier-tls - # ingress-class: kourier - # enable-tls: 1 + - ingress: kourier-tls + ingress-class: kourier + enable-tls: 1 - test-suite: runtime test-path: ./test/conformance/runtime/... diff --git a/cmd/controller/main.go b/cmd/controller/main.go index 440637d0b218..0d165037f4b7 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -17,12 +17,25 @@ limitations under the License. package main import ( + "context" + "fmt" + // The set of controllers this controller process runs. "flag" + "log" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + netcfg "knative.dev/networking/pkg/config" + "knative.dev/pkg/injection" + "knative.dev/pkg/injection/sharedmain" "knative.dev/pkg/reconciler" "knative.dev/pkg/signals" + "knative.dev/pkg/system" + "knative.dev/serving/pkg/reconciler/certificate" "knative.dev/serving/pkg/reconciler/configuration" + "knative.dev/serving/pkg/reconciler/domainmapping" "knative.dev/serving/pkg/reconciler/gc" "knative.dev/serving/pkg/reconciler/labeler" "knative.dev/serving/pkg/reconciler/nscert" @@ -31,9 +44,12 @@ import ( "knative.dev/serving/pkg/reconciler/serverlessservice" "knative.dev/serving/pkg/reconciler/service" - "knative.dev/pkg/injection" - "knative.dev/pkg/injection/sharedmain" - "knative.dev/serving/pkg/reconciler/domainmapping" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + "knative.dev/serving/pkg/client/certmanager/injection/informers/acme/v1/challenge" + v1certificate "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/certificate" + "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest" + "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer" + "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/issuer" ) var ctors = []injection.ControllerConstructor{ @@ -53,5 +69,68 @@ func main() { "reconciliation-timeout", reconciler.DefaultTimeout, "The amount of time to give each reconciliation of a resource to complete before its context is canceled.") - sharedmain.MainWithContext(signals.NewContext(), "controller", ctors...) + ctx := signals.NewContext() + + // HACK: This parses flags, so the above should be set once this runs. + cfg := injection.ParseAndGetRESTConfigOrDie() + + // If nil it panics + client := kubernetes.NewForConfigOrDie(cfg) + + if shouldEnableNetCertManagerController(ctx, client) { + v := versioned.NewForConfigOrDie(cfg) + if ok, err := certManagerCRDsExist(v); !ok { + log.Fatalf("Please install cert-manager: %v", err) + } + for _, inf := range []injection.InformerInjector{challenge.WithInformer, v1certificate.WithInformer, certificaterequest.WithInformer, clusterissuer.WithInformer, issuer.WithInformer} { + injection.Default.RegisterInformer(inf) + } + ctors = append(ctors, certificate.NewController) + } + + sharedmain.MainWithConfig(ctx, "controller", cfg, ctors...) +} + +func shouldEnableNetCertManagerController(ctx context.Context, client *kubernetes.Clientset) bool { + var cm *v1.ConfigMap + var err error + if cm, err = client.CoreV1().ConfigMaps(system.Namespace()).Get(ctx, "config-network", metav1.GetOptions{}); err != nil { + log.Fatalf("Failed to get cm config-network: %v", err) + } + netCfg, err := netcfg.NewConfigFromMap(cm.Data) + if err != nil { + log.Fatalf("Failed to construct network config: %v", err) + } + + return netCfg.ExternalDomainTLS || netCfg.SystemInternalTLSEnabled() || (netCfg.ClusterLocalDomainTLS == netcfg.EncryptionEnabled) || + netCfg.NamespaceWildcardCertSelector != nil +} + +func certManagerCRDsExist(client *versioned.Clientset) (bool, error) { + if ok, err := findCRD(client, "cert-manager.io/v1", []string{"certificaterequests", "certificates", "clusterissuers", "issuers"}); !ok { + return false, err + } + if ok, err := findCRD(client, "acme.cert-manager.io/v1", []string{"challenges"}); !ok { + return false, err + } + return true, nil +} + +func findCRD(client *versioned.Clientset, groupVersion string, crds []string) (bool, error) { + resourceList, err := client.Discovery().ServerResourcesForGroupVersion(groupVersion) + if err != nil { + return false, err + } + for _, crdName := range crds { + isCRDPresent := false + for _, resource := range resourceList.APIResources { + if resource.Name == crdName { + isCRDPresent = true + } + } + if !isCRDPresent { + return false, fmt.Errorf("cert manager crds are missing: %s", crdName) + } + } + return true, nil } diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go index ed315bef43f9..a3f548e60e7e 100644 --- a/cmd/webhook/main.go +++ b/cmd/webhook/main.go @@ -34,6 +34,7 @@ import ( "knative.dev/pkg/webhook/resourcesemantics/defaulting" "knative.dev/pkg/webhook/resourcesemantics/validation" servingv1beta1 "knative.dev/serving/pkg/apis/serving/v1beta1" + certconfig "knative.dev/serving/pkg/reconciler/certificate/config" // resource validation types net "knative.dev/networking/pkg/apis/networking/v1alpha1" @@ -143,17 +144,18 @@ func newConfigValidationController(ctx context.Context, cmw configmap.Watcher) * // The configmaps to validate. configmap.Constructors{ - tracingconfig.ConfigName: tracingconfig.NewTracingConfigFromConfigMap, - autoscalerconfig.ConfigName: autoscalerconfig.NewConfigFromConfigMap, - gc.ConfigName: gc.NewConfigFromConfigMapFunc(ctx), - netcfg.ConfigMapName: network.NewConfigFromConfigMap, - deployment.ConfigName: deployment.NewConfigFromConfigMap, - apisconfig.FeaturesConfigName: apisconfig.NewFeaturesConfigFromConfigMap, - metrics.ConfigMapName(): metrics.NewObservabilityConfigFromConfigMap, - logging.ConfigMapName(): logging.NewConfigFromConfigMap, - leaderelection.ConfigMapName(): leaderelection.NewConfigFromConfigMap, - domainconfig.DomainConfigName: domainconfig.NewDomainFromConfigMap, - apisconfig.DefaultsConfigName: apisconfig.NewDefaultsConfigFromConfigMap, + tracingconfig.ConfigName: tracingconfig.NewTracingConfigFromConfigMap, + autoscalerconfig.ConfigName: autoscalerconfig.NewConfigFromConfigMap, + gc.ConfigName: gc.NewConfigFromConfigMapFunc(ctx), + netcfg.ConfigMapName: network.NewConfigFromConfigMap, + deployment.ConfigName: deployment.NewConfigFromConfigMap, + apisconfig.FeaturesConfigName: apisconfig.NewFeaturesConfigFromConfigMap, + metrics.ConfigMapName(): metrics.NewObservabilityConfigFromConfigMap, + logging.ConfigMapName(): logging.NewConfigFromConfigMap, + leaderelection.ConfigMapName(): leaderelection.NewConfigFromConfigMap, + domainconfig.DomainConfigName: domainconfig.NewDomainFromConfigMap, + apisconfig.DefaultsConfigName: apisconfig.NewDefaultsConfigFromConfigMap, + certconfig.CertManagerConfigName: certconfig.NewCertManagerConfigFromConfigMap, }, ) } diff --git a/config/core/200-roles/clusterrole.yaml b/config/core/200-roles/clusterrole.yaml index d840f2863a44..4ed5686412d3 100644 --- a/config/core/200-roles/clusterrole.yaml +++ b/config/core/200-roles/clusterrole.yaml @@ -51,3 +51,9 @@ rules: - apiGroups: ["caching.internal.knative.dev"] resources: ["images"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "clusterissuers", "certificaterequests", "issuers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/config/core/configmaps/certmanager.yaml b/config/core/configmaps/certmanager.yaml new file mode 100644 index 000000000000..ca25b2687a22 --- /dev/null +++ b/config/core/configmaps/certmanager.yaml @@ -0,0 +1,68 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-certmanager + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: devel + networking.knative.dev/certificate-provider: cert-manager + annotations: + knative.dev/example-checksum: "b7a9a602" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this block and unindented to actually change the configuration. + + # issuerRef is a reference to the issuer for external-domain certificates used for ingress. + # IssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about IssuerRef configuration. + # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + issuerRef: | + kind: ClusterIssuer + name: letsencrypt-issuer + + # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress. + # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + clusterLocalIssuerRef: | + kind: ClusterIssuer + name: your-company-issuer + + # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components. + # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + systemInternalIssuerRef: | + kind: ClusterIssuer + name: knative-selfsigned-issuer diff --git a/config/core/webhooks/configmap-validation.yaml b/config/core/webhooks/configmap-validation.yaml index 00136429e9f8..21465e175a36 100644 --- a/config/core/webhooks/configmap-validation.yaml +++ b/config/core/webhooks/configmap-validation.yaml @@ -36,5 +36,5 @@ webhooks: values: ["knative-serving"] - key: app.kubernetes.io/component operator: In - values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] + values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing", "net-certmanager"] timeoutSeconds: 10 diff --git a/go.mod b/go.mod index 5e5e676be2f3..651f4b6d15d8 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,9 @@ go 1.21 require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210609063737-0067dc6dcea2 - github.com/davecgh/go-spew v1.1.1 + github.com/cert-manager/cert-manager v1.13.3 + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc + github.com/ghodss/yaml v1.0.0 github.com/gogo/protobuf v1.3.2 github.com/google/go-cmp v0.6.0 github.com/google/go-containerregistry v0.13.0 @@ -45,10 +47,10 @@ require ( contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect contrib.go.opencensus.io/exporter/zipkin v0.1.2 // indirect - github.com/Azure/azure-sdk-for-go v67.0.0+incompatible // indirect + github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.28 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect + github.com/Azure/go-autorest/autorest v0.11.29 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect @@ -84,16 +86,16 @@ require ( github.com/docker/docker v25.0.1+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/evanphx/json-patch v4.12.0+incompatible // indirect + github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-kit/log v0.2.1 // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/jsonpointer v0.20.2 // indirect + github.com/go-openapi/jsonreference v0.20.4 // indirect + github.com/go-openapi/swag v0.22.7 // indirect github.com/gobuffalo/flect v1.0.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -108,7 +110,7 @@ require ( github.com/imdario/mergo v0.3.12 // indirect github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 // indirect github.com/influxdata/tdigest v0.0.1 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.16.6 // indirect @@ -128,7 +130,7 @@ require ( github.com/prometheus/statsd_exporter v0.22.7 // indirect github.com/rs/dnscache v0.0.0-20211102005908-e0241e321417 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/sirupsen/logrus v1.9.0 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tsenart/go-tsz v0.0.0-20180814235614-0bd30b3df1c3 // indirect github.com/vbatts/tar-split v0.11.2 // indirect @@ -153,6 +155,7 @@ require ( k8s.io/gengo v0.0.0-20240129211411-f967bbeff4b4 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.120.1 // indirect + sigs.k8s.io/gateway-api v0.8.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index fb8a44d550ac..a3fbab516050 100644 --- a/go.sum +++ b/go.sum @@ -41,16 +41,17 @@ contrib.go.opencensus.io/exporter/prometheus v0.4.2/go.mod h1:dvEHbiKmgvbr5pjaF9 contrib.go.opencensus.io/exporter/zipkin v0.1.2 h1:YqE293IZrKtqPnpwDPH/lOqTWD/s3Iwabycam74JV3g= contrib.go.opencensus.io/exporter/zipkin v0.1.2/go.mod h1:mP5xM3rrgOjpn79MM8fZbj3gsxcuytSqtH0dxSWW1RE= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-sdk-for-go v67.0.0+incompatible h1:SVBwznSETB0Sipd0uyGJr7khLhJOFRUEUb+0JgkCvDo= -github.com/Azure/azure-sdk-for-go v67.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= -github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM= -github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= +github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= +github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.21 h1:jjQnVFXPfekaqb8vIsv2G1lxshoW+oGv4MDlhRtnYZk= -github.com/Azure/go-autorest/autorest/adal v0.9.21/go.mod h1:zua7mBUaCc5YnSLKYgGJR/w5ePdMDA6H56upLsHzA9U= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= +github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= +github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA= github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= @@ -123,6 +124,8 @@ github.com/c2h5oh/datasize v0.0.0-20220606134207-859f65c6625b/go.mod h1:S/7n9cop github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= +github.com/cert-manager/cert-manager v1.13.3 h1:3R4G0RI7K0OkTZhWlVOC5SGZMYa2NwqmQJoyKydrz/M= +github.com/cert-manager/cert-manager v1.13.3/go.mod h1:BM2+Pt/NmSv1Zr25/MHv6BgIEF9IUxA1xAjp80qkxgc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= @@ -137,12 +140,12 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0= github.com/containerd/stargz-snapshotter/estargz v0.12.1/go.mod h1:12VUuCq3qPq4y8yUW+l5w3+oXV3cx2Po3KSe/SmPGqw= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/deepmap/oapi-codegen v1.8.2 h1:SegyeYGcdi0jLLrpbCMoJxnUUn8GBXHsvr4rbzjuhfU= github.com/deepmap/oapi-codegen v1.8.2/go.mod h1:YLgSKSDv/bZQB7N4ws6luhozi3cEdRktEqrX88CvjIw= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= @@ -170,14 +173,15 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/getkin/kin-openapi v0.61.0/go.mod h1:7Yn5whZr5kJi6t+kShccXS8ae1APpYTW6yheSwk8Yi4= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -202,13 +206,13 @@ github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ4 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= +github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= +github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= +github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.7 h1:JWrc1uc/P9cSomxfnsFSVWoE1FW6bNbrVPmpQYpCcR8= +github.com/go-openapi/swag v0.22.7/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= @@ -333,8 +337,9 @@ github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 h1:W9WBk7 github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839/go.mod h1:xaLFMmpvUxqXtVkUJfg9QmT88cDaCJ3ZKgdZ78oO8Qo= github.com/influxdata/tdigest v0.0.1 h1:XpFptwYmnEKUqmkcDjrzffswZ3nvNeevbUSLPP/ZzIY= github.com/influxdata/tdigest v0.0.1/go.mod h1:Z0kXnxzbTC2qrx4NaIzYkE1k66+6oEDQTvL95hQFh5Y= -github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY= +github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -361,7 +366,6 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -419,8 +423,9 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -461,8 +466,8 @@ github.com/prometheus/statsd_exporter v0.22.7/go.mod h1:N/TevpjkIh9ccs6nuzY3jQn9 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/rs/dnscache v0.0.0-20211102005908-e0241e321417 h1:Lt9DzQALzHoDwMBGJ6v8ObDPR0dzr2a6sXTB1Fq7IHs= github.com/rs/dnscache v0.0.0-20211102005908-e0241e321417/go.mod h1:qe5TWALJ8/a1Lqznoc5BDHpYX/8HU60Hm2AwRmqzxqA= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -473,8 +478,9 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= @@ -493,6 +499,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc= @@ -510,6 +517,7 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -550,6 +558,7 @@ golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -563,8 +572,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw= -golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -585,6 +594,7 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -625,6 +635,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -647,6 +659,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -698,12 +711,15 @@ golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220708085239-5a0f0661e09d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -714,6 +730,7 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -767,6 +784,7 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -938,6 +956,8 @@ pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +sigs.k8s.io/gateway-api v0.8.0 h1:isQQ3Jx2qFP7vaA3ls0846F0Amp9Eq14P08xbSwVbQg= +sigs.k8s.io/gateway-api v0.8.0/go.mod h1:okOnjPNBFbIS/Rw9kAhuIUaIkLhTKEu+ARIuXk2dgaM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index e1d17c06524d..587ecedf2a8c 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -69,6 +69,12 @@ ${CODEGEN_PKG}/generate-groups.sh "deepcopy,client,informer,lister" \ "serving:v1 serving:v1beta1 autoscaling:v1alpha1" \ --go-header-file "${boilerplate}" +# Generate our own client for cert-manager (otherwise injection won't work) +${CODEGEN_PKG}/generate-groups.sh "deepcopy,client,informer,lister" \ + knative.dev/serving/pkg/client/certmanager github.com/cert-manager/cert-manager/pkg/apis \ + "certmanager:v1 acme:v1" \ + --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt + group "Knative Codegen" # Knative Injection @@ -77,6 +83,13 @@ ${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \ "serving:v1 serving:v1beta1 autoscaling:v1alpha1" \ --go-header-file "${boilerplate}" +# Knative Injection (for cert-manager) +${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \ + knative.dev/serving/pkg/client/certmanager github.com/cert-manager/cert-manager/pkg/apis \ + "certmanager:v1 acme:v1" \ + --disable-informer-init \ + --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt + group "Deepcopy Gen" # Depends on generate-groups.sh to install bin/deepcopy-gen diff --git a/pkg/client/certmanager/clientset/versioned/clientset.go b/pkg/client/certmanager/clientset/versioned/clientset.go new file mode 100644 index 000000000000..1297c0f7e3f9 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/clientset.go @@ -0,0 +1,133 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package versioned + +import ( + "fmt" + "net/http" + + discovery "k8s.io/client-go/discovery" + rest "k8s.io/client-go/rest" + flowcontrol "k8s.io/client-go/util/flowcontrol" + acmev1 "knative.dev/serving/pkg/client/certmanager/clientset/versioned/typed/acme/v1" + certmanagerv1 "knative.dev/serving/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1" +) + +type Interface interface { + Discovery() discovery.DiscoveryInterface + AcmeV1() acmev1.AcmeV1Interface + CertmanagerV1() certmanagerv1.CertmanagerV1Interface +} + +// Clientset contains the clients for groups. +type Clientset struct { + *discovery.DiscoveryClient + acmeV1 *acmev1.AcmeV1Client + certmanagerV1 *certmanagerv1.CertmanagerV1Client +} + +// AcmeV1 retrieves the AcmeV1Client +func (c *Clientset) AcmeV1() acmev1.AcmeV1Interface { + return c.acmeV1 +} + +// CertmanagerV1 retrieves the CertmanagerV1Client +func (c *Clientset) CertmanagerV1() certmanagerv1.CertmanagerV1Interface { + return c.certmanagerV1 +} + +// Discovery retrieves the DiscoveryClient +func (c *Clientset) Discovery() discovery.DiscoveryInterface { + if c == nil { + return nil + } + return c.DiscoveryClient +} + +// NewForConfig creates a new Clientset for the given config. +// If config's RateLimiter is not set and QPS and Burst are acceptable, +// NewForConfig will generate a rate-limiter in configShallowCopy. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*Clientset, error) { + configShallowCopy := *c + + if configShallowCopy.UserAgent == "" { + configShallowCopy.UserAgent = rest.DefaultKubernetesUserAgent() + } + + // share the transport between all clients + httpClient, err := rest.HTTPClientFor(&configShallowCopy) + if err != nil { + return nil, err + } + + return NewForConfigAndClient(&configShallowCopy, httpClient) +} + +// NewForConfigAndClient creates a new Clientset for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +// If config's RateLimiter is not set and QPS and Burst are acceptable, +// NewForConfigAndClient will generate a rate-limiter in configShallowCopy. +func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, error) { + configShallowCopy := *c + if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { + if configShallowCopy.Burst <= 0 { + return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0") + } + configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) + } + + var cs Clientset + var err error + cs.acmeV1, err = acmev1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + cs.certmanagerV1, err = certmanagerv1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + + cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + return &cs, nil +} + +// NewForConfigOrDie creates a new Clientset for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *Clientset { + cs, err := NewForConfig(c) + if err != nil { + panic(err) + } + return cs +} + +// New creates a new Clientset for the given RESTClient. +func New(c rest.Interface) *Clientset { + var cs Clientset + cs.acmeV1 = acmev1.New(c) + cs.certmanagerV1 = certmanagerv1.New(c) + + cs.DiscoveryClient = discovery.NewDiscoveryClient(c) + return &cs +} diff --git a/pkg/client/certmanager/clientset/versioned/fake/clientset_generated.go b/pkg/client/certmanager/clientset/versioned/fake/clientset_generated.go new file mode 100644 index 000000000000..931be58590c2 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/fake/clientset_generated.go @@ -0,0 +1,92 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/client-go/discovery" + fakediscovery "k8s.io/client-go/discovery/fake" + "k8s.io/client-go/testing" + clientset "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + acmev1 "knative.dev/serving/pkg/client/certmanager/clientset/versioned/typed/acme/v1" + fakeacmev1 "knative.dev/serving/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake" + certmanagerv1 "knative.dev/serving/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1" + fakecertmanagerv1 "knative.dev/serving/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake" +) + +// NewSimpleClientset returns a clientset that will respond with the provided objects. +// It's backed by a very simple object tracker that processes creates, updates and deletions as-is, +// without applying any validations and/or defaults. It shouldn't be considered a replacement +// for a real clientset and is mostly useful in simple unit tests. +func NewSimpleClientset(objects ...runtime.Object) *Clientset { + o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) + for _, obj := range objects { + if err := o.Add(obj); err != nil { + panic(err) + } + } + + cs := &Clientset{tracker: o} + cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake} + cs.AddReactor("*", "*", testing.ObjectReaction(o)) + cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) { + gvr := action.GetResource() + ns := action.GetNamespace() + watch, err := o.Watch(gvr, ns) + if err != nil { + return false, nil, err + } + return true, watch, nil + }) + + return cs +} + +// Clientset implements clientset.Interface. Meant to be embedded into a +// struct to get a default implementation. This makes faking out just the method +// you want to test easier. +type Clientset struct { + testing.Fake + discovery *fakediscovery.FakeDiscovery + tracker testing.ObjectTracker +} + +func (c *Clientset) Discovery() discovery.DiscoveryInterface { + return c.discovery +} + +func (c *Clientset) Tracker() testing.ObjectTracker { + return c.tracker +} + +var ( + _ clientset.Interface = &Clientset{} + _ testing.FakeClient = &Clientset{} +) + +// AcmeV1 retrieves the AcmeV1Client +func (c *Clientset) AcmeV1() acmev1.AcmeV1Interface { + return &fakeacmev1.FakeAcmeV1{Fake: &c.Fake} +} + +// CertmanagerV1 retrieves the CertmanagerV1Client +func (c *Clientset) CertmanagerV1() certmanagerv1.CertmanagerV1Interface { + return &fakecertmanagerv1.FakeCertmanagerV1{Fake: &c.Fake} +} diff --git a/pkg/client/certmanager/clientset/versioned/fake/doc.go b/pkg/client/certmanager/clientset/versioned/fake/doc.go new file mode 100644 index 000000000000..83911e08032c --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/fake/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated fake clientset. +package fake diff --git a/pkg/client/certmanager/clientset/versioned/fake/register.go b/pkg/client/certmanager/clientset/versioned/fake/register.go new file mode 100644 index 000000000000..cf223487e994 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/fake/register.go @@ -0,0 +1,58 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + serializer "k8s.io/apimachinery/pkg/runtime/serializer" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" +) + +var scheme = runtime.NewScheme() +var codecs = serializer.NewCodecFactory(scheme) + +var localSchemeBuilder = runtime.SchemeBuilder{ + acmev1.AddToScheme, + certmanagerv1.AddToScheme, +} + +// AddToScheme adds all types of this clientset into the given scheme. This allows composition +// of clientsets, like in: +// +// import ( +// "k8s.io/client-go/kubernetes" +// clientsetscheme "k8s.io/client-go/kubernetes/scheme" +// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" +// ) +// +// kclientset, _ := kubernetes.NewForConfig(c) +// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) +// +// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types +// correctly. +var AddToScheme = localSchemeBuilder.AddToScheme + +func init() { + v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"}) + utilruntime.Must(AddToScheme(scheme)) +} diff --git a/pkg/client/certmanager/clientset/versioned/scheme/doc.go b/pkg/client/certmanager/clientset/versioned/scheme/doc.go new file mode 100644 index 000000000000..a9b21c5cea44 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/scheme/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package contains the scheme of the automatically generated clientset. +package scheme diff --git a/pkg/client/certmanager/clientset/versioned/scheme/register.go b/pkg/client/certmanager/clientset/versioned/scheme/register.go new file mode 100644 index 000000000000..a80851473da6 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/scheme/register.go @@ -0,0 +1,58 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package scheme + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + serializer "k8s.io/apimachinery/pkg/runtime/serializer" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" +) + +var Scheme = runtime.NewScheme() +var Codecs = serializer.NewCodecFactory(Scheme) +var ParameterCodec = runtime.NewParameterCodec(Scheme) +var localSchemeBuilder = runtime.SchemeBuilder{ + acmev1.AddToScheme, + certmanagerv1.AddToScheme, +} + +// AddToScheme adds all types of this clientset into the given scheme. This allows composition +// of clientsets, like in: +// +// import ( +// "k8s.io/client-go/kubernetes" +// clientsetscheme "k8s.io/client-go/kubernetes/scheme" +// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" +// ) +// +// kclientset, _ := kubernetes.NewForConfig(c) +// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) +// +// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types +// correctly. +var AddToScheme = localSchemeBuilder.AddToScheme + +func init() { + v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) + utilruntime.Must(AddToScheme(Scheme)) +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/acme_client.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/acme_client.go new file mode 100644 index 000000000000..3647498b2815 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/acme_client.go @@ -0,0 +1,112 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "net/http" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + rest "k8s.io/client-go/rest" + "knative.dev/serving/pkg/client/certmanager/clientset/versioned/scheme" +) + +type AcmeV1Interface interface { + RESTClient() rest.Interface + ChallengesGetter + OrdersGetter +} + +// AcmeV1Client is used to interact with features provided by the acme.cert-manager.io group. +type AcmeV1Client struct { + restClient rest.Interface +} + +func (c *AcmeV1Client) Challenges(namespace string) ChallengeInterface { + return newChallenges(c, namespace) +} + +func (c *AcmeV1Client) Orders(namespace string) OrderInterface { + return newOrders(c, namespace) +} + +// NewForConfig creates a new AcmeV1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*AcmeV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new AcmeV1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*AcmeV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &AcmeV1Client{client}, nil +} + +// NewForConfigOrDie creates a new AcmeV1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *AcmeV1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new AcmeV1Client for the given RESTClient. +func New(c rest.Interface) *AcmeV1Client { + return &AcmeV1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *AcmeV1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/challenge.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/challenge.go new file mode 100644 index 000000000000..db2f096294b9 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/challenge.go @@ -0,0 +1,195 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/serving/pkg/client/certmanager/clientset/versioned/scheme" +) + +// ChallengesGetter has a method to return a ChallengeInterface. +// A group's client should implement this interface. +type ChallengesGetter interface { + Challenges(namespace string) ChallengeInterface +} + +// ChallengeInterface has methods to work with Challenge resources. +type ChallengeInterface interface { + Create(ctx context.Context, challenge *v1.Challenge, opts metav1.CreateOptions) (*v1.Challenge, error) + Update(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (*v1.Challenge, error) + UpdateStatus(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (*v1.Challenge, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Challenge, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ChallengeList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Challenge, err error) + ChallengeExpansion +} + +// challenges implements ChallengeInterface +type challenges struct { + client rest.Interface + ns string +} + +// newChallenges returns a Challenges +func newChallenges(c *AcmeV1Client, namespace string) *challenges { + return &challenges{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the challenge, and returns the corresponding challenge object, and an error if there is any. +func (c *challenges) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Get(). + Namespace(c.ns). + Resource("challenges"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of Challenges that match those selectors. +func (c *challenges) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ChallengeList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ChallengeList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("challenges"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested challenges. +func (c *challenges) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("challenges"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a challenge and creates it. Returns the server's representation of the challenge, and an error, if there is any. +func (c *challenges) Create(ctx context.Context, challenge *v1.Challenge, opts metav1.CreateOptions) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Post(). + Namespace(c.ns). + Resource("challenges"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(challenge). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a challenge and updates it. Returns the server's representation of the challenge, and an error, if there is any. +func (c *challenges) Update(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Put(). + Namespace(c.ns). + Resource("challenges"). + Name(challenge.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(challenge). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *challenges) UpdateStatus(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Put(). + Namespace(c.ns). + Resource("challenges"). + Name(challenge.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(challenge). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the challenge and deletes it. Returns an error if one occurs. +func (c *challenges) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("challenges"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *challenges) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("challenges"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched challenge. +func (c *challenges) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("challenges"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/doc.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/doc.go new file mode 100644 index 000000000000..96a2eacb4801 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1 diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/doc.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/doc.go new file mode 100644 index 000000000000..720b98ac3218 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go new file mode 100644 index 000000000000..430d72669711 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go @@ -0,0 +1,44 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" + v1 "knative.dev/serving/pkg/client/certmanager/clientset/versioned/typed/acme/v1" +) + +type FakeAcmeV1 struct { + *testing.Fake +} + +func (c *FakeAcmeV1) Challenges(namespace string) v1.ChallengeInterface { + return &FakeChallenges{c, namespace} +} + +func (c *FakeAcmeV1) Orders(namespace string) v1.OrderInterface { + return &FakeOrders{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeAcmeV1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_challenge.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_challenge.go new file mode 100644 index 000000000000..875a053256d2 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_challenge.go @@ -0,0 +1,141 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeChallenges implements ChallengeInterface +type FakeChallenges struct { + Fake *FakeAcmeV1 + ns string +} + +var challengesResource = v1.SchemeGroupVersion.WithResource("challenges") + +var challengesKind = v1.SchemeGroupVersion.WithKind("Challenge") + +// Get takes name of the challenge, and returns the corresponding challenge object, and an error if there is any. +func (c *FakeChallenges) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Challenge, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(challengesResource, c.ns, name), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} + +// List takes label and field selectors, and returns the list of Challenges that match those selectors. +func (c *FakeChallenges) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ChallengeList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(challengesResource, challengesKind, c.ns, opts), &v1.ChallengeList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.ChallengeList{ListMeta: obj.(*v1.ChallengeList).ListMeta} + for _, item := range obj.(*v1.ChallengeList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested challenges. +func (c *FakeChallenges) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(challengesResource, c.ns, opts)) + +} + +// Create takes the representation of a challenge and creates it. Returns the server's representation of the challenge, and an error, if there is any. +func (c *FakeChallenges) Create(ctx context.Context, challenge *v1.Challenge, opts metav1.CreateOptions) (result *v1.Challenge, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(challengesResource, c.ns, challenge), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} + +// Update takes the representation of a challenge and updates it. Returns the server's representation of the challenge, and an error, if there is any. +func (c *FakeChallenges) Update(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (result *v1.Challenge, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(challengesResource, c.ns, challenge), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeChallenges) UpdateStatus(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (*v1.Challenge, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(challengesResource, "status", c.ns, challenge), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} + +// Delete takes name of the challenge and deletes it. Returns an error if one occurs. +func (c *FakeChallenges) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(challengesResource, c.ns, name, opts), &v1.Challenge{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeChallenges) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(challengesResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.ChallengeList{}) + return err +} + +// Patch applies the patch and returns the patched challenge. +func (c *FakeChallenges) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Challenge, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(challengesResource, c.ns, name, pt, data, subresources...), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_order.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_order.go new file mode 100644 index 000000000000..92203c44b797 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_order.go @@ -0,0 +1,141 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeOrders implements OrderInterface +type FakeOrders struct { + Fake *FakeAcmeV1 + ns string +} + +var ordersResource = v1.SchemeGroupVersion.WithResource("orders") + +var ordersKind = v1.SchemeGroupVersion.WithKind("Order") + +// Get takes name of the order, and returns the corresponding order object, and an error if there is any. +func (c *FakeOrders) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Order, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(ordersResource, c.ns, name), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} + +// List takes label and field selectors, and returns the list of Orders that match those selectors. +func (c *FakeOrders) List(ctx context.Context, opts metav1.ListOptions) (result *v1.OrderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(ordersResource, ordersKind, c.ns, opts), &v1.OrderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.OrderList{ListMeta: obj.(*v1.OrderList).ListMeta} + for _, item := range obj.(*v1.OrderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested orders. +func (c *FakeOrders) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(ordersResource, c.ns, opts)) + +} + +// Create takes the representation of a order and creates it. Returns the server's representation of the order, and an error, if there is any. +func (c *FakeOrders) Create(ctx context.Context, order *v1.Order, opts metav1.CreateOptions) (result *v1.Order, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(ordersResource, c.ns, order), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} + +// Update takes the representation of a order and updates it. Returns the server's representation of the order, and an error, if there is any. +func (c *FakeOrders) Update(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (result *v1.Order, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(ordersResource, c.ns, order), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOrders) UpdateStatus(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (*v1.Order, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(ordersResource, "status", c.ns, order), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} + +// Delete takes name of the order and deletes it. Returns an error if one occurs. +func (c *FakeOrders) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(ordersResource, c.ns, name, opts), &v1.Order{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeOrders) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(ordersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.OrderList{}) + return err +} + +// Patch applies the patch and returns the patched order. +func (c *FakeOrders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Order, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(ordersResource, c.ns, name, pt, data, subresources...), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/generated_expansion.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/generated_expansion.go new file mode 100644 index 000000000000..4037570908cf --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/generated_expansion.go @@ -0,0 +1,23 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +type ChallengeExpansion interface{} + +type OrderExpansion interface{} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/order.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/order.go new file mode 100644 index 000000000000..ac68dbbc3049 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/order.go @@ -0,0 +1,195 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/serving/pkg/client/certmanager/clientset/versioned/scheme" +) + +// OrdersGetter has a method to return a OrderInterface. +// A group's client should implement this interface. +type OrdersGetter interface { + Orders(namespace string) OrderInterface +} + +// OrderInterface has methods to work with Order resources. +type OrderInterface interface { + Create(ctx context.Context, order *v1.Order, opts metav1.CreateOptions) (*v1.Order, error) + Update(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (*v1.Order, error) + UpdateStatus(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (*v1.Order, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Order, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.OrderList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Order, err error) + OrderExpansion +} + +// orders implements OrderInterface +type orders struct { + client rest.Interface + ns string +} + +// newOrders returns a Orders +func newOrders(c *AcmeV1Client, namespace string) *orders { + return &orders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the order, and returns the corresponding order object, and an error if there is any. +func (c *orders) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Get(). + Namespace(c.ns). + Resource("orders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of Orders that match those selectors. +func (c *orders) List(ctx context.Context, opts metav1.ListOptions) (result *v1.OrderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.OrderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("orders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested orders. +func (c *orders) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("orders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a order and creates it. Returns the server's representation of the order, and an error, if there is any. +func (c *orders) Create(ctx context.Context, order *v1.Order, opts metav1.CreateOptions) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Post(). + Namespace(c.ns). + Resource("orders"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(order). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a order and updates it. Returns the server's representation of the order, and an error, if there is any. +func (c *orders) Update(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Put(). + Namespace(c.ns). + Resource("orders"). + Name(order.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(order). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *orders) UpdateStatus(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Put(). + Namespace(c.ns). + Resource("orders"). + Name(order.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(order). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the order and deletes it. Returns an error if one occurs. +func (c *orders) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("orders"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *orders) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("orders"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched order. +func (c *orders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("orders"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificate.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificate.go new file mode 100644 index 000000000000..d4dca11f155d --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificate.go @@ -0,0 +1,195 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/serving/pkg/client/certmanager/clientset/versioned/scheme" +) + +// CertificatesGetter has a method to return a CertificateInterface. +// A group's client should implement this interface. +type CertificatesGetter interface { + Certificates(namespace string) CertificateInterface +} + +// CertificateInterface has methods to work with Certificate resources. +type CertificateInterface interface { + Create(ctx context.Context, certificate *v1.Certificate, opts metav1.CreateOptions) (*v1.Certificate, error) + Update(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (*v1.Certificate, error) + UpdateStatus(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (*v1.Certificate, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Certificate, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.CertificateList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Certificate, err error) + CertificateExpansion +} + +// certificates implements CertificateInterface +type certificates struct { + client rest.Interface + ns string +} + +// newCertificates returns a Certificates +func newCertificates(c *CertmanagerV1Client, namespace string) *certificates { + return &certificates{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the certificate, and returns the corresponding certificate object, and an error if there is any. +func (c *certificates) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Get(). + Namespace(c.ns). + Resource("certificates"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of Certificates that match those selectors. +func (c *certificates) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.CertificateList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("certificates"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested certificates. +func (c *certificates) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("certificates"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a certificate and creates it. Returns the server's representation of the certificate, and an error, if there is any. +func (c *certificates) Create(ctx context.Context, certificate *v1.Certificate, opts metav1.CreateOptions) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Post(). + Namespace(c.ns). + Resource("certificates"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificate). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a certificate and updates it. Returns the server's representation of the certificate, and an error, if there is any. +func (c *certificates) Update(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Put(). + Namespace(c.ns). + Resource("certificates"). + Name(certificate.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificate). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *certificates) UpdateStatus(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Put(). + Namespace(c.ns). + Resource("certificates"). + Name(certificate.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificate). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the certificate and deletes it. Returns an error if one occurs. +func (c *certificates) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("certificates"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *certificates) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("certificates"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched certificate. +func (c *certificates) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("certificates"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificaterequest.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificaterequest.go new file mode 100644 index 000000000000..17f36256940f --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificaterequest.go @@ -0,0 +1,195 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/serving/pkg/client/certmanager/clientset/versioned/scheme" +) + +// CertificateRequestsGetter has a method to return a CertificateRequestInterface. +// A group's client should implement this interface. +type CertificateRequestsGetter interface { + CertificateRequests(namespace string) CertificateRequestInterface +} + +// CertificateRequestInterface has methods to work with CertificateRequest resources. +type CertificateRequestInterface interface { + Create(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.CreateOptions) (*v1.CertificateRequest, error) + Update(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (*v1.CertificateRequest, error) + UpdateStatus(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (*v1.CertificateRequest, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.CertificateRequest, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.CertificateRequestList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.CertificateRequest, err error) + CertificateRequestExpansion +} + +// certificateRequests implements CertificateRequestInterface +type certificateRequests struct { + client rest.Interface + ns string +} + +// newCertificateRequests returns a CertificateRequests +func newCertificateRequests(c *CertmanagerV1Client, namespace string) *certificateRequests { + return &certificateRequests{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the certificateRequest, and returns the corresponding certificateRequest object, and an error if there is any. +func (c *certificateRequests) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Get(). + Namespace(c.ns). + Resource("certificaterequests"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of CertificateRequests that match those selectors. +func (c *certificateRequests) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateRequestList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.CertificateRequestList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("certificaterequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested certificateRequests. +func (c *certificateRequests) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("certificaterequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a certificateRequest and creates it. Returns the server's representation of the certificateRequest, and an error, if there is any. +func (c *certificateRequests) Create(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.CreateOptions) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Post(). + Namespace(c.ns). + Resource("certificaterequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificateRequest). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a certificateRequest and updates it. Returns the server's representation of the certificateRequest, and an error, if there is any. +func (c *certificateRequests) Update(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("certificaterequests"). + Name(certificateRequest.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificateRequest). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *certificateRequests) UpdateStatus(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("certificaterequests"). + Name(certificateRequest.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificateRequest). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the certificateRequest and deletes it. Returns an error if one occurs. +func (c *certificateRequests) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("certificaterequests"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *certificateRequests) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("certificaterequests"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched certificateRequest. +func (c *certificateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("certificaterequests"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certmanager_client.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certmanager_client.go new file mode 100644 index 000000000000..d92c64cfd816 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certmanager_client.go @@ -0,0 +1,122 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "net/http" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + rest "k8s.io/client-go/rest" + "knative.dev/serving/pkg/client/certmanager/clientset/versioned/scheme" +) + +type CertmanagerV1Interface interface { + RESTClient() rest.Interface + CertificatesGetter + CertificateRequestsGetter + ClusterIssuersGetter + IssuersGetter +} + +// CertmanagerV1Client is used to interact with features provided by the cert-manager.io group. +type CertmanagerV1Client struct { + restClient rest.Interface +} + +func (c *CertmanagerV1Client) Certificates(namespace string) CertificateInterface { + return newCertificates(c, namespace) +} + +func (c *CertmanagerV1Client) CertificateRequests(namespace string) CertificateRequestInterface { + return newCertificateRequests(c, namespace) +} + +func (c *CertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + +func (c *CertmanagerV1Client) Issuers(namespace string) IssuerInterface { + return newIssuers(c, namespace) +} + +// NewForConfig creates a new CertmanagerV1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*CertmanagerV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new CertmanagerV1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*CertmanagerV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &CertmanagerV1Client{client}, nil +} + +// NewForConfigOrDie creates a new CertmanagerV1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *CertmanagerV1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new CertmanagerV1Client for the given RESTClient. +func New(c rest.Interface) *CertmanagerV1Client { + return &CertmanagerV1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *CertmanagerV1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/clusterissuer.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/clusterissuer.go new file mode 100644 index 000000000000..dea72f1ea092 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/clusterissuer.go @@ -0,0 +1,184 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/serving/pkg/client/certmanager/clientset/versioned/scheme" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *CertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/doc.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/doc.go new file mode 100644 index 000000000000..96a2eacb4801 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1 diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/doc.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/doc.go new file mode 100644 index 000000000000..720b98ac3218 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go new file mode 100644 index 000000000000..b269dfed0d80 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go @@ -0,0 +1,141 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeCertificates implements CertificateInterface +type FakeCertificates struct { + Fake *FakeCertmanagerV1 + ns string +} + +var certificatesResource = v1.SchemeGroupVersion.WithResource("certificates") + +var certificatesKind = v1.SchemeGroupVersion.WithKind("Certificate") + +// Get takes name of the certificate, and returns the corresponding certificate object, and an error if there is any. +func (c *FakeCertificates) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Certificate, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(certificatesResource, c.ns, name), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} + +// List takes label and field selectors, and returns the list of Certificates that match those selectors. +func (c *FakeCertificates) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(certificatesResource, certificatesKind, c.ns, opts), &v1.CertificateList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.CertificateList{ListMeta: obj.(*v1.CertificateList).ListMeta} + for _, item := range obj.(*v1.CertificateList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested certificates. +func (c *FakeCertificates) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(certificatesResource, c.ns, opts)) + +} + +// Create takes the representation of a certificate and creates it. Returns the server's representation of the certificate, and an error, if there is any. +func (c *FakeCertificates) Create(ctx context.Context, certificate *v1.Certificate, opts metav1.CreateOptions) (result *v1.Certificate, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(certificatesResource, c.ns, certificate), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} + +// Update takes the representation of a certificate and updates it. Returns the server's representation of the certificate, and an error, if there is any. +func (c *FakeCertificates) Update(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (result *v1.Certificate, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(certificatesResource, c.ns, certificate), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeCertificates) UpdateStatus(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (*v1.Certificate, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(certificatesResource, "status", c.ns, certificate), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} + +// Delete takes name of the certificate and deletes it. Returns an error if one occurs. +func (c *FakeCertificates) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(certificatesResource, c.ns, name, opts), &v1.Certificate{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeCertificates) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(certificatesResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.CertificateList{}) + return err +} + +// Patch applies the patch and returns the patched certificate. +func (c *FakeCertificates) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Certificate, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(certificatesResource, c.ns, name, pt, data, subresources...), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go new file mode 100644 index 000000000000..4a6967067715 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go @@ -0,0 +1,141 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeCertificateRequests implements CertificateRequestInterface +type FakeCertificateRequests struct { + Fake *FakeCertmanagerV1 + ns string +} + +var certificaterequestsResource = v1.SchemeGroupVersion.WithResource("certificaterequests") + +var certificaterequestsKind = v1.SchemeGroupVersion.WithKind("CertificateRequest") + +// Get takes name of the certificateRequest, and returns the corresponding certificateRequest object, and an error if there is any. +func (c *FakeCertificateRequests) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.CertificateRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(certificaterequestsResource, c.ns, name), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} + +// List takes label and field selectors, and returns the list of CertificateRequests that match those selectors. +func (c *FakeCertificateRequests) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateRequestList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(certificaterequestsResource, certificaterequestsKind, c.ns, opts), &v1.CertificateRequestList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.CertificateRequestList{ListMeta: obj.(*v1.CertificateRequestList).ListMeta} + for _, item := range obj.(*v1.CertificateRequestList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested certificateRequests. +func (c *FakeCertificateRequests) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(certificaterequestsResource, c.ns, opts)) + +} + +// Create takes the representation of a certificateRequest and creates it. Returns the server's representation of the certificateRequest, and an error, if there is any. +func (c *FakeCertificateRequests) Create(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.CreateOptions) (result *v1.CertificateRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(certificaterequestsResource, c.ns, certificateRequest), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} + +// Update takes the representation of a certificateRequest and updates it. Returns the server's representation of the certificateRequest, and an error, if there is any. +func (c *FakeCertificateRequests) Update(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (result *v1.CertificateRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(certificaterequestsResource, c.ns, certificateRequest), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeCertificateRequests) UpdateStatus(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (*v1.CertificateRequest, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(certificaterequestsResource, "status", c.ns, certificateRequest), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} + +// Delete takes name of the certificateRequest and deletes it. Returns an error if one occurs. +func (c *FakeCertificateRequests) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(certificaterequestsResource, c.ns, name, opts), &v1.CertificateRequest{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeCertificateRequests) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(certificaterequestsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.CertificateRequestList{}) + return err +} + +// Patch applies the patch and returns the patched certificateRequest. +func (c *FakeCertificateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.CertificateRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(certificaterequestsResource, c.ns, name, pt, data, subresources...), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go new file mode 100644 index 000000000000..e667f4c7f983 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" + v1 "knative.dev/serving/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1" +) + +type FakeCertmanagerV1 struct { + *testing.Fake +} + +func (c *FakeCertmanagerV1) Certificates(namespace string) v1.CertificateInterface { + return &FakeCertificates{c, namespace} +} + +func (c *FakeCertmanagerV1) CertificateRequests(namespace string) v1.CertificateRequestInterface { + return &FakeCertificateRequests{c, namespace} +} + +func (c *FakeCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + +func (c *FakeCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { + return &FakeIssuers{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeCertmanagerV1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 000000000000..d47102f13a09 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeCertmanagerV1 +} + +var clusterissuersResource = v1.SchemeGroupVersion.WithResource("clusterissuers") + +var clusterissuersKind = v1.SchemeGroupVersion.WithKind("ClusterIssuer") + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &v1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.ClusterIssuerList{ListMeta: obj.(*v1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*v1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &v1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go new file mode 100644 index 000000000000..fa5efb5cccd9 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go @@ -0,0 +1,141 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeIssuers implements IssuerInterface +type FakeIssuers struct { + Fake *FakeCertmanagerV1 + ns string +} + +var issuersResource = v1.SchemeGroupVersion.WithResource("issuers") + +var issuersKind = v1.SchemeGroupVersion.WithKind("Issuer") + +// Get takes name of the issuer, and returns the corresponding issuer object, and an error if there is any. +func (c *FakeIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Issuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(issuersResource, c.ns, name), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} + +// List takes label and field selectors, and returns the list of Issuers that match those selectors. +func (c *FakeIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.IssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(issuersResource, issuersKind, c.ns, opts), &v1.IssuerList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.IssuerList{ListMeta: obj.(*v1.IssuerList).ListMeta} + for _, item := range obj.(*v1.IssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested issuers. +func (c *FakeIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(issuersResource, c.ns, opts)) + +} + +// Create takes the representation of a issuer and creates it. Returns the server's representation of the issuer, and an error, if there is any. +func (c *FakeIssuers) Create(ctx context.Context, issuer *v1.Issuer, opts metav1.CreateOptions) (result *v1.Issuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(issuersResource, c.ns, issuer), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} + +// Update takes the representation of a issuer and updates it. Returns the server's representation of the issuer, and an error, if there is any. +func (c *FakeIssuers) Update(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (result *v1.Issuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(issuersResource, c.ns, issuer), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeIssuers) UpdateStatus(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (*v1.Issuer, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(issuersResource, "status", c.ns, issuer), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} + +// Delete takes name of the issuer and deletes it. Returns an error if one occurs. +func (c *FakeIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(issuersResource, c.ns, name, opts), &v1.Issuer{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(issuersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.IssuerList{}) + return err +} + +// Patch applies the patch and returns the patched issuer. +func (c *FakeIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Issuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(issuersResource, c.ns, name, pt, data, subresources...), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/generated_expansion.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/generated_expansion.go new file mode 100644 index 000000000000..e914aa326418 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/generated_expansion.go @@ -0,0 +1,27 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +type CertificateExpansion interface{} + +type CertificateRequestExpansion interface{} + +type ClusterIssuerExpansion interface{} + +type IssuerExpansion interface{} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/issuer.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/issuer.go new file mode 100644 index 000000000000..528b31d58a40 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/issuer.go @@ -0,0 +1,195 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/serving/pkg/client/certmanager/clientset/versioned/scheme" +) + +// IssuersGetter has a method to return a IssuerInterface. +// A group's client should implement this interface. +type IssuersGetter interface { + Issuers(namespace string) IssuerInterface +} + +// IssuerInterface has methods to work with Issuer resources. +type IssuerInterface interface { + Create(ctx context.Context, issuer *v1.Issuer, opts metav1.CreateOptions) (*v1.Issuer, error) + Update(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (*v1.Issuer, error) + UpdateStatus(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (*v1.Issuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Issuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.IssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Issuer, err error) + IssuerExpansion +} + +// issuers implements IssuerInterface +type issuers struct { + client rest.Interface + ns string +} + +// newIssuers returns a Issuers +func newIssuers(c *CertmanagerV1Client, namespace string) *issuers { + return &issuers{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the issuer, and returns the corresponding issuer object, and an error if there is any. +func (c *issuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Get(). + Namespace(c.ns). + Resource("issuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of Issuers that match those selectors. +func (c *issuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.IssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.IssuerList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("issuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested issuers. +func (c *issuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("issuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a issuer and creates it. Returns the server's representation of the issuer, and an error, if there is any. +func (c *issuers) Create(ctx context.Context, issuer *v1.Issuer, opts metav1.CreateOptions) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Post(). + Namespace(c.ns). + Resource("issuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(issuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a issuer and updates it. Returns the server's representation of the issuer, and an error, if there is any. +func (c *issuers) Update(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("issuers"). + Name(issuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(issuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *issuers) UpdateStatus(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("issuers"). + Name(issuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(issuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the issuer and deletes it. Returns an error if one occurs. +func (c *issuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("issuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *issuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("issuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched issuer. +func (c *issuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("issuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/informers/externalversions/acme/interface.go b/pkg/client/certmanager/informers/externalversions/acme/interface.go new file mode 100644 index 000000000000..db99a3d3d119 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/acme/interface.go @@ -0,0 +1,46 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package acme + +import ( + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme/v1" + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1 provides access to shared informers for resources in V1. + V1() v1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1 returns a new v1.Interface. +func (g *group) V1() v1.Interface { + return v1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/pkg/client/certmanager/informers/externalversions/acme/v1/challenge.go b/pkg/client/certmanager/informers/externalversions/acme/v1/challenge.go new file mode 100644 index 000000000000..d99b1ecc1367 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/acme/v1/challenge.go @@ -0,0 +1,90 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/serving/pkg/client/certmanager/listers/acme/v1" +) + +// ChallengeInformer provides access to a shared informer and lister for +// Challenges. +type ChallengeInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ChallengeLister +} + +type challengeInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewChallengeInformer constructs a new informer for Challenge type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewChallengeInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredChallengeInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredChallengeInformer constructs a new informer for Challenge type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredChallengeInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Challenges(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Challenges(namespace).Watch(context.TODO(), options) + }, + }, + &acmev1.Challenge{}, + resyncPeriod, + indexers, + ) +} + +func (f *challengeInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredChallengeInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *challengeInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&acmev1.Challenge{}, f.defaultInformer) +} + +func (f *challengeInformer) Lister() v1.ChallengeLister { + return v1.NewChallengeLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/acme/v1/interface.go b/pkg/client/certmanager/informers/externalversions/acme/v1/interface.go new file mode 100644 index 000000000000..4316b944ce2f --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/acme/v1/interface.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // Challenges returns a ChallengeInformer. + Challenges() ChallengeInformer + // Orders returns a OrderInformer. + Orders() OrderInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// Challenges returns a ChallengeInformer. +func (v *version) Challenges() ChallengeInformer { + return &challengeInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// Orders returns a OrderInformer. +func (v *version) Orders() OrderInformer { + return &orderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/certmanager/informers/externalversions/acme/v1/order.go b/pkg/client/certmanager/informers/externalversions/acme/v1/order.go new file mode 100644 index 000000000000..0846c134ee82 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/acme/v1/order.go @@ -0,0 +1,90 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/serving/pkg/client/certmanager/listers/acme/v1" +) + +// OrderInformer provides access to a shared informer and lister for +// Orders. +type OrderInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.OrderLister +} + +type orderInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewOrderInformer constructs a new informer for Order type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewOrderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredOrderInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredOrderInformer constructs a new informer for Order type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredOrderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Orders(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Orders(namespace).Watch(context.TODO(), options) + }, + }, + &acmev1.Order{}, + resyncPeriod, + indexers, + ) +} + +func (f *orderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredOrderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *orderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&acmev1.Order{}, f.defaultInformer) +} + +func (f *orderInformer) Lister() v1.OrderLister { + return v1.NewOrderLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/interface.go b/pkg/client/certmanager/informers/externalversions/certmanager/interface.go new file mode 100644 index 000000000000..f901b81e492d --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/interface.go @@ -0,0 +1,46 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package certmanager + +import ( + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1" + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1 provides access to shared informers for resources in V1. + V1() v1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1 returns a new v1.Interface. +func (g *group) V1() v1.Interface { + return v1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificate.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificate.go new file mode 100644 index 000000000000..5be8dfd4c3f7 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificate.go @@ -0,0 +1,90 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/serving/pkg/client/certmanager/listers/certmanager/v1" +) + +// CertificateInformer provides access to a shared informer and lister for +// Certificates. +type CertificateInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.CertificateLister +} + +type certificateInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewCertificateInformer constructs a new informer for Certificate type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCertificateInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCertificateInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredCertificateInformer constructs a new informer for Certificate type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCertificateInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Certificates(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Certificates(namespace).Watch(context.TODO(), options) + }, + }, + &certmanagerv1.Certificate{}, + resyncPeriod, + indexers, + ) +} + +func (f *certificateInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCertificateInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *certificateInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&certmanagerv1.Certificate{}, f.defaultInformer) +} + +func (f *certificateInformer) Lister() v1.CertificateLister { + return v1.NewCertificateLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificaterequest.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificaterequest.go new file mode 100644 index 000000000000..ae8a03bafd58 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificaterequest.go @@ -0,0 +1,90 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/serving/pkg/client/certmanager/listers/certmanager/v1" +) + +// CertificateRequestInformer provides access to a shared informer and lister for +// CertificateRequests. +type CertificateRequestInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.CertificateRequestLister +} + +type certificateRequestInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewCertificateRequestInformer constructs a new informer for CertificateRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCertificateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCertificateRequestInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredCertificateRequestInformer constructs a new informer for CertificateRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCertificateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().CertificateRequests(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().CertificateRequests(namespace).Watch(context.TODO(), options) + }, + }, + &certmanagerv1.CertificateRequest{}, + resyncPeriod, + indexers, + ) +} + +func (f *certificateRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCertificateRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *certificateRequestInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&certmanagerv1.CertificateRequest{}, f.defaultInformer) +} + +func (f *certificateRequestInformer) Lister() v1.CertificateRequestLister { + return v1.NewCertificateRequestLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/clusterissuer.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/clusterissuer.go new file mode 100644 index 000000000000..f2da940b5a74 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/clusterissuer.go @@ -0,0 +1,89 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/serving/pkg/client/certmanager/listers/certmanager/v1" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &certmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&certmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/interface.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/interface.go new file mode 100644 index 000000000000..e3e76a6cdca1 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/interface.go @@ -0,0 +1,66 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // Certificates returns a CertificateInformer. + Certificates() CertificateInformer + // CertificateRequests returns a CertificateRequestInformer. + CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer + // Issuers returns a IssuerInformer. + Issuers() IssuerInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// Certificates returns a CertificateInformer. +func (v *version) Certificates() CertificateInformer { + return &certificateInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// CertificateRequests returns a CertificateRequestInformer. +func (v *version) CertificateRequests() CertificateRequestInformer { + return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + +// Issuers returns a IssuerInformer. +func (v *version) Issuers() IssuerInformer { + return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/issuer.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/issuer.go new file mode 100644 index 000000000000..bd34ff0094e2 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/issuer.go @@ -0,0 +1,90 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/serving/pkg/client/certmanager/listers/certmanager/v1" +) + +// IssuerInformer provides access to a shared informer and lister for +// Issuers. +type IssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.IssuerLister +} + +type issuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewIssuerInformer constructs a new informer for Issuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredIssuerInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredIssuerInformer constructs a new informer for Issuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Issuers(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Issuers(namespace).Watch(context.TODO(), options) + }, + }, + &certmanagerv1.Issuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *issuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *issuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&certmanagerv1.Issuer{}, f.defaultInformer) +} + +func (f *issuerInformer) Lister() v1.IssuerLister { + return v1.NewIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/factory.go b/pkg/client/certmanager/informers/externalversions/factory.go new file mode 100644 index 000000000000..726dc8ae0da9 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/factory.go @@ -0,0 +1,267 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package externalversions + +import ( + reflect "reflect" + sync "sync" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + acme "knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme" + certmanager "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager" + internalinterfaces "knative.dev/serving/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// SharedInformerOption defines the functional option type for SharedInformerFactory. +type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory + +type sharedInformerFactory struct { + client versioned.Interface + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc + lock sync.Mutex + defaultResync time.Duration + customResync map[reflect.Type]time.Duration + transform cache.TransformFunc + + informers map[reflect.Type]cache.SharedIndexInformer + // startedInformers is used for tracking which informers have been started. + // This allows Start() to be called multiple times safely. + startedInformers map[reflect.Type]bool + // wg tracks how many goroutines were started. + wg sync.WaitGroup + // shuttingDown is true when Shutdown has been called. It may still be running + // because it needs to wait for goroutines. + shuttingDown bool +} + +// WithCustomResyncConfig sets a custom resync period for the specified informer types. +func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + for k, v := range resyncConfig { + factory.customResync[reflect.TypeOf(k)] = v + } + return factory + } +} + +// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory. +func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.tweakListOptions = tweakListOptions + return factory + } +} + +// WithNamespace limits the SharedInformerFactory to the specified namespace. +func WithNamespace(namespace string) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.namespace = namespace + return factory + } +} + +// WithTransform sets a transform on all informers. +func WithTransform(transform cache.TransformFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.transform = transform + return factory + } +} + +// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. +func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory { + return NewSharedInformerFactoryWithOptions(client, defaultResync) +} + +// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory. +// Listers obtained via this SharedInformerFactory will be subject to the same filters +// as specified here. +// Deprecated: Please use NewSharedInformerFactoryWithOptions instead +func NewFilteredSharedInformerFactory(client versioned.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory { + return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions)) +} + +// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options. +func NewSharedInformerFactoryWithOptions(client versioned.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory { + factory := &sharedInformerFactory{ + client: client, + namespace: v1.NamespaceAll, + defaultResync: defaultResync, + informers: make(map[reflect.Type]cache.SharedIndexInformer), + startedInformers: make(map[reflect.Type]bool), + customResync: make(map[reflect.Type]time.Duration), + } + + // Apply all options + for _, opt := range options { + factory = opt(factory) + } + + return factory +} + +func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) { + f.lock.Lock() + defer f.lock.Unlock() + + if f.shuttingDown { + return + } + + for informerType, informer := range f.informers { + if !f.startedInformers[informerType] { + f.wg.Add(1) + // We need a new variable in each loop iteration, + // otherwise the goroutine would use the loop variable + // and that keeps changing. + informer := informer + go func() { + defer f.wg.Done() + informer.Run(stopCh) + }() + f.startedInformers[informerType] = true + } + } +} + +func (f *sharedInformerFactory) Shutdown() { + f.lock.Lock() + f.shuttingDown = true + f.lock.Unlock() + + // Will return immediately if there is nothing to wait for. + f.wg.Wait() +} + +func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool { + informers := func() map[reflect.Type]cache.SharedIndexInformer { + f.lock.Lock() + defer f.lock.Unlock() + + informers := map[reflect.Type]cache.SharedIndexInformer{} + for informerType, informer := range f.informers { + if f.startedInformers[informerType] { + informers[informerType] = informer + } + } + return informers + }() + + res := map[reflect.Type]bool{} + for informType, informer := range informers { + res[informType] = cache.WaitForCacheSync(stopCh, informer.HasSynced) + } + return res +} + +// InformerFor returns the SharedIndexInformer for obj using an internal +// client. +func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer { + f.lock.Lock() + defer f.lock.Unlock() + + informerType := reflect.TypeOf(obj) + informer, exists := f.informers[informerType] + if exists { + return informer + } + + resyncPeriod, exists := f.customResync[informerType] + if !exists { + resyncPeriod = f.defaultResync + } + + informer = newFunc(f.client, resyncPeriod) + informer.SetTransform(f.transform) + f.informers[informerType] = informer + + return informer +} + +// SharedInformerFactory provides shared informers for resources in all known +// API group versions. +// +// It is typically used like this: +// +// ctx, cancel := context.Background() +// defer cancel() +// factory := NewSharedInformerFactory(client, resyncPeriod) +// defer factory.WaitForStop() // Returns immediately if nothing was started. +// genericInformer := factory.ForResource(resource) +// typedInformer := factory.SomeAPIGroup().V1().SomeType() +// factory.Start(ctx.Done()) // Start processing these informers. +// synced := factory.WaitForCacheSync(ctx.Done()) +// for v, ok := range synced { +// if !ok { +// fmt.Fprintf(os.Stderr, "caches failed to sync: %v", v) +// return +// } +// } +// +// // Creating informers can also be created after Start, but then +// // Start must be called again: +// anotherGenericInformer := factory.ForResource(resource) +// factory.Start(ctx.Done()) +type SharedInformerFactory interface { + internalinterfaces.SharedInformerFactory + + // Start initializes all requested informers. They are handled in goroutines + // which run until the stop channel gets closed. + Start(stopCh <-chan struct{}) + + // Shutdown marks a factory as shutting down. At that point no new + // informers can be started anymore and Start will return without + // doing anything. + // + // In addition, Shutdown blocks until all goroutines have terminated. For that + // to happen, the close channel(s) that they were started with must be closed, + // either before Shutdown gets called or while it is waiting. + // + // Shutdown may be called multiple times, even concurrently. All such calls will + // block until all goroutines have terminated. + Shutdown() + + // WaitForCacheSync blocks until all started informers' caches were synced + // or the stop channel gets closed. + WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool + + // ForResource gives generic access to a shared informer of the matching type. + ForResource(resource schema.GroupVersionResource) (GenericInformer, error) + + // InformerFor returns the SharedIndexInformer for obj using an internal + // client. + InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer + + Acme() acme.Interface + Certmanager() certmanager.Interface +} + +func (f *sharedInformerFactory) Acme() acme.Interface { + return acme.New(f, f.namespace, f.tweakListOptions) +} + +func (f *sharedInformerFactory) Certmanager() certmanager.Interface { + return certmanager.New(f, f.namespace, f.tweakListOptions) +} diff --git a/pkg/client/certmanager/informers/externalversions/generic.go b/pkg/client/certmanager/informers/externalversions/generic.go new file mode 100644 index 000000000000..e4bf8b01b6c1 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/generic.go @@ -0,0 +1,75 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package externalversions + +import ( + "fmt" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + schema "k8s.io/apimachinery/pkg/runtime/schema" + cache "k8s.io/client-go/tools/cache" +) + +// GenericInformer is type of SharedIndexInformer which will locate and delegate to other +// sharedInformers based on type +type GenericInformer interface { + Informer() cache.SharedIndexInformer + Lister() cache.GenericLister +} + +type genericInformer struct { + informer cache.SharedIndexInformer + resource schema.GroupResource +} + +// Informer returns the SharedIndexInformer. +func (f *genericInformer) Informer() cache.SharedIndexInformer { + return f.informer +} + +// Lister returns the GenericLister. +func (f *genericInformer) Lister() cache.GenericLister { + return cache.NewGenericLister(f.Informer().GetIndexer(), f.resource) +} + +// ForResource gives generic access to a shared informer of the matching type +// TODO extend this to unknown resources with a client pool +func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { + switch resource { + // Group=acme.cert-manager.io, Version=v1 + case v1.SchemeGroupVersion.WithResource("challenges"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Acme().V1().Challenges().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("orders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Acme().V1().Orders().Informer()}, nil + + // Group=cert-manager.io, Version=v1 + case certmanagerv1.SchemeGroupVersion.WithResource("certificates"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1().Certificates().Informer()}, nil + case certmanagerv1.SchemeGroupVersion.WithResource("certificaterequests"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1().CertificateRequests().Informer()}, nil + case certmanagerv1.SchemeGroupVersion.WithResource("clusterissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1().ClusterIssuers().Informer()}, nil + case certmanagerv1.SchemeGroupVersion.WithResource("issuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1().Issuers().Informer()}, nil + + } + + return nil, fmt.Errorf("no informer found for %v", resource) +} diff --git a/pkg/client/certmanager/informers/externalversions/internalinterfaces/factory_interfaces.go b/pkg/client/certmanager/informers/externalversions/internalinterfaces/factory_interfaces.go new file mode 100644 index 000000000000..d88198c4381c --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/internalinterfaces/factory_interfaces.go @@ -0,0 +1,40 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package internalinterfaces + +import ( + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" +) + +// NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer. +type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer + +// SharedInformerFactory a small interface to allow for adding an informer without an import cycle +type SharedInformerFactory interface { + Start(stopCh <-chan struct{}) + InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer +} + +// TweakListOptionsFunc is a function that transforms a v1.ListOptions. +type TweakListOptionsFunc func(*v1.ListOptions) diff --git a/pkg/client/certmanager/injection/client/client.go b/pkg/client/certmanager/injection/client/client.go new file mode 100644 index 000000000000..ebdd1f98ff8b --- /dev/null +++ b/pkg/client/certmanager/injection/client/client.go @@ -0,0 +1,57 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package client + +import ( + context "context" + + rest "k8s.io/client-go/rest" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + versioned "knative.dev/serving/pkg/client/certmanager/clientset/versioned" +) + +func init() { + injection.Default.RegisterClient(withClientFromConfig) + injection.Default.RegisterClientFetcher(func(ctx context.Context) interface{} { + return Get(ctx) + }) +} + +// Key is used as the key for associating information with a context.Context. +type Key struct{} + +func withClientFromConfig(ctx context.Context, cfg *rest.Config) context.Context { + return context.WithValue(ctx, Key{}, versioned.NewForConfigOrDie(cfg)) +} + +// Get extracts the versioned.Interface client from the context. +func Get(ctx context.Context) versioned.Interface { + untyped := ctx.Value(Key{}) + if untyped == nil { + if injection.GetConfig(ctx) == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/clientset/versioned.Interface from context. This context is not the application context (which is typically given to constructors via sharedmain).") + } else { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/clientset/versioned.Interface from context.") + } + } + return untyped.(versioned.Interface) +} diff --git a/pkg/client/certmanager/injection/client/fake/fake.go b/pkg/client/certmanager/injection/client/fake/fake.go new file mode 100644 index 000000000000..ad934e5652bf --- /dev/null +++ b/pkg/client/certmanager/injection/client/fake/fake.go @@ -0,0 +1,57 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + runtime "k8s.io/apimachinery/pkg/runtime" + rest "k8s.io/client-go/rest" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + fake "knative.dev/serving/pkg/client/certmanager/clientset/versioned/fake" + client "knative.dev/serving/pkg/client/certmanager/injection/client" +) + +func init() { + injection.Fake.RegisterClient(withClient) + injection.Fake.RegisterClientFetcher(func(ctx context.Context) interface{} { + return Get(ctx) + }) +} + +func withClient(ctx context.Context, cfg *rest.Config) context.Context { + ctx, _ = With(ctx) + return ctx +} + +func With(ctx context.Context, objects ...runtime.Object) (context.Context, *fake.Clientset) { + cs := fake.NewSimpleClientset(objects...) + return context.WithValue(ctx, client.Key{}, cs), cs +} + +// Get extracts the Kubernetes client from the context. +func Get(ctx context.Context) *fake.Clientset { + untyped := ctx.Value(client.Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/clientset/versioned/fake.Clientset from context.") + } + return untyped.(*fake.Clientset) +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/challenge/challenge.go b/pkg/client/certmanager/injection/informers/acme/v1/challenge/challenge.go new file mode 100644 index 000000000000..0237feed51b9 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/challenge.go @@ -0,0 +1,47 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package challenge + +import ( + context "context" + + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme/v1" + factory "knative.dev/serving/pkg/client/certmanager/injection/informers/factory" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Acme().V1().Challenges() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.ChallengeInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme/v1.ChallengeInformer from context.") + } + return untyped.(v1.ChallengeInformer) +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/challenge/fake/fake.go b/pkg/client/certmanager/injection/informers/acme/v1/challenge/fake/fake.go new file mode 100644 index 000000000000..a4c49a769ae1 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + challenge "knative.dev/serving/pkg/client/certmanager/injection/informers/acme/v1/challenge" + fake "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/fake" +) + +var Get = challenge.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Acme().V1().Challenges() + return context.WithValue(ctx, challenge.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/challenge.go b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/challenge.go new file mode 100644 index 000000000000..c86fa6f6972c --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/challenge.go @@ -0,0 +1,65 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme/v1" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Acme().V1().Challenges() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.ChallengeInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme/v1.ChallengeInformer with selector %s from context.", selector) + } + return untyped.(v1.ChallengeInformer) +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/fake/fake.go new file mode 100644 index 000000000000..d4e685f1bdb5 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered" + factoryfiltered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Acme().V1().Challenges() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/order/fake/fake.go b/pkg/client/certmanager/injection/informers/acme/v1/order/fake/fake.go new file mode 100644 index 000000000000..85f314639c9c --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/order/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + order "knative.dev/serving/pkg/client/certmanager/injection/informers/acme/v1/order" + fake "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/fake" +) + +var Get = order.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Acme().V1().Orders() + return context.WithValue(ctx, order.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/fake/fake.go new file mode 100644 index 000000000000..cf70ff08d5ed --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/acme/v1/order/filtered" + factoryfiltered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Acme().V1().Orders() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/order.go b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/order.go new file mode 100644 index 000000000000..8a91338f8f8e --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/order.go @@ -0,0 +1,65 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme/v1" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Acme().V1().Orders() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.OrderInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme/v1.OrderInformer with selector %s from context.", selector) + } + return untyped.(v1.OrderInformer) +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/order/order.go b/pkg/client/certmanager/injection/informers/acme/v1/order/order.go new file mode 100644 index 000000000000..bfe410a5a532 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/order/order.go @@ -0,0 +1,47 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package order + +import ( + context "context" + + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme/v1" + factory "knative.dev/serving/pkg/client/certmanager/injection/informers/factory" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Acme().V1().Orders() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.OrderInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/acme/v1.OrderInformer from context.") + } + return untyped.(v1.OrderInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/certificate.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/certificate.go new file mode 100644 index 000000000000..b60903c5fa93 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/certificate.go @@ -0,0 +1,47 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package certificate + +import ( + context "context" + + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1" + factory "knative.dev/serving/pkg/client/certmanager/injection/informers/factory" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Certmanager().V1().Certificates() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.CertificateInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1.CertificateInformer from context.") + } + return untyped.(v1.CertificateInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/fake/fake.go new file mode 100644 index 000000000000..5bddd55923f4 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + certificate "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/certificate" + fake "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/fake" +) + +var Get = certificate.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Certmanager().V1().Certificates() + return context.WithValue(ctx, certificate.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/certificate.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/certificate.go new file mode 100644 index 000000000000..fc96d5036684 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/certificate.go @@ -0,0 +1,65 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Certmanager().V1().Certificates() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.CertificateInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1.CertificateInformer with selector %s from context.", selector) + } + return untyped.(v1.CertificateInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/fake/fake.go new file mode 100644 index 000000000000..088820baa932 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered" + factoryfiltered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Certmanager().V1().Certificates() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/certificaterequest.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/certificaterequest.go new file mode 100644 index 000000000000..213df6a8e56b --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/certificaterequest.go @@ -0,0 +1,47 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package certificaterequest + +import ( + context "context" + + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1" + factory "knative.dev/serving/pkg/client/certmanager/injection/informers/factory" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Certmanager().V1().CertificateRequests() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.CertificateRequestInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1.CertificateRequestInformer from context.") + } + return untyped.(v1.CertificateRequestInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/fake/fake.go new file mode 100644 index 000000000000..adb744a71fae --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + certificaterequest "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest" + fake "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/fake" +) + +var Get = certificaterequest.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Certmanager().V1().CertificateRequests() + return context.WithValue(ctx, certificaterequest.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/certificaterequest.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/certificaterequest.go new file mode 100644 index 000000000000..6bb864888183 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/certificaterequest.go @@ -0,0 +1,65 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Certmanager().V1().CertificateRequests() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.CertificateRequestInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1.CertificateRequestInformer with selector %s from context.", selector) + } + return untyped.(v1.CertificateRequestInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/fake/fake.go new file mode 100644 index 000000000000..4d84d20211c7 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered" + factoryfiltered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Certmanager().V1().CertificateRequests() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/clusterissuer.go b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/clusterissuer.go new file mode 100644 index 000000000000..3d5a70c978c9 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/clusterissuer.go @@ -0,0 +1,47 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package clusterissuer + +import ( + context "context" + + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1" + factory "knative.dev/serving/pkg/client/certmanager/injection/informers/factory" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Certmanager().V1().ClusterIssuers() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.ClusterIssuerInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1.ClusterIssuerInformer from context.") + } + return untyped.(v1.ClusterIssuerInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/fake/fake.go new file mode 100644 index 000000000000..0eeab2ff1d43 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + clusterissuer "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer" + fake "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/fake" +) + +var Get = clusterissuer.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Certmanager().V1().ClusterIssuers() + return context.WithValue(ctx, clusterissuer.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/clusterissuer.go b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/clusterissuer.go new file mode 100644 index 000000000000..87b341061fe5 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/clusterissuer.go @@ -0,0 +1,65 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Certmanager().V1().ClusterIssuers() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.ClusterIssuerInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1.ClusterIssuerInformer with selector %s from context.", selector) + } + return untyped.(v1.ClusterIssuerInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/fake/fake.go new file mode 100644 index 000000000000..f911e8c37df5 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered" + factoryfiltered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Certmanager().V1().ClusterIssuers() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/fake/fake.go new file mode 100644 index 000000000000..86099ea26e93 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + issuer "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/issuer" + fake "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/fake" +) + +var Get = issuer.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Certmanager().V1().Issuers() + return context.WithValue(ctx, issuer.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/fake/fake.go new file mode 100644 index 000000000000..c7a2cd0859f8 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered" + factoryfiltered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Certmanager().V1().Issuers() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/issuer.go b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/issuer.go new file mode 100644 index 000000000000..a89dceb9ef67 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/issuer.go @@ -0,0 +1,65 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Certmanager().V1().Issuers() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.IssuerInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1.IssuerInformer with selector %s from context.", selector) + } + return untyped.(v1.IssuerInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/issuer.go b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/issuer.go new file mode 100644 index 000000000000..b2970a54e122 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/issuer.go @@ -0,0 +1,47 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package issuer + +import ( + context "context" + + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" + v1 "knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1" + factory "knative.dev/serving/pkg/client/certmanager/injection/informers/factory" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Certmanager().V1().Issuers() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.IssuerInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions/certmanager/v1.IssuerInformer from context.") + } + return untyped.(v1.IssuerInformer) +} diff --git a/pkg/client/certmanager/injection/informers/factory/factory.go b/pkg/client/certmanager/injection/informers/factory/factory.go new file mode 100644 index 000000000000..eb6998122637 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/factory/factory.go @@ -0,0 +1,56 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package factory + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + externalversions "knative.dev/serving/pkg/client/certmanager/informers/externalversions" + client "knative.dev/serving/pkg/client/certmanager/injection/client" +) + +func init() { + injection.Default.RegisterInformerFactory(withInformerFactory) +} + +// Key is used as the key for associating information with a context.Context. +type Key struct{} + +func withInformerFactory(ctx context.Context) context.Context { + c := client.Get(ctx) + opts := make([]externalversions.SharedInformerOption, 0, 1) + if injection.HasNamespaceScope(ctx) { + opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) + } + return context.WithValue(ctx, Key{}, + externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) +} + +// Get extracts the InformerFactory from the context. +func Get(ctx context.Context) externalversions.SharedInformerFactory { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions.SharedInformerFactory from context.") + } + return untyped.(externalversions.SharedInformerFactory) +} diff --git a/pkg/client/certmanager/injection/informers/factory/fake/fake.go b/pkg/client/certmanager/injection/informers/factory/fake/fake.go new file mode 100644 index 000000000000..c7fbc7f10bd2 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/factory/fake/fake.go @@ -0,0 +1,45 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + externalversions "knative.dev/serving/pkg/client/certmanager/informers/externalversions" + fake "knative.dev/serving/pkg/client/certmanager/injection/client/fake" + factory "knative.dev/serving/pkg/client/certmanager/injection/informers/factory" +) + +var Get = factory.Get + +func init() { + injection.Fake.RegisterInformerFactory(withInformerFactory) +} + +func withInformerFactory(ctx context.Context) context.Context { + c := fake.Get(ctx) + opts := make([]externalversions.SharedInformerOption, 0, 1) + if injection.HasNamespaceScope(ctx) { + opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) + } + return context.WithValue(ctx, factory.Key{}, + externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) +} diff --git a/pkg/client/certmanager/injection/informers/factory/filtered/fake/fake_filtered_factory.go b/pkg/client/certmanager/injection/informers/factory/filtered/fake/fake_filtered_factory.go new file mode 100644 index 000000000000..5d815d5f7cb4 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/factory/filtered/fake/fake_filtered_factory.go @@ -0,0 +1,60 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fakeFilteredFactory + +import ( + context "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + externalversions "knative.dev/serving/pkg/client/certmanager/informers/externalversions" + fake "knative.dev/serving/pkg/client/certmanager/injection/client/fake" + filtered "knative.dev/serving/pkg/client/certmanager/injection/informers/factory/filtered" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterInformerFactory(withInformerFactory) +} + +func withInformerFactory(ctx context.Context) context.Context { + c := fake.Get(ctx) + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + for _, selector := range labelSelectors { + selectorVal := selector + opts := []externalversions.SharedInformerOption{} + if injection.HasNamespaceScope(ctx) { + opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) + } + opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { + l.LabelSelector = selectorVal + })) + ctx = context.WithValue(ctx, filtered.Key{Selector: selectorVal}, + externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) + } + return ctx +} diff --git a/pkg/client/certmanager/injection/informers/factory/filtered/filtered_factory.go b/pkg/client/certmanager/injection/informers/factory/filtered/filtered_factory.go new file mode 100644 index 000000000000..68bd2b855a97 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/factory/filtered/filtered_factory.go @@ -0,0 +1,78 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filteredFactory + +import ( + context "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" + externalversions "knative.dev/serving/pkg/client/certmanager/informers/externalversions" + client "knative.dev/serving/pkg/client/certmanager/injection/client" +) + +func init() { + injection.Default.RegisterInformerFactory(withInformerFactory) +} + +// Key is used as the key for associating information with a context.Context. +type Key struct { + Selector string +} + +type LabelKey struct{} + +func WithSelectors(ctx context.Context, selector ...string) context.Context { + return context.WithValue(ctx, LabelKey{}, selector) +} + +func withInformerFactory(ctx context.Context) context.Context { + c := client.Get(ctx) + untyped := ctx.Value(LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + for _, selector := range labelSelectors { + selectorVal := selector + opts := []externalversions.SharedInformerOption{} + if injection.HasNamespaceScope(ctx) { + opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) + } + opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { + l.LabelSelector = selectorVal + })) + ctx = context.WithValue(ctx, Key{Selector: selectorVal}, + externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) + } + return ctx +} + +// Get extracts the InformerFactory from the context. +func Get(ctx context.Context, selector string) externalversions.SharedInformerFactory { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/serving/pkg/client/certmanager/informers/externalversions.SharedInformerFactory with selector %s from context.", selector) + } + return untyped.(externalversions.SharedInformerFactory) +} diff --git a/pkg/client/certmanager/listers/acme/v1/challenge.go b/pkg/client/certmanager/listers/acme/v1/challenge.go new file mode 100644 index 000000000000..83a527f6c7c1 --- /dev/null +++ b/pkg/client/certmanager/listers/acme/v1/challenge.go @@ -0,0 +1,99 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ChallengeLister helps list Challenges. +// All objects returned here must be treated as read-only. +type ChallengeLister interface { + // List lists all Challenges in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Challenge, err error) + // Challenges returns an object that can list and get Challenges. + Challenges(namespace string) ChallengeNamespaceLister + ChallengeListerExpansion +} + +// challengeLister implements the ChallengeLister interface. +type challengeLister struct { + indexer cache.Indexer +} + +// NewChallengeLister returns a new ChallengeLister. +func NewChallengeLister(indexer cache.Indexer) ChallengeLister { + return &challengeLister{indexer: indexer} +} + +// List lists all Challenges in the indexer. +func (s *challengeLister) List(selector labels.Selector) (ret []*v1.Challenge, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Challenge)) + }) + return ret, err +} + +// Challenges returns an object that can list and get Challenges. +func (s *challengeLister) Challenges(namespace string) ChallengeNamespaceLister { + return challengeNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// ChallengeNamespaceLister helps list and get Challenges. +// All objects returned here must be treated as read-only. +type ChallengeNamespaceLister interface { + // List lists all Challenges in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Challenge, err error) + // Get retrieves the Challenge from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.Challenge, error) + ChallengeNamespaceListerExpansion +} + +// challengeNamespaceLister implements the ChallengeNamespaceLister +// interface. +type challengeNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Challenges in the indexer for a given namespace. +func (s challengeNamespaceLister) List(selector labels.Selector) (ret []*v1.Challenge, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Challenge)) + }) + return ret, err +} + +// Get retrieves the Challenge from the indexer for a given namespace and name. +func (s challengeNamespaceLister) Get(name string) (*v1.Challenge, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("challenge"), name) + } + return obj.(*v1.Challenge), nil +} diff --git a/pkg/client/certmanager/listers/acme/v1/expansion_generated.go b/pkg/client/certmanager/listers/acme/v1/expansion_generated.go new file mode 100644 index 000000000000..f475243466b0 --- /dev/null +++ b/pkg/client/certmanager/listers/acme/v1/expansion_generated.go @@ -0,0 +1,35 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +// ChallengeListerExpansion allows custom methods to be added to +// ChallengeLister. +type ChallengeListerExpansion interface{} + +// ChallengeNamespaceListerExpansion allows custom methods to be added to +// ChallengeNamespaceLister. +type ChallengeNamespaceListerExpansion interface{} + +// OrderListerExpansion allows custom methods to be added to +// OrderLister. +type OrderListerExpansion interface{} + +// OrderNamespaceListerExpansion allows custom methods to be added to +// OrderNamespaceLister. +type OrderNamespaceListerExpansion interface{} diff --git a/pkg/client/certmanager/listers/acme/v1/order.go b/pkg/client/certmanager/listers/acme/v1/order.go new file mode 100644 index 000000000000..20f5dabfc235 --- /dev/null +++ b/pkg/client/certmanager/listers/acme/v1/order.go @@ -0,0 +1,99 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// OrderLister helps list Orders. +// All objects returned here must be treated as read-only. +type OrderLister interface { + // List lists all Orders in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Order, err error) + // Orders returns an object that can list and get Orders. + Orders(namespace string) OrderNamespaceLister + OrderListerExpansion +} + +// orderLister implements the OrderLister interface. +type orderLister struct { + indexer cache.Indexer +} + +// NewOrderLister returns a new OrderLister. +func NewOrderLister(indexer cache.Indexer) OrderLister { + return &orderLister{indexer: indexer} +} + +// List lists all Orders in the indexer. +func (s *orderLister) List(selector labels.Selector) (ret []*v1.Order, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Order)) + }) + return ret, err +} + +// Orders returns an object that can list and get Orders. +func (s *orderLister) Orders(namespace string) OrderNamespaceLister { + return orderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// OrderNamespaceLister helps list and get Orders. +// All objects returned here must be treated as read-only. +type OrderNamespaceLister interface { + // List lists all Orders in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Order, err error) + // Get retrieves the Order from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.Order, error) + OrderNamespaceListerExpansion +} + +// orderNamespaceLister implements the OrderNamespaceLister +// interface. +type orderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Orders in the indexer for a given namespace. +func (s orderNamespaceLister) List(selector labels.Selector) (ret []*v1.Order, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Order)) + }) + return ret, err +} + +// Get retrieves the Order from the indexer for a given namespace and name. +func (s orderNamespaceLister) Get(name string) (*v1.Order, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("order"), name) + } + return obj.(*v1.Order), nil +} diff --git a/pkg/client/certmanager/listers/certmanager/v1/certificate.go b/pkg/client/certmanager/listers/certmanager/v1/certificate.go new file mode 100644 index 000000000000..1e3519666877 --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/certificate.go @@ -0,0 +1,99 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// CertificateLister helps list Certificates. +// All objects returned here must be treated as read-only. +type CertificateLister interface { + // List lists all Certificates in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Certificate, err error) + // Certificates returns an object that can list and get Certificates. + Certificates(namespace string) CertificateNamespaceLister + CertificateListerExpansion +} + +// certificateLister implements the CertificateLister interface. +type certificateLister struct { + indexer cache.Indexer +} + +// NewCertificateLister returns a new CertificateLister. +func NewCertificateLister(indexer cache.Indexer) CertificateLister { + return &certificateLister{indexer: indexer} +} + +// List lists all Certificates in the indexer. +func (s *certificateLister) List(selector labels.Selector) (ret []*v1.Certificate, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Certificate)) + }) + return ret, err +} + +// Certificates returns an object that can list and get Certificates. +func (s *certificateLister) Certificates(namespace string) CertificateNamespaceLister { + return certificateNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// CertificateNamespaceLister helps list and get Certificates. +// All objects returned here must be treated as read-only. +type CertificateNamespaceLister interface { + // List lists all Certificates in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Certificate, err error) + // Get retrieves the Certificate from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.Certificate, error) + CertificateNamespaceListerExpansion +} + +// certificateNamespaceLister implements the CertificateNamespaceLister +// interface. +type certificateNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Certificates in the indexer for a given namespace. +func (s certificateNamespaceLister) List(selector labels.Selector) (ret []*v1.Certificate, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Certificate)) + }) + return ret, err +} + +// Get retrieves the Certificate from the indexer for a given namespace and name. +func (s certificateNamespaceLister) Get(name string) (*v1.Certificate, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("certificate"), name) + } + return obj.(*v1.Certificate), nil +} diff --git a/pkg/client/certmanager/listers/certmanager/v1/certificaterequest.go b/pkg/client/certmanager/listers/certmanager/v1/certificaterequest.go new file mode 100644 index 000000000000..5c29cc6ef7bd --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/certificaterequest.go @@ -0,0 +1,99 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// CertificateRequestLister helps list CertificateRequests. +// All objects returned here must be treated as read-only. +type CertificateRequestLister interface { + // List lists all CertificateRequests in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) + // CertificateRequests returns an object that can list and get CertificateRequests. + CertificateRequests(namespace string) CertificateRequestNamespaceLister + CertificateRequestListerExpansion +} + +// certificateRequestLister implements the CertificateRequestLister interface. +type certificateRequestLister struct { + indexer cache.Indexer +} + +// NewCertificateRequestLister returns a new CertificateRequestLister. +func NewCertificateRequestLister(indexer cache.Indexer) CertificateRequestLister { + return &certificateRequestLister{indexer: indexer} +} + +// List lists all CertificateRequests in the indexer. +func (s *certificateRequestLister) List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.CertificateRequest)) + }) + return ret, err +} + +// CertificateRequests returns an object that can list and get CertificateRequests. +func (s *certificateRequestLister) CertificateRequests(namespace string) CertificateRequestNamespaceLister { + return certificateRequestNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// CertificateRequestNamespaceLister helps list and get CertificateRequests. +// All objects returned here must be treated as read-only. +type CertificateRequestNamespaceLister interface { + // List lists all CertificateRequests in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) + // Get retrieves the CertificateRequest from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.CertificateRequest, error) + CertificateRequestNamespaceListerExpansion +} + +// certificateRequestNamespaceLister implements the CertificateRequestNamespaceLister +// interface. +type certificateRequestNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all CertificateRequests in the indexer for a given namespace. +func (s certificateRequestNamespaceLister) List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.CertificateRequest)) + }) + return ret, err +} + +// Get retrieves the CertificateRequest from the indexer for a given namespace and name. +func (s certificateRequestNamespaceLister) Get(name string) (*v1.CertificateRequest, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("certificaterequest"), name) + } + return obj.(*v1.CertificateRequest), nil +} diff --git a/pkg/client/certmanager/listers/certmanager/v1/clusterissuer.go b/pkg/client/certmanager/listers/certmanager/v1/clusterissuer.go new file mode 100644 index 000000000000..0815320a8d8c --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/clusterissuer.go @@ -0,0 +1,68 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerLister helps list ClusterIssuers. +// All objects returned here must be treated as read-only. +type ClusterIssuerLister interface { + // List lists all ClusterIssuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) + // Get retrieves the ClusterIssuer from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterIssuer, error) + ClusterIssuerListerExpansion +} + +// clusterIssuerLister implements the ClusterIssuerLister interface. +type clusterIssuerLister struct { + indexer cache.Indexer +} + +// NewClusterIssuerLister returns a new ClusterIssuerLister. +func NewClusterIssuerLister(indexer cache.Indexer) ClusterIssuerLister { + return &clusterIssuerLister{indexer: indexer} +} + +// List lists all ClusterIssuers in the indexer. +func (s *clusterIssuerLister) List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterIssuer)) + }) + return ret, err +} + +// Get retrieves the ClusterIssuer from the index for a given name. +func (s *clusterIssuerLister) Get(name string) (*v1.ClusterIssuer, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusterissuer"), name) + } + return obj.(*v1.ClusterIssuer), nil +} diff --git a/pkg/client/certmanager/listers/certmanager/v1/expansion_generated.go b/pkg/client/certmanager/listers/certmanager/v1/expansion_generated.go new file mode 100644 index 000000000000..e5d163d8e409 --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/expansion_generated.go @@ -0,0 +1,47 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +// CertificateListerExpansion allows custom methods to be added to +// CertificateLister. +type CertificateListerExpansion interface{} + +// CertificateNamespaceListerExpansion allows custom methods to be added to +// CertificateNamespaceLister. +type CertificateNamespaceListerExpansion interface{} + +// CertificateRequestListerExpansion allows custom methods to be added to +// CertificateRequestLister. +type CertificateRequestListerExpansion interface{} + +// CertificateRequestNamespaceListerExpansion allows custom methods to be added to +// CertificateRequestNamespaceLister. +type CertificateRequestNamespaceListerExpansion interface{} + +// ClusterIssuerListerExpansion allows custom methods to be added to +// ClusterIssuerLister. +type ClusterIssuerListerExpansion interface{} + +// IssuerListerExpansion allows custom methods to be added to +// IssuerLister. +type IssuerListerExpansion interface{} + +// IssuerNamespaceListerExpansion allows custom methods to be added to +// IssuerNamespaceLister. +type IssuerNamespaceListerExpansion interface{} diff --git a/pkg/client/certmanager/listers/certmanager/v1/issuer.go b/pkg/client/certmanager/listers/certmanager/v1/issuer.go new file mode 100644 index 000000000000..df6a2fc451d2 --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/issuer.go @@ -0,0 +1,99 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// IssuerLister helps list Issuers. +// All objects returned here must be treated as read-only. +type IssuerLister interface { + // List lists all Issuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Issuer, err error) + // Issuers returns an object that can list and get Issuers. + Issuers(namespace string) IssuerNamespaceLister + IssuerListerExpansion +} + +// issuerLister implements the IssuerLister interface. +type issuerLister struct { + indexer cache.Indexer +} + +// NewIssuerLister returns a new IssuerLister. +func NewIssuerLister(indexer cache.Indexer) IssuerLister { + return &issuerLister{indexer: indexer} +} + +// List lists all Issuers in the indexer. +func (s *issuerLister) List(selector labels.Selector) (ret []*v1.Issuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Issuer)) + }) + return ret, err +} + +// Issuers returns an object that can list and get Issuers. +func (s *issuerLister) Issuers(namespace string) IssuerNamespaceLister { + return issuerNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// IssuerNamespaceLister helps list and get Issuers. +// All objects returned here must be treated as read-only. +type IssuerNamespaceLister interface { + // List lists all Issuers in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Issuer, err error) + // Get retrieves the Issuer from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.Issuer, error) + IssuerNamespaceListerExpansion +} + +// issuerNamespaceLister implements the IssuerNamespaceLister +// interface. +type issuerNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Issuers in the indexer for a given namespace. +func (s issuerNamespaceLister) List(selector labels.Selector) (ret []*v1.Issuer, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Issuer)) + }) + return ret, err +} + +// Get retrieves the Issuer from the indexer for a given namespace and name. +func (s issuerNamespaceLister) Get(name string) (*v1.Issuer, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("issuer"), name) + } + return obj.(*v1.Issuer), nil +} diff --git a/pkg/client/certmanager/testing/factory.go b/pkg/client/certmanager/testing/factory.go new file mode 100644 index 000000000000..f2da89b17b70 --- /dev/null +++ b/pkg/client/certmanager/testing/factory.go @@ -0,0 +1,108 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package testing + +import ( + "context" + "testing" + + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + ktesting "k8s.io/client-go/testing" + "k8s.io/client-go/tools/record" + fakenetworkingclient "knative.dev/networking/pkg/client/injection/client/fake" + fakekubeclient "knative.dev/pkg/client/injection/kube/client/fake" + "knative.dev/pkg/reconciler" + fakecertmanagerclient "knative.dev/serving/pkg/client/certmanager/injection/client/fake" + + "knative.dev/pkg/configmap" + "knative.dev/pkg/controller" + "knative.dev/pkg/logging" + logtesting "knative.dev/pkg/logging/testing" + rtesting "knative.dev/pkg/reconciler/testing" +) + +// Ctor functions create a k8s controller with given params. +type Ctor func(context.Context, *Listers, configmap.Watcher) controller.Reconciler + +// MakeFactory creates a reconciler factory with fake clients and controller created by `ctor`. +func MakeFactory(ctor Ctor) rtesting.Factory { + return func(t *testing.T, r *rtesting.TableRow) ( + controller.Reconciler, rtesting.ActionRecorderList, rtesting.EventList) { + ls := NewListers(r.Objects) + + ctx := r.Ctx + if ctx == nil { + ctx = context.Background() + } + logger := logtesting.TestLogger(t) + ctx = logging.WithLogger(ctx, logger) + + ctx, kubeClient := fakekubeclient.With(ctx, ls.GetKubeObjects()...) + ctx, client := fakenetworkingclient.With(ctx, ls.GetNetworkingObjects()...) + ctx, certManagerClient := fakecertmanagerclient.With(ctx, ls.GetCMCertificateObjects()...) + + eventRecorder := record.NewFakeRecorder(10) + ctx = controller.WithEventRecorder(ctx, eventRecorder) + + // This is needed for the tests that use generated names and + // the object cannot be created beforehand. + kubeClient.PrependReactor("create", "*", + func(action ktesting.Action) (bool, runtime.Object, error) { + ca := action.(ktesting.CreateAction) + ls.IndexerFor(ca.GetObject()).Add(ca.GetObject()) + return false, nil, nil + }, + ) + // This is needed by the Configuration controller tests, which + // use GenerateName to produce Revisions. + rtesting.PrependGenerateNameReactor(&client.Fake) + rtesting.PrependGenerateNameReactor(&certManagerClient.Fake) + rtesting.PrependGenerateNameReactor(&kubeClient.Fake) + + // Set up our Controller from the fakes. + c := ctor(ctx, &ls, configmap.NewStaticWatcher()) + // Update the context with the stuff we decorated it with. + r.Ctx = ctx + + // The Reconciler won't do any work until it becomes the leader. + if la, ok := c.(reconciler.LeaderAware); ok { + la.Promote(reconciler.UniversalBucket(), func(reconciler.Bucket, types.NamespacedName) {}) + } + + for _, reactor := range r.WithReactors { + kubeClient.PrependReactor("*", "*", reactor) + client.PrependReactor("*", "*", reactor) + certManagerClient.PrependReactor("*", "*", reactor) + } + + // Validate all Create operations through the serving client. + client.PrependReactor("create", "*", func(action ktesting.Action) (handled bool, ret runtime.Object, err error) { + // TODO(n3wscott): context.Background is the best we can do at the moment, but it should be set-able. + return rtesting.ValidateCreates(context.Background(), action) + }) + client.PrependReactor("update", "*", func(action ktesting.Action) (handled bool, ret runtime.Object, err error) { + // TODO(n3wscott): context.Background is the best we can do at the moment, but it should be set-able. + return rtesting.ValidateUpdates(context.Background(), action) + }) + + actionRecorderList := rtesting.ActionRecorderList{client, kubeClient, certManagerClient} + eventList := rtesting.EventList{Recorder: eventRecorder} + + return c, actionRecorderList, eventList + } +} diff --git a/pkg/client/certmanager/testing/listers.go b/pkg/client/certmanager/testing/listers.go new file mode 100644 index 000000000000..13a076f699d5 --- /dev/null +++ b/pkg/client/certmanager/testing/listers.go @@ -0,0 +1,129 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package testing + +import ( + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + fakekubeclientset "k8s.io/client-go/kubernetes/fake" + corev1listers "k8s.io/client-go/listers/core/v1" + "k8s.io/client-go/tools/cache" + + networking "knative.dev/networking/pkg/apis/networking/v1alpha1" + fakenetworkingclientset "knative.dev/networking/pkg/client/clientset/versioned/fake" + networkinglisters "knative.dev/networking/pkg/client/listers/networking/v1alpha1" + "knative.dev/pkg/reconciler/testing" + acmelisters "knative.dev/serving/pkg/client/certmanager/listers/acme/v1" + certmanagerlisters "knative.dev/serving/pkg/client/certmanager/listers/certmanager/v1" + + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" +) + +var clientSetSchemes = []func(*runtime.Scheme) error{ + fakenetworkingclientset.AddToScheme, + fakekubeclientset.AddToScheme, + cmv1.AddToScheme, + acmev1.AddToScheme, +} + +type Listers struct { + sorter testing.ObjectSorter +} + +func NewListers(objs []runtime.Object) Listers { + scheme := NewScheme() + + ls := Listers{ + sorter: testing.NewObjectSorter(scheme), + } + + ls.sorter.AddObjects(objs...) + + return ls +} + +func NewScheme() *runtime.Scheme { + scheme := runtime.NewScheme() + + for _, addTo := range clientSetSchemes { + addTo(scheme) + } + return scheme +} + +func (*Listers) NewScheme() *runtime.Scheme { + return NewScheme() +} + +// IndexerFor returns the indexer for the given object. +func (l *Listers) IndexerFor(obj runtime.Object) cache.Indexer { + return l.sorter.IndexerForObjectType(obj) +} + +func (l *Listers) GetNetworkingObjects() []runtime.Object { + return l.sorter.ObjectsForSchemeFunc(fakenetworkingclientset.AddToScheme) +} + +func (l *Listers) GetKubeObjects() []runtime.Object { + return l.sorter.ObjectsForSchemeFunc(fakekubeclientset.AddToScheme) +} + +// GetIngressLister get lister for Ingress resource. +func (l *Listers) GetIngressLister() networkinglisters.IngressLister { + return networkinglisters.NewIngressLister(l.IndexerFor(&networking.Ingress{})) +} + +// GetK8sServiceLister get lister for K8s Service resource. +func (l *Listers) GetK8sServiceLister() corev1listers.ServiceLister { + return corev1listers.NewServiceLister(l.IndexerFor(&corev1.Service{})) +} + +// GetEndpointsLister get lister for K8s Endpoints resource. +func (l *Listers) GetEndpointsLister() corev1listers.EndpointsLister { + return corev1listers.NewEndpointsLister(l.IndexerFor(&corev1.Endpoints{})) +} + +// GetSecretLister get lister for K8s Secret resource. +func (l *Listers) GetSecretLister() corev1listers.SecretLister { + return corev1listers.NewSecretLister(l.IndexerFor(&corev1.Secret{})) +} + +// GetCMCertificateLister gets lister for Cert Manager Certificate resource. +func (l *Listers) GetCMCertificateLister() certmanagerlisters.CertificateLister { + return certmanagerlisters.NewCertificateLister(l.IndexerFor(&cmv1.Certificate{})) +} + +// GetCMClusterIssuerLister gets lister for Cert Manager ClusterIssuer resource. +func (l *Listers) GetCMClusterIssuerLister() certmanagerlisters.ClusterIssuerLister { + return certmanagerlisters.NewClusterIssuerLister(l.IndexerFor(&cmv1.ClusterIssuer{})) +} + +// GetCMChallengeLister gets lister for Cert Manager Challenge resource. +func (l *Listers) GetCMChallengeLister() acmelisters.ChallengeLister { + return acmelisters.NewChallengeLister(l.IndexerFor(&acmev1.Challenge{})) +} + +// GetCMCertificateObjects gets a list of Cert-Manager Certificate objects. +func (l *Listers) GetCMCertificateObjects() []runtime.Object { + return l.sorter.ObjectsForSchemeFunc(cmv1.AddToScheme) +} + +// GetCertificateLister get lister for Certificate resource. +func (l *Listers) GetCertificateLister() networkinglisters.CertificateLister { + return networkinglisters.NewCertificateLister(l.IndexerFor(&networking.Certificate{})) +} diff --git a/pkg/reconciler/certificate/certificate.go b/pkg/reconciler/certificate/certificate.go new file mode 100644 index 000000000000..c0c15a71bde7 --- /dev/null +++ b/pkg/reconciler/certificate/certificate.go @@ -0,0 +1,271 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package certificate + +import ( + "context" + "fmt" + "hash/adler32" + "strconv" + "time" + + cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" + apierrs "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/selection" + "k8s.io/apimachinery/pkg/util/sets" + kubelisters "k8s.io/client-go/listers/core/v1" + + "knative.dev/networking/pkg/apis/networking/v1alpha1" + certreconciler "knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate" + "knative.dev/pkg/apis" + "knative.dev/pkg/controller" + "knative.dev/pkg/logging" + pkgreconciler "knative.dev/pkg/reconciler" + "knative.dev/pkg/tracker" + certmanagerclientset "knative.dev/serving/pkg/client/certmanager/clientset/versioned" + acmelisters "knative.dev/serving/pkg/client/certmanager/listers/acme/v1" + certmanagerlisters "knative.dev/serving/pkg/client/certmanager/listers/certmanager/v1" + "knative.dev/serving/pkg/reconciler/certificate/config" + "knative.dev/serving/pkg/reconciler/certificate/resources" +) + +const ( + noCMConditionReason = "NoCertManagerCertCondition" + noCMConditionMessage = "The ready condition of Cert Manager Certificate does not exist." + notReconciledReason = "ReconcileFailed" + notReconciledMessage = "Cert-Manager certificate has not yet been reconciled." + httpDomainLabel = "acme.cert-manager.io/http-domain" + httpChallengePath = "/.well-known/acme-challenge" + renewingEvent = "Renewing" +) + +// It comes from cert-manager status: +// https://github.com/cert-manager/cert-manager/blob/b7e83b53820e712e7cf6b8dce3e5a050f249da79/pkg/controller/certificates/sync.go#L130 +var notReadyReasons = sets.NewString("InProgress", "Pending", "TemporaryCertificate") + +var certificateCondSet = apis.NewLivingConditionSet(apis.ConditionReady) + +// Reconciler implements controller.Reconciler for Certificate resources. +type Reconciler struct { + // listers index properties about resources + cmCertificateLister certmanagerlisters.CertificateLister + cmChallengeLister acmelisters.ChallengeLister + cmIssuerLister certmanagerlisters.ClusterIssuerLister + svcLister kubelisters.ServiceLister + certManagerClient certmanagerclientset.Interface + tracker tracker.Interface +} + +// Check that our Reconciler implements certreconciler.Interface +var _ certreconciler.Interface = (*Reconciler)(nil) + +func (c *Reconciler) ReconcileKind(ctx context.Context, knCert *v1alpha1.Certificate) pkgreconciler.Event { + // Reconcile this copy of the Certificate and then write back any status + // updates regardless of whether the reconciliation errored out. + err := c.reconcile(ctx, knCert) + if err != nil { + if knCert.Status.GetCondition(v1alpha1.CertificateConditionReady).Status != corev1.ConditionFalse { + knCert.Status.MarkNotReady(notReconciledReason, notReconciledMessage) + } + } + return err +} + +func (c *Reconciler) reconcile(ctx context.Context, knCert *v1alpha1.Certificate) error { + logger := logging.FromContext(ctx) + + knCert.SetDefaults(ctx) + knCert.Status.InitializeConditions() + + logger.Info("Reconciling Cert-Manager certificate for Knative cert.") + knCert.Status.ObservedGeneration = knCert.Generation + + cmConfig := config.FromContext(ctx).CertManager + + cmCert, errCondition := resources.MakeCertManagerCertificate(cmConfig, knCert) + if errCondition != nil { + knCert.Status.MarkFailed(errCondition.Reason, errCondition.Message) + return fmt.Errorf(errCondition.Message) + } + + cmCert, err := c.reconcileCMCertificate(ctx, knCert, cmCert) + if err != nil { + return err + } + + knCert.Status.NotAfter = cmCert.Status.NotAfter + + // Propagate cert-manager Certificate status to Knative Certificate. + cmCertReadyCondition := resources.GetReadyCondition(cmCert) + logger.Infof("cm cert condition %v.", cmCertReadyCondition) + + switch { + case cmCertReadyCondition == nil: + knCert.Status.MarkNotReady(noCMConditionReason, noCMConditionMessage) + return c.setHTTP01Challenges(ctx, knCert, cmCert) + case cmCertReadyCondition.Status == cmmeta.ConditionUnknown: + knCert.Status.MarkNotReady(cmCertReadyCondition.Reason, cmCertReadyCondition.Message) + return c.setHTTP01Challenges(ctx, knCert, cmCert) + case cmCertReadyCondition.Status == cmmeta.ConditionTrue: + if cmCert.Status.RenewalTime != nil && time.Now().After(cmCert.Status.RenewalTime.Time) { + // add a temporary renewing state when cm certificate is being renewed + // this will reconfigure the ingress in order to route HTTP01 challenge traffic + // before cm certificate expiration + // https://github.com/knative-sandbox/net-certmanager/issues/416 + logger.Infof("Cert (%s) has passed its renewal time, setting renewing condition on KCert (%s).", cmCert.Name, knCert.Name) + renewCondition := apis.Condition{ + Type: renewingEvent, + Status: corev1.ConditionTrue, + } + certificateCondSet.Manage(&knCert.Status).SetCondition(renewCondition) + return c.setHTTP01Challenges(ctx, knCert, cmCert) + } + // remove renew condition if exists + certificateCondSet.Manage(&knCert.Status).ClearCondition(renewingEvent) + knCert.Status.MarkReady() + knCert.Status.HTTP01Challenges = []v1alpha1.HTTP01Challenge{} + case cmCertReadyCondition.Status == cmmeta.ConditionFalse: + if notReadyReasons.Has(cmCertReadyCondition.Reason) { + knCert.Status.MarkNotReady(cmCertReadyCondition.Reason, cmCertReadyCondition.Message) + } else { + knCert.Status.MarkFailed(cmCertReadyCondition.Reason, cmCertReadyCondition.Message) + } + return c.setHTTP01Challenges(ctx, knCert, cmCert) + } + return nil +} + +func (c *Reconciler) reconcileCMCertificate(ctx context.Context, knCert *v1alpha1.Certificate, desired *cmv1.Certificate) (*cmv1.Certificate, error) { + recorder := controller.GetEventRecorder(ctx) + + cmCert, err := c.cmCertificateLister.Certificates(desired.Namespace).Get(desired.Name) + if apierrs.IsNotFound(err) { + cmCert, err = c.certManagerClient.CertmanagerV1().Certificates(desired.Namespace).Create(ctx, desired, metav1.CreateOptions{}) + if err != nil { + recorder.Eventf(knCert, corev1.EventTypeWarning, "CreationFailed", + "Failed to create Cert-Manager Certificate %s/%s: %v", desired.Name, desired.Namespace, err) + return nil, fmt.Errorf("failed to create Cert-Manager Certificate: %w", err) + } + recorder.Eventf(knCert, corev1.EventTypeNormal, "Created", + "Created Cert-Manager Certificate %s/%s", desired.Namespace, desired.Name) + } else if err != nil { + return nil, fmt.Errorf("failed to get Cert-Manager Certificate: %w", err) + } else if !metav1.IsControlledBy(desired, knCert) { + knCert.Status.MarkResourceNotOwned("CertManagerCertificate", desired.Name) + return nil, fmt.Errorf("knative Certificate %s in namespace %s does not own CertManager Certificate: %s", knCert.Name, knCert.Namespace, desired.Name) + } else if !equality.Semantic.DeepEqual(cmCert.Spec, desired.Spec) { + certCopy := cmCert.DeepCopy() + certCopy.Spec = desired.Spec + updated, err := c.certManagerClient.CertmanagerV1().Certificates(certCopy.Namespace).Update(ctx, certCopy, metav1.UpdateOptions{}) + if err != nil { + recorder.Eventf(knCert, corev1.EventTypeWarning, "UpdateFailed", + "Failed to create Cert-Manager Certificate %s/%s: %v", desired.Namespace, desired.Name, err) + return nil, fmt.Errorf("failed to update Cert-Manager Certificate: %w", err) + } + recorder.Eventf(knCert, corev1.EventTypeNormal, "Updated", + "Updated Spec for Cert-Manager Certificate %s/%s", desired.Namespace, desired.Name) + return updated, nil + } + return cmCert, nil +} + +func (c *Reconciler) setHTTP01Challenges(ctx context.Context, knCert *v1alpha1.Certificate, cmCert *cmv1.Certificate) error { + logger := logging.FromContext(ctx) + if isHTTP, err := c.isHTTPChallenge(cmCert); err != nil { + return err + } else if !isHTTP { + return nil + } + challenges := make([]v1alpha1.HTTP01Challenge, 0, len(cmCert.Spec.DNSNames)) + for _, dnsName := range cmCert.Spec.DNSNames { + // This selector comes from: + // https://github.com/jetstack/cert-manager/blob/1b9b83a4b80068207b0a8070dadb0e760f5095f6/pkg/issuer/acme/http/pod.go#L34 + selector := labels.NewSelector() + value := strconv.FormatUint(uint64(adler32.Checksum([]byte(dnsName))), 10) + req, err := labels.NewRequirement(httpDomainLabel, selection.Equals, []string{value}) + if err != nil { + return fmt.Errorf("failed to create requirement %s=%s: %w", httpDomainLabel, value, err) + } + selector = selector.Add(*req) + + svcs, err := c.svcLister.Services(knCert.Namespace).List(selector) + if err != nil { + return fmt.Errorf("failed to list services: %w", err) + } + if len(svcs) == 0 { + if dnsName == resources.Prefix+knCert.Spec.Domain { + logger.Info("No challenge service found for shortened commonname, could be cached? continuing") + continue + } + //If the cert is renewing, it could be possible that this isn't an error. Should this change depending on the case? + return fmt.Errorf("no challenge solver service for domain %s; selector=%v", dnsName, selector) + } + + for _, svc := range svcs { + if err := c.tracker.TrackReference(svcRef(svc.Namespace, svc.Name), knCert); err != nil { + return err + } + owner := svc.GetOwnerReferences()[0] + cmChallenge, err := c.cmChallengeLister.Challenges(knCert.Namespace).Get(owner.Name) + if err != nil { + return err + } + + challenge := v1alpha1.HTTP01Challenge{ + ServiceName: svc.Name, + ServicePort: svc.Spec.Ports[0].TargetPort, + ServiceNamespace: svc.Namespace, + URL: &apis.URL{ + Scheme: "http", + Path: fmt.Sprintf("%s/%s", httpChallengePath, cmChallenge.Spec.Token), + Host: cmChallenge.Spec.DNSName, + }, + } + challenges = append(challenges, challenge) + } + } + knCert.Status.HTTP01Challenges = challenges + return nil +} + +func (c *Reconciler) isHTTPChallenge(cmCert *cmv1.Certificate) (bool, error) { + var issuer *cmv1.ClusterIssuer + var err error + if issuer, err = c.cmIssuerLister.Get(cmCert.Spec.IssuerRef.Name); err != nil { + return false, err + } + return issuer.Spec.ACME != nil && + len(issuer.Spec.ACME.Solvers) > 0 && + issuer.Spec.ACME.Solvers[0].HTTP01 != nil, nil +} + +func svcRef(namespace, name string) tracker.Reference { + gvk := corev1.SchemeGroupVersion.WithKind("Service") + apiVersion, kind := gvk.ToAPIVersionAndKind() + return tracker.Reference{ + APIVersion: apiVersion, + Kind: kind, + Namespace: namespace, + Name: name, + } +} diff --git a/pkg/reconciler/certificate/certificate_test.go b/pkg/reconciler/certificate/certificate_test.go new file mode 100644 index 000000000000..a4ef1b1719d9 --- /dev/null +++ b/pkg/reconciler/certificate/certificate_test.go @@ -0,0 +1,912 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package certificate + +import ( + "context" + "errors" + "fmt" + "hash/adler32" + "testing" + "time" + + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + corev1 "k8s.io/api/core/v1" + apierrs "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + clientgotesting "k8s.io/client-go/testing" + + netapi "knative.dev/networking/pkg/apis/networking" + "knative.dev/networking/pkg/apis/networking/v1alpha1" + networkingclient "knative.dev/networking/pkg/client/injection/client/fake" + _ "knative.dev/networking/pkg/client/injection/informers/networking/v1alpha1/certificate/fake" + certreconciler "knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate" + netcfg "knative.dev/networking/pkg/config" + "knative.dev/pkg/apis" + duckv1 "knative.dev/pkg/apis/duck/v1" + _ "knative.dev/pkg/client/injection/kube/informers/core/v1/service/fake" + "knative.dev/pkg/configmap" + "knative.dev/pkg/controller" + "knative.dev/pkg/logging" + pkgreconciler "knative.dev/pkg/reconciler" + pkgreconcilertesting "knative.dev/pkg/reconciler/testing" + "knative.dev/pkg/system" + fakecertmanagerclient "knative.dev/serving/pkg/client/certmanager/injection/client/fake" + _ "knative.dev/serving/pkg/client/certmanager/injection/informers/acme/v1/challenge/fake" + _ "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/fake" + _ "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/fake" + certmanagertesting "knative.dev/serving/pkg/client/certmanager/testing" + "knative.dev/serving/pkg/reconciler/certificate/config" + "knative.dev/serving/pkg/reconciler/certificate/resources" +) + +const generation = 23132 + +var ( + correctDNSNames = []string{"correct-dns1.example.com", "correct-dns2.example.com"} + shortenedDNSNames = []string{"k.example.com", "reallyreallyreallyreallyreallyreallylongname.namespace.example.com"} + incorrectDNSNames = []string{"incorrect-dns.example.com"} + exampleDomain = "example.com" + notAfter = &metav1.Time{ + Time: time.Unix(123, 456), + } + clusterLocalIssuer = &cmv1.ClusterIssuer{ + ObjectMeta: metav1.ObjectMeta{ + Name: "knative-selfsigned-issuer", + }, + Spec: cmv1.IssuerSpec{}, + } + systemInternalIssuer = &cmv1.ClusterIssuer{ + ObjectMeta: metav1.ObjectMeta{ + Name: "knative-selfsigned-issuer", + }, + Spec: cmv1.IssuerSpec{}, + } + nonHTTP01Issuer = &cmv1.ClusterIssuer{ + ObjectMeta: metav1.ObjectMeta{ + Name: "Letsencrypt-issuer", + }, + Spec: cmv1.IssuerSpec{}, + } + http01Issuer = &cmv1.ClusterIssuer{ + ObjectMeta: metav1.ObjectMeta{ + Name: "Letsencrypt-issuer", + }, + Spec: cmv1.IssuerSpec{ + IssuerConfig: cmv1.IssuerConfig{ + ACME: &acmev1.ACMEIssuer{ + Solvers: []acmev1.ACMEChallengeSolver{{ + HTTP01: &acmev1.ACMEChallengeSolverHTTP01{}, + }}, + }, + }, + }, + } + + externalCert, _ = resources.MakeCertManagerCertificate(certmanagerConfig(), knCert("knCert", "foo")) + localCert, _ = resources.MakeCertManagerCertificate(certmanagerConfig(), withCertType(knCert("knCert", "foo"), netcfg.CertificateClusterLocalDomain)) + systemInternalCert, _ = resources.MakeCertManagerCertificate(certmanagerConfig(), withCertType(knCert("knCert", "foo"), netcfg.CertificateSystemInternal)) + externalCertShortenedDNSNames, _ = resources.MakeCertManagerCertificate(certmanagerConfig(), knCertShortenedDNSNames("knCert", "foo")) +) + +func TestNewController(t *testing.T) { + ctx, _ := pkgreconcilertesting.SetupFakeContext(t) + + configMapWatcher := configmap.NewStaticWatcher(&corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: config.CertManagerConfigName, + Namespace: system.Namespace(), + }, + Data: map[string]string{ + "issuerRef": "kind: ClusterIssuer\nname: letsencrypt-issuer", + }, + }) + + c := NewController(ctx, configMapWatcher) + if c == nil { + t.Fatal("Expected NewController to return a non-nil value") + } +} + +// This is heavily based on the way the OpenShift Ingress controller tests its reconciliation method. +func TestReconcile(t *testing.T) { + retryAttempted := false + table := pkgreconcilertesting.TableTest{{ + Name: "bad workqueue key", + Key: "too/many/parts", + }, { + Name: "key not found", + Key: "foo/not-found", + }, { + Name: "create CM certificate matching Knative Certificate, with retry", + Objects: []runtime.Object{ + knCert("knCert", "foo"), + nonHTTP01Issuer, + }, + WithReactors: []clientgotesting.ReactionFunc{ + func(action clientgotesting.Action) (handled bool, ret runtime.Object, err error) { + if retryAttempted || !action.Matches("update", "certificates") || action.GetSubresource() != "status" { + return false, nil, nil + } + retryAttempted = true + return true, nil, apierrs.NewConflict(v1alpha1.Resource("foo"), "bar", errors.New("foo")) + }, + }, + WantCreates: []runtime.Object{ + externalCert, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Severity: apis.ConditionSeverityError, + Reason: noCMConditionReason, + Message: noCMConditionMessage, + }}, + }, + }), + }, { + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Severity: apis.ConditionSeverityError, + Reason: noCMConditionReason, + Message: noCMConditionMessage, + }}, + }, + }), + }}, + WantEvents: []string{ + pkgreconcilertesting.Eventf(corev1.EventTypeNormal, "Created", "Created Cert-Manager Certificate %s/%s", "foo", "knCert"), + }, + Key: "foo/knCert", + }, { + Name: "reconcile CM certificate to match desired one", + Objects: []runtime.Object{ + knCert("knCert", "foo"), + cmCert("knCert", "foo", incorrectDNSNames), + nonHTTP01Issuer, + }, + WantUpdates: []clientgotesting.UpdateActionImpl{{ + Object: cmCert("knCert", "foo", correctDNSNames), + }}, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Severity: apis.ConditionSeverityError, + Reason: noCMConditionReason, + Message: noCMConditionMessage, + }}, + }, + }), + }}, + WantEvents: []string{ + pkgreconcilertesting.Eventf(corev1.EventTypeNormal, "Updated", "Updated Spec for Cert-Manager Certificate %s/%s", "foo", "knCert"), + }, + Key: "foo/knCert", + }, { + Name: "observed generation is still updated when error is encountered, and ready status is unknown", + Objects: []runtime.Object{ + knCertWithStatusAndGeneration("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation + 1, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionTrue, + }}, + }, + }, generation+1), + cmCert("knCert", "foo", incorrectDNSNames), + nonHTTP01Issuer, + }, + WantErr: true, + WithReactors: []clientgotesting.ReactionFunc{ + pkgreconcilertesting.InduceFailure("update", "certificates"), + }, + WantUpdates: []clientgotesting.UpdateActionImpl{{ + Object: cmCert("knCert", "foo", correctDNSNames), + }}, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatusAndGeneration("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation + 1, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Severity: apis.ConditionSeverityError, + Reason: notReconciledReason, + Message: notReconciledMessage, + }}, + }, + }, generation+1), + }}, + WantEvents: []string{ + pkgreconcilertesting.Eventf(corev1.EventTypeWarning, "UpdateFailed", "Failed to create Cert-Manager Certificate %s: %v", + "foo/knCert", "inducing failure for update certificates"), + pkgreconcilertesting.Eventf(corev1.EventTypeWarning, "UpdateFailed", "Failed to update status for %q: %v", + "knCert", "inducing failure for update certificates"), + }, + Key: "foo/knCert", + }, { + Name: "set Knative Certificate ready status with CM Certificate ready status", + Objects: []runtime.Object{ + knCert("knCert", "foo"), + cmCertWithStatus("knCert", "foo", correctDNSNames, []cmv1.CertificateCondition{{ + Type: cmv1.CertificateConditionReady, + Status: cmmeta.ConditionTrue}}, nil), + nonHTTP01Issuer, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + NotAfter: notAfter, + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionTrue, + Severity: apis.ConditionSeverityError, + }}, + }, + }), + }}, + Key: "foo/knCert", + }, { + Name: "set Knative Certificate unknown status with CM Certificate unknown status", + Objects: []runtime.Object{ + knCert("knCert", "foo"), + cmCertWithStatus("knCert", "foo", correctDNSNames, []cmv1.CertificateCondition{{ + Type: cmv1.CertificateConditionReady, + Status: cmmeta.ConditionUnknown}}, nil), + nonHTTP01Issuer, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + NotAfter: notAfter, + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Severity: apis.ConditionSeverityError, + }}, + }, + }), + }}, + Key: "foo/knCert", + }, { + Name: "set Knative Certificate not ready status with CM Certificate not ready status", + Objects: []runtime.Object{ + knCert("knCert", "foo"), + cmCertWithStatus("knCert", "foo", correctDNSNames, []cmv1.CertificateCondition{{ + Type: cmv1.CertificateConditionReady, + Status: cmmeta.ConditionFalse}}, nil), + nonHTTP01Issuer, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + NotAfter: notAfter, + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionFalse, + Severity: apis.ConditionSeverityError, + }}, + }, + }), + }}, + Key: "foo/knCert", + }, { + Name: "set Knative Certificate not ready status with details when common name is too long", + Objects: []runtime.Object{ + knCertDomainTooLong("knCert", "foo", &v1alpha1.CertificateStatus{}, 0), + }, + WantErr: true, + WantEvents: []string{ + "Warning InternalError error creating cert-manager certificate: CommonName (reallyreallyreallyreallyreallyreallyreallyreallylong.domainname)(length: 63) too long, prepending short prefix of (k.)(length: 2) will be longer than 64 bytes", + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertDomainTooLong("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: 0, + Conditions: duckv1.Conditions{ + { + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionFalse, + Severity: apis.ConditionSeverityError, + Reason: "CommonName Too Long", + Message: "error creating cert-manager certificate: CommonName (reallyreallyreallyreallyreallyreallyreallyreallylong.domainname)(length: 63) too long, prepending short prefix of (k.)(length: 2) will be longer than 64 bytes", + }, + }, + }, + }, 0), + }}, + Key: "foo/knCert", + }, { + Name: "set Knative Certificate renewing status with CM Certificate Renewing status", + Objects: []runtime.Object{ + knCertWithStatus("knCert", "foo", &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{ + { + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionTrue, + Severity: apis.ConditionSeverityError, + }, + }, + }, + }), + cmCertWithStatus("knCert", "foo", correctDNSNames, []cmv1.CertificateCondition{ + { + Type: cmv1.CertificateConditionReady, + Status: cmmeta.ConditionTrue, + }, + { + Type: cmv1.CertificateConditionIssuing, + Status: cmmeta.ConditionTrue, + Reason: renewingEvent, + }, + }, &metav1.Time{ + Time: time.Now(), + }), + nonHTTP01Issuer, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + NotAfter: notAfter, + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{ + { + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionTrue, + Severity: apis.ConditionSeverityError, + }, + { + Type: renewingEvent, + Status: corev1.ConditionTrue, + Severity: apis.ConditionSeverityError, + }, + }, + }, + }), + }}, + Key: "foo/knCert", + }, { + Name: "set Knative Certificate ready status after a renew with CM Certificate ready status", + Objects: []runtime.Object{ + knCertWithStatus("knCert", "foo", &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{ + { + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionTrue, + Severity: apis.ConditionSeverityError, + }, + { + Type: renewingEvent, + Status: corev1.ConditionTrue, + Severity: apis.ConditionSeverityError, + }, + }, + }, + }), + cmCertWithStatus("knCert", "foo", correctDNSNames, []cmv1.CertificateCondition{ + { + Type: cmv1.CertificateConditionReady, + Status: cmmeta.ConditionTrue, + }, + }, &metav1.Time{ + Time: time.Now().Add(5 * time.Minute), + }), + nonHTTP01Issuer, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + NotAfter: notAfter, + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{ + { + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionTrue, + Severity: apis.ConditionSeverityError, + }, + }, + }, + }), + }}, + Key: "foo/knCert", + }, { + Name: "reconcile cm certificate fails", + Key: "foo/knCert", + Objects: []runtime.Object{ + knCert("knCert", "foo"), + nonHTTP01Issuer, + }, + WantErr: true, + WithReactors: []clientgotesting.ReactionFunc{ + pkgreconcilertesting.InduceFailure("create", "certificates"), + }, + WantEvents: []string{ + pkgreconcilertesting.Eventf(corev1.EventTypeWarning, "CreationFailed", "Failed to create Cert-Manager Certificate knCert/foo: inducing failure for create certificates"), + pkgreconcilertesting.Eventf(corev1.EventTypeWarning, "InternalError", "failed to create Cert-Manager Certificate: inducing failure for create certificates"), + }, + WantCreates: []runtime.Object{ + externalCert, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Reason: notReconciledReason, + Severity: apis.ConditionSeverityError, + Message: notReconciledMessage, + }}, + }, + }), + }}, + }, { + Name: "create clusterLocalIssuer CM certificate matching Knative Certificate, with retry", + Key: "foo/knCert", + Objects: []runtime.Object{ + withCertType(knCert("knCert", "foo"), netcfg.CertificateClusterLocalDomain), + clusterLocalIssuer, + }, + WantErr: true, + WithReactors: []clientgotesting.ReactionFunc{ + pkgreconcilertesting.InduceFailure("create", "certificates"), + }, + WantEvents: []string{ + pkgreconcilertesting.Eventf(corev1.EventTypeWarning, "CreationFailed", "Failed to create Cert-Manager Certificate knCert/foo: inducing failure for create certificates"), + pkgreconcilertesting.Eventf(corev1.EventTypeWarning, "InternalError", "failed to create Cert-Manager Certificate: inducing failure for create certificates"), + }, + WantCreates: []runtime.Object{ + localCert, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: withCertType(knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Reason: notReconciledReason, + Severity: apis.ConditionSeverityError, + Message: notReconciledMessage, + }}, + }, + }), netcfg.CertificateClusterLocalDomain), + }}, + }, { + Name: "create systemInternalIssuer CM certificate matching Knative Certificate, with retry", + Key: "foo/knCert", + Objects: []runtime.Object{ + withCertType(knCert("knCert", "foo"), netcfg.CertificateSystemInternal), + systemInternalIssuer, + }, + WantErr: true, + WithReactors: []clientgotesting.ReactionFunc{ + pkgreconcilertesting.InduceFailure("create", "certificates"), + }, + WantEvents: []string{ + pkgreconcilertesting.Eventf(corev1.EventTypeWarning, "CreationFailed", "Failed to create Cert-Manager Certificate knCert/foo: inducing failure for create certificates"), + pkgreconcilertesting.Eventf(corev1.EventTypeWarning, "InternalError", "failed to create Cert-Manager Certificate: inducing failure for create certificates"), + }, + WantCreates: []runtime.Object{ + systemInternalCert, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: withCertType(knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Reason: notReconciledReason, + Severity: apis.ConditionSeverityError, + Message: notReconciledMessage, + }}, + }, + }), netcfg.CertificateSystemInternal), + }}, + }} + + table.Test(t, certmanagertesting.MakeFactory(func(ctx context.Context, listers *certmanagertesting.Listers, cmw configmap.Watcher) controller.Reconciler { + retryAttempted = false + r := &Reconciler{ + cmCertificateLister: listers.GetCMCertificateLister(), + cmChallengeLister: listers.GetCMChallengeLister(), + cmIssuerLister: listers.GetCMClusterIssuerLister(), + svcLister: listers.GetK8sServiceLister(), + certManagerClient: fakecertmanagerclient.Get(ctx), + tracker: &pkgreconcilertesting.NullTracker{}, + } + return certreconciler.NewReconciler(ctx, logging.FromContext(ctx), networkingclient.Get(ctx), + listers.GetCertificateLister(), controller.GetEventRecorder(ctx), r, + netcfg.CertManagerCertificateClassName, controller.Options{ + ConfigStore: &testConfigStore{ + config: &config.Config{ + CertManager: certmanagerConfig(), + }, + }, + }) + })) +} + +func TestReconcile_HTTP01Challenges(t *testing.T) { + table := pkgreconcilertesting.TableTest{{ + Name: "fail to set status.HTTP01Challenges", + Key: "foo/knCert", + WantErr: true, + Objects: []runtime.Object{ + knCert("knCert", "foo"), + http01Issuer, + }, + WantCreates: []runtime.Object{ + externalCert, + }, + WantEvents: []string{ + pkgreconcilertesting.Eventf(corev1.EventTypeNormal, "Created", "Created Cert-Manager Certificate %s/%s", "foo", "knCert"), + pkgreconcilertesting.Eventf(corev1.EventTypeWarning, "InternalError", "no challenge solver service for domain %s; selector=acme.cert-manager.io/http-domain=1930889501", correctDNSNames[0]), + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Reason: notReconciledReason, + Severity: apis.ConditionSeverityError, + Message: notReconciledMessage, + }}, + }, + }), + }}, + }, { + Name: "set Status.HTTP01Challenges on Knative certificate", + Key: "foo/knCert", + Objects: []runtime.Object{ + cmSolverService(correctDNSNames[0], "foo"), + cmSolverService(correctDNSNames[1], "foo"), + cmChallenge(correctDNSNames[0], "foo"), + cmChallenge(correctDNSNames[1], "foo"), + cmCert("knCert", "foo", correctDNSNames), + knCert("knCert", "foo"), + http01Issuer, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + HTTP01Challenges: []v1alpha1.HTTP01Challenge{{ + URL: &apis.URL{ + Scheme: "http", + Host: correctDNSNames[0], + Path: "/.well-known/acme-challenge/cm-challenge-token", + }, + ServiceName: "cm-solver-" + correctDNSNames[0], + ServiceNamespace: "foo", + }, { + URL: &apis.URL{ + Scheme: "http", + Host: correctDNSNames[1], + Path: "/.well-known/acme-challenge/cm-challenge-token", + }, + ServiceName: "cm-solver-" + correctDNSNames[1], + ServiceNamespace: "foo", + }}, + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Severity: apis.ConditionSeverityError, + Reason: noCMConditionReason, + Message: noCMConditionMessage, + }}, + }, + }), + }}, + }, { + Name: "set Status.HTTP01Challenges on Knative certificate when status failed with InProgress", + Key: "foo/knCert", + Objects: []runtime.Object{ + cmSolverService(correctDNSNames[0], "foo"), + cmSolverService(correctDNSNames[1], "foo"), + cmChallenge(correctDNSNames[0], "foo"), + cmChallenge(correctDNSNames[1], "foo"), + cmCertWithStatus("knCert", "foo", correctDNSNames, []cmv1.CertificateCondition{{ + Type: cmv1.CertificateConditionReady, + Status: cmmeta.ConditionFalse, + Reason: "InProgress"}}, nil), + knCert("knCert", "foo"), + http01Issuer, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: knCertWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + NotAfter: notAfter, + HTTP01Challenges: []v1alpha1.HTTP01Challenge{{ + URL: &apis.URL{ + Scheme: "http", + Host: correctDNSNames[0], + Path: "/.well-known/acme-challenge/cm-challenge-token", + }, + ServiceName: "cm-solver-" + correctDNSNames[0], + ServiceNamespace: "foo", + }, { + URL: &apis.URL{ + Scheme: "http", + Host: correctDNSNames[1], + Path: "/.well-known/acme-challenge/cm-challenge-token", + }, + ServiceName: "cm-solver-" + correctDNSNames[1], + ServiceNamespace: "foo", + }}, + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Severity: apis.ConditionSeverityError, + Reason: "InProgress", + }}, + }, + }), + }}, + }, { + //It is possible for a challenge to not be created for a k.{{Domain}} dnsname, since it may have already been created in a previous Kservice + Name: "set Status.HTTP01Challenges on Knative certificate when shortened domain with prefix (k.) is reused", + Key: "foo/knCert", + Objects: []runtime.Object{ + cmSolverService(shortenedDNSNames[1], "foo"), + cmChallenge(shortenedDNSNames[1], "foo"), + cmCert("knCert", "foo", shortenedDNSNames), + knCertShortenedDNSNames("knCert", "foo"), + http01Issuer, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{ + { + Object: knCertShortenedDNSNamesWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + HTTP01Challenges: []v1alpha1.HTTP01Challenge{{ + URL: &apis.URL{ + Scheme: "http", + Host: shortenedDNSNames[1], + Path: "/.well-known/acme-challenge/cm-challenge-token", + }, + ServiceName: "cm-solver-" + shortenedDNSNames[1], + ServiceNamespace: "foo", + }}, + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Severity: apis.ConditionSeverityError, + Reason: noCMConditionReason, + Message: noCMConditionMessage, + }}, + }, + }), + }, + }, + WantUpdates: []clientgotesting.UpdateActionImpl{{ + Object: externalCertShortenedDNSNames, + }}, + WantEvents: []string{ + pkgreconcilertesting.Eventf(corev1.EventTypeNormal, "Updated", "Updated Spec for Cert-Manager Certificate %s/%s", "foo", "knCert"), + }, + }} + + table.Test(t, certmanagertesting.MakeFactory(func(ctx context.Context, listers *certmanagertesting.Listers, cmw configmap.Watcher) controller.Reconciler { + r := &Reconciler{ + cmCertificateLister: listers.GetCMCertificateLister(), + cmChallengeLister: listers.GetCMChallengeLister(), + cmIssuerLister: listers.GetCMClusterIssuerLister(), + svcLister: listers.GetK8sServiceLister(), + certManagerClient: fakecertmanagerclient.Get(ctx), + tracker: &pkgreconcilertesting.NullTracker{}, + } + return certreconciler.NewReconciler(ctx, logging.FromContext(ctx), networkingclient.Get(ctx), + listers.GetCertificateLister(), controller.GetEventRecorder(ctx), r, + netcfg.CertManagerCertificateClassName, controller.Options{ + ConfigStore: &testConfigStore{ + config: &config.Config{ + CertManager: certmanagerConfig(), + }, + }, + }) + })) +} + +type testConfigStore struct { + config *config.Config +} + +func (t *testConfigStore) ToContext(ctx context.Context) context.Context { + return config.ToContext(ctx, t.config) +} + +var _ pkgreconciler.ConfigStore = (*testConfigStore)(nil) + +func certmanagerConfig() *config.CertManagerConfig { + return &config.CertManagerConfig{ + IssuerRef: &cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "Letsencrypt-issuer", + }, + ClusterLocalIssuerRef: &cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "knative-selfsigned-issuer", + }, + SystemInternalIssuerRef: &cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "knative-selfsigned-issuer", + }, + } +} + +func knCert(name, namespace string) *v1alpha1.Certificate { + return knCertWithStatus(name, namespace, &v1alpha1.CertificateStatus{}) +} + +func knCertShortenedDNSNames(name, namespace string) *v1alpha1.Certificate { + cert := knCertWithStatus(name, namespace, &v1alpha1.CertificateStatus{}) + cert.Spec.DNSNames = shortenedDNSNames + return cert +} + +func knCertDomainTooLong(name, namespace string, status *v1alpha1.CertificateStatus, gen int) *v1alpha1.Certificate { + return &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + Generation: int64(gen), + Annotations: map[string]string{ + netapi.CertificateClassAnnotationKey: netcfg.CertManagerCertificateClassName, + }, + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: []string{"hello.ns.reallyreallyreallyreallyreallyreallyreallyreallylong.domainname"}, + Domain: "reallyreallyreallyreallyreallyreallyreallyreallylong.domainname", + SecretName: "secret0", + }, + Status: *status, + } +} + +func knCertWithStatus(name, namespace string, status *v1alpha1.CertificateStatus) *v1alpha1.Certificate { + return knCertWithStatusAndGeneration(name, namespace, status, generation) +} + +func knCertShortenedDNSNamesWithStatus(name, namespace string, status *v1alpha1.CertificateStatus) *v1alpha1.Certificate { + cert := knCertWithStatus(name, namespace, status) + cert.Spec.DNSNames = shortenedDNSNames + return cert +} + +func knCertWithStatusAndGeneration(name, namespace string, status *v1alpha1.CertificateStatus, gen int) *v1alpha1.Certificate { + return &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + Generation: int64(gen), + Annotations: map[string]string{ + netapi.CertificateClassAnnotationKey: netcfg.CertManagerCertificateClassName, + }, + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: correctDNSNames, + Domain: exampleDomain, + SecretName: "secret0", + }, + Status: *status, + } +} + +func withCertType(certificate *v1alpha1.Certificate, certType netcfg.CertificateType) *v1alpha1.Certificate { + if certificate.ObjectMeta.Labels == nil { + certificate.ObjectMeta.Labels = map[string]string{} + } + certificate.ObjectMeta.Labels[netapi.CertificateTypeLabelKey] = string(certType) + return certificate +} + +func cmCert(name, namespace string, dnsNames []string) *cmv1.Certificate { + cert, _ := resources.MakeCertManagerCertificate(certmanagerConfig(), knCert(name, namespace)) + cert.Spec.DNSNames = dnsNames + return cert +} + +func cmCertWithStatus(name, namespace string, dnsNames []string, conditions []cmv1.CertificateCondition, renewalTime *metav1.Time) *cmv1.Certificate { + cert := cmCert(name, namespace, dnsNames) + cert.Status.Conditions = conditions + cert.Status.NotAfter = notAfter + cert.Status.RenewalTime = renewalTime + return cert +} + +func cmChallenge(hostname, namespace string) *acmev1.Challenge { + return &acmev1.Challenge{ + ObjectMeta: metav1.ObjectMeta{ + Name: "challenge-" + hostname, + Namespace: namespace, + }, + Spec: acmev1.ChallengeSpec{ + Type: "http01", + DNSName: hostname, + Token: "cm-challenge-token", + }, + } +} + +func cmSolverService(hostname, namespace string) *corev1.Service { + return &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + OwnerReferences: []metav1.OwnerReference{{ + Name: "challenge-" + hostname, + }}, + Name: "cm-solver-" + hostname, + Namespace: namespace, + Labels: map[string]string{ + httpDomainLabel: fmt.Sprintf("%d", adler32.Checksum([]byte(hostname))), + }, + }, + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{ + Port: 8090, + Protocol: "tcp", + }}, + }, + } + +} diff --git a/pkg/reconciler/certificate/config/cert_manager.go b/pkg/reconciler/certificate/config/cert_manager.go new file mode 100644 index 000000000000..a00b5c6beb8a --- /dev/null +++ b/pkg/reconciler/certificate/config/cert_manager.go @@ -0,0 +1,78 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config + +import ( + "github.com/ghodss/yaml" + + cmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + corev1 "k8s.io/api/core/v1" +) + +const ( + issuerRefKey = "issuerRef" + clusterLocalIssuerRefKey = "clusterLocalIssuerRef" + systemInternalIssuerRef = "systemInternalIssuerRef" + + // CertManagerConfigName is the name of the configmap containing all + // configuration related to Cert-Manager. + CertManagerConfigName = "config-certmanager" +) + +// has to match the values in config/knative-cluster-issuer.yaml +var knativeSelfSignedIssuer = &cmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "knative-selfsigned-issuer", +} + +// CertManagerConfig contains Cert-Manager related configuration defined in the +// `config-certmanager` config map. +type CertManagerConfig struct { + IssuerRef *cmeta.ObjectReference + ClusterLocalIssuerRef *cmeta.ObjectReference + SystemInternalIssuerRef *cmeta.ObjectReference +} + +// NewCertManagerConfigFromConfigMap creates an CertManagerConfig from the supplied ConfigMap +func NewCertManagerConfigFromConfigMap(configMap *corev1.ConfigMap) (*CertManagerConfig, error) { + // Use Knative self-signed ClusterIssuer as default + config := &CertManagerConfig{ + IssuerRef: knativeSelfSignedIssuer, + ClusterLocalIssuerRef: knativeSelfSignedIssuer, + SystemInternalIssuerRef: knativeSelfSignedIssuer, + } + + if v, ok := configMap.Data[issuerRefKey]; ok { + if err := yaml.Unmarshal([]byte(v), config.IssuerRef); err != nil { + return nil, err + } + } + + if v, ok := configMap.Data[clusterLocalIssuerRefKey]; ok { + if err := yaml.Unmarshal([]byte(v), config.ClusterLocalIssuerRef); err != nil { + return nil, err + } + } + + if v, ok := configMap.Data[systemInternalIssuerRef]; ok { + if err := yaml.Unmarshal([]byte(v), config.SystemInternalIssuerRef); err != nil { + return nil, err + } + } + + return config, nil +} diff --git a/pkg/reconciler/certificate/config/cert_manager_test.go b/pkg/reconciler/certificate/config/cert_manager_test.go new file mode 100644 index 000000000000..709d412d8b7d --- /dev/null +++ b/pkg/reconciler/certificate/config/cert_manager_test.go @@ -0,0 +1,137 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config + +import ( + "testing" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + "github.com/google/go-cmp/cmp" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + configmaptesting "knative.dev/pkg/configmap/testing" + "knative.dev/pkg/system" + _ "knative.dev/pkg/system/testing" +) + +func TestCertManagerConfig(t *testing.T) { + cm, example := configmaptesting.ConfigMapsFromTestFile(t, CertManagerConfigName) + + if _, err := NewCertManagerConfigFromConfigMap(cm); err != nil { + t.Errorf("NewCertManagerConfigFromConfigMap(actual) = %v", err) + } + + if _, err := NewCertManagerConfigFromConfigMap(example); err != nil { + t.Errorf("NewCertManagerConfigFromConfigMap(actual) = %v", err) + } +} + +func TestIssuerRef(t *testing.T) { + isserRefCases := []struct { + name string + wantErr bool + wantConfig *CertManagerConfig + config *corev1.ConfigMap + }{{ + name: "invalid format", + wantErr: true, + wantConfig: (*CertManagerConfig)(nil), + config: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: system.Namespace(), + Name: CertManagerConfigName, + }, + Data: map[string]string{ + issuerRefKey: "wrong format", + clusterLocalIssuerRefKey: "wrong format", + systemInternalIssuerRef: "wrong format", + }, + }, + }, { + name: "valid IssuerRef", + wantErr: false, + wantConfig: &CertManagerConfig{ + IssuerRef: &cmmeta.ObjectReference{ + Name: "letsencrypt-issuer", + Kind: "ClusterIssuer", + }, + ClusterLocalIssuerRef: knativeSelfSignedIssuer, + SystemInternalIssuerRef: knativeSelfSignedIssuer, + }, + config: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: system.Namespace(), + Name: CertManagerConfigName, + }, + Data: map[string]string{ + issuerRefKey: "kind: ClusterIssuer\nname: letsencrypt-issuer", + }, + }, + }, { + name: "valid ClusterLocalIssuerRef", + wantErr: false, + wantConfig: &CertManagerConfig{ + IssuerRef: knativeSelfSignedIssuer, + ClusterLocalIssuerRef: &cmmeta.ObjectReference{ + Name: "cluster-local-issuer", + Kind: "ClusterIssuer", + }, + SystemInternalIssuerRef: knativeSelfSignedIssuer, + }, + config: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: system.Namespace(), + Name: CertManagerConfigName, + }, + Data: map[string]string{ + clusterLocalIssuerRefKey: "kind: ClusterIssuer\nname: cluster-local-issuer", + }, + }, + }, { + name: "valid SystemInternalIssuerRef", + wantErr: false, + wantConfig: &CertManagerConfig{ + IssuerRef: knativeSelfSignedIssuer, + ClusterLocalIssuerRef: knativeSelfSignedIssuer, + SystemInternalIssuerRef: &cmmeta.ObjectReference{ + Name: "system-internal-issuer", + Kind: "ClusterIssuer", + }, + }, + config: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: system.Namespace(), + Name: CertManagerConfigName, + }, + Data: map[string]string{ + clusterLocalIssuerRefKey: "kind: ClusterIssuer\nname: system-internal-issuer", + }, + }, + }} + + for _, tt := range isserRefCases { + t.Run(tt.name, func(t *testing.T) { + actualConfig, err := NewCertManagerConfigFromConfigMap(tt.config) + if (err != nil) != tt.wantErr { + t.Fatalf("Test: %q; NewCertManagerConfigFromConfigMap() error = %v, WantErr %v", tt.name, err, tt.wantErr) + } + if diff := cmp.Diff(actualConfig, tt.wantConfig); diff != "" { + t.Fatalf("Want %v, but got %v", tt.wantConfig, actualConfig) + } + }) + } +} diff --git a/pkg/reconciler/certificate/config/doc.go b/pkg/reconciler/certificate/config/doc.go new file mode 100644 index 000000000000..507f80341fc0 --- /dev/null +++ b/pkg/reconciler/certificate/config/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package +// Package config holds the typed objects that define the schemas for +// assorted ConfigMap objects on which the Certificate controller depends. +package config diff --git a/pkg/reconciler/certificate/config/store.go b/pkg/reconciler/certificate/config/store.go new file mode 100644 index 000000000000..c56d2a1b085f --- /dev/null +++ b/pkg/reconciler/certificate/config/store.go @@ -0,0 +1,83 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config + +import ( + "context" + + "knative.dev/pkg/configmap" +) + +type cfgKey struct{} + +// Config of CertManager. +// +k8s:deepcopy-gen=false +type Config struct { + CertManager *CertManagerConfig +} + +// FromContext fetch config from context. +func FromContext(ctx context.Context) *Config { + return ctx.Value(cfgKey{}).(*Config) +} + +// ToContext adds config to given context. +func ToContext(ctx context.Context, c *Config) context.Context { + return context.WithValue(ctx, cfgKey{}, c) +} + +// Store is configmap.UntypedStore based config store. +// +k8s:deepcopy-gen=false +type Store struct { + *configmap.UntypedStore +} + +// NewStore creates a configmap.UntypedStore based config store. +// +// logger must be non-nil implementation of configmap.Logger (commonly used +// loggers conform) +// +// onAfterStore is a variadic list of callbacks to run +// after the ConfigMap has been processed and stored. +// +// See also: configmap.NewUntypedStore(). +func NewStore(logger configmap.Logger, onAfterStore ...func(name string, value interface{})) *Store { + store := &Store{ + UntypedStore: configmap.NewUntypedStore( + "certificate", + logger, + configmap.Constructors{ + CertManagerConfigName: NewCertManagerConfigFromConfigMap, + }, + onAfterStore..., + ), + } + + return store +} + +// ToContext adds Store contents to given context. +func (s *Store) ToContext(ctx context.Context) context.Context { + return ToContext(ctx, s.Load()) +} + +// Load fetches config from Store. +func (s *Store) Load() *Config { + return &Config{ + CertManager: s.UntypedLoad(CertManagerConfigName).(*CertManagerConfig).DeepCopy(), + } +} diff --git a/pkg/reconciler/certificate/config/store_test.go b/pkg/reconciler/certificate/config/store_test.go new file mode 100644 index 000000000000..622894e01f5c --- /dev/null +++ b/pkg/reconciler/certificate/config/store_test.go @@ -0,0 +1,69 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config + +import ( + "context" + "testing" + + cmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + "github.com/google/go-cmp/cmp" + configmaptesting "knative.dev/pkg/configmap/testing" + logtesting "knative.dev/pkg/logging/testing" +) + +func TestStoreLoadWithContext(t *testing.T) { + store := NewStore(logtesting.TestLogger(t)) + + certManagerConfig := configmaptesting.ConfigMapFromTestFile(t, CertManagerConfigName) + store.OnConfigChanged(certManagerConfig) + config := FromContext(store.ToContext(context.Background())) + + expected, _ := NewCertManagerConfigFromConfigMap(certManagerConfig) + if diff := cmp.Diff(expected, config.CertManager); diff != "" { + t.Errorf("Unexpected CertManager config (-want, +got): %v", diff) + } +} + +func TestStoreImmutableConfig(t *testing.T) { + store := NewStore(logtesting.TestLogger(t)) + store.OnConfigChanged(configmaptesting.ConfigMapFromTestFile(t, CertManagerConfigName)) + config := store.Load() + + config.CertManager.IssuerRef = &cmeta.ObjectReference{ + Kind: "newKind", + } + + config.CertManager.ClusterLocalIssuerRef = &cmeta.ObjectReference{ + Kind: "newKind", + } + + config.CertManager.SystemInternalIssuerRef = &cmeta.ObjectReference{ + Kind: "newKind", + } + + newConfig := store.Load() + if newConfig.CertManager.IssuerRef != nil && newConfig.CertManager.IssuerRef.Kind == "newKind" { + t.Error("CertManager config is not immutable") + } + if newConfig.CertManager.ClusterLocalIssuerRef != nil && newConfig.CertManager.ClusterLocalIssuerRef.Kind == "newKind" { + t.Error("CertManager config is not immutable") + } + if newConfig.CertManager.SystemInternalIssuerRef != nil && newConfig.CertManager.SystemInternalIssuerRef.Kind == "newKind" { + t.Error("CertManager config is not immutable") + } +} diff --git a/pkg/reconciler/certificate/config/testdata/config-certmanager.yaml b/pkg/reconciler/certificate/config/testdata/config-certmanager.yaml new file mode 120000 index 000000000000..14248a3ce58f --- /dev/null +++ b/pkg/reconciler/certificate/config/testdata/config-certmanager.yaml @@ -0,0 +1 @@ +../../../../../config/core/configmaps/certmanager.yaml \ No newline at end of file diff --git a/pkg/reconciler/certificate/config/zz_generated.deepcopy.go b/pkg/reconciler/certificate/config/zz_generated.deepcopy.go new file mode 100644 index 000000000000..9af41da4a5fa --- /dev/null +++ b/pkg/reconciler/certificate/config/zz_generated.deepcopy.go @@ -0,0 +1,47 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package config + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertManagerConfig) DeepCopyInto(out *CertManagerConfig) { + *out = *in + if in.IssuerRef != nil { + in, out := &in.IssuerRef, &out.IssuerRef + *out = new(v1.ObjectReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManagerConfig. +func (in *CertManagerConfig) DeepCopy() *CertManagerConfig { + if in == nil { + return nil + } + out := new(CertManagerConfig) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/reconciler/certificate/controller.go b/pkg/reconciler/certificate/controller.go new file mode 100644 index 000000000000..aea5682c48a0 --- /dev/null +++ b/pkg/reconciler/certificate/controller.go @@ -0,0 +1,120 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package certificate + +import ( + "context" + + "go.uber.org/zap" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/tools/cache" + + netapi "knative.dev/networking/pkg/apis/networking" + "knative.dev/networking/pkg/apis/networking/v1alpha1" + kcertinformer "knative.dev/networking/pkg/client/injection/informers/networking/v1alpha1/certificate" + certreconciler "knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate" + netcfg "knative.dev/networking/pkg/config" + serviceinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/service" + "knative.dev/pkg/configmap" + "knative.dev/pkg/controller" + "knative.dev/pkg/logging" + "knative.dev/pkg/logging/logkey" + pkgreconciler "knative.dev/pkg/reconciler" + cmclient "knative.dev/serving/pkg/client/certmanager/injection/client" + cmchallengeinformer "knative.dev/serving/pkg/client/certmanager/injection/informers/acme/v1/challenge" + cmcertinformer "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/certificate" + clusterinformer "knative.dev/serving/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer" + "knative.dev/serving/pkg/reconciler/certificate/config" +) + +const controllerAgentName = "certificate-controller" + +// AnnotateLoggerWithName names the logger in the context with the supplied name +// +// This is a stop gap until the generated reconcilers can do this +// automatically for you +func AnnotateLoggerWithName(ctx context.Context, name string) context.Context { + logger := logging.FromContext(ctx). + Named(name). + With(zap.String(logkey.ControllerType, name)) + + return logging.WithLogger(ctx, logger) + +} + +// NewController initializes the controller and is called by the generated code +// Registers eventhandlers to enqueue events. +func NewController( + ctx context.Context, + cmw configmap.Watcher, +) *controller.Impl { + ctx = AnnotateLoggerWithName(ctx, controllerAgentName) + logger := logging.FromContext(ctx) + knCertificateInformer := kcertinformer.Get(ctx) + cmCertificateInformer := cmcertinformer.Get(ctx) + cmChallengeInformer := cmchallengeinformer.Get(ctx) + clusterIssuerInformer := clusterinformer.Get(ctx) + svcInformer := serviceinformer.Get(ctx) + + c := &Reconciler{ + cmCertificateLister: cmCertificateInformer.Lister(), + cmChallengeLister: cmChallengeInformer.Lister(), + cmIssuerLister: clusterIssuerInformer.Lister(), + svcLister: svcInformer.Lister(), + certManagerClient: cmclient.Get(ctx), + } + + classFilterFunc := pkgreconciler.AnnotationFilterFunc(netapi.CertificateClassAnnotationKey, netcfg.CertManagerCertificateClassName, true) + + impl := certreconciler.NewImpl(ctx, c, netcfg.CertManagerCertificateClassName, + func(impl *controller.Impl) controller.Options { + configStore := config.NewStore(logger.Named("config-store"), configmap.TypeFilter(&config.CertManagerConfig{})(func(string, interface{}) { + impl.FilteredGlobalResync(classFilterFunc, knCertificateInformer.Informer()) + })) + configStore.WatchConfigs(cmw) + return controller.Options{ + ConfigStore: configStore, + PromoteFilterFunc: classFilterFunc, + } + }) + + knCertificateInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ + FilterFunc: classFilterFunc, + Handler: controller.HandleAll(impl.Enqueue), + }) + + cmCertificateInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ + FilterFunc: controller.FilterController(&v1alpha1.Certificate{}), + Handler: controller.HandleAll(impl.EnqueueControllerOf), + }) + + c.tracker = impl.Tracker + + // Make sure trackers are deleted once the observers are removed. + knCertificateInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ + DeleteFunc: c.tracker.OnDeletedObserver, + }) + + svcInformer.Informer().AddEventHandler(controller.HandleAll( + controller.EnsureTypeMeta( + c.tracker.OnChanged, + corev1.SchemeGroupVersion.WithKind("Service"), + ), + )) + + return impl +} diff --git a/pkg/reconciler/certificate/resources/cert_manager_certificate.go b/pkg/reconciler/certificate/resources/cert_manager_certificate.go new file mode 100644 index 000000000000..d64602fe2a70 --- /dev/null +++ b/pkg/reconciler/certificate/resources/cert_manager_certificate.go @@ -0,0 +1,195 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package resources + +import ( + "fmt" + + cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + cmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "knative.dev/networking/pkg/apis/networking" + "knative.dev/networking/pkg/apis/networking/v1alpha1" + netapi "knative.dev/networking/pkg/config" + "knative.dev/pkg/apis" + "knative.dev/pkg/kmeta" + "knative.dev/serving/pkg/reconciler/certificate/config" +) + +const ( + longest = 63 + Prefix = "k." + CreateCertManagerCertificateCondition = "CreateCertManagerCertificate" + IssuerNotSetCondition = "IssuerNotSet" +) + +// MakeCertManagerCertificate creates a Cert-Manager `Certificate` for requesting a SSL certificate. +func MakeCertManagerCertificate(cmConfig *config.CertManagerConfig, knCert *v1alpha1.Certificate) (*cmv1.Certificate, *apis.Condition) { + var commonName string + var dnsNames []string + + if len(knCert.Spec.DNSNames) > 0 { + commonName = knCert.Spec.DNSNames[0] + } + + // Only attempt to do something special if the entry from DNSNames[0] is too big. + // This is to make the upgrade path easier and reduce churn on certificates. + // The Route controller adds spec.domain to existing KCerts + // The KCert controller requests new certs with same domain names, but a different CN if spec.domain is set and the other domain name would be too long + // cert-manager Certificates are updated only if the existing domain name kept them from being issued. + if len(commonName) > longest { + //if we have a domain field, we can attempt to shorten, or check if we are dealing with a domainMapping + if knCert.Spec.Domain != "" { + // if the domain and commonName pulled from DNSNames are the same, we are dealing with a domainmapping + if knCert.Spec.Domain == commonName { + return nil, &apis.Condition{ + Type: CreateCertManagerCertificateCondition, + Status: corev1.ConditionFalse, + Reason: "CommonName Too Long", + Message: fmt.Sprintf( + "error creating cert-manager certificate: CommonName (%s) longer than 63 characters", + commonName, + ), + } + } + + // we have a domain field and are not a domainMapping + // if the domain is too long, even if we shorten, it will still be too big. We should error in that case + if len(knCert.Spec.Domain) > (longest - len(Prefix)) { + return nil, &apis.Condition{ + Type: CreateCertManagerCertificateCondition, + Status: corev1.ConditionFalse, + Reason: "CommonName Too Long", + Message: fmt.Sprintf( + "error creating cert-manager certificate: CommonName (%s)(length: %v) too long, prepending short prefix of (%s)(length: %v) will be longer than 64 bytes", + knCert.Spec.Domain, + len(knCert.Spec.Domain), + Prefix, + len(Prefix), + ), + } + } + + // by this point we know: + // - we have a domain on the kcert + // - this is not a domain mapping + // - the first entry on the kcert for dnsNames is too long + // - the domain is not too long, even with the shortening + // we can safely shorten the domain and know that it won't be too long + + commonName = Prefix + knCert.Spec.Domain + dnsNames = append(dnsNames, commonName) + + } else { + //If there was no domain, we can't shorten anything. We must error. + return nil, &apis.Condition{ + Type: CreateCertManagerCertificateCondition, + Status: corev1.ConditionFalse, + Reason: "CommonName Too Long", + Message: fmt.Sprintf( + "error creating cert-manager certificate: CommonName (%s) too long and field spec.Domain on Kcert is empty, cannot attempt to shorten", + commonName, + ), + } + } + } + + dnsNames = append(dnsNames, knCert.Spec.DNSNames...) + + // default to CertificateExternalDomain + certType := netapi.CertificateExternalDomain + if val, ok := knCert.Labels[networking.CertificateTypeLabelKey]; ok { + certType = netapi.CertificateType(val) + } + + var issuerRef cmeta.ObjectReference + switch certType { + case netapi.CertificateClusterLocalDomain: + if cmConfig.ClusterLocalIssuerRef == nil { + return nil, &apis.Condition{ + Type: IssuerNotSetCondition, + Status: corev1.ConditionFalse, + Reason: "clusterLocalIssuerRef not set", + Message: "error creating cert-manager certificate: clusterLocalIssuerRef was not set in config-certmanager", + } + } + issuerRef = *cmConfig.ClusterLocalIssuerRef + + case netapi.CertificateSystemInternal: + if cmConfig.SystemInternalIssuerRef == nil { + return nil, &apis.Condition{ + Type: IssuerNotSetCondition, + Status: corev1.ConditionFalse, + Reason: "systemInternalIssuerRef not set", + Message: "error creating cert-manager certificate: systemInternalIssuerRef was not set in config-certmanager", + } + } + issuerRef = *cmConfig.SystemInternalIssuerRef + + case netapi.CertificateExternalDomain: + if cmConfig.IssuerRef == nil { + return nil, &apis.Condition{ + Type: IssuerNotSetCondition, + Status: corev1.ConditionFalse, + Reason: "issuerRef not set", + Message: "error creating cert-manager certificate: issuerRef was not set in config-certmanager", + } + } + issuerRef = *cmConfig.IssuerRef + + default: + return nil, &apis.Condition{ + Type: IssuerNotSetCondition, + Status: corev1.ConditionFalse, + Reason: "certificate type invalid", + Message: fmt.Sprintf("error creating cert-manager certificate: certificate type %s is invalid", certType), + } + } + + cert := &cmv1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: knCert.Name, + Namespace: knCert.Namespace, + OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(knCert)}, + Annotations: knCert.GetAnnotations(), + Labels: knCert.GetLabels(), + }, + Spec: cmv1.CertificateSpec{ + CommonName: commonName, + SecretName: knCert.Spec.SecretName, + DNSNames: dnsNames, + IssuerRef: issuerRef, + SecretTemplate: &cmv1.CertificateSecretTemplate{ + Labels: map[string]string{ + networking.CertificateUIDLabelKey: string(knCert.GetUID()), + }}, + }, + } + return cert, nil +} + +// GetReadyCondition gets the ready condition of a Cert-Manager `Certificate`. +func GetReadyCondition(cmCert *cmv1.Certificate) *cmv1.CertificateCondition { + for _, cond := range cmCert.Status.Conditions { + if cond.Type == cmv1.CertificateConditionReady { + return &cond + } + } + return nil +} diff --git a/pkg/reconciler/certificate/resources/cert_manager_certificate_test.go b/pkg/reconciler/certificate/resources/cert_manager_certificate_test.go new file mode 100644 index 000000000000..cbb1765353d2 --- /dev/null +++ b/pkg/reconciler/certificate/resources/cert_manager_certificate_test.go @@ -0,0 +1,470 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package resources + +import ( + "fmt" + "strings" + "testing" + + cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + "github.com/google/go-cmp/cmp" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "knative.dev/networking/pkg/apis/networking" + "knative.dev/networking/pkg/apis/networking/v1alpha1" + netapi "knative.dev/networking/pkg/config" + "knative.dev/pkg/kmeta" + "knative.dev/serving/pkg/reconciler/certificate/config" +) + +const ( + servingRouteLabelKey = "serving.knative.dev/route" + servingCreatorAnnotation = "serving.knative.dev/creator" + servingUpdaterAnnotation = "serving.knative.dev/lastModifier" +) + +var cert = &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-cert", + Namespace: "test-ns", + UID: "22b3de9e-076e-4e5d-a55d-aff10002527f", + Labels: map[string]string{ + servingRouteLabelKey: "test-route", + networking.CertificateTypeLabelKey: string(netapi.CertificateExternalDomain), + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: []string{"host1.example.com", "host2.example.com"}, + Domain: "example.com", + SecretName: "secret0", + }, +} + +var localCert = &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-local-cert", + Namespace: "test-ns", + UID: "22b3de9e-076e-4e5d-a55d-aff10002527i", + Labels: map[string]string{ + servingRouteLabelKey: "test-route-local", + networking.CertificateTypeLabelKey: string(netapi.CertificateClusterLocalDomain), + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: []string{"host1.ns", "host1.ns.svc", "host1.ns.svc.cluster.local"}, + Domain: "cluster.local", + SecretName: "secret0", + }, +} + +var systemInternalCert = &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-system-internal-cert", + Namespace: "test-ns", + UID: "22b3de9e-076e-4e5d-a55d-aff10002527i", + Labels: map[string]string{ + servingRouteLabelKey: "test-route-system-internal", + networking.CertificateTypeLabelKey: string(netapi.CertificateSystemInternal), + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: []string{"host1.ns", "host1.ns.svc", "host1.ns.svc.cluster.local"}, + Domain: "cluster.local", + SecretName: "secret0", + }, +} + +var ( + longHost = "somebighost12345678910.somebignamespacename12345678910" + domain = "some.domain.test" + longHostDNSNames = []string{longHost + "." + domain} + certWithLongHost = &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-cert", + Namespace: "test-ns", + UID: "22b3de9e-076e-4e5d-a55d-aff10002527f", + Labels: map[string]string{ + servingRouteLabelKey: "test-route", + networking.CertificateTypeLabelKey: string(netapi.CertificateExternalDomain), + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: longHostDNSNames, + Domain: domain, + SecretName: "secret0", + }, + } + + longDomain = fmt.Sprintf("%s.%s", strings.Repeat("a", 60), "com") + longDomainDNSNames = []string{"host1." + longDomain, "host2." + longDomain} + certWithLongDomain = &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-cert", + Namespace: "test-ns", + UID: "22b3de9e-076e-4e5d-a55d-aff10002527f", + Labels: map[string]string{ + servingRouteLabelKey: "test-route", + networking.CertificateTypeLabelKey: string(netapi.CertificateExternalDomain), + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: longDomainDNSNames, + Domain: longDomain, + SecretName: "secret0", + }, + } + + cmConfig = &config.CertManagerConfig{ + IssuerRef: &cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "Letsencrypt-issuer", + }, + ClusterLocalIssuerRef: &cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "knative-selfsigned-issuer", + }, + SystemInternalIssuerRef: &cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "knative-selfsigned-issuer", + }, + } +) + +func TestMakeCertManagerExternalCertificate(t *testing.T) { + want := &cmv1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-cert", + Namespace: "test-ns", + OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(cert)}, + Labels: map[string]string{ + servingRouteLabelKey: "test-route", + networking.CertificateTypeLabelKey: string(netapi.CertificateExternalDomain), + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: cmv1.CertificateSpec{ + SecretName: "secret0", + CommonName: "host1.example.com", + DNSNames: []string{"host1.example.com", "host2.example.com"}, + IssuerRef: cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "Letsencrypt-issuer", + }, + SecretTemplate: &cmv1.CertificateSecretTemplate{ + Labels: map[string]string{networking.CertificateUIDLabelKey: "22b3de9e-076e-4e5d-a55d-aff10002527f"}, + }, + }, + } + got, err := MakeCertManagerCertificate(cmConfig, cert) + if err != nil { + t.Errorf("MakeCertManagerCertificate Error: %s", err) + } + if diff := cmp.Diff(want, got); diff != "" { + t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) + } +} + +func TestMakeCertManagerLocalCertificate(t *testing.T) { + want := &cmv1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-local-cert", + Namespace: "test-ns", + OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(localCert)}, + Labels: map[string]string{ + servingRouteLabelKey: "test-route-local", + networking.CertificateTypeLabelKey: string(netapi.CertificateClusterLocalDomain), + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: cmv1.CertificateSpec{ + SecretName: "secret0", + CommonName: "host1.ns", + DNSNames: []string{"host1.ns", "host1.ns.svc", "host1.ns.svc.cluster.local"}, + IssuerRef: cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "knative-selfsigned-issuer", + }, + SecretTemplate: &cmv1.CertificateSecretTemplate{ + Labels: map[string]string{networking.CertificateUIDLabelKey: "22b3de9e-076e-4e5d-a55d-aff10002527i"}, + }, + }, + } + got, err := MakeCertManagerCertificate(cmConfig, localCert) + if err != nil { + t.Errorf("MakeCertManagerCertificate Error: %s", err) + } + if diff := cmp.Diff(want, got); diff != "" { + t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) + } +} + +func TestMakeCertManagerSystemInternalCertificate(t *testing.T) { + want := &cmv1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-system-internal-cert", + Namespace: "test-ns", + OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(systemInternalCert)}, + Labels: map[string]string{ + servingRouteLabelKey: "test-route-system-internal", + networking.CertificateTypeLabelKey: string(netapi.CertificateSystemInternal), + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: cmv1.CertificateSpec{ + SecretName: "secret0", + CommonName: "host1.ns", + DNSNames: []string{"host1.ns", "host1.ns.svc", "host1.ns.svc.cluster.local"}, + IssuerRef: cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "knative-selfsigned-issuer", + }, + SecretTemplate: &cmv1.CertificateSecretTemplate{ + Labels: map[string]string{networking.CertificateUIDLabelKey: "22b3de9e-076e-4e5d-a55d-aff10002527i"}, + }, + }, + } + got, err := MakeCertManagerCertificate(cmConfig, systemInternalCert) + if err != nil { + t.Errorf("MakeCertManagerCertificate Error: %s", err) + } + if diff := cmp.Diff(want, got); diff != "" { + t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) + } +} + +func TestMakeCertManagerCertificateLongCommonName(t *testing.T) { + want := &cmv1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-cert", + Namespace: "test-ns", + OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(cert)}, + Labels: map[string]string{ + servingRouteLabelKey: "test-route", + networking.CertificateTypeLabelKey: string(netapi.CertificateExternalDomain), + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: cmv1.CertificateSpec{ + SecretName: "secret0", + CommonName: "k.some.domain.test", + DNSNames: append([]string{"k.some.domain.test"}, longHostDNSNames...), + IssuerRef: cmmeta.ObjectReference{ + Kind: "ClusterIssuer", + Name: "Letsencrypt-issuer", + }, + SecretTemplate: &cmv1.CertificateSecretTemplate{ + Labels: map[string]string{networking.CertificateUIDLabelKey: "22b3de9e-076e-4e5d-a55d-aff10002527f"}, + }, + }, + } + got, err := MakeCertManagerCertificate(cmConfig, certWithLongHost) + if err != nil { + t.Errorf("MakeCertManagerCertificate Error: %s", err) + } + if diff := cmp.Diff(want, got); diff != "" { + t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) + } +} + +func TestMakeCertManagerCertificateDomainMappingIsTooLong(t *testing.T) { + wantError := fmt.Errorf("error creating cert-manager certificate: CommonName (this.is.aaaaaaaaaaaaaaa.reallyreallyreallyreallyreallylong.domainmapping) longer than 63 characters") + cert, gotError := MakeCertManagerCertificate(cmConfig, &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-cert-from-domain-mapping", + Namespace: "test-ns", + UID: "22b3de9e-076e-4e5d-a55d-aff10002527f", + Labels: map[string]string{ + servingRouteLabelKey: "test-route", + }, + Annotations: map[string]string{ + servingCreatorAnnotation: "someone", + servingUpdaterAnnotation: "someone", + }, + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: []string{"this.is.aaaaaaaaaaaaaaa.reallyreallyreallyreallyreallylong.domainmapping"}, + Domain: "this.is.aaaaaaaaaaaaaaa.reallyreallyreallyreallyreallylong.domainmapping", + SecretName: "secret0", + }, + }) + + if cert != nil { + t.Errorf("Expected no cert, got: %s", cmp.Diff(nil, cert)) + } + + if diff := cmp.Diff(wantError.Error(), gotError.Message); diff != "" { + t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) + } +} + +func TestMakeCertManagerCertificateDomainIsTooLong(t *testing.T) { + wantError := fmt.Errorf("error creating cert-manager certificate: CommonName (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com)(length: 64) too long, prepending short prefix of (k.)(length: 2) will be longer than 64 bytes") + cert, gotError := MakeCertManagerCertificate(cmConfig, certWithLongDomain) + + if cert != nil { + t.Errorf("Expected no cert, got: %s", cmp.Diff(nil, cert)) + } + + if diff := cmp.Diff(wantError.Error(), gotError.Message); diff != "" { + t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) + } +} + +func TestMakeCertManagerCertificateIssuerNotSet(t *testing.T) { + wantError := fmt.Errorf("error creating cert-manager certificate: issuerRef was not set in config-certmanager") + + cmConfigNoIssuer := cmConfig.DeepCopy() + cmConfigNoIssuer.IssuerRef = nil + + cert, gotError := MakeCertManagerCertificate(cmConfigNoIssuer, cert) + + if cert != nil { + t.Errorf("Expected no cert, got: %s", cmp.Diff(nil, cert)) + } + + if diff := cmp.Diff(wantError.Error(), gotError.Message); diff != "" { + t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) + } +} + +func TestMakeCertManagerCertificateLocalIssuerNotSet(t *testing.T) { + wantError := fmt.Errorf("error creating cert-manager certificate: clusterLocalIssuerRef was not set in config-certmanager") + + cmConfigNoIssuer := cmConfig.DeepCopy() + cmConfigNoIssuer.ClusterLocalIssuerRef = nil + + cert, gotError := MakeCertManagerCertificate(cmConfigNoIssuer, localCert) + + if cert != nil { + t.Errorf("Expected no cert, got: %s", cmp.Diff(nil, cert)) + } + + if diff := cmp.Diff(wantError.Error(), gotError.Message); diff != "" { + t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) + } +} + +func TestMakeCertManagerCertificateSystemInternalIssuerNotSet(t *testing.T) { + wantError := fmt.Errorf("error creating cert-manager certificate: systemInternalIssuerRef was not set in config-certmanager") + + cmConfigNoIssuer := cmConfig.DeepCopy() + cmConfigNoIssuer.SystemInternalIssuerRef = nil + + cert, gotError := MakeCertManagerCertificate(cmConfigNoIssuer, systemInternalCert) + + if cert != nil { + t.Errorf("Expected no cert, got: %s", cmp.Diff(nil, cert)) + } + + if diff := cmp.Diff(wantError.Error(), gotError.Message); diff != "" { + t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) + } +} + +func TestGetReadyCondition(t *testing.T) { + tests := []struct { + name string + cmCertificate *cmv1.Certificate + want *cmv1.CertificateCondition + }{{ + name: "ready", + cmCertificate: makeTestCertificate(cmmeta.ConditionTrue, cmv1.CertificateConditionReady, "ready", "ready"), + want: &cmv1.CertificateCondition{ + Type: cmv1.CertificateConditionReady, + Status: cmmeta.ConditionTrue, + Reason: "ready", + Message: "ready", + }}, { + name: "not ready", + cmCertificate: makeTestCertificate(cmmeta.ConditionFalse, cmv1.CertificateConditionReady, "not ready", "not ready"), + want: &cmv1.CertificateCondition{ + Type: cmv1.CertificateConditionReady, + Status: cmmeta.ConditionFalse, + Reason: "not ready", + Message: "not ready", + }}, { + name: "unknow", + cmCertificate: makeTestCertificate(cmmeta.ConditionUnknown, cmv1.CertificateConditionReady, "unknown", "unknown"), + want: &cmv1.CertificateCondition{ + Type: cmv1.CertificateConditionReady, + Status: cmmeta.ConditionUnknown, + Reason: "unknown", + Message: "unknown", + }}, { + name: "condition not ready", + cmCertificate: makeTestCertificate(cmmeta.ConditionTrue, cmv1.CertificateConditionIssuing, "Renewing", "Renewing certificate"), + want: nil, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + got := GetReadyCondition(test.cmCertificate) + if diff := cmp.Diff(test.want, got); diff != "" { + t.Errorf("GetReadyCondition (-want, +got) = %s", diff) + } + }) + } +} + +func makeTestCertificate(condStatus cmmeta.ConditionStatus, condType cmv1.CertificateConditionType, reason, message string) *cmv1.Certificate { + cert := &cmv1.Certificate{ + Status: cmv1.CertificateStatus{ + Conditions: []cmv1.CertificateCondition{{ + Type: condType, + Status: condStatus, + Reason: reason, + Message: message, + }}, + }, + } + return cert +} diff --git a/test/config/externaldomaintls/certmanager/caissuer/config-certmanager.yaml b/test/config/externaldomaintls/certmanager/caissuer/config-certmanager.yaml index 301004b7d5c5..3a2ba16cde29 100644 --- a/test/config/externaldomaintls/certmanager/caissuer/config-certmanager.yaml +++ b/test/config/externaldomaintls/certmanager/caissuer/config-certmanager.yaml @@ -21,6 +21,8 @@ metadata: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: devel networking.knative.dev/certificate-provider: cert-manager + annotations: + knative.dev/example-checksum: "b7a9a602" data: issuerRef: | kind: ClusterIssuer @@ -40,10 +42,29 @@ data: # These sample configuration options may be copied out of # this block and unindented to actually change the configuration. - # issuerRef is a reference to the issuer for this certificate. + # issuerRef is a reference to the issuer for external-domain certificates used for ingress. # IssuerRef should be either `ClusterIssuer` or `Issuer`. - # Please refer `IssuerRef` in https://github.com/jetstack/cert-manager/blob/master/pkg/apis/certmanager/v1alpha1/types_certificate.go + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ # for more details about IssuerRef configuration. + # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. issuerRef: | kind: ClusterIssuer name: letsencrypt-issuer + + # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress. + # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + clusterLocalIssuerRef: | + kind: ClusterIssuer + name: your-company-issuer + + # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components. + # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + systemInternalIssuerRef: | + kind: ClusterIssuer + name: knative-selfsigned-issuer diff --git a/test/config/externaldomaintls/certmanager/http01/config-certmanager.yaml b/test/config/externaldomaintls/certmanager/http01/config-certmanager.yaml index f8cfd3aa076c..e6c36f616f36 100644 --- a/test/config/externaldomaintls/certmanager/http01/config-certmanager.yaml +++ b/test/config/externaldomaintls/certmanager/http01/config-certmanager.yaml @@ -21,6 +21,8 @@ metadata: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: devel networking.knative.dev/certificate-provider: cert-manager + annotations: + knative.dev/example-checksum: "b7a9a602" data: issuerRef: | kind: ClusterIssuer @@ -40,10 +42,29 @@ data: # These sample configuration options may be copied out of # this block and unindented to actually change the configuration. - # issuerRef is a reference to the issuer for this certificate. + # issuerRef is a reference to the issuer for external-domain certificates used for ingress. # IssuerRef should be either `ClusterIssuer` or `Issuer`. - # Please refer `IssuerRef` in https://github.com/jetstack/cert-manager/blob/master/pkg/apis/certmanager/v1alpha1/types_certificate.go + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ # for more details about IssuerRef configuration. + # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. issuerRef: | kind: ClusterIssuer name: letsencrypt-issuer + + # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress. + # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + clusterLocalIssuerRef: | + kind: ClusterIssuer + name: your-company-issuer + + # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components. + # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + systemInternalIssuerRef: | + kind: ClusterIssuer + name: knative-selfsigned-issuer diff --git a/test/config/externaldomaintls/certmanager/selfsigned/config-certmanager.yaml b/test/config/externaldomaintls/certmanager/selfsigned/config-certmanager.yaml index 6a7c3ea11c90..1b1f993b787f 100644 --- a/test/config/externaldomaintls/certmanager/selfsigned/config-certmanager.yaml +++ b/test/config/externaldomaintls/certmanager/selfsigned/config-certmanager.yaml @@ -21,6 +21,8 @@ metadata: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: devel networking.knative.dev/certificate-provider: cert-manager + annotations: + knative.dev/example-checksum: "b7a9a602" data: issuerRef: | kind: ClusterIssuer @@ -40,10 +42,29 @@ data: # These sample configuration options may be copied out of # this block and unindented to actually change the configuration. - # issuerRef is a reference to the issuer for this certificate. + # issuerRef is a reference to the issuer for external-domain certificates used for ingress. # IssuerRef should be either `ClusterIssuer` or `Issuer`. - # Please refer `IssuerRef` in https://github.com/jetstack/cert-manager/blob/master/pkg/apis/certmanager/v1alpha1/types_certificate.go + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ # for more details about IssuerRef configuration. + # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. issuerRef: | kind: ClusterIssuer name: letsencrypt-issuer + + # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress. + # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + clusterLocalIssuerRef: | + kind: ClusterIssuer + name: your-company-issuer + + # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components. + # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + systemInternalIssuerRef: | + kind: ClusterIssuer + name: knative-selfsigned-issuer diff --git a/test/e2e-common.sh b/test/e2e-common.sh index 136aa29f5faa..a93cf14d7dea 100644 --- a/test/e2e-common.sh +++ b/test/e2e-common.sh @@ -392,14 +392,16 @@ function install() { echo "Patch config-network to enable encryption features" toggle_feature system-internal-tls enabled config-network - # This is currently only supported by kourier - if [[ "$INGRESS_CLASS" == "kourier.ingress.networking.knative.dev" ]]; then + if [[ "$INGRESS_CLASS" == "kourier.ingress.networking.knative.dev" ]] || [[ "$INGRESS_CLASS" == "istio.ingress.networking.knative.dev" ]]; then toggle_feature cluster-local-domain-tls enabled config-network fi + echo "Restart controller to enable the certificate reconciler" + restart_pod ${SYSTEM_NAMESPACE} "app=controller" echo "Restart activator to mount the certificates" - kubectl delete pod -n ${SYSTEM_NAMESPACE} -l app=activator - kubectl wait --timeout=60s --for=condition=Available deployment -n ${SYSTEM_NAMESPACE} activator + restart_pod ${SYSTEM_NAMESPACE} "app=activator" + kubectl wait --timeout=60s --for=condition=Available deployment -n ${SYSTEM_NAMESPACE} activator + kubectl wait --timeout=60s --for=condition=Available deployment -n ${SYSTEM_NAMESPACE} controller fi } diff --git a/test/e2e-external-domain-tls-tests.sh b/test/e2e-external-domain-tls-tests.sh index 8bbb596ed3cf..48aee90b0b25 100755 --- a/test/e2e-external-domain-tls-tests.sh +++ b/test/e2e-external-domain-tls-tests.sh @@ -69,6 +69,7 @@ function setup_external_domain_tls_common() { toggle_feature external-domain-tls Enabled config-network toggle_feature autocreate-cluster-domain-claims true config-network + restart_pod ${SYSTEM_NAMESPACE} "app=controller" } function cleanup_external_domain_tls_common() { @@ -78,6 +79,7 @@ function cleanup_external_domain_tls_common() { toggle_feature autocreate-cluster-domain-claims false config-network toggle_feature namespace-wildcard-cert-selector "" config-network kubectl delete kcert --all -n "${TLS_TEST_NAMESPACE}" + restart_pod ${SYSTEM_NAMESPACE} "app=controller" } function setup_http01_external_domain_tls() { diff --git a/test/e2e-tests.sh b/test/e2e-tests.sh index f8c1e51ed2fe..8ed87cc437d7 100755 --- a/test/e2e-tests.sh +++ b/test/e2e-tests.sh @@ -53,6 +53,8 @@ if (( HTTPS )); then toggle_feature external-domain-tls Enabled config-network kubectl apply -f "${E2E_YAML_DIR}"/test/config/externaldomaintls/certmanager/caissuer/ add_trap "kubectl delete -f ${E2E_YAML_DIR}/test/config/externaldomaintls/certmanager/caissuer/ --ignore-not-found" SIGKILL SIGTERM SIGQUIT + # we need to restart the pod in order to start the net-certmanager-controller + restart_pod ${SYSTEM_NAMESPACE} "app=controller" fi if (( MESH )); then @@ -90,13 +92,23 @@ toggle_feature "logging.enable-request-log" true config-observability || fail_te toggle_feature "logging.request-log-template" "TLS: {{.Request.TLS}}" config-observability || fail_test # with current implementation, Activator must be restarted when configuring system-internal-tls. See https://github.com/knative/serving/issues/13754 restart_pod ${SYSTEM_NAMESPACE} "app=activator" + +# we need to restart the pod in order to start the net-certmanager-controller +if (( ! HTTPS )); then + restart_pod ${SYSTEM_NAMESPACE} "app=controller" +fi go_test_e2e -timeout=2m ./test/e2e/systeminternaltls ${E2E_TEST_FLAGS} || failed=1 toggle_feature system-internal-tls disabled config-network || fail_test -toggle_feature enable-request-log false config-observability || fail_test -toggle_feature request-log-template '' config-observability || fail_test +toggle_feature "logging.enable-request-log" false config-observability || fail_test +toggle_feature "logging.request-log-template" '' config-observability || fail_test # with the current implementation, Activator is always in the request path, and needs to be restarted after configuring system-internal-tls restart_pod ${SYSTEM_NAMESPACE} "app=activator" +# we need to restart the pod to stop the net-certmanager-controller +if (( ! HTTPS )); then + restart_pod ${SYSTEM_NAMESPACE} "app=controller" +fi + kubectl get cm "config-gc" -n "${SYSTEM_NAMESPACE}" -o yaml > "${TMP_DIR}"/config-gc.yaml add_trap "kubectl replace cm 'config-gc' -n ${SYSTEM_NAMESPACE} -f ${TMP_DIR}/config-gc.yaml" SIGKILL SIGTERM SIGQUIT immediate_gc @@ -149,6 +161,8 @@ go_test_e2e -timeout=25m -failfast -parallel=1 ./test/ha \ if (( HTTPS )); then kubectl delete -f ${E2E_YAML_DIR}/test/config/externaldomaintls/certmanager/caissuer/ --ignore-not-found toggle_feature external-domain-tls Disabled config-network + # we need to restart the pod to stop the net-certmanager-controller + restart_pod ${SYSTEM_NAMESPACE} "app=controller" fi (( failed )) && fail_test diff --git a/test/e2e/certmanager/config/100-serving-namespace.yaml b/test/e2e/certmanager/config/100-serving-namespace.yaml new file mode 100644 index 000000000000..61979f2c2dcd --- /dev/null +++ b/test/e2e/certmanager/config/100-serving-namespace.yaml @@ -0,0 +1,18 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: knative-serving diff --git a/test/e2e/certmanager/config/100-test-namespace.yaml b/test/e2e/certmanager/config/100-test-namespace.yaml new file mode 100644 index 000000000000..ec9f35b99beb --- /dev/null +++ b/test/e2e/certmanager/config/100-test-namespace.yaml @@ -0,0 +1,18 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: serving-tests diff --git a/test/e2e/certmanager/config/200-service-account.yaml b/test/e2e/certmanager/config/200-service-account.yaml new file mode 100644 index 000000000000..f99c61c99020 --- /dev/null +++ b/test/e2e/certmanager/config/200-service-account.yaml @@ -0,0 +1,54 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller + namespace: knative-serving + labels: + app.kubernetes.io/component: net-certmanager + app.kubernetes.io/version: devel + app.kubernetes.io/part-of: knative-serving +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-admin + labels: + app.kubernetes.io/component: net-certmanager + app.kubernetes.io/version: devel + app.kubernetes.io/part-of: knative-serving +aggregationRule: + clusterRoleSelectors: + - matchLabels: + serving.knative.dev/controller: "true" +rules: [] # Rules are automatically filled in by the controller manager. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-controller-admin + labels: + app.kubernetes.io/component: net-certmanager + app.kubernetes.io/version: devel + app.kubernetes.io/part-of: knative-serving +subjects: + - kind: ServiceAccount + name: controller + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-admin + apiGroup: rbac.authorization.k8s.io diff --git a/test/e2e/certmanager/config/201-cluster-role.yaml b/test/e2e/certmanager/config/201-cluster-role.yaml new file mode 100644 index 000000000000..cded49c3876a --- /dev/null +++ b/test/e2e/certmanager/config/201-cluster-role.yaml @@ -0,0 +1,33 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-core + labels: + serving.knative.dev/controller: "true" +rules: + - apiGroups: [""] + resources: ["configmaps", "endpoints", "pods", "secrets", "services"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["networking.internal.knative.dev"] + resources: ["*", "*/status", "*/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] diff --git a/test/e2e/certmanager/config/300-certificate.yaml b/test/e2e/certmanager/config/300-certificate.yaml new file mode 120000 index 000000000000..f134be5a85fb --- /dev/null +++ b/test/e2e/certmanager/config/300-certificate.yaml @@ -0,0 +1 @@ +../../vendor/knative.dev/networking/config/certificate.yaml \ No newline at end of file diff --git a/test/e2e/certmanager/config/autotls/certmanager/caissuer/config-certmanager.yaml b/test/e2e/certmanager/config/autotls/certmanager/caissuer/config-certmanager.yaml new file mode 100644 index 000000000000..625a4164437a --- /dev/null +++ b/test/e2e/certmanager/config/autotls/certmanager/caissuer/config-certmanager.yaml @@ -0,0 +1,50 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-certmanager + namespace: knative-serving + labels: + app.kubernetes.io/component: net-certmanager + app.kubernetes.io/version: devel + app.kubernetes.io/name: knative-serving + networking.knative.dev/certificate-provider: cert-manager +data: + issuerRef: | + kind: ClusterIssuer + name: ca-issuer + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this block and unindented to actually change the configuration. + + # issuerRef is a reference to the issuer for this certificate. + # IssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://github.com/jetstack/cert-manager/blob/master/pkg/apis/certmanager/v1alpha1/types_certificate.go + # for more details about IssuerRef configuration. + issuerRef: | + kind: ClusterIssuer + name: letsencrypt-issuer diff --git a/test/e2e/certmanager/config/autotls/certmanager/caissuer/generate.sh b/test/e2e/certmanager/config/autotls/certmanager/caissuer/generate.sh new file mode 100755 index 000000000000..bb8ddf078837 --- /dev/null +++ b/test/e2e/certmanager/config/autotls/certmanager/caissuer/generate.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script generates test/config/autotls/certmanager/caissuer/secret.yaml. + +openssl genrsa -out rootCAKey.pem 2048 +openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 36500 -out rootCACert.pem -subj '/CN=example.com/O=Knative Community/C=US' + +CAKEY=$(cat rootCAKey.pem |base64 | tr -d '\n') +CACERT=$(cat rootCACert.pem |base64 | tr -d '\n') + +cat < secret.yaml +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: ca-key-pair + namespace: cert-manager +data: + tls.crt: ${CACERT} + tls.key: ${CAKEY} +EOF + + +# Clean up +rm -f rootCACert.pem rootCAKey.pem diff --git a/test/e2e/certmanager/config/autotls/certmanager/caissuer/issuer.yaml b/test/e2e/certmanager/config/autotls/certmanager/caissuer/issuer.yaml new file mode 100644 index 000000000000..1801a08f99f9 --- /dev/null +++ b/test/e2e/certmanager/config/autotls/certmanager/caissuer/issuer.yaml @@ -0,0 +1,21 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: ca-issuer +spec: + ca: + secretName: ca-key-pair diff --git a/test/e2e/certmanager/config/autotls/certmanager/caissuer/secret.yaml b/test/e2e/certmanager/config/autotls/certmanager/caissuer/secret.yaml new file mode 100644 index 000000000000..c322c5b7f604 --- /dev/null +++ b/test/e2e/certmanager/config/autotls/certmanager/caissuer/secret.yaml @@ -0,0 +1,22 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: ca-key-pair + namespace: cert-manager +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURYVENDQWtXZ0F3SUJBZ0lVSUpLUVZTblBOZzBlajRDMkppVDlyRitZalY4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BURVVNQklHQTFVRUF3d0xhMjVoZEdsMlpTNWtaWFl4R0RBV0JnTlZCQW9NRDB0dVlYUnBkbVVnUVhWMAphRzl5Y3pFTE1Ba0dBMVVFQmhNQ1ZWTXdJQmNOTWpBd016RTFNRGt4T1RFNVdoZ1BNakV5TURBeU1qQXdPVEU1Ck1UbGFNRDB4RkRBU0JnTlZCQU1NQzJ0dVlYUnBkbVV1WkdWMk1SZ3dGZ1lEVlFRS0RBOUxibUYwYVhabElFRjEKZEdodmNuTXhDekFKQmdOVkJBWVRBbFZUTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQwpBUUVBdzVDM0hhYXZ1QktVWkwrWU9PZWF6bW04RjRKK3g3MC9TeTRtZEl2aXUwdWRvdjNjWk9kUlpIdVhYcmdFCkJsUlgrYmJSR0lHV0pnRFM0WXZlYkkvakNvZWNJQ21oNkV0Q29UOG5JSGE4QmpVb1NVZ3pObTlLMm9CMzRpazgKekZiMXJaWFVWUTZnbjZSQlliWjZ5UWF4OUgxMExtZTkxbXRNM0lTRDI0K2ZRMmdRT0dHT3FSclZoYnk3d3NEcApoNVNLbDd2SXg5eDZzVU8vUlZuQUV4SFY5b1JIeU1UemY0UW1CZmlJQ2lhOVBTbDJoWjJwTzVJYTMwNUE1aW43CmhyS1h0SEV6SUJjaVArTkRqQ0Fhb3FyVSszelUxSXVmcDVSK0FOdGtOTTIvQnpGUUtWbzByY1JlSFB0b1lBYkkKTXQwY05wcDgxT2lnbS9MOTAzY1A5bThqT1FJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVU10eDZPeEEvMGdMTQpLOWUxWDgzamtGOUpLTll3SHdZRFZSMGpCQmd3Rm9BVU10eDZPeEEvMGdMTUs5ZTFYODNqa0Y5SktOWXdEd1lEClZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBcUFzNlB0TmJtV3V0a2xrVlBnUi8KUFZDTzRQOGtzN2Zsak40KzFkNnFWWTVLOERyL3k5VFVPeFVCZWxMdnlQaFliU1pKd3J5YkNJSlJXSU9yeUtCNApLSTZLc1luTURYVDA5aE1WQ0w2WXlOTmF5alNuKzZqbzR4cmY5Ym03NElFdXpwQldnOTc1aDN0Qkc4MHM3OStmCmZmZm4rcUFKN2xTTnZMYkFKRDIrY2VhaC9BYzhmQTVLZkNtbExtNGlFcHJGa0VGb3JpSnArUkkwdVkrdU9YaHoKUy9nZ2I3bHdXODJVRUZrd0V2a2o1bEZxRWJCVmE4ZFJTTlQwRFhFTVB3a0ZxOXRzQnNKWGgrNWR5Y1FtdVdyaQo1U0VNREhoM2JjekZZeFB1RmFISHBEUXZ0OW82Y1pZdkFVQ0J6LzNWM0QzeSs3bjMwWEIzQkZJYnE5M0JiZFFxCmtnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdzVDM0hhYXZ1QktVWkwrWU9PZWF6bW04RjRKK3g3MC9TeTRtZEl2aXUwdWRvdjNjClpPZFJaSHVYWHJnRUJsUlgrYmJSR0lHV0pnRFM0WXZlYkkvakNvZWNJQ21oNkV0Q29UOG5JSGE4QmpVb1NVZ3oKTm05SzJvQjM0aWs4ekZiMXJaWFVWUTZnbjZSQlliWjZ5UWF4OUgxMExtZTkxbXRNM0lTRDI0K2ZRMmdRT0dHTwpxUnJWaGJ5N3dzRHBoNVNLbDd2SXg5eDZzVU8vUlZuQUV4SFY5b1JIeU1UemY0UW1CZmlJQ2lhOVBTbDJoWjJwCk81SWEzMDVBNWluN2hyS1h0SEV6SUJjaVArTkRqQ0Fhb3FyVSszelUxSXVmcDVSK0FOdGtOTTIvQnpGUUtWbzAKcmNSZUhQdG9ZQWJJTXQwY05wcDgxT2lnbS9MOTAzY1A5bThqT1FJREFRQUJBb0lCQUc1eXk4aDJQR1dVTUxUWgp0RW5uRy9vWm96NFAyRFJNZ0hPZ1E5MnNwMGVxUkFRcXBZOWpTUWViK1hob0t2VzhLdGVBVllVbW9yc2gyZmZCCis4T0tXK3ExZmdwNEdOWE5zM3JINVB3anNyczZ5RjdpNVBHSVYxa2lGeExtd1V5U2pEd1dFNDVhTFlNYnpFVTQKUHc1THRyTmpLdnVPWVp1NGkvYzY3QkZUZ3RvWTdaVTROQTZyM0xLZ3dDNk9SaDVZTDhYVzA5QWNoZFBEdWdEOQpLdWQxaE9PQVY4OUMvcWhMWk84RkZlbVNiNmYwclBxS2RKYXc3NTRCbTFyRmtNRzFkUDVJUTFVbm52OTNnVXBwCjlKaUNKbHgwdEdhVmV3UmxWVzU0QmhDTXB6M0pLU3pyNDN1eVhUWE1wVTJzOUFJZDhCbG9qQ2hXMlVnSmxPaXkKZkY1YllQVUNnWUVBNm1vVlFRdUE1R29leFhDaE51LzF0NE93Yld6TkNHWEQ1bGdsb2E0dXlpdTJUejZDUkFBRwpOMXRWZTBNZGtKMlF4ZXdhTkY1RUN4Y2d1UjNUR2dFRjRqU0JhdHBHcWVEVEoxbHJpRnFUN09tOW1QMjZKUTJkCklsUW1TcERka3g0d0ZnR2FmQktmek9KZ0VtQ1RhZWs5TTltbUxRR01oeC9pQzNGY3dPMGlBL01DZ1lFQTFaTFUKNFpTNG0yTnhFWTVKaGgxdWZjVW9YQytrcWNpdkcvMm1XaWw4TTgrVkQxR2RwUlJzb0NzZjJEYnI1UzRvSlNzdAp2VlBYenUwcWFsMDNwSFlsU1VQeXV6MDVjTkZqbGtFQUFtM2p6UzVGS0tGSzJpcmJlcHRHVkRMRnhKbzY2VFJBCjVBS0dUOC9JV1FTa3BvWGVIUEpmcW1lZFdqSXk5SjlLUzMxQVF5TUNnWUJpWjlZMFVCZnp5M2pQZWRDenQxaDMKaVpqdTF0WGJ5SnpNZmdTT013a0JaZ2hLaS9zemdLOGJYZ1Fza3FnK3BXYTVMN3h3YjRJeEJheC9DYjR0RkhEYgozUjdYTkhxbHBmUCtlTk5qa21LMitnalZ5TzN6MEJzKzVnU05HUE5yWnlqWWxDTytJak5qVjBUdGNnMXdVTEdZCnFxM1FCdTV2YXpzQmdyMWxZQ2IvY1FLQmdCVTJNUmg2ZWQ5TkFCVGJTZWdkRWpWQm1LR1hSY1pySFNFdGp4RVQKWDdlUm5WOVpIc3dmZkM1b09oQnlXL2wySFJ5YjdqNElqcjJKaHBYcnpqUHlXLytyMVBiTnZOKzhuQ1IzTGpZUApqZmw1NS9xQ0Vub2FtWlBTeWloZ3BvM0JONnFqdXZJcVlnYVpQMisvNjA1eXF6MjZ3TStlM056eGNXZ2tUZSt6CmIrZDdBb0dCQU5ZdmNROXVNYmZ5b1RGMzZsWVFlcFJlUjNyaHkyTzczbk1zWis5VDY4UngwVnFvcmQ1bTRYODgKdUxKbnczZmNjQlVsM3JKYUhOYXNIZFA3eXdDTGhyMTQ1aks3R3VIc3pEcG5PY3BvMlZxMjZvY2h6TTRyNzJaYQpoYTRUb2thRTA2eVRsNUdtVThtTVI1cTBNN1BxK0RIUmJ5TzA3aFphZERER3hlY3U0THB5Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/test/e2e/certmanager/config/autotls/certmanager/http01/config-certmanager.yaml b/test/e2e/certmanager/config/autotls/certmanager/http01/config-certmanager.yaml new file mode 100644 index 000000000000..97a9101949c3 --- /dev/null +++ b/test/e2e/certmanager/config/autotls/certmanager/http01/config-certmanager.yaml @@ -0,0 +1,50 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-certmanager + namespace: knative-serving + labels: + app.kubernetes.io/component: net-certmanager + app.kubernetes.io/version: devel + app.kubernetes.io/name: knative-serving + networking.knative.dev/certificate-provider: cert-manager +data: + issuerRef: | + kind: ClusterIssuer + name: http01-issuer + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this block and unindented to actually change the configuration. + + # issuerRef is a reference to the issuer for this certificate. + # IssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://github.com/jetstack/cert-manager/blob/master/pkg/apis/certmanager/v1alpha1/types_certificate.go + # for more details about IssuerRef configuration. + issuerRef: | + kind: ClusterIssuer + name: letsencrypt-issuer diff --git a/test/e2e/certmanager/config/autotls/certmanager/http01/issuer.yaml b/test/e2e/certmanager/config/autotls/certmanager/http01/issuer.yaml new file mode 100644 index 000000000000..95213e885eab --- /dev/null +++ b/test/e2e/certmanager/config/autotls/certmanager/http01/issuer.yaml @@ -0,0 +1,27 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: http01-issuer +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: "http01-key" + solvers: + - http01: + ingress: {} + selector: {} diff --git a/test/e2e/certmanager/config/autotls/certmanager/http01/mesh-issuer.yaml b/test/e2e/certmanager/config/autotls/certmanager/http01/mesh-issuer.yaml new file mode 100644 index 000000000000..18499d8fe829 --- /dev/null +++ b/test/e2e/certmanager/config/autotls/certmanager/http01/mesh-issuer.yaml @@ -0,0 +1,31 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: http01-issuer +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: "http01-key" + solvers: + - http01: + ingress: + podTemplate: + metadata: + annotations: + sidecar.istio.io/inject: "true" + selector: {} diff --git a/test/e2e/certmanager/config/autotls/certmanager/selfsigned/config-certmanager.yaml b/test/e2e/certmanager/config/autotls/certmanager/selfsigned/config-certmanager.yaml new file mode 100644 index 000000000000..da1ebeef32d0 --- /dev/null +++ b/test/e2e/certmanager/config/autotls/certmanager/selfsigned/config-certmanager.yaml @@ -0,0 +1,50 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-certmanager + namespace: knative-serving + labels: + app.kubernetes.io/component: net-certmanager + app.kubernetes.io/version: devel + app.kubernetes.io/name: knative-serving + networking.knative.dev/certificate-provider: cert-manager +data: + issuerRef: | + kind: ClusterIssuer + name: self-signed-issuer + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this block and unindented to actually change the configuration. + + # issuerRef is a reference to the issuer for this certificate. + # IssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://github.com/jetstack/cert-manager/blob/master/pkg/apis/certmanager/v1alpha1/types_certificate.go + # for more details about IssuerRef configuration. + issuerRef: | + kind: ClusterIssuer + name: letsencrypt-issuer diff --git a/test/e2e/certmanager/config/autotls/certmanager/selfsigned/issuer.yaml b/test/e2e/certmanager/config/autotls/certmanager/selfsigned/issuer.yaml new file mode 100644 index 000000000000..8fd984ab858c --- /dev/null +++ b/test/e2e/certmanager/config/autotls/certmanager/selfsigned/issuer.yaml @@ -0,0 +1,20 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: self-signed-issuer +spec: + selfSigned: {} diff --git a/test/e2e/certmanager/conformance/certificate_test.go b/test/e2e/certmanager/conformance/certificate_test.go new file mode 100644 index 000000000000..638096242b87 --- /dev/null +++ b/test/e2e/certmanager/conformance/certificate_test.go @@ -0,0 +1,35 @@ +//go:build e2e +// +build e2e + +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package conformance + +import ( + "testing" + + "knative.dev/networking/test/conformance/certificate/http01" + "knative.dev/networking/test/conformance/certificate/nonhttp01" +) + +func TestNonHTTP01Conformance(t *testing.T) { + nonhttp01.RunConformance(t) +} + +func TestHTTP01Conformance(t *testing.T) { + http01.RunConformance(t) +} diff --git a/test/e2e/certmanager/e2e-common.sh b/test/e2e/certmanager/e2e-common.sh new file mode 100644 index 000000000000..dcfc9588878e --- /dev/null +++ b/test/e2e/certmanager/e2e-common.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script includes common functions for testing setup and teardown. +source $(dirname $0)/../../../vendor/knative.dev/hack/e2e-tests.sh + + +# Setup resources. +function test_setup() { + echo ">> Setting up logging..." + # Install kail if needed. + if ! which kail > /dev/null; then + bash <( curl -sfL https://raw.githubusercontent.com/boz/kail/master/godownloader.sh) -b "$GOPATH/bin" + fi + # Capture all logs. + kail > ${ARTIFACTS}/k8s.log.txt & + local kail_pid=$! + # Clean up kail so it doesn't interfere with job shutting down + add_trap "kill $kail_pid || true" EXIT + + # Setting up test resources. + echo ">> Publishing test images" + $(dirname $0)/upload-test-images.sh || fail_test "Error uploading test images" + echo ">> Creating test resources (test/config/)" + ko apply ${KO_FLAGS} -f test/config/ || return 1 + + # Bringing up controllers. + echo ">> Bringing up Cert-Manager" + kubectl apply -f third_party/cert-manager-latest/cert-manager.yaml || return 1 + wait_until_pods_running cert-manager || return 1 + + echo ">> Bringing up net-certmanager Controller" + ko apply -f config || return 1 + echo ">> Waiting for Serving components to be running..." + wait_until_pods_running knative-serving || return 1 +} + +# Add function call to trap +# Parameters: $1 - Function to call +# $2...$n - Signals for trap +function add_trap() { + local cmd=$1 + shift + for trap_signal in $@; do + local current_trap="$(trap -p $trap_signal | cut -d\' -f2)" + local new_cmd="($cmd)" + [[ -n "${current_trap}" ]] && new_cmd="${current_trap};${new_cmd}" + trap -- "${new_cmd}" $trap_signal + done +} diff --git a/test/e2e/certmanager/e2e-tests.sh b/test/e2e/certmanager/e2e-tests.sh new file mode 100755 index 000000000000..db323e625217 --- /dev/null +++ b/test/e2e/certmanager/e2e-tests.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +source $(dirname $0)/e2e-common.sh + + +# Script entry point. +initialize "$@" --cluster-version=1.28 + +CERTIFICATE_CLASS="cert-manager.certificate.networking.knative.dev" + +# Certificate conformance tests must be run separately +# because they need cert-manager specific configurations. +kubectl apply -f ./test/e2e/certmanager/config/autotls/certmanager/selfsigned/ +add_trap "kubectl delete -f ./test/e2e/certmanager/config/autotls/certmanager/selfsigned/ --ignore-not-found" SIGKILL SIGTERM SIGQUIT +go_test_e2e -timeout=10m ./test/e2e/certmanager/conformance \ + -run TestNonHTTP01Conformance \ + "--certificateClass=${CERTIFICATE_CLASS}" || fail_test +kubectl delete -f ./test/e2e/certmanager/config/autotls/certmanager/selfsigned/ + +kubectl apply -f ./test/e2e/certmanager/config/autotls/certmanager/http01/ +add_trap "kubectl delete -f ./test/e2e/certmanager/config/autotls/certmanager/http01/ --ignore-not-found" SIGKILL SIGTERM SIGQUIT +go_test_e2e -timeout=10m ./test/e2e/certmanager/conformance \ + -run TestHTTP01Conformance \ + "--certificateClass=${CERTIFICATE_CLASS}" || fail_test +kubectl delete -f ./test/e2e/certmanager/config/autotls/certmanager/http01/ + +success diff --git a/test/e2e/certmanager/presubmit-tests.sh b/test/e2e/certmanager/presubmit-tests.sh new file mode 100755 index 000000000000..41c7a24c0b52 --- /dev/null +++ b/test/e2e/certmanager/presubmit-tests.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script runs the presubmit tests; it is started by prow for each PR. +# For convenience, it can also be executed manually. +# Running the script without parameters, or with the --all-tests +# flag, causes all tests to be executed, in the right order. +# Use the flags --build-tests, --unit-tests and --integration-tests +# to run a specific set of tests. + +# Markdown linting failures don't show up properly in Gubernator resulting +# in a net-negative contributor experience. +export DISABLE_MD_LINTING=1 + +export GO111MODULE=on + +source $(dirname $0)/../../../vendor/knative.dev/hack/presubmit-tests.sh + +# We use the default build, unit and integration test runners. + +main $@ diff --git a/test/e2e/certmanager/upload-test-images.sh b/test/e2e/certmanager/upload-test-images.sh new file mode 100755 index 000000000000..c7e711ad4b23 --- /dev/null +++ b/test/e2e/certmanager/upload-test-images.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit + +function upload_test_images() { + echo ">> Publishing test images" + ( + # Script needs to be executed from repo root + cd "$( dirname "$0")/../../..." + local image_dir="vendor/knative.dev/networking/test/test_images" + local docker_tag=$1 + local tag_option="" + if [ -n "${docker_tag}" ]; then + tag_option="--tags $docker_tag,latest" + fi + + ko resolve --jobs=4 ${tag_option} -RBf "${image_dir}" > /dev/null + ) +} + +: ${KO_DOCKER_REPO:?"You must set 'KO_DOCKER_REPO', see DEVELOPMENT.md"} + +upload_test_images $@ diff --git a/third_party/cert-manager-latest/net-certmanager.yaml b/third_party/cert-manager-latest/net-certmanager.yaml index 4498e9e6d1e3..36e23df7d663 100644 --- a/third_party/cert-manager-latest/net-certmanager.yaml +++ b/third_party/cert-manager-latest/net-certmanager.yaml @@ -1,271 +1,3 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - # These are the permissions needed by the `cert-manager` `Certificate` implementation. - name: knative-serving-certmanager - labels: - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - serving.knative.dev/controller: "true" - networking.knative.dev/certificate-provider: cert-manager -rules: - - apiGroups: ["cert-manager.io"] - resources: ["certificates", "clusterissuers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["acme.cert-manager.io"] - resources: ["challenges"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.net-certmanager.networking.internal.knative.dev - labels: - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - networking.knative.dev/certificate-provider: cert-manager -webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: net-certmanager-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.net-certmanager.networking.internal.knative.dev - objectSelector: - matchLabels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: net-certmanager - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: net-certmanager-webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - networking.knative.dev/certificate-provider: cert-manager - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-certmanager - namespace: knative-serving - labels: - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - networking.knative.dev/certificate-provider: cert-manager -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this block and unindented to actually change the configuration. - - # issuerRef is a reference to the issuer for external-domain certificates used for ingress. - # IssuerRef should be either `ClusterIssuer` or `Issuer`. - # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ - # for more details about IssuerRef configuration. - # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. - issuerRef: | - kind: ClusterIssuer - name: letsencrypt-issuer - - # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress. - # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`. - # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ - # for more details about ClusterInternalIssuerRef configuration. - # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. - clusterLocalIssuerRef: | - kind: ClusterIssuer - name: your-company-issuer - - # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components. - # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. - # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ - # for more details about ClusterInternalIssuerRef configuration. - # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. - systemInternalIssuerRef: | - kind: ClusterIssuer - name: knative-selfsigned-issuer - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: net-certmanager-controller - namespace: knative-serving - labels: - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - networking.knative.dev/certificate-provider: cert-manager -spec: - selector: - matchLabels: - app: net-certmanager-controller - template: - metadata: - labels: - app: net-certmanager-controller - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - spec: - serviceAccountName: controller - containers: - - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-nightly/knative.dev/net-certmanager/cmd/controller@sha256:7d83c110fffe52f8d00df4e272de702de57293cf013bb07b66c67fd8465e3c72 - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: net-certmanager-controller - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - networking.knative.dev/certificate-provider: cert-manager - name: net-certmanager-controller - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: net-certmanager-controller - ---- # Copyright 2023 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -328,132 +60,3 @@ spec: kind: ClusterIssuer name: selfsigned-cluster-issuer ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: net-certmanager-webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - networking.knative.dev/certificate-provider: cert-manager -spec: - selector: - matchLabels: - app: net-certmanager-webhook - role: net-certmanager-webhook - template: - metadata: - labels: - app: net-certmanager-webhook - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - role: net-certmanager-webhook - spec: - serviceAccountName: controller - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-nightly/knative.dev/net-certmanager/cmd/webhook@sha256:071447f170acb8bd11528eac7df1940ed9411da491af827e6a6d4749f1f2dc0d - resources: - requests: - cpu: 20m - memory: 20Mi - limits: - cpu: 200m - memory: 200Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/net-certmanager - - name: WEBHOOK_NAME - value: net-certmanager-webhook - # If you change WEBHOOK_PORT, you will also need to change the - # containerPort "https-webhook" to the same value. - - name: WEBHOOK_PORT - value: "8443" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: net-certmanager-webhook - namespace: knative-serving - labels: - role: net-certmanager-webhook - app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20240423-dcff3644" - app.kubernetes.io/name: knative-serving - networking.knative.dev/certificate-provider: cert-manager -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: metrics - - name: http-profiling - port: 8008 - targetPort: profiling - - name: https-webhook - port: 443 - targetPort: https-webhook - selector: - app: net-certmanager-webhook - ---- diff --git a/vendor/github.com/Azure/azure-sdk-for-go/version/version.go b/vendor/github.com/Azure/azure-sdk-for-go/version/version.go index b7136499e8e7..bcfbb15cce0d 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/version/version.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/version/version.go @@ -4,4 +4,4 @@ package version // Licensed under the MIT License. See License.txt in the project root for license information. // Number contains the semantic version of this SDK. -const Number = "v67.0.0" +const Number = "v68.0.0" diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go index 1a9c8ab537f0..2a24ab80cf16 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go @@ -127,6 +127,9 @@ type TokenRefreshCallback func(Token) error // TokenRefresh is a type representing a custom callback to refresh a token type TokenRefresh func(ctx context.Context, resource string) (*Token, error) +// JWTCallback is the type representing callback that will be called to get the federated OIDC JWT +type JWTCallback func() (string, error) + // Token encapsulates the access token used to authorize Azure requests. // https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow#service-to-service-access-token-response type Token struct { @@ -177,7 +180,7 @@ func (t Token) WillExpireIn(d time.Duration) bool { return !t.Expires().After(time.Now().Add(d)) } -//OAuthToken return the current access token +// OAuthToken return the current access token func (t *Token) OAuthToken() string { return t.AccessToken } @@ -367,14 +370,18 @@ func (secret ServicePrincipalAuthorizationCodeSecret) MarshalJSON() ([]byte, err // ServicePrincipalFederatedSecret implements ServicePrincipalSecret for Federated JWTs. type ServicePrincipalFederatedSecret struct { - jwt string + jwtCallback JWTCallback } // SetAuthenticationValues is a method of the interface ServicePrincipalSecret. // It will populate the form submitted during OAuth Token Acquisition using a JWT signed by an OIDC issuer. -func (secret *ServicePrincipalFederatedSecret) SetAuthenticationValues(spt *ServicePrincipalToken, v *url.Values) error { +func (secret *ServicePrincipalFederatedSecret) SetAuthenticationValues(_ *ServicePrincipalToken, v *url.Values) error { + jwt, err := secret.jwtCallback() + if err != nil { + return err + } - v.Set("client_assertion", secret.jwt) + v.Set("client_assertion", jwt) v.Set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer") return nil } @@ -687,6 +694,8 @@ func NewServicePrincipalTokenFromAuthorizationCode(oauthConfig OAuthConfig, clie } // NewServicePrincipalTokenFromFederatedToken creates a ServicePrincipalToken from the supplied federated OIDC JWT. +// +// Deprecated: Use NewServicePrincipalTokenFromFederatedTokenWithCallback to refresh jwt dynamically. func NewServicePrincipalTokenFromFederatedToken(oauthConfig OAuthConfig, clientID string, jwt string, resource string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) { if err := validateOAuthConfig(oauthConfig); err != nil { return nil, err @@ -700,12 +709,37 @@ func NewServicePrincipalTokenFromFederatedToken(oauthConfig OAuthConfig, clientI if jwt == "" { return nil, fmt.Errorf("parameter 'jwt' cannot be empty") } + return NewServicePrincipalTokenFromFederatedTokenCallback( + oauthConfig, + clientID, + func() (string, error) { + return jwt, nil + }, + resource, + callbacks..., + ) +} + +// NewServicePrincipalTokenFromFederatedTokenCallback creates a ServicePrincipalToken from the supplied federated OIDC JWTCallback. +func NewServicePrincipalTokenFromFederatedTokenCallback(oauthConfig OAuthConfig, clientID string, jwtCallback JWTCallback, resource string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) { + if err := validateOAuthConfig(oauthConfig); err != nil { + return nil, err + } + if err := validateStringParam(clientID, "clientID"); err != nil { + return nil, err + } + if err := validateStringParam(resource, "resource"); err != nil { + return nil, err + } + if jwtCallback == nil { + return nil, fmt.Errorf("parameter 'jwtCallback' cannot be empty") + } return NewServicePrincipalTokenWithSecret( oauthConfig, clientID, resource, &ServicePrincipalFederatedSecret{ - jwt: jwt, + jwtCallback: jwtCallback, }, callbacks..., ) diff --git a/vendor/github.com/Azure/go-autorest/autorest/autorest.go b/vendor/github.com/Azure/go-autorest/autorest/autorest.go index aafdf021fd6f..211c98d1ed04 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/autorest.go +++ b/vendor/github.com/Azure/go-autorest/autorest/autorest.go @@ -6,33 +6,33 @@ generated Go code. The package breaks sending and responding to HTTP requests into three phases: Preparing, Sending, and Responding. A typical pattern is: - req, err := Prepare(&http.Request{}, - token.WithAuthorization()) + req, err := Prepare(&http.Request{}, + token.WithAuthorization()) - resp, err := Send(req, - WithLogging(logger), - DoErrorIfStatusCode(http.StatusInternalServerError), - DoCloseIfError(), - DoRetryForAttempts(5, time.Second)) + resp, err := Send(req, + WithLogging(logger), + DoErrorIfStatusCode(http.StatusInternalServerError), + DoCloseIfError(), + DoRetryForAttempts(5, time.Second)) - err = Respond(resp, - ByDiscardingBody(), - ByClosing()) + err = Respond(resp, + ByDiscardingBody(), + ByClosing()) Each phase relies on decorators to modify and / or manage processing. Decorators may first modify and then pass the data along, pass the data first and then modify the result, or wrap themselves around passing the data (such as a logger might do). Decorators run in the order provided. For example, the following: - req, err := Prepare(&http.Request{}, - WithBaseURL("https://microsoft.com/"), - WithPath("a"), - WithPath("b"), - WithPath("c")) + req, err := Prepare(&http.Request{}, + WithBaseURL("https://microsoft.com/"), + WithPath("a"), + WithPath("b"), + WithPath("c")) will set the URL to: - https://microsoft.com/a/b/c + https://microsoft.com/a/b/c Preparers and Responders may be shared and re-used (assuming the underlying decorators support sharing and re-use). Performant use is obtained by creating one or more Preparers and Responders diff --git a/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go b/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go index 1328f1764c23..868345db6868 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go +++ b/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go @@ -214,7 +214,7 @@ func (r Resource) String() string { // See https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-resource?tabs=json#resourceid. func ParseResourceID(resourceID string) (Resource, error) { - const resourceIDPatternText = `(?i)subscriptions/(.+)/resourceGroups/(.+)/providers/(.+?)/(.+?)/(.+)` + const resourceIDPatternText = `(?i)^/subscriptions/(.+)/resourceGroups/(.+)/providers/(.+?)/(.+?)/(.+)$` resourceIDPattern := regexp.MustCompile(resourceIDPatternText) match := resourceIDPattern.FindStringSubmatch(resourceID) diff --git a/vendor/github.com/Azure/go-autorest/autorest/utility.go b/vendor/github.com/Azure/go-autorest/autorest/utility.go index 3467b8fa6043..d35b3850ab34 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/utility.go +++ b/vendor/github.com/Azure/go-autorest/autorest/utility.go @@ -60,9 +60,9 @@ func NewDecoder(encodedAs EncodedAs, r io.Reader) Decoder { // is especially useful if there is a chance the data will fail to decode. // encodedAs specifies the expected encoding, r provides the io.Reader to the data, and v // is the decoding destination. -func CopyAndDecode(encodedAs EncodedAs, r io.Reader, v interface{}) (bytes.Buffer, error) { - b := bytes.Buffer{} - return b, NewDecoder(encodedAs, io.TeeReader(r, &b)).Decode(v) +func CopyAndDecode(encodedAs EncodedAs, r io.Reader, v interface{}) (b bytes.Buffer, err error) { + err = NewDecoder(encodedAs, io.TeeReader(r, &b)).Decode(v) + return } // TeeReadCloser returns a ReadCloser that writes to w what it reads from rc. diff --git a/vendor/github.com/cert-manager/cert-manager/LICENSE b/vendor/github.com/cert-manager/cert-manager/LICENSE new file mode 100644 index 000000000000..d64569567334 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/cert-manager/cert-manager/LICENSES b/vendor/github.com/cert-manager/cert-manager/LICENSES new file mode 100644 index 000000000000..22764fe9def5 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/LICENSES @@ -0,0 +1,169 @@ +cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.2.3/compute/metadata/LICENSE,Apache-2.0 +github.com/Azure/azure-sdk-for-go,https://github.com/Azure/azure-sdk-for-go/blob/v68.0.0/LICENSE.txt,MIT +github.com/Azure/go-autorest/autorest,https://github.com/Azure/go-autorest/blob/autorest/v0.11.29/autorest/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/autorest/adal,https://github.com/Azure/go-autorest/blob/autorest/adal/v0.9.23/autorest/adal/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/autorest/date,https://github.com/Azure/go-autorest/blob/autorest/date/v0.3.0/autorest/date/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/autorest/to,https://github.com/Azure/go-autorest/blob/autorest/to/v0.4.0/autorest/to/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/autorest/validation,https://github.com/Azure/go-autorest/blob/autorest/validation/v0.3.1/autorest/validation/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/logger,https://github.com/Azure/go-autorest/blob/logger/v0.2.1/logger/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/tracing,https://github.com/Azure/go-autorest/blob/tracing/v0.6.0/tracing/LICENSE,Apache-2.0 +github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT +github.com/NYTimes/gziphandler,https://github.com/NYTimes/gziphandler/blob/v1.1.1/LICENSE,Apache-2.0 +github.com/Venafi/vcert/v4,https://github.com/Venafi/vcert/blob/69f417ae176d/LICENSE,Apache-2.0 +github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0 +github.com/antlr/antlr4/runtime/Go/antlr/v4,https://github.com/antlr/antlr4/blob/8188dc5388df/runtime/Go/antlr/v4/LICENSE,BSD-3-Clause +github.com/asaskevich/govalidator,https://github.com/asaskevich/govalidator/blob/21a406dcc535/LICENSE,MIT +github.com/aws/aws-sdk-go,https://github.com/aws/aws-sdk-go/blob/v1.45.7/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go/internal/sync/singleflight,https://github.com/aws/aws-sdk-go/blob/v1.45.7/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT +github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT +github.com/cenkalti/backoff/v3,https://github.com/cenkalti/backoff/blob/v3.2.2/LICENSE,MIT +github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.2.1/LICENSE,MIT +github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/azuredns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/azuredns/LICENSE,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/clouddns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/clouddns/LICENSE,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/cloudflare,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/cloudflare/LICENSE,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/route53,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/route53/LICENSE,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/util/LICENSE,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/coreos/go-semver/semver,https://github.com/coreos/go-semver/blob/v0.3.1/LICENSE,Apache-2.0 +github.com/coreos/go-systemd/v22,https://github.com/coreos/go-systemd/blob/v22.5.0/LICENSE,Apache-2.0 +github.com/cpu/goacmedns,https://github.com/cpu/goacmedns/blob/v0.1.1/LICENSE,MIT +github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC +github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.102.1/LICENSE.txt,MIT +github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.102.1/LICENSE.txt,BSD-3-Clause +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.0/LICENSE,MIT +github.com/evanphx/json-patch,https://github.com/evanphx/json-patch/blob/v5.6.0/LICENSE,BSD-3-Clause +github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.6.0/v5/LICENSE,BSD-3-Clause +github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT +github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.6.0/LICENSE,BSD-3-Clause +github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.4/LICENSE,MIT +github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.1/LICENSE,Apache-2.0 +github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.1/json/LICENSE,BSD-3-Clause +github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.5/v3/LICENSE,MIT +github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.3.0/LICENSE,Apache-2.0 +github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 +github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.2.4/LICENSE,Apache-2.0 +github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.19.6/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.2/LICENSE,Apache-2.0 +github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.3/LICENSE,Apache-2.0 +github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause +github.com/golang-jwt/jwt/v4,https://github.com/golang-jwt/jwt/blob/v4.5.0/LICENSE,MIT +github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 +github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause +github.com/golang/snappy,https://github.com/golang/snappy/blob/v0.0.4/LICENSE,BSD-3-Clause +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.16.0/LICENSE,Apache-2.0 +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.16.0/LICENSE,BSD-3-Clause +github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 +github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause +github.com/google/go-querystring/query,https://github.com/google/go-querystring/blob/v1.1.0/LICENSE,BSD-3-Clause +github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 +github.com/google/s2a-go,https://github.com/google/s2a-go/blob/v0.1.7/LICENSE.md,Apache-2.0 +github.com/google/uuid,https://github.com/google/uuid/blob/v1.3.1/LICENSE,BSD-3-Clause +github.com/googleapis/enterprise-certificate-proxy/client,https://github.com/googleapis/enterprise-certificate-proxy/blob/v0.2.5/LICENSE,Apache-2.0 +github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/v2.12.0/v2/LICENSE,BSD-3-Clause +github.com/grpc-ecosystem/go-grpc-prometheus,https://github.com/grpc-ecosystem/go-grpc-prometheus/blob/v1.2.0/LICENSE,Apache-2.0 +github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.16.0/LICENSE.txt,BSD-3-Clause +github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 +github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 +github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.4/LICENSE,MPL-2.0 +github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 +github.com/hashicorp/go-secure-stdlib/parseutil,https://github.com/hashicorp/go-secure-stdlib/blob/parseutil/v0.1.7/parseutil/LICENSE,MPL-2.0 +github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 +github.com/hashicorp/go-sockaddr,https://github.com/hashicorp/go-sockaddr/blob/v1.0.2/LICENSE,MPL-2.0 +github.com/hashicorp/hcl,https://github.com/hashicorp/hcl/blob/v1.0.1-vault-5/LICENSE,MPL-2.0 +github.com/hashicorp/vault/api,https://github.com/hashicorp/vault/blob/api/v1.10.0/api/LICENSE,MPL-2.0 +github.com/hashicorp/vault/sdk/helper,https://github.com/hashicorp/vault/blob/sdk/v0.10.0/sdk/LICENSE,MPL-2.0 +github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.13/LICENSE,BSD-3-Clause +github.com/jmespath/go-jmespath,https://github.com/jmespath/go-jmespath/blob/b0104c826a24/LICENSE,Apache-2.0 +github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT +github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LICENSE,MIT +github.com/kr/pretty,https://github.com/kr/pretty/blob/v0.3.1/License,MIT +github.com/kr/text,https://github.com/kr/text/blob/v0.2.0/License,MIT +github.com/mailru/easyjson,https://github.com/mailru/easyjson/blob/v0.7.7/LICENSE,MIT +github.com/matttproud/golang_protobuf_extensions/pbutil,https://github.com/matttproud/golang_protobuf_extensions/blob/v1.0.4/LICENSE,Apache-2.0 +github.com/miekg/dns,https://github.com/miekg/dns/blob/v1.1.55/LICENSE,BSD-3-Clause +github.com/mitchellh/go-homedir,https://github.com/mitchellh/go-homedir/blob/v1.1.0/LICENSE,MIT +github.com/mitchellh/mapstructure,https://github.com/mitchellh/mapstructure/blob/v1.5.0/LICENSE,MIT +github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0 +github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0 +github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause +github.com/patrickmn/go-cache,https://github.com/patrickmn/go-cache/blob/v2.1.0/LICENSE,MIT +github.com/pavlo-v-chernykh/keystore-go/v4,https://github.com/pavlo-v-chernykh/keystore-go/blob/v4.5.0/LICENSE,MIT +github.com/pierrec/lz4,https://github.com/pierrec/lz4/blob/v2.6.1/LICENSE,BSD-3-Clause +github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause +github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.16.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.4.0/LICENSE,Apache-2.0 +github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.44.0/LICENSE,Apache-2.0 +github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.44.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.10.1/LICENSE,Apache-2.0 +github.com/rogpeppe/go-internal/fmtsort,https://github.com/rogpeppe/go-internal/blob/v1.11.0/LICENSE,BSD-3-Clause +github.com/ryanuber/go-glob,https://github.com/ryanuber/go-glob/blob/v1.0.0/LICENSE,MIT +github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.9.3/LICENSE,MIT +github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.7.0/LICENSE.txt,Apache-2.0 +github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause +github.com/stoewer/go-strcase,https://github.com/stoewer/go-strcase/blob/v1.2.0/LICENSE,MIT +github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/1326539a0a0a/LICENSE,MIT +go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.9/api/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.9/client/pkg/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.9/client/v3/LICENSE,Apache-2.0 +go.opencensus.io,https://github.com/census-instrumentation/opencensus-go/blob/v0.24.0/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.46.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.46.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 +go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.20.0/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.20.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.20.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.20.0/metric/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.20.0/sdk/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.20.0/trace/LICENSE,Apache-2.0 +go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.0.0/otlp/LICENSE,Apache-2.0 +go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.25.0/LICENSE.txt,MIT +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.14.0:LICENSE,BSD-3-Clause +golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/92128663:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.12.0:LICENSE,BSD-3-Clause +golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.3.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.14.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.13.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.13.0:LICENSE,BSD-3-Clause +golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.3.0:LICENSE,BSD-3-Clause +gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 +google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.140.0/LICENSE,BSD-3-Clause +google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.140.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause +google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/b8732ec3820d/googleapis/api/LICENSE,Apache-2.0 +google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/2d3300fd4832/googleapis/rpc/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.59.0/LICENSE,Apache-2.0 +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.31.0/LICENSE,BSD-3-Clause +gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause +gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.62.0/LICENSE,Apache-2.0 +gopkg.in/natefinch/lumberjack.v2,https://github.com/natefinch/lumberjack/blob/v2.2.1/LICENSE,MIT +gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 +gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT +k8s.io/api,https://github.com/kubernetes/api/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.28.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.100.1/LICENSE,Apache-2.0 +k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/pkg/validation/errors/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/pkg/validation/strfmt/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/3b25d923346b/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/3b25d923346b/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.1.2/konnectivity-client/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.16.1/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v0.8.0/LICENSE,Apache-2.0 +sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 +sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause +sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.3.0/LICENSE,Apache-2.0 +sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,MIT +sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,BSD-3-Clause +software.sslmate.com/src/go-pkcs12,https://github.com/SSLMate/go-pkcs12/blob/v0.2.1/LICENSE,BSD-3-Clause diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/doc.go new file mode 100644 index 000000000000..745de66dc2e5 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +groupName=acme.cert-manager.io + +// Package acme contains types in the acme cert-manager API group +package acme + +const GroupName = "acme.cert-manager.io" diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/const.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/const.go new file mode 100644 index 000000000000..287ed2f6d7d2 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/const.go @@ -0,0 +1,21 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +const ( + ACMEFinalizer = "finalizer.acme.cert-manager.io" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go new file mode 100644 index 000000000000..92b6583d6296 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1 is the v1 version of the API. +// +k8s:deepcopy-gen=package,register +// +groupName=acme.cert-manager.io +package v1 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/register.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/register.go new file mode 100644 index 000000000000..e36ef7cf2166 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/register.go @@ -0,0 +1,58 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + "github.com/cert-manager/cert-manager/pkg/apis/acme" +) + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: acme.GroupName, Version: "v1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &Order{}, + &OrderList{}, + &Challenge{}, + &ChallengeList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go new file mode 100644 index 000000000000..edfc16f1e655 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go @@ -0,0 +1,57 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +const ( + // ACMECertificateHTTP01IngressNameOverride is annotation to override ingress name. + // If this annotation is specified on a Certificate or Order resource when + // using the HTTP01 solver type, the ingress.name field of the HTTP01 + // solver's configuration will be set to the value given here. + // This is especially useful for users of Ingress controllers that maintain + // a 1:1 mapping between endpoint IP and Ingress resource. + ACMECertificateHTTP01IngressNameOverride = "acme.cert-manager.io/http01-override-ingress-name" + + // ACMECertificateHTTP01IngressClassOverride is annotation to override ingress class. + // If this annotation is specified on a Certificate or Order resource when + // using the HTTP01 solver type, the ingress.class field of the HTTP01 + // solver's configuration will be set to the value given here. + // This is especially useful for users deploying many different ingress + // classes into a single cluster that want to be able to re-use a single + // solver for each ingress class. + ACMECertificateHTTP01IngressClassOverride = "acme.cert-manager.io/http01-override-ingress-class" + + // IngressEditInPlaceAnnotationKey is used to toggle the use of ingressClass instead + // of ingress on the created Certificate resource + IngressEditInPlaceAnnotationKey = "acme.cert-manager.io/http01-edit-in-place" + + // DomainLabelKey is added to the labels of a Pod serving an ACME challenge. + // Its value will be the hash of the domain name that is being verified. + DomainLabelKey = "acme.cert-manager.io/http-domain" + + // TokenLabelKey is added to the labels of a Pod serving an ACME challenge. + // Its value will be the hash of the challenge token that is being served by the pod. + TokenLabelKey = "acme.cert-manager.io/http-token" + + // SolverIdentificationLabelKey is added to the labels of a Pod serving an ACME challenge. + // Its value will be the "true" if the Pod is an HTTP-01 solver. + SolverIdentificationLabelKey = "acme.cert-manager.io/http01-solver" +) + +const ( + OrderKind = "Order" + ChallengeKind = "Challenge" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go new file mode 100644 index 000000000000..cfc4f2414290 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go @@ -0,0 +1,146 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// Challenge is a type to represent a Challenge request with an ACME server +// +k8s:openapi-gen=true +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state" +// +kubebuilder:printcolumn:name="Domain",type="string",JSONPath=".spec.dnsName" +// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason",description="",priority=1 +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=challenges +type Challenge struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + + Spec ChallengeSpec `json:"spec"` + // +optional + Status ChallengeStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ChallengeList is a list of Challenges +type ChallengeList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []Challenge `json:"items"` +} + +type ChallengeSpec struct { + // The URL of the ACME Challenge resource for this challenge. + // This can be used to lookup details about the status of this challenge. + URL string `json:"url"` + + // The URL to the ACME Authorization resource that this + // challenge is a part of. + AuthorizationURL string `json:"authorizationURL"` + + // dnsName is the identifier that this challenge is for, e.g. example.com. + // If the requested DNSName is a 'wildcard', this field MUST be set to the + // non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + DNSName string `json:"dnsName"` + + // wildcard will be true if this challenge is for a wildcard identifier, + // for example '*.example.com'. + // +optional + Wildcard bool `json:"wildcard"` + + // The type of ACME challenge this resource represents. + // One of "HTTP-01" or "DNS-01". + Type ACMEChallengeType `json:"type"` + + // The ACME challenge token for this challenge. + // This is the raw value returned from the ACME server. + Token string `json:"token"` + + // The ACME challenge key for this challenge + // For HTTP01 challenges, this is the value that must be responded with to + // complete the HTTP01 challenge in the format: + // `.`. + // For DNS01 challenges, this is the base64 encoded SHA256 sum of the + // `.` + // text that must be set as the TXT record content. + Key string `json:"key"` + + // Contains the domain solving configuration that should be used to + // solve this challenge resource. + Solver ACMEChallengeSolver `json:"solver"` + + // References a properly configured ACME-type Issuer which should + // be used to create this Challenge. + // If the Issuer does not exist, processing will be retried. + // If the Issuer is not an 'ACME' Issuer, an error will be returned and the + // Challenge will be marked as failed. + IssuerRef cmmeta.ObjectReference `json:"issuerRef"` +} + +// The type of ACME challenge. Only HTTP-01 and DNS-01 are supported. +// +kubebuilder:validation:Enum=HTTP-01;DNS-01 +type ACMEChallengeType string + +const ( + // ACMEChallengeTypeHTTP01 denotes a Challenge is of type http-01 + // More info: https://letsencrypt.org/docs/challenge-types/#http-01-challenge + ACMEChallengeTypeHTTP01 ACMEChallengeType = "HTTP-01" + + // ACMEChallengeTypeDNS01 denotes a Challenge is of type dns-01 + // More info: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge + ACMEChallengeTypeDNS01 ACMEChallengeType = "DNS-01" +) + +type ChallengeStatus struct { + // Used to denote whether this challenge should be processed or not. + // This field will only be set to true by the 'scheduling' component. + // It will only be set to false by the 'challenges' controller, after the + // challenge has reached a final state or timed out. + // If this field is set to false, the challenge controller will not take + // any more action. + // +optional + Processing bool `json:"processing"` + + // presented will be set to true if the challenge values for this challenge + // are currently 'presented'. + // This *does not* imply the self check is passing. Only that the values + // have been 'submitted' for the appropriate challenge mechanism (i.e. the + // DNS01 TXT record has been presented, or the HTTP01 configuration has been + // configured). + // +optional + Presented bool `json:"presented"` + + // Contains human readable information on why the Challenge is in the + // current state. + // +optional + Reason string `json:"reason,omitempty"` + + // Contains the current 'state' of the challenge. + // If not set, the state of the challenge is unknown. + // +optional + State State `json:"state,omitempty"` +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go new file mode 100644 index 000000000000..9f663280cbcc --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go @@ -0,0 +1,650 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + gwapi "sigs.k8s.io/gateway-api/apis/v1beta1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// ACMEIssuer contains the specification for an ACME issuer. +// This uses the RFC8555 specification to obtain certificates by completing +// 'challenges' to prove ownership of domain identifiers. +// Earlier draft versions of the ACME specification are not supported. +type ACMEIssuer struct { + // Email is the email address to be associated with the ACME account. + // This field is optional, but it is strongly recommended to be set. + // It will be used to contact you in case of issues with your account or + // certificates, including expiry notification emails. + // This field may be updated after the account is initially registered. + // +optional + Email string `json:"email,omitempty"` + + // Server is the URL used to access the ACME server's 'directory' endpoint. + // For example, for Let's Encrypt's staging endpoint, you would use: + // "https://acme-staging-v02.api.letsencrypt.org/directory". + // Only ACME v2 endpoints (i.e. RFC 8555) are supported. + Server string `json:"server"` + + // PreferredChain is the chain to use if the ACME server outputs multiple. + // PreferredChain is no guarantee that this one gets delivered by the ACME + // endpoint. + // For example, for Let's Encrypt's DST crosssign you would use: + // "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. + // This value picks the first certificate bundle in the ACME alternative + // chains that has a certificate with this value as its issuer's CN + // +optional + // +kubebuilder:validation:MaxLength=64 + PreferredChain string `json:"preferredChain,omitempty"` + + // Base64-encoded bundle of PEM CAs which can be used to validate the certificate + // chain presented by the ACME server. + // Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various + // kinds of security vulnerabilities. + // If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + // the container is used to validate the TLS connection. + // +optional + CABundle []byte `json:"caBundle,omitempty"` + + // INSECURE: Enables or disables validation of the ACME server TLS certificate. + // If true, requests to the ACME server will not have the TLS certificate chain + // validated. + // Mutually exclusive with CABundle; prefer using CABundle to prevent various + // kinds of security vulnerabilities. + // Only enable this option in development environments. + // If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + // the container is used to validate the TLS connection. + // Defaults to false. + // +optional + SkipTLSVerify bool `json:"skipTLSVerify,omitempty"` + + // ExternalAccountBinding is a reference to a CA external account of the ACME + // server. + // If set, upon registration cert-manager will attempt to associate the given + // external account credentials with the registered ACME account. + // +optional + ExternalAccountBinding *ACMEExternalAccountBinding `json:"externalAccountBinding,omitempty"` + + // PrivateKey is the name of a Kubernetes Secret resource that will be used to + // store the automatically generated ACME account private key. + // Optionally, a `key` may be specified to select a specific entry within + // the named Secret resource. + // If `key` is not specified, a default of `tls.key` will be used. + PrivateKey cmmeta.SecretKeySelector `json:"privateKeySecretRef"` + + // Solvers is a list of challenge solvers that will be used to solve + // ACME challenges for the matching domains. + // Solver configurations must be provided in order to obtain certificates + // from an ACME server. + // For more information, see: https://cert-manager.io/docs/configuration/acme/ + // +optional + Solvers []ACMEChallengeSolver `json:"solvers,omitempty"` + + // Enables or disables generating a new ACME account key. + // If true, the Issuer resource will *not* request a new account but will expect + // the account key to be supplied via an existing secret. + // If false, the cert-manager system will generate a new ACME account key + // for the Issuer. + // Defaults to false. + // +optional + DisableAccountKeyGeneration bool `json:"disableAccountKeyGeneration,omitempty"` + + // Enables requesting a Not After date on certificates that matches the + // duration of the certificate. This is not supported by all ACME servers + // like Let's Encrypt. If set to true when the ACME server does not support + // it it will create an error on the Order. + // Defaults to false. + // +optional + EnableDurationFeature bool `json:"enableDurationFeature,omitempty"` +} + +// ACMEExternalAccountBinding is a reference to a CA external account of the ACME +// server. +type ACMEExternalAccountBinding struct { + // keyID is the ID of the CA key that the External Account is bound to. + KeyID string `json:"keyID"` + + // keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes + // Secret which holds the symmetric MAC key of the External Account Binding. + // The `key` is the index string that is paired with the key data in the + // Secret and should not be confused with the key data itself, or indeed with + // the External Account Binding keyID above. + // The secret key stored in the Secret **must** be un-padded, base64 URL + // encoded data. + Key cmmeta.SecretKeySelector `json:"keySecretRef"` + + // Deprecated: keyAlgorithm field exists for historical compatibility + // reasons and should not be used. The algorithm is now hardcoded to HS256 + // in golang/x/crypto/acme. + // +optional + KeyAlgorithm HMACKeyAlgorithm `json:"keyAlgorithm,omitempty"` +} + +// HMACKeyAlgorithm is the name of a key algorithm used for HMAC encryption +// +kubebuilder:validation:Enum=HS256;HS384;HS512 +type HMACKeyAlgorithm string + +const ( + HS256 HMACKeyAlgorithm = "HS256" + HS384 HMACKeyAlgorithm = "HS384" + HS512 HMACKeyAlgorithm = "HS512" +) + +// An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. +// A selector may be provided to use different solving strategies for different DNS names. +// Only one of HTTP01 or DNS01 must be provided. +type ACMEChallengeSolver struct { + // Selector selects a set of DNSNames on the Certificate resource that + // should be solved using this challenge solver. + // If not specified, the solver will be treated as the 'default' solver + // with the lowest priority, i.e. if any other solver has a more specific + // match, it will be used instead. + // +optional + Selector *CertificateDNSNameSelector `json:"selector,omitempty"` + + // Configures cert-manager to attempt to complete authorizations by + // performing the HTTP01 challenge flow. + // It is not possible to obtain certificates for wildcard domain names + // (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + // +optional + HTTP01 *ACMEChallengeSolverHTTP01 `json:"http01,omitempty"` + + // Configures cert-manager to attempt to complete authorizations by + // performing the DNS01 challenge flow. + // +optional + DNS01 *ACMEChallengeSolverDNS01 `json:"dns01,omitempty"` +} + +// CertificateDNSNameSelector selects certificates using a label selector, and +// can optionally select individual DNS names within those certificates. +// If both MatchLabels and DNSNames are empty, this selector will match all +// certificates and DNS names within them. +type CertificateDNSNameSelector struct { + // A label selector that is used to refine the set of certificate's that + // this challenge solver will apply to. + // +optional + MatchLabels map[string]string `json:"matchLabels,omitempty"` + + // List of DNSNames that this solver will be used to solve. + // If specified and a match is found, a dnsNames selector will take + // precedence over a dnsZones selector. + // If multiple solvers match with the same dnsNames value, the solver + // with the most matching labels in matchLabels will be selected. + // If neither has more matches, the solver defined earlier in the list + // will be selected. + // +optional + DNSNames []string `json:"dnsNames,omitempty"` + + // List of DNSZones that this solver will be used to solve. + // The most specific DNS zone match specified here will take precedence + // over other DNS zone matches, so a solver specifying sys.example.com + // will be selected over one specifying example.com for the domain + // www.sys.example.com. + // If multiple solvers match with the same dnsZones value, the solver + // with the most matching labels in matchLabels will be selected. + // If neither has more matches, the solver defined earlier in the list + // will be selected. + // +optional + DNSZones []string `json:"dnsZones,omitempty"` +} + +// ACMEChallengeSolverHTTP01 contains configuration detailing how to solve +// HTTP01 challenges within a Kubernetes cluster. +// Typically this is accomplished through creating 'routes' of some description +// that configure ingress controllers to direct traffic to 'solver pods', which +// are responsible for responding to the ACME server's HTTP requests. +// Only one of Ingress / Gateway can be specified. +type ACMEChallengeSolverHTTP01 struct { + // The ingress based HTTP01 challenge solver will solve challenges by + // creating or modifying Ingress resources in order to route requests for + // '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are + // provisioned by cert-manager for each Challenge to be completed. + // +optional + Ingress *ACMEChallengeSolverHTTP01Ingress `json:"ingress,omitempty"` + + // The Gateway API is a sig-network community API that models service networking + // in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will + // create HTTPRoutes with the specified labels in the same namespace as the challenge. + // This solver is experimental, and fields / behaviour may change in the future. + // +optional + GatewayHTTPRoute *ACMEChallengeSolverHTTP01GatewayHTTPRoute `json:"gatewayHTTPRoute,omitempty"` +} + +type ACMEChallengeSolverHTTP01Ingress struct { + // Optional service type for Kubernetes solver service. Supported values + // are NodePort or ClusterIP. If unset, defaults to NodePort. + // +optional + ServiceType corev1.ServiceType `json:"serviceType,omitempty"` + + // This field configures the field `ingressClassName` on the created Ingress + // resources used to solve ACME challenges that use this challenge solver. + // This is the recommended way of configuring the ingress class. Only one of + // `class`, `name` or `ingressClassName` may be specified. + // +optional + IngressClassName *string `json:"ingressClassName,omitempty"` + + // This field configures the annotation `kubernetes.io/ingress.class` when + // creating Ingress resources to solve ACME challenges that use this + // challenge solver. Only one of `class`, `name` or `ingressClassName` may + // be specified. + // +optional + Class *string `json:"class,omitempty"` + + // The name of the ingress resource that should have ACME challenge solving + // routes inserted into it in order to solve HTTP01 challenges. + // This is typically used in conjunction with ingress controllers like + // ingress-gce, which maintains a 1:1 mapping between external IPs and + // ingress resources. Only one of `class`, `name` or `ingressClassName` may + // be specified. + // +optional + Name string `json:"name,omitempty"` + + // Optional pod template used to configure the ACME challenge solver pods + // used for HTTP01 challenges. + // +optional + PodTemplate *ACMEChallengeSolverHTTP01IngressPodTemplate `json:"podTemplate,omitempty"` + + // Optional ingress template used to configure the ACME challenge solver + // ingress used for HTTP01 challenges. + // +optional + IngressTemplate *ACMEChallengeSolverHTTP01IngressTemplate `json:"ingressTemplate,omitempty"` +} + +// The ACMEChallengeSolverHTTP01GatewayHTTPRoute solver will create HTTPRoute objects for a Gateway class +// routing to an ACME challenge solver pod. +type ACMEChallengeSolverHTTP01GatewayHTTPRoute struct { + // Optional service type for Kubernetes solver service. Supported values + // are NodePort or ClusterIP. If unset, defaults to NodePort. + // +optional + ServiceType corev1.ServiceType `json:"serviceType,omitempty"` + + // Custom labels that will be applied to HTTPRoutes created by cert-manager + // while solving HTTP-01 challenges. + // +optional + Labels map[string]string `json:"labels,omitempty"` + + // When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. + // cert-manager needs to know which parentRefs should be used when creating + // the HTTPRoute. Usually, the parentRef references a Gateway. See: + // https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + ParentRefs []gwapi.ParentReference `json:"parentRefs,omitempty"` +} + +type ACMEChallengeSolverHTTP01IngressPodTemplate struct { + // ObjectMeta overrides for the pod used to solve HTTP01 challenges. + // Only the 'labels' and 'annotations' fields may be set. + // If labels or annotations overlap with in-built values, the values here + // will override the in-built values. + // +optional + ACMEChallengeSolverHTTP01IngressPodObjectMeta `json:"metadata"` + + // PodSpec defines overrides for the HTTP01 challenge solver pod. + // Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. + // All other fields will be ignored. + // +optional + Spec ACMEChallengeSolverHTTP01IngressPodSpec `json:"spec"` +} + +type ACMEChallengeSolverHTTP01IngressPodObjectMeta struct { + // Annotations that should be added to the create ACME HTTP01 solver pods. + // +optional + Annotations map[string]string `json:"annotations,omitempty"` + + // Labels that should be added to the created ACME HTTP01 solver pods. + // +optional + Labels map[string]string `json:"labels,omitempty"` +} + +type ACMEChallengeSolverHTTP01IngressPodSpec struct { + // NodeSelector is a selector which must be true for the pod to fit on a node. + // Selector which must match a node's labels for the pod to be scheduled on that node. + // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + // +optional + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + + // If specified, the pod's scheduling constraints + // +optional + Affinity *corev1.Affinity `json:"affinity,omitempty"` + + // If specified, the pod's tolerations. + // +optional + Tolerations []corev1.Toleration `json:"tolerations,omitempty"` + + // If specified, the pod's priorityClassName. + // +optional + PriorityClassName string `json:"priorityClassName,omitempty"` + + // If specified, the pod's service account + // +optional + ServiceAccountName string `json:"serviceAccountName,omitempty"` + + // If specified, the pod's imagePullSecrets + // +optional + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"` +} + +type ACMEChallengeSolverHTTP01IngressTemplate struct { + // ObjectMeta overrides for the ingress used to solve HTTP01 challenges. + // Only the 'labels' and 'annotations' fields may be set. + // If labels or annotations overlap with in-built values, the values here + // will override the in-built values. + // +optional + ACMEChallengeSolverHTTP01IngressObjectMeta `json:"metadata"` +} + +type ACMEChallengeSolverHTTP01IngressObjectMeta struct { + // Annotations that should be added to the created ACME HTTP01 solver ingress. + // +optional + Annotations map[string]string `json:"annotations,omitempty"` + + // Labels that should be added to the created ACME HTTP01 solver ingress. + // +optional + Labels map[string]string `json:"labels,omitempty"` +} + +// Used to configure a DNS01 challenge provider to be used when solving DNS01 +// challenges. +// Only one DNS provider may be configured per solver. +type ACMEChallengeSolverDNS01 struct { + // CNAMEStrategy configures how the DNS01 provider should handle CNAME + // records when found in DNS zones. + // +optional + CNAMEStrategy CNAMEStrategy `json:"cnameStrategy,omitempty"` + + // Use the Akamai DNS zone management API to manage DNS01 challenge records. + // +optional + Akamai *ACMEIssuerDNS01ProviderAkamai `json:"akamai,omitempty"` + + // Use the Google Cloud DNS API to manage DNS01 challenge records. + // +optional + CloudDNS *ACMEIssuerDNS01ProviderCloudDNS `json:"cloudDNS,omitempty"` + + // Use the Cloudflare API to manage DNS01 challenge records. + // +optional + Cloudflare *ACMEIssuerDNS01ProviderCloudflare `json:"cloudflare,omitempty"` + + // Use the AWS Route53 API to manage DNS01 challenge records. + // +optional + Route53 *ACMEIssuerDNS01ProviderRoute53 `json:"route53,omitempty"` + + // Use the Microsoft Azure DNS API to manage DNS01 challenge records. + // +optional + AzureDNS *ACMEIssuerDNS01ProviderAzureDNS `json:"azureDNS,omitempty"` + + // Use the DigitalOcean DNS API to manage DNS01 challenge records. + // +optional + DigitalOcean *ACMEIssuerDNS01ProviderDigitalOcean `json:"digitalocean,omitempty"` + + // Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage + // DNS01 challenge records. + // +optional + AcmeDNS *ACMEIssuerDNS01ProviderAcmeDNS `json:"acmeDNS,omitempty"` + + // Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) + // to manage DNS01 challenge records. + // +optional + RFC2136 *ACMEIssuerDNS01ProviderRFC2136 `json:"rfc2136,omitempty"` + + // Configure an external webhook based DNS01 challenge solver to manage + // DNS01 challenge records. + // +optional + Webhook *ACMEIssuerDNS01ProviderWebhook `json:"webhook,omitempty"` +} + +// CNAMEStrategy configures how the DNS01 provider should handle CNAME records +// when found in DNS zones. +// By default, the None strategy will be applied (i.e. do not follow CNAMEs). +// +kubebuilder:validation:Enum=None;Follow +type CNAMEStrategy string + +const ( + // NoneStrategy indicates that no CNAME resolution strategy should be used + // when determining which DNS zone to update during DNS01 challenges. + NoneStrategy = "None" + + // FollowStrategy will cause cert-manager to recurse through CNAMEs in + // order to determine which DNS zone to update during DNS01 challenges. + // This is useful if you do not want to grant cert-manager access to your + // root DNS zone, and instead delegate the _acme-challenge.example.com + // subdomain to some other, less privileged domain. + FollowStrategy = "Follow" +) + +// ACMEIssuerDNS01ProviderAkamai is a structure containing the DNS +// configuration for Akamai DNS—Zone Record Management API +type ACMEIssuerDNS01ProviderAkamai struct { + ServiceConsumerDomain string `json:"serviceConsumerDomain"` + ClientToken cmmeta.SecretKeySelector `json:"clientTokenSecretRef"` + ClientSecret cmmeta.SecretKeySelector `json:"clientSecretSecretRef"` + AccessToken cmmeta.SecretKeySelector `json:"accessTokenSecretRef"` +} + +// ACMEIssuerDNS01ProviderCloudDNS is a structure containing the DNS +// configuration for Google Cloud DNS +type ACMEIssuerDNS01ProviderCloudDNS struct { + // +optional + ServiceAccount *cmmeta.SecretKeySelector `json:"serviceAccountSecretRef,omitempty"` + Project string `json:"project"` + + // HostedZoneName is an optional field that tells cert-manager in which + // Cloud DNS zone the challenge record has to be created. + // If left empty cert-manager will automatically choose a zone. + // +optional + HostedZoneName string `json:"hostedZoneName,omitempty"` +} + +// ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS +// configuration for Cloudflare. +// One of `apiKeySecretRef` or `apiTokenSecretRef` must be provided. +type ACMEIssuerDNS01ProviderCloudflare struct { + // Email of the account, only required when using API key based authentication. + // +optional + Email string `json:"email,omitempty"` + + // API key to use to authenticate with Cloudflare. + // Note: using an API token to authenticate is now the recommended method + // as it allows greater control of permissions. + // +optional + APIKey *cmmeta.SecretKeySelector `json:"apiKeySecretRef,omitempty"` + + // API token used to authenticate with Cloudflare. + // +optional + APIToken *cmmeta.SecretKeySelector `json:"apiTokenSecretRef,omitempty"` +} + +// ACMEIssuerDNS01ProviderDigitalOcean is a structure containing the DNS +// configuration for DigitalOcean Domains +type ACMEIssuerDNS01ProviderDigitalOcean struct { + Token cmmeta.SecretKeySelector `json:"tokenSecretRef"` +} + +// ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53 +// configuration for AWS +type ACMEIssuerDNS01ProviderRoute53 struct { + // The AccessKeyID is used for authentication. + // Cannot be set when SecretAccessKeyID is set. + // If neither the Access Key nor Key ID are set, we fall-back to using env + // vars, shared credentials file or AWS Instance metadata, + // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + // +optional + AccessKeyID string `json:"accessKeyID,omitempty"` + + // The SecretAccessKey is used for authentication. If set, pull the AWS + // access key ID from a key within a Kubernetes Secret. + // Cannot be set when AccessKeyID is set. + // If neither the Access Key nor Key ID are set, we fall-back to using env + // vars, shared credentials file or AWS Instance metadata, + // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + // +optional + SecretAccessKeyID *cmmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"` + + // The SecretAccessKey is used for authentication. + // If neither the Access Key nor Key ID are set, we fall-back to using env + // vars, shared credentials file or AWS Instance metadata, + // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + // +optional + SecretAccessKey cmmeta.SecretKeySelector `json:"secretAccessKeySecretRef"` + + // Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey + // or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + // +optional + Role string `json:"role,omitempty"` + + // If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + // +optional + HostedZoneID string `json:"hostedZoneID,omitempty"` + + // Always set the region when using AccessKeyID and SecretAccessKey + Region string `json:"region"` +} + +// ACMEIssuerDNS01ProviderAzureDNS is a structure containing the +// configuration for Azure DNS +type ACMEIssuerDNS01ProviderAzureDNS struct { + // if both this and ClientSecret are left unset MSI will be used + // +optional + ClientID string `json:"clientID,omitempty"` + + // if both this and ClientID are left unset MSI will be used + // +optional + ClientSecret *cmmeta.SecretKeySelector `json:"clientSecretSecretRef,omitempty"` + + // ID of the Azure subscription + SubscriptionID string `json:"subscriptionID"` + + // when specifying ClientID and ClientSecret then this field is also needed + // +optional + TenantID string `json:"tenantID,omitempty"` + + // resource group the DNS zone is located in + ResourceGroupName string `json:"resourceGroupName"` + + // name of the DNS zone that should be used + // +optional + HostedZoneName string `json:"hostedZoneName,omitempty"` + + // name of the Azure environment (default AzurePublicCloud) + // +optional + Environment AzureDNSEnvironment `json:"environment,omitempty"` + + // managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + // +optional + ManagedIdentity *AzureManagedIdentity `json:"managedIdentity,omitempty"` +} + +type AzureManagedIdentity struct { + // client ID of the managed identity, can not be used at the same time as resourceID + // +optional + ClientID string `json:"clientID,omitempty"` + + // resource ID of the managed identity, can not be used at the same time as clientID + // +optional + ResourceID string `json:"resourceID,omitempty"` +} + +// +kubebuilder:validation:Enum=AzurePublicCloud;AzureChinaCloud;AzureGermanCloud;AzureUSGovernmentCloud +type AzureDNSEnvironment string + +const ( + AzurePublicCloud AzureDNSEnvironment = "AzurePublicCloud" + AzureChinaCloud AzureDNSEnvironment = "AzureChinaCloud" + AzureGermanCloud AzureDNSEnvironment = "AzureGermanCloud" + AzureUSGovernmentCloud AzureDNSEnvironment = "AzureUSGovernmentCloud" +) + +// ACMEIssuerDNS01ProviderAcmeDNS is a structure containing the +// configuration for ACME-DNS servers +type ACMEIssuerDNS01ProviderAcmeDNS struct { + Host string `json:"host"` + + AccountSecret cmmeta.SecretKeySelector `json:"accountSecretRef"` +} + +// ACMEIssuerDNS01ProviderRFC2136 is a structure containing the +// configuration for RFC2136 DNS +type ACMEIssuerDNS01ProviderRFC2136 struct { + // The IP address or hostname of an authoritative DNS server supporting + // RFC2136 in the form host:port. If the host is an IPv6 address it must be + // enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. + // This field is required. + Nameserver string `json:"nameserver"` + + // The name of the secret containing the TSIG value. + // If ``tsigKeyName`` is defined, this field is required. + // +optional + TSIGSecret cmmeta.SecretKeySelector `json:"tsigSecretSecretRef,omitempty"` + + // The TSIG Key name configured in the DNS. + // If ``tsigSecretSecretRef`` is defined, this field is required. + // +optional + TSIGKeyName string `json:"tsigKeyName,omitempty"` + + // The TSIG Algorithm configured in the DNS supporting RFC2136. Used only + // when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. + // Supported values are (case-insensitive): ``HMACMD5`` (default), + // ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + // +optional + TSIGAlgorithm string `json:"tsigAlgorithm,omitempty"` +} + +// ACMEIssuerDNS01ProviderWebhook specifies configuration for a webhook DNS01 +// provider, including where to POST ChallengePayload resources. +type ACMEIssuerDNS01ProviderWebhook struct { + // The API group name that should be used when POSTing ChallengePayload + // resources to the webhook apiserver. + // This should be the same as the GroupName specified in the webhook + // provider implementation. + GroupName string `json:"groupName"` + + // The name of the solver to use, as defined in the webhook provider + // implementation. + // This will typically be the name of the provider, e.g. 'cloudflare'. + SolverName string `json:"solverName"` + + // Additional configuration that should be passed to the webhook apiserver + // when challenges are processed. + // This can contain arbitrary JSON data. + // Secret values should not be specified in this stanza. + // If secret values are needed (e.g. credentials for a DNS service), you + // should use a SecretKeySelector to reference a Secret resource. + // For details on the schema of this field, consult the webhook provider + // implementation's documentation. + // +optional + Config *apiextensionsv1.JSON `json:"config,omitempty"` +} + +type ACMEIssuerStatus struct { + // URI is the unique account identifier, which can also be used to retrieve + // account details from the CA + // +optional + URI string `json:"uri,omitempty"` + + // LastRegisteredEmail is the email associated with the latest registered + // ACME account, in order to track changes made to registered account + // associated with the Issuer + // +optional + LastRegisteredEmail string `json:"lastRegisteredEmail,omitempty"` + + // LastPrivateKeyHash is a hash of the private key associated with the latest + // registered ACME account, in order to track changes made to registered account + // associated with the Issuer + // +optional + LastPrivateKeyHash string `json:"lastPrivateKeyHash,omitempty"` +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go new file mode 100644 index 000000000000..e9a50a30134b --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go @@ -0,0 +1,240 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// Order is a type to represent an Order with an ACME server +// +k8s:openapi-gen=true +type Order struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + + Spec OrderSpec `json:"spec"` + // +optional + Status OrderStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OrderList is a list of Orders +type OrderList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []Order `json:"items"` +} + +type OrderSpec struct { + // Certificate signing request bytes in DER encoding. + // This will be used when finalizing the order. + // This field must be set on the order. + Request []byte `json:"request"` + + // IssuerRef references a properly configured ACME-type Issuer which should + // be used to create this Order. + // If the Issuer does not exist, processing will be retried. + // If the Issuer is not an 'ACME' Issuer, an error will be returned and the + // Order will be marked as failed. + IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + + // CommonName is the common name as specified on the DER encoded CSR. + // If specified, this value must also be present in `dnsNames` or `ipAddresses`. + // This field must match the corresponding field on the DER encoded CSR. + // +optional + CommonName string `json:"commonName,omitempty"` + + // DNSNames is a list of DNS names that should be included as part of the Order + // validation process. + // This field must match the corresponding field on the DER encoded CSR. + //+optional + DNSNames []string `json:"dnsNames,omitempty"` + + // IPAddresses is a list of IP addresses that should be included as part of the Order + // validation process. + // This field must match the corresponding field on the DER encoded CSR. + // +optional + IPAddresses []string `json:"ipAddresses,omitempty"` + + // Duration is the duration for the not after date for the requested certificate. + // this is set on order creation as pe the ACME spec. + // +optional + Duration *metav1.Duration `json:"duration,omitempty"` +} + +type OrderStatus struct { + // URL of the Order. + // This will initially be empty when the resource is first created. + // The Order controller will populate this field when the Order is first processed. + // This field will be immutable after it is initially set. + // +optional + URL string `json:"url,omitempty"` + + // FinalizeURL of the Order. + // This is used to obtain certificates for this order once it has been completed. + // +optional + FinalizeURL string `json:"finalizeURL,omitempty"` + + // Authorizations contains data returned from the ACME server on what + // authorizations must be completed in order to validate the DNS names + // specified on the Order. + // +optional + Authorizations []ACMEAuthorization `json:"authorizations,omitempty"` + + // Certificate is a copy of the PEM encoded certificate for this Order. + // This field will be populated after the order has been successfully + // finalized with the ACME server, and the order has transitioned to the + // 'valid' state. + // +optional + Certificate []byte `json:"certificate,omitempty"` + + // State contains the current state of this Order resource. + // States 'success' and 'expired' are 'final' + // +optional + State State `json:"state,omitempty"` + + // Reason optionally provides more information about a why the order is in + // the current state. + // +optional + Reason string `json:"reason,omitempty"` + + // FailureTime stores the time that this order failed. + // This is used to influence garbage collection and back-off. + // +optional + FailureTime *metav1.Time `json:"failureTime,omitempty"` +} + +// ACMEAuthorization contains data returned from the ACME server on an +// authorization that must be completed in order validate a DNS name on an ACME +// Order resource. +type ACMEAuthorization struct { + // URL is the URL of the Authorization that must be completed + URL string `json:"url"` + + // Identifier is the DNS name to be validated as part of this authorization + // +optional + Identifier string `json:"identifier,omitempty"` + + // Wildcard will be true if this authorization is for a wildcard DNS name. + // If this is true, the identifier will be the *non-wildcard* version of + // the DNS name. + // For example, if '*.example.com' is the DNS name being validated, this + // field will be 'true' and the 'identifier' field will be 'example.com'. + // +optional + Wildcard *bool `json:"wildcard,omitempty"` + + // InitialState is the initial state of the ACME authorization when first + // fetched from the ACME server. + // If an Authorization is already 'valid', the Order controller will not + // create a Challenge resource for the authorization. This will occur when + // working with an ACME server that enables 'authz reuse' (such as Let's + // Encrypt's production endpoint). + // If not set and 'identifier' is set, the state is assumed to be pending + // and a Challenge will be created. + // +optional + InitialState State `json:"initialState,omitempty"` + + // Challenges specifies the challenge types offered by the ACME server. + // One of these challenge types will be selected when validating the DNS + // name and an appropriate Challenge resource will be created to perform + // the ACME challenge process. + // +optional + Challenges []ACMEChallenge `json:"challenges,omitempty"` +} + +// Challenge specifies a challenge offered by the ACME server for an Order. +// An appropriate Challenge resource can be created to perform the ACME +// challenge process. +type ACMEChallenge struct { + // URL is the URL of this challenge. It can be used to retrieve additional + // metadata about the Challenge from the ACME server. + URL string `json:"url"` + + // Token is the token that must be presented for this challenge. + // This is used to compute the 'key' that must also be presented. + Token string `json:"token"` + + // Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', + // 'tls-sni-01', etc. + // This is the raw value retrieved from the ACME server. + // Only 'http-01' and 'dns-01' are supported by cert-manager, other values + // will be ignored. + Type string `json:"type"` +} + +// State represents the state of an ACME resource, such as an Order. +// The possible options here map to the corresponding values in the +// ACME specification. +// Full details of these values can be found here: https://tools.ietf.org/html/draft-ietf-acme-acme-15#section-7.1.6 +// Clients utilising this type must also gracefully handle unknown +// values, as the contents of this enumeration may be added to over time. +// +kubebuilder:validation:Enum=valid;ready;pending;processing;invalid;expired;errored +type State string + +const ( + // Unknown is not a real state as part of the ACME spec. + // It is used to represent an unrecognised value. + Unknown State = "" + + // Valid signifies that an ACME resource is in a valid state. + // If an order is 'valid', it has been finalized with the ACME server and + // the certificate can be retrieved from the ACME server using the + // certificate URL stored in the Order's status subresource. + // This is a final state. + Valid State = "valid" + + // Ready signifies that an ACME resource is in a ready state. + // If an order is 'ready', all of its challenges have been completed + // successfully and the order is ready to be finalized. + // Once finalized, it will transition to the Valid state. + // This is a transient state. + Ready State = "ready" + + // Pending signifies that an ACME resource is still pending and is not yet ready. + // If an Order is marked 'Pending', the validations for that Order are still in progress. + // This is a transient state. + Pending State = "pending" + + // Processing signifies that an ACME resource is being processed by the server. + // If an Order is marked 'Processing', the validations for that Order are currently being processed. + // This is a transient state. + Processing State = "processing" + + // Invalid signifies that an ACME resource is invalid for some reason. + // If an Order is marked 'invalid', one of its validations be have invalid for some reason. + // This is a final state. + Invalid State = "invalid" + + // Expired signifies that an ACME resource has expired. + // If an Order is marked 'Expired', one of its validations may have expired or the Order itself. + // This is a final state. + Expired State = "expired" + + // Errored signifies that the ACME resource has errored for some reason. + // This is a catch-all state, and is used for marking internal cert-manager + // errors such as validation failures. + // This is a final state. + Errored State = "errored" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go new file mode 100644 index 000000000000..b5472216ccd9 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go @@ -0,0 +1,919 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + corev1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEAuthorization) DeepCopyInto(out *ACMEAuthorization) { + *out = *in + if in.Wildcard != nil { + in, out := &in.Wildcard, &out.Wildcard + *out = new(bool) + **out = **in + } + if in.Challenges != nil { + in, out := &in.Challenges, &out.Challenges + *out = make([]ACMEChallenge, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEAuthorization. +func (in *ACMEAuthorization) DeepCopy() *ACMEAuthorization { + if in == nil { + return nil + } + out := new(ACMEAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallenge) DeepCopyInto(out *ACMEChallenge) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallenge. +func (in *ACMEChallenge) DeepCopy() *ACMEChallenge { + if in == nil { + return nil + } + out := new(ACMEChallenge) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolver) DeepCopyInto(out *ACMEChallengeSolver) { + *out = *in + if in.Selector != nil { + in, out := &in.Selector, &out.Selector + *out = new(CertificateDNSNameSelector) + (*in).DeepCopyInto(*out) + } + if in.HTTP01 != nil { + in, out := &in.HTTP01, &out.HTTP01 + *out = new(ACMEChallengeSolverHTTP01) + (*in).DeepCopyInto(*out) + } + if in.DNS01 != nil { + in, out := &in.DNS01, &out.DNS01 + *out = new(ACMEChallengeSolverDNS01) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolver. +func (in *ACMEChallengeSolver) DeepCopy() *ACMEChallengeSolver { + if in == nil { + return nil + } + out := new(ACMEChallengeSolver) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverDNS01) DeepCopyInto(out *ACMEChallengeSolverDNS01) { + *out = *in + if in.Akamai != nil { + in, out := &in.Akamai, &out.Akamai + *out = new(ACMEIssuerDNS01ProviderAkamai) + **out = **in + } + if in.CloudDNS != nil { + in, out := &in.CloudDNS, &out.CloudDNS + *out = new(ACMEIssuerDNS01ProviderCloudDNS) + (*in).DeepCopyInto(*out) + } + if in.Cloudflare != nil { + in, out := &in.Cloudflare, &out.Cloudflare + *out = new(ACMEIssuerDNS01ProviderCloudflare) + (*in).DeepCopyInto(*out) + } + if in.Route53 != nil { + in, out := &in.Route53, &out.Route53 + *out = new(ACMEIssuerDNS01ProviderRoute53) + (*in).DeepCopyInto(*out) + } + if in.AzureDNS != nil { + in, out := &in.AzureDNS, &out.AzureDNS + *out = new(ACMEIssuerDNS01ProviderAzureDNS) + (*in).DeepCopyInto(*out) + } + if in.DigitalOcean != nil { + in, out := &in.DigitalOcean, &out.DigitalOcean + *out = new(ACMEIssuerDNS01ProviderDigitalOcean) + **out = **in + } + if in.AcmeDNS != nil { + in, out := &in.AcmeDNS, &out.AcmeDNS + *out = new(ACMEIssuerDNS01ProviderAcmeDNS) + **out = **in + } + if in.RFC2136 != nil { + in, out := &in.RFC2136, &out.RFC2136 + *out = new(ACMEIssuerDNS01ProviderRFC2136) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(ACMEIssuerDNS01ProviderWebhook) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverDNS01. +func (in *ACMEChallengeSolverDNS01) DeepCopy() *ACMEChallengeSolverDNS01 { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverDNS01) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01) DeepCopyInto(out *ACMEChallengeSolverHTTP01) { + *out = *in + if in.Ingress != nil { + in, out := &in.Ingress, &out.Ingress + *out = new(ACMEChallengeSolverHTTP01Ingress) + (*in).DeepCopyInto(*out) + } + if in.GatewayHTTPRoute != nil { + in, out := &in.GatewayHTTPRoute, &out.GatewayHTTPRoute + *out = new(ACMEChallengeSolverHTTP01GatewayHTTPRoute) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01. +func (in *ACMEChallengeSolverHTTP01) DeepCopy() *ACMEChallengeSolverHTTP01 { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01GatewayHTTPRoute) DeepCopyInto(out *ACMEChallengeSolverHTTP01GatewayHTTPRoute) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.ParentRefs != nil { + in, out := &in.ParentRefs, &out.ParentRefs + *out = make([]v1beta1.ParentReference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01GatewayHTTPRoute. +func (in *ACMEChallengeSolverHTTP01GatewayHTTPRoute) DeepCopy() *ACMEChallengeSolverHTTP01GatewayHTTPRoute { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01GatewayHTTPRoute) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopyInto(out *ACMEChallengeSolverHTTP01Ingress) { + *out = *in + if in.IngressClassName != nil { + in, out := &in.IngressClassName, &out.IngressClassName + *out = new(string) + **out = **in + } + if in.Class != nil { + in, out := &in.Class, &out.Class + *out = new(string) + **out = **in + } + if in.PodTemplate != nil { + in, out := &in.PodTemplate, &out.PodTemplate + *out = new(ACMEChallengeSolverHTTP01IngressPodTemplate) + (*in).DeepCopyInto(*out) + } + if in.IngressTemplate != nil { + in, out := &in.IngressTemplate, &out.IngressTemplate + *out = new(ACMEChallengeSolverHTTP01IngressTemplate) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01Ingress. +func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopy() *ACMEChallengeSolverHTTP01Ingress { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01Ingress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressObjectMeta) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressObjectMeta. +func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressObjectMeta { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressObjectMeta) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodObjectMeta) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodObjectMeta. +func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodObjectMeta { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressPodObjectMeta) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodSpec) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Affinity != nil { + in, out := &in.Affinity, &out.Affinity + *out = new(corev1.Affinity) + (*in).DeepCopyInto(*out) + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]corev1.LocalObjectReference, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodSpec. +func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodSpec { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressPodSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodTemplate) { + *out = *in + in.ACMEChallengeSolverHTTP01IngressPodObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressPodObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodTemplate. +func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodTemplate { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressPodTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressTemplate) { + *out = *in + in.ACMEChallengeSolverHTTP01IngressObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressObjectMeta) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressTemplate. +func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressTemplate { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEExternalAccountBinding) DeepCopyInto(out *ACMEExternalAccountBinding) { + *out = *in + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEExternalAccountBinding. +func (in *ACMEExternalAccountBinding) DeepCopy() *ACMEExternalAccountBinding { + if in == nil { + return nil + } + out := new(ACMEExternalAccountBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuer) DeepCopyInto(out *ACMEIssuer) { + *out = *in + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.ExternalAccountBinding != nil { + in, out := &in.ExternalAccountBinding, &out.ExternalAccountBinding + *out = new(ACMEExternalAccountBinding) + **out = **in + } + out.PrivateKey = in.PrivateKey + if in.Solvers != nil { + in, out := &in.Solvers, &out.Solvers + *out = make([]ACMEChallengeSolver, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuer. +func (in *ACMEIssuer) DeepCopy() *ACMEIssuer { + if in == nil { + return nil + } + out := new(ACMEIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAcmeDNS) { + *out = *in + out.AccountSecret = in.AccountSecret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAcmeDNS. +func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopy() *ACMEIssuerDNS01ProviderAcmeDNS { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderAcmeDNS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopyInto(out *ACMEIssuerDNS01ProviderAkamai) { + *out = *in + out.ClientToken = in.ClientToken + out.ClientSecret = in.ClientSecret + out.AccessToken = in.AccessToken + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAkamai. +func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopy() *ACMEIssuerDNS01ProviderAkamai { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderAkamai) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAzureDNS) { + *out = *in + if in.ClientSecret != nil { + in, out := &in.ClientSecret, &out.ClientSecret + *out = new(metav1.SecretKeySelector) + **out = **in + } + if in.ManagedIdentity != nil { + in, out := &in.ManagedIdentity, &out.ManagedIdentity + *out = new(AzureManagedIdentity) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAzureDNS. +func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopy() *ACMEIssuerDNS01ProviderAzureDNS { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderAzureDNS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudDNS) { + *out = *in + if in.ServiceAccount != nil { + in, out := &in.ServiceAccount, &out.ServiceAccount + *out = new(metav1.SecretKeySelector) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudDNS. +func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopy() *ACMEIssuerDNS01ProviderCloudDNS { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderCloudDNS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudflare) { + *out = *in + if in.APIKey != nil { + in, out := &in.APIKey, &out.APIKey + *out = new(metav1.SecretKeySelector) + **out = **in + } + if in.APIToken != nil { + in, out := &in.APIToken, &out.APIToken + *out = new(metav1.SecretKeySelector) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudflare. +func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopy() *ACMEIssuerDNS01ProviderCloudflare { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderCloudflare) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopyInto(out *ACMEIssuerDNS01ProviderDigitalOcean) { + *out = *in + out.Token = in.Token + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderDigitalOcean. +func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopy() *ACMEIssuerDNS01ProviderDigitalOcean { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderDigitalOcean) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopyInto(out *ACMEIssuerDNS01ProviderRFC2136) { + *out = *in + out.TSIGSecret = in.TSIGSecret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRFC2136. +func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC2136 { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderRFC2136) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) { + *out = *in + if in.SecretAccessKeyID != nil { + in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID + *out = new(metav1.SecretKeySelector) + **out = **in + } + out.SecretAccessKey = in.SecretAccessKey + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRoute53. +func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopy() *ACMEIssuerDNS01ProviderRoute53 { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderRoute53) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopyInto(out *ACMEIssuerDNS01ProviderWebhook) { + *out = *in + if in.Config != nil { + in, out := &in.Config, &out.Config + *out = new(apiextensionsv1.JSON) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderWebhook. +func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopy() *ACMEIssuerDNS01ProviderWebhook { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderWebhook) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerStatus) DeepCopyInto(out *ACMEIssuerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerStatus. +func (in *ACMEIssuerStatus) DeepCopy() *ACMEIssuerStatus { + if in == nil { + return nil + } + out := new(ACMEIssuerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureManagedIdentity) DeepCopyInto(out *AzureManagedIdentity) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureManagedIdentity. +func (in *AzureManagedIdentity) DeepCopy() *AzureManagedIdentity { + if in == nil { + return nil + } + out := new(AzureManagedIdentity) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateDNSNameSelector) DeepCopyInto(out *CertificateDNSNameSelector) { + *out = *in + if in.MatchLabels != nil { + in, out := &in.MatchLabels, &out.MatchLabels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.DNSNames != nil { + in, out := &in.DNSNames, &out.DNSNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.DNSZones != nil { + in, out := &in.DNSZones, &out.DNSZones + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateDNSNameSelector. +func (in *CertificateDNSNameSelector) DeepCopy() *CertificateDNSNameSelector { + if in == nil { + return nil + } + out := new(CertificateDNSNameSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Challenge) DeepCopyInto(out *Challenge) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Challenge. +func (in *Challenge) DeepCopy() *Challenge { + if in == nil { + return nil + } + out := new(Challenge) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Challenge) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ChallengeList) DeepCopyInto(out *ChallengeList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Challenge, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeList. +func (in *ChallengeList) DeepCopy() *ChallengeList { + if in == nil { + return nil + } + out := new(ChallengeList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ChallengeList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ChallengeSpec) DeepCopyInto(out *ChallengeSpec) { + *out = *in + in.Solver.DeepCopyInto(&out.Solver) + out.IssuerRef = in.IssuerRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeSpec. +func (in *ChallengeSpec) DeepCopy() *ChallengeSpec { + if in == nil { + return nil + } + out := new(ChallengeSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ChallengeStatus) DeepCopyInto(out *ChallengeStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeStatus. +func (in *ChallengeStatus) DeepCopy() *ChallengeStatus { + if in == nil { + return nil + } + out := new(ChallengeStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Order) DeepCopyInto(out *Order) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Order. +func (in *Order) DeepCopy() *Order { + if in == nil { + return nil + } + out := new(Order) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Order) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OrderList) DeepCopyInto(out *OrderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Order, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderList. +func (in *OrderList) DeepCopy() *OrderList { + if in == nil { + return nil + } + out := new(OrderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OrderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OrderSpec) DeepCopyInto(out *OrderSpec) { + *out = *in + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.IssuerRef = in.IssuerRef + if in.DNSNames != nil { + in, out := &in.DNSNames, &out.DNSNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IPAddresses != nil { + in, out := &in.IPAddresses, &out.IPAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(apismetav1.Duration) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderSpec. +func (in *OrderSpec) DeepCopy() *OrderSpec { + if in == nil { + return nil + } + out := new(OrderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OrderStatus) DeepCopyInto(out *OrderStatus) { + *out = *in + if in.Authorizations != nil { + in, out := &in.Authorizations, &out.Authorizations + *out = make([]ACMEAuthorization, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Certificate != nil { + in, out := &in.Certificate, &out.Certificate + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.FailureTime != nil { + in, out := &in.FailureTime, &out.FailureTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderStatus. +func (in *OrderStatus) DeepCopy() *OrderStatus { + if in == nil { + return nil + } + out := new(OrderStatus) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/doc.go new file mode 100644 index 000000000000..16c92a1d9879 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/doc.go @@ -0,0 +1,23 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +groupName=cert-manager.io +// +groupGoName=Certmanager + +// Package certmanager is the internal version of the API. +package certmanager + +const GroupName = "cert-manager.io" diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/const.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/const.go new file mode 100644 index 000000000000..7b8a8b0b6789 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/const.go @@ -0,0 +1,43 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import "time" + +const ( + // minimum permitted certificate duration by cert-manager + MinimumCertificateDuration = time.Hour + + // default certificate duration if Issuer.spec.duration is not set + DefaultCertificateDuration = time.Hour * 24 * 90 + + // minimum certificate duration before certificate expiration + MinimumRenewBefore = time.Minute * 5 + + // Deprecated: the default is now 2/3 of Certificate's duration + DefaultRenewBefore = time.Hour * 24 * 30 +) + +const ( + // Default index key for the Secret reference for Token authentication + DefaultVaultTokenAuthSecretKey = "token" + + // Default mount path location for Kubernetes ServiceAccount authentication + // (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so + // left as the default, `/v1/auth/kubernetes/login` will be called. + DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go new file mode 100644 index 000000000000..348211c68598 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1 is the v1 version of the API. +// +k8s:deepcopy-gen=package,register +// +groupName=cert-manager.io +// +groupGoName=Certmanager +package v1 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go new file mode 100644 index 000000000000..d757978fe0ce --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go @@ -0,0 +1,85 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + + cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" +) + +type GenericIssuer interface { + runtime.Object + metav1.Object + + GetObjectMeta() *metav1.ObjectMeta + GetSpec() *IssuerSpec + GetStatus() *IssuerStatus +} + +var _ GenericIssuer = &Issuer{} +var _ GenericIssuer = &ClusterIssuer{} + +func (c *ClusterIssuer) GetObjectMeta() *metav1.ObjectMeta { + return &c.ObjectMeta +} +func (c *ClusterIssuer) GetSpec() *IssuerSpec { + return &c.Spec +} +func (c *ClusterIssuer) GetStatus() *IssuerStatus { + return &c.Status +} +func (c *ClusterIssuer) SetSpec(spec IssuerSpec) { + c.Spec = spec +} +func (c *ClusterIssuer) SetStatus(status IssuerStatus) { + c.Status = status +} +func (c *ClusterIssuer) Copy() GenericIssuer { + return c.DeepCopy() +} +func (c *Issuer) GetObjectMeta() *metav1.ObjectMeta { + return &c.ObjectMeta +} +func (c *Issuer) GetSpec() *IssuerSpec { + return &c.Spec +} +func (c *Issuer) GetStatus() *IssuerStatus { + return &c.Status +} +func (c *Issuer) SetSpec(spec IssuerSpec) { + c.Spec = spec +} +func (c *Issuer) SetStatus(status IssuerStatus) { + c.Status = status +} +func (c *Issuer) Copy() GenericIssuer { + return c.DeepCopy() +} + +// TODO: refactor these functions away +func (i *IssuerStatus) ACMEStatus() *cmacme.ACMEIssuerStatus { + // this is an edge case, but this will prevent panics + if i == nil { + return &cmacme.ACMEIssuerStatus{} + } + if i.ACME == nil { + i.ACME = &cmacme.ACMEIssuerStatus{} + } + return i.ACME +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/register.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/register.go new file mode 100644 index 000000000000..fb745dbb642c --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/register.go @@ -0,0 +1,62 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + "github.com/cert-manager/cert-manager/pkg/apis/certmanager" +) + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: certmanager.GroupName, Version: "v1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &Certificate{}, + &CertificateList{}, + &Issuer{}, + &IssuerList{}, + &ClusterIssuer{}, + &ClusterIssuerList{}, + &CertificateRequest{}, + &CertificateRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go new file mode 100644 index 000000000000..276722793e95 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go @@ -0,0 +1,300 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +const ( + + // Common label keys added to resources + // Label key that indicates that a resource is of interest to + // cert-manager controller By default this is set on + // certificate.spec.secretName secret as well as on the temporary + // private key Secret. If using SecretsFilteredCaching feature, you + // might want to set this (with a value of 'true') to any other Secrets + // that cert-manager controller needs to read, such as issuer + // credentials Secrets. + // fao = 'for attention of' + // See https://github.com/cert-manager/cert-manager/blob/master/design/20221205-memory-management.md#risks-and-mitigations + PartOfCertManagerControllerLabelKey = "controller.cert-manager.io/fao" + + // Common annotation keys added to resources + + // Annotation key for DNS subjectAltNames. + AltNamesAnnotationKey = "cert-manager.io/alt-names" + + // Annotation key for IP subjectAltNames. + IPSANAnnotationKey = "cert-manager.io/ip-sans" + + // Annotation key for URI subjectAltNames. + URISANAnnotationKey = "cert-manager.io/uri-sans" + + // Annotation key for certificate common name. + CommonNameAnnotationKey = "cert-manager.io/common-name" + + // Duration key for certificate duration. + DurationAnnotationKey = "cert-manager.io/duration" + + // Annotation key for certificate renewBefore. + RenewBeforeAnnotationKey = "cert-manager.io/renew-before" + + // Annotation key for emails subjectAltNames. + EmailsAnnotationKey = "cert-manager.io/email-sans" + + // Annotation key for subject organization. + SubjectOrganizationsAnnotationKey = "cert-manager.io/subject-organizations" + + // Annotation key for subject organizational units. + SubjectOrganizationalUnitsAnnotationKey = "cert-manager.io/subject-organizationalunits" + + // Annotation key for subject organizational units. + SubjectCountriesAnnotationKey = "cert-manager.io/subject-countries" + + // Annotation key for subject provinces. + SubjectProvincesAnnotationKey = "cert-manager.io/subject-provinces" + + // Annotation key for subject localities. + SubjectLocalitiesAnnotationKey = "cert-manager.io/subject-localities" + + // Annotation key for subject provinces. + SubjectStreetAddressesAnnotationKey = "cert-manager.io/subject-streetaddresses" + + // Annotation key for subject postal codes. + SubjectPostalCodesAnnotationKey = "cert-manager.io/subject-postalcodes" + + // Annotation key for subject serial number. + SubjectSerialNumberAnnotationKey = "cert-manager.io/subject-serialnumber" + + // Annotation key for certificate key usages. + UsagesAnnotationKey = "cert-manager.io/usages" + + // Annotation key the 'name' of the Issuer resource. + IssuerNameAnnotationKey = "cert-manager.io/issuer-name" + + // Annotation key for the 'kind' of the Issuer resource. + IssuerKindAnnotationKey = "cert-manager.io/issuer-kind" + + // Annotation key for the 'group' of the Issuer resource. + IssuerGroupAnnotationKey = "cert-manager.io/issuer-group" + + // Annotation key for the name of the certificate that a resource is related to. + CertificateNameKey = "cert-manager.io/certificate-name" + + // Annotation key used to denote whether a Secret is named on a Certificate + // as a 'next private key' Secret resource. + IsNextPrivateKeySecretLabelKey = "cert-manager.io/next-private-key" + + // Annotation key used to limit the number of CertificateRequests to be kept for a Certificate. + // Minimum value is 1. + // If unset all CertificateRequests will be kept. + RevisionHistoryLimitAnnotationKey = "cert-manager.io/revision-history-limit" + + // Annotation key used to set the PrivateKeyAlgorithm for a Certificate. + // If PrivateKeyAlgorithm is specified and `size` is not provided, + // key size of 256 will be used for `ECDSA` key algorithm and + // key size of 2048 will be used for `RSA` key algorithm. + // key size is ignored when using the `Ed25519` key algorithm. + // If unset an algorithm `RSA` will be used. + PrivateKeyAlgorithmAnnotationKey = "cert-manager.io/private-key-algorithm" + + // Annotation key used to set the PrivateKeyEncoding for a Certificate. + // If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 + // and PKCS#8, respectively. + // If unset an encoding `PKCS1` will be used. + PrivateKeyEncodingAnnotationKey = "cert-manager.io/private-key-encoding" + + // Annotation key used to set the size of the private key for a Certificate. + // If PrivateKeyAlgorithm is set to `RSA`, valid values are `2048`, `4096` or `8192`, + // and will default to `2048` if not specified. + // If PrivateKeyAlgorithm is set to `ECDSA`, valid values are `256`, `384` or `521`, + // and will default to `256` if not specified. + // If PrivateKeyAlgorithm is set to `Ed25519`, Size is ignored. + // No other values are allowed. + PrivateKeySizeAnnotationKey = "cert-manager.io/private-key-size" + + // Annotation key used to set the PrivateKeyRotationPolicy for a Certificate. + // If unset a policy `Never` will be used. + PrivateKeyRotationPolicyAnnotationKey = "cert-manager.io/private-key-rotation-policy" +) + +const ( + // IngressIssuerNameAnnotationKey holds the issuerNameAnnotation value which can be + // used to override the issuer specified on the created Certificate resource. + IngressIssuerNameAnnotationKey = "cert-manager.io/issuer" + // IngressClusterIssuerNameAnnotationKey holds the clusterIssuerNameAnnotation value which + // can be used to override the issuer specified on the created Certificate resource. The Certificate + // will reference the specified *ClusterIssuer* instead of normal issuer. + IngressClusterIssuerNameAnnotationKey = "cert-manager.io/cluster-issuer" + // IngressACMEIssuerHTTP01IngressClassAnnotationKey holds the acmeIssuerHTTP01IngressClassAnnotation value + // which can be used to override the http01 ingressClass if the challenge type is set to http01 + IngressACMEIssuerHTTP01IngressClassAnnotationKey = "acme.cert-manager.io/http01-ingress-class" + + // IngressClassAnnotationKey picks a specific "class" for the Ingress. The + // controller only processes Ingresses with this annotation either unset, or + // set to either the configured value or the empty string. + IngressClassAnnotationKey = "kubernetes.io/ingress.class" +) + +// Annotation names for CertificateRequests +const ( + // Annotation added to CertificateRequest resources to denote the name of + // a Secret resource containing the private key used to sign the CSR stored + // on the resource. + // This annotation *may* not be present, and is used by the 'self signing' + // issuer type to self-sign certificates. + CertificateRequestPrivateKeyAnnotationKey = "cert-manager.io/private-key-secret-name" + + // Annotation to declare the CertificateRequest "revision", belonging to a Certificate Resource + CertificateRequestRevisionAnnotationKey = "cert-manager.io/certificate-revision" +) + +const ( + // IssueTemporaryCertificateAnnotation is an annotation that can be added to + // Certificate resources. + // If it is present, a temporary internally signed certificate will be + // stored in the target Secret resource whilst the real Issuer is processing + // the certificate request. + IssueTemporaryCertificateAnnotation = "cert-manager.io/issue-temporary-certificate" +) + +// Common/known resource kinds. +const ( + ClusterIssuerKind = "ClusterIssuer" + IssuerKind = "Issuer" + CertificateKind = "Certificate" + CertificateRequestKind = "CertificateRequest" +) + +const ( + // WantInjectAnnotation is the annotation that specifies that a particular + // object wants injection of CAs. It takes the form of a reference to a certificate + // as namespace/name. The certificate is expected to have the is-serving-for annotations. + WantInjectAnnotation = "cert-manager.io/inject-ca-from" + + // WantInjectAPIServerCAAnnotation will - if set to "true" - make the cainjector + // inject the CA certificate for the Kubernetes apiserver into the resource. + // It discovers the apiserver's CA by inspecting the service account credentials + // mounted into the cainjector pod. + WantInjectAPIServerCAAnnotation = "cert-manager.io/inject-apiserver-ca" + + // WantInjectFromSecretAnnotation is the annotation that specifies that a particular + // object wants injection of CAs. It takes the form of a reference to a Secret + // as namespace/name. + WantInjectFromSecretAnnotation = "cert-manager.io/inject-ca-from-secret" + + // AllowsInjectionFromSecretAnnotation is an annotation that must be added + // to Secret resource that want to denote that they can be directly + // injected into injectables that have a `inject-ca-from-secret` annotation. + // If an injectable references a Secret that does NOT have this annotation, + // the cainjector will refuse to inject the secret. + AllowsInjectionFromSecretAnnotation = "cert-manager.io/allow-direct-injection" +) + +// Issuer specific Annotations +const ( + // VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer + // This will only work with Venafi TPP v19.3 and higher + // The value is an array with objects containing the name and value keys + // for example: `[{"name": "custom-field", "value": "custom-value"}]` + VenafiCustomFieldsAnnotationKey = "venafi.cert-manager.io/custom-fields" + + // VenafiPickupIDAnnotationKey is the annotation key used to record the + // Venafi Pickup ID of a certificate signing request that has been submitted + // to the Venafi API for collection later. + VenafiPickupIDAnnotationKey = "venafi.cert-manager.io/pickup-id" +) + +// KeyUsage specifies valid usage contexts for keys. +// See: +// https://tools.ietf.org/html/rfc5280#section-4.2.1.3 +// https://tools.ietf.org/html/rfc5280#section-4.2.1.12 +// +// Valid KeyUsage values are as follows: +// "signing", +// "digital signature", +// "content commitment", +// "key encipherment", +// "key agreement", +// "data encipherment", +// "cert sign", +// "crl sign", +// "encipher only", +// "decipher only", +// "any", +// "server auth", +// "client auth", +// "code signing", +// "email protection", +// "s/mime", +// "ipsec end system", +// "ipsec tunnel", +// "ipsec user", +// "timestamping", +// "ocsp signing", +// "microsoft sgc", +// "netscape sgc" +// +kubebuilder:validation:Enum="signing";"digital signature";"content commitment";"key encipherment";"key agreement";"data encipherment";"cert sign";"crl sign";"encipher only";"decipher only";"any";"server auth";"client auth";"code signing";"email protection";"s/mime";"ipsec end system";"ipsec tunnel";"ipsec user";"timestamping";"ocsp signing";"microsoft sgc";"netscape sgc" +type KeyUsage string + +const ( + UsageSigning KeyUsage = "signing" + UsageDigitalSignature KeyUsage = "digital signature" + UsageContentCommitment KeyUsage = "content commitment" + UsageKeyEncipherment KeyUsage = "key encipherment" + UsageKeyAgreement KeyUsage = "key agreement" + UsageDataEncipherment KeyUsage = "data encipherment" + UsageCertSign KeyUsage = "cert sign" + UsageCRLSign KeyUsage = "crl sign" + UsageEncipherOnly KeyUsage = "encipher only" + UsageDecipherOnly KeyUsage = "decipher only" + UsageAny KeyUsage = "any" + UsageServerAuth KeyUsage = "server auth" + UsageClientAuth KeyUsage = "client auth" + UsageCodeSigning KeyUsage = "code signing" + UsageEmailProtection KeyUsage = "email protection" + UsageSMIME KeyUsage = "s/mime" + UsageIPsecEndSystem KeyUsage = "ipsec end system" + UsageIPsecTunnel KeyUsage = "ipsec tunnel" + UsageIPsecUser KeyUsage = "ipsec user" + UsageTimestamping KeyUsage = "timestamping" + UsageOCSPSigning KeyUsage = "ocsp signing" + UsageMicrosoftSGC KeyUsage = "microsoft sgc" + UsageNetscapeSGC KeyUsage = "netscape sgc" +) + +// Keystore specific secret keys +const ( + // PKCS12SecretKey is the name of the data entry in the Secret resource + // used to store the p12 file. + PKCS12SecretKey = "keystore.p12" + // Data Entry Name in the Secret resource for PKCS12 containing Certificate Authority + PKCS12TruststoreKey = "truststore.p12" + + // JKSSecretKey is the name of the data entry in the Secret resource + // used to store the jks file. + JKSSecretKey = "keystore.jks" + // Data Entry Name in the Secret resource for JKS containing Certificate Authority + JKSTruststoreKey = "truststore.jks" +) + +// DefaultKeyUsages contains the default list of key usages +func DefaultKeyUsages() []KeyUsage { + // The serverAuth EKU is required as of Mac OS Catalina: https://support.apple.com/en-us/HT210176 + // Without this usage, certificates will _always_ flag a warning in newer Mac OS browsers. + // We don't explicitly add it here as it leads to strange behaviour when a user sets isCA: true + // (in which case, 'serverAuth' on the CA can break a lot of clients). + // CAs can (and often do) opt to automatically add usages. + return []KeyUsage{UsageDigitalSignature, UsageKeyEncipherment} +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go new file mode 100644 index 000000000000..64e789443bb0 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go @@ -0,0 +1,598 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// NOTE: Be mindful of adding OpenAPI validation- see https://github.com/cert-manager/cert-manager/issues/3644 + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// A Certificate resource should be created to ensure an up to date and signed +// X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. +// +// The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). +type Certificate struct { + metav1.TypeMeta `json:",inline"` + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Specification of the desired state of the Certificate resource. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + Spec CertificateSpec `json:"spec"` + + // Status of the Certificate. + // This is set and managed automatically. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + Status CertificateStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CertificateList is a list of Certificates. +type CertificateList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + + // List of Certificates + Items []Certificate `json:"items"` +} + +// +kubebuilder:validation:Enum=RSA;ECDSA;Ed25519 +type PrivateKeyAlgorithm string + +const ( + // RSA private key algorithm. + RSAKeyAlgorithm PrivateKeyAlgorithm = "RSA" + + // ECDSA private key algorithm. + ECDSAKeyAlgorithm PrivateKeyAlgorithm = "ECDSA" + + // Ed25519 private key algorithm. + Ed25519KeyAlgorithm PrivateKeyAlgorithm = "Ed25519" +) + +// +kubebuilder:validation:Enum=PKCS1;PKCS8 +type PrivateKeyEncoding string + +const ( + // PKCS1 private key encoding. + // PKCS1 produces a PEM block that contains the private key algorithm + // in the header and the private key in the body. A key that uses this + // can be recognised by its `BEGIN RSA PRIVATE KEY` or `BEGIN EC PRIVATE KEY` header. + // NOTE: This encoding is not supported for Ed25519 keys. Attempting to use + // this encoding with an Ed25519 key will be ignored and default to PKCS8. + PKCS1 PrivateKeyEncoding = "PKCS1" + + // PKCS8 private key encoding. + // PKCS8 produces a PEM block with a static header and both the private + // key algorithm and the private key in the body. A key that uses this + // encoding can be recognised by its `BEGIN PRIVATE KEY` header. + PKCS8 PrivateKeyEncoding = "PKCS8" +) + +// CertificateSpec defines the desired state of Certificate. +// +// NOTE: The specification contains a lot of "requested" certificate attributes, it is +// important to note that the issuer can choose to ignore or change any of +// these requested attributes. How the issuer maps a certificate request to a +// signed certificate is the full responsibility of the issuer itself. For example, +// as an edge case, an issuer that inverts the isCA value is free to do so. +// +// A valid Certificate requires at least one of a CommonName, LiteralSubject, DNSName, or +// URI to be valid. +type CertificateSpec struct { + // Requested set of X509 certificate subject attributes. + // More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + // + // The common name attribute is specified separately in the `commonName` field. + // Cannot be set if the `literalSubject` field is set. + // +optional + Subject *X509Subject `json:"subject,omitempty"` + + // Requested X.509 certificate subject, represented using the LDAP "String + // Representation of a Distinguished Name" [1]. + // Important: the LDAP string format also specifies the order of the attributes + // in the subject, this is important when issuing certs for LDAP authentication. + // Example: `CN=foo,DC=corp,DC=example,DC=com` + // More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 + // More info: https://github.com/cert-manager/cert-manager/issues/3203 + // More info: https://github.com/cert-manager/cert-manager/issues/4424 + // + // Cannot be set if the `subject` or `commonName` field is set. + // This is an Alpha Feature and is only enabled with the + // `--feature-gates=LiteralCertificateSubject=true` option set on both + // the controller and webhook components. + // +optional + LiteralSubject string `json:"literalSubject,omitempty"` + + // Requested common name X509 certificate subject attribute. + // More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + // NOTE: TLS clients will ignore this value when any subject alternative name is + // set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). + // + // Should have a length of 64 characters or fewer to avoid generating invalid CSRs. + // Cannot be set if the `literalSubject` field is set. + // +optional + CommonName string `json:"commonName,omitempty"` + + // Requested 'duration' (i.e. lifetime) of the Certificate. Note that the + // issuer may choose to ignore the requested duration, just like any other + // requested attribute. + // + // If unset, this defaults to 90 days. + // Minimum accepted duration is 1 hour. + // Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + // +optional + Duration *metav1.Duration `json:"duration,omitempty"` + + // How long before the currently issued certificate's expiry cert-manager should + // renew the certificate. For example, if a certificate is valid for 60 minutes, + // and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate + // 50 minutes after it was issued (i.e. when there are 10 minutes remaining until + // the certificate is no longer valid). + // + // NOTE: The actual lifetime of the issued certificate is used to determine the + // renewal time. If an issuer returns a certificate with a different lifetime than + // the one requested, cert-manager will use the lifetime of the issued certificate. + // + // If unset, this defaults to 1/3 of the issued certificate's lifetime. + // Minimum accepted value is 5 minutes. + // Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + // +optional + RenewBefore *metav1.Duration `json:"renewBefore,omitempty"` + + // Requested DNS subject alternative names. + // +optional + DNSNames []string `json:"dnsNames,omitempty"` + + // Requested IP address subject alternative names. + // +optional + IPAddresses []string `json:"ipAddresses,omitempty"` + + // Requested URI subject alternative names. + // +optional + URIs []string `json:"uris,omitempty"` + + // Requested email subject alternative names. + // +optional + EmailAddresses []string `json:"emailAddresses,omitempty"` + + // Name of the Secret resource that will be automatically created and + // managed by this Certificate resource. It will be populated with a + // private key and certificate, signed by the denoted issuer. The Secret + // resource lives in the same namespace as the Certificate resource. + SecretName string `json:"secretName"` + + // Defines annotations and labels to be copied to the Certificate's Secret. + // Labels and annotations on the Secret will be changed as they appear on the + // SecretTemplate when added or removed. SecretTemplate annotations are added + // in conjunction with, and cannot overwrite, the base set of annotations + // cert-manager sets on the Certificate's Secret. + // +optional + SecretTemplate *CertificateSecretTemplate `json:"secretTemplate,omitempty"` + + // Additional keystore output formats to be stored in the Certificate's Secret. + // +optional + Keystores *CertificateKeystores `json:"keystores,omitempty"` + + // Reference to the issuer responsible for issuing the certificate. + // If the issuer is namespace-scoped, it must be in the same namespace + // as the Certificate. If the issuer is cluster-scoped, it can be used + // from any namespace. + // + // The `name` field of the reference must always be specified. + IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + + // Requested basic constraints isCA value. + // The isCA value is used to set the `isCA` field on the created CertificateRequest + // resources. Note that the issuer may choose to ignore the requested isCA value, just + // like any other requested attribute. + // + // If true, this will automatically add the `cert sign` usage to the list + // of requested `usages`. + // +optional + IsCA bool `json:"isCA,omitempty"` + + // Requested key usages and extended key usages. + // These usages are used to set the `usages` field on the created CertificateRequest + // resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages + // will additionally be encoded in the `request` field which contains the CSR blob. + // + // If unset, defaults to `digital signature` and `key encipherment`. + // +optional + Usages []KeyUsage `json:"usages,omitempty"` + + // Private key options. These include the key algorithm and size, the used + // encoding and the rotation policy. + // +optional + PrivateKey *CertificatePrivateKey `json:"privateKey,omitempty"` + + // Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. + // + // This option defaults to true, and should only be disabled if the target + // issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions. + // +optional + EncodeUsagesInRequest *bool `json:"encodeUsagesInRequest,omitempty"` + + // The maximum number of CertificateRequest revisions that are maintained in + // the Certificate's history. Each revision represents a single `CertificateRequest` + // created by this Certificate, either when it was created, renewed, or Spec + // was changed. Revisions will be removed by oldest first if the number of + // revisions exceeds this number. + // + // If set, revisionHistoryLimit must be a value of `1` or greater. + // If unset (`nil`), revisions will not be garbage collected. + // Default value is `nil`. + // +optional + RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty"` + + // Defines extra output formats of the private key and signed certificate chain + // to be written to this Certificate's target Secret. + // + // This is an Alpha Feature and is only enabled with the + // `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both + // the controller and webhook components. + // +optional + AdditionalOutputFormats []CertificateAdditionalOutputFormat `json:"additionalOutputFormats,omitempty"` +} + +// CertificatePrivateKey contains configuration options for private keys +// used by the Certificate controller. +// These include the key algorithm and size, the used encoding and the +// rotation policy. +type CertificatePrivateKey struct { + // RotationPolicy controls how private keys should be regenerated when a + // re-issuance is being processed. + // + // If set to `Never`, a private key will only be generated if one does not + // already exist in the target `spec.secretName`. If one does exists but it + // does not have the correct algorithm or size, a warning will be raised + // to await user intervention. + // If set to `Always`, a private key matching the specified requirements + // will be generated whenever a re-issuance occurs. + // Default is `Never` for backward compatibility. + // +optional + RotationPolicy PrivateKeyRotationPolicy `json:"rotationPolicy,omitempty"` + + // The private key cryptography standards (PKCS) encoding for this + // certificate's private key to be encoded in. + // + // If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 + // and PKCS#8, respectively. + // Defaults to `PKCS1` if not specified. + // +optional + Encoding PrivateKeyEncoding `json:"encoding,omitempty"` + + // Algorithm is the private key algorithm of the corresponding private key + // for this certificate. + // + // If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. + // If `algorithm` is specified and `size` is not provided, + // key size of 2048 will be used for `RSA` key algorithm and + // key size of 256 will be used for `ECDSA` key algorithm. + // key size is ignored when using the `Ed25519` key algorithm. + // +optional + Algorithm PrivateKeyAlgorithm `json:"algorithm,omitempty"` + + // Size is the key bit size of the corresponding private key for this certificate. + // + // If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, + // and will default to `2048` if not specified. + // If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, + // and will default to `256` if not specified. + // If `algorithm` is set to `Ed25519`, Size is ignored. + // No other values are allowed. + // +optional + Size int `json:"size,omitempty"` +} + +// Denotes how private keys should be generated or sourced when a Certificate +// is being issued. +// +kubebuilder:validation:Enum=Never;Always +type PrivateKeyRotationPolicy string + +var ( + // RotationPolicyNever means a private key will only be generated if one + // does not already exist in the target `spec.secretName`. + // If one does exists but it does not have the correct algorithm or size, + // a warning will be raised to await user intervention. + RotationPolicyNever PrivateKeyRotationPolicy = "Never" + + // RotationPolicyAlways means a private key matching the specified + // requirements will be generated whenever a re-issuance occurs. + RotationPolicyAlways PrivateKeyRotationPolicy = "Always" +) + +// CertificateOutputFormatType specifies which additional output formats should +// be written to the Certificate's target Secret. +// Allowed values are `DER` or `CombinedPEM`. +// When Type is set to `DER` an additional entry `key.der` will be written to +// the Secret, containing the binary format of the private key. +// When Type is set to `CombinedPEM` an additional entry `tls-combined.pem` +// will be written to the Secret, containing the PEM formatted private key and +// signed certificate chain (tls.key + tls.crt concatenated). +// +kubebuilder:validation:Enum=DER;CombinedPEM +type CertificateOutputFormatType string + +const ( + // CertificateOutputFormatDERKey is the name of the data entry in the Secret + // resource used to store the DER formatted private key. + CertificateOutputFormatDERKey string = "key.der" + + // CertificateOutputFormatDER writes the Certificate's private key in DER + // binary format to the `key.der` target Secret Data key. + CertificateOutputFormatDER CertificateOutputFormatType = "DER" + + // CertificateOutputFormatCombinedPEMKey is the name of the data entry in the Secret + // resource used to store the combined PEM (key + signed certificate). + CertificateOutputFormatCombinedPEMKey string = "tls-combined.pem" + + // CertificateOutputFormatCombinedPEM writes the Certificate's signed + // certificate chain and private key, in PEM format, to the + // `tls-combined.pem` target Secret Data key. The value at this key will + // include the private key PEM document, followed by at least one new line + // character, followed by the chain of signed certificate PEM documents + // (` + \n + `). + CertificateOutputFormatCombinedPEM CertificateOutputFormatType = "CombinedPEM" +) + +// CertificateAdditionalOutputFormat defines an additional output format of a +// Certificate resource. These contain supplementary data formats of the signed +// certificate chain and paired private key. +type CertificateAdditionalOutputFormat struct { + // Type is the name of the format type that should be written to the + // Certificate's target Secret. + Type CertificateOutputFormatType `json:"type"` +} + +// X509Subject Full X509 name specification +type X509Subject struct { + // Organizations to be used on the Certificate. + // +optional + Organizations []string `json:"organizations,omitempty"` + // Countries to be used on the Certificate. + // +optional + Countries []string `json:"countries,omitempty"` + // Organizational Units to be used on the Certificate. + // +optional + OrganizationalUnits []string `json:"organizationalUnits,omitempty"` + // Cities to be used on the Certificate. + // +optional + Localities []string `json:"localities,omitempty"` + // State/Provinces to be used on the Certificate. + // +optional + Provinces []string `json:"provinces,omitempty"` + // Street addresses to be used on the Certificate. + // +optional + StreetAddresses []string `json:"streetAddresses,omitempty"` + // Postal codes to be used on the Certificate. + // +optional + PostalCodes []string `json:"postalCodes,omitempty"` + // Serial number to be used on the Certificate. + // +optional + SerialNumber string `json:"serialNumber,omitempty"` +} + +// CertificateKeystores configures additional keystore output formats to be +// created in the Certificate's output Secret. +type CertificateKeystores struct { + // JKS configures options for storing a JKS keystore in the + // `spec.secretName` Secret resource. + // +optional + JKS *JKSKeystore `json:"jks,omitempty"` + + // PKCS12 configures options for storing a PKCS12 keystore in the + // `spec.secretName` Secret resource. + // +optional + PKCS12 *PKCS12Keystore `json:"pkcs12,omitempty"` +} + +// JKS configures options for storing a JKS keystore in the `spec.secretName` +// Secret resource. +type JKSKeystore struct { + // Create enables JKS keystore creation for the Certificate. + // If true, a file named `keystore.jks` will be created in the target + // Secret resource, encrypted using the password stored in + // `passwordSecretRef`. + // The keystore file will be updated immediately. + // If the issuer provided a CA certificate, a file named `truststore.jks` + // will also be created in the target Secret resource, encrypted using the + // password stored in `passwordSecretRef` + // containing the issuing Certificate Authority + Create bool `json:"create"` + + // PasswordSecretRef is a reference to a key in a Secret resource + // containing the password used to encrypt the JKS keystore. + PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"` +} + +// PKCS12 configures options for storing a PKCS12 keystore in the +// `spec.secretName` Secret resource. +type PKCS12Keystore struct { + // Create enables PKCS12 keystore creation for the Certificate. + // If true, a file named `keystore.p12` will be created in the target + // Secret resource, encrypted using the password stored in + // `passwordSecretRef`. + // The keystore file will be updated immediately. + // If the issuer provided a CA certificate, a file named `truststore.p12` will + // also be created in the target Secret resource, encrypted using the + // password stored in `passwordSecretRef` containing the issuing Certificate + // Authority + Create bool `json:"create"` + + // PasswordSecretRef is a reference to a key in a Secret resource + // containing the password used to encrypt the PKCS12 keystore. + PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"` +} + +// CertificateStatus defines the observed state of Certificate +type CertificateStatus struct { + // List of status conditions to indicate the status of certificates. + // Known condition types are `Ready` and `Issuing`. + // +listType=map + // +listMapKey=type + // +optional + Conditions []CertificateCondition `json:"conditions,omitempty"` + + // LastFailureTime is set only if the lastest issuance for this + // Certificate failed and contains the time of the failure. If an + // issuance has failed, the delay till the next issuance will be + // calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - + // 1). If the latest issuance has succeeded this field will be unset. + // +optional + LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"` + + // The time after which the certificate stored in the secret named + // by this resource in `spec.secretName` is valid. + // +optional + NotBefore *metav1.Time `json:"notBefore,omitempty"` + + // The expiration time of the certificate stored in the secret named + // by this resource in `spec.secretName`. + // +optional + NotAfter *metav1.Time `json:"notAfter,omitempty"` + + // RenewalTime is the time at which the certificate will be next + // renewed. + // If not set, no upcoming renewal is scheduled. + // +optional + RenewalTime *metav1.Time `json:"renewalTime,omitempty"` + + // The current 'revision' of the certificate as issued. + // + // When a CertificateRequest resource is created, it will have the + // `cert-manager.io/certificate-revision` set to one greater than the + // current value of this field. + // + // Upon issuance, this field will be set to the value of the annotation + // on the CertificateRequest resource used to issue the certificate. + // + // Persisting the value on the CertificateRequest resource allows the + // certificates controller to know whether a request is part of an old + // issuance or if it is part of the ongoing revision's issuance by + // checking if the revision value in the annotation is greater than this + // field. + // +optional + Revision *int `json:"revision,omitempty"` + + // The name of the Secret resource containing the private key to be used + // for the next certificate iteration. + // The keymanager controller will automatically set this field if the + // `Issuing` condition is set to `True`. + // It will automatically unset this field when the Issuing condition is + // not set or False. + // +optional + NextPrivateKeySecretName *string `json:"nextPrivateKeySecretName,omitempty"` + + // The number of continuous failed issuance attempts up till now. This + // field gets removed (if set) on a successful issuance and gets set to + // 1 if unset and an issuance has failed. If an issuance has failed, the + // delay till the next issuance will be calculated using formula + // time.Hour * 2 ^ (failedIssuanceAttempts - 1). + // +optional + FailedIssuanceAttempts *int `json:"failedIssuanceAttempts,omitempty"` +} + +// CertificateCondition contains condition information for an Certificate. +type CertificateCondition struct { + // Type of the condition, known values are (`Ready`, `Issuing`). + Type CertificateConditionType `json:"type"` + + // Status of the condition, one of (`True`, `False`, `Unknown`). + Status cmmeta.ConditionStatus `json:"status"` + + // LastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + // +optional + LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` + + // Reason is a brief machine readable explanation for the condition's last + // transition. + // +optional + Reason string `json:"reason,omitempty"` + + // Message is a human readable description of the details of the last + // transition, complementing reason. + // +optional + Message string `json:"message,omitempty"` + + // If set, this represents the .metadata.generation that the condition was + // set based upon. + // For instance, if .metadata.generation is currently 12, but the + // .status.condition[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the Certificate. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` +} + +// CertificateConditionType represents an Certificate condition value. +type CertificateConditionType string + +const ( + // CertificateConditionReady indicates that a certificate is ready for use. + // This is defined as: + // - The target secret exists + // - The target secret contains a certificate that has not expired + // - The target secret contains a private key valid for the certificate + // - The commonName and dnsNames attributes match those specified on the Certificate + CertificateConditionReady CertificateConditionType = "Ready" + + // A condition added to Certificate resources when an issuance is required. + // This condition will be automatically added and set to true if: + // * No keypair data exists in the target Secret + // * The data stored in the Secret cannot be decoded + // * The private key and certificate do not have matching public keys + // * If a CertificateRequest for the current revision exists and the + // certificate data stored in the Secret does not match the + // `status.certificate` on the CertificateRequest. + // * If no CertificateRequest resource exists for the current revision, + // the options on the Certificate resource are compared against the + // X.509 data in the Secret, similar to what's done in earlier versions. + // If there is a mismatch, an issuance is triggered. + // This condition may also be added by external API consumers to trigger + // a re-issuance manually for any other reason. + // + // It will be removed by the 'issuing' controller upon completing issuance. + CertificateConditionIssuing CertificateConditionType = "Issuing" +) + +// CertificateSecretTemplate defines the default labels and annotations +// to be copied to the Kubernetes Secret resource named in `CertificateSpec.secretName`. +type CertificateSecretTemplate struct { + // Annotations is a key value map to be copied to the target Kubernetes Secret. + // +optional + Annotations map[string]string `json:"annotations,omitempty"` + + // Labels is a key value map to be copied to the target Kubernetes Secret. + // +optional + Labels map[string]string `json:"labels,omitempty"` +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go new file mode 100644 index 000000000000..59797c76c754 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go @@ -0,0 +1,249 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +const ( + // Pending indicates that a CertificateRequest is still in progress. + CertificateRequestReasonPending = "Pending" + + // Failed indicates that a CertificateRequest has failed permanently, + // either due to timing out or some other critical failure. + // The `status.failureTime` field should be set in this case. + CertificateRequestReasonFailed = "Failed" + + // Issued indicates that a CertificateRequest has been completed, and that + // the `status.certificate` field is set. + CertificateRequestReasonIssued = "Issued" + + // Denied is a Ready condition reason that indicates that a + // CertificateRequest has been denied, and the CertificateRequest will never + // be issued. + // The `status.failureTime` field should be set in this case. + CertificateRequestReasonDenied = "Denied" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// A CertificateRequest is used to request a signed certificate from one of the +// configured issuers. +// +// All fields within the CertificateRequest's `spec` are immutable after creation. +// A CertificateRequest will either succeed or fail, as denoted by its `Ready` status +// condition and its `status.failureTime` field. +// +// A CertificateRequest is a one-shot resource, meaning it represents a single +// point in time request for a certificate and cannot be re-used. +// +k8s:openapi-gen=true +type CertificateRequest struct { + metav1.TypeMeta `json:",inline"` + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Specification of the desired state of the CertificateRequest resource. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + Spec CertificateRequestSpec `json:"spec"` + + // Status of the CertificateRequest. + // This is set and managed automatically. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + Status CertificateRequestStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CertificateRequestList is a list of CertificateRequests. +type CertificateRequestList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + + // List of CertificateRequests + Items []CertificateRequest `json:"items"` +} + +// CertificateRequestSpec defines the desired state of CertificateRequest +// +// NOTE: It is important to note that the issuer can choose to ignore or change +// any of the requested attributes. How the issuer maps a certificate request +// to a signed certificate is the full responsibility of the issuer itself. +// For example, as an edge case, an issuer that inverts the isCA value is +// free to do so. +type CertificateRequestSpec struct { + // Requested 'duration' (i.e. lifetime) of the Certificate. Note that the + // issuer may choose to ignore the requested duration, just like any other + // requested attribute. + // +optional + Duration *metav1.Duration `json:"duration,omitempty"` + + // Reference to the issuer responsible for issuing the certificate. + // If the issuer is namespace-scoped, it must be in the same namespace + // as the Certificate. If the issuer is cluster-scoped, it can be used + // from any namespace. + // + // The `name` field of the reference must always be specified. + IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + + // The PEM-encoded X.509 certificate signing request to be submitted to the + // issuer for signing. + // + // If the CSR has a BasicConstraints extension, its isCA attribute must + // match the `isCA` value of this CertificateRequest. + // If the CSR has a KeyUsage extension, its key usages must match the + // key usages in the `usages` field of this CertificateRequest. + // If the CSR has a ExtKeyUsage extension, its extended key usages + // must match the extended key usages in the `usages` field of this + // CertificateRequest. + Request []byte `json:"request"` + + // Requested basic constraints isCA value. Note that the issuer may choose + // to ignore the requested isCA value, just like any other requested attribute. + // + // NOTE: If the CSR in the `Request` field has a BasicConstraints extension, + // it must have the same isCA value as specified here. + // + // If true, this will automatically add the `cert sign` usage to the list + // of requested `usages`. + // +optional + IsCA bool `json:"isCA,omitempty"` + + // Requested key usages and extended key usages. + // + // NOTE: If the CSR in the `Request` field has uses the KeyUsage or + // ExtKeyUsage extension, these extensions must have the same values + // as specified here without any additional values. + // + // If unset, defaults to `digital signature` and `key encipherment`. + // +optional + Usages []KeyUsage `json:"usages,omitempty"` + + // Username contains the name of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + // +optional + Username string `json:"username,omitempty"` + // UID contains the uid of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + // +optional + UID string `json:"uid,omitempty"` + // Groups contains group membership of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + // +listType=atomic + // +optional + Groups []string `json:"groups,omitempty"` + // Extra contains extra attributes of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + // +optional + Extra map[string][]string `json:"extra,omitempty"` +} + +// CertificateRequestStatus defines the observed state of CertificateRequest and +// resulting signed certificate. +type CertificateRequestStatus struct { + // List of status conditions to indicate the status of a CertificateRequest. + // Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. + // +listType=map + // +listMapKey=type + // +optional + Conditions []CertificateRequestCondition `json:"conditions,omitempty"` + + // The PEM encoded X.509 certificate resulting from the certificate + // signing request. + // If not set, the CertificateRequest has either not been completed or has + // failed. More information on failure can be found by checking the + // `conditions` field. + // +optional + Certificate []byte `json:"certificate,omitempty"` + + // The PEM encoded X.509 certificate of the signer, also known as the CA + // (Certificate Authority). + // This is set on a best-effort basis by different issuers. + // If not set, the CA is assumed to be unknown/not available. + // +optional + CA []byte `json:"ca,omitempty"` + + // FailureTime stores the time that this CertificateRequest failed. This is + // used to influence garbage collection and back-off. + // +optional + FailureTime *metav1.Time `json:"failureTime,omitempty"` +} + +// CertificateRequestCondition contains condition information for a CertificateRequest. +type CertificateRequestCondition struct { + // Type of the condition, known values are (`Ready`, `InvalidRequest`, + // `Approved`, `Denied`). + Type CertificateRequestConditionType `json:"type"` + + // Status of the condition, one of (`True`, `False`, `Unknown`). + Status cmmeta.ConditionStatus `json:"status"` + + // LastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + // +optional + LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` + + // Reason is a brief machine readable explanation for the condition's last + // transition. + // +optional + Reason string `json:"reason,omitempty"` + + // Message is a human readable description of the details of the last + // transition, complementing reason. + // +optional + Message string `json:"message,omitempty"` +} + +// CertificateRequestConditionType represents an Certificate condition value. +type CertificateRequestConditionType string + +const ( + // CertificateRequestConditionReady indicates that a certificate is ready for use. + // This is defined as: + // - The target certificate exists in CertificateRequest.Status + CertificateRequestConditionReady CertificateRequestConditionType = "Ready" + + // CertificateRequestConditionInvalidRequest indicates that a certificate + // signer has refused to sign the request due to at least one of the input + // parameters being invalid. Additional information about why the request + // was rejected can be found in the `reason` and `message` fields. + CertificateRequestConditionInvalidRequest CertificateRequestConditionType = "InvalidRequest" + + // CertificateRequestConditionApproved indicates that a certificate request + // is approved and ready for signing. Condition must never have a status of + // `False`, and cannot be modified once set. Cannot be set alongside + // `Denied`. + CertificateRequestConditionApproved CertificateRequestConditionType = "Approved" + + // CertificateRequestConditionDenied indicates that a certificate request is + // denied, and must never be signed. Condition must never have a status of + // `False`, and cannot be modified once set. Cannot be set alongside + // `Approved`. + CertificateRequestConditionDenied CertificateRequestConditionType = "Denied" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go new file mode 100644 index 000000000000..c901d9e7a409 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go @@ -0,0 +1,376 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// A ClusterIssuer represents a certificate issuing authority which can be +// referenced as part of `issuerRef` fields. +// It is similar to an Issuer, however it is cluster-scoped and therefore can +// be referenced by resources that exist in *any* namespace, not just the same +// namespace as the referent. +type ClusterIssuer struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Desired state of the ClusterIssuer resource. + Spec IssuerSpec `json:"spec"` + + // Status of the ClusterIssuer. This is set and managed automatically. + // +optional + Status IssuerStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterIssuerList is a list of Issuers +type ClusterIssuerList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ClusterIssuer `json:"items"` +} + +// +genclient +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// An Issuer represents a certificate issuing authority which can be +// referenced as part of `issuerRef` fields. +// It is scoped to a single namespace and can therefore only be referenced by +// resources within the same namespace. +type Issuer struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Desired state of the Issuer resource. + Spec IssuerSpec `json:"spec"` + + // Status of the Issuer. This is set and managed automatically. + // +optional + Status IssuerStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// IssuerList is a list of Issuers +type IssuerList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []Issuer `json:"items"` +} + +// IssuerSpec is the specification of an Issuer. This includes any +// configuration required for the issuer. +type IssuerSpec struct { + IssuerConfig `json:",inline"` +} + +// The configuration for the issuer. +// Only one of these can be set. +type IssuerConfig struct { + // ACME configures this issuer to communicate with a RFC8555 (ACME) server + // to obtain signed x509 certificates. + // +optional + ACME *cmacme.ACMEIssuer `json:"acme,omitempty"` + + // CA configures this issuer to sign certificates using a signing CA keypair + // stored in a Secret resource. + // This is used to build internal PKIs that are managed by cert-manager. + // +optional + CA *CAIssuer `json:"ca,omitempty"` + + // Vault configures this issuer to sign certificates using a HashiCorp Vault + // PKI backend. + // +optional + Vault *VaultIssuer `json:"vault,omitempty"` + + // SelfSigned configures this issuer to 'self sign' certificates using the + // private key used to create the CertificateRequest object. + // +optional + SelfSigned *SelfSignedIssuer `json:"selfSigned,omitempty"` + + // Venafi configures this issuer to sign certificates using a Venafi TPP + // or Venafi Cloud policy zone. + // +optional + Venafi *VenafiIssuer `json:"venafi,omitempty"` +} + +// Configures an issuer to sign certificates using a Venafi TPP +// or Cloud policy zone. +type VenafiIssuer struct { + // Zone is the Venafi Policy Zone to use for this issuer. + // All requests made to the Venafi platform will be restricted by the named + // zone policy. + // This field is required. + Zone string `json:"zone"` + + // TPP specifies Trust Protection Platform configuration settings. + // Only one of TPP or Cloud may be specified. + // +optional + TPP *VenafiTPP `json:"tpp,omitempty"` + + // Cloud specifies the Venafi cloud configuration settings. + // Only one of TPP or Cloud may be specified. + // +optional + Cloud *VenafiCloud `json:"cloud,omitempty"` +} + +// VenafiTPP defines connection configuration details for a Venafi TPP instance +type VenafiTPP struct { + // URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, + // for example: "https://tpp.example.com/vedsdk". + URL string `json:"url"` + + // CredentialsRef is a reference to a Secret containing the username and + // password for the TPP server. + // The secret must contain two keys, 'username' and 'password'. + CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"` + + // Base64-encoded bundle of PEM CAs which will be used to validate the certificate + // chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. + // If undefined, the certificate bundle in the cert-manager controller container + // is used to validate the chain. + // +optional + CABundle []byte `json:"caBundle,omitempty"` +} + +// VenafiCloud defines connection configuration details for Venafi Cloud +type VenafiCloud struct { + // URL is the base URL for Venafi Cloud. + // Defaults to "https://api.venafi.cloud/v1". + // +optional + URL string `json:"url,omitempty"` + + // APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + APITokenSecretRef cmmeta.SecretKeySelector `json:"apiTokenSecretRef"` +} + +// Configures an issuer to 'self sign' certificates using the +// private key used to create the CertificateRequest object. +type SelfSignedIssuer struct { + // The CRL distribution points is an X.509 v3 certificate extension which identifies + // the location of the CRL from which the revocation of this certificate can be checked. + // If not set certificate will be issued without CDP. Values are strings. + // +optional + CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"` +} + +// Configures an issuer to sign certificates using a HashiCorp Vault +// PKI backend. +type VaultIssuer struct { + // Auth configures how cert-manager authenticates with the Vault server. + Auth VaultAuth `json:"auth"` + + // Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + Server string `json:"server"` + + // Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: + // "my_pki_mount/sign/my-role-name". + Path string `json:"path"` + + // Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" + // More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + // +optional + Namespace string `json:"namespace,omitempty"` + + // Base64-encoded bundle of PEM CAs which will be used to validate the certificate + // chain presented by Vault. Only used if using HTTPS to connect to Vault and + // ignored for HTTP connections. + // Mutually exclusive with CABundleSecretRef. + // If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + // the cert-manager controller container is used to validate the TLS connection. + // +optional + CABundle []byte `json:"caBundle,omitempty"` + + // Reference to a Secret containing a bundle of PEM-encoded CAs to use when + // verifying the certificate chain presented by Vault when using HTTPS. + // Mutually exclusive with CABundle. + // If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + // the cert-manager controller container is used to validate the TLS connection. + // If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + // +optional + CABundleSecretRef *cmmeta.SecretKeySelector `json:"caBundleSecretRef,omitempty"` +} + +// VaultAuth is configuration used to authenticate with a Vault server. The +// order of precedence is [`tokenSecretRef`, `appRole` or `kubernetes`]. +type VaultAuth struct { + // TokenSecretRef authenticates with Vault by presenting a token. + // +optional + TokenSecretRef *cmmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"` + + // AppRole authenticates with Vault using the App Role auth mechanism, + // with the role and secret stored in a Kubernetes Secret resource. + // +optional + AppRole *VaultAppRole `json:"appRole,omitempty"` + + // Kubernetes authenticates with Vault by passing the ServiceAccount + // token stored in the named Secret resource to the Vault server. + // +optional + Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"` +} + +// VaultAppRole authenticates with Vault using the App Role auth mechanism, +// with the role and secret stored in a Kubernetes Secret resource. +type VaultAppRole struct { + // Path where the App Role authentication backend is mounted in Vault, e.g: + // "approle" + Path string `json:"path"` + + // RoleID configured in the App Role authentication backend when setting + // up the authentication backend in Vault. + RoleId string `json:"roleId"` + + // Reference to a key in a Secret that contains the App Role secret used + // to authenticate with Vault. + // The `key` field must be specified and denotes which entry within the Secret + // resource is used as the app role secret. + SecretRef cmmeta.SecretKeySelector `json:"secretRef"` +} + +// Authenticate against Vault using a Kubernetes ServiceAccount token stored in +// a Secret. +type VaultKubernetesAuth struct { + // The Vault mountPath here is the mount path to use when authenticating with + // Vault. For example, setting a value to `/v1/auth/foo`, will use the path + // `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the + // default value "/v1/auth/kubernetes" will be used. + // +optional + Path string `json:"mountPath,omitempty"` + + // The required Secret field containing a Kubernetes ServiceAccount JWT used + // for authenticating with Vault. Use of 'ambient credentials' is not + // supported. + // +optional + SecretRef cmmeta.SecretKeySelector `json:"secretRef,omitempty"` + // Note: we don't use a pointer here for backwards compatibility. + + // A reference to a service account that will be used to request a bound + // token (also known as "projected token"). Compared to using "secretRef", + // using this field means that you don't rely on statically bound tokens. To + // use this field, you must configure an RBAC rule to let cert-manager + // request a token. + // +optional + ServiceAccountRef *ServiceAccountRef `json:"serviceAccountRef,omitempty"` + + // A required field containing the Vault Role to assume. A Role binds a + // Kubernetes ServiceAccount with a set of Vault policies. + Role string `json:"role"` +} + +// ServiceAccountRef is a service account used by cert-manager to request a +// token. The audience cannot be configured. The audience is generated by +// cert-manager and takes the form `vault://namespace-name/issuer-name` for an +// Issuer and `vault://issuer-name` for a ClusterIssuer. The expiration of the +// token is also set by cert-manager to 10 minutes. +type ServiceAccountRef struct { + // Name of the ServiceAccount used to request a token. + Name string `json:"name"` +} + +type CAIssuer struct { + // SecretName is the name of the secret used to sign Certificates issued + // by this Issuer. + SecretName string `json:"secretName"` + + // The CRL distribution points is an X.509 v3 certificate extension which identifies + // the location of the CRL from which the revocation of this certificate can be checked. + // If not set, certificates will be issued without distribution points set. + // +optional + CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"` + + // The OCSP server list is an X.509 v3 extension that defines a list of + // URLs of OCSP responders. The OCSP responders can be queried for the + // revocation status of an issued certificate. If not set, the + // certificate will be issued with no OCSP servers set. For example, an + // OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + // +optional + OCSPServers []string `json:"ocspServers,omitempty"` +} + +// IssuerStatus contains status information about an Issuer +type IssuerStatus struct { + // List of status conditions to indicate the status of a CertificateRequest. + // Known condition types are `Ready`. + // +listType=map + // +listMapKey=type + // +optional + Conditions []IssuerCondition `json:"conditions,omitempty"` + + // ACME specific status options. + // This field should only be set if the Issuer is configured to use an ACME + // server to issue certificates. + // +optional + ACME *cmacme.ACMEIssuerStatus `json:"acme,omitempty"` +} + +// IssuerCondition contains condition information for an Issuer. +type IssuerCondition struct { + // Type of the condition, known values are (`Ready`). + Type IssuerConditionType `json:"type"` + + // Status of the condition, one of (`True`, `False`, `Unknown`). + Status cmmeta.ConditionStatus `json:"status"` + + // LastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + // +optional + LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` + + // Reason is a brief machine readable explanation for the condition's last + // transition. + // +optional + Reason string `json:"reason,omitempty"` + + // Message is a human readable description of the details of the last + // transition, complementing reason. + // +optional + Message string `json:"message,omitempty"` + + // If set, this represents the .metadata.generation that the condition was + // set based upon. + // For instance, if .metadata.generation is currently 12, but the + // .status.condition[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the Issuer. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` +} + +// IssuerConditionType represents an Issuer condition value. +type IssuerConditionType string + +const ( + // IssuerConditionReady represents the fact that a given Issuer condition + // is in ready state and able to issue certificates. + // If the `status` of this condition is `False`, CertificateRequest controllers + // should prevent attempts to sign certificates. + IssuerConditionReady IssuerConditionType = "Ready" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go new file mode 100644 index 000000000000..8ba5ea3aaf6c --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go @@ -0,0 +1,1047 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + apismetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CAIssuer) DeepCopyInto(out *CAIssuer) { + *out = *in + if in.CRLDistributionPoints != nil { + in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.OCSPServers != nil { + in, out := &in.OCSPServers, &out.OCSPServers + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAIssuer. +func (in *CAIssuer) DeepCopy() *CAIssuer { + if in == nil { + return nil + } + out := new(CAIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Certificate) DeepCopyInto(out *Certificate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate. +func (in *Certificate) DeepCopy() *Certificate { + if in == nil { + return nil + } + out := new(Certificate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Certificate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateAdditionalOutputFormat) DeepCopyInto(out *CertificateAdditionalOutputFormat) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAdditionalOutputFormat. +func (in *CertificateAdditionalOutputFormat) DeepCopy() *CertificateAdditionalOutputFormat { + if in == nil { + return nil + } + out := new(CertificateAdditionalOutputFormat) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition) { + *out = *in + if in.LastTransitionTime != nil { + in, out := &in.LastTransitionTime, &out.LastTransitionTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition. +func (in *CertificateCondition) DeepCopy() *CertificateCondition { + if in == nil { + return nil + } + out := new(CertificateCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateKeystores) DeepCopyInto(out *CertificateKeystores) { + *out = *in + if in.JKS != nil { + in, out := &in.JKS, &out.JKS + *out = new(JKSKeystore) + **out = **in + } + if in.PKCS12 != nil { + in, out := &in.PKCS12, &out.PKCS12 + *out = new(PKCS12Keystore) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateKeystores. +func (in *CertificateKeystores) DeepCopy() *CertificateKeystores { + if in == nil { + return nil + } + out := new(CertificateKeystores) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateList) DeepCopyInto(out *CertificateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Certificate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList. +func (in *CertificateList) DeepCopy() *CertificateList { + if in == nil { + return nil + } + out := new(CertificateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CertificateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificatePrivateKey) DeepCopyInto(out *CertificatePrivateKey) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificatePrivateKey. +func (in *CertificatePrivateKey) DeepCopy() *CertificatePrivateKey { + if in == nil { + return nil + } + out := new(CertificatePrivateKey) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequest. +func (in *CertificateRequest) DeepCopy() *CertificateRequest { + if in == nil { + return nil + } + out := new(CertificateRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CertificateRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequestCondition) DeepCopyInto(out *CertificateRequestCondition) { + *out = *in + if in.LastTransitionTime != nil { + in, out := &in.LastTransitionTime, &out.LastTransitionTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestCondition. +func (in *CertificateRequestCondition) DeepCopy() *CertificateRequestCondition { + if in == nil { + return nil + } + out := new(CertificateRequestCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CertificateRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestList. +func (in *CertificateRequestList) DeepCopy() *CertificateRequestList { + if in == nil { + return nil + } + out := new(CertificateRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CertificateRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec) { + *out = *in + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(metav1.Duration) + **out = **in + } + out.IssuerRef = in.IssuerRef + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.Usages != nil { + in, out := &in.Usages, &out.Usages + *out = make([]KeyUsage, len(*in)) + copy(*out, *in) + } + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string][]string, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make([]string, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestSpec. +func (in *CertificateRequestSpec) DeepCopy() *CertificateRequestSpec { + if in == nil { + return nil + } + out := new(CertificateRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]CertificateRequestCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Certificate != nil { + in, out := &in.Certificate, &out.Certificate + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.CA != nil { + in, out := &in.CA, &out.CA + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.FailureTime != nil { + in, out := &in.FailureTime, &out.FailureTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestStatus. +func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus { + if in == nil { + return nil + } + out := new(CertificateRequestStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateSecretTemplate) DeepCopyInto(out *CertificateSecretTemplate) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSecretTemplate. +func (in *CertificateSecretTemplate) DeepCopy() *CertificateSecretTemplate { + if in == nil { + return nil + } + out := new(CertificateSecretTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) { + *out = *in + if in.Subject != nil { + in, out := &in.Subject, &out.Subject + *out = new(X509Subject) + (*in).DeepCopyInto(*out) + } + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(metav1.Duration) + **out = **in + } + if in.RenewBefore != nil { + in, out := &in.RenewBefore, &out.RenewBefore + *out = new(metav1.Duration) + **out = **in + } + if in.DNSNames != nil { + in, out := &in.DNSNames, &out.DNSNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IPAddresses != nil { + in, out := &in.IPAddresses, &out.IPAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.URIs != nil { + in, out := &in.URIs, &out.URIs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.EmailAddresses != nil { + in, out := &in.EmailAddresses, &out.EmailAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.SecretTemplate != nil { + in, out := &in.SecretTemplate, &out.SecretTemplate + *out = new(CertificateSecretTemplate) + (*in).DeepCopyInto(*out) + } + if in.Keystores != nil { + in, out := &in.Keystores, &out.Keystores + *out = new(CertificateKeystores) + (*in).DeepCopyInto(*out) + } + out.IssuerRef = in.IssuerRef + if in.Usages != nil { + in, out := &in.Usages, &out.Usages + *out = make([]KeyUsage, len(*in)) + copy(*out, *in) + } + if in.PrivateKey != nil { + in, out := &in.PrivateKey, &out.PrivateKey + *out = new(CertificatePrivateKey) + **out = **in + } + if in.EncodeUsagesInRequest != nil { + in, out := &in.EncodeUsagesInRequest, &out.EncodeUsagesInRequest + *out = new(bool) + **out = **in + } + if in.RevisionHistoryLimit != nil { + in, out := &in.RevisionHistoryLimit, &out.RevisionHistoryLimit + *out = new(int32) + **out = **in + } + if in.AdditionalOutputFormats != nil { + in, out := &in.AdditionalOutputFormats, &out.AdditionalOutputFormats + *out = make([]CertificateAdditionalOutputFormat, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec. +func (in *CertificateSpec) DeepCopy() *CertificateSpec { + if in == nil { + return nil + } + out := new(CertificateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]CertificateCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LastFailureTime != nil { + in, out := &in.LastFailureTime, &out.LastFailureTime + *out = (*in).DeepCopy() + } + if in.NotBefore != nil { + in, out := &in.NotBefore, &out.NotBefore + *out = (*in).DeepCopy() + } + if in.NotAfter != nil { + in, out := &in.NotAfter, &out.NotAfter + *out = (*in).DeepCopy() + } + if in.RenewalTime != nil { + in, out := &in.RenewalTime, &out.RenewalTime + *out = (*in).DeepCopy() + } + if in.Revision != nil { + in, out := &in.Revision, &out.Revision + *out = new(int) + **out = **in + } + if in.NextPrivateKeySecretName != nil { + in, out := &in.NextPrivateKeySecretName, &out.NextPrivateKeySecretName + *out = new(string) + **out = **in + } + if in.FailedIssuanceAttempts != nil { + in, out := &in.FailedIssuanceAttempts, &out.FailedIssuanceAttempts + *out = new(int) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus. +func (in *CertificateStatus) DeepCopy() *CertificateStatus { + if in == nil { + return nil + } + out := new(CertificateStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterIssuer) DeepCopyInto(out *ClusterIssuer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuer. +func (in *ClusterIssuer) DeepCopy() *ClusterIssuer { + if in == nil { + return nil + } + out := new(ClusterIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterIssuer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterIssuerList) DeepCopyInto(out *ClusterIssuerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterIssuer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuerList. +func (in *ClusterIssuerList) DeepCopy() *ClusterIssuerList { + if in == nil { + return nil + } + out := new(ClusterIssuerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterIssuerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Issuer) DeepCopyInto(out *Issuer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer. +func (in *Issuer) DeepCopy() *Issuer { + if in == nil { + return nil + } + out := new(Issuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Issuer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerCondition) DeepCopyInto(out *IssuerCondition) { + *out = *in + if in.LastTransitionTime != nil { + in, out := &in.LastTransitionTime, &out.LastTransitionTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerCondition. +func (in *IssuerCondition) DeepCopy() *IssuerCondition { + if in == nil { + return nil + } + out := new(IssuerCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig) { + *out = *in + if in.ACME != nil { + in, out := &in.ACME, &out.ACME + *out = new(acmev1.ACMEIssuer) + (*in).DeepCopyInto(*out) + } + if in.CA != nil { + in, out := &in.CA, &out.CA + *out = new(CAIssuer) + (*in).DeepCopyInto(*out) + } + if in.Vault != nil { + in, out := &in.Vault, &out.Vault + *out = new(VaultIssuer) + (*in).DeepCopyInto(*out) + } + if in.SelfSigned != nil { + in, out := &in.SelfSigned, &out.SelfSigned + *out = new(SelfSignedIssuer) + (*in).DeepCopyInto(*out) + } + if in.Venafi != nil { + in, out := &in.Venafi, &out.Venafi + *out = new(VenafiIssuer) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerConfig. +func (in *IssuerConfig) DeepCopy() *IssuerConfig { + if in == nil { + return nil + } + out := new(IssuerConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerList) DeepCopyInto(out *IssuerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Issuer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerList. +func (in *IssuerList) DeepCopy() *IssuerList { + if in == nil { + return nil + } + out := new(IssuerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IssuerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerSpec) DeepCopyInto(out *IssuerSpec) { + *out = *in + in.IssuerConfig.DeepCopyInto(&out.IssuerConfig) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerSpec. +func (in *IssuerSpec) DeepCopy() *IssuerSpec { + if in == nil { + return nil + } + out := new(IssuerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerStatus) DeepCopyInto(out *IssuerStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]IssuerCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ACME != nil { + in, out := &in.ACME, &out.ACME + *out = new(acmev1.ACMEIssuerStatus) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerStatus. +func (in *IssuerStatus) DeepCopy() *IssuerStatus { + if in == nil { + return nil + } + out := new(IssuerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *JKSKeystore) DeepCopyInto(out *JKSKeystore) { + *out = *in + out.PasswordSecretRef = in.PasswordSecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JKSKeystore. +func (in *JKSKeystore) DeepCopy() *JKSKeystore { + if in == nil { + return nil + } + out := new(JKSKeystore) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKCS12Keystore) DeepCopyInto(out *PKCS12Keystore) { + *out = *in + out.PasswordSecretRef = in.PasswordSecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKCS12Keystore. +func (in *PKCS12Keystore) DeepCopy() *PKCS12Keystore { + if in == nil { + return nil + } + out := new(PKCS12Keystore) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SelfSignedIssuer) DeepCopyInto(out *SelfSignedIssuer) { + *out = *in + if in.CRLDistributionPoints != nil { + in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSignedIssuer. +func (in *SelfSignedIssuer) DeepCopy() *SelfSignedIssuer { + if in == nil { + return nil + } + out := new(SelfSignedIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountRef. +func (in *ServiceAccountRef) DeepCopy() *ServiceAccountRef { + if in == nil { + return nil + } + out := new(ServiceAccountRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole) { + *out = *in + out.SecretRef = in.SecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole. +func (in *VaultAppRole) DeepCopy() *VaultAppRole { + if in == nil { + return nil + } + out := new(VaultAppRole) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultAuth) DeepCopyInto(out *VaultAuth) { + *out = *in + if in.TokenSecretRef != nil { + in, out := &in.TokenSecretRef, &out.TokenSecretRef + *out = new(apismetav1.SecretKeySelector) + **out = **in + } + if in.AppRole != nil { + in, out := &in.AppRole, &out.AppRole + *out = new(VaultAppRole) + **out = **in + } + if in.Kubernetes != nil { + in, out := &in.Kubernetes, &out.Kubernetes + *out = new(VaultKubernetesAuth) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth. +func (in *VaultAuth) DeepCopy() *VaultAuth { + if in == nil { + return nil + } + out := new(VaultAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultIssuer) DeepCopyInto(out *VaultIssuer) { + *out = *in + in.Auth.DeepCopyInto(&out.Auth) + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.CABundleSecretRef != nil { + in, out := &in.CABundleSecretRef, &out.CABundleSecretRef + *out = new(apismetav1.SecretKeySelector) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIssuer. +func (in *VaultIssuer) DeepCopy() *VaultIssuer { + if in == nil { + return nil + } + out := new(VaultIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth) { + *out = *in + out.SecretRef = in.SecretRef + if in.ServiceAccountRef != nil { + in, out := &in.ServiceAccountRef, &out.ServiceAccountRef + *out = new(ServiceAccountRef) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth. +func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth { + if in == nil { + return nil + } + out := new(VaultKubernetesAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VenafiCloud) DeepCopyInto(out *VenafiCloud) { + *out = *in + out.APITokenSecretRef = in.APITokenSecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiCloud. +func (in *VenafiCloud) DeepCopy() *VenafiCloud { + if in == nil { + return nil + } + out := new(VenafiCloud) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VenafiIssuer) DeepCopyInto(out *VenafiIssuer) { + *out = *in + if in.TPP != nil { + in, out := &in.TPP, &out.TPP + *out = new(VenafiTPP) + (*in).DeepCopyInto(*out) + } + if in.Cloud != nil { + in, out := &in.Cloud, &out.Cloud + *out = new(VenafiCloud) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiIssuer. +func (in *VenafiIssuer) DeepCopy() *VenafiIssuer { + if in == nil { + return nil + } + out := new(VenafiIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VenafiTPP) DeepCopyInto(out *VenafiTPP) { + *out = *in + out.CredentialsRef = in.CredentialsRef + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiTPP. +func (in *VenafiTPP) DeepCopy() *VenafiTPP { + if in == nil { + return nil + } + out := new(VenafiTPP) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *X509Subject) DeepCopyInto(out *X509Subject) { + *out = *in + if in.Organizations != nil { + in, out := &in.Organizations, &out.Organizations + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Countries != nil { + in, out := &in.Countries, &out.Countries + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.OrganizationalUnits != nil { + in, out := &in.OrganizationalUnits, &out.OrganizationalUnits + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Localities != nil { + in, out := &in.Localities, &out.Localities + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Provinces != nil { + in, out := &in.Provinces, &out.Provinces + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.StreetAddresses != nil { + in, out := &in.StreetAddresses, &out.StreetAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.PostalCodes != nil { + in, out := &in.PostalCodes, &out.PostalCodes + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509Subject. +func (in *X509Subject) DeepCopy() *X509Subject { + if in == nil { + return nil + } + out := new(X509Subject) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go new file mode 100644 index 000000000000..f391663af4e1 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +groupName=meta.cert-manager.io + +// Package meta contains meta types for cert-manager APIs +package meta + +const GroupName = "meta.cert-manager.io" diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go new file mode 100644 index 000000000000..9a673685d6ea --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1 contains meta types for cert-manager APIs +// +k8s:deepcopy-gen=package +// +gencrdrefdocs:force +// +groupName=meta.cert-manager.io +package v1 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/register.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/register.go new file mode 100644 index 000000000000..d3c19886e409 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/register.go @@ -0,0 +1,51 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta" +) + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: cmmeta.GroupName, Version: "v1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + // No types to register in the meta group + return nil +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go new file mode 100644 index 000000000000..24e72d15ffdd --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go @@ -0,0 +1,79 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +// ConditionStatus represents a condition's status. +// +kubebuilder:validation:Enum=True;False;Unknown +type ConditionStatus string + +// These are valid condition statuses. "ConditionTrue" means a resource is in +// the condition; "ConditionFalse" means a resource is not in the condition; +// "ConditionUnknown" means kubernetes can't decide if a resource is in the +// condition or not. In the future, we could add other intermediate +// conditions, e.g. ConditionDegraded. +const ( + // ConditionTrue represents the fact that a given condition is true + ConditionTrue ConditionStatus = "True" + + // ConditionFalse represents the fact that a given condition is false + ConditionFalse ConditionStatus = "False" + + // ConditionUnknown represents the fact that a given condition is unknown + ConditionUnknown ConditionStatus = "Unknown" +) + +// A reference to an object in the same namespace as the referent. +// If the referent is a cluster-scoped resource (e.g. a ClusterIssuer), +// the reference instead refers to the resource with the given name in the +// configured 'cluster resource namespace', which is set as a flag on the +// controller component (and defaults to the namespace that cert-manager +// runs in). +type LocalObjectReference struct { + // Name of the resource being referred to. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Name string `json:"name"` +} + +// ObjectReference is a reference to an object with a given name, kind and group. +type ObjectReference struct { + // Name of the resource being referred to. + Name string `json:"name"` + // Kind of the resource being referred to. + // +optional + Kind string `json:"kind,omitempty"` + // Group of the resource being referred to. + // +optional + Group string `json:"group,omitempty"` +} + +// A reference to a specific 'key' within a Secret resource. +// In some instances, `key` is a required field. +type SecretKeySelector struct { + // The name of the Secret resource being referred to. + LocalObjectReference `json:",inline"` + + // The key of the entry in the Secret resource's `data` field to be used. + // Some instances of this field may be defaulted, in others it may be + // required. + // +optional + Key string `json:"key,omitempty"` +} + +const ( + // Used as a data key in Secret resources to store a CA certificate. + TLSCAKey = "ca.crt" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go new file mode 100644 index 000000000000..9fa10e5e6657 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go @@ -0,0 +1,71 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference. +func (in *LocalObjectReference) DeepCopy() *LocalObjectReference { + if in == nil { + return nil + } + out := new(LocalObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. +func (in *ObjectReference) DeepCopy() *ObjectReference { + if in == nil { + return nil + } + out := new(ObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in + out.LocalObjectReference = in.LocalObjectReference + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/evanphx/json-patch/patch.go b/vendor/github.com/evanphx/json-patch/patch.go index dc2b7e51e60b..4bce5936d502 100644 --- a/vendor/github.com/evanphx/json-patch/patch.go +++ b/vendor/github.com/evanphx/json-patch/patch.go @@ -568,29 +568,6 @@ func (p Patch) replace(doc *container, op Operation) error { return errors.Wrapf(err, "replace operation failed to decode path") } - if path == "" { - val := op.value() - - if val.which == eRaw { - if !val.tryDoc() { - if !val.tryAry() { - return errors.Wrapf(err, "replace operation value must be object or array") - } - } - } - - switch val.which { - case eAry: - *doc = &val.ary - case eDoc: - *doc = &val.doc - case eRaw: - return errors.Wrapf(err, "replace operation hit impossible case") - } - - return nil - } - con, key := findObject(doc, path) if con == nil { @@ -657,25 +634,6 @@ func (p Patch) test(doc *container, op Operation) error { return errors.Wrapf(err, "test operation failed to decode path") } - if path == "" { - var self lazyNode - - switch sv := (*doc).(type) { - case *partialDoc: - self.doc = *sv - self.which = eDoc - case *partialArray: - self.ary = *sv - self.which = eAry - } - - if self.equal(op.value()) { - return nil - } - - return errors.Wrapf(ErrTestFailed, "testing value %s failed", path) - } - con, key := findObject(doc, path) if con == nil { diff --git a/vendor/github.com/ghodss/yaml/.gitignore b/vendor/github.com/ghodss/yaml/.gitignore new file mode 100644 index 000000000000..e256a31e00a5 --- /dev/null +++ b/vendor/github.com/ghodss/yaml/.gitignore @@ -0,0 +1,20 @@ +# OSX leaves these everywhere on SMB shares +._* + +# Eclipse files +.classpath +.project +.settings/** + +# Emacs save files +*~ + +# Vim-related files +[._]*.s[a-w][a-z] +[._]s[a-w][a-z] +*.un~ +Session.vim +.netrwhist + +# Go test binaries +*.test diff --git a/vendor/github.com/ghodss/yaml/.travis.yml b/vendor/github.com/ghodss/yaml/.travis.yml new file mode 100644 index 000000000000..0e9d6edc010a --- /dev/null +++ b/vendor/github.com/ghodss/yaml/.travis.yml @@ -0,0 +1,7 @@ +language: go +go: + - 1.3 + - 1.4 +script: + - go test + - go build diff --git a/vendor/github.com/ghodss/yaml/LICENSE b/vendor/github.com/ghodss/yaml/LICENSE new file mode 100644 index 000000000000..7805d36de730 --- /dev/null +++ b/vendor/github.com/ghodss/yaml/LICENSE @@ -0,0 +1,50 @@ +The MIT License (MIT) + +Copyright (c) 2014 Sam Ghods + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + + +Copyright (c) 2012 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/ghodss/yaml/README.md b/vendor/github.com/ghodss/yaml/README.md new file mode 100644 index 000000000000..0200f75b4d12 --- /dev/null +++ b/vendor/github.com/ghodss/yaml/README.md @@ -0,0 +1,121 @@ +# YAML marshaling and unmarshaling support for Go + +[![Build Status](https://travis-ci.org/ghodss/yaml.svg)](https://travis-ci.org/ghodss/yaml) + +## Introduction + +A wrapper around [go-yaml](https://github.com/go-yaml/yaml) designed to enable a better way of handling YAML when marshaling to and from structs. + +In short, this library first converts YAML to JSON using go-yaml and then uses `json.Marshal` and `json.Unmarshal` to convert to or from the struct. This means that it effectively reuses the JSON struct tags as well as the custom JSON methods `MarshalJSON` and `UnmarshalJSON` unlike go-yaml. For a detailed overview of the rationale behind this method, [see this blog post](http://ghodss.com/2014/the-right-way-to-handle-yaml-in-golang/). + +## Compatibility + +This package uses [go-yaml](https://github.com/go-yaml/yaml) and therefore supports [everything go-yaml supports](https://github.com/go-yaml/yaml#compatibility). + +## Caveats + +**Caveat #1:** When using `yaml.Marshal` and `yaml.Unmarshal`, binary data should NOT be preceded with the `!!binary` YAML tag. If you do, go-yaml will convert the binary data from base64 to native binary data, which is not compatible with JSON. You can still use binary in your YAML files though - just store them without the `!!binary` tag and decode the base64 in your code (e.g. in the custom JSON methods `MarshalJSON` and `UnmarshalJSON`). This also has the benefit that your YAML and your JSON binary data will be decoded exactly the same way. As an example: + +``` +BAD: + exampleKey: !!binary gIGC + +GOOD: + exampleKey: gIGC +... and decode the base64 data in your code. +``` + +**Caveat #2:** When using `YAMLToJSON` directly, maps with keys that are maps will result in an error since this is not supported by JSON. This error will occur in `Unmarshal` as well since you can't unmarshal map keys anyways since struct fields can't be keys. + +## Installation and usage + +To install, run: + +``` +$ go get github.com/ghodss/yaml +``` + +And import using: + +``` +import "github.com/ghodss/yaml" +``` + +Usage is very similar to the JSON library: + +```go +package main + +import ( + "fmt" + + "github.com/ghodss/yaml" +) + +type Person struct { + Name string `json:"name"` // Affects YAML field names too. + Age int `json:"age"` +} + +func main() { + // Marshal a Person struct to YAML. + p := Person{"John", 30} + y, err := yaml.Marshal(p) + if err != nil { + fmt.Printf("err: %v\n", err) + return + } + fmt.Println(string(y)) + /* Output: + age: 30 + name: John + */ + + // Unmarshal the YAML back into a Person struct. + var p2 Person + err = yaml.Unmarshal(y, &p2) + if err != nil { + fmt.Printf("err: %v\n", err) + return + } + fmt.Println(p2) + /* Output: + {John 30} + */ +} +``` + +`yaml.YAMLToJSON` and `yaml.JSONToYAML` methods are also available: + +```go +package main + +import ( + "fmt" + + "github.com/ghodss/yaml" +) + +func main() { + j := []byte(`{"name": "John", "age": 30}`) + y, err := yaml.JSONToYAML(j) + if err != nil { + fmt.Printf("err: %v\n", err) + return + } + fmt.Println(string(y)) + /* Output: + name: John + age: 30 + */ + j2, err := yaml.YAMLToJSON(y) + if err != nil { + fmt.Printf("err: %v\n", err) + return + } + fmt.Println(string(j2)) + /* Output: + {"age":30,"name":"John"} + */ +} +``` diff --git a/vendor/github.com/ghodss/yaml/fields.go b/vendor/github.com/ghodss/yaml/fields.go new file mode 100644 index 000000000000..58600740266c --- /dev/null +++ b/vendor/github.com/ghodss/yaml/fields.go @@ -0,0 +1,501 @@ +// Copyright 2013 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. +package yaml + +import ( + "bytes" + "encoding" + "encoding/json" + "reflect" + "sort" + "strings" + "sync" + "unicode" + "unicode/utf8" +) + +// indirect walks down v allocating pointers as needed, +// until it gets to a non-pointer. +// if it encounters an Unmarshaler, indirect stops and returns that. +// if decodingNull is true, indirect stops at the last pointer so it can be set to nil. +func indirect(v reflect.Value, decodingNull bool) (json.Unmarshaler, encoding.TextUnmarshaler, reflect.Value) { + // If v is a named type and is addressable, + // start with its address, so that if the type has pointer methods, + // we find them. + if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() { + v = v.Addr() + } + for { + // Load value from interface, but only if the result will be + // usefully addressable. + if v.Kind() == reflect.Interface && !v.IsNil() { + e := v.Elem() + if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) { + v = e + continue + } + } + + if v.Kind() != reflect.Ptr { + break + } + + if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() { + break + } + if v.IsNil() { + if v.CanSet() { + v.Set(reflect.New(v.Type().Elem())) + } else { + v = reflect.New(v.Type().Elem()) + } + } + if v.Type().NumMethod() > 0 { + if u, ok := v.Interface().(json.Unmarshaler); ok { + return u, nil, reflect.Value{} + } + if u, ok := v.Interface().(encoding.TextUnmarshaler); ok { + return nil, u, reflect.Value{} + } + } + v = v.Elem() + } + return nil, nil, v +} + +// A field represents a single field found in a struct. +type field struct { + name string + nameBytes []byte // []byte(name) + equalFold func(s, t []byte) bool // bytes.EqualFold or equivalent + + tag bool + index []int + typ reflect.Type + omitEmpty bool + quoted bool +} + +func fillField(f field) field { + f.nameBytes = []byte(f.name) + f.equalFold = foldFunc(f.nameBytes) + return f +} + +// byName sorts field by name, breaking ties with depth, +// then breaking ties with "name came from json tag", then +// breaking ties with index sequence. +type byName []field + +func (x byName) Len() int { return len(x) } + +func (x byName) Swap(i, j int) { x[i], x[j] = x[j], x[i] } + +func (x byName) Less(i, j int) bool { + if x[i].name != x[j].name { + return x[i].name < x[j].name + } + if len(x[i].index) != len(x[j].index) { + return len(x[i].index) < len(x[j].index) + } + if x[i].tag != x[j].tag { + return x[i].tag + } + return byIndex(x).Less(i, j) +} + +// byIndex sorts field by index sequence. +type byIndex []field + +func (x byIndex) Len() int { return len(x) } + +func (x byIndex) Swap(i, j int) { x[i], x[j] = x[j], x[i] } + +func (x byIndex) Less(i, j int) bool { + for k, xik := range x[i].index { + if k >= len(x[j].index) { + return false + } + if xik != x[j].index[k] { + return xik < x[j].index[k] + } + } + return len(x[i].index) < len(x[j].index) +} + +// typeFields returns a list of fields that JSON should recognize for the given type. +// The algorithm is breadth-first search over the set of structs to include - the top struct +// and then any reachable anonymous structs. +func typeFields(t reflect.Type) []field { + // Anonymous fields to explore at the current level and the next. + current := []field{} + next := []field{{typ: t}} + + // Count of queued names for current level and the next. + count := map[reflect.Type]int{} + nextCount := map[reflect.Type]int{} + + // Types already visited at an earlier level. + visited := map[reflect.Type]bool{} + + // Fields found. + var fields []field + + for len(next) > 0 { + current, next = next, current[:0] + count, nextCount = nextCount, map[reflect.Type]int{} + + for _, f := range current { + if visited[f.typ] { + continue + } + visited[f.typ] = true + + // Scan f.typ for fields to include. + for i := 0; i < f.typ.NumField(); i++ { + sf := f.typ.Field(i) + if sf.PkgPath != "" { // unexported + continue + } + tag := sf.Tag.Get("json") + if tag == "-" { + continue + } + name, opts := parseTag(tag) + if !isValidTag(name) { + name = "" + } + index := make([]int, len(f.index)+1) + copy(index, f.index) + index[len(f.index)] = i + + ft := sf.Type + if ft.Name() == "" && ft.Kind() == reflect.Ptr { + // Follow pointer. + ft = ft.Elem() + } + + // Record found field and index sequence. + if name != "" || !sf.Anonymous || ft.Kind() != reflect.Struct { + tagged := name != "" + if name == "" { + name = sf.Name + } + fields = append(fields, fillField(field{ + name: name, + tag: tagged, + index: index, + typ: ft, + omitEmpty: opts.Contains("omitempty"), + quoted: opts.Contains("string"), + })) + if count[f.typ] > 1 { + // If there were multiple instances, add a second, + // so that the annihilation code will see a duplicate. + // It only cares about the distinction between 1 or 2, + // so don't bother generating any more copies. + fields = append(fields, fields[len(fields)-1]) + } + continue + } + + // Record new anonymous struct to explore in next round. + nextCount[ft]++ + if nextCount[ft] == 1 { + next = append(next, fillField(field{name: ft.Name(), index: index, typ: ft})) + } + } + } + } + + sort.Sort(byName(fields)) + + // Delete all fields that are hidden by the Go rules for embedded fields, + // except that fields with JSON tags are promoted. + + // The fields are sorted in primary order of name, secondary order + // of field index length. Loop over names; for each name, delete + // hidden fields by choosing the one dominant field that survives. + out := fields[:0] + for advance, i := 0, 0; i < len(fields); i += advance { + // One iteration per name. + // Find the sequence of fields with the name of this first field. + fi := fields[i] + name := fi.name + for advance = 1; i+advance < len(fields); advance++ { + fj := fields[i+advance] + if fj.name != name { + break + } + } + if advance == 1 { // Only one field with this name + out = append(out, fi) + continue + } + dominant, ok := dominantField(fields[i : i+advance]) + if ok { + out = append(out, dominant) + } + } + + fields = out + sort.Sort(byIndex(fields)) + + return fields +} + +// dominantField looks through the fields, all of which are known to +// have the same name, to find the single field that dominates the +// others using Go's embedding rules, modified by the presence of +// JSON tags. If there are multiple top-level fields, the boolean +// will be false: This condition is an error in Go and we skip all +// the fields. +func dominantField(fields []field) (field, bool) { + // The fields are sorted in increasing index-length order. The winner + // must therefore be one with the shortest index length. Drop all + // longer entries, which is easy: just truncate the slice. + length := len(fields[0].index) + tagged := -1 // Index of first tagged field. + for i, f := range fields { + if len(f.index) > length { + fields = fields[:i] + break + } + if f.tag { + if tagged >= 0 { + // Multiple tagged fields at the same level: conflict. + // Return no field. + return field{}, false + } + tagged = i + } + } + if tagged >= 0 { + return fields[tagged], true + } + // All remaining fields have the same length. If there's more than one, + // we have a conflict (two fields named "X" at the same level) and we + // return no field. + if len(fields) > 1 { + return field{}, false + } + return fields[0], true +} + +var fieldCache struct { + sync.RWMutex + m map[reflect.Type][]field +} + +// cachedTypeFields is like typeFields but uses a cache to avoid repeated work. +func cachedTypeFields(t reflect.Type) []field { + fieldCache.RLock() + f := fieldCache.m[t] + fieldCache.RUnlock() + if f != nil { + return f + } + + // Compute fields without lock. + // Might duplicate effort but won't hold other computations back. + f = typeFields(t) + if f == nil { + f = []field{} + } + + fieldCache.Lock() + if fieldCache.m == nil { + fieldCache.m = map[reflect.Type][]field{} + } + fieldCache.m[t] = f + fieldCache.Unlock() + return f +} + +func isValidTag(s string) bool { + if s == "" { + return false + } + for _, c := range s { + switch { + case strings.ContainsRune("!#$%&()*+-./:<=>?@[]^_{|}~ ", c): + // Backslash and quote chars are reserved, but + // otherwise any punctuation chars are allowed + // in a tag name. + default: + if !unicode.IsLetter(c) && !unicode.IsDigit(c) { + return false + } + } + } + return true +} + +const ( + caseMask = ^byte(0x20) // Mask to ignore case in ASCII. + kelvin = '\u212a' + smallLongEss = '\u017f' +) + +// foldFunc returns one of four different case folding equivalence +// functions, from most general (and slow) to fastest: +// +// 1) bytes.EqualFold, if the key s contains any non-ASCII UTF-8 +// 2) equalFoldRight, if s contains special folding ASCII ('k', 'K', 's', 'S') +// 3) asciiEqualFold, no special, but includes non-letters (including _) +// 4) simpleLetterEqualFold, no specials, no non-letters. +// +// The letters S and K are special because they map to 3 runes, not just 2: +// * S maps to s and to U+017F 'ſ' Latin small letter long s +// * k maps to K and to U+212A 'K' Kelvin sign +// See http://play.golang.org/p/tTxjOc0OGo +// +// The returned function is specialized for matching against s and +// should only be given s. It's not curried for performance reasons. +func foldFunc(s []byte) func(s, t []byte) bool { + nonLetter := false + special := false // special letter + for _, b := range s { + if b >= utf8.RuneSelf { + return bytes.EqualFold + } + upper := b & caseMask + if upper < 'A' || upper > 'Z' { + nonLetter = true + } else if upper == 'K' || upper == 'S' { + // See above for why these letters are special. + special = true + } + } + if special { + return equalFoldRight + } + if nonLetter { + return asciiEqualFold + } + return simpleLetterEqualFold +} + +// equalFoldRight is a specialization of bytes.EqualFold when s is +// known to be all ASCII (including punctuation), but contains an 's', +// 'S', 'k', or 'K', requiring a Unicode fold on the bytes in t. +// See comments on foldFunc. +func equalFoldRight(s, t []byte) bool { + for _, sb := range s { + if len(t) == 0 { + return false + } + tb := t[0] + if tb < utf8.RuneSelf { + if sb != tb { + sbUpper := sb & caseMask + if 'A' <= sbUpper && sbUpper <= 'Z' { + if sbUpper != tb&caseMask { + return false + } + } else { + return false + } + } + t = t[1:] + continue + } + // sb is ASCII and t is not. t must be either kelvin + // sign or long s; sb must be s, S, k, or K. + tr, size := utf8.DecodeRune(t) + switch sb { + case 's', 'S': + if tr != smallLongEss { + return false + } + case 'k', 'K': + if tr != kelvin { + return false + } + default: + return false + } + t = t[size:] + + } + if len(t) > 0 { + return false + } + return true +} + +// asciiEqualFold is a specialization of bytes.EqualFold for use when +// s is all ASCII (but may contain non-letters) and contains no +// special-folding letters. +// See comments on foldFunc. +func asciiEqualFold(s, t []byte) bool { + if len(s) != len(t) { + return false + } + for i, sb := range s { + tb := t[i] + if sb == tb { + continue + } + if ('a' <= sb && sb <= 'z') || ('A' <= sb && sb <= 'Z') { + if sb&caseMask != tb&caseMask { + return false + } + } else { + return false + } + } + return true +} + +// simpleLetterEqualFold is a specialization of bytes.EqualFold for +// use when s is all ASCII letters (no underscores, etc) and also +// doesn't contain 'k', 'K', 's', or 'S'. +// See comments on foldFunc. +func simpleLetterEqualFold(s, t []byte) bool { + if len(s) != len(t) { + return false + } + for i, b := range s { + if b&caseMask != t[i]&caseMask { + return false + } + } + return true +} + +// tagOptions is the string following a comma in a struct field's "json" +// tag, or the empty string. It does not include the leading comma. +type tagOptions string + +// parseTag splits a struct field's json tag into its name and +// comma-separated options. +func parseTag(tag string) (string, tagOptions) { + if idx := strings.Index(tag, ","); idx != -1 { + return tag[:idx], tagOptions(tag[idx+1:]) + } + return tag, tagOptions("") +} + +// Contains reports whether a comma-separated list of options +// contains a particular substr flag. substr must be surrounded by a +// string boundary or commas. +func (o tagOptions) Contains(optionName string) bool { + if len(o) == 0 { + return false + } + s := string(o) + for s != "" { + var next string + i := strings.Index(s, ",") + if i >= 0 { + s, next = s[:i], s[i+1:] + } + if s == optionName { + return true + } + s = next + } + return false +} diff --git a/vendor/github.com/ghodss/yaml/yaml.go b/vendor/github.com/ghodss/yaml/yaml.go new file mode 100644 index 000000000000..4fb4054a8b74 --- /dev/null +++ b/vendor/github.com/ghodss/yaml/yaml.go @@ -0,0 +1,277 @@ +package yaml + +import ( + "bytes" + "encoding/json" + "fmt" + "reflect" + "strconv" + + "gopkg.in/yaml.v2" +) + +// Marshals the object into JSON then converts JSON to YAML and returns the +// YAML. +func Marshal(o interface{}) ([]byte, error) { + j, err := json.Marshal(o) + if err != nil { + return nil, fmt.Errorf("error marshaling into JSON: %v", err) + } + + y, err := JSONToYAML(j) + if err != nil { + return nil, fmt.Errorf("error converting JSON to YAML: %v", err) + } + + return y, nil +} + +// Converts YAML to JSON then uses JSON to unmarshal into an object. +func Unmarshal(y []byte, o interface{}) error { + vo := reflect.ValueOf(o) + j, err := yamlToJSON(y, &vo) + if err != nil { + return fmt.Errorf("error converting YAML to JSON: %v", err) + } + + err = json.Unmarshal(j, o) + if err != nil { + return fmt.Errorf("error unmarshaling JSON: %v", err) + } + + return nil +} + +// Convert JSON to YAML. +func JSONToYAML(j []byte) ([]byte, error) { + // Convert the JSON to an object. + var jsonObj interface{} + // We are using yaml.Unmarshal here (instead of json.Unmarshal) because the + // Go JSON library doesn't try to pick the right number type (int, float, + // etc.) when unmarshalling to interface{}, it just picks float64 + // universally. go-yaml does go through the effort of picking the right + // number type, so we can preserve number type throughout this process. + err := yaml.Unmarshal(j, &jsonObj) + if err != nil { + return nil, err + } + + // Marshal this object into YAML. + return yaml.Marshal(jsonObj) +} + +// Convert YAML to JSON. Since JSON is a subset of YAML, passing JSON through +// this method should be a no-op. +// +// Things YAML can do that are not supported by JSON: +// * In YAML you can have binary and null keys in your maps. These are invalid +// in JSON. (int and float keys are converted to strings.) +// * Binary data in YAML with the !!binary tag is not supported. If you want to +// use binary data with this library, encode the data as base64 as usual but do +// not use the !!binary tag in your YAML. This will ensure the original base64 +// encoded data makes it all the way through to the JSON. +func YAMLToJSON(y []byte) ([]byte, error) { + return yamlToJSON(y, nil) +} + +func yamlToJSON(y []byte, jsonTarget *reflect.Value) ([]byte, error) { + // Convert the YAML to an object. + var yamlObj interface{} + err := yaml.Unmarshal(y, &yamlObj) + if err != nil { + return nil, err + } + + // YAML objects are not completely compatible with JSON objects (e.g. you + // can have non-string keys in YAML). So, convert the YAML-compatible object + // to a JSON-compatible object, failing with an error if irrecoverable + // incompatibilties happen along the way. + jsonObj, err := convertToJSONableObject(yamlObj, jsonTarget) + if err != nil { + return nil, err + } + + // Convert this object to JSON and return the data. + return json.Marshal(jsonObj) +} + +func convertToJSONableObject(yamlObj interface{}, jsonTarget *reflect.Value) (interface{}, error) { + var err error + + // Resolve jsonTarget to a concrete value (i.e. not a pointer or an + // interface). We pass decodingNull as false because we're not actually + // decoding into the value, we're just checking if the ultimate target is a + // string. + if jsonTarget != nil { + ju, tu, pv := indirect(*jsonTarget, false) + // We have a JSON or Text Umarshaler at this level, so we can't be trying + // to decode into a string. + if ju != nil || tu != nil { + jsonTarget = nil + } else { + jsonTarget = &pv + } + } + + // If yamlObj is a number or a boolean, check if jsonTarget is a string - + // if so, coerce. Else return normal. + // If yamlObj is a map or array, find the field that each key is + // unmarshaling to, and when you recurse pass the reflect.Value for that + // field back into this function. + switch typedYAMLObj := yamlObj.(type) { + case map[interface{}]interface{}: + // JSON does not support arbitrary keys in a map, so we must convert + // these keys to strings. + // + // From my reading of go-yaml v2 (specifically the resolve function), + // keys can only have the types string, int, int64, float64, binary + // (unsupported), or null (unsupported). + strMap := make(map[string]interface{}) + for k, v := range typedYAMLObj { + // Resolve the key to a string first. + var keyString string + switch typedKey := k.(type) { + case string: + keyString = typedKey + case int: + keyString = strconv.Itoa(typedKey) + case int64: + // go-yaml will only return an int64 as a key if the system + // architecture is 32-bit and the key's value is between 32-bit + // and 64-bit. Otherwise the key type will simply be int. + keyString = strconv.FormatInt(typedKey, 10) + case float64: + // Stolen from go-yaml to use the same conversion to string as + // the go-yaml library uses to convert float to string when + // Marshaling. + s := strconv.FormatFloat(typedKey, 'g', -1, 32) + switch s { + case "+Inf": + s = ".inf" + case "-Inf": + s = "-.inf" + case "NaN": + s = ".nan" + } + keyString = s + case bool: + if typedKey { + keyString = "true" + } else { + keyString = "false" + } + default: + return nil, fmt.Errorf("Unsupported map key of type: %s, key: %+#v, value: %+#v", + reflect.TypeOf(k), k, v) + } + + // jsonTarget should be a struct or a map. If it's a struct, find + // the field it's going to map to and pass its reflect.Value. If + // it's a map, find the element type of the map and pass the + // reflect.Value created from that type. If it's neither, just pass + // nil - JSON conversion will error for us if it's a real issue. + if jsonTarget != nil { + t := *jsonTarget + if t.Kind() == reflect.Struct { + keyBytes := []byte(keyString) + // Find the field that the JSON library would use. + var f *field + fields := cachedTypeFields(t.Type()) + for i := range fields { + ff := &fields[i] + if bytes.Equal(ff.nameBytes, keyBytes) { + f = ff + break + } + // Do case-insensitive comparison. + if f == nil && ff.equalFold(ff.nameBytes, keyBytes) { + f = ff + } + } + if f != nil { + // Find the reflect.Value of the most preferential + // struct field. + jtf := t.Field(f.index[0]) + strMap[keyString], err = convertToJSONableObject(v, &jtf) + if err != nil { + return nil, err + } + continue + } + } else if t.Kind() == reflect.Map { + // Create a zero value of the map's element type to use as + // the JSON target. + jtv := reflect.Zero(t.Type().Elem()) + strMap[keyString], err = convertToJSONableObject(v, &jtv) + if err != nil { + return nil, err + } + continue + } + } + strMap[keyString], err = convertToJSONableObject(v, nil) + if err != nil { + return nil, err + } + } + return strMap, nil + case []interface{}: + // We need to recurse into arrays in case there are any + // map[interface{}]interface{}'s inside and to convert any + // numbers to strings. + + // If jsonTarget is a slice (which it really should be), find the + // thing it's going to map to. If it's not a slice, just pass nil + // - JSON conversion will error for us if it's a real issue. + var jsonSliceElemValue *reflect.Value + if jsonTarget != nil { + t := *jsonTarget + if t.Kind() == reflect.Slice { + // By default slices point to nil, but we need a reflect.Value + // pointing to a value of the slice type, so we create one here. + ev := reflect.Indirect(reflect.New(t.Type().Elem())) + jsonSliceElemValue = &ev + } + } + + // Make and use a new array. + arr := make([]interface{}, len(typedYAMLObj)) + for i, v := range typedYAMLObj { + arr[i], err = convertToJSONableObject(v, jsonSliceElemValue) + if err != nil { + return nil, err + } + } + return arr, nil + default: + // If the target type is a string and the YAML type is a number, + // convert the YAML type to a string. + if jsonTarget != nil && (*jsonTarget).Kind() == reflect.String { + // Based on my reading of go-yaml, it may return int, int64, + // float64, or uint64. + var s string + switch typedVal := typedYAMLObj.(type) { + case int: + s = strconv.FormatInt(int64(typedVal), 10) + case int64: + s = strconv.FormatInt(typedVal, 10) + case float64: + s = strconv.FormatFloat(typedVal, 'g', -1, 32) + case uint64: + s = strconv.FormatUint(typedVal, 10) + case bool: + if typedVal { + s = "true" + } else { + s = "false" + } + } + if len(s) > 0 { + yamlObj = interface{}(s) + } + } + return yamlObj, nil + } + + return nil, nil +} diff --git a/vendor/github.com/go-openapi/jsonpointer/.golangci.yml b/vendor/github.com/go-openapi/jsonpointer/.golangci.yml new file mode 100644 index 000000000000..22f8d21cca19 --- /dev/null +++ b/vendor/github.com/go-openapi/jsonpointer/.golangci.yml @@ -0,0 +1,61 @@ +linters-settings: + govet: + check-shadowing: true + golint: + min-confidence: 0 + gocyclo: + min-complexity: 45 + maligned: + suggest-new: true + dupl: + threshold: 200 + goconst: + min-len: 2 + min-occurrences: 3 + +linters: + enable-all: true + disable: + - maligned + - unparam + - lll + - gochecknoinits + - gochecknoglobals + - funlen + - godox + - gocognit + - whitespace + - wsl + - wrapcheck + - testpackage + - nlreturn + - gomnd + - exhaustivestruct + - goerr113 + - errorlint + - nestif + - godot + - gofumpt + - paralleltest + - tparallel + - thelper + - ifshort + - exhaustruct + - varnamelen + - gci + - depguard + - errchkjson + - inamedparam + - nonamedreturns + - musttag + - ireturn + - forcetypeassert + - cyclop + # deprecated linters + - deadcode + - interfacer + - scopelint + - varcheck + - structcheck + - golint + - nosnakecase diff --git a/vendor/github.com/go-openapi/jsonpointer/README.md b/vendor/github.com/go-openapi/jsonpointer/README.md index 813788aff1c2..0108f1d572d7 100644 --- a/vendor/github.com/go-openapi/jsonpointer/README.md +++ b/vendor/github.com/go-openapi/jsonpointer/README.md @@ -1,6 +1,10 @@ -# gojsonpointer [![Build Status](https://travis-ci.org/go-openapi/jsonpointer.svg?branch=master)](https://travis-ci.org/go-openapi/jsonpointer) [![codecov](https://codecov.io/gh/go-openapi/jsonpointer/branch/master/graph/badge.svg)](https://codecov.io/gh/go-openapi/jsonpointer) [![Slack Status](https://slackin.goswagger.io/badge.svg)](https://slackin.goswagger.io) +# gojsonpointer [![Build Status](https://github.com/go-openapi/jsonpointer/actions/workflows/go-test.yml/badge.svg)](https://github.com/go-openapi/jsonpointer/actions?query=workflow%3A"go+test") [![codecov](https://codecov.io/gh/go-openapi/jsonpointer/branch/master/graph/badge.svg)](https://codecov.io/gh/go-openapi/jsonpointer) + +[![Slack Status](https://slackin.goswagger.io/badge.svg)](https://slackin.goswagger.io) +[![license](http://img.shields.io/badge/license-Apache%20v2-orange.svg)](https://raw.githubusercontent.com/go-openapi/jsonpointer/master/LICENSE) +[![Go Reference](https://pkg.go.dev/badge/github.com/go-openapi/jsonpointer.svg)](https://pkg.go.dev/github.com/go-openapi/jsonpointer) +[![Go Report Card](https://goreportcard.com/badge/github.com/go-openapi/jsonpointer)](https://goreportcard.com/report/github.com/go-openapi/jsonpointer) -[![license](http://img.shields.io/badge/license-Apache%20v2-orange.svg)](https://raw.githubusercontent.com/go-openapi/jsonpointer/master/LICENSE) [![GoDoc](https://godoc.org/github.com/go-openapi/jsonpointer?status.svg)](http://godoc.org/github.com/go-openapi/jsonpointer) An implementation of JSON Pointer - Go language ## Status diff --git a/vendor/github.com/go-openapi/jsonpointer/pointer.go b/vendor/github.com/go-openapi/jsonpointer/pointer.go index 7df9853def68..d975773d4901 100644 --- a/vendor/github.com/go-openapi/jsonpointer/pointer.go +++ b/vendor/github.com/go-openapi/jsonpointer/pointer.go @@ -26,6 +26,7 @@ package jsonpointer import ( + "encoding/json" "errors" "fmt" "reflect" @@ -40,6 +41,7 @@ const ( pointerSeparator = `/` invalidStart = `JSON pointer must be empty or start with a "` + pointerSeparator + notFound = `Can't find the pointer in the document` ) var jsonPointableType = reflect.TypeOf(new(JSONPointable)).Elem() @@ -48,13 +50,13 @@ var jsonSetableType = reflect.TypeOf(new(JSONSetable)).Elem() // JSONPointable is an interface for structs to implement when they need to customize the // json pointer process type JSONPointable interface { - JSONLookup(string) (interface{}, error) + JSONLookup(string) (any, error) } // JSONSetable is an interface for structs to implement when they need to customize the // json pointer process type JSONSetable interface { - JSONSet(string, interface{}) error + JSONSet(string, any) error } // New creates a new json pointer for the given string @@ -81,9 +83,7 @@ func (p *Pointer) parse(jsonPointerString string) error { err = errors.New(invalidStart) } else { referenceTokens := strings.Split(jsonPointerString, pointerSeparator) - for _, referenceToken := range referenceTokens[1:] { - p.referenceTokens = append(p.referenceTokens, referenceToken) - } + p.referenceTokens = append(p.referenceTokens, referenceTokens[1:]...) } } @@ -91,38 +91,58 @@ func (p *Pointer) parse(jsonPointerString string) error { } // Get uses the pointer to retrieve a value from a JSON document -func (p *Pointer) Get(document interface{}) (interface{}, reflect.Kind, error) { +func (p *Pointer) Get(document any) (any, reflect.Kind, error) { return p.get(document, swag.DefaultJSONNameProvider) } // Set uses the pointer to set a value from a JSON document -func (p *Pointer) Set(document interface{}, value interface{}) (interface{}, error) { +func (p *Pointer) Set(document any, value any) (any, error) { return document, p.set(document, value, swag.DefaultJSONNameProvider) } // GetForToken gets a value for a json pointer token 1 level deep -func GetForToken(document interface{}, decodedToken string) (interface{}, reflect.Kind, error) { +func GetForToken(document any, decodedToken string) (any, reflect.Kind, error) { return getSingleImpl(document, decodedToken, swag.DefaultJSONNameProvider) } // SetForToken gets a value for a json pointer token 1 level deep -func SetForToken(document interface{}, decodedToken string, value interface{}) (interface{}, error) { +func SetForToken(document any, decodedToken string, value any) (any, error) { return document, setSingleImpl(document, value, decodedToken, swag.DefaultJSONNameProvider) } -func getSingleImpl(node interface{}, decodedToken string, nameProvider *swag.NameProvider) (interface{}, reflect.Kind, error) { +func isNil(input any) bool { + if input == nil { + return true + } + + kind := reflect.TypeOf(input).Kind() + switch kind { //nolint:exhaustive + case reflect.Ptr, reflect.Map, reflect.Slice, reflect.Chan: + return reflect.ValueOf(input).IsNil() + default: + return false + } +} + +func getSingleImpl(node any, decodedToken string, nameProvider *swag.NameProvider) (any, reflect.Kind, error) { rValue := reflect.Indirect(reflect.ValueOf(node)) kind := rValue.Kind() + if isNil(node) { + return nil, kind, fmt.Errorf("nil value has not field %q", decodedToken) + } - if rValue.Type().Implements(jsonPointableType) { - r, err := node.(JSONPointable).JSONLookup(decodedToken) + switch typed := node.(type) { + case JSONPointable: + r, err := typed.JSONLookup(decodedToken) if err != nil { return nil, kind, err } return r, kind, nil + case *any: // case of a pointer to interface, that is not resolved by reflect.Indirect + return getSingleImpl(*typed, decodedToken, nameProvider) } - switch kind { + switch kind { //nolint:exhaustive case reflect.Struct: nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken) if !ok { @@ -159,7 +179,7 @@ func getSingleImpl(node interface{}, decodedToken string, nameProvider *swag.Nam } -func setSingleImpl(node, data interface{}, decodedToken string, nameProvider *swag.NameProvider) error { +func setSingleImpl(node, data any, decodedToken string, nameProvider *swag.NameProvider) error { rValue := reflect.Indirect(reflect.ValueOf(node)) if ns, ok := node.(JSONSetable); ok { // pointer impl @@ -170,7 +190,7 @@ func setSingleImpl(node, data interface{}, decodedToken string, nameProvider *sw return node.(JSONSetable).JSONSet(decodedToken, data) } - switch rValue.Kind() { + switch rValue.Kind() { //nolint:exhaustive case reflect.Struct: nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken) if !ok { @@ -210,7 +230,7 @@ func setSingleImpl(node, data interface{}, decodedToken string, nameProvider *sw } -func (p *Pointer) get(node interface{}, nameProvider *swag.NameProvider) (interface{}, reflect.Kind, error) { +func (p *Pointer) get(node any, nameProvider *swag.NameProvider) (any, reflect.Kind, error) { if nameProvider == nil { nameProvider = swag.DefaultJSONNameProvider @@ -231,8 +251,7 @@ func (p *Pointer) get(node interface{}, nameProvider *swag.NameProvider) (interf if err != nil { return nil, knd, err } - node, kind = r, knd - + node = r } rValue := reflect.ValueOf(node) @@ -241,7 +260,7 @@ func (p *Pointer) get(node interface{}, nameProvider *swag.NameProvider) (interf return node, kind, nil } -func (p *Pointer) set(node, data interface{}, nameProvider *swag.NameProvider) error { +func (p *Pointer) set(node, data any, nameProvider *swag.NameProvider) error { knd := reflect.ValueOf(node).Kind() if knd != reflect.Ptr && knd != reflect.Struct && knd != reflect.Map && knd != reflect.Slice && knd != reflect.Array { @@ -284,7 +303,7 @@ func (p *Pointer) set(node, data interface{}, nameProvider *swag.NameProvider) e continue } - switch kind { + switch kind { //nolint:exhaustive case reflect.Struct: nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken) if !ok { @@ -363,6 +382,128 @@ func (p *Pointer) String() string { return pointerString } +func (p *Pointer) Offset(document string) (int64, error) { + dec := json.NewDecoder(strings.NewReader(document)) + var offset int64 + for _, ttk := range p.DecodedTokens() { + tk, err := dec.Token() + if err != nil { + return 0, err + } + switch tk := tk.(type) { + case json.Delim: + switch tk { + case '{': + offset, err = offsetSingleObject(dec, ttk) + if err != nil { + return 0, err + } + case '[': + offset, err = offsetSingleArray(dec, ttk) + if err != nil { + return 0, err + } + default: + return 0, fmt.Errorf("invalid token %#v", tk) + } + default: + return 0, fmt.Errorf("invalid token %#v", tk) + } + } + return offset, nil +} + +func offsetSingleObject(dec *json.Decoder, decodedToken string) (int64, error) { + for dec.More() { + offset := dec.InputOffset() + tk, err := dec.Token() + if err != nil { + return 0, err + } + switch tk := tk.(type) { + case json.Delim: + switch tk { + case '{': + if err = drainSingle(dec); err != nil { + return 0, err + } + case '[': + if err = drainSingle(dec); err != nil { + return 0, err + } + } + case string: + if tk == decodedToken { + return offset, nil + } + default: + return 0, fmt.Errorf("invalid token %#v", tk) + } + } + return 0, fmt.Errorf("token reference %q not found", decodedToken) +} + +func offsetSingleArray(dec *json.Decoder, decodedToken string) (int64, error) { + idx, err := strconv.Atoi(decodedToken) + if err != nil { + return 0, fmt.Errorf("token reference %q is not a number: %v", decodedToken, err) + } + var i int + for i = 0; i < idx && dec.More(); i++ { + tk, err := dec.Token() + if err != nil { + return 0, err + } + + if delim, isDelim := tk.(json.Delim); isDelim { + switch delim { + case '{': + if err = drainSingle(dec); err != nil { + return 0, err + } + case '[': + if err = drainSingle(dec); err != nil { + return 0, err + } + } + } + } + + if !dec.More() { + return 0, fmt.Errorf("token reference %q not found", decodedToken) + } + return dec.InputOffset(), nil +} + +// drainSingle drains a single level of object or array. +// The decoder has to guarantee the beginning delim (i.e. '{' or '[') has been consumed. +func drainSingle(dec *json.Decoder) error { + for dec.More() { + tk, err := dec.Token() + if err != nil { + return err + } + if delim, isDelim := tk.(json.Delim); isDelim { + switch delim { + case '{': + if err = drainSingle(dec); err != nil { + return err + } + case '[': + if err = drainSingle(dec); err != nil { + return err + } + } + } + } + + // Consumes the ending delim + if _, err := dec.Token(); err != nil { + return err + } + return nil +} + // Specific JSON pointer encoding here // ~0 => ~ // ~1 => / @@ -377,14 +518,14 @@ const ( // Unescape unescapes a json pointer reference token string to the original representation func Unescape(token string) string { - step1 := strings.Replace(token, encRefTok1, decRefTok1, -1) - step2 := strings.Replace(step1, encRefTok0, decRefTok0, -1) + step1 := strings.ReplaceAll(token, encRefTok1, decRefTok1) + step2 := strings.ReplaceAll(step1, encRefTok0, decRefTok0) return step2 } // Escape escapes a pointer reference token string func Escape(token string) string { - step1 := strings.Replace(token, decRefTok0, encRefTok0, -1) - step2 := strings.Replace(step1, decRefTok1, encRefTok1, -1) + step1 := strings.ReplaceAll(token, decRefTok0, encRefTok0) + step2 := strings.ReplaceAll(step1, decRefTok1, encRefTok1) return step2 } diff --git a/vendor/github.com/go-openapi/jsonreference/.golangci.yml b/vendor/github.com/go-openapi/jsonreference/.golangci.yml index 013fc1943a9e..22f8d21cca19 100644 --- a/vendor/github.com/go-openapi/jsonreference/.golangci.yml +++ b/vendor/github.com/go-openapi/jsonreference/.golangci.yml @@ -1,50 +1,61 @@ linters-settings: govet: check-shadowing: true + golint: + min-confidence: 0 gocyclo: - min-complexity: 30 + min-complexity: 45 maligned: suggest-new: true dupl: - threshold: 100 + threshold: 200 goconst: min-len: 2 - min-occurrences: 4 - paralleltest: - ignore-missing: true + min-occurrences: 3 + linters: enable-all: true disable: - maligned + - unparam - lll + - gochecknoinits - gochecknoglobals + - funlen - godox - gocognit - whitespace - wsl - - funlen - - gochecknoglobals - - gochecknoinits - - scopelint - wrapcheck - - exhaustivestruct - - exhaustive - - nlreturn - testpackage - - gci - - gofumpt - - goerr113 + - nlreturn - gomnd - - tparallel + - exhaustivestruct + - goerr113 + - errorlint - nestif - godot - - errorlint - - varcheck - - interfacer - - deadcode - - golint + - gofumpt + - paralleltest + - tparallel + - thelper - ifshort + - exhaustruct + - varnamelen + - gci + - depguard + - errchkjson + - inamedparam + - nonamedreturns + - musttag + - ireturn + - forcetypeassert + - cyclop + # deprecated linters + - deadcode + - interfacer + - scopelint + - varcheck - structcheck + - golint - nosnakecase - - varnamelen - - exhaustruct diff --git a/vendor/github.com/go-openapi/jsonreference/README.md b/vendor/github.com/go-openapi/jsonreference/README.md index b94753aa527e..c7fc2049c1d8 100644 --- a/vendor/github.com/go-openapi/jsonreference/README.md +++ b/vendor/github.com/go-openapi/jsonreference/README.md @@ -1,15 +1,19 @@ -# gojsonreference [![Build Status](https://travis-ci.org/go-openapi/jsonreference.svg?branch=master)](https://travis-ci.org/go-openapi/jsonreference) [![codecov](https://codecov.io/gh/go-openapi/jsonreference/branch/master/graph/badge.svg)](https://codecov.io/gh/go-openapi/jsonreference) [![Slack Status](https://slackin.goswagger.io/badge.svg)](https://slackin.goswagger.io) +# gojsonreference [![Build Status](https://github.com/go-openapi/jsonreference/actions/workflows/go-test.yml/badge.svg)](https://github.com/go-openapi/jsonreference/actions?query=workflow%3A"go+test") [![codecov](https://codecov.io/gh/go-openapi/jsonreference/branch/master/graph/badge.svg)](https://codecov.io/gh/go-openapi/jsonreference) + +[![Slack Status](https://slackin.goswagger.io/badge.svg)](https://slackin.goswagger.io) +[![license](http://img.shields.io/badge/license-Apache%20v2-orange.svg)](https://raw.githubusercontent.com/go-openapi/jsonreference/master/LICENSE) +[![Go Reference](https://pkg.go.dev/badge/github.com/go-openapi/jsonreference.svg)](https://pkg.go.dev/github.com/go-openapi/jsonreference) +[![Go Report Card](https://goreportcard.com/badge/github.com/go-openapi/jsonreference)](https://goreportcard.com/report/github.com/go-openapi/jsonreference) -[![license](http://img.shields.io/badge/license-Apache%20v2-orange.svg)](https://raw.githubusercontent.com/go-openapi/jsonreference/master/LICENSE) [![GoDoc](https://godoc.org/github.com/go-openapi/jsonreference?status.svg)](http://godoc.org/github.com/go-openapi/jsonreference) An implementation of JSON Reference - Go language ## Status Feature complete. Stable API ## Dependencies -https://github.com/go-openapi/jsonpointer +* https://github.com/go-openapi/jsonpointer ## References -http://tools.ietf.org/html/draft-ietf-appsawg-json-pointer-07 -http://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03 +* http://tools.ietf.org/html/draft-ietf-appsawg-json-pointer-07 +* http://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03 diff --git a/vendor/github.com/go-openapi/swag/.gitignore b/vendor/github.com/go-openapi/swag/.gitignore index d69b53accc55..c4b1b64f04e4 100644 --- a/vendor/github.com/go-openapi/swag/.gitignore +++ b/vendor/github.com/go-openapi/swag/.gitignore @@ -2,3 +2,4 @@ secrets.yml vendor Godeps .idea +*.out diff --git a/vendor/github.com/go-openapi/swag/.golangci.yml b/vendor/github.com/go-openapi/swag/.golangci.yml index bf503e400016..80e2be0042f1 100644 --- a/vendor/github.com/go-openapi/swag/.golangci.yml +++ b/vendor/github.com/go-openapi/swag/.golangci.yml @@ -4,14 +4,14 @@ linters-settings: golint: min-confidence: 0 gocyclo: - min-complexity: 25 + min-complexity: 45 maligned: suggest-new: true dupl: - threshold: 100 + threshold: 200 goconst: min-len: 3 - min-occurrences: 2 + min-occurrences: 3 linters: enable-all: true @@ -20,35 +20,41 @@ linters: - lll - gochecknoinits - gochecknoglobals - - nlreturn - - testpackage + - funlen + - godox + - gocognit + - whitespace + - wsl - wrapcheck + - testpackage + - nlreturn - gomnd - - exhaustive - exhaustivestruct - goerr113 - - wsl - - whitespace - - gofumpt - - godot + - errorlint - nestif - - godox - - funlen - - gci - - gocognit + - godot + - gofumpt - paralleltest + - tparallel - thelper - ifshort - - gomoddirectives - - cyclop - - forcetypeassert - - ireturn - - tagliatelle - - varnamelen - - goimports - - tenv - - golint - exhaustruct - - nilnil + - varnamelen + - gci + - depguard + - errchkjson + - inamedparam - nonamedreturns + - musttag + - ireturn + - forcetypeassert + - cyclop + # deprecated linters + - deadcode + - interfacer + - scopelint + - varcheck + - structcheck + - golint - nosnakecase diff --git a/vendor/github.com/go-openapi/swag/README.md b/vendor/github.com/go-openapi/swag/README.md index 217f6fa5054e..a7292229980f 100644 --- a/vendor/github.com/go-openapi/swag/README.md +++ b/vendor/github.com/go-openapi/swag/README.md @@ -1,7 +1,8 @@ -# Swag [![Build Status](https://travis-ci.org/go-openapi/swag.svg?branch=master)](https://travis-ci.org/go-openapi/swag) [![codecov](https://codecov.io/gh/go-openapi/swag/branch/master/graph/badge.svg)](https://codecov.io/gh/go-openapi/swag) [![Slack Status](https://slackin.goswagger.io/badge.svg)](https://slackin.goswagger.io) +# Swag [![Build Status](https://github.com/go-openapi/swag/actions/workflows/go-test.yml/badge.svg)](https://github.com/go-openapi/swag/actions?query=workflow%3A"go+test") [![codecov](https://codecov.io/gh/go-openapi/swag/branch/master/graph/badge.svg)](https://codecov.io/gh/go-openapi/swag) +[![Slack Status](https://slackin.goswagger.io/badge.svg)](https://slackin.goswagger.io) [![license](http://img.shields.io/badge/license-Apache%20v2-orange.svg)](https://raw.githubusercontent.com/go-openapi/swag/master/LICENSE) -[![GoDoc](https://godoc.org/github.com/go-openapi/swag?status.svg)](http://godoc.org/github.com/go-openapi/swag) +[![Go Reference](https://pkg.go.dev/badge/github.com/go-openapi/swag.svg)](https://pkg.go.dev/github.com/go-openapi/swag) [![Go Report Card](https://goreportcard.com/badge/github.com/go-openapi/swag)](https://goreportcard.com/report/github.com/go-openapi/swag) Contains a bunch of helper functions for go-openapi and go-swagger projects. @@ -18,4 +19,5 @@ You may also use it standalone for your projects. This repo has only few dependencies outside of the standard library: -* YAML utilities depend on gopkg.in/yaml.v2 +* YAML utilities depend on `gopkg.in/yaml.v3` +* `github.com/mailru/easyjson v0.7.7` diff --git a/vendor/github.com/go-openapi/swag/post_go19.go b/vendor/github.com/go-openapi/swag/initialism_index.go similarity index 98% rename from vendor/github.com/go-openapi/swag/post_go19.go rename to vendor/github.com/go-openapi/swag/initialism_index.go index 7c7da9c08804..03555184d1b2 100644 --- a/vendor/github.com/go-openapi/swag/post_go19.go +++ b/vendor/github.com/go-openapi/swag/initialism_index.go @@ -12,9 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -//go:build go1.9 -// +build go1.9 - package swag import ( diff --git a/vendor/github.com/go-openapi/swag/loading.go b/vendor/github.com/go-openapi/swag/loading.go index 00038c3773c9..783442fddf63 100644 --- a/vendor/github.com/go-openapi/swag/loading.go +++ b/vendor/github.com/go-openapi/swag/loading.go @@ -21,6 +21,7 @@ import ( "net/http" "net/url" "os" + "path" "path/filepath" "runtime" "strings" @@ -40,43 +41,97 @@ var LoadHTTPBasicAuthPassword = "" var LoadHTTPCustomHeaders = map[string]string{} // LoadFromFileOrHTTP loads the bytes from a file or a remote http server based on the path passed in -func LoadFromFileOrHTTP(path string) ([]byte, error) { - return LoadStrategy(path, os.ReadFile, loadHTTPBytes(LoadHTTPTimeout))(path) +func LoadFromFileOrHTTP(pth string) ([]byte, error) { + return LoadStrategy(pth, os.ReadFile, loadHTTPBytes(LoadHTTPTimeout))(pth) } // LoadFromFileOrHTTPWithTimeout loads the bytes from a file or a remote http server based on the path passed in // timeout arg allows for per request overriding of the request timeout -func LoadFromFileOrHTTPWithTimeout(path string, timeout time.Duration) ([]byte, error) { - return LoadStrategy(path, os.ReadFile, loadHTTPBytes(timeout))(path) +func LoadFromFileOrHTTPWithTimeout(pth string, timeout time.Duration) ([]byte, error) { + return LoadStrategy(pth, os.ReadFile, loadHTTPBytes(timeout))(pth) } -// LoadStrategy returns a loader function for a given path or uri -func LoadStrategy(path string, local, remote func(string) ([]byte, error)) func(string) ([]byte, error) { - if strings.HasPrefix(path, "http") { +// LoadStrategy returns a loader function for a given path or URI. +// +// The load strategy returns the remote load for any path starting with `http`. +// So this works for any URI with a scheme `http` or `https`. +// +// The fallback strategy is to call the local loader. +// +// The local loader takes a local file system path (absolute or relative) as argument, +// or alternatively a `file://...` URI, **without host** (see also below for windows). +// +// There are a few liberalities, initially intended to be tolerant regarding the URI syntax, +// especially on windows. +// +// Before the local loader is called, the given path is transformed: +// - percent-encoded characters are unescaped +// - simple paths (e.g. `./folder/file`) are passed as-is +// - on windows, occurrences of `/` are replaced by `\`, so providing a relative path such a `folder/file` works too. +// +// For paths provided as URIs with the "file" scheme, please note that: +// - `file://` is simply stripped. +// This means that the host part of the URI is not parsed at all. +// For example, `file:///folder/file" becomes "/folder/file`, +// but `file://localhost/folder/file` becomes `localhost/folder/file` on unix systems. +// Similarly, `file://./folder/file` yields `./folder/file`. +// - on windows, `file://...` can take a host so as to specify an UNC share location. +// +// Reminder about windows-specifics: +// - `file://host/folder/file` becomes an UNC path like `\\host\folder\file` (no port specification is supported) +// - `file:///c:/folder/file` becomes `C:\folder\file` +// - `file://c:/folder/file` is tolerated (without leading `/`) and becomes `c:\folder\file` +func LoadStrategy(pth string, local, remote func(string) ([]byte, error)) func(string) ([]byte, error) { + if strings.HasPrefix(pth, "http") { return remote } - return func(pth string) ([]byte, error) { - upth, err := pathUnescape(pth) + + return func(p string) ([]byte, error) { + upth, err := url.PathUnescape(p) if err != nil { return nil, err } - if strings.HasPrefix(pth, `file://`) { - if runtime.GOOS == "windows" { - // support for canonical file URIs on windows. - // Zero tolerance here for dodgy URIs. - u, _ := url.Parse(upth) - if u.Host != "" { - // assume UNC name (volume share) - // file://host/share/folder\... ==> \\host\share\path\folder - // NOTE: UNC port not yet supported - upth = strings.Join([]string{`\`, u.Host, u.Path}, `\`) - } else { - // file:///c:/folder/... ==> just remove the leading slash - upth = strings.TrimPrefix(upth, `file:///`) - } - } else { - upth = strings.TrimPrefix(upth, `file://`) + if !strings.HasPrefix(p, `file://`) { + // regular file path provided: just normalize slashes + return local(filepath.FromSlash(upth)) + } + + if runtime.GOOS != "windows" { + // crude processing: this leaves full URIs with a host with a (mostly) unexpected result + upth = strings.TrimPrefix(upth, `file://`) + + return local(filepath.FromSlash(upth)) + } + + // windows-only pre-processing of file://... URIs + + // support for canonical file URIs on windows. + u, err := url.Parse(filepath.ToSlash(upth)) + if err != nil { + return nil, err + } + + if u.Host != "" { + // assume UNC name (volume share) + // NOTE: UNC port not yet supported + + // when the "host" segment is a drive letter: + // file://C:/folder/... => C:\folder + upth = path.Clean(strings.Join([]string{u.Host, u.Path}, `/`)) + if !strings.HasSuffix(u.Host, ":") && u.Host[0] != '.' { + // tolerance: if we have a leading dot, this can't be a host + // file://host/share/folder\... ==> \\host\share\path\folder + upth = "//" + upth + } + } else { + // no host, let's figure out if this is a drive letter + upth = strings.TrimPrefix(upth, `file://`) + first, _, _ := strings.Cut(strings.TrimPrefix(u.Path, "/"), "/") + if strings.HasSuffix(first, ":") { + // drive letter in the first segment: + // file:///c:/folder/... ==> strip the leading slash + upth = strings.TrimPrefix(upth, `/`) } } diff --git a/vendor/github.com/go-openapi/swag/post_go18.go b/vendor/github.com/go-openapi/swag/post_go18.go deleted file mode 100644 index f5228b82c0f8..000000000000 --- a/vendor/github.com/go-openapi/swag/post_go18.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//go:build go1.8 -// +build go1.8 - -package swag - -import "net/url" - -func pathUnescape(path string) (string, error) { - return url.PathUnescape(path) -} diff --git a/vendor/github.com/go-openapi/swag/pre_go18.go b/vendor/github.com/go-openapi/swag/pre_go18.go deleted file mode 100644 index 2757d9b95f82..000000000000 --- a/vendor/github.com/go-openapi/swag/pre_go18.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//go:build !go1.8 -// +build !go1.8 - -package swag - -import "net/url" - -func pathUnescape(path string) (string, error) { - return url.QueryUnescape(path) -} diff --git a/vendor/github.com/go-openapi/swag/pre_go19.go b/vendor/github.com/go-openapi/swag/pre_go19.go deleted file mode 100644 index 0565db377bef..000000000000 --- a/vendor/github.com/go-openapi/swag/pre_go19.go +++ /dev/null @@ -1,70 +0,0 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//go:build !go1.9 -// +build !go1.9 - -package swag - -import ( - "sort" - "sync" -) - -// indexOfInitialisms is a thread-safe implementation of the sorted index of initialisms. -// Before go1.9, this may be implemented with a mutex on the map. -type indexOfInitialisms struct { - getMutex *sync.Mutex - index map[string]bool -} - -func newIndexOfInitialisms() *indexOfInitialisms { - return &indexOfInitialisms{ - getMutex: new(sync.Mutex), - index: make(map[string]bool, 50), - } -} - -func (m *indexOfInitialisms) load(initial map[string]bool) *indexOfInitialisms { - m.getMutex.Lock() - defer m.getMutex.Unlock() - for k, v := range initial { - m.index[k] = v - } - return m -} - -func (m *indexOfInitialisms) isInitialism(key string) bool { - m.getMutex.Lock() - defer m.getMutex.Unlock() - _, ok := m.index[key] - return ok -} - -func (m *indexOfInitialisms) add(key string) *indexOfInitialisms { - m.getMutex.Lock() - defer m.getMutex.Unlock() - m.index[key] = true - return m -} - -func (m *indexOfInitialisms) sorted() (result []string) { - m.getMutex.Lock() - defer m.getMutex.Unlock() - for k := range m.index { - result = append(result, k) - } - sort.Sort(sort.Reverse(byInitialism(result))) - return -} diff --git a/vendor/github.com/go-openapi/swag/util.go b/vendor/github.com/go-openapi/swag/util.go index f78ab684a0ae..0413f7447ccb 100644 --- a/vendor/github.com/go-openapi/swag/util.go +++ b/vendor/github.com/go-openapi/swag/util.go @@ -174,7 +174,7 @@ func (s byInitialism) Less(i, j int) bool { // Removes leading whitespaces func trim(str string) string { - return strings.Trim(str, " ") + return strings.TrimSpace(str) } // Shortcut to strings.ToUpper() @@ -231,7 +231,7 @@ func ToHumanNameLower(name string) string { if !w.IsInitialism() { out = append(out, lower(w.GetOriginal())) } else { - out = append(out, w.GetOriginal()) + out = append(out, trim(w.GetOriginal())) } } @@ -244,7 +244,7 @@ func ToHumanNameTitle(name string) string { out := make([]string, 0, len(in)) for _, w := range in { - original := w.GetOriginal() + original := trim(w.GetOriginal()) if !w.IsInitialism() { out = append(out, Camelize(original)) } else { @@ -264,7 +264,7 @@ func ToJSONName(name string) string { out = append(out, lower(w)) continue } - out = append(out, Camelize(w)) + out = append(out, Camelize(trim(w))) } return strings.Join(out, "") } @@ -341,13 +341,22 @@ type zeroable interface { // IsZero returns true when the value passed into the function is a zero value. // This allows for safer checking of interface values. func IsZero(data interface{}) bool { + v := reflect.ValueOf(data) + // check for nil data + switch v.Kind() { //nolint:exhaustive + case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice: + if v.IsNil() { + return true + } + } + // check for things that have an IsZero method instead if vv, ok := data.(zeroable); ok { return vv.IsZero() } + // continue with slightly more complex reflection - v := reflect.ValueOf(data) - switch v.Kind() { + switch v.Kind() { //nolint:exhaustive case reflect.String: return v.Len() == 0 case reflect.Bool: @@ -358,14 +367,13 @@ func IsZero(data interface{}) bool { return v.Uint() == 0 case reflect.Float32, reflect.Float64: return v.Float() == 0 - case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice: - return v.IsNil() case reflect.Struct, reflect.Array: return reflect.DeepEqual(data, reflect.Zero(v.Type()).Interface()) case reflect.Invalid: return true + default: + return false } - return false } // AddInitialisms add additional initialisms diff --git a/vendor/github.com/go-openapi/swag/yaml.go b/vendor/github.com/go-openapi/swag/yaml.go index f09ee609f3b4..a8c4e359ea65 100644 --- a/vendor/github.com/go-openapi/swag/yaml.go +++ b/vendor/github.com/go-openapi/swag/yaml.go @@ -18,6 +18,8 @@ import ( "encoding/json" "fmt" "path/filepath" + "reflect" + "sort" "strconv" "github.com/mailru/easyjson/jlexer" @@ -147,7 +149,7 @@ func yamlScalar(node *yaml.Node) (interface{}, error) { case yamlTimestamp: return node.Value, nil case yamlNull: - return nil, nil + return nil, nil //nolint:nilnil default: return nil, fmt.Errorf("YAML tag %q is not supported", node.LongTag()) } @@ -245,7 +247,27 @@ func (s JSONMapSlice) MarshalYAML() (interface{}, error) { return yaml.Marshal(&n) } +func isNil(input interface{}) bool { + if input == nil { + return true + } + kind := reflect.TypeOf(input).Kind() + switch kind { //nolint:exhaustive + case reflect.Ptr, reflect.Map, reflect.Slice, reflect.Chan: + return reflect.ValueOf(input).IsNil() + default: + return false + } +} + func json2yaml(item interface{}) (*yaml.Node, error) { + if isNil(item) { + return &yaml.Node{ + Kind: yaml.ScalarNode, + Value: "null", + }, nil + } + switch val := item.(type) { case JSONMapSlice: var n yaml.Node @@ -265,7 +287,14 @@ func json2yaml(item interface{}) (*yaml.Node, error) { case map[string]interface{}: var n yaml.Node n.Kind = yaml.MappingNode - for k, v := range val { + keys := make([]string, 0, len(val)) + for k := range val { + keys = append(keys, k) + } + sort.Strings(keys) + + for _, k := range keys { + v := val[k] childNode, err := json2yaml(v) if err != nil { return nil, err @@ -318,8 +347,9 @@ func json2yaml(item interface{}) (*yaml.Node, error) { Tag: yamlBoolScalar, Value: strconv.FormatBool(val), }, nil + default: + return nil, fmt.Errorf("unhandled type: %T", val) } - return nil, nil } // JSONMapItem represents the value of a key in a JSON object held by JSONMapSlice diff --git a/vendor/github.com/jmespath/go-jmespath/.golangci.yml b/vendor/github.com/jmespath/go-jmespath/.golangci.yml new file mode 100644 index 000000000000..6a2d4f8770ee --- /dev/null +++ b/vendor/github.com/jmespath/go-jmespath/.golangci.yml @@ -0,0 +1,3 @@ +linters: + disable: + - structcheck diff --git a/vendor/github.com/jmespath/go-jmespath/.travis.yml b/vendor/github.com/jmespath/go-jmespath/.travis.yml deleted file mode 100644 index c56f37c0c943..000000000000 --- a/vendor/github.com/jmespath/go-jmespath/.travis.yml +++ /dev/null @@ -1,28 +0,0 @@ -language: go - -sudo: false - -go: - - 1.5.x - - 1.6.x - - 1.7.x - - 1.8.x - - 1.9.x - - 1.10.x - - 1.11.x - - 1.12.x - - 1.13.x - - 1.14.x - - 1.15.x - - tip - -allow_failures: - - go: tip - -script: make build - -matrix: - include: - - language: go - go: 1.15.x - script: make test diff --git a/vendor/github.com/jmespath/go-jmespath/LICENSE b/vendor/github.com/jmespath/go-jmespath/LICENSE index b03310a91fde..d64569567334 100644 --- a/vendor/github.com/jmespath/go-jmespath/LICENSE +++ b/vendor/github.com/jmespath/go-jmespath/LICENSE @@ -1,13 +1,202 @@ -Copyright 2015 James Saryerwinnie -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ - http://www.apache.org/licenses/LICENSE-2.0 + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/jmespath/go-jmespath/Makefile b/vendor/github.com/jmespath/go-jmespath/Makefile index fb38ec2760e1..97081e417e7e 100644 --- a/vendor/github.com/jmespath/go-jmespath/Makefile +++ b/vendor/github.com/jmespath/go-jmespath/Makefile @@ -19,17 +19,13 @@ build: rm -f cmd/$(CMD)/$(CMD) && cd cmd/$(CMD)/ && go build ./... mv cmd/$(CMD)/$(CMD) . -test: test-internal-testify - echo "making tests ${SRC_PKGS}" +test: build go test -v ${SRC_PKGS} check: go vet ${SRC_PKGS} - @echo "golint ${SRC_PKGS}" - @lint=`golint ${SRC_PKGS}`; \ - lint=`echo "$$lint" | grep -v "astnodetype_string.go" | grep -v "toktype_string.go"`; \ - echo "$$lint"; \ - if [ "$$lint" != "" ]; then exit 1; fi + golint ${SRC_PKGS} + golangci-lint run htmlc: go test -coverprofile="/tmp/jpcov" && go tool cover -html="/tmp/jpcov" && unlink /tmp/jpcov @@ -46,6 +42,7 @@ bench: pprof-cpu: go tool pprof ./go-jmespath.test ./cpu.out -test-internal-testify: - cd internal/testify && go test ./... - +install-dev-cmds: + go install golang.org/x/lint/golint@latest + go install golang.org/x/tools/cmd/stringer@latest + command -v golangci-lint || { curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $$(go env GOPATH)/bin v1.46.2; } diff --git a/vendor/github.com/jmespath/go-jmespath/NOTICE b/vendor/github.com/jmespath/go-jmespath/NOTICE new file mode 100644 index 000000000000..c00cc539b015 --- /dev/null +++ b/vendor/github.com/jmespath/go-jmespath/NOTICE @@ -0,0 +1,2 @@ +go-jmespath +Copyright 2015 James Saryerwinnie diff --git a/vendor/github.com/jmespath/go-jmespath/astnodetype_string.go b/vendor/github.com/jmespath/go-jmespath/astnodetype_string.go index 1cd2d239c969..9a41dadb9e06 100644 --- a/vendor/github.com/jmespath/go-jmespath/astnodetype_string.go +++ b/vendor/github.com/jmespath/go-jmespath/astnodetype_string.go @@ -1,8 +1,37 @@ -// generated by stringer -type astNodeType; DO NOT EDIT +// Code generated by "stringer -type astNodeType"; DO NOT EDIT. package jmespath -import "fmt" +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[ASTEmpty-0] + _ = x[ASTComparator-1] + _ = x[ASTCurrentNode-2] + _ = x[ASTExpRef-3] + _ = x[ASTFunctionExpression-4] + _ = x[ASTField-5] + _ = x[ASTFilterProjection-6] + _ = x[ASTFlatten-7] + _ = x[ASTIdentity-8] + _ = x[ASTIndex-9] + _ = x[ASTIndexExpression-10] + _ = x[ASTKeyValPair-11] + _ = x[ASTLiteral-12] + _ = x[ASTMultiSelectHash-13] + _ = x[ASTMultiSelectList-14] + _ = x[ASTOrExpression-15] + _ = x[ASTAndExpression-16] + _ = x[ASTNotExpression-17] + _ = x[ASTPipe-18] + _ = x[ASTProjection-19] + _ = x[ASTSubexpression-20] + _ = x[ASTSlice-21] + _ = x[ASTValueProjection-22] +} const _astNodeType_name = "ASTEmptyASTComparatorASTCurrentNodeASTExpRefASTFunctionExpressionASTFieldASTFilterProjectionASTFlattenASTIdentityASTIndexASTIndexExpressionASTKeyValPairASTLiteralASTMultiSelectHashASTMultiSelectListASTOrExpressionASTAndExpressionASTNotExpressionASTPipeASTProjectionASTSubexpressionASTSliceASTValueProjection" @@ -10,7 +39,7 @@ var _astNodeType_index = [...]uint16{0, 8, 21, 35, 44, 65, 73, 92, 102, 113, 121 func (i astNodeType) String() string { if i < 0 || i >= astNodeType(len(_astNodeType_index)-1) { - return fmt.Sprintf("astNodeType(%d)", i) + return "astNodeType(" + strconv.FormatInt(int64(i), 10) + ")" } return _astNodeType_name[_astNodeType_index[i]:_astNodeType_index[i+1]] } diff --git a/vendor/github.com/jmespath/go-jmespath/functions.go b/vendor/github.com/jmespath/go-jmespath/functions.go index 9b7cd89b4bcc..e9770e84acfc 100644 --- a/vendor/github.com/jmespath/go-jmespath/functions.go +++ b/vendor/github.com/jmespath/go-jmespath/functions.go @@ -17,7 +17,6 @@ type jpFunction func(arguments []interface{}) (interface{}, error) type jpType string const ( - jpUnknown jpType = "unknown" jpNumber jpType = "number" jpString jpType = "string" jpArray jpType = "array" @@ -341,7 +340,7 @@ func (e *functionEntry) resolveArgs(arguments []interface{}) ([]interface{}, err return arguments, nil } if len(arguments) < len(e.arguments) { - return nil, errors.New("Invalid arity.") + return nil, errors.New("invalid arity") } return arguments, nil } @@ -445,7 +444,7 @@ func jpfContains(arguments []interface{}) (interface{}, error) { el := arguments[1] if searchStr, ok := search.(string); ok { if elStr, ok := el.(string); ok { - return strings.Index(searchStr, elStr) != -1, nil + return strings.Contains(searchStr, elStr), nil } return false, nil } diff --git a/vendor/github.com/jmespath/go-jmespath/toktype_string.go b/vendor/github.com/jmespath/go-jmespath/toktype_string.go index dae79cbdf338..c76af6866f7a 100644 --- a/vendor/github.com/jmespath/go-jmespath/toktype_string.go +++ b/vendor/github.com/jmespath/go-jmespath/toktype_string.go @@ -1,8 +1,45 @@ -// generated by stringer -type=tokType; DO NOT EDIT +// Code generated by "stringer -type=tokType"; DO NOT EDIT. package jmespath -import "fmt" +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[tUnknown-0] + _ = x[tStar-1] + _ = x[tDot-2] + _ = x[tFilter-3] + _ = x[tFlatten-4] + _ = x[tLparen-5] + _ = x[tRparen-6] + _ = x[tLbracket-7] + _ = x[tRbracket-8] + _ = x[tLbrace-9] + _ = x[tRbrace-10] + _ = x[tOr-11] + _ = x[tPipe-12] + _ = x[tNumber-13] + _ = x[tUnquotedIdentifier-14] + _ = x[tQuotedIdentifier-15] + _ = x[tComma-16] + _ = x[tColon-17] + _ = x[tLT-18] + _ = x[tLTE-19] + _ = x[tGT-20] + _ = x[tGTE-21] + _ = x[tEQ-22] + _ = x[tNE-23] + _ = x[tJSONLiteral-24] + _ = x[tStringLiteral-25] + _ = x[tCurrent-26] + _ = x[tExpref-27] + _ = x[tAnd-28] + _ = x[tNot-29] + _ = x[tEOF-30] +} const _tokType_name = "tUnknowntStartDottFiltertFlattentLparentRparentLbrackettRbrackettLbracetRbracetOrtPipetNumbertUnquotedIdentifiertQuotedIdentifiertCommatColontLTtLTEtGTtGTEtEQtNEtJSONLiteraltStringLiteraltCurrenttExpreftAndtNottEOF" @@ -10,7 +47,7 @@ var _tokType_index = [...]uint8{0, 8, 13, 17, 24, 32, 39, 46, 55, 64, 71, 78, 81 func (i tokType) String() string { if i < 0 || i >= tokType(len(_tokType_index)-1) { - return fmt.Sprintf("tokType(%d)", i) + return "tokType(" + strconv.FormatInt(int64(i), 10) + ")" } return _tokType_name[_tokType_index[i]:_tokType_index[i+1]] } diff --git a/vendor/github.com/sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md index b042c896f25b..d1d4a85fd752 100644 --- a/vendor/github.com/sirupsen/logrus/README.md +++ b/vendor/github.com/sirupsen/logrus/README.md @@ -9,7 +9,7 @@ the last thing you want from your Logging library (again...). This does not mean Logrus is dead. Logrus will continue to be maintained for security, (backwards compatible) bug fixes, and performance (where we are -limited by the interface). +limited by the interface). I believe Logrus' biggest contribution is to have played a part in today's widespread use of structured logging in Golang. There doesn't seem to be a @@ -43,7 +43,7 @@ plain text): With `log.SetFormatter(&log.JSONFormatter{})`, for easy parsing by logstash or Splunk: -```json +```text {"animal":"walrus","level":"info","msg":"A group of walrus emerges from the ocean","size":10,"time":"2014-03-10 19:57:38.562264131 -0400 EDT"} @@ -99,7 +99,7 @@ time="2015-03-26T01:27:38-04:00" level=fatal method=github.com/sirupsen/arcticcr ``` Note that this does add measurable overhead - the cost will depend on the version of Go, but is between 20 and 40% in recent tests with 1.6 and 1.7. You can validate this in your -environment via benchmarks: +environment via benchmarks: ``` go test -bench=.*CallerTracing ``` @@ -317,6 +317,8 @@ log.SetLevel(log.InfoLevel) It may be useful to set `log.Level = logrus.DebugLevel` in a debug or verbose environment if your application has that. +Note: If you want different log levels for global (`log.SetLevel(...)`) and syslog logging, please check the [syslog hook README](hooks/syslog/README.md#different-log-levels-for-local-and-remote-logging). + #### Entries Besides the fields added with `WithField` or `WithFields` some fields are diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go index 72e8e3a1b65f..074fd4b8bd78 100644 --- a/vendor/github.com/sirupsen/logrus/writer.go +++ b/vendor/github.com/sirupsen/logrus/writer.go @@ -4,6 +4,7 @@ import ( "bufio" "io" "runtime" + "strings" ) // Writer at INFO level. See WriterLevel for details. @@ -20,15 +21,18 @@ func (logger *Logger) WriterLevel(level Level) *io.PipeWriter { return NewEntry(logger).WriterLevel(level) } +// Writer returns an io.Writer that writes to the logger at the info log level func (entry *Entry) Writer() *io.PipeWriter { return entry.WriterLevel(InfoLevel) } +// WriterLevel returns an io.Writer that writes to the logger at the given log level func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { reader, writer := io.Pipe() var printFunc func(args ...interface{}) + // Determine which log function to use based on the specified log level switch level { case TraceLevel: printFunc = entry.Trace @@ -48,23 +52,51 @@ func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { printFunc = entry.Print } + // Start a new goroutine to scan the input and write it to the logger using the specified print function. + // It splits the input into chunks of up to 64KB to avoid buffer overflows. go entry.writerScanner(reader, printFunc) + + // Set a finalizer function to close the writer when it is garbage collected runtime.SetFinalizer(writer, writerFinalizer) return writer } +// writerScanner scans the input from the reader and writes it to the logger func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...interface{})) { scanner := bufio.NewScanner(reader) + + // Set the buffer size to the maximum token size to avoid buffer overflows + scanner.Buffer(make([]byte, bufio.MaxScanTokenSize), bufio.MaxScanTokenSize) + + // Define a split function to split the input into chunks of up to 64KB + chunkSize := bufio.MaxScanTokenSize // 64KB + splitFunc := func(data []byte, atEOF bool) (int, []byte, error) { + if len(data) >= chunkSize { + return chunkSize, data[:chunkSize], nil + } + + return bufio.ScanLines(data, atEOF) + } + + // Use the custom split function to split the input + scanner.Split(splitFunc) + + // Scan the input and write it to the logger using the specified print function for scanner.Scan() { - printFunc(scanner.Text()) + printFunc(strings.TrimRight(scanner.Text(), "\r\n")) } + + // If there was an error while scanning the input, log an error if err := scanner.Err(); err != nil { entry.Errorf("Error while reading from Writer: %s", err) } + + // Close the reader when we are done reader.Close() } +// WriterFinalizer is a finalizer function that closes then given writer when it is garbage collected func writerFinalizer(writer *io.PipeWriter) { writer.Close() } diff --git a/vendor/knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate/controller.go b/vendor/knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate/controller.go new file mode 100644 index 000000000000..4f6e5140b931 --- /dev/null +++ b/vendor/knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate/controller.go @@ -0,0 +1,174 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package certificate + +import ( + context "context" + fmt "fmt" + reflect "reflect" + strings "strings" + + zap "go.uber.org/zap" + corev1 "k8s.io/api/core/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + scheme "k8s.io/client-go/kubernetes/scheme" + v1 "k8s.io/client-go/kubernetes/typed/core/v1" + record "k8s.io/client-go/tools/record" + versionedscheme "knative.dev/networking/pkg/client/clientset/versioned/scheme" + client "knative.dev/networking/pkg/client/injection/client" + certificate "knative.dev/networking/pkg/client/injection/informers/networking/v1alpha1/certificate" + kubeclient "knative.dev/pkg/client/injection/kube/client" + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" + logkey "knative.dev/pkg/logging/logkey" + reconciler "knative.dev/pkg/reconciler" +) + +const ( + defaultControllerAgentName = "certificate-controller" + defaultFinalizerName = "certificates.networking.internal.knative.dev" + + // ClassAnnotationKey points to the annotation for the class of this resource. + ClassAnnotationKey = "networking.knative.dev/certificate.class" +) + +// NewImpl returns a controller.Impl that handles queuing and feeding work from +// the queue through an implementation of controller.Reconciler, delegating to +// the provided Interface and optional Finalizer methods. OptionsFn is used to return +// controller.ControllerOptions to be used by the internal reconciler. +func NewImpl(ctx context.Context, r Interface, classValue string, optionsFns ...controller.OptionsFn) *controller.Impl { + logger := logging.FromContext(ctx) + + // Check the options function input. It should be 0 or 1. + if len(optionsFns) > 1 { + logger.Fatal("Up to one options function is supported, found: ", len(optionsFns)) + } + + certificateInformer := certificate.Get(ctx) + + lister := certificateInformer.Lister() + + var promoteFilterFunc func(obj interface{}) bool + var promoteFunc = func(bkt reconciler.Bucket) {} + + rec := &reconcilerImpl{ + LeaderAwareFuncs: reconciler.LeaderAwareFuncs{ + PromoteFunc: func(bkt reconciler.Bucket, enq func(reconciler.Bucket, types.NamespacedName)) error { + + // Signal promotion event + promoteFunc(bkt) + + all, err := lister.List(labels.Everything()) + if err != nil { + return err + } + for _, elt := range all { + if promoteFilterFunc != nil { + if ok := promoteFilterFunc(elt); !ok { + continue + } + } + enq(bkt, types.NamespacedName{ + Namespace: elt.GetNamespace(), + Name: elt.GetName(), + }) + } + return nil + }, + }, + Client: client.Get(ctx), + Lister: lister, + reconciler: r, + finalizerName: defaultFinalizerName, + classValue: classValue, + } + + ctrType := reflect.TypeOf(r).Elem() + ctrTypeName := fmt.Sprintf("%s.%s", ctrType.PkgPath(), ctrType.Name()) + ctrTypeName = strings.ReplaceAll(ctrTypeName, "/", ".") + + logger = logger.With( + zap.String(logkey.ControllerType, ctrTypeName), + zap.String(logkey.Kind, "networking.internal.knative.dev.Certificate"), + ) + + impl := controller.NewContext(ctx, rec, controller.ControllerOptions{WorkQueueName: ctrTypeName, Logger: logger}) + agentName := defaultControllerAgentName + + // Pass impl to the options. Save any optional results. + for _, fn := range optionsFns { + opts := fn(impl) + if opts.ConfigStore != nil { + rec.configStore = opts.ConfigStore + } + if opts.FinalizerName != "" { + rec.finalizerName = opts.FinalizerName + } + if opts.AgentName != "" { + agentName = opts.AgentName + } + if opts.SkipStatusUpdates { + rec.skipStatusUpdates = true + } + if opts.DemoteFunc != nil { + rec.DemoteFunc = opts.DemoteFunc + } + if opts.PromoteFilterFunc != nil { + promoteFilterFunc = opts.PromoteFilterFunc + } + if opts.PromoteFunc != nil { + promoteFunc = opts.PromoteFunc + } + } + + rec.Recorder = createRecorder(ctx, agentName) + + return impl +} + +func createRecorder(ctx context.Context, agentName string) record.EventRecorder { + logger := logging.FromContext(ctx) + + recorder := controller.GetEventRecorder(ctx) + if recorder == nil { + // Create event broadcaster + logger.Debug("Creating event broadcaster") + eventBroadcaster := record.NewBroadcaster() + watches := []watch.Interface{ + eventBroadcaster.StartLogging(logger.Named("event-broadcaster").Infof), + eventBroadcaster.StartRecordingToSink( + &v1.EventSinkImpl{Interface: kubeclient.Get(ctx).CoreV1().Events("")}), + } + recorder = eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: agentName}) + go func() { + <-ctx.Done() + for _, w := range watches { + w.Stop() + } + }() + } + + return recorder +} + +func init() { + versionedscheme.AddToScheme(scheme.Scheme) +} diff --git a/vendor/knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate/reconciler.go b/vendor/knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate/reconciler.go new file mode 100644 index 000000000000..eb1e85867881 --- /dev/null +++ b/vendor/knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate/reconciler.go @@ -0,0 +1,451 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package certificate + +import ( + context "context" + json "encoding/json" + fmt "fmt" + + zap "go.uber.org/zap" + "go.uber.org/zap/zapcore" + v1 "k8s.io/api/core/v1" + equality "k8s.io/apimachinery/pkg/api/equality" + errors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + sets "k8s.io/apimachinery/pkg/util/sets" + record "k8s.io/client-go/tools/record" + v1alpha1 "knative.dev/networking/pkg/apis/networking/v1alpha1" + versioned "knative.dev/networking/pkg/client/clientset/versioned" + networkingv1alpha1 "knative.dev/networking/pkg/client/listers/networking/v1alpha1" + controller "knative.dev/pkg/controller" + kmp "knative.dev/pkg/kmp" + logging "knative.dev/pkg/logging" + reconciler "knative.dev/pkg/reconciler" +) + +// Interface defines the strongly typed interfaces to be implemented by a +// controller reconciling v1alpha1.Certificate. +type Interface interface { + // ReconcileKind implements custom logic to reconcile v1alpha1.Certificate. Any changes + // to the objects .Status or .Finalizers will be propagated to the stored + // object. It is recommended that implementors do not call any update calls + // for the Kind inside of ReconcileKind, it is the responsibility of the calling + // controller to propagate those properties. The resource passed to ReconcileKind + // will always have an empty deletion timestamp. + ReconcileKind(ctx context.Context, o *v1alpha1.Certificate) reconciler.Event +} + +// Finalizer defines the strongly typed interfaces to be implemented by a +// controller finalizing v1alpha1.Certificate. +type Finalizer interface { + // FinalizeKind implements custom logic to finalize v1alpha1.Certificate. Any changes + // to the objects .Status or .Finalizers will be ignored. Returning a nil or + // Normal type reconciler.Event will allow the finalizer to be deleted on + // the resource. The resource passed to FinalizeKind will always have a set + // deletion timestamp. + FinalizeKind(ctx context.Context, o *v1alpha1.Certificate) reconciler.Event +} + +// ReadOnlyInterface defines the strongly typed interfaces to be implemented by a +// controller reconciling v1alpha1.Certificate if they want to process resources for which +// they are not the leader. +type ReadOnlyInterface interface { + // ObserveKind implements logic to observe v1alpha1.Certificate. + // This method should not write to the API. + ObserveKind(ctx context.Context, o *v1alpha1.Certificate) reconciler.Event +} + +type doReconcile func(ctx context.Context, o *v1alpha1.Certificate) reconciler.Event + +// reconcilerImpl implements controller.Reconciler for v1alpha1.Certificate resources. +type reconcilerImpl struct { + // LeaderAwareFuncs is inlined to help us implement reconciler.LeaderAware. + reconciler.LeaderAwareFuncs + + // Client is used to write back status updates. + Client versioned.Interface + + // Listers index properties about resources. + Lister networkingv1alpha1.CertificateLister + + // Recorder is an event recorder for recording Event resources to the + // Kubernetes API. + Recorder record.EventRecorder + + // configStore allows for decorating a context with config maps. + // +optional + configStore reconciler.ConfigStore + + // reconciler is the implementation of the business logic of the resource. + reconciler Interface + + // finalizerName is the name of the finalizer to reconcile. + finalizerName string + + // skipStatusUpdates configures whether or not this reconciler automatically updates + // the status of the reconciled resource. + skipStatusUpdates bool + + // classValue is the resource annotation[networking.knative.dev/certificate.class] instance value this reconciler instance filters on. + classValue string +} + +// Check that our Reconciler implements controller.Reconciler. +var _ controller.Reconciler = (*reconcilerImpl)(nil) + +// Check that our generated Reconciler is always LeaderAware. +var _ reconciler.LeaderAware = (*reconcilerImpl)(nil) + +func NewReconciler(ctx context.Context, logger *zap.SugaredLogger, client versioned.Interface, lister networkingv1alpha1.CertificateLister, recorder record.EventRecorder, r Interface, classValue string, options ...controller.Options) controller.Reconciler { + // Check the options function input. It should be 0 or 1. + if len(options) > 1 { + logger.Fatal("Up to one options struct is supported, found: ", len(options)) + } + + // Fail fast when users inadvertently implement the other LeaderAware interface. + // For the typed reconcilers, Promote shouldn't take any arguments. + if _, ok := r.(reconciler.LeaderAware); ok { + logger.Fatalf("%T implements the incorrect LeaderAware interface. Promote() should not take an argument as genreconciler handles the enqueuing automatically.", r) + } + + rec := &reconcilerImpl{ + LeaderAwareFuncs: reconciler.LeaderAwareFuncs{ + PromoteFunc: func(bkt reconciler.Bucket, enq func(reconciler.Bucket, types.NamespacedName)) error { + all, err := lister.List(labels.Everything()) + if err != nil { + return err + } + for _, elt := range all { + // TODO: Consider letting users specify a filter in options. + enq(bkt, types.NamespacedName{ + Namespace: elt.GetNamespace(), + Name: elt.GetName(), + }) + } + return nil + }, + }, + Client: client, + Lister: lister, + Recorder: recorder, + reconciler: r, + finalizerName: defaultFinalizerName, + classValue: classValue, + } + + for _, opts := range options { + if opts.ConfigStore != nil { + rec.configStore = opts.ConfigStore + } + if opts.FinalizerName != "" { + rec.finalizerName = opts.FinalizerName + } + if opts.SkipStatusUpdates { + rec.skipStatusUpdates = true + } + if opts.DemoteFunc != nil { + rec.DemoteFunc = opts.DemoteFunc + } + } + + return rec +} + +// Reconcile implements controller.Reconciler +func (r *reconcilerImpl) Reconcile(ctx context.Context, key string) error { + logger := logging.FromContext(ctx) + + // Initialize the reconciler state. This will convert the namespace/name + // string into a distinct namespace and name, determine if this instance of + // the reconciler is the leader, and any additional interfaces implemented + // by the reconciler. Returns an error is the resource key is invalid. + s, err := newState(key, r) + if err != nil { + logger.Error("Invalid resource key: ", key) + return nil + } + + // If we are not the leader, and we don't implement either ReadOnly + // observer interfaces, then take a fast-path out. + if s.isNotLeaderNorObserver() { + return controller.NewSkipKey(key) + } + + // If configStore is set, attach the frozen configuration to the context. + if r.configStore != nil { + ctx = r.configStore.ToContext(ctx) + } + + // Add the recorder to context. + ctx = controller.WithEventRecorder(ctx, r.Recorder) + + // Get the resource with this namespace/name. + + getter := r.Lister.Certificates(s.namespace) + + original, err := getter.Get(s.name) + + if errors.IsNotFound(err) { + // The resource may no longer exist, in which case we stop processing and call + // the ObserveDeletion handler if appropriate. + logger.Debugf("Resource %q no longer exists", key) + if del, ok := r.reconciler.(reconciler.OnDeletionInterface); ok { + return del.ObserveDeletion(ctx, types.NamespacedName{ + Namespace: s.namespace, + Name: s.name, + }) + } + return nil + } else if err != nil { + return err + } + + if classValue, found := original.GetAnnotations()[ClassAnnotationKey]; !found || classValue != r.classValue { + logger.Debugw("Skip reconciling resource, class annotation value does not match reconciler instance value.", + zap.String("classKey", ClassAnnotationKey), + zap.String("issue", classValue+"!="+r.classValue)) + return nil + } + + // Don't modify the informers copy. + resource := original.DeepCopy() + + var reconcileEvent reconciler.Event + + name, do := s.reconcileMethodFor(resource) + // Append the target method to the logger. + logger = logger.With(zap.String("targetMethod", name)) + switch name { + case reconciler.DoReconcileKind: + // Set and update the finalizer on resource if r.reconciler + // implements Finalizer. + if resource, err = r.setFinalizerIfFinalizer(ctx, resource); err != nil { + return fmt.Errorf("failed to set finalizers: %w", err) + } + + if !r.skipStatusUpdates { + reconciler.PreProcessReconcile(ctx, resource) + } + + // Reconcile this copy of the resource and then write back any status + // updates regardless of whether the reconciliation errored out. + reconcileEvent = do(ctx, resource) + + if !r.skipStatusUpdates { + reconciler.PostProcessReconcile(ctx, resource, original) + } + + case reconciler.DoFinalizeKind: + // For finalizing reconcilers, if this resource being marked for deletion + // and reconciled cleanly (nil or normal event), remove the finalizer. + reconcileEvent = do(ctx, resource) + + if resource, err = r.clearFinalizer(ctx, resource, reconcileEvent); err != nil { + return fmt.Errorf("failed to clear finalizers: %w", err) + } + + case reconciler.DoObserveKind: + // Observe any changes to this resource, since we are not the leader. + reconcileEvent = do(ctx, resource) + + } + + // Synchronize the status. + switch { + case r.skipStatusUpdates: + // This reconciler implementation is configured to skip resource updates. + // This may mean this reconciler does not observe spec, but reconciles external changes. + case equality.Semantic.DeepEqual(original.Status, resource.Status): + // If we didn't change anything then don't call updateStatus. + // This is important because the copy we loaded from the injectionInformer's + // cache may be stale and we don't want to overwrite a prior update + // to status with this stale state. + case !s.isLeader: + // High-availability reconcilers may have many replicas watching the resource, but only + // the elected leader is expected to write modifications. + logger.Warn("Saw status changes when we aren't the leader!") + default: + if err = r.updateStatus(ctx, logger, original, resource); err != nil { + logger.Warnw("Failed to update resource status", zap.Error(err)) + r.Recorder.Eventf(resource, v1.EventTypeWarning, "UpdateFailed", + "Failed to update status for %q: %v", resource.Name, err) + return err + } + } + + // Report the reconciler event, if any. + if reconcileEvent != nil { + var event *reconciler.ReconcilerEvent + if reconciler.EventAs(reconcileEvent, &event) { + logger.Infow("Returned an event", zap.Any("event", reconcileEvent)) + r.Recorder.Event(resource, event.EventType, event.Reason, event.Error()) + + // the event was wrapped inside an error, consider the reconciliation as failed + if _, isEvent := reconcileEvent.(*reconciler.ReconcilerEvent); !isEvent { + return reconcileEvent + } + return nil + } + + if controller.IsSkipKey(reconcileEvent) { + // This is a wrapped error, don't emit an event. + } else if ok, _ := controller.IsRequeueKey(reconcileEvent); ok { + // This is a wrapped error, don't emit an event. + } else { + logger.Errorw("Returned an error", zap.Error(reconcileEvent)) + r.Recorder.Event(resource, v1.EventTypeWarning, "InternalError", reconcileEvent.Error()) + } + return reconcileEvent + } + + return nil +} + +func (r *reconcilerImpl) updateStatus(ctx context.Context, logger *zap.SugaredLogger, existing *v1alpha1.Certificate, desired *v1alpha1.Certificate) error { + existing = existing.DeepCopy() + return reconciler.RetryUpdateConflicts(func(attempts int) (err error) { + // The first iteration tries to use the injectionInformer's state, subsequent attempts fetch the latest state via API. + if attempts > 0 { + + getter := r.Client.NetworkingV1alpha1().Certificates(desired.Namespace) + + existing, err = getter.Get(ctx, desired.Name, metav1.GetOptions{}) + if err != nil { + return err + } + } + + // If there's nothing to update, just return. + if equality.Semantic.DeepEqual(existing.Status, desired.Status) { + return nil + } + + if logger.Desugar().Core().Enabled(zapcore.DebugLevel) { + if diff, err := kmp.SafeDiff(existing.Status, desired.Status); err == nil && diff != "" { + logger.Debug("Updating status with: ", diff) + } + } + + existing.Status = desired.Status + + updater := r.Client.NetworkingV1alpha1().Certificates(existing.Namespace) + + _, err = updater.UpdateStatus(ctx, existing, metav1.UpdateOptions{}) + return err + }) +} + +// updateFinalizersFiltered will update the Finalizers of the resource. +// TODO: this method could be generic and sync all finalizers. For now it only +// updates defaultFinalizerName or its override. +func (r *reconcilerImpl) updateFinalizersFiltered(ctx context.Context, resource *v1alpha1.Certificate, desiredFinalizers sets.Set[string]) (*v1alpha1.Certificate, error) { + // Don't modify the informers copy. + existing := resource.DeepCopy() + + var finalizers []string + + // If there's nothing to update, just return. + existingFinalizers := sets.New[string](existing.Finalizers...) + + if desiredFinalizers.Has(r.finalizerName) { + if existingFinalizers.Has(r.finalizerName) { + // Nothing to do. + return resource, nil + } + // Add the finalizer. + finalizers = append(existing.Finalizers, r.finalizerName) + } else { + if !existingFinalizers.Has(r.finalizerName) { + // Nothing to do. + return resource, nil + } + // Remove the finalizer. + existingFinalizers.Delete(r.finalizerName) + finalizers = sets.List(existingFinalizers) + } + + mergePatch := map[string]interface{}{ + "metadata": map[string]interface{}{ + "finalizers": finalizers, + "resourceVersion": existing.ResourceVersion, + }, + } + + patch, err := json.Marshal(mergePatch) + if err != nil { + return resource, err + } + + patcher := r.Client.NetworkingV1alpha1().Certificates(resource.Namespace) + + resourceName := resource.Name + updated, err := patcher.Patch(ctx, resourceName, types.MergePatchType, patch, metav1.PatchOptions{}) + if err != nil { + r.Recorder.Eventf(existing, v1.EventTypeWarning, "FinalizerUpdateFailed", + "Failed to update finalizers for %q: %v", resourceName, err) + } else { + r.Recorder.Eventf(updated, v1.EventTypeNormal, "FinalizerUpdate", + "Updated %q finalizers", resource.GetName()) + } + return updated, err +} + +func (r *reconcilerImpl) setFinalizerIfFinalizer(ctx context.Context, resource *v1alpha1.Certificate) (*v1alpha1.Certificate, error) { + if _, ok := r.reconciler.(Finalizer); !ok { + return resource, nil + } + + finalizers := sets.New[string](resource.Finalizers...) + + // If this resource is not being deleted, mark the finalizer. + if resource.GetDeletionTimestamp().IsZero() { + finalizers.Insert(r.finalizerName) + } + + // Synchronize the finalizers filtered by r.finalizerName. + return r.updateFinalizersFiltered(ctx, resource, finalizers) +} + +func (r *reconcilerImpl) clearFinalizer(ctx context.Context, resource *v1alpha1.Certificate, reconcileEvent reconciler.Event) (*v1alpha1.Certificate, error) { + if _, ok := r.reconciler.(Finalizer); !ok { + return resource, nil + } + if resource.GetDeletionTimestamp().IsZero() { + return resource, nil + } + + finalizers := sets.New[string](resource.Finalizers...) + + if reconcileEvent != nil { + var event *reconciler.ReconcilerEvent + if reconciler.EventAs(reconcileEvent, &event) { + if event.EventType == v1.EventTypeNormal { + finalizers.Delete(r.finalizerName) + } + } + } else { + finalizers.Delete(r.finalizerName) + } + + // Synchronize the finalizers filtered by r.finalizerName. + return r.updateFinalizersFiltered(ctx, resource, finalizers) +} diff --git a/vendor/knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate/state.go b/vendor/knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate/state.go new file mode 100644 index 000000000000..dd4f5d7503c4 --- /dev/null +++ b/vendor/knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate/state.go @@ -0,0 +1,97 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package certificate + +import ( + fmt "fmt" + + types "k8s.io/apimachinery/pkg/types" + cache "k8s.io/client-go/tools/cache" + v1alpha1 "knative.dev/networking/pkg/apis/networking/v1alpha1" + reconciler "knative.dev/pkg/reconciler" +) + +// state is used to track the state of a reconciler in a single run. +type state struct { + // key is the original reconciliation key from the queue. + key string + // namespace is the namespace split from the reconciliation key. + namespace string + // name is the name split from the reconciliation key. + name string + // reconciler is the reconciler. + reconciler Interface + // roi is the read only interface cast of the reconciler. + roi ReadOnlyInterface + // isROI (Read Only Interface) the reconciler only observes reconciliation. + isROI bool + // isLeader the instance of the reconciler is the elected leader. + isLeader bool +} + +func newState(key string, r *reconcilerImpl) (*state, error) { + // Convert the namespace/name string into a distinct namespace and name. + namespace, name, err := cache.SplitMetaNamespaceKey(key) + if err != nil { + return nil, fmt.Errorf("invalid resource key: %s", key) + } + + roi, isROI := r.reconciler.(ReadOnlyInterface) + + isLeader := r.IsLeaderFor(types.NamespacedName{ + Namespace: namespace, + Name: name, + }) + + return &state{ + key: key, + namespace: namespace, + name: name, + reconciler: r.reconciler, + roi: roi, + isROI: isROI, + isLeader: isLeader, + }, nil +} + +// isNotLeaderNorObserver checks to see if this reconciler with the current +// state is enabled to do any work or not. +// isNotLeaderNorObserver returns true when there is no work possible for the +// reconciler. +func (s *state) isNotLeaderNorObserver() bool { + if !s.isLeader && !s.isROI { + // If we are not the leader, and we don't implement the ReadOnly + // interface, then take a fast-path out. + return true + } + return false +} + +func (s *state) reconcileMethodFor(o *v1alpha1.Certificate) (string, doReconcile) { + if o.GetDeletionTimestamp().IsZero() { + if s.isLeader { + return reconciler.DoReconcileKind, s.reconciler.ReconcileKind + } else if s.isROI { + return reconciler.DoObserveKind, s.roi.ObserveKind + } + } else if fin, ok := s.reconciler.(Finalizer); s.isLeader && ok { + return reconciler.DoFinalizeKind, fin.FinalizeKind + } + return "unknown", nil +} diff --git a/vendor/knative.dev/networking/test/cleanup.go b/vendor/knative.dev/networking/test/cleanup.go new file mode 100644 index 000000000000..4b6e217ccf12 --- /dev/null +++ b/vendor/knative.dev/networking/test/cleanup.go @@ -0,0 +1,67 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// cleanup allows you to define a cleanup function that will be executed +// if your test is interrupted. + +package test + +import ( + "os" + "os/signal" + "sync" + "testing" +) + +func init() { + c := make(chan os.Signal, 1) + signal.Notify(c, os.Interrupt) + go cleanupOnInterrupt(c) +} + +var cf struct { + o sync.Once + m sync.RWMutex + f []func() +} + +// cleanupOnInterrupt registers a signal handler and will execute a stack of functions if an interrupt signal is caught +func cleanupOnInterrupt(c chan os.Signal) { + for range c { + cf.o.Do(func() { + cf.m.RLock() + defer cf.m.RUnlock() + for i := len(cf.f) - 1; i >= 0; i-- { + cf.f[i]() + } + os.Exit(1) + }) + } +} + +// CleanupOnInterrupt stores cleanup functions to execute if an interrupt signal is caught +func CleanupOnInterrupt(cleanup func()) { + cf.m.Lock() + defer cf.m.Unlock() + cf.f = append(cf.f, cleanup) +} + +// EnsureCleanup will run the provided cleanup function when the test ends, +// either via t.Cleanup or on interrupt via CleanupOnInterrupt. +func EnsureCleanup(t *testing.T, cleanup func()) { + t.Cleanup(cleanup) + CleanupOnInterrupt(cleanup) +} diff --git a/vendor/knative.dev/networking/test/clients.go b/vendor/knative.dev/networking/test/clients.go new file mode 100644 index 000000000000..123b7de71769 --- /dev/null +++ b/vendor/knative.dev/networking/test/clients.go @@ -0,0 +1,91 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// This file contains an object which encapsulates k8s clients which are useful for e2e tests. + +package test + +import ( + "k8s.io/client-go/dynamic" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + + // Allow E2E to run against a cluster using OpenID. + _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" + + "knative.dev/networking/pkg/client/clientset/versioned" + networkingv1alpha1 "knative.dev/networking/pkg/client/clientset/versioned/typed/networking/v1alpha1" +) + +// Clients holds instances of interfaces for making requests to Knative Serving. +type Clients struct { + KubeClient kubernetes.Interface + NetworkingClient *NetworkingClients + Dynamic dynamic.Interface +} + +// NetworkingClients holds instances of interfaces for making requests to Knative +// networking clients. +type NetworkingClients struct { + ServerlessServices networkingv1alpha1.ServerlessServiceInterface + Ingresses networkingv1alpha1.IngressInterface + Certificates networkingv1alpha1.CertificateInterface +} + +// NewClientsFromConfig instantiates and returns several clientsets required for making request to the +// Knative Serving cluster specified by the combination of clusterName and configPath. Clients can +// make requests within namespace. +func NewClientsFromConfig(cfg *rest.Config, namespace string) (*Clients, error) { + // We poll, so set our limits high. + cfg.QPS = 100 + cfg.Burst = 200 + + var ( + err error + clients Clients + ) + + clients.KubeClient, err = kubernetes.NewForConfig(cfg) + if err != nil { + return nil, err + } + + clients.Dynamic, err = dynamic.NewForConfig(cfg) + if err != nil { + return nil, err + } + + clients.NetworkingClient, err = newNetworkingClients(cfg, namespace) + if err != nil { + return nil, err + } + + return &clients, nil +} + +// newNetworkingClients instantiates and returns the networking clientset required to make requests +// to Networking resources on the Knative service cluster +func newNetworkingClients(cfg *rest.Config, namespace string) (*NetworkingClients, error) { + cs, err := versioned.NewForConfig(cfg) + if err != nil { + return nil, err + } + return &NetworkingClients{ + ServerlessServices: cs.NetworkingV1alpha1().ServerlessServices(namespace), + Ingresses: cs.NetworkingV1alpha1().Ingresses(namespace), + Certificates: cs.NetworkingV1alpha1().Certificates(namespace), + }, nil +} diff --git a/vendor/knative.dev/networking/test/conformance/certificate/http01/certificate.go b/vendor/knative.dev/networking/test/conformance/certificate/http01/certificate.go new file mode 100644 index 000000000000..8b062da5b046 --- /dev/null +++ b/vendor/knative.dev/networking/test/conformance/certificate/http01/certificate.go @@ -0,0 +1,72 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package http01 + +import ( + "context" + "testing" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "knative.dev/networking/pkg/apis/networking/v1alpha1" + "knative.dev/networking/test" + utils "knative.dev/networking/test/conformance/certificate" +) + +// TestHTTP01Challenge verifies that HTTP challenges are created for a certificate +func TestHTTP01Challenge(t *testing.T) { + subDomain := test.ObjectNameForTest(t) + ctx, clients := context.Background(), test.Setup(t) + + certDomains := [][]string{ + {subDomain + ".knative-test.dev"}, + {subDomain + "2.knative-test.dev", subDomain + "3.knative-test.dev"}, + } + + for _, domains := range certDomains { + cert := utils.CreateCertificate(ctx, t, clients, domains) + + if err := utils.WaitForCertificateState(ctx, clients.NetworkingClient, cert.Name, + func(c *v1alpha1.Certificate) (bool, error) { + for _, dnsName := range c.Spec.DNSNames { + found := false + + for _, challenge := range c.Status.HTTP01Challenges { + if challenge.URL.Host == dnsName { + found = true + break + } + } + + if !found { + return false, nil + } + } + + return true, nil + }, + t.Name()); err != nil { + t.Fatal("failed to wait for HTTP01 challenges:", err) + } + + cert, err := clients.NetworkingClient.Certificates.Get(ctx, cert.Name, metav1.GetOptions{}) + if err != nil { + t.Fatal("failed to fetch certificate:", err) + } + + utils.VerifyChallenges(ctx, t, clients, cert) + } +} diff --git a/vendor/knative.dev/networking/test/conformance/certificate/http01/run.go b/vendor/knative.dev/networking/test/conformance/certificate/http01/run.go new file mode 100644 index 000000000000..e57440166e96 --- /dev/null +++ b/vendor/knative.dev/networking/test/conformance/certificate/http01/run.go @@ -0,0 +1,23 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package http01 + +import "testing" + +func RunConformance(t *testing.T) { + t.Run("http01", TestHTTP01Challenge) +} diff --git a/vendor/knative.dev/networking/test/conformance/certificate/nonhttp01/certificate.go b/vendor/knative.dev/networking/test/conformance/certificate/nonhttp01/certificate.go new file mode 100644 index 000000000000..b5458098382a --- /dev/null +++ b/vendor/knative.dev/networking/test/conformance/certificate/nonhttp01/certificate.go @@ -0,0 +1,43 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package nonhttp01 + +import ( + "context" + "testing" + + "knative.dev/networking/test" + utils "knative.dev/networking/test/conformance/certificate" +) + +// TestSecret verifies that a certificate creates a secret +func TestSecret(t *testing.T) { + ctx, clients := context.Background(), test.Setup(t) + certName := test.ObjectNameForTest(t) + "." + test.NetworkingFlags.ServiceDomain + + cert := utils.CreateCertificate(ctx, t, clients, []string{certName}) + + t.Logf("Waiting for Certificate %q to transition to Ready", cert.Name) + if err := utils.WaitForCertificateState(ctx, clients.NetworkingClient, cert.Name, utils.IsCertificateReady, "CertificateIsReady"); err != nil { + t.Fatal("Error waiting for the certificate to become ready for the latest revision:", err) + } + + err := utils.WaitForCertificateSecret(ctx, t, clients, cert, t.Name()) + if err != nil { + t.Error("Failed to wait for secret:", err) + } +} diff --git a/vendor/knative.dev/networking/test/conformance/certificate/nonhttp01/run.go b/vendor/knative.dev/networking/test/conformance/certificate/nonhttp01/run.go new file mode 100644 index 000000000000..60e4c7879dfc --- /dev/null +++ b/vendor/knative.dev/networking/test/conformance/certificate/nonhttp01/run.go @@ -0,0 +1,23 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package nonhttp01 + +import "testing" + +func RunConformance(t *testing.T) { + t.Run("secret", TestSecret) +} diff --git a/vendor/knative.dev/networking/test/conformance/certificate/utils.go b/vendor/knative.dev/networking/test/conformance/certificate/utils.go new file mode 100644 index 000000000000..47bd26644be7 --- /dev/null +++ b/vendor/knative.dev/networking/test/conformance/certificate/utils.go @@ -0,0 +1,152 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package certificate + +import ( + "context" + "crypto/x509" + "encoding/pem" + "errors" + "fmt" + "testing" + + "github.com/google/go-cmp/cmp" + corev1 "k8s.io/api/core/v1" + apierrs "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/apimachinery/pkg/util/wait" + "knative.dev/networking/pkg/apis/networking" + "knative.dev/networking/pkg/apis/networking/v1alpha1" + "knative.dev/networking/test" + "knative.dev/pkg/test/logging" +) + +// CreateCertificate creates a Certificate with the given DNS names. The +// certificate is automatically cleaned up when the test ends or is +// interrupted. +func CreateCertificate(ctx context.Context, t *testing.T, clients *test.Clients, dnsNames []string) *v1alpha1.Certificate { + t.Helper() + + name := test.ObjectNameForTest(t) + cert := &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: test.ServingNamespace, + Annotations: map[string]string{ + networking.CertificateClassAnnotationKey: test.NetworkingFlags.CertificateClass, + }, + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: dnsNames, + SecretName: name, + }, + } + + test.EnsureCleanup(t, func() { + clients.NetworkingClient.Certificates.Delete(ctx, cert.Name, metav1.DeleteOptions{}) + clients.KubeClient.CoreV1().Secrets(test.ServingNamespace).Delete(ctx, cert.Spec.SecretName, metav1.DeleteOptions{}) + }) + + cert, err := clients.NetworkingClient.Certificates.Create(ctx, cert, metav1.CreateOptions{}) + if err != nil { + t.Fatal("Error creating Certificate:", err) + } + + return cert +} + +// IsCertificateReady will check the status conditions of the certificate and return true if the certificate is +// ready. +func IsCertificateReady(c *v1alpha1.Certificate) (bool, error) { + return c.IsReady(), nil +} + +// WaitForCertificateSecret polls the status of the Secret for the provided Certificate +// until it exists or the timeout is exceeded. It then validates its contents +func WaitForCertificateSecret(ctx context.Context, t *testing.T, client *test.Clients, cert *v1alpha1.Certificate, desc string) error { + span := logging.GetEmitableSpan(context.Background(), fmt.Sprintf("WaitForCertificateSecret/%s/%s", cert.Spec.SecretName, desc)) + defer span.End() + + return wait.PollUntilContextTimeout(ctx, test.PollInterval, test.PollTimeout, true, func(ctx context.Context) (bool, error) { + secret, err := client.KubeClient.CoreV1().Secrets(test.ServingNamespace).Get(ctx, cert.Spec.SecretName, metav1.GetOptions{}) + if apierrs.IsNotFound(err) { + return false, nil + } else if err != nil { + return true, fmt.Errorf("failed to get secret: %w", err) + } + + block, _ := pem.Decode(secret.Data[corev1.TLSCertKey]) + if block == nil { + // PEM files are text, so just dump it here. + t.Logf("Bad PEM file:\n%s", secret.Data[corev1.TLSCertKey]) + return true, errors.New("failed to decode PEM data") + } + + certData, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return true, fmt.Errorf("failed to parse certificate: %w", err) + } + + if got, want := certData.DNSNames, cert.Spec.DNSNames; !cmp.Equal(got, want) { + return true, fmt.Errorf("incorrect DNSNames in secret. Got %v, want %v", got, want) + } + + return true, nil + }) +} + +// WaitForCertificateState polls the status of the Certificate called name from client +// every PollInterval until inState returns `true` indicating it is done, returns an +// error or PollTimeout. desc will be used to name the metric that is emitted to +// track how long it took for name to get into the state checked by inState. +func WaitForCertificateState(ctx context.Context, client *test.NetworkingClients, name string, inState func(r *v1alpha1.Certificate) (bool, error), desc string) error { + span := logging.GetEmitableSpan(context.Background(), fmt.Sprintf("WaitForCertificateState/%s/%s", name, desc)) + defer span.End() + + var lastState *v1alpha1.Certificate + return wait.PollUntilContextTimeout(ctx, test.PollInterval, test.PollTimeout, true, func(ctx context.Context) (bool, error) { + var err error + lastState, err = client.Certificates.Get(ctx, name, metav1.GetOptions{}) + if err != nil { + return true, err + } + return inState(lastState) + }) +} + +// VerifyChallenges verifies that the given certificate has the correct number +// of HTTP01challenges and they contain valid data. +func VerifyChallenges(ctx context.Context, t *testing.T, client *test.Clients, cert *v1alpha1.Certificate) { + t.Helper() + + certDomains := sets.New(cert.Spec.DNSNames...) + + for _, challenge := range cert.Status.HTTP01Challenges { + if challenge.ServiceName == "" { + t.Error("HTTP01 Challenge missing solver service name") + } + + if !certDomains.Has(challenge.URL.Host) { + t.Errorf("HTTP01 Challenge host %s is not one of: %v", challenge.URL.Host, cert.Spec.DNSNames) + } + _, err := client.KubeClient.CoreV1().Services(challenge.ServiceNamespace).Get(ctx, challenge.ServiceName, metav1.GetOptions{}) + if apierrs.IsNotFound(err) { + t.Error("failed to find solver service for challenge:", err) + } + } +} diff --git a/vendor/knative.dev/networking/test/defaultsystem/system.go b/vendor/knative.dev/networking/test/defaultsystem/system.go new file mode 100644 index 000000000000..76a89f0e3a82 --- /dev/null +++ b/vendor/knative.dev/networking/test/defaultsystem/system.go @@ -0,0 +1,30 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package defaultsystem + +import ( + "os" + + "knative.dev/pkg/system" +) + +func init() { + if ns := os.Getenv(system.NamespaceEnvKey); ns != "" { + return + } + os.Setenv(system.NamespaceEnvKey, "knative-serving") +} diff --git a/vendor/knative.dev/networking/test/e2e_constants.go b/vendor/knative.dev/networking/test/e2e_constants.go new file mode 100644 index 000000000000..44820133b32f --- /dev/null +++ b/vendor/knative.dev/networking/test/e2e_constants.go @@ -0,0 +1,26 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All test-affecting constants should be placed in this file +// At some point it may make sense to be able to modify them +// via a configuration mechanism (see https://github.com/knative/serving/issues/6109) + +package test + +const ( + // ServingNamespace is the default namespace for serving e2e tests + ServingNamespace = "serving-tests" +) diff --git a/vendor/knative.dev/networking/test/e2e_flags.go b/vendor/knative.dev/networking/test/e2e_flags.go new file mode 100644 index 000000000000..7200ac7e0dac --- /dev/null +++ b/vendor/knative.dev/networking/test/e2e_flags.go @@ -0,0 +1,116 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// This file contains logic to encapsulate flags which are needed to specify +// what cluster, etc. to use for e2e tests. + +package test + +import ( + "flag" + + "knative.dev/networking/pkg/config" +) + +// NetworkingFlags holds the flags or defaults for knative/networking settings in the user's environment. +var NetworkingFlags = initializeNetworkingFlags() + +// ServingFlags is an alias of NetworkingFlags. +// TODO: Delete this variable once all downstream migrate it to NetworkingFlags. +var ServingFlags = NetworkingFlags + +// NetworkingEnvironmentFlags holds the e2e flags needed only by the networking repo. +type NetworkingEnvironmentFlags struct { + ResolvableDomain bool // Resolve Route controller's `domainSuffix` + HTTPS bool // Indicates where the test service will be created with https + IngressClass string // Indicates the class of Ingress provider to test. + CertificateClass string // Indicates the class of Certificate provider to test. + Buckets int // The number of reconciler buckets configured. + Replicas int // The number of controlplane replicas being run. + EnableAlphaFeatures bool // Indicates whether we run tests for alpha features + EnableBetaFeatures bool // Indicates whether we run tests for beta features + SkipTests string // Indicates the test names we want to skip in alpha or beta features. + ClusterSuffix string // Specifies the cluster DNS suffix to be used in tests. + ServiceDomain string // Specifies the domain to use when creating the test services. + RequestDelay int // Specifies delay in Seconds before the client tries to dial the service +} + +func initializeNetworkingFlags() *NetworkingEnvironmentFlags { + var f NetworkingEnvironmentFlags + + // Only define and set flags here. Flag values cannot be read at package init time. + flag.BoolVar(&f.ResolvableDomain, + "resolvabledomain", + false, + "Set this flag to true if you have configured the `domainSuffix` on your Route controller to a domain that will resolve to your test cluster.") + + flag.BoolVar(&f.HTTPS, + "https", + false, + "Set this flag to true to run all tests with https.") + + flag.StringVar(&f.IngressClass, + "ingressClass", + config.IstioIngressClassName, + "Set this flag to the ingress class to test against.") + + flag.StringVar(&f.CertificateClass, + "certificateClass", + config.CertManagerCertificateClassName, + "Set this flag to the certificate class to test against.") + + flag.IntVar(&f.Buckets, + "buckets", + 1, + "Set this flag to the number of reconciler buckets configured.") + + flag.IntVar(&f.Replicas, + "replicas", + 1, + "Set this flag to the number of controlplane replicas being run.") + + flag.BoolVar(&f.EnableAlphaFeatures, + "enable-alpha", + false, + "Set this flag to run tests against alpha features.") + + flag.BoolVar(&f.EnableBetaFeatures, + "enable-beta", + false, + "Set this flag to run tests against beta features.") + + flag.StringVar(&f.SkipTests, + "skip-tests", + "", + "Set this flag to the tests you want to skip in alpha or beta features. Accepts a comma separated list.") + + flag.StringVar(&f.ClusterSuffix, + "cluster-suffix", + "cluster.local", + "Set this flag to the cluster suffix to be used in tests.") + + flag.StringVar(&f.ServiceDomain, + "service-domain", + "example.com", + "Set this flag to the domain to be used in tests.") + + flag.IntVar(&f.RequestDelay, + "request-delay", + 0, + "Set this flag to the number of seconds to wait before calling the service.") + + return &f +} diff --git a/vendor/knative.dev/networking/test/ingress.go b/vendor/knative.dev/networking/test/ingress.go new file mode 100644 index 000000000000..ef6a3faaa652 --- /dev/null +++ b/vendor/knative.dev/networking/test/ingress.go @@ -0,0 +1,57 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package test + +import ( + "context" + "fmt" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/wait" + "knative.dev/networking/pkg/apis/networking/v1alpha1" + "knative.dev/pkg/test/logging" +) + +// WaitForIngressState polls the status of the Ingress called name from client every +// PollInterval until inState returns `true` indicating it is done, returns an +// error or PollTimeout. desc will be used to name the metric that is emitted to +// track how long it took for name to get into the state checked by inState. +func WaitForIngressState(ctx context.Context, client *NetworkingClients, name string, inState func(r *v1alpha1.Ingress) (bool, error), desc string) error { + span := logging.GetEmitableSpan(context.Background(), fmt.Sprintf("WaitForIngressState/%s/%s", name, desc)) + defer span.End() + + var lastState *v1alpha1.Ingress + waitErr := wait.PollUntilContextTimeout(ctx, PollInterval, PollTimeout, true, func(ctx context.Context) (bool, error) { + var err error + lastState, err = client.Ingresses.Get(ctx, name, metav1.GetOptions{}) + if err != nil { + return true, err + } + return inState(lastState) + }) + + if waitErr != nil { + return fmt.Errorf("ingress %q is not in desired state, got: %+v: %w", name, lastState, waitErr) + } + return nil +} + +// IsIngressReady will check the status conditions of the ingress and return true if the ingress is +// ready. +func IsIngressReady(r *v1alpha1.Ingress) (bool, error) { + return r.IsReady(), nil +} diff --git a/vendor/knative.dev/networking/test/presubmit-tests.sh b/vendor/knative.dev/networking/test/presubmit-tests.sh new file mode 100644 index 000000000000..b726c175a67f --- /dev/null +++ b/vendor/knative.dev/networking/test/presubmit-tests.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script runs the presubmit tests; it is started by prow for each PR. +# For convenience, it can also be executed manually. +# Running the script without parameters, or with the --all-tests +# flag, causes all tests to be executed, in the right order. +# Use the flags --build-tests, --unit-tests and --integration-tests +# to run a specific set of tests. + +source $(dirname $0)/../vendor/knative.dev/hack/presubmit-tests.sh + +# We use the default build, unit and integration test runners. + +main "$@" diff --git a/vendor/knative.dev/networking/test/prober.go b/vendor/knative.dev/networking/test/prober.go new file mode 100644 index 000000000000..4932716288f3 --- /dev/null +++ b/vendor/knative.dev/networking/test/prober.go @@ -0,0 +1,256 @@ +/* +Copyright 2019 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// route.go provides methods to perform actions on the route resource. + +package test + +import ( + "context" + "fmt" + "net/http" + "net/url" + "sync" + "testing" + + "go.uber.org/atomic" + "golang.org/x/sync/errgroup" + + pkgTest "knative.dev/pkg/test" + "knative.dev/pkg/test/logging" + "knative.dev/pkg/test/spoof" +) + +// Prober is the interface for a prober, which checks the result of the probes when stopped. +type Prober interface { + // SLI returns the "service level indicator" for the prober, which is the observed + // success rate of the probes. This will panic if the prober has not been stopped. + SLI() (total int64, failures int64) + + // Stop terminates the prober, returning any observed errors. + // Implementations may choose to put additional requirements on + // the prober, which may cause this to block (e.g. a minimum number + // of probes to achieve a population suitable for SLI measurement). + Stop() error +} + +type prober struct { + // These shouldn't change after creation + logf logging.FormatLogger + url *url.URL + minimumProbes int64 + + requests atomic.Int64 + failures atomic.Int64 + + // This channel is simply closed when minimumProbes has been satisfied. + minDoneCh chan struct{} + + errGrp *errgroup.Group + ctx context.Context + cancel context.CancelFunc +} + +// prober implements Prober +var _ Prober = (*prober)(nil) + +// SLI implements Prober +func (p *prober) SLI() (int64, int64) { + return p.requests.Load(), p.failures.Load() +} + +// Stop implements Prober +func (p *prober) Stop() error { + // Wait for either an error to happen or the minimumProbes we want. + select { + case <-p.ctx.Done(): + case <-p.minDoneCh: + } + + // Stop all probing. + p.cancel() + + return p.errGrp.Wait() +} + +// ProberManager is the interface for spawning probers, and checking their results. +type ProberManager interface { + // The ProberManager should expose a way to collectively reason about spawned + // probes as a sort of aggregating Prober. + Prober + + // Spawn creates a new Prober + Spawn(url *url.URL) Prober + + // Foreach iterates over the probers spawned by this ProberManager. + Foreach(func(url *url.URL, p Prober)) +} + +type manager struct { + // Should not change after creation + logf logging.FormatLogger + clients *Clients + minProbes int64 + + m sync.RWMutex + probes map[*url.URL]Prober + transportOptions []spoof.TransportOption +} + +var _ ProberManager = (*manager)(nil) + +// Spawn implements ProberManager +func (m *manager) Spawn(url *url.URL) Prober { + m.m.Lock() + defer m.m.Unlock() + + if p, ok := m.probes[url]; ok { + return p + } + + m.logf("Starting Route prober for %s.", url) + + ctx, cancel := context.WithCancel(context.Background()) + errGrp, ctx := errgroup.WithContext(ctx) + + p := &prober{ + logf: m.logf, + url: url, + minimumProbes: m.minProbes, + + minDoneCh: make(chan struct{}), + + errGrp: errGrp, + ctx: ctx, + cancel: cancel, + } + m.probes[url] = p + + errGrp.Go(func() error { + client, err := pkgTest.NewSpoofingClient(ctx, m.clients.KubeClient, m.logf, url.Hostname(), NetworkingFlags.ResolvableDomain, m.transportOptions...) + if err != nil { + return fmt.Errorf("failed to generate client: %w", err) + } + + req, err := http.NewRequest(http.MethodGet, url.String(), nil) + if err != nil { + return fmt.Errorf("failed to generate request: %w", err) + } + + // We keep polling the domain and accumulate success rates + // to ultimately establish the SLI and compare to the SLO. + for { + select { + case <-ctx.Done(): + return nil + default: + res, err := client.Do(req) + if p.requests.Inc() == p.minimumProbes { + close(p.minDoneCh) + } + if err != nil { + p.logf("%q error: %v", p.url, err) + p.failures.Inc() + } else if res.StatusCode != http.StatusOK { + p.logf("%q status = %d, want: %d", p.url, res.StatusCode, http.StatusOK) + p.logf("Response: %s", res) + p.failures.Inc() + } + } + } + }) + return p +} + +// Stop implements ProberManager +func (m *manager) Stop() error { + m.m.Lock() + defer m.m.Unlock() + + m.logf("Stopping all probers") + + errgrp := &errgroup.Group{} + for _, prober := range m.probes { + errgrp.Go(prober.Stop) + } + return errgrp.Wait() +} + +// SLI implements Prober +func (m *manager) SLI() (total int64, failures int64) { + m.m.RLock() + defer m.m.RUnlock() + for _, prober := range m.probes { + pt, pf := prober.SLI() + total += pt + failures += pf + } + return +} + +// Foreach implements ProberManager +func (m *manager) Foreach(f func(url *url.URL, p Prober)) { + m.m.RLock() + defer m.m.RUnlock() + + for url, prober := range m.probes { + f(url, prober) + } +} + +// NewProberManager creates a new manager for probes. +func NewProberManager(logf logging.FormatLogger, clients *Clients, minProbes int64, opts ...spoof.TransportOption) ProberManager { + return &manager{ + logf: logf, + clients: clients, + minProbes: minProbes, + probes: make(map[*url.URL]Prober), + transportOptions: opts, + } +} + +// RunRouteProber starts a single Prober of the given domain. +func RunRouteProber(logf logging.FormatLogger, clients *Clients, url *url.URL, opts ...spoof.TransportOption) Prober { + // Default to 10 probes + pm := NewProberManager(logf, clients, 10, opts...) + pm.Spawn(url) + return pm +} + +// AssertProberDefault is a helper for stopping the Prober and checking its SLI +// against the default SLO, which requires perfect responses. +// This takes `testing.T` so that it may be used in `defer`. +func AssertProberDefault(t testing.TB, p Prober) { + t.Helper() + if err := p.Stop(); err != nil { + t.Error("Stop()", "error", err.Error()) + } + // Default to 100% correct (typically used in conjunction with the low probe count above) + if err := CheckSLO(1.0, t.Name(), p); err != nil { + t.Error("CheckSLO()", "error", err.Error()) + } +} + +// CheckSLO compares the SLI of the given prober against the SLO, erroring if too low. +func CheckSLO(slo float64, name string, p Prober) error { + total, failures := p.SLI() + + successRate := float64(total-failures) / float64(total) + if successRate < slo { + return fmt.Errorf("SLI for %q = %f, wanted >= %f", name, successRate, slo) + } + return nil +} diff --git a/vendor/knative.dev/networking/test/upload-test-images.sh b/vendor/knative.dev/networking/test/upload-test-images.sh new file mode 100644 index 000000000000..d02c76f9d084 --- /dev/null +++ b/vendor/knative.dev/networking/test/upload-test-images.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +# +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit + +function upload_test_images() { + echo ">> Publishing test images" + # Script needs to be executed from the root directory + # to pickup .ko.yaml + cd "$( dirname "$0")/.." + local image_dir="test/test_images" + local docker_tag=$1 + local tag_option="" + if [ -n "${docker_tag}" ]; then + tag_option="--tags $docker_tag,latest" + fi + + # ko resolve is being used for the side-effect of publishing images, + # so the resulting yaml produced is ignored. + ko resolve ${tag_option} -RBf "${image_dir}" > /dev/null +} + +: ${KO_DOCKER_REPO:?"You must set 'KO_DOCKER_REPO', see DEVELOPMENT.md"} + +upload_test_images $@ diff --git a/vendor/knative.dev/networking/test/util.go b/vendor/knative.dev/networking/test/util.go new file mode 100644 index 000000000000..5d09f86ae20e --- /dev/null +++ b/vendor/knative.dev/networking/test/util.go @@ -0,0 +1,103 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package test + +import ( + "context" + "net/http" + "testing" + "time" + + pkgnet "knative.dev/pkg/network" + "knative.dev/pkg/signals" + pkgTest "knative.dev/pkg/test" + "knative.dev/pkg/test/helpers" + "knative.dev/pkg/test/logstream" + + // For our e2e testing, we want this linked first so that our + // systen namespace environment variable is defaulted prior to + // logstream initialization. + _ "knative.dev/networking/test/defaultsystem" + + // Mysteriously required to support GCP auth (required by k8s libs). Apparently just importing it is enough. @_@ side effects @_@. https://github.com/kubernetes/client-go/issues/242 + _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" +) + +const ( + // PollInterval is how frequently e2e tests will poll for updates. + PollInterval = 1 * time.Second + // PollTimeout is how long e2e tests will wait for resource updates when polling. + PollTimeout = 10 * time.Minute +) + +// util.go provides shared utilities methods across knative serving test + +// Setup creates client to run Knative Service requests +func Setup(t testing.TB) *Clients { + t.Helper() + + cancel := logstream.Start(t) + t.Cleanup(cancel) + + cfg, err := pkgTest.Flags.GetRESTConfig() + if err != nil { + t.Fatal("couldn't get REST config:", err) + } + + clients, err := NewClientsFromConfig(cfg, ServingNamespace) + if err != nil { + t.Fatal("Couldn't initialize clients", "error", err.Error()) + } + return clients +} + +// ObjectNameForTest generates a random object name based on the test name. +var ObjectNameForTest = helpers.ObjectNameForTest + +// ListenAndServeGracefully calls into ListenAndServeGracefullyWithHandler +// by passing handler to handle requests for "/" +func ListenAndServeGracefully(addr string, handler func(w http.ResponseWriter, r *http.Request)) { + ListenAndServeGracefullyWithHandler(addr, http.HandlerFunc(handler)) +} + +// ListenAndServeGracefullyWithHandler creates an HTTP server, listens on the defined address +// and handles incoming requests with the given handler. +// It blocks until SIGTERM is received and the underlying server has shutdown gracefully. +func ListenAndServeGracefullyWithHandler(addr string, handler http.Handler) { + server := pkgnet.NewServer(addr, handler) + go server.ListenAndServe() + + <-signals.SetupSignalHandler() + server.Shutdown(context.Background()) +} + +// ListenAndServeTLSGracefully calls into ListenAndServeTLSGracefullyWithHandler +// by passing handler to handle requests for "/" +func ListenAndServeTLSGracefully(cert, key, addr string, handler func(w http.ResponseWriter, r *http.Request)) { + ListenAndServeTLSGracefullyWithHandler(cert, key, addr, http.HandlerFunc(handler)) +} + +// ListenAndServeTLSGracefullyWithHandler creates an HTTPS server, listens on the defined address +// and handles incoming requests with the given handler. +// It blocks until SIGTERM is received and the underlying server has shutdown gracefully. +func ListenAndServeTLSGracefullyWithHandler(cert, key, addr string, handler http.Handler) { + server := pkgnet.NewServer(addr, handler) + go server.ListenAndServeTLS(cert, key) + + <-signals.SetupSignalHandler() + server.Shutdown(context.Background()) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 3d97d68f3e6c..bcf657b6229e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -13,18 +13,18 @@ contrib.go.opencensus.io/exporter/prometheus # contrib.go.opencensus.io/exporter/zipkin v0.1.2 ## explicit contrib.go.opencensus.io/exporter/zipkin -# github.com/Azure/azure-sdk-for-go v67.0.0+incompatible +# github.com/Azure/azure-sdk-for-go v68.0.0+incompatible ## explicit github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry github.com/Azure/azure-sdk-for-go/version # github.com/Azure/go-autorest v14.2.0+incompatible ## explicit github.com/Azure/go-autorest -# github.com/Azure/go-autorest/autorest v0.11.28 +# github.com/Azure/go-autorest/autorest v0.11.29 ## explicit; go 1.15 github.com/Azure/go-autorest/autorest github.com/Azure/go-autorest/autorest/azure -# github.com/Azure/go-autorest/autorest/adal v0.9.21 +# github.com/Azure/go-autorest/autorest/adal v0.9.23 ## explicit; go 1.15 github.com/Azure/go-autorest/autorest/adal # github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 @@ -166,6 +166,14 @@ github.com/census-instrumentation/opencensus-proto/gen-go/agent/trace/v1 github.com/census-instrumentation/opencensus-proto/gen-go/metrics/v1 github.com/census-instrumentation/opencensus-proto/gen-go/resource/v1 github.com/census-instrumentation/opencensus-proto/gen-go/trace/v1 +# github.com/cert-manager/cert-manager v1.13.3 +## explicit; go 1.20 +github.com/cert-manager/cert-manager/pkg/apis/acme +github.com/cert-manager/cert-manager/pkg/apis/acme/v1 +github.com/cert-manager/cert-manager/pkg/apis/certmanager +github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1 +github.com/cert-manager/cert-manager/pkg/apis/meta +github.com/cert-manager/cert-manager/pkg/apis/meta/v1 # github.com/cespare/xxhash/v2 v2.2.0 ## explicit; go 1.11 github.com/cespare/xxhash/v2 @@ -178,7 +186,7 @@ github.com/chrismellard/docker-credential-acr-env/pkg/token ## explicit; go 1.16 github.com/containerd/stargz-snapshotter/estargz github.com/containerd/stargz-snapshotter/estargz/errorutil -# github.com/davecgh/go-spew v1.1.1 +# github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc ## explicit github.com/davecgh/go-spew/spew # github.com/deepmap/oapi-codegen v1.8.2 @@ -208,7 +216,7 @@ github.com/docker/docker-credential-helpers/credentials ## explicit; go 1.13 github.com/emicklei/go-restful/v3 github.com/emicklei/go-restful/v3/log -# github.com/evanphx/json-patch v4.12.0+incompatible +# github.com/evanphx/json-patch v5.6.0+incompatible ## explicit github.com/evanphx/json-patch # github.com/evanphx/json-patch/v5 v5.9.0 @@ -218,6 +226,9 @@ github.com/evanphx/json-patch/v5/internal/json # github.com/felixge/httpsnoop v1.0.4 ## explicit; go 1.13 github.com/felixge/httpsnoop +# github.com/ghodss/yaml v1.0.0 +## explicit +github.com/ghodss/yaml # github.com/go-kit/log v0.2.1 ## explicit; go 1.17 github.com/go-kit/log @@ -232,15 +243,15 @@ github.com/go-logr/logr/funcr # github.com/go-logr/stdr v1.2.2 ## explicit; go 1.16 github.com/go-logr/stdr -# github.com/go-openapi/jsonpointer v0.19.6 -## explicit; go 1.13 +# github.com/go-openapi/jsonpointer v0.20.2 +## explicit; go 1.19 github.com/go-openapi/jsonpointer -# github.com/go-openapi/jsonreference v0.20.2 -## explicit; go 1.13 +# github.com/go-openapi/jsonreference v0.20.4 +## explicit; go 1.19 github.com/go-openapi/jsonreference github.com/go-openapi/jsonreference/internal -# github.com/go-openapi/swag v0.22.3 -## explicit; go 1.18 +# github.com/go-openapi/swag v0.22.7 +## explicit; go 1.19 github.com/go-openapi/swag # github.com/gobuffalo/flect v1.0.2 ## explicit; go 1.16 @@ -385,7 +396,7 @@ github.com/influxdata/line-protocol # github.com/influxdata/tdigest v0.0.1 ## explicit; go 1.13 github.com/influxdata/tdigest -# github.com/jmespath/go-jmespath v0.4.0 +# github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 ## explicit; go 1.14 github.com/jmespath/go-jmespath # github.com/josharian/intern v1.0.0 @@ -472,7 +483,7 @@ github.com/rs/dnscache # github.com/russross/blackfriday/v2 v2.1.0 ## explicit github.com/russross/blackfriday/v2 -# github.com/sirupsen/logrus v1.9.0 +# github.com/sirupsen/logrus v1.9.3 ## explicit; go 1.13 github.com/sirupsen/logrus # github.com/spf13/pflag v1.0.5 @@ -1350,6 +1361,7 @@ knative.dev/networking/pkg/client/injection/informers/networking/v1alpha1/ingres knative.dev/networking/pkg/client/injection/informers/networking/v1alpha1/ingress/fake knative.dev/networking/pkg/client/injection/informers/networking/v1alpha1/serverlessservice knative.dev/networking/pkg/client/injection/informers/networking/v1alpha1/serverlessservice/fake +knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/certificate knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/serverlessservice knative.dev/networking/pkg/client/listers/networking/v1alpha1 knative.dev/networking/pkg/config @@ -1361,6 +1373,11 @@ knative.dev/networking/pkg/http/stats knative.dev/networking/pkg/ingress knative.dev/networking/pkg/k8s knative.dev/networking/pkg/prober +knative.dev/networking/test +knative.dev/networking/test/conformance/certificate +knative.dev/networking/test/conformance/certificate/http01 +knative.dev/networking/test/conformance/certificate/nonhttp01 +knative.dev/networking/test/defaultsystem # knative.dev/pkg v0.0.0-20240416145024-0f34a8815650 ## explicit; go 1.21 knative.dev/pkg/apiextensions/storageversion @@ -1477,6 +1494,9 @@ knative.dev/pkg/webhook/resourcesemantics knative.dev/pkg/webhook/resourcesemantics/defaulting knative.dev/pkg/webhook/resourcesemantics/validation knative.dev/pkg/websocket +# sigs.k8s.io/gateway-api v0.8.0 +## explicit; go 1.20 +sigs.k8s.io/gateway-api/apis/v1beta1 # sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd ## explicit; go 1.18 sigs.k8s.io/json diff --git a/vendor/sigs.k8s.io/gateway-api/LICENSE b/vendor/sigs.k8s.io/gateway-api/LICENSE new file mode 100644 index 000000000000..a5949bd7a2f7 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2020 The Kubernetes Authors + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/doc.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/doc.go new file mode 100644 index 000000000000..328100aee812 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta1 contains API Schema definitions for the +// gateway.networking.k8s.io API group. +// +// +kubebuilder:object:generate=true +// +groupName=gateway.networking.k8s.io +package v1beta1 diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gateway_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gateway_types.go new file mode 100644 index 000000000000..033c1c2a16a7 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gateway_types.go @@ -0,0 +1,946 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=gateway-api,shortName=gtw +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Class",type=string,JSONPath=`.spec.gatewayClassName` +// +kubebuilder:printcolumn:name="Address",type=string,JSONPath=`.status.addresses[*].value` +// +kubebuilder:printcolumn:name="Programmed",type=string,JSONPath=`.status.conditions[?(@.type=="Programmed")].status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` + +// Gateway represents an instance of a service-traffic handling infrastructure +// by binding Listeners to a set of IP addresses. +type Gateway struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of Gateway. + Spec GatewaySpec `json:"spec"` + + // Status defines the current state of Gateway. + // + // +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"},{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}} + Status GatewayStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// GatewayList contains a list of Gateways. +type GatewayList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Gateway `json:"items"` +} + +// GatewaySpec defines the desired state of Gateway. +// +// Not all possible combinations of options specified in the Spec are +// valid. Some invalid configurations can be caught synchronously via a +// webhook, but there are many cases that will require asynchronous +// signaling via the GatewayStatus block. +type GatewaySpec struct { + // GatewayClassName used for this Gateway. This is the name of a + // GatewayClass resource. + GatewayClassName ObjectName `json:"gatewayClassName"` + + // Listeners associated with this Gateway. Listeners define + // logical endpoints that are bound on this Gateway's addresses. + // At least one Listener MUST be specified. + // + // Each listener in a Gateway must have a unique combination of Hostname, + // Port, and Protocol. + // + // Within the HTTP Conformance Profile, the below combinations of port and + // protocol are considered Core and MUST be supported: + // + // 1. Port: 80, Protocol: HTTP + // 2. Port: 443, Protocol: HTTPS + // + // Within the TLS Conformance Profile, the below combinations of port and + // protocol are considered Core and MUST be supported: + // + // 1. Port: 443, Protocol: TLS + // + // Port and protocol combinations not listed above are considered Extended. + // + // An implementation MAY group Listeners by Port and then collapse each + // group of Listeners into a single Listener if the implementation + // determines that the Listeners in the group are "compatible". An + // implementation MAY also group together and collapse compatible + // Listeners belonging to different Gateways. + // + // For example, an implementation might consider Listeners to be + // compatible with each other if all of the following conditions are + // met: + // + // 1. Either each Listener within the group specifies the "HTTP" + // Protocol or each Listener within the group specifies either + // the "HTTPS" or "TLS" Protocol. + // + // 2. Each Listener within the group specifies a Hostname that is unique + // within the group. + // + // 3. As a special case, one Listener within a group may omit Hostname, + // in which case this Listener matches when no other Listener + // matches. + // + // If the implementation does collapse compatible Listeners, the + // hostname provided in the incoming client request MUST be + // matched to a Listener to find the correct set of Routes. + // The incoming hostname MUST be matched using the Hostname + // field for each Listener in order of most to least specific. + // That is, exact matches must be processed before wildcard + // matches. + // + // If this field specifies multiple Listeners that have the same + // Port value but are not compatible, the implementation must raise + // a "Conflicted" condition in the Listener status. + // + // Support: Core + // + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=64 + // +kubebuilder:validation:XValidation:message="tls must be specified for protocols ['HTTPS', 'TLS']",rule="self.all(l, l.protocol in ['HTTPS', 'TLS'] ? has(l.tls) : true)" + // +kubebuilder:validation:XValidation:message="tls must not be specified for protocols ['HTTP', 'TCP', 'UDP']",rule="self.all(l, l.protocol in ['HTTP', 'TCP', 'UDP'] ? !has(l.tls) : true)" + // +kubebuilder:validation:XValidation:message="hostname must not be specified for protocols ['TCP', 'UDP']",rule="self.all(l, l.protocol in ['TCP', 'UDP'] ? (!has(l.hostname) || l.hostname == '') : true)" + // +kubebuilder:validation:XValidation:message="Listener name must be unique within the Gateway",rule="self.all(l1, self.exists_one(l2, l1.name == l2.name))" + // +kubebuilder:validation:XValidation:message="Combination of port, protocol and hostname must be unique for each listener",rule="self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : true)))" + Listeners []Listener `json:"listeners"` + + // Addresses requested for this Gateway. This is optional and behavior can + // depend on the implementation. If a value is set in the spec and the + // requested address is invalid or unavailable, the implementation MUST + // indicate this in the associated entry in GatewayStatus.Addresses. + // + // The Addresses field represents a request for the address(es) on the + // "outside of the Gateway", that traffic bound for this Gateway will use. + // This could be the IP address or hostname of an external load balancer or + // other networking infrastructure, or some other address that traffic will + // be sent to. + // + // The .listener.hostname field is used to route traffic that has already + // arrived at the Gateway to the correct in-cluster destination. + // + // If no Addresses are specified, the implementation MAY schedule the + // Gateway in an implementation-specific manner, assigning an appropriate + // set of Addresses. + // + // The implementation MUST bind all Listeners to every GatewayAddress that + // it assigns to the Gateway and add a corresponding entry in + // GatewayStatus.Addresses. + // + // Support: Extended + // + // +optional + // + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:message="IPAddress values must be unique",rule="self.all(a1, a1.type == 'IPAddress' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + // +kubebuilder:validation:XValidation:message="Hostname values must be unique",rule="self.all(a1, a1.type == 'Hostname' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + Addresses []GatewayAddress `json:"addresses,omitempty"` +} + +// Listener embodies the concept of a logical endpoint where a Gateway accepts +// network connections. +type Listener struct { + // Name is the name of the Listener. This name MUST be unique within a + // Gateway. + // + // Support: Core + Name SectionName `json:"name"` + + // Hostname specifies the virtual hostname to match for protocol types that + // define this concept. When unspecified, all hostnames are matched. This + // field is ignored for protocols that don't require hostname based + // matching. + // + // Implementations MUST apply Hostname matching appropriately for each of + // the following protocols: + // + // * TLS: The Listener Hostname MUST match the SNI. + // * HTTP: The Listener Hostname MUST match the Host header of the request. + // * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP + // protocol layers as described above. If an implementation does not + // ensure that both the SNI and Host header match the Listener hostname, + // it MUST clearly document that. + // + // For HTTPRoute and TLSRoute resources, there is an interaction with the + // `spec.hostnames` array. When both listener and route specify hostnames, + // there MUST be an intersection between the values for a Route to be + // accepted. For more information, refer to the Route specific Hostnames + // documentation. + // + // Hostnames that are prefixed with a wildcard label (`*.`) are interpreted + // as a suffix match. That means that a match for `*.example.com` would match + // both `test.example.com`, and `foo.test.example.com`, but not `example.com`. + // + // Support: Core + // + // +optional + Hostname *Hostname `json:"hostname,omitempty"` + + // Port is the network port. Multiple listeners may use the + // same port, subject to the Listener compatibility rules. + // + // Support: Core + Port PortNumber `json:"port"` + + // Protocol specifies the network protocol this listener expects to receive. + // + // Support: Core + Protocol ProtocolType `json:"protocol"` + + // TLS is the TLS configuration for the Listener. This field is required if + // the Protocol field is "HTTPS" or "TLS". It is invalid to set this field + // if the Protocol field is "HTTP", "TCP", or "UDP". + // + // The association of SNIs to Certificate defined in GatewayTLSConfig is + // defined based on the Hostname field for this listener. + // + // The GatewayClass MUST use the longest matching SNI out of all + // available certificates for any TLS handshake. + // + // Support: Core + // + // +optional + TLS *GatewayTLSConfig `json:"tls,omitempty"` + + // AllowedRoutes defines the types of routes that MAY be attached to a + // Listener and the trusted namespaces where those Route resources MAY be + // present. + // + // Although a client request may match multiple route rules, only one rule + // may ultimately receive the request. Matching precedence MUST be + // determined in order of the following criteria: + // + // * The most specific match as defined by the Route type. + // * The oldest Route based on creation timestamp. For example, a Route with + // a creation timestamp of "2020-09-08 01:02:03" is given precedence over + // a Route with a creation timestamp of "2020-09-08 01:02:04". + // * If everything else is equivalent, the Route appearing first in + // alphabetical order (namespace/name) should be given precedence. For + // example, foo/bar is given precedence over foo/baz. + // + // All valid rules within a Route attached to this Listener should be + // implemented. Invalid Route rules can be ignored (sometimes that will mean + // the full Route). If a Route rule transitions from valid to invalid, + // support for that Route rule should be dropped to ensure consistency. For + // example, even if a filter specified by a Route rule is invalid, the rest + // of the rules within that Route should still be supported. + // + // Support: Core + // +kubebuilder:default={namespaces:{from: Same}} + // +optional + AllowedRoutes *AllowedRoutes `json:"allowedRoutes,omitempty"` +} + +// ProtocolType defines the application protocol accepted by a Listener. +// Implementations are not required to accept all the defined protocols. If an +// implementation does not support a specified protocol, it MUST set the +// "Accepted" condition to False for the affected Listener with a reason of +// "UnsupportedProtocol". +// +// Core ProtocolType values are listed in the table below. +// +// Implementations can define their own protocols if a core ProtocolType does not +// exist. Such definitions must use prefixed name, such as +// `mycompany.com/my-custom-protocol`. Un-prefixed names are reserved for core +// protocols. Any protocol defined by implementations will fall under +// Implementation-specific conformance. +// +// Valid values include: +// +// * "HTTP" - Core support +// * "example.com/bar" - Implementation-specific support +// +// Invalid values include: +// +// * "example.com" - must include path if domain is used +// * "foo.example.com" - must include path if domain is used +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=255 +// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$` +type ProtocolType string + +const ( + // Accepts cleartext HTTP/1.1 sessions over TCP. Implementations MAY also + // support HTTP/2 over cleartext. If implementations support HTTP/2 over + // cleartext on "HTTP" listeners, that MUST be clearly documented by the + // implementation. + HTTPProtocolType ProtocolType = "HTTP" + + // Accepts HTTP/1.1 or HTTP/2 sessions over TLS. + HTTPSProtocolType ProtocolType = "HTTPS" + + // Accepts TLS sessions over TCP. + TLSProtocolType ProtocolType = "TLS" + + // Accepts TCP sessions. + TCPProtocolType ProtocolType = "TCP" + + // Accepts UDP packets. + UDPProtocolType ProtocolType = "UDP" +) + +// GatewayTLSConfig describes a TLS configuration. +// +// +kubebuilder:validation:XValidation:message="certificateRefs must be specified when TLSModeType is Terminate",rule="self.mode == 'Terminate' ? size(self.certificateRefs) > 0 : true" +type GatewayTLSConfig struct { + // Mode defines the TLS behavior for the TLS session initiated by the client. + // There are two possible modes: + // + // - Terminate: The TLS session between the downstream client + // and the Gateway is terminated at the Gateway. This mode requires + // certificateRefs to be set and contain at least one element. + // - Passthrough: The TLS session is NOT terminated by the Gateway. This + // implies that the Gateway can't decipher the TLS stream except for + // the ClientHello message of the TLS protocol. + // CertificateRefs field is ignored in this mode. + // + // Support: Core + // + // +optional + // +kubebuilder:default=Terminate + Mode *TLSModeType `json:"mode,omitempty"` + + // CertificateRefs contains a series of references to Kubernetes objects that + // contains TLS certificates and private keys. These certificates are used to + // establish a TLS handshake for requests that match the hostname of the + // associated listener. + // + // A single CertificateRef to a Kubernetes Secret has "Core" support. + // Implementations MAY choose to support attaching multiple certificates to + // a Listener, but this behavior is implementation-specific. + // + // References to a resource in different namespace are invalid UNLESS there + // is a ReferenceGrant in the target namespace that allows the certificate + // to be attached. If a ReferenceGrant does not allow this reference, the + // "ResolvedRefs" condition MUST be set to False for this listener with the + // "RefNotPermitted" reason. + // + // This field is required to have at least one element when the mode is set + // to "Terminate" (default) and is optional otherwise. + // + // CertificateRefs can reference to standard Kubernetes resources, i.e. + // Secret, or implementation-specific custom resources. + // + // Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls + // + // Support: Implementation-specific (More than one reference or other resource types) + // + // +optional + // +kubebuilder:validation:MaxItems=64 + CertificateRefs []SecretObjectReference `json:"certificateRefs,omitempty"` + + // Options are a list of key/value pairs to enable extended TLS + // configuration for each implementation. For example, configuring the + // minimum TLS version or supported cipher suites. + // + // A set of common keys MAY be defined by the API in the future. To avoid + // any ambiguity, implementation-specific definitions MUST use + // domain-prefixed names, such as `example.com/my-custom-option`. + // Un-prefixed names are reserved for key names defined by Gateway API. + // + // Support: Implementation-specific + // + // +optional + // +kubebuilder:validation:MaxProperties=16 + Options map[AnnotationKey]AnnotationValue `json:"options,omitempty"` +} + +// TLSModeType type defines how a Gateway handles TLS sessions. +// +// +kubebuilder:validation:Enum=Terminate;Passthrough +type TLSModeType string + +const ( + // In this mode, TLS session between the downstream client + // and the Gateway is terminated at the Gateway. + TLSModeTerminate TLSModeType = "Terminate" + + // In this mode, the TLS session is NOT terminated by the Gateway. This + // implies that the Gateway can't decipher the TLS stream except for + // the ClientHello message of the TLS protocol. + // + // Note that SSL passthrough is only supported by TLSRoute. + TLSModePassthrough TLSModeType = "Passthrough" +) + +// AllowedRoutes defines which Routes may be attached to this Listener. +type AllowedRoutes struct { + // Namespaces indicates namespaces from which Routes may be attached to this + // Listener. This is restricted to the namespace of this Gateway by default. + // + // Support: Core + // + // +optional + // +kubebuilder:default={from: Same} + Namespaces *RouteNamespaces `json:"namespaces,omitempty"` + + // Kinds specifies the groups and kinds of Routes that are allowed to bind + // to this Gateway Listener. When unspecified or empty, the kinds of Routes + // selected are determined using the Listener protocol. + // + // A RouteGroupKind MUST correspond to kinds of Routes that are compatible + // with the application protocol specified in the Listener's Protocol field. + // If an implementation does not support or recognize this resource type, it + // MUST set the "ResolvedRefs" condition to False for this Listener with the + // "InvalidRouteKinds" reason. + // + // Support: Core + // + // +optional + // +kubebuilder:validation:MaxItems=8 + Kinds []RouteGroupKind `json:"kinds,omitempty"` +} + +// FromNamespaces specifies namespace from which Routes may be attached to a +// Gateway. +// +// +kubebuilder:validation:Enum=All;Selector;Same +type FromNamespaces string + +const ( + // Routes in all namespaces may be attached to this Gateway. + NamespacesFromAll FromNamespaces = "All" + // Only Routes in namespaces selected by the selector may be attached to + // this Gateway. + NamespacesFromSelector FromNamespaces = "Selector" + // Only Routes in the same namespace as the Gateway may be attached to this + // Gateway. + NamespacesFromSame FromNamespaces = "Same" +) + +// RouteNamespaces indicate which namespaces Routes should be selected from. +type RouteNamespaces struct { + // From indicates where Routes will be selected for this Gateway. Possible + // values are: + // + // * All: Routes in all namespaces may be used by this Gateway. + // * Selector: Routes in namespaces selected by the selector may be used by + // this Gateway. + // * Same: Only Routes in the same namespace may be used by this Gateway. + // + // Support: Core + // + // +optional + // +kubebuilder:default=Same + From *FromNamespaces `json:"from,omitempty"` + + // Selector must be specified when From is set to "Selector". In that case, + // only Routes in Namespaces matching this Selector will be selected by this + // Gateway. This field is ignored for other values of "From". + // + // Support: Core + // + // +optional + Selector *metav1.LabelSelector `json:"selector,omitempty"` +} + +// RouteGroupKind indicates the group and kind of a Route resource. +type RouteGroupKind struct { + // Group is the group of the Route. + // + // +optional + // +kubebuilder:default=gateway.networking.k8s.io + Group *Group `json:"group,omitempty"` + + // Kind is the kind of the Route. + Kind Kind `json:"kind"` +} + +// GatewayAddress describes an address that can be bound to a Gateway. +// +// +kubebuilder:validation:XValidation:message="Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)",rule="self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" +type GatewayAddress struct { + // Type of the address. + // + // +optional + // +kubebuilder:default=IPAddress + Type *AddressType `json:"type,omitempty"` + + // Value of the address. The validity of the values will depend + // on the type and support by the controller. + // + // Examples: `1.2.3.4`, `128::1`, `my-ip-address`. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + Value string `json:"value"` +} + +// GatewayStatusAddress describes an address that is bound to a Gateway. +// +// +kubebuilder:validation:XValidation:message="Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)",rule="self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" +type GatewayStatusAddress struct { + // Type of the address. + // + // +optional + // +kubebuilder:default=IPAddress + Type *AddressType `json:"type,omitempty"` + + // Value of the address. The validity of the values will depend + // on the type and support by the controller. + // + // Examples: `1.2.3.4`, `128::1`, `my-ip-address`. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + Value string `json:"value"` +} + +// GatewayStatus defines the observed state of Gateway. +type GatewayStatus struct { + // Addresses lists the IP addresses that have actually been + // bound to the Gateway. These addresses may differ from the + // addresses in the Spec, e.g. if the Gateway automatically + // assigns an address from a reserved pool. + // + // +optional + // + // +kubebuilder:validation:MaxItems=16 + Addresses []GatewayStatusAddress `json:"addresses,omitempty"` + + // Conditions describe the current conditions of the Gateway. + // + // Implementations should prefer to express Gateway conditions + // using the `GatewayConditionType` and `GatewayConditionReason` + // constants so that operators and tools can converge on a common + // vocabulary to describe Gateway state. + // + // Known condition types are: + // + // * "Accepted" + // * "Programmed" + // * "Ready" + // + // +optional + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:default={{type: "Accepted", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"},{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}} + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // Listeners provide status for each unique listener port defined in the Spec. + // + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=64 + Listeners []ListenerStatus `json:"listeners,omitempty"` +} + +// GatewayConditionType is a type of condition associated with a +// Gateway. This type should be used with the GatewayStatus.Conditions +// field. +type GatewayConditionType string + +// GatewayConditionReason defines the set of reasons that explain why a +// particular Gateway condition type has been raised. +type GatewayConditionReason string + +const ( + // This condition indicates whether a Gateway has generated some + // configuration that is assumed to be ready soon in the underlying data + // plane. + // + // It is a positive-polarity summary condition, and so should always be + // present on the resource with ObservedGeneration set. + // + // It should be set to Unknown if the controller performs updates to the + // status before it has all the information it needs to be able to determine + // if the condition is true. + // + // Possible reasons for this condition to be True are: + // + // * "Programmed" + // + // Possible reasons for this condition to be False are: + // + // * "Invalid" + // * "Pending" + // * "NoResources" + // * "AddressNotAssigned" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + GatewayConditionProgrammed GatewayConditionType = "Programmed" + + // This reason is used with the "Programmed" condition when the condition is + // true. + GatewayReasonProgrammed GatewayConditionReason = "Programmed" + + // This reason is used with the "Programmed" and "Accepted" conditions when the Gateway is + // syntactically or semantically invalid. + GatewayReasonInvalid GatewayConditionReason = "Invalid" + + // This reason is used with the "Programmed" condition when the + // Gateway is not scheduled because insufficient infrastructure + // resources are available. + GatewayReasonNoResources GatewayConditionReason = "NoResources" + + // This reason is used with the "Programmed" condition when none of the requested + // addresses have been assigned to the Gateway. This reason can be used to + // express a range of circumstances, including (but not limited to) IPAM + // address exhaustion, address not yet allocated, or a named address not being found. + GatewayReasonAddressNotAssigned GatewayConditionReason = "AddressNotAssigned" +) + +const ( + // This condition is true when the controller managing the Gateway is + // syntactically and semantically valid enough to produce some configuration + // in the underlying data plane. This does not indicate whether or not the + // configuration has been propagated to the data plane. + // + // Possible reasons for this condition to be True are: + // + // * "Accepted" + // * "ListenersNotValid" + // + // Possible reasons for this condition to be False are: + // + // * "Invalid" + // * "NotReconciled" + // * "UnsupportedAddress" + // * "ListenersNotValid" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + GatewayConditionAccepted GatewayConditionType = "Accepted" + + // This reason is used with the "Accepted" condition when the condition is + // True. + GatewayReasonAccepted GatewayConditionReason = "Accepted" + + // This reason is used with the "Accepted" condition when one or + // more Listeners have an invalid or unsupported configuration + // and cannot be configured on the Gateway. + // This can be the reason when "Accepted" is "True" or "False", depending on whether + // the listener being invalid causes the entire Gateway to not be accepted. + GatewayReasonListenersNotValid GatewayConditionReason = "ListenersNotValid" + + // This reason is used with the "Accepted" and "Programmed" + // conditions when the status is "Unknown" and no controller has reconciled + // the Gateway. + GatewayReasonPending GatewayConditionReason = "Pending" + + // This reason is used with the "Accepted" condition when the Gateway could not be configured + // because the requested address is not supported. This reason could be used in a number of + // instances, including: + // + // * The address is already in use. + // * The type of address is not supported by the implementation. + GatewayReasonUnsupportedAddress GatewayConditionReason = "UnsupportedAddress" +) + +const ( + // Deprecated: use "Accepted" instead. + GatewayConditionScheduled GatewayConditionType = "Scheduled" + + // This reason is used with the "Scheduled" condition when the condition is + // True. + // + // Deprecated: use the "Accepted" condition with reason "Accepted" instead. + GatewayReasonScheduled GatewayConditionReason = "Scheduled" + + // Deprecated: Use "Pending" instead. + GatewayReasonNotReconciled GatewayConditionReason = "NotReconciled" +) + +const ( + // "Ready" is a condition type reserved for future use. It should not be used by implementations. + // + // If used in the future, "Ready" will represent the final state where all configuration is confirmed good + // _and has completely propagated to the data plane_. That is, it is a _guarantee_ that, as soon as something + // sees the Condition as `true`, then connections will be correctly routed _immediately_. + // + // This is a very strong guarantee, and to date no implementation has satisfied it enough to implement it. + // This reservation can be discussed in the future if necessary. + // + // Note: This condition is not really "deprecated", but rather "reserved"; however, deprecated triggers Go linters + // to alert about usage. + // Deprecated: Ready is reserved for future use + GatewayConditionReady GatewayConditionType = "Ready" + + // Deprecated: Ready is reserved for future use + GatewayReasonReady GatewayConditionReason = "Ready" + + // Deprecated: Ready is reserved for future use + GatewayReasonListenersNotReady GatewayConditionReason = "ListenersNotReady" +) + +// ListenerStatus is the status associated with a Listener. +type ListenerStatus struct { + // Name is the name of the Listener that this status corresponds to. + Name SectionName `json:"name"` + + // SupportedKinds is the list indicating the Kinds supported by this + // listener. This MUST represent the kinds an implementation supports for + // that Listener configuration. + // + // If kinds are specified in Spec that are not supported, they MUST NOT + // appear in this list and an implementation MUST set the "ResolvedRefs" + // condition to "False" with the "InvalidRouteKinds" reason. If both valid + // and invalid Route kinds are specified, the implementation MUST + // reference the valid Route kinds that have been specified. + // + // +kubebuilder:validation:MaxItems=8 + SupportedKinds []RouteGroupKind `json:"supportedKinds"` + + // AttachedRoutes represents the total number of accepted Routes that have been + // successfully attached to this Listener. + AttachedRoutes int32 `json:"attachedRoutes"` + + // Conditions describe the current condition of this listener. + // + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions"` +} + +// ListenerConditionType is a type of condition associated with the +// listener. This type should be used with the ListenerStatus.Conditions +// field. +type ListenerConditionType string + +// ListenerConditionReason defines the set of reasons that explain +// why a particular Listener condition type has been raised. +type ListenerConditionReason string + +const ( + // This condition indicates that the controller was unable to resolve + // conflicting specification requirements for this Listener. If a + // Listener is conflicted, its network port should not be configured + // on any network elements. + // + // Possible reasons for this condition to be true are: + // + // * "HostnameConflict" + // * "ProtocolConflict" + // + // Possible reasons for this condition to be False are: + // + // * "NoConflicts" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + ListenerConditionConflicted ListenerConditionType = "Conflicted" + + // This reason is used with the "Conflicted" condition when + // the Listener conflicts with hostnames in other Listeners. For + // example, this reason would be used when multiple Listeners on + // the same port use `example.com` in the hostname field. + ListenerReasonHostnameConflict ListenerConditionReason = "HostnameConflict" + + // This reason is used with the "Conflicted" condition when + // multiple Listeners are specified with the same Listener port + // number, but have conflicting protocol specifications. + ListenerReasonProtocolConflict ListenerConditionReason = "ProtocolConflict" + + // This reason is used with the "Conflicted" condition when the condition + // is False. + ListenerReasonNoConflicts ListenerConditionReason = "NoConflicts" +) + +const ( + // This condition indicates that the listener is syntactically and + // semantically valid, and that all features used in the listener's spec are + // supported. + // + // In general, a Listener will be marked as Accepted when the supplied + // configuration will generate at least some data plane configuration. + // + // For example, a Listener with an unsupported protocol will never generate + // any data plane config, and so will have Accepted set to `false.` + // Conversely, a Listener that does not have any Routes will be able to + // generate data plane config, and so will have Accepted set to `true`. + // + // Possible reasons for this condition to be True are: + // + // * "Accepted" + // + // Possible reasons for this condition to be False are: + // + // * "PortUnavailable" + // * "UnsupportedProtocol" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + ListenerConditionAccepted ListenerConditionType = "Accepted" + + // Deprecated: use "Accepted" instead. + ListenerConditionDetached ListenerConditionType = "Detached" + + // This reason is used with the "Accepted" condition when the condition is + // True. + ListenerReasonAccepted ListenerConditionReason = "Accepted" + + // This reason is used with the "Detached" condition when the condition is + // False. + // + // Deprecated: use the "Accepted" condition with reason "Accepted" instead. + ListenerReasonAttached ListenerConditionReason = "Attached" + + // This reason is used with the "Accepted" condition when the Listener + // requests a port that cannot be used on the Gateway. This reason could be + // used in a number of instances, including: + // + // * The port is already in use. + // * The port is not supported by the implementation. + ListenerReasonPortUnavailable ListenerConditionReason = "PortUnavailable" + + // This reason is used with the "Accepted" condition when the + // Listener could not be attached to be Gateway because its + // protocol type is not supported. + ListenerReasonUnsupportedProtocol ListenerConditionReason = "UnsupportedProtocol" +) + +const ( + // This condition indicates whether the controller was able to + // resolve all the object references for the Listener. + // + // Possible reasons for this condition to be true are: + // + // * "ResolvedRefs" + // + // Possible reasons for this condition to be False are: + // + // * "InvalidCertificateRef" + // * "InvalidRouteKinds" + // * "RefNotPermitted" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + ListenerConditionResolvedRefs ListenerConditionType = "ResolvedRefs" + + // This reason is used with the "ResolvedRefs" condition when the condition + // is true. + ListenerReasonResolvedRefs ListenerConditionReason = "ResolvedRefs" + + // This reason is used with the "ResolvedRefs" condition when the + // Listener has a TLS configuration with at least one TLS CertificateRef + // that is invalid or does not exist. + // A CertificateRef is considered invalid when it refers to a nonexistent + // or unsupported resource or kind, or when the data within that resource + // is malformed. + // This reason must be used only when the reference is allowed, either by + // referencing an object in the same namespace as the Gateway, or when + // a cross-namespace reference has been explicitly allowed by a ReferenceGrant. + // If the reference is not allowed, the reason RefNotPermitted must be used + // instead. + ListenerReasonInvalidCertificateRef ListenerConditionReason = "InvalidCertificateRef" + + // This reason is used with the "ResolvedRefs" condition when an invalid or + // unsupported Route kind is specified by the Listener. + ListenerReasonInvalidRouteKinds ListenerConditionReason = "InvalidRouteKinds" + + // This reason is used with the "ResolvedRefs" condition when the + // Listener has a TLS configuration that references an object in another + // namespace, where the object in the other namespace does not have a + // ReferenceGrant explicitly allowing the reference. + ListenerReasonRefNotPermitted ListenerConditionReason = "RefNotPermitted" +) + +const ( + // This condition indicates whether a Listener has generated some + // configuration that will soon be ready in the underlying data plane. + // + // It is a positive-polarity summary condition, and so should always be + // present on the resource with ObservedGeneration set. + // + // It should be set to Unknown if the controller performs updates to the + // status before it has all the information it needs to be able to determine + // if the condition is true. + // + // Possible reasons for this condition to be True are: + // + // * "Programmed" + // + // Possible reasons for this condition to be False are: + // + // * "Invalid" + // * "Pending" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + ListenerConditionProgrammed ListenerConditionType = "Programmed" + + // This reason is used with the "Programmed" condition when the condition is + // true. + ListenerReasonProgrammed ListenerConditionReason = "Programmed" + + // This reason is used with the "Ready" and "Programmed" conditions when the + // Listener is syntactically or semantically invalid. + ListenerReasonInvalid ListenerConditionReason = "Invalid" + + // This reason is used with the "Accepted", "Ready" and "Programmed" + // conditions when the Listener is either not yet reconciled or not yet not + // online and ready to accept client traffic. + ListenerReasonPending ListenerConditionReason = "Pending" +) + +const ( + // "Ready" is a condition type reserved for future use. It should not be used by implementations. + // Note: This condition is not really "deprecated", but rather "reserved"; however, deprecated triggers Go linters + // to alert about usage. + // + // If used in the future, "Ready" will represent the final state where all configuration is confirmed good + // _and has completely propagated to the data plane_. That is, it is a _guarantee_ that, as soon as something + // sees the Condition as `true`, then connections will be correctly routed _immediately_. + // + // This is a very strong guarantee, and to date no implementation has satisfied it enough to implement it. + // This reservation can be discussed in the future if necessary. + // + // Deprecated: Ready is reserved for future use + ListenerConditionReady ListenerConditionType = "Ready" + + // Deprecated: Ready is reserved for future use + ListenerReasonReady ListenerConditionReason = "Ready" +) diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gatewayclass_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gatewayclass_types.go new file mode 100644 index 000000000000..9d166700d02d --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gatewayclass_types.go @@ -0,0 +1,212 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=gateway-api,scope=Cluster,shortName=gc +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Controller",type=string,JSONPath=`.spec.controllerName` +// +kubebuilder:printcolumn:name="Accepted",type=string,JSONPath=`.status.conditions[?(@.type=="Accepted")].status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:printcolumn:name="Description",type=string,JSONPath=`.spec.description`,priority=1 + +// GatewayClass describes a class of Gateways available to the user for creating +// Gateway resources. +// +// It is recommended that this resource be used as a template for Gateways. This +// means that a Gateway is based on the state of the GatewayClass at the time it +// was created and changes to the GatewayClass or associated parameters are not +// propagated down to existing Gateways. This recommendation is intended to +// limit the blast radius of changes to GatewayClass or associated parameters. +// If implementations choose to propagate GatewayClass changes to existing +// Gateways, that MUST be clearly documented by the implementation. +// +// Whenever one or more Gateways are using a GatewayClass, implementations SHOULD +// add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the +// associated GatewayClass. This ensures that a GatewayClass associated with a +// Gateway is not deleted while in use. +// +// GatewayClass is a Cluster level resource. +type GatewayClass struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of GatewayClass. + Spec GatewayClassSpec `json:"spec"` + + // Status defines the current state of GatewayClass. + // + // Implementations MUST populate status on all GatewayClass resources which + // specify their controller name. + // + // +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", message: "Waiting for controller", reason: "Waiting", lastTransitionTime: "1970-01-01T00:00:00Z"}}} + Status GatewayClassStatus `json:"status,omitempty"` +} + +const ( + // GatewayClassFinalizerGatewaysExist should be added as a finalizer to the + // GatewayClass whenever there are provisioned Gateways using a + // GatewayClass. + GatewayClassFinalizerGatewaysExist = "gateway-exists-finalizer.gateway.networking.k8s.io" +) + +// GatewayClassSpec reflects the configuration of a class of Gateways. +type GatewayClassSpec struct { + // ControllerName is the name of the controller that is managing Gateways of + // this class. The value of this field MUST be a domain prefixed path. + // + // Example: "example.net/gateway-controller". + // + // This field is not mutable and cannot be empty. + // + // Support: Core + // + // +kubebuilder:validation:XValidation:message="Value is immutable",rule="self == oldSelf" + ControllerName GatewayController `json:"controllerName"` + + // ParametersRef is a reference to a resource that contains the configuration + // parameters corresponding to the GatewayClass. This is optional if the + // controller does not require any additional configuration. + // + // ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, + // or an implementation-specific custom resource. The resource can be + // cluster-scoped or namespace-scoped. + // + // If the referent cannot be found, the GatewayClass's "InvalidParameters" + // status condition will be true. + // + // Support: Implementation-specific + // + // +optional + ParametersRef *ParametersReference `json:"parametersRef,omitempty"` + + // Description helps describe a GatewayClass with more details. + // + // +kubebuilder:validation:MaxLength=64 + // +optional + Description *string `json:"description,omitempty"` +} + +// ParametersReference identifies an API object containing controller-specific +// configuration resource within the cluster. +type ParametersReference struct { + // Group is the group of the referent. + Group Group `json:"group"` + + // Kind is kind of the referent. + Kind Kind `json:"kind"` + + // Name is the name of the referent. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + Name string `json:"name"` + + // Namespace is the namespace of the referent. + // This field is required when referring to a Namespace-scoped resource and + // MUST be unset when referring to a Cluster-scoped resource. + // + // +optional + Namespace *Namespace `json:"namespace,omitempty"` +} + +// GatewayClassConditionType is the type for status conditions on +// Gateway resources. This type should be used with the +// GatewayClassStatus.Conditions field. +type GatewayClassConditionType string + +// GatewayClassConditionReason defines the set of reasons that explain why a +// particular GatewayClass condition type has been raised. +type GatewayClassConditionReason string + +const ( + // This condition indicates whether the GatewayClass has been accepted by + // the controller requested in the `spec.controller` field. + // + // This condition defaults to Unknown, and MUST be set by a controller when + // it sees a GatewayClass using its controller string. The status of this + // condition MUST be set to True if the controller will support provisioning + // Gateways using this class. Otherwise, this status MUST be set to False. + // If the status is set to False, the controller SHOULD set a Message and + // Reason as an explanation. + // + // Possible reasons for this condition to be true are: + // + // * "Accepted" + // + // Possible reasons for this condition to be False are: + // + // * "InvalidParameters" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers should prefer to use the values of GatewayClassConditionReason + // for the corresponding Reason, where appropriate. + GatewayClassConditionStatusAccepted GatewayClassConditionType = "Accepted" + + // This reason is used with the "Accepted" condition when the condition is + // true. + GatewayClassReasonAccepted GatewayClassConditionReason = "Accepted" + + // This reason is used with the "Accepted" condition when the + // GatewayClass was not accepted because the parametersRef field + // was invalid, with more detail in the message. + GatewayClassReasonInvalidParameters GatewayClassConditionReason = "InvalidParameters" + + // This reason is used with the "Accepted" condition when the + // requested controller has not yet made a decision about whether + // to admit the GatewayClass. It is the default Reason on a new + // GatewayClass. + GatewayClassReasonPending GatewayClassConditionReason = "Pending" + + // Deprecated: Use "Pending" instead. + GatewayClassReasonWaiting GatewayClassConditionReason = "Waiting" +) + +// GatewayClassStatus is the current status for the GatewayClass. +type GatewayClassStatus struct { + // Conditions is the current status from the controller for + // this GatewayClass. + // + // Controllers should prefer to publish conditions using values + // of GatewayClassConditionType for the type of each Condition. + // + // +optional + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:default={{type: "Accepted", status: "Unknown", message: "Waiting for controller", reason: "Pending", lastTransitionTime: "1970-01-01T00:00:00Z"}} + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +kubebuilder:object:root=true + +// GatewayClassList contains a list of GatewayClass +type GatewayClassList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []GatewayClass `json:"items"` +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/httproute_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/httproute_types.go new file mode 100644 index 000000000000..e8216ed33cb5 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/httproute_types.go @@ -0,0 +1,1115 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=gateway-api +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Hostnames",type=string,JSONPath=`.spec.hostnames` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` + +// HTTPRoute provides a way to route HTTP requests. This includes the capability +// to match requests by hostname, path, header, or query param. Filters can be +// used to specify additional processing steps. Backends specify where matching +// requests should be routed. +type HTTPRoute struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of HTTPRoute. + Spec HTTPRouteSpec `json:"spec"` + + // Status defines the current state of HTTPRoute. + Status HTTPRouteStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// HTTPRouteList contains a list of HTTPRoute. +type HTTPRouteList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []HTTPRoute `json:"items"` +} + +// HTTPRouteSpec defines the desired state of HTTPRoute +type HTTPRouteSpec struct { + CommonRouteSpec `json:",inline"` + + // Hostnames defines a set of hostnames that should match against the HTTP Host + // header to select a HTTPRoute used to process the request. Implementations + // MUST ignore any port value specified in the HTTP Host header while + // performing a match and (absent of any applicable header modification + // configuration) MUST forward this header unmodified to the backend. + // + // Valid values for Hostnames are determined by RFC 1123 definition of a + // hostname with 2 notable exceptions: + // + // 1. IPs are not allowed. + // 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard + // label must appear by itself as the first label. + // + // If a hostname is specified by both the Listener and HTTPRoute, there + // must be at least one intersecting hostname for the HTTPRoute to be + // attached to the Listener. For example: + // + // * A Listener with `test.example.com` as the hostname matches HTTPRoutes + // that have either not specified any hostnames, or have specified at + // least one of `test.example.com` or `*.example.com`. + // * A Listener with `*.example.com` as the hostname matches HTTPRoutes + // that have either not specified any hostnames or have specified at least + // one hostname that matches the Listener hostname. For example, + // `*.example.com`, `test.example.com`, and `foo.test.example.com` would + // all match. On the other hand, `example.com` and `test.example.net` would + // not match. + // + // Hostnames that are prefixed with a wildcard label (`*.`) are interpreted + // as a suffix match. That means that a match for `*.example.com` would match + // both `test.example.com`, and `foo.test.example.com`, but not `example.com`. + // + // If both the Listener and HTTPRoute have specified hostnames, any + // HTTPRoute hostnames that do not match the Listener hostname MUST be + // ignored. For example, if a Listener specified `*.example.com`, and the + // HTTPRoute specified `test.example.com` and `test.example.net`, + // `test.example.net` must not be considered for a match. + // + // If both the Listener and HTTPRoute have specified hostnames, and none + // match with the criteria above, then the HTTPRoute is not accepted. The + // implementation must raise an 'Accepted' Condition with a status of + // `False` in the corresponding RouteParentStatus. + // + // In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. + // overlapping wildcard matching and exact matching hostnames), precedence must + // be given to rules from the HTTPRoute with the largest number of: + // + // * Characters in a matching non-wildcard hostname. + // * Characters in a matching hostname. + // + // If ties exist across multiple Routes, the matching precedence rules for + // HTTPRouteMatches takes over. + // + // Support: Core + // + // +optional + // +kubebuilder:validation:MaxItems=16 + Hostnames []Hostname `json:"hostnames,omitempty"` + + // Rules are a list of HTTP matchers, filters and actions. + // + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:default={{matches: {{path: {type: "PathPrefix", value: "/"}}}}} + Rules []HTTPRouteRule `json:"rules,omitempty"` +} + +// HTTPRouteRule defines semantics for matching an HTTP request based on +// conditions (matches), processing it (filters), and forwarding the request to +// an API object (backendRefs). +// +// +kubebuilder:validation:XValidation:message="RequestRedirect filter must not be used together with backendRefs",rule="(has(self.backendRefs) && size(self.backendRefs) > 0) ? (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): true" +// +kubebuilder:validation:XValidation:message="When using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified",rule="(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" +// +kubebuilder:validation:XValidation:message="When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified",rule="(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" +// +kubebuilder:validation:XValidation:message="Within backendRefs, when using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified",rule="(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" +// +kubebuilder:validation:XValidation:message="Within backendRefs, When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified",rule="(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" +type HTTPRouteRule struct { + // Matches define conditions used for matching the rule against incoming + // HTTP requests. Each match is independent, i.e. this rule will be matched + // if **any** one of the matches is satisfied. + // + // For example, take the following matches configuration: + // + // ``` + // matches: + // - path: + // value: "/foo" + // headers: + // - name: "version" + // value: "v2" + // - path: + // value: "/v2/foo" + // ``` + // + // For a request to match against this rule, a request must satisfy + // EITHER of the two conditions: + // + // - path prefixed with `/foo` AND contains the header `version: v2` + // - path prefix of `/v2/foo` + // + // See the documentation for HTTPRouteMatch on how to specify multiple + // match conditions that should be ANDed together. + // + // If no matches are specified, the default is a prefix + // path match on "/", which has the effect of matching every + // HTTP request. + // + // Proxy or Load Balancer routing configuration generated from HTTPRoutes + // MUST prioritize matches based on the following criteria, continuing on + // ties. Across all rules specified on applicable Routes, precedence must be + // given to the match having: + // + // * "Exact" path match. + // * "Prefix" path match with largest number of characters. + // * Method match. + // * Largest number of header matches. + // * Largest number of query param matches. + // + // Note: The precedence of RegularExpression path matches are implementation-specific. + // + // If ties still exist across multiple Routes, matching precedence MUST be + // determined in order of the following criteria, continuing on ties: + // + // * The oldest Route based on creation timestamp. + // * The Route appearing first in alphabetical order by + // "{namespace}/{name}". + // + // If ties still exist within an HTTPRoute, matching precedence MUST be granted + // to the FIRST matching rule (in list order) with a match meeting the above + // criteria. + // + // When no rules matching a request have been successfully attached to the + // parent a request is coming from, a HTTP 404 status code MUST be returned. + // + // +optional + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:default={{path:{ type: "PathPrefix", value: "/"}}} + Matches []HTTPRouteMatch `json:"matches,omitempty"` + + // Filters define the filters that are applied to requests that match + // this rule. + // + // The effects of ordering of multiple behaviors are currently unspecified. + // This can change in the future based on feedback during the alpha stage. + // + // Conformance-levels at this level are defined based on the type of filter: + // + // - ALL core filters MUST be supported by all implementations. + // - Implementers are encouraged to support extended filters. + // - Implementation-specific custom filters have no API guarantees across + // implementations. + // + // Specifying the same filter multiple times is not supported unless explicitly + // indicated in the filter. + // + // All filters are expected to be compatible with each other except for the + // URLRewrite and RequestRedirect filters, which may not be combined. If an + // implementation can not support other combinations of filters, they must clearly + // document that limitation. In cases where incompatible or unsupported + // filters are specified and cause the `Accepted` condition to be set to status + // `False`, implementations may use the `IncompatibleFilters` reason to specify + // this configuration error. + // + // Support: Core + // + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:message="May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both",rule="!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + // +kubebuilder:validation:XValidation:message="RequestHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="ResponseHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="RequestRedirect filter cannot be repeated",rule="self.filter(f, f.type == 'RequestRedirect').size() <= 1" + // +kubebuilder:validation:XValidation:message="URLRewrite filter cannot be repeated",rule="self.filter(f, f.type == 'URLRewrite').size() <= 1" + Filters []HTTPRouteFilter `json:"filters,omitempty"` + + // BackendRefs defines the backend(s) where matching requests should be + // sent. + // + // Failure behavior here depends on how many BackendRefs are specified and + // how many are invalid. + // + // If *all* entries in BackendRefs are invalid, and there are also no filters + // specified in this route rule, *all* traffic which matches this rule MUST + // receive a 500 status code. + // + // See the HTTPBackendRef definition for the rules about what makes a single + // HTTPBackendRef invalid. + // + // When a HTTPBackendRef is invalid, 500 status codes MUST be returned for + // requests that would have otherwise been routed to an invalid backend. If + // multiple backends are specified, and some are invalid, the proportion of + // requests that would otherwise have been routed to an invalid backend + // MUST receive a 500 status code. + // + // For example, if two backends are specified with equal weights, and one is + // invalid, 50 percent of traffic must receive a 500. Implementations may + // choose how that 50 percent is determined. + // + // Support: Core for Kubernetes Service + // + // Support: Extended for Kubernetes ServiceImport + // + // Support: Implementation-specific for any other resource + // + // Support for weight: Core + // + // +optional + // +kubebuilder:validation:MaxItems=16 + BackendRefs []HTTPBackendRef `json:"backendRefs,omitempty"` +} + +// PathMatchType specifies the semantics of how HTTP paths should be compared. +// Valid PathMatchType values, along with their support levels, are: +// +// * "Exact" - Core +// * "PathPrefix" - Core +// * "RegularExpression" - Implementation Specific +// +// PathPrefix and Exact paths must be syntactically valid: +// +// - Must begin with the `/` character +// - Must not contain consecutive `/` characters (e.g. `/foo///`, `//`). +// +// Note that values may be added to this enum, implementations +// must ensure that unknown values will not cause a crash. +// +// Unknown values here must result in the implementation setting the +// Accepted Condition for the Route to `status: False`, with a +// Reason of `UnsupportedValue`. +// +// +kubebuilder:validation:Enum=Exact;PathPrefix;RegularExpression +type PathMatchType string + +const ( + // Matches the URL path exactly and with case sensitivity. This means that + // an exact path match on `/abc` will only match requests to `/abc`, NOT + // `/abc/`, `/Abc`, or `/abcd`. + PathMatchExact PathMatchType = "Exact" + + // Matches based on a URL path prefix split by `/`. Matching is + // case sensitive and done on a path element by element basis. A + // path element refers to the list of labels in the path split by + // the `/` separator. When specified, a trailing `/` is ignored. + // + // For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match + // the prefix `/abc`, but the path `/abcd` would not. + // + // "PathPrefix" is semantically equivalent to the "Prefix" path type in the + // Kubernetes Ingress API. + PathMatchPathPrefix PathMatchType = "PathPrefix" + + // Matches if the URL path matches the given regular expression with + // case sensitivity. + // + // Since `"RegularExpression"` has implementation-specific conformance, + // implementations can support POSIX, PCRE, RE2 or any other regular expression + // dialect. + // Please read the implementation's documentation to determine the supported + // dialect. + PathMatchRegularExpression PathMatchType = "RegularExpression" +) + +// HTTPPathMatch describes how to select a HTTP route by matching the HTTP request path. +// +// +kubebuilder:validation:XValidation:message="value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" +// +kubebuilder:validation:XValidation:message="must not contain '//' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" +// +kubebuilder:validation:XValidation:message="must not contain '/./' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" +// +kubebuilder:validation:XValidation:message="must not contain '/../' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" +// +kubebuilder:validation:XValidation:message="must not contain '%2f' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" +// +kubebuilder:validation:XValidation:message="must not contain '%2F' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" +// +kubebuilder:validation:XValidation:message="must not contain '#' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" +// +kubebuilder:validation:XValidation:message="must not end with '/..' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" +// +kubebuilder:validation:XValidation:message="must not end with '/.' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" +// +kubebuilder:validation:XValidation:message="type must be one of ['Exact', 'PathPrefix', 'RegularExpression']",rule="self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" +// +kubebuilder:validation:XValidation:message="must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" +type HTTPPathMatch struct { + // Type specifies how to match against the path Value. + // + // Support: Core (Exact, PathPrefix) + // + // Support: Implementation-specific (RegularExpression) + // + // +optional + // +kubebuilder:default=PathPrefix + Type *PathMatchType `json:"type,omitempty"` + + // Value of the HTTP path to match against. + // + // +optional + // +kubebuilder:default="/" + // +kubebuilder:validation:MaxLength=1024 + Value *string `json:"value,omitempty"` +} + +// HeaderMatchType specifies the semantics of how HTTP header values should be +// compared. Valid HeaderMatchType values, along with their conformance levels, are: +// +// * "Exact" - Core +// * "RegularExpression" - Implementation Specific +// +// Note that values may be added to this enum, implementations +// must ensure that unknown values will not cause a crash. +// +// Unknown values here must result in the implementation setting the +// Accepted Condition for the Route to `status: False`, with a +// Reason of `UnsupportedValue`. +// +// +kubebuilder:validation:Enum=Exact;RegularExpression +type HeaderMatchType string + +// HeaderMatchType constants. +const ( + HeaderMatchExact HeaderMatchType = "Exact" + HeaderMatchRegularExpression HeaderMatchType = "RegularExpression" +) + +// HTTPHeaderName is the name of an HTTP header. +// +// Valid values include: +// +// * "Authorization" +// * "Set-Cookie" +// +// Invalid values include: +// +// - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo +// headers are not currently supported by this type. +// - "/invalid" - "/ " is an invalid character +type HTTPHeaderName HeaderName + +// HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request +// headers. +type HTTPHeaderMatch struct { + // Type specifies how to match against the value of the header. + // + // Support: Core (Exact) + // + // Support: Implementation-specific (RegularExpression) + // + // Since RegularExpression HeaderMatchType has implementation-specific + // conformance, implementations can support POSIX, PCRE or any other dialects + // of regular expressions. Please read the implementation's documentation to + // determine the supported dialect. + // + // +optional + // +kubebuilder:default=Exact + Type *HeaderMatchType `json:"type,omitempty"` + + // Name is the name of the HTTP Header to be matched. Name matching MUST be + // case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + // + // If multiple entries specify equivalent header names, only the first + // entry with an equivalent name MUST be considered for a match. Subsequent + // entries with an equivalent header name MUST be ignored. Due to the + // case-insensitivity of header names, "foo" and "Foo" are considered + // equivalent. + // + // When a header is repeated in an HTTP request, it is + // implementation-specific behavior as to how this is represented. + // Generally, proxies should follow the guidance from the RFC: + // https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding + // processing a repeated header, with special handling for "Set-Cookie". + Name HTTPHeaderName `json:"name"` + + // Value is the value of HTTP Header to be matched. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=4096 + Value string `json:"value"` +} + +// QueryParamMatchType specifies the semantics of how HTTP query parameter +// values should be compared. Valid QueryParamMatchType values, along with their +// conformance levels, are: +// +// * "Exact" - Core +// * "RegularExpression" - Implementation Specific +// +// Note that values may be added to this enum, implementations +// must ensure that unknown values will not cause a crash. +// +// Unknown values here must result in the implementation setting the +// Accepted Condition for the Route to `status: False`, with a +// Reason of `UnsupportedValue`. +// +// +kubebuilder:validation:Enum=Exact;RegularExpression +type QueryParamMatchType string + +// QueryParamMatchType constants. +const ( + QueryParamMatchExact QueryParamMatchType = "Exact" + QueryParamMatchRegularExpression QueryParamMatchType = "RegularExpression" +) + +// HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP +// query parameters. +type HTTPQueryParamMatch struct { + // Type specifies how to match against the value of the query parameter. + // + // Support: Extended (Exact) + // + // Support: Implementation-specific (RegularExpression) + // + // Since RegularExpression QueryParamMatchType has Implementation-specific + // conformance, implementations can support POSIX, PCRE or any other + // dialects of regular expressions. Please read the implementation's + // documentation to determine the supported dialect. + // + // +optional + // +kubebuilder:default=Exact + Type *QueryParamMatchType `json:"type,omitempty"` + + // Name is the name of the HTTP query param to be matched. This must be an + // exact string match. (See + // https://tools.ietf.org/html/rfc7230#section-2.7.3). + // + // If multiple entries specify equivalent query param names, only the first + // entry with an equivalent name MUST be considered for a match. Subsequent + // entries with an equivalent query param name MUST be ignored. + // + // If a query param is repeated in an HTTP request, the behavior is + // purposely left undefined, since different data planes have different + // capabilities. However, it is *recommended* that implementations should + // match against the first value of the param if the data plane supports it, + // as this behavior is expected in other load balancing contexts outside of + // the Gateway API. + // + // Users SHOULD NOT route traffic based on repeated query params to guard + // themselves against potential differences in the implementations. + Name HTTPHeaderName `json:"name"` + + // Value is the value of HTTP query param to be matched. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Value string `json:"value"` +} + +// HTTPMethod describes how to select a HTTP route by matching the HTTP +// method as defined by +// [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-4) and +// [RFC 5789](https://datatracker.ietf.org/doc/html/rfc5789#section-2). +// The value is expected in upper case. +// +// Note that values may be added to this enum, implementations +// must ensure that unknown values will not cause a crash. +// +// Unknown values here must result in the implementation setting the +// Accepted Condition for the Route to `status: False`, with a +// Reason of `UnsupportedValue`. +// +// +kubebuilder:validation:Enum=GET;HEAD;POST;PUT;DELETE;CONNECT;OPTIONS;TRACE;PATCH +type HTTPMethod string + +const ( + HTTPMethodGet HTTPMethod = "GET" + HTTPMethodHead HTTPMethod = "HEAD" + HTTPMethodPost HTTPMethod = "POST" + HTTPMethodPut HTTPMethod = "PUT" + HTTPMethodDelete HTTPMethod = "DELETE" + HTTPMethodConnect HTTPMethod = "CONNECT" + HTTPMethodOptions HTTPMethod = "OPTIONS" + HTTPMethodTrace HTTPMethod = "TRACE" + HTTPMethodPatch HTTPMethod = "PATCH" +) + +// HTTPRouteMatch defines the predicate used to match requests to a given +// action. Multiple match types are ANDed together, i.e. the match will +// evaluate to true only if all conditions are satisfied. +// +// For example, the match below will match a HTTP request only if its path +// starts with `/foo` AND it contains the `version: v1` header: +// +// ``` +// match: +// +// path: +// value: "/foo" +// headers: +// - name: "version" +// value "v1" +// +// ``` +type HTTPRouteMatch struct { + // Path specifies a HTTP request path matcher. If this field is not + // specified, a default prefix match on the "/" path is provided. + // + // +optional + // +kubebuilder:default={type: "PathPrefix", value: "/"} + Path *HTTPPathMatch `json:"path,omitempty"` + + // Headers specifies HTTP request header matchers. Multiple match values are + // ANDed together, meaning, a request must match all the specified headers + // to select the route. + // + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=16 + Headers []HTTPHeaderMatch `json:"headers,omitempty"` + + // QueryParams specifies HTTP query parameter matchers. Multiple match + // values are ANDed together, meaning, a request must match all the + // specified query parameters to select the route. + // + // Support: Extended + // + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=16 + QueryParams []HTTPQueryParamMatch `json:"queryParams,omitempty"` + + // Method specifies HTTP method matcher. + // When specified, this route will be matched only if the request has the + // specified method. + // + // Support: Extended + // + // +optional + Method *HTTPMethod `json:"method,omitempty"` +} + +// HTTPRouteFilter defines processing steps that must be completed during the +// request or response lifecycle. HTTPRouteFilters are meant as an extension +// point to express processing that may be done in Gateway implementations. Some +// examples include request or response modification, implementing +// authentication strategies, rate-limiting, and traffic shaping. API +// guarantee/conformance is defined based on the type of the filter. +// +// +kubebuilder:validation:XValidation:message="filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier",rule="!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" +// +kubebuilder:validation:XValidation:message="filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type",rule="!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" +// +kubebuilder:validation:XValidation:message="filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier",rule="!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" +// +kubebuilder:validation:XValidation:message="filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type",rule="!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" +// +kubebuilder:validation:XValidation:message="filter.requestMirror must be nil if the filter.type is not RequestMirror",rule="!(has(self.requestMirror) && self.type != 'RequestMirror')" +// +kubebuilder:validation:XValidation:message="filter.requestMirror must be specified for RequestMirror filter.type",rule="!(!has(self.requestMirror) && self.type == 'RequestMirror')" +// +kubebuilder:validation:XValidation:message="filter.requestRedirect must be nil if the filter.type is not RequestRedirect",rule="!(has(self.requestRedirect) && self.type != 'RequestRedirect')" +// +kubebuilder:validation:XValidation:message="filter.requestRedirect must be specified for RequestRedirect filter.type",rule="!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" +// +kubebuilder:validation:XValidation:message="filter.urlRewrite must be nil if the filter.type is not URLRewrite",rule="!(has(self.urlRewrite) && self.type != 'URLRewrite')" +// +kubebuilder:validation:XValidation:message="filter.urlRewrite must be specified for URLRewrite filter.type",rule="!(!has(self.urlRewrite) && self.type == 'URLRewrite')" +// +kubebuilder:validation:XValidation:message="filter.extensionRef must be nil if the filter.type is not ExtensionRef",rule="!(has(self.extensionRef) && self.type != 'ExtensionRef')" +// +kubebuilder:validation:XValidation:message="filter.extensionRef must be specified for ExtensionRef filter.type",rule="!(!has(self.extensionRef) && self.type == 'ExtensionRef')" +type HTTPRouteFilter struct { + // Type identifies the type of filter to apply. As with other API fields, + // types are classified into three conformance levels: + // + // - Core: Filter types and their corresponding configuration defined by + // "Support: Core" in this package, e.g. "RequestHeaderModifier". All + // implementations must support core filters. + // + // - Extended: Filter types and their corresponding configuration defined by + // "Support: Extended" in this package, e.g. "RequestMirror". Implementers + // are encouraged to support extended filters. + // + // - Implementation-specific: Filters that are defined and supported by + // specific vendors. + // In the future, filters showing convergence in behavior across multiple + // implementations will be considered for inclusion in extended or core + // conformance levels. Filter-specific configuration for such filters + // is specified using the ExtensionRef field. `Type` should be set to + // "ExtensionRef" for custom filters. + // + // Implementers are encouraged to define custom implementation types to + // extend the core API with implementation-specific behavior. + // + // If a reference to a custom filter type cannot be resolved, the filter + // MUST NOT be skipped. Instead, requests that would have been processed by + // that filter MUST receive a HTTP error response. + // + // Note that values may be added to this enum, implementations + // must ensure that unknown values will not cause a crash. + // + // Unknown values here must result in the implementation setting the + // Accepted Condition for the Route to `status: False`, with a + // Reason of `UnsupportedValue`. + // + // +unionDiscriminator + // +kubebuilder:validation:Enum=RequestHeaderModifier;ResponseHeaderModifier;RequestMirror;RequestRedirect;URLRewrite;ExtensionRef + Type HTTPRouteFilterType `json:"type"` + + // RequestHeaderModifier defines a schema for a filter that modifies request + // headers. + // + // Support: Core + // + // +optional + RequestHeaderModifier *HTTPHeaderFilter `json:"requestHeaderModifier,omitempty"` + + // ResponseHeaderModifier defines a schema for a filter that modifies response + // headers. + // + // Support: Extended + // + // +optional + ResponseHeaderModifier *HTTPHeaderFilter `json:"responseHeaderModifier,omitempty"` + + // RequestMirror defines a schema for a filter that mirrors requests. + // Requests are sent to the specified destination, but responses from + // that destination are ignored. + // + // This filter can be used multiple times within the same rule. Note that + // not all implementations will be able to support mirroring to multiple + // backends. + // + // Support: Extended + // + // +optional + RequestMirror *HTTPRequestMirrorFilter `json:"requestMirror,omitempty"` + + // RequestRedirect defines a schema for a filter that responds to the + // request with an HTTP redirection. + // + // Support: Core + // + // +optional + RequestRedirect *HTTPRequestRedirectFilter `json:"requestRedirect,omitempty"` + + // URLRewrite defines a schema for a filter that modifies a request during forwarding. + // + // Support: Extended + // + // +optional + URLRewrite *HTTPURLRewriteFilter `json:"urlRewrite,omitempty"` + + // ExtensionRef is an optional, implementation-specific extension to the + // "filter" behavior. For example, resource "myroutefilter" in group + // "networking.example.net"). ExtensionRef MUST NOT be used for core and + // extended filters. + // + // This filter can be used multiple times within the same rule. + // + // Support: Implementation-specific + // + // +optional + ExtensionRef *LocalObjectReference `json:"extensionRef,omitempty"` +} + +// HTTPRouteFilterType identifies a type of HTTPRoute filter. +type HTTPRouteFilterType string + +const ( + // HTTPRouteFilterRequestHeaderModifier can be used to add or remove an HTTP + // header from an HTTP request before it is sent to the upstream target. + // + // Support in HTTPRouteRule: Core + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterRequestHeaderModifier HTTPRouteFilterType = "RequestHeaderModifier" + + // HTTPRouteFilterResponseHeaderModifier can be used to add or remove an HTTP + // header from an HTTP response before it is sent to the client. + // + // Support in HTTPRouteRule: Extended + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterResponseHeaderModifier HTTPRouteFilterType = "ResponseHeaderModifier" + + // HTTPRouteFilterRequestRedirect can be used to redirect a request to + // another location. This filter can also be used for HTTP to HTTPS + // redirects. This may not be used on the same Route rule or BackendRef as a + // URLRewrite filter. + // + // Support in HTTPRouteRule: Core + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterRequestRedirect HTTPRouteFilterType = "RequestRedirect" + + // HTTPRouteFilterURLRewrite can be used to modify a request during + // forwarding. At most one of these filters may be used on a Route rule. + // This may not be used on the same Route rule or BackendRef as a + // RequestRedirect filter. + // + // Support in HTTPRouteRule: Extended + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterURLRewrite HTTPRouteFilterType = "URLRewrite" + + // HTTPRouteFilterRequestMirror can be used to mirror HTTP requests to a + // different backend. The responses from this backend MUST be ignored by + // the Gateway. + // + // Support in HTTPRouteRule: Extended + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterRequestMirror HTTPRouteFilterType = "RequestMirror" + + // HTTPRouteFilterExtensionRef should be used for configuring custom + // HTTP filters. + // + // Support in HTTPRouteRule: Implementation-specific + // + // Support in HTTPBackendRef: Implementation-specific + HTTPRouteFilterExtensionRef HTTPRouteFilterType = "ExtensionRef" +) + +// HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. +type HTTPHeader struct { + // Name is the name of the HTTP Header to be matched. Name matching MUST be + // case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + // + // If multiple entries specify equivalent header names, the first entry with + // an equivalent name MUST be considered for a match. Subsequent entries + // with an equivalent header name MUST be ignored. Due to the + // case-insensitivity of header names, "foo" and "Foo" are considered + // equivalent. + Name HTTPHeaderName `json:"name"` + + // Value is the value of HTTP Header to be matched. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=4096 + Value string `json:"value"` +} + +// HTTPHeaderFilter defines a filter that modifies the headers of an HTTP +// request or response. Only one action for a given header name is permitted. +// Filters specifying multiple actions of the same or different type for any one +// header name are invalid and will be rejected by the webhook if installed. +// Configuration to set or add multiple values for a header must use RFC 7230 +// header value formatting, separating each value with a comma. +type HTTPHeaderFilter struct { + // Set overwrites the request with the given header (name, value) + // before the action. + // + // Input: + // GET /foo HTTP/1.1 + // my-header: foo + // + // Config: + // set: + // - name: "my-header" + // value: "bar" + // + // Output: + // GET /foo HTTP/1.1 + // my-header: bar + // + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=16 + Set []HTTPHeader `json:"set,omitempty"` + + // Add adds the given header(s) (name, value) to the request + // before the action. It appends to any existing values associated + // with the header name. + // + // Input: + // GET /foo HTTP/1.1 + // my-header: foo + // + // Config: + // add: + // - name: "my-header" + // value: "bar,baz" + // + // Output: + // GET /foo HTTP/1.1 + // my-header: foo,bar,baz + // + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=16 + Add []HTTPHeader `json:"add,omitempty"` + + // Remove the given header(s) from the HTTP request before the action. The + // value of Remove is a list of HTTP header names. Note that the header + // names are case-insensitive (see + // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + // + // Input: + // GET /foo HTTP/1.1 + // my-header1: foo + // my-header2: bar + // my-header3: baz + // + // Config: + // remove: ["my-header1", "my-header3"] + // + // Output: + // GET /foo HTTP/1.1 + // my-header2: bar + // + // +optional + // +listType=set + // +kubebuilder:validation:MaxItems=16 + Remove []string `json:"remove,omitempty"` +} + +// HTTPPathModifierType defines the type of path redirect or rewrite. +type HTTPPathModifierType string + +const ( + // This type of modifier indicates that the full path will be replaced + // by the specified value. + FullPathHTTPPathModifier HTTPPathModifierType = "ReplaceFullPath" + + // This type of modifier indicates that any prefix path matches will be + // replaced by the substitution value. For example, a path with a prefix + // match of "/foo" and a ReplacePrefixMatch substitution of "/bar" will have + // the "/foo" prefix replaced with "/bar" in matching requests. + // + // Note that this matches the behavior of the PathPrefix match type. This + // matches full path elements. A path element refers to the list of labels + // in the path split by the `/` separator. When specified, a trailing `/` is + // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + // match the prefix `/abc`, but the path `/abcd` would not. + PrefixMatchHTTPPathModifier HTTPPathModifierType = "ReplacePrefixMatch" +) + +// HTTPPathModifier defines configuration for path modifiers. +// +// +kubebuilder:validation:XValidation:message="replaceFullPath must be specified when type is set to 'ReplaceFullPath'",rule="self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" +// +kubebuilder:validation:XValidation:message="type must be 'ReplaceFullPath' when replaceFullPath is set",rule="has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" +// +kubebuilder:validation:XValidation:message="replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'",rule="self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" +// +kubebuilder:validation:XValidation:message="type must be 'ReplacePrefixMatch' when replacePrefixMatch is set",rule="has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" +type HTTPPathModifier struct { + // Type defines the type of path modifier. Additional types may be + // added in a future release of the API. + // + // Note that values may be added to this enum, implementations + // must ensure that unknown values will not cause a crash. + // + // Unknown values here must result in the implementation setting the + // Accepted Condition for the Route to `status: False`, with a + // Reason of `UnsupportedValue`. + // + // +kubebuilder:validation:Enum=ReplaceFullPath;ReplacePrefixMatch + Type HTTPPathModifierType `json:"type"` + + // ReplaceFullPath specifies the value with which to replace the full path + // of a request during a rewrite or redirect. + // + // +kubebuilder:validation:MaxLength=1024 + // +optional + ReplaceFullPath *string `json:"replaceFullPath,omitempty"` + + // ReplacePrefixMatch specifies the value with which to replace the prefix + // match of a request during a rewrite or redirect. For example, a request + // to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + // of "/xyz" would be modified to "/xyz/bar". + // + // Note that this matches the behavior of the PathPrefix match type. This + // matches full path elements. A path element refers to the list of labels + // in the path split by the `/` separator. When specified, a trailing `/` is + // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + // match the prefix `/abc`, but the path `/abcd` would not. + // + // ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + // Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + // the implementation setting the Accepted Condition for the Route to `status: False`. + // + // Request Path | Prefix Match | Replace Prefix | Modified Path + // -------------|--------------|----------------|---------- + // /foo/bar | /foo | /xyz | /xyz/bar + // /foo/bar | /foo | /xyz/ | /xyz/bar + // /foo/bar | /foo/ | /xyz | /xyz/bar + // /foo/bar | /foo/ | /xyz/ | /xyz/bar + // /foo | /foo | /xyz | /xyz + // /foo/ | /foo | /xyz | /xyz/ + // /foo/bar | /foo | | /bar + // /foo/ | /foo | | / + // /foo | /foo | | / + // /foo/ | /foo | / | / + // /foo | /foo | / | / + // + // +kubebuilder:validation:MaxLength=1024 + // +optional + ReplacePrefixMatch *string `json:"replacePrefixMatch,omitempty"` +} + +// HTTPRequestRedirect defines a filter that redirects a request. This filter +// MUST NOT be used on the same Route rule as a HTTPURLRewrite filter. +type HTTPRequestRedirectFilter struct { + // Scheme is the scheme to be used in the value of the `Location` header in + // the response. When empty, the scheme of the request is used. + // + // Scheme redirects can affect the port of the redirect, for more information, + // refer to the documentation for the port field of this filter. + // + // Note that values may be added to this enum, implementations + // must ensure that unknown values will not cause a crash. + // + // Unknown values here must result in the implementation setting the + // Accepted Condition for the Route to `status: False`, with a + // Reason of `UnsupportedValue`. + // + // Support: Extended + // + // +optional + // +kubebuilder:validation:Enum=http;https + Scheme *string `json:"scheme,omitempty"` + + // Hostname is the hostname to be used in the value of the `Location` + // header in the response. + // When empty, the hostname in the `Host` header of the request is used. + // + // Support: Core + // + // +optional + Hostname *PreciseHostname `json:"hostname,omitempty"` + + // Path defines parameters used to modify the path of the incoming request. + // The modified path is then used to construct the `Location` header. When + // empty, the request path is used as-is. + // + // Support: Extended + // + // +optional + Path *HTTPPathModifier `json:"path,omitempty"` + + // Port is the port to be used in the value of the `Location` + // header in the response. + // + // If no port is specified, the redirect port MUST be derived using the + // following rules: + // + // * If redirect scheme is not-empty, the redirect port MUST be the well-known + // port associated with the redirect scheme. Specifically "http" to port 80 + // and "https" to port 443. If the redirect scheme does not have a + // well-known port, the listener port of the Gateway SHOULD be used. + // * If redirect scheme is empty, the redirect port MUST be the Gateway + // Listener port. + // + // Implementations SHOULD NOT add the port number in the 'Location' + // header in the following cases: + // + // * A Location header that will use HTTP (whether that is determined via + // the Listener protocol or the Scheme field) _and_ use port 80. + // * A Location header that will use HTTPS (whether that is determined via + // the Listener protocol or the Scheme field) _and_ use port 443. + // + // Support: Extended + // + // +optional + Port *PortNumber `json:"port,omitempty"` + + // StatusCode is the HTTP status code to be used in response. + // + // Note that values may be added to this enum, implementations + // must ensure that unknown values will not cause a crash. + // + // Unknown values here must result in the implementation setting the + // Accepted Condition for the Route to `status: False`, with a + // Reason of `UnsupportedValue`. + // + // Support: Core + // + // +optional + // +kubebuilder:default=302 + // +kubebuilder:validation:Enum=301;302 + StatusCode *int `json:"statusCode,omitempty"` +} + +// HTTPURLRewriteFilter defines a filter that modifies a request during +// forwarding. At most one of these filters may be used on a Route rule. This +// MUST NOT be used on the same Route rule as a HTTPRequestRedirect filter. +// +// Support: Extended +type HTTPURLRewriteFilter struct { + // Hostname is the value to be used to replace the Host header value during + // forwarding. + // + // Support: Extended + // + // +optional + Hostname *PreciseHostname `json:"hostname,omitempty"` + + // Path defines a path rewrite. + // + // Support: Extended + // + // +optional + Path *HTTPPathModifier `json:"path,omitempty"` +} + +// HTTPRequestMirrorFilter defines configuration for the RequestMirror filter. +type HTTPRequestMirrorFilter struct { + // BackendRef references a resource where mirrored requests are sent. + // + // Mirrored requests must be sent only to a single destination endpoint + // within this BackendRef, irrespective of how many endpoints are present + // within this BackendRef. + // + // If the referent cannot be found, this BackendRef is invalid and must be + // dropped from the Gateway. The controller must ensure the "ResolvedRefs" + // condition on the Route status is set to `status: False` and not configure + // this backend in the underlying implementation. + // + // If there is a cross-namespace reference to an *existing* object + // that is not allowed by a ReferenceGrant, the controller must ensure the + // "ResolvedRefs" condition on the Route is set to `status: False`, + // with the "RefNotPermitted" reason and not configure this backend in the + // underlying implementation. + // + // In either error case, the Message of the `ResolvedRefs` Condition + // should be used to provide more detail about the problem. + // + // Support: Extended for Kubernetes Service + // + // Support: Implementation-specific for any other resource + BackendRef BackendObjectReference `json:"backendRef"` +} + +// HTTPBackendRef defines how a HTTPRoute should forward an HTTP request. +type HTTPBackendRef struct { + // BackendRef is a reference to a backend to forward matched requests to. + // + // A BackendRef can be invalid for the following reasons. In all cases, the + // implementation MUST ensure the `ResolvedRefs` Condition on the Route + // is set to `status: False`, with a Reason and Message that indicate + // what is the cause of the error. + // + // A BackendRef is invalid if: + // + // * It refers to an unknown or unsupported kind of resource. In this + // case, the Reason must be set to `InvalidKind` and Message of the + // Condition must explain which kind of resource is unknown or unsupported. + // + // * It refers to a resource that does not exist. In this case, the Reason must + // be set to `BackendNotFound` and the Message of the Condition must explain + // which resource does not exist. + // + // * It refers a resource in another namespace when the reference has not been + // explicitly allowed by a ReferenceGrant (or equivalent concept). In this + // case, the Reason must be set to `RefNotPermitted` and the Message of the + // Condition must explain which cross-namespace reference is not allowed. + // + // Support: Core for Kubernetes Service + // + // Support: Implementation-specific for any other resource + // + // Support for weight: Core + // + // +optional + BackendRef `json:",inline"` + + // Filters defined at this level should be executed if and only if the + // request is being forwarded to the backend defined here. + // + // Support: Implementation-specific (For broader support of filters, use the + // Filters field in HTTPRouteRule.) + // + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:message="May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both",rule="!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + // +kubebuilder:validation:XValidation:message="May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both",rule="!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + // +kubebuilder:validation:XValidation:message="RequestHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="ResponseHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="RequestRedirect filter cannot be repeated",rule="self.filter(f, f.type == 'RequestRedirect').size() <= 1" + // +kubebuilder:validation:XValidation:message="URLRewrite filter cannot be repeated",rule="self.filter(f, f.type == 'URLRewrite').size() <= 1" + Filters []HTTPRouteFilter `json:"filters,omitempty"` +} + +// HTTPRouteStatus defines the observed state of HTTPRoute. +type HTTPRouteStatus struct { + RouteStatus `json:",inline"` +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/object_reference_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/object_reference_types.go new file mode 100644 index 000000000000..4ef1c37891a9 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/object_reference_types.go @@ -0,0 +1,147 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +// LocalObjectReference identifies an API object within the namespace of the +// referrer. +// The API object must be valid in the cluster; the Group and Kind must +// be registered in the cluster for this reference to be valid. +// +// References to objects with invalid Group and Kind are not valid, and must +// be rejected by the implementation, with appropriate Conditions set +// on the containing object. +type LocalObjectReference struct { + // Group is the group of the referent. For example, "gateway.networking.k8s.io". + // When unspecified or empty string, core API group is inferred. + Group Group `json:"group"` + + // Kind is kind of the referent. For example "HTTPRoute" or "Service". + Kind Kind `json:"kind"` + + // Name is the name of the referent. + Name ObjectName `json:"name"` +} + +// SecretObjectReference identifies an API object including its namespace, +// defaulting to Secret. +// +// The API object must be valid in the cluster; the Group and Kind must +// be registered in the cluster for this reference to be valid. +// +// References to objects with invalid Group and Kind are not valid, and must +// be rejected by the implementation, with appropriate Conditions set +// on the containing object. +type SecretObjectReference struct { + // Group is the group of the referent. For example, "gateway.networking.k8s.io". + // When unspecified or empty string, core API group is inferred. + // + // +optional + // +kubebuilder:default="" + Group *Group `json:"group"` + + // Kind is kind of the referent. For example "Secret". + // + // +optional + // +kubebuilder:default=Secret + Kind *Kind `json:"kind"` + + // Name is the name of the referent. + Name ObjectName `json:"name"` + + // Namespace is the namespace of the backend. When unspecified, the local + // namespace is inferred. + // + // Note that when a namespace different than the local namespace is specified, + // a ReferenceGrant object is required in the referent namespace to allow that + // namespace's owner to accept the reference. See the ReferenceGrant + // documentation for details. + // + // Support: Core + // + // +optional + Namespace *Namespace `json:"namespace,omitempty"` +} + +// BackendObjectReference defines how an ObjectReference that is +// specific to BackendRef. It includes a few additional fields and features +// than a regular ObjectReference. +// +// Note that when a namespace different than the local namespace is specified, a +// ReferenceGrant object is required in the referent namespace to allow that +// namespace's owner to accept the reference. See the ReferenceGrant +// documentation for details. +// +// The API object must be valid in the cluster; the Group and Kind must +// be registered in the cluster for this reference to be valid. +// +// References to objects with invalid Group and Kind are not valid, and must +// be rejected by the implementation, with appropriate Conditions set +// on the containing object. +// +// +kubebuilder:validation:XValidation:message="Must have port for Service reference",rule="(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" +type BackendObjectReference struct { + // Group is the group of the referent. For example, "gateway.networking.k8s.io". + // When unspecified or empty string, core API group is inferred. + // + // +optional + // +kubebuilder:default="" + Group *Group `json:"group,omitempty"` + + // Kind is the Kubernetes resource kind of the referent. For example + // "Service". + // + // Defaults to "Service" when not specified. + // + // ExternalName services can refer to CNAME DNS records that may live + // outside of the cluster and as such are difficult to reason about in + // terms of conformance. They also may not be safe to forward to (see + // CVE-2021-25740 for more information). Implementations SHOULD NOT + // support ExternalName Services. + // + // Support: Core (Services with a type other than ExternalName) + // + // Support: Implementation-specific (Services with type ExternalName) + // + // +optional + // +kubebuilder:default=Service + Kind *Kind `json:"kind,omitempty"` + + // Name is the name of the referent. + Name ObjectName `json:"name"` + + // Namespace is the namespace of the backend. When unspecified, the local + // namespace is inferred. + // + // Note that when a namespace different than the local namespace is specified, + // a ReferenceGrant object is required in the referent namespace to allow that + // namespace's owner to accept the reference. See the ReferenceGrant + // documentation for details. + // + // Support: Core + // + // +optional + Namespace *Namespace `json:"namespace,omitempty"` + + // Port specifies the destination port number to use for this resource. + // Port is required when the referent is a Kubernetes Service. In this + // case, the port number is the service port number, not the target port. + // For other resources, destination port might be derived from the referent + // resource or this field. + // + // +optional + Port *PortNumber `json:"port,omitempty"` +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/referencegrant_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/referencegrant_types.go new file mode 100644 index 000000000000..0b0caf70882a --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/referencegrant_types.go @@ -0,0 +1,143 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=gateway-api,shortName=refgrant +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:storageversion + +// ReferenceGrant identifies kinds of resources in other namespaces that are +// trusted to reference the specified kinds of resources in the same namespace +// as the policy. +// +// Each ReferenceGrant can be used to represent a unique trust relationship. +// Additional Reference Grants can be used to add to the set of trusted +// sources of inbound references for the namespace they are defined within. +// +// All cross-namespace references in Gateway API (with the exception of cross-namespace +// Gateway-route attachment) require a ReferenceGrant. +// +// ReferenceGrant is a form of runtime verification allowing users to assert +// which cross-namespace object references are permitted. Implementations that +// support ReferenceGrant MUST NOT permit cross-namespace references which have +// no grant, and MUST respond to the removal of a grant by revoking the access +// that the grant allowed. +type ReferenceGrant struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of ReferenceGrant. + Spec ReferenceGrantSpec `json:"spec,omitempty"` + + // Note that `Status` sub-resource has been excluded at the + // moment as it was difficult to work out the design. + // `Status` sub-resource may be added in future. +} + +// +kubebuilder:object:root=true +// ReferenceGrantList contains a list of ReferenceGrant. +type ReferenceGrantList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ReferenceGrant `json:"items"` +} + +// ReferenceGrantSpec identifies a cross namespace relationship that is trusted +// for Gateway API. +type ReferenceGrantSpec struct { + // From describes the trusted namespaces and kinds that can reference the + // resources described in "To". Each entry in this list MUST be considered + // to be an additional place that references can be valid from, or to put + // this another way, entries MUST be combined using OR. + // + // Support: Core + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + From []ReferenceGrantFrom `json:"from"` + + // To describes the resources that may be referenced by the resources + // described in "From". Each entry in this list MUST be considered to be an + // additional place that references can be valid to, or to put this another + // way, entries MUST be combined using OR. + // + // Support: Core + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + To []ReferenceGrantTo `json:"to"` +} + +// ReferenceGrantFrom describes trusted namespaces and kinds. +type ReferenceGrantFrom struct { + // Group is the group of the referent. + // When empty, the Kubernetes core API group is inferred. + // + // Support: Core + Group Group `json:"group"` + + // Kind is the kind of the referent. Although implementations may support + // additional resources, the following types are part of the "Core" + // support level for this field. + // + // When used to permit a SecretObjectReference: + // + // * Gateway + // + // When used to permit a BackendObjectReference: + // + // * GRPCRoute + // * HTTPRoute + // * TCPRoute + // * TLSRoute + // * UDPRoute + Kind Kind `json:"kind"` + + // Namespace is the namespace of the referent. + // + // Support: Core + Namespace Namespace `json:"namespace"` +} + +// ReferenceGrantTo describes what Kinds are allowed as targets of the +// references. +type ReferenceGrantTo struct { + // Group is the group of the referent. + // When empty, the Kubernetes core API group is inferred. + // + // Support: Core + Group Group `json:"group"` + + // Kind is the kind of the referent. Although implementations may support + // additional resources, the following types are part of the "Core" + // support level for this field: + // + // * Secret when used to permit a SecretObjectReference + // * Service when used to permit a BackendObjectReference + Kind Kind `json:"kind"` + + // Name is the name of the referent. When unspecified, this policy + // refers to all resources of the specified Group and Kind in the local + // namespace. + // + // +optional + Name *ObjectName `json:"name,omitempty"` +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/shared_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/shared_types.go new file mode 100644 index 000000000000..b18af1d0e065 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/shared_types.go @@ -0,0 +1,643 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// ParentReference identifies an API object (usually a Gateway) that can be considered +// a parent of this resource (usually a route). There are two kinds of parent resources +// with "Core" support: +// +// * Gateway (Gateway conformance profile) +// * Service (Mesh conformance profile, experimental, ClusterIP Services only) +// +// This API may be extended in the future to support additional kinds of parent +// resources. +// +// The API object must be valid in the cluster; the Group and Kind must +// be registered in the cluster for this reference to be valid. +type ParentReference struct { + // Group is the group of the referent. + // When unspecified, "gateway.networking.k8s.io" is inferred. + // To set the core API group (such as for a "Service" kind referent), + // Group must be explicitly set to "" (empty string). + // + // Support: Core + // + // +kubebuilder:default=gateway.networking.k8s.io + // +optional + Group *Group `json:"group,omitempty"` + + // Kind is kind of the referent. + // + // There are two kinds of parent resources with "Core" support: + // + // * Gateway (Gateway conformance profile) + // * Service (Mesh conformance profile, experimental, ClusterIP Services only) + // + // Support for other resources is Implementation-Specific. + // + // +kubebuilder:default=Gateway + // +optional + Kind *Kind `json:"kind,omitempty"` + + // Namespace is the namespace of the referent. When unspecified, this refers + // to the local namespace of the Route. + // + // Note that there are specific rules for ParentRefs which cross namespace + // boundaries. Cross-namespace references are only valid if they are explicitly + // allowed by something in the namespace they are referring to. For example: + // Gateway has the AllowedRoutes field, and ReferenceGrant provides a + // generic way to enable any other kind of cross-namespace reference. + // + // ParentRefs from a Route to a Service in the same namespace are "producer" + // routes, which apply default routing rules to inbound connections from + // any namespace to the Service. + // + // ParentRefs from a Route to a Service in a different namespace are + // "consumer" routes, and these routing rules are only applied to outbound + // connections originating from the same namespace as the Route, for which + // the intended destination of the connections are a Service targeted as a + // ParentRef of the Route. + // + // Support: Core + // + // +optional + Namespace *Namespace `json:"namespace,omitempty"` + + // Name is the name of the referent. + // + // Support: Core + Name ObjectName `json:"name"` + + // SectionName is the name of a section within the target resource. In the + // following resources, SectionName is interpreted as the following: + // + // * Gateway: Listener Name. When both Port (experimental) and SectionName + // are specified, the name and port of the selected listener must match + // both specified values. + // * Service: Port Name. When both Port (experimental) and SectionName + // are specified, the name and port of the selected listener must match + // both specified values. Note that attaching Routes to Services as Parents + // is part of experimental Mesh support and is not supported for any other + // purpose. + // + // Implementations MAY choose to support attaching Routes to other resources. + // If that is the case, they MUST clearly document how SectionName is + // interpreted. + // + // When unspecified (empty string), this will reference the entire resource. + // For the purpose of status, an attachment is considered successful if at + // least one section in the parent resource accepts it. For example, Gateway + // listeners can restrict which Routes can attach to them by Route kind, + // namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + // the referencing Route, the Route MUST be considered successfully + // attached. If no Gateway listeners accept attachment from this Route, the + // Route MUST be considered detached from the Gateway. + // + // Support: Core + // + // +optional + SectionName *SectionName `json:"sectionName,omitempty"` + + // Port is the network port this Route targets. It can be interpreted + // differently based on the type of parent resource. + // + // When the parent resource is a Gateway, this targets all listeners + // listening on the specified port that also support this kind of Route(and + // select this Route). It's not recommended to set `Port` unless the + // networking behaviors specified in a Route must apply to a specific port + // as opposed to a listener(s) whose port(s) may be changed. When both Port + // and SectionName are specified, the name and port of the selected listener + // must match both specified values. + // + // When the parent resource is a Service, this targets a specific port in the + // Service spec. When both Port (experimental) and SectionName are specified, + // the name and port of the selected port must match both specified values. + // + // Implementations MAY choose to support other parent resources. + // Implementations supporting other types of parent resources MUST clearly + // document how/if Port is interpreted. + // + // For the purpose of status, an attachment is considered successful as + // long as the parent resource accepts it partially. For example, Gateway + // listeners can restrict which Routes can attach to them by Route kind, + // namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + // from the referencing Route, the Route MUST be considered successfully + // attached. If no Gateway listeners accept attachment from this Route, + // the Route MUST be considered detached from the Gateway. + // + // Support: Extended + // + // +optional + // + Port *PortNumber `json:"port,omitempty"` +} + +// CommonRouteSpec defines the common attributes that all Routes MUST include +// within their spec. +type CommonRouteSpec struct { + // ParentRefs references the resources (usually Gateways) that a Route wants + // to be attached to. Note that the referenced parent resource needs to + // allow this for the attachment to be complete. For Gateways, that means + // the Gateway needs to allow attachment from Routes of this kind and + // namespace. For Services, that means the Service must either be in the same + // namespace for a "producer" route, or the mesh implementation must support + // and allow "consumer" routes for the referenced Service. ReferenceGrant is + // not applicable for governing ParentRefs to Services - it is not possible to + // create a "producer" route for a Service in a different namespace from the + // Route. + // + // There are two kinds of parent resources with "Core" support: + // + // * Gateway (Gateway conformance profile) + // * Service (Mesh conformance profile, experimental, ClusterIP Services only) + // + // This API may be extended in the future to support additional kinds of parent + // resources. + // + // It is invalid to reference an identical parent more than once. It is + // valid to reference multiple distinct sections within the same parent + // resource, such as two separate Listeners on the same Gateway or two separate + // ports on the same Service. + // + // It is possible to separately reference multiple distinct objects that may + // be collapsed by an implementation. For example, some implementations may + // choose to merge compatible Gateway Listeners together. If that is the + // case, the list of routes attached to those resources should also be + // merged. + // + // Note that for ParentRefs that cross namespace boundaries, there are specific + // rules. Cross-namespace references are only valid if they are explicitly + // allowed by something in the namespace they are referring to. For example, + // Gateway has the AllowedRoutes field, and ReferenceGrant provides a + // generic way to enable other kinds of cross-namespace reference. + // + // ParentRefs from a Route to a Service in the same namespace are "producer" + // routes, which apply default routing rules to inbound connections from + // any namespace to the Service. + // + // ParentRefs from a Route to a Service in a different namespace are + // "consumer" routes, and these routing rules are only applied to outbound + // connections originating from the same namespace as the Route, for which + // the intended destination of the connections are a Service targeted as a + // ParentRef of the Route. + // + // +optional + // +kubebuilder:validation:MaxItems=32 + // + // + // + // + ParentRefs []ParentReference `json:"parentRefs,omitempty"` +} + +// PortNumber defines a network port. +// +// +kubebuilder:validation:Minimum=1 +// +kubebuilder:validation:Maximum=65535 +type PortNumber int32 + +// BackendRef defines how a Route should forward a request to a Kubernetes +// resource. +// +// Note that when a namespace different than the local namespace is specified, a +// ReferenceGrant object is required in the referent namespace to allow that +// namespace's owner to accept the reference. See the ReferenceGrant +// documentation for details. +type BackendRef struct { + // BackendObjectReference references a Kubernetes object. + BackendObjectReference `json:",inline"` + + // Weight specifies the proportion of requests forwarded to the referenced + // backend. This is computed as weight/(sum of all weights in this + // BackendRefs list). For non-zero values, there may be some epsilon from + // the exact proportion defined here depending on the precision an + // implementation supports. Weight is not a percentage and the sum of + // weights does not need to equal 100. + // + // If only one backend is specified and it has a weight greater than 0, 100% + // of the traffic is forwarded to that backend. If weight is set to 0, no + // traffic should be forwarded for this entry. If unspecified, weight + // defaults to 1. + // + // Support for this field varies based on the context where used. + // + // +optional + // +kubebuilder:default=1 + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000000 + Weight *int32 `json:"weight,omitempty"` +} + +// RouteConditionType is a type of condition for a route. +type RouteConditionType string + +// RouteConditionReason is a reason for a route condition. +type RouteConditionReason string + +const ( + // This condition indicates whether the route has been accepted or rejected + // by a Gateway, and why. + // + // Possible reasons for this condition to be true are: + // + // * "Accepted" + // + // Possible reasons for this condition to be False are: + // + // * "NotAllowedByListeners" + // * "NoMatchingListenerHostname" + // * "NoMatchingParent" + // * "UnsupportedValue" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + RouteConditionAccepted RouteConditionType = "Accepted" + + // This reason is used with the "Accepted" condition when the Route has been + // accepted by the Gateway. + RouteReasonAccepted RouteConditionReason = "Accepted" + + // This reason is used with the "Accepted" condition when the route has not + // been accepted by a Gateway because the Gateway has no Listener whose + // allowedRoutes criteria permit the route + RouteReasonNotAllowedByListeners RouteConditionReason = "NotAllowedByListeners" + + // This reason is used with the "Accepted" condition when the Gateway has no + // compatible Listeners whose Hostname matches the route + RouteReasonNoMatchingListenerHostname RouteConditionReason = "NoMatchingListenerHostname" + + // This reason is used with the "Accepted" condition when there are + // no matching Parents. In the case of Gateways, this can occur when + // a Route ParentRef specifies a Port and/or SectionName that does not + // match any Listeners in the Gateway. + RouteReasonNoMatchingParent RouteConditionReason = "NoMatchingParent" + + // This reason is used with the "Accepted" condition when a value for an Enum + // is not recognized. + RouteReasonUnsupportedValue RouteConditionReason = "UnsupportedValue" + + // This reason is used with the "Accepted" when a controller has not yet + // reconciled the route. + RouteReasonPending RouteConditionReason = "Pending" + + // This reason is used with the "Accepted" condition when there + // are incompatible filters present on a route rule (for example if + // the URLRewrite and RequestRedirect are both present on an HTTPRoute). + RouteReasonIncompatibleFilters RouteConditionReason = "IncompatibleFilters" + + // This condition indicates whether the controller was able to resolve all + // the object references for the Route. + // + // Possible reasons for this condition to be true are: + // + // * "ResolvedRefs" + // + // Possible reasons for this condition to be false are: + // + // * "RefNotPermitted" + // * "InvalidKind" + // * "BackendNotFound" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + RouteConditionResolvedRefs RouteConditionType = "ResolvedRefs" + + // This reason is used with the "ResolvedRefs" condition when the condition + // is true. + RouteReasonResolvedRefs RouteConditionReason = "ResolvedRefs" + + // This reason is used with the "ResolvedRefs" condition when + // one of the Listener's Routes has a BackendRef to an object in + // another namespace, where the object in the other namespace does + // not have a ReferenceGrant explicitly allowing the reference. + RouteReasonRefNotPermitted RouteConditionReason = "RefNotPermitted" + + // This reason is used with the "ResolvedRefs" condition when + // one of the Route's rules has a reference to an unknown or unsupported + // Group and/or Kind. + RouteReasonInvalidKind RouteConditionReason = "InvalidKind" + + // This reason is used with the "ResolvedRefs" condition when one of the + // Route's rules has a reference to a resource that does not exist. + RouteReasonBackendNotFound RouteConditionReason = "BackendNotFound" +) + +// RouteParentStatus describes the status of a route with respect to an +// associated Parent. +type RouteParentStatus struct { + // ParentRef corresponds with a ParentRef in the spec that this + // RouteParentStatus struct describes the status of. + ParentRef ParentReference `json:"parentRef"` + + // ControllerName is a domain/path string that indicates the name of the + // controller that wrote this status. This corresponds with the + // controllerName field on GatewayClass. + // + // Example: "example.net/gateway-controller". + // + // The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are + // valid Kubernetes names + // (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + // + // Controllers MUST populate this field when writing status. Controllers should ensure that + // entries to status populated with their ControllerName are cleaned up when they are no + // longer necessary. + ControllerName GatewayController `json:"controllerName"` + + // Conditions describes the status of the route with respect to the Gateway. + // Note that the route's availability is also subject to the Gateway's own + // status conditions and listener status. + // + // If the Route's ParentRef specifies an existing Gateway that supports + // Routes of this kind AND that Gateway's controller has sufficient access, + // then that Gateway's controller MUST set the "Accepted" condition on the + // Route, to indicate whether the route has been accepted or rejected by the + // Gateway, and why. + // + // A Route MUST be considered "Accepted" if at least one of the Route's + // rules is implemented by the Gateway. + // + // There are a number of cases where the "Accepted" condition may not be set + // due to lack of controller visibility, that includes when: + // + // * The Route refers to a non-existent parent. + // * The Route is of a type that the controller does not support. + // * The Route is in a namespace the controller does not have access to. + // + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// RouteStatus defines the common attributes that all Routes MUST include within +// their status. +type RouteStatus struct { + // Parents is a list of parent resources (usually Gateways) that are + // associated with the route, and the status of the route with respect to + // each parent. When this route attaches to a parent, the controller that + // manages the parent must add an entry to this list when the controller + // first sees the route and should update the entry as appropriate when the + // route or gateway is modified. + // + // Note that parent references that cannot be resolved by an implementation + // of this API will not be added to this list. Implementations of this API + // can only populate Route status for the Gateways/parent resources they are + // responsible for. + // + // A maximum of 32 Gateways will be represented in this list. An empty list + // means the route has not been attached to any Gateway. + // + // +kubebuilder:validation:MaxItems=32 + Parents []RouteParentStatus `json:"parents"` +} + +// Hostname is the fully qualified domain name of a network host. This matches +// the RFC 1123 definition of a hostname with 2 notable exceptions: +// +// 1. IPs are not allowed. +// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard +// label must appear by itself as the first label. +// +// Hostname can be "precise" which is a domain name without the terminating +// dot of a network host (e.g. "foo.example.com") or "wildcard", which is a +// domain name prefixed with a single wildcard label (e.g. `*.example.com`). +// +// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case +// alphanumeric characters or '-', and must start and end with an alphanumeric +// character. No other punctuation is allowed. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` +type Hostname string + +// PreciseHostname is the fully qualified domain name of a network host. This +// matches the RFC 1123 definition of a hostname with 1 notable exception that +// numeric IP addresses are not allowed. +// +// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case +// alphanumeric characters or '-', and must start and end with an alphanumeric +// character. No other punctuation is allowed. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` +type PreciseHostname string + +// Group refers to a Kubernetes Group. It must either be an empty string or a +// RFC 1123 subdomain. +// +// This validation is based off of the corresponding Kubernetes validation: +// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208 +// +// Valid values include: +// +// * "" - empty string implies core Kubernetes API group +// * "gateway.networking.k8s.io" +// * "foo.example.com" +// +// Invalid values include: +// +// * "example.com/bar" - "/" is an invalid character +// +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` +type Group string + +// Kind refers to a Kubernetes Kind. +// +// Valid values include: +// +// * "Service" +// * "HTTPRoute" +// +// Invalid values include: +// +// * "invalid/kind" - "/" is an invalid character +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=63 +// +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$` +type Kind string + +// ObjectName refers to the name of a Kubernetes object. +// Object names can have a variety of forms, including RFC1123 subdomains, +// RFC 1123 labels, or RFC 1035 labels. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +type ObjectName string + +// Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label. +// +// This validation is based off of the corresponding Kubernetes validation: +// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187 +// +// This is used for Namespace name validation here: +// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63 +// +// Valid values include: +// +// * "example" +// +// Invalid values include: +// +// * "example.com" - "." is an invalid character +// +// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=63 +type Namespace string + +// SectionName is the name of a section in a Kubernetes resource. +// +// This validation is based off of the corresponding Kubernetes validation: +// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208 +// +// Valid values include: +// +// * "example.com" +// * "foo.example.com" +// +// Invalid values include: +// +// * "example.com/bar" - "/" is an invalid character +// +// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +type SectionName string + +// GatewayController is the name of a Gateway API controller. It must be a +// domain prefixed path. +// +// Valid values include: +// +// * "example.com/bar" +// +// Invalid values include: +// +// * "example.com" - must include path +// * "foo.example.com" - must include path +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$` +type GatewayController string + +// AnnotationKey is the key of an annotation in Gateway API. This is used for +// validation of maps such as TLS options. This matches the Kubernetes +// "qualified name" validation that is used for annotations and other common +// values. +// +// Valid values include: +// +// * example +// * example.com +// * example.com/path +// * example.com/path.html +// +// Invalid values include: +// +// * example~ - "~" is an invalid character +// * example.com. - can not start or end with "." +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]/?)*$` +type AnnotationKey string + +// AnnotationValue is the value of an annotation in Gateway API. This is used +// for validation of maps such as TLS options. This roughly matches Kubernetes +// annotation validation, although the length validation in that case is based +// on the entire size of the annotations struct. +// +// +kubebuilder:validation:MinLength=0 +// +kubebuilder:validation:MaxLength=4096 +type AnnotationValue string + +// AddressType defines how a network address is represented as a text string. +// This may take two possible forms: +// +// * A predefined CamelCase string identifier (currently limited to `IPAddress` or `Hostname`) +// * A domain-prefixed string identifier (like `acme.io/CustomAddressType`) +// +// Values `IPAddress` and `Hostname` have Extended support. +// +// The `NamedAddress` value has been deprecated in favor of implementation +// specific domain-prefixed strings. +// +// All other values, including domain-prefixed values have Implementation-specific support, +// which are used in implementation-specific behaviors. Support for additional +// predefined CamelCase identifiers may be added in future releases. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$` +type AddressType string + +// HeaderName is the name of a header or query parameter. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=256 +// +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$` +// +k8s:deepcopy-gen=false +type HeaderName string + +const ( + // A textual representation of a numeric IP address. IPv4 + // addresses must be in dotted-decimal form. IPv6 addresses + // must be in a standard IPv6 text representation + // (see [RFC 5952](https://tools.ietf.org/html/rfc5952)). + // + // This type is intended for specific addresses. Address ranges are not + // supported (e.g. you can not use a CIDR range like 127.0.0.0/24 as an + // IPAddress). + // + // Support: Extended + IPAddressType AddressType = "IPAddress" + + // A Hostname represents a DNS based ingress point. This is similar to the + // corresponding hostname field in Kubernetes load balancer status. For + // example, this concept may be used for cloud load balancers where a DNS + // name is used to expose a load balancer. + // + // Support: Extended + HostnameAddressType AddressType = "Hostname" + + // A NamedAddress provides a way to reference a specific IP address by name. + // For example, this may be a name or other unique identifier that refers + // to a resource on a cloud provider such as a static IP. + // + // The `NamedAddress` type has been deprecated in favor of implementation + // specific domain-prefixed strings. + // + // Support: Implementation-specific + NamedAddressType AddressType = "NamedAddress" +) diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 000000000000..d1d46269d269 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,1271 @@ +//go:build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowedRoutes) DeepCopyInto(out *AllowedRoutes) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = new(RouteNamespaces) + (*in).DeepCopyInto(*out) + } + if in.Kinds != nil { + in, out := &in.Kinds, &out.Kinds + *out = make([]RouteGroupKind, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedRoutes. +func (in *AllowedRoutes) DeepCopy() *AllowedRoutes { + if in == nil { + return nil + } + out := new(AllowedRoutes) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackendObjectReference) DeepCopyInto(out *BackendObjectReference) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(Group) + **out = **in + } + if in.Kind != nil { + in, out := &in.Kind, &out.Kind + *out = new(Kind) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(Namespace) + **out = **in + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(PortNumber) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendObjectReference. +func (in *BackendObjectReference) DeepCopy() *BackendObjectReference { + if in == nil { + return nil + } + out := new(BackendObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackendRef) DeepCopyInto(out *BackendRef) { + *out = *in + in.BackendObjectReference.DeepCopyInto(&out.BackendObjectReference) + if in.Weight != nil { + in, out := &in.Weight, &out.Weight + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendRef. +func (in *BackendRef) DeepCopy() *BackendRef { + if in == nil { + return nil + } + out := new(BackendRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CommonRouteSpec) DeepCopyInto(out *CommonRouteSpec) { + *out = *in + if in.ParentRefs != nil { + in, out := &in.ParentRefs, &out.ParentRefs + *out = make([]ParentReference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonRouteSpec. +func (in *CommonRouteSpec) DeepCopy() *CommonRouteSpec { + if in == nil { + return nil + } + out := new(CommonRouteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Gateway) DeepCopyInto(out *Gateway) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. +func (in *Gateway) DeepCopy() *Gateway { + if in == nil { + return nil + } + out := new(Gateway) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Gateway) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayAddress) DeepCopyInto(out *GatewayAddress) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(AddressType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayAddress. +func (in *GatewayAddress) DeepCopy() *GatewayAddress { + if in == nil { + return nil + } + out := new(GatewayAddress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayClass) DeepCopyInto(out *GatewayClass) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClass. +func (in *GatewayClass) DeepCopy() *GatewayClass { + if in == nil { + return nil + } + out := new(GatewayClass) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GatewayClass) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayClassList) DeepCopyInto(out *GatewayClassList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]GatewayClass, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClassList. +func (in *GatewayClassList) DeepCopy() *GatewayClassList { + if in == nil { + return nil + } + out := new(GatewayClassList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GatewayClassList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayClassSpec) DeepCopyInto(out *GatewayClassSpec) { + *out = *in + if in.ParametersRef != nil { + in, out := &in.ParametersRef, &out.ParametersRef + *out = new(ParametersReference) + (*in).DeepCopyInto(*out) + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClassSpec. +func (in *GatewayClassSpec) DeepCopy() *GatewayClassSpec { + if in == nil { + return nil + } + out := new(GatewayClassSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayClassStatus) DeepCopyInto(out *GatewayClassStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClassStatus. +func (in *GatewayClassStatus) DeepCopy() *GatewayClassStatus { + if in == nil { + return nil + } + out := new(GatewayClassStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayList) DeepCopyInto(out *GatewayList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Gateway, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayList. +func (in *GatewayList) DeepCopy() *GatewayList { + if in == nil { + return nil + } + out := new(GatewayList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GatewayList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewaySpec) DeepCopyInto(out *GatewaySpec) { + *out = *in + if in.Listeners != nil { + in, out := &in.Listeners, &out.Listeners + *out = make([]Listener, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]GatewayAddress, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewaySpec. +func (in *GatewaySpec) DeepCopy() *GatewaySpec { + if in == nil { + return nil + } + out := new(GatewaySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayStatus) DeepCopyInto(out *GatewayStatus) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]GatewayStatusAddress, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Listeners != nil { + in, out := &in.Listeners, &out.Listeners + *out = make([]ListenerStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayStatus. +func (in *GatewayStatus) DeepCopy() *GatewayStatus { + if in == nil { + return nil + } + out := new(GatewayStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayStatusAddress) DeepCopyInto(out *GatewayStatusAddress) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(AddressType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayStatusAddress. +func (in *GatewayStatusAddress) DeepCopy() *GatewayStatusAddress { + if in == nil { + return nil + } + out := new(GatewayStatusAddress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayTLSConfig) DeepCopyInto(out *GatewayTLSConfig) { + *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(TLSModeType) + **out = **in + } + if in.CertificateRefs != nil { + in, out := &in.CertificateRefs, &out.CertificateRefs + *out = make([]SecretObjectReference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Options != nil { + in, out := &in.Options, &out.Options + *out = make(map[AnnotationKey]AnnotationValue, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayTLSConfig. +func (in *GatewayTLSConfig) DeepCopy() *GatewayTLSConfig { + if in == nil { + return nil + } + out := new(GatewayTLSConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPBackendRef) DeepCopyInto(out *HTTPBackendRef) { + *out = *in + in.BackendRef.DeepCopyInto(&out.BackendRef) + if in.Filters != nil { + in, out := &in.Filters, &out.Filters + *out = make([]HTTPRouteFilter, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBackendRef. +func (in *HTTPBackendRef) DeepCopy() *HTTPBackendRef { + if in == nil { + return nil + } + out := new(HTTPBackendRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. +func (in *HTTPHeader) DeepCopy() *HTTPHeader { + if in == nil { + return nil + } + out := new(HTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPHeaderFilter) DeepCopyInto(out *HTTPHeaderFilter) { + *out = *in + if in.Set != nil { + in, out := &in.Set, &out.Set + *out = make([]HTTPHeader, len(*in)) + copy(*out, *in) + } + if in.Add != nil { + in, out := &in.Add, &out.Add + *out = make([]HTTPHeader, len(*in)) + copy(*out, *in) + } + if in.Remove != nil { + in, out := &in.Remove, &out.Remove + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeaderFilter. +func (in *HTTPHeaderFilter) DeepCopy() *HTTPHeaderFilter { + if in == nil { + return nil + } + out := new(HTTPHeaderFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPHeaderMatch) DeepCopyInto(out *HTTPHeaderMatch) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(HeaderMatchType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeaderMatch. +func (in *HTTPHeaderMatch) DeepCopy() *HTTPHeaderMatch { + if in == nil { + return nil + } + out := new(HTTPHeaderMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPPathMatch) DeepCopyInto(out *HTTPPathMatch) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(PathMatchType) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPathMatch. +func (in *HTTPPathMatch) DeepCopy() *HTTPPathMatch { + if in == nil { + return nil + } + out := new(HTTPPathMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPPathModifier) DeepCopyInto(out *HTTPPathModifier) { + *out = *in + if in.ReplaceFullPath != nil { + in, out := &in.ReplaceFullPath, &out.ReplaceFullPath + *out = new(string) + **out = **in + } + if in.ReplacePrefixMatch != nil { + in, out := &in.ReplacePrefixMatch, &out.ReplacePrefixMatch + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPathModifier. +func (in *HTTPPathModifier) DeepCopy() *HTTPPathModifier { + if in == nil { + return nil + } + out := new(HTTPPathModifier) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPQueryParamMatch) DeepCopyInto(out *HTTPQueryParamMatch) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(QueryParamMatchType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPQueryParamMatch. +func (in *HTTPQueryParamMatch) DeepCopy() *HTTPQueryParamMatch { + if in == nil { + return nil + } + out := new(HTTPQueryParamMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRequestMirrorFilter) DeepCopyInto(out *HTTPRequestMirrorFilter) { + *out = *in + in.BackendRef.DeepCopyInto(&out.BackendRef) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRequestMirrorFilter. +func (in *HTTPRequestMirrorFilter) DeepCopy() *HTTPRequestMirrorFilter { + if in == nil { + return nil + } + out := new(HTTPRequestMirrorFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRequestRedirectFilter) DeepCopyInto(out *HTTPRequestRedirectFilter) { + *out = *in + if in.Scheme != nil { + in, out := &in.Scheme, &out.Scheme + *out = new(string) + **out = **in + } + if in.Hostname != nil { + in, out := &in.Hostname, &out.Hostname + *out = new(PreciseHostname) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(HTTPPathModifier) + (*in).DeepCopyInto(*out) + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(PortNumber) + **out = **in + } + if in.StatusCode != nil { + in, out := &in.StatusCode, &out.StatusCode + *out = new(int) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRequestRedirectFilter. +func (in *HTTPRequestRedirectFilter) DeepCopy() *HTTPRequestRedirectFilter { + if in == nil { + return nil + } + out := new(HTTPRequestRedirectFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. +func (in *HTTPRoute) DeepCopy() *HTTPRoute { + if in == nil { + return nil + } + out := new(HTTPRoute) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HTTPRoute) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteFilter) DeepCopyInto(out *HTTPRouteFilter) { + *out = *in + if in.RequestHeaderModifier != nil { + in, out := &in.RequestHeaderModifier, &out.RequestHeaderModifier + *out = new(HTTPHeaderFilter) + (*in).DeepCopyInto(*out) + } + if in.ResponseHeaderModifier != nil { + in, out := &in.ResponseHeaderModifier, &out.ResponseHeaderModifier + *out = new(HTTPHeaderFilter) + (*in).DeepCopyInto(*out) + } + if in.RequestMirror != nil { + in, out := &in.RequestMirror, &out.RequestMirror + *out = new(HTTPRequestMirrorFilter) + (*in).DeepCopyInto(*out) + } + if in.RequestRedirect != nil { + in, out := &in.RequestRedirect, &out.RequestRedirect + *out = new(HTTPRequestRedirectFilter) + (*in).DeepCopyInto(*out) + } + if in.URLRewrite != nil { + in, out := &in.URLRewrite, &out.URLRewrite + *out = new(HTTPURLRewriteFilter) + (*in).DeepCopyInto(*out) + } + if in.ExtensionRef != nil { + in, out := &in.ExtensionRef, &out.ExtensionRef + *out = new(LocalObjectReference) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilter. +func (in *HTTPRouteFilter) DeepCopy() *HTTPRouteFilter { + if in == nil { + return nil + } + out := new(HTTPRouteFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteList) DeepCopyInto(out *HTTPRouteList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]HTTPRoute, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteList. +func (in *HTTPRouteList) DeepCopy() *HTTPRouteList { + if in == nil { + return nil + } + out := new(HTTPRouteList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HTTPRouteList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteMatch) DeepCopyInto(out *HTTPRouteMatch) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(HTTPPathMatch) + (*in).DeepCopyInto(*out) + } + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make([]HTTPHeaderMatch, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.QueryParams != nil { + in, out := &in.QueryParams, &out.QueryParams + *out = make([]HTTPQueryParamMatch, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Method != nil { + in, out := &in.Method, &out.Method + *out = new(HTTPMethod) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteMatch. +func (in *HTTPRouteMatch) DeepCopy() *HTTPRouteMatch { + if in == nil { + return nil + } + out := new(HTTPRouteMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteRule) DeepCopyInto(out *HTTPRouteRule) { + *out = *in + if in.Matches != nil { + in, out := &in.Matches, &out.Matches + *out = make([]HTTPRouteMatch, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Filters != nil { + in, out := &in.Filters, &out.Filters + *out = make([]HTTPRouteFilter, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.BackendRefs != nil { + in, out := &in.BackendRefs, &out.BackendRefs + *out = make([]HTTPBackendRef, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteRule. +func (in *HTTPRouteRule) DeepCopy() *HTTPRouteRule { + if in == nil { + return nil + } + out := new(HTTPRouteRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteSpec) DeepCopyInto(out *HTTPRouteSpec) { + *out = *in + in.CommonRouteSpec.DeepCopyInto(&out.CommonRouteSpec) + if in.Hostnames != nil { + in, out := &in.Hostnames, &out.Hostnames + *out = make([]Hostname, len(*in)) + copy(*out, *in) + } + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]HTTPRouteRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteSpec. +func (in *HTTPRouteSpec) DeepCopy() *HTTPRouteSpec { + if in == nil { + return nil + } + out := new(HTTPRouteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteStatus) DeepCopyInto(out *HTTPRouteStatus) { + *out = *in + in.RouteStatus.DeepCopyInto(&out.RouteStatus) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteStatus. +func (in *HTTPRouteStatus) DeepCopy() *HTTPRouteStatus { + if in == nil { + return nil + } + out := new(HTTPRouteStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPURLRewriteFilter) DeepCopyInto(out *HTTPURLRewriteFilter) { + *out = *in + if in.Hostname != nil { + in, out := &in.Hostname, &out.Hostname + *out = new(PreciseHostname) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(HTTPPathModifier) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPURLRewriteFilter. +func (in *HTTPURLRewriteFilter) DeepCopy() *HTTPURLRewriteFilter { + if in == nil { + return nil + } + out := new(HTTPURLRewriteFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Listener) DeepCopyInto(out *Listener) { + *out = *in + if in.Hostname != nil { + in, out := &in.Hostname, &out.Hostname + *out = new(Hostname) + **out = **in + } + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(GatewayTLSConfig) + (*in).DeepCopyInto(*out) + } + if in.AllowedRoutes != nil { + in, out := &in.AllowedRoutes, &out.AllowedRoutes + *out = new(AllowedRoutes) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Listener. +func (in *Listener) DeepCopy() *Listener { + if in == nil { + return nil + } + out := new(Listener) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ListenerStatus) DeepCopyInto(out *ListenerStatus) { + *out = *in + if in.SupportedKinds != nil { + in, out := &in.SupportedKinds, &out.SupportedKinds + *out = make([]RouteGroupKind, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListenerStatus. +func (in *ListenerStatus) DeepCopy() *ListenerStatus { + if in == nil { + return nil + } + out := new(ListenerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference. +func (in *LocalObjectReference) DeepCopy() *LocalObjectReference { + if in == nil { + return nil + } + out := new(LocalObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersReference) DeepCopyInto(out *ParametersReference) { + *out = *in + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(Namespace) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersReference. +func (in *ParametersReference) DeepCopy() *ParametersReference { + if in == nil { + return nil + } + out := new(ParametersReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParentReference) DeepCopyInto(out *ParentReference) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(Group) + **out = **in + } + if in.Kind != nil { + in, out := &in.Kind, &out.Kind + *out = new(Kind) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(Namespace) + **out = **in + } + if in.SectionName != nil { + in, out := &in.SectionName, &out.SectionName + *out = new(SectionName) + **out = **in + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(PortNumber) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParentReference. +func (in *ParentReference) DeepCopy() *ParentReference { + if in == nil { + return nil + } + out := new(ParentReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrant) DeepCopyInto(out *ReferenceGrant) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrant. +func (in *ReferenceGrant) DeepCopy() *ReferenceGrant { + if in == nil { + return nil + } + out := new(ReferenceGrant) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ReferenceGrant) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantFrom) DeepCopyInto(out *ReferenceGrantFrom) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantFrom. +func (in *ReferenceGrantFrom) DeepCopy() *ReferenceGrantFrom { + if in == nil { + return nil + } + out := new(ReferenceGrantFrom) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantList) DeepCopyInto(out *ReferenceGrantList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ReferenceGrant, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantList. +func (in *ReferenceGrantList) DeepCopy() *ReferenceGrantList { + if in == nil { + return nil + } + out := new(ReferenceGrantList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ReferenceGrantList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantSpec) DeepCopyInto(out *ReferenceGrantSpec) { + *out = *in + if in.From != nil { + in, out := &in.From, &out.From + *out = make([]ReferenceGrantFrom, len(*in)) + copy(*out, *in) + } + if in.To != nil { + in, out := &in.To, &out.To + *out = make([]ReferenceGrantTo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantSpec. +func (in *ReferenceGrantSpec) DeepCopy() *ReferenceGrantSpec { + if in == nil { + return nil + } + out := new(ReferenceGrantSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantTo) DeepCopyInto(out *ReferenceGrantTo) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(ObjectName) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantTo. +func (in *ReferenceGrantTo) DeepCopy() *ReferenceGrantTo { + if in == nil { + return nil + } + out := new(ReferenceGrantTo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteGroupKind) DeepCopyInto(out *RouteGroupKind) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(Group) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteGroupKind. +func (in *RouteGroupKind) DeepCopy() *RouteGroupKind { + if in == nil { + return nil + } + out := new(RouteGroupKind) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteNamespaces) DeepCopyInto(out *RouteNamespaces) { + *out = *in + if in.From != nil { + in, out := &in.From, &out.From + *out = new(FromNamespaces) + **out = **in + } + if in.Selector != nil { + in, out := &in.Selector, &out.Selector + *out = new(v1.LabelSelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteNamespaces. +func (in *RouteNamespaces) DeepCopy() *RouteNamespaces { + if in == nil { + return nil + } + out := new(RouteNamespaces) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteParentStatus) DeepCopyInto(out *RouteParentStatus) { + *out = *in + in.ParentRef.DeepCopyInto(&out.ParentRef) + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteParentStatus. +func (in *RouteParentStatus) DeepCopy() *RouteParentStatus { + if in == nil { + return nil + } + out := new(RouteParentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteStatus) DeepCopyInto(out *RouteStatus) { + *out = *in + if in.Parents != nil { + in, out := &in.Parents, &out.Parents + *out = make([]RouteParentStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteStatus. +func (in *RouteStatus) DeepCopy() *RouteStatus { + if in == nil { + return nil + } + out := new(RouteStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretObjectReference) DeepCopyInto(out *SecretObjectReference) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(Group) + **out = **in + } + if in.Kind != nil { + in, out := &in.Kind, &out.Kind + *out = new(Kind) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(Namespace) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretObjectReference. +func (in *SecretObjectReference) DeepCopy() *SecretObjectReference { + if in == nil { + return nil + } + out := new(SecretObjectReference) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go new file mode 100644 index 000000000000..05d7898b385c --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go @@ -0,0 +1,73 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by register-gen. DO NOT EDIT. + +package v1beta1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName specifies the group name used to register the objects. +const GroupName = "gateway.networking.k8s.io" + +// GroupVersion specifies the group and the version used to register the objects. +var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1beta1"} + +// SchemeGroupVersion is group version used to register these objects +// Deprecated: use GroupVersion instead. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + // Depreciated: use Install instead + AddToScheme = localSchemeBuilder.AddToScheme + Install = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &Gateway{}, + &GatewayClass{}, + &GatewayClassList{}, + &GatewayList{}, + &HTTPRoute{}, + &HTTPRouteList{}, + &ReferenceGrant{}, + &ReferenceGrantList{}, + ) + // AddToGroupVersion allows the serialization of client types like ListOptions. + v1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +}