Add support for duration values in "Go time.ParseDuration" format.

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>

internal/apis/config/cainjector/v1alpha1/testdata/defaults.json

@@ -2,9 +2,9 @@
 	"leaderElectionConfig": {
 		"enabled": true,
 		"namespace": "kube-system",
-		"leaseDuration": 60000000000,
-		"renewDeadline": 40000000000,
-		"retryPeriod": 15000000000
+		"leaseDuration": "1m0s",
+		"renewDeadline": "40s",
+		"retryPeriod": "15s"
 	},
 	"enableDataSourceConfig": {
 		"certificates": true

internal/apis/config/controller/v1alpha1/defaults.go

@@ -25,6 +25,7 @@ import (
 
 	cm "github.com/cert-manager/cert-manager/pkg/apis/certmanager"
 	"github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1"
+	sharedv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1"
 	challengescontroller "github.com/cert-manager/cert-manager/pkg/controller/acmechallenges"
 	orderscontroller "github.com/cert-manager/cert-manager/pkg/controller/acmeorders"
 	shimgatewaycontroller "github.com/cert-manager/cert-manager/pkg/controller/certificate-shim/gateways"
@@ -243,8 +244,8 @@ func SetDefaults_ControllerConfiguration(obj *v1alpha1.ControllerConfiguration)
 }
 
 func SetDefaults_LeaderElectionConfig(obj *v1alpha1.LeaderElectionConfig) {
-	if obj.HealthzTimeout == time.Duration(0) {
-		obj.HealthzTimeout = defaultHealthzLeaderElectionTimeout
+	if obj.HealthzTimeout.IsZero() {
+		obj.HealthzTimeout = sharedv1alpha1.DurationFromTime(defaultHealthzLeaderElectionTimeout)
 	}
 }
 
@@ -306,7 +307,7 @@ func SetDefaults_ACMEDNS01Config(obj *v1alpha1.ACMEDNS01Config) {
 		obj.RecursiveNameserversOnly = &defaultDNS01RecursiveNameserversOnly
 	}
 
-	if obj.CheckRetryPeriod == time.Duration(0) {
-		obj.CheckRetryPeriod = defaultDNS01CheckRetryPeriod
+	if obj.CheckRetryPeriod.IsZero() {
+		obj.CheckRetryPeriod = sharedv1alpha1.DurationFromTime(defaultDNS01CheckRetryPeriod)
 	}
 }

internal/apis/config/controller/v1alpha1/testdata/defaults.json

@@ -5,10 +5,10 @@
 	"leaderElectionConfig": {
 		"enabled": true,
 		"namespace": "kube-system",
-		"leaseDuration": 60000000000,
-		"renewDeadline": 40000000000,
-		"retryPeriod": 15000000000,
-		"healthzTimeout": 20000000000
+		"leaseDuration": "1m0s",
+		"renewDeadline": "40s",
+		"retryPeriod": "15s",
+		"healthzTimeout": "20s"
 	},
 	"controllers": [
 		"*"
@@ -29,7 +29,7 @@
 	"metricsTLSConfig": {
 		"filesystem": {},
 		"dynamic": {
-			"leafDuration": 604800000000000
+			"leafDuration": "168h0m0s"
 		}
 	},
 	"healthzListenAddress": "0.0.0.0:9403",
@@ -65,6 +65,6 @@
 	},
 	"acmeDNS01Config": {
 		"recursiveNameserversOnly": false,
-		"checkRetryPeriod": 10000000000
+		"checkRetryPeriod": "10s"
 	}
 }

internal/apis/config/controller/v1alpha1/zz_generated.conversion.go

@@ -22,7 +22,6 @@ limitations under the License.
 package v1alpha1
 
 import (
-	time "time"
 	unsafe "unsafe"
 
 	controller "github.com/cert-manager/cert-manager/internal/apis/config/controller"
@@ -98,7 +97,9 @@ func autoConvert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(in *v1al
 	if err := v1.Convert_Pointer_bool_To_bool(&in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly, s); err != nil {
 		return err
 	}
-	out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod)
+	if err := sharedv1alpha1.Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.CheckRetryPeriod, &out.CheckRetryPeriod, s); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -112,7 +113,9 @@ func autoConvert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(in *cont
 	if err := v1.Convert_bool_To_Pointer_bool(&in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly, s); err != nil {
 		return err
 	}
-	out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod)
+	if err := sharedv1alpha1.Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.CheckRetryPeriod, &out.CheckRetryPeriod, s); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -311,7 +314,9 @@ func autoConvert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfi
 	if err := sharedv1alpha1.Convert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil {
 		return err
 	}
-	out.HealthzTimeout = time.Duration(in.HealthzTimeout)
+	if err := sharedv1alpha1.Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.HealthzTimeout, &out.HealthzTimeout, s); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -324,7 +329,9 @@ func autoConvert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfi
 	if err := sharedv1alpha1.Convert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil {
 		return err
 	}
-	out.HealthzTimeout = time.Duration(in.HealthzTimeout)
+	if err := sharedv1alpha1.Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.HealthzTimeout, &out.HealthzTimeout, s); err != nil {
+		return err
+	}
 	return nil
 }
 

internal/apis/config/shared/v1alpha1/conversion.go

@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"time"
+
 	conversion "k8s.io/apimachinery/pkg/conversion"
 
 	shared "github.com/cert-manager/cert-manager/internal/apis/config/shared"
@@ -76,3 +78,17 @@ func Convert_int_To_Pointer_int32(in *int, out **int32, s conversion.Scope) erro
 	*out = &temp
 	return nil
 }
+
+func Convert_Pointer_v1alpha1_Duration_To_time_Duration(in **v1alpha1.Duration, out *time.Duration, s conversion.Scope) error {
+	if *in == nil {
+		*out = 0
+		return nil
+	}
+	*out = (*in).Duration.Duration
+	return nil
+}
+
+func Convert_time_Duration_To_Pointer_v1alpha1_Duration(in *time.Duration, out **v1alpha1.Duration, s conversion.Scope) error {
+	*out = v1alpha1.DurationFromTime(*in)
+	return nil
+}

internal/apis/config/shared/v1alpha1/defaults.go

@@ -33,8 +33,8 @@ var (
 )
 
 func SetDefaults_DynamicServingConfig(obj *v1alpha1.DynamicServingConfig) {
-	if obj.LeafDuration == time.Duration(0) {
-		obj.LeafDuration = defaultLeafDuration
+	if obj.LeafDuration.IsZero() {
+		obj.LeafDuration = v1alpha1.DurationFromTime(defaultLeafDuration)
 	}
 }
 
@@ -47,15 +47,15 @@ func SetDefaults_LeaderElectionConfig(obj *v1alpha1.LeaderElectionConfig) {
 		obj.Namespace = defaultLeaderElectionNamespace
 	}
 
-	if obj.LeaseDuration == time.Duration(0) {
-		obj.LeaseDuration = defaultLeaderElectionLeaseDuration
+	if obj.LeaseDuration.IsZero() {
+		obj.LeaseDuration = v1alpha1.DurationFromTime(defaultLeaderElectionLeaseDuration)
 	}
 
-	if obj.RenewDeadline == time.Duration(0) {
-		obj.RenewDeadline = defaultLeaderElectionRenewDeadline
+	if obj.RenewDeadline.IsZero() {
+		obj.RenewDeadline = v1alpha1.DurationFromTime(defaultLeaderElectionRenewDeadline)
 	}
 
-	if obj.RetryPeriod == time.Duration(0) {
-		obj.RetryPeriod = defaultLeaderElectionRetryPeriod
+	if obj.RetryPeriod.IsZero() {
+		obj.RetryPeriod = v1alpha1.DurationFromTime(defaultLeaderElectionRetryPeriod)
 	}
 }

internal/apis/config/shared/v1alpha1/zz_generated.conversion.go

@@ -69,6 +69,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((**v1alpha1.Duration)(nil), (*time.Duration)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_Pointer_v1alpha1_Duration_To_time_Duration(a.(**v1alpha1.Duration), b.(*time.Duration), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddConversionFunc((*float32)(nil), (**float32)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_float32_To_Pointer_float32(a.(*float32), b.(**float32), scope)
 	}); err != nil {
@@ -89,6 +94,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*time.Duration)(nil), (**v1alpha1.Duration)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_time_Duration_To_Pointer_v1alpha1_Duration(a.(*time.Duration), b.(**v1alpha1.Duration), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddConversionFunc((*v1alpha1.LeaderElectionConfig)(nil), (*shared.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(a.(*v1alpha1.LeaderElectionConfig), b.(*shared.LeaderElectionConfig), scope)
 	}); err != nil {
@@ -106,7 +116,9 @@ func autoConvert_v1alpha1_DynamicServingConfig_To_shared_DynamicServingConfig(in
 	out.SecretNamespace = in.SecretNamespace
 	out.SecretName = in.SecretName
 	out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames))
-	out.LeafDuration = time.Duration(in.LeafDuration)
+	if err := Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.LeafDuration, &out.LeafDuration, s); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -119,7 +131,9 @@ func autoConvert_shared_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in
 	out.SecretNamespace = in.SecretNamespace
 	out.SecretName = in.SecretName
 	out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames))
-	out.LeafDuration = time.Duration(in.LeafDuration)
+	if err := Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.LeafDuration, &out.LeafDuration, s); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -155,9 +169,15 @@ func autoConvert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(in
 		return err
 	}
 	out.Namespace = in.Namespace
-	out.LeaseDuration = time.Duration(in.LeaseDuration)
-	out.RenewDeadline = time.Duration(in.RenewDeadline)
-	out.RetryPeriod = time.Duration(in.RetryPeriod)
+	if err := Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.LeaseDuration, &out.LeaseDuration, s); err != nil {
+		return err
+	}
+	if err := Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.RenewDeadline, &out.RenewDeadline, s); err != nil {
+		return err
+	}
+	if err := Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.RetryPeriod, &out.RetryPeriod, s); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -166,9 +186,15 @@ func autoConvert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in
 		return err
 	}
 	out.Namespace = in.Namespace
-	out.LeaseDuration = time.Duration(in.LeaseDuration)
-	out.RenewDeadline = time.Duration(in.RenewDeadline)
-	out.RetryPeriod = time.Duration(in.RetryPeriod)
+	if err := Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.LeaseDuration, &out.LeaseDuration, s); err != nil {
+		return err
+	}
+	if err := Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.RenewDeadline, &out.RenewDeadline, s); err != nil {
+		return err
+	}
+	if err := Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.RetryPeriod, &out.RetryPeriod, s); err != nil {
+		return err
+	}
 	return nil
 }
 

internal/apis/config/webhook/v1alpha1/testdata/defaults.json

@@ -4,7 +4,7 @@
 	"tlsConfig": {
 		"filesystem": {},
 		"dynamic": {
-			"leafDuration": 604800000000000
+			"leafDuration": "168h0m0s"
 		}
 	},
 	"enablePprof": false,

pkg/apis/config/controller/v1alpha1/types.go

@@ -17,8 +17,6 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"time"
-
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	logsapi "k8s.io/component-base/logs/api/v1"
 
@@ -144,7 +142,7 @@ type LeaderElectionConfig struct {
 
 	// Leader election healthz checks within this timeout period after the lease
 	// expires will still return healthy.
-	HealthzTimeout time.Duration `json:"healthzTimeout,omitempty"`
+	HealthzTimeout *sharedv1alpha1.Duration `json:"healthzTimeout,omitempty"`
 }
 
 type IngressShimConfig struct {
@@ -221,5 +219,5 @@ type ACMEDNS01Config struct {
 	// For HTTP01 challenges the propagation check verifies that the challenge
 	// token is served at the challenge URL. This should be a valid duration
 	// string, for example 180s or 1h
-	CheckRetryPeriod time.Duration `json:"checkRetryPeriod,omitempty"`
+	CheckRetryPeriod *sharedv1alpha1.Duration `json:"checkRetryPeriod,omitempty"`
 }

pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go

@@ -22,6 +22,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	sharedv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
@@ -38,6 +39,11 @@ func (in *ACMEDNS01Config) DeepCopyInto(out *ACMEDNS01Config) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.CheckRetryPeriod != nil {
+		in, out := &in.CheckRetryPeriod, &out.CheckRetryPeriod
+		*out = new(sharedv1alpha1.Duration)
+		**out = **in
+	}
 	return
 }
 
@@ -195,6 +201,11 @@ func (in *IngressShimConfig) DeepCopy() *IngressShimConfig {
 func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) {
 	*out = *in
 	in.LeaderElectionConfig.DeepCopyInto(&out.LeaderElectionConfig)
+	if in.HealthzTimeout != nil {
+		in, out := &in.HealthzTimeout, &out.HealthzTimeout
+		*out = new(sharedv1alpha1.Duration)
+		**out = **in
+	}
 	return
 }
 

pkg/apis/config/shared/v1alpha1/types_duration.go

@@ -0,0 +1,64 @@
+/*
+Copyright 2021 The cert-manager Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"encoding/json"
+	"fmt"
+	"time"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// Duration is present for backwards compatibility for fields that
+// previously used time.Duration.
+// +k8s:conversion-gen=false
+type Duration struct {
+	// Duration holds the duration
+	Duration metav1.Duration
+}
+
+func DurationFromMetav1(d metav1.Duration) *Duration {
+	return &Duration{Duration: d}
+}
+
+func DurationFromTime(d time.Duration) *Duration {
+	return DurationFromMetav1(metav1.Duration{Duration: d})
+}
+
+func (t *Duration) MarshalJSON() ([]byte, error) {
+	return t.Duration.MarshalJSON()
+}
+
+func (t *Duration) UnmarshalJSON(b []byte) error {
+	if len(b) > 0 && b[0] == '"' {
+		// string values unmarshal as metav1.Duration
+		return json.Unmarshal(b, &t.Duration)
+	}
+	if err := json.Unmarshal(b, &t.Duration.Duration); err != nil {
+		return fmt.Errorf("invalid duration %q: %w", string(b), err)
+	}
+	return nil
+}
+
+func (t *Duration) IsZero() bool {
+	if t == nil {
+		return true
+	}
+
+	return t.Duration.Duration == 0
+}

pkg/apis/config/shared/v1alpha1/types_leaderelection.go

@@ -16,8 +16,6 @@ limitations under the License.
 
 package v1alpha1
 
-import "time"
-
 type LeaderElectionConfig struct {
 	// If true, cert-manager will perform leader election between instances to
 	// ensure no more than one instance of cert-manager operates at a time
@@ -31,14 +29,14 @@ type LeaderElectionConfig struct {
 	// slot. This is effectively the maximum duration that a leader can be stopped
 	// before it is replaced by another candidate. This is only applicable if leader
 	// election is enabled.
-	LeaseDuration time.Duration `json:"leaseDuration,omitempty"`
+	LeaseDuration *Duration `json:"leaseDuration,omitempty"`
 
 	// The interval between attempts by the acting master to renew a leadership slot
 	// before it stops leading. This must be less than or equal to the lease duration.
 	// This is only applicable if leader election is enabled.
-	RenewDeadline time.Duration `json:"renewDeadline,omitempty"`
+	RenewDeadline *Duration `json:"renewDeadline,omitempty"`
 
 	// The duration the clients should wait between attempting acquisition and renewal
 	// of a leadership. This is only applicable if leader election is enabled.
-	RetryPeriod time.Duration `json:"retryPeriod,omitempty"`
+	RetryPeriod *Duration `json:"retryPeriod,omitempty"`
 }

pkg/apis/config/shared/v1alpha1/types_tlsconfig.go

@@ -16,8 +16,6 @@ limitations under the License.
 
 package v1alpha1
 
-import "time"
-
 // TLSConfig configures how TLS certificates are sourced for serving.
 // Only one of 'filesystem' or 'dynamic' may be specified.
 type TLSConfig struct {
@@ -57,7 +55,7 @@ type DynamicServingConfig struct {
 	DNSNames []string `json:"dnsNames,omitempty"`
 
 	// LeafDuration is a customizable duration on serving certificates signed by the CA.
-	LeafDuration time.Duration `json:"leafDuration,omitempty"`
+	LeafDuration *Duration `json:"leafDuration,omitempty"`
 }
 
 // FilesystemServingConfig enables using a certificate and private key found on the local filesystem.

pkg/apis/config/shared/v1alpha1/zz_generated.deepcopy.go

@@ -21,6 +21,23 @@ limitations under the License.
 
 package v1alpha1
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Duration) DeepCopyInto(out *Duration) {
+	*out = *in
+	out.Duration = in.Duration
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Duration.
+func (in *Duration) DeepCopy() *Duration {
+	if in == nil {
+		return nil
+	}
+	out := new(Duration)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) {
 	*out = *in
@@ -29,6 +46,11 @@ func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.LeafDuration != nil {
+		in, out := &in.LeafDuration, &out.LeafDuration
+		*out = new(Duration)
+		**out = **in
+	}
 	return
 }
 
@@ -66,6 +88,21 @@ func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.LeaseDuration != nil {
+		in, out := &in.LeaseDuration, &out.LeaseDuration
+		*out = new(Duration)
+		**out = **in
+	}
+	if in.RenewDeadline != nil {
+		in, out := &in.RenewDeadline, &out.RenewDeadline
+		*out = new(Duration)
+		**out = **in
+	}
+	if in.RetryPeriod != nil {
+		in, out := &in.RetryPeriod, &out.RetryPeriod
+		*out = new(Duration)
+		**out = **in
+	}
 	return
 }