feat: copy SecretTemplate api to v1alpha2 v1alpha3 and v1beta1

Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
2021-06-29 12:14:38 +01:00 · 2021-06-29 12:14:38 +01:00 · 9f36f8984b
commit 9f36f8984b
parent 1f87c098a1
10 changed files with 201 additions and 5 deletions
--- a/deploy/crds/crd-certificates.yaml
+++ b/deploy/crds/crd-certificates.yaml
@ -214,6 +214,20 @@ spec:
                secretName:
                  description: SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer.
                  type: string
+                secretTemplate:
+                  description: SecretTemplate defines annotations and labels to be propagated to the Kubernetes Secret when it is created or updated.
+                  type: object
+                  properties:
+                    annotations:
+                      description: Annotations is a key value map to be copied to the target Kubernetes Secret.
+                      type: object
+                      additionalProperties:
+                        type: string
+                    labels:
+                      description: Labels is a key value map to be copied to the target Kubernetes Secret.
+                      type: object
+                      additionalProperties:
+                        type: string
                subject:
                  description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
                  type: object
@ -512,6 +526,20 @@ spec:
                secretName:
                  description: SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer.
                  type: string
+                secretTemplate:
+                  description: SecretTemplate defines annotations and labels to be propagated to the Kubernetes Secret when it is created or updated.
+                  type: object
+                  properties:
+                    annotations:
+                      description: Annotations is a key value map to be copied to the target Kubernetes Secret.
+                      type: object
+                      additionalProperties:
+                        type: string
+                    labels:
+                      description: Labels is a key value map to be copied to the target Kubernetes Secret.
+                      type: object
+                      additionalProperties:
+                        type: string
                subject:
                  description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
                  type: object
@ -817,6 +845,20 @@ spec:
                secretName:
                  description: SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer.
                  type: string
+                secretTemplate:
+                  description: SecretTemplate defines annotations and labels to be propagated to the Kubernetes Secret when it is created or updated.
+                  type: object
+                  properties:
+                    annotations:
+                      description: Annotations is a key value map to be copied to the target Kubernetes Secret.
+                      type: object
+                      additionalProperties:
+                        type: string
+                    labels:
+                      description: Labels is a key value map to be copied to the target Kubernetes Secret.
+                      type: object
+                      additionalProperties:
+                        type: string
                subject:
                  description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
                  type: object
--- a/pkg/apis/certmanager/v1alpha2/types_certificate.go
+++ b/pkg/apis/certmanager/v1alpha2/types_certificate.go
@ -135,6 +135,11 @@ type CertificateSpec struct {
 	// denoted issuer.
 	SecretName string `json:"secretName"`

+	// SecretTemplate defines annotations and labels to be propagated
+	// to the Kubernetes Secret when it is created or updated.
+	// +optional
+	SecretTemplate *CertificateSecretTemplate `json:"secretTemplate,omitempty"`
+
 	// Keystores configures additional keystore output formats stored in the
 	// `secretName` Secret resource.
 	// +optional
@ -423,3 +428,15 @@ const (
 	// It will be removed by the 'issuing' controller upon completing issuance.
 	CertificateConditionIssuing CertificateConditionType = "Issuing"
 )
+
+// CertificateSecretTemplate defines the default labels and annotations
+// to be copied to the Kubernetes Secret resource named in `CertificateSpec.secretName`.
+type CertificateSecretTemplate struct {
+	// Annotations is a key value map to be copied to the target Kubernetes Secret.
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// Labels is a key value map to be copied to the target Kubernetes Secret.
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+}
--- a/pkg/apis/certmanager/v1alpha2/zz_generated.deepcopy.go
+++ b/pkg/apis/certmanager/v1alpha2/zz_generated.deepcopy.go
@ -346,6 +346,36 @@ func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CertificateSecretTemplate) DeepCopyInto(out *CertificateSecretTemplate) {
+	*out = *in
+	if in.Annotations != nil {
+		in, out := &in.Annotations, &out.Annotations
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Labels != nil {
+		in, out := &in.Labels, &out.Labels
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSecretTemplate.
+func (in *CertificateSecretTemplate) DeepCopy() *CertificateSecretTemplate {
+	if in == nil {
+		return nil
+	}
+	out := new(CertificateSecretTemplate)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 	*out = *in
@ -389,6 +419,11 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.SecretTemplate != nil {
+		in, out := &in.SecretTemplate, &out.SecretTemplate
+		*out = new(CertificateSecretTemplate)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Keystores != nil {
 		in, out := &in.Keystores, &out.Keystores
 		*out = new(CertificateKeystores)
--- a/pkg/apis/certmanager/v1alpha3/types_certificate.go
+++ b/pkg/apis/certmanager/v1alpha3/types_certificate.go
@ -133,6 +133,11 @@ type CertificateSpec struct {
 	// denoted issuer.
 	SecretName string `json:"secretName"`

+	// SecretTemplate defines annotations and labels to be propagated
+	// to the Kubernetes Secret when it is created or updated.
+	// +optional
+	SecretTemplate *CertificateSecretTemplate `json:"secretTemplate,omitempty"`
+
 	// Keystores configures additional keystore output formats stored in the
 	// `secretName` Secret resource.
 	// +optional
@ -430,3 +435,15 @@ const (
 	// It will be removed by the 'issuing' controller upon completing issuance.
 	CertificateConditionIssuing CertificateConditionType = "Issuing"
 )
+
+// CertificateSecretTemplate defines the default labels and annotations
+// to be copied to the Kubernetes Secret resource named in `CertificateSpec.secretName`.
+type CertificateSecretTemplate struct {
+	// Annotations is a key value map to be copied to the target Kubernetes Secret.
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// Labels is a key value map to be copied to the target Kubernetes Secret.
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+}
--- a/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go
+++ b/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go
@ -346,6 +346,36 @@ func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CertificateSecretTemplate) DeepCopyInto(out *CertificateSecretTemplate) {
+	*out = *in
+	if in.Annotations != nil {
+		in, out := &in.Annotations, &out.Annotations
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Labels != nil {
+		in, out := &in.Labels, &out.Labels
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSecretTemplate.
+func (in *CertificateSecretTemplate) DeepCopy() *CertificateSecretTemplate {
+	if in == nil {
+		return nil
+	}
+	out := new(CertificateSecretTemplate)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 	*out = *in
@ -384,6 +414,11 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.SecretTemplate != nil {
+		in, out := &in.SecretTemplate, &out.SecretTemplate
+		*out = new(CertificateSecretTemplate)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Keystores != nil {
 		in, out := &in.Keystores, &out.Keystores
 		*out = new(CertificateKeystores)
--- a/pkg/apis/certmanager/v1beta1/types_certificate.go
+++ b/pkg/apis/certmanager/v1beta1/types_certificate.go
@ -134,6 +134,11 @@ type CertificateSpec struct {
 	// denoted issuer.
 	SecretName string `json:"secretName"`

+	// SecretTemplate defines annotations and labels to be propagated
+	// to the Kubernetes Secret when it is created or updated.
+	// +optional
+	SecretTemplate *CertificateSecretTemplate `json:"secretTemplate,omitempty"`
+
 	// Keystores configures additional keystore output formats stored in the
 	// `secretName` Secret resource.
 	// +optional
@ -428,3 +433,15 @@ const (
 	// It will be removed by the 'issuing' controller upon completing issuance.
 	CertificateConditionIssuing CertificateConditionType = "Issuing"
 )
+
+// CertificateSecretTemplate defines the default labels and annotations
+// to be copied to the Kubernetes Secret resource named in `CertificateSpec.secretName`.
+type CertificateSecretTemplate struct {
+	// Annotations is a key value map to be copied to the target Kubernetes Secret.
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// Labels is a key value map to be copied to the target Kubernetes Secret.
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+}
--- a/pkg/apis/certmanager/v1beta1/zz_generated.deepcopy.go
+++ b/pkg/apis/certmanager/v1beta1/zz_generated.deepcopy.go
@ -346,6 +346,36 @@ func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CertificateSecretTemplate) DeepCopyInto(out *CertificateSecretTemplate) {
+	*out = *in
+	if in.Annotations != nil {
+		in, out := &in.Annotations, &out.Annotations
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Labels != nil {
+		in, out := &in.Labels, &out.Labels
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSecretTemplate.
+func (in *CertificateSecretTemplate) DeepCopy() *CertificateSecretTemplate {
+	if in == nil {
+		return nil
+	}
+	out := new(CertificateSecretTemplate)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 	*out = *in
@ -384,6 +414,11 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.SecretTemplate != nil {
+		in, out := &in.SecretTemplate, &out.SecretTemplate
+		*out = new(CertificateSecretTemplate)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Keystores != nil {
 		in, out := &in.Keystores, &out.Keystores
 		*out = new(CertificateKeystores)
--- a/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go
+++ b/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go
@ -743,6 +743,7 @@ func autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *v1a
 	out.URISANs = *(*[]string)(unsafe.Pointer(&in.URISANs))
 	out.EmailSANs = *(*[]string)(unsafe.Pointer(&in.EmailSANs))
 	out.SecretName = in.SecretName
+	// WARNING: in.SecretTemplate requires manual conversion: does not exist in peer-type
 	if in.Keystores != nil {
 		in, out := &in.Keystores, &out.Keystores
 		*out = new(certmanager.CertificateKeystores)
--- a/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go
+++ b/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go
@ -742,6 +742,7 @@ func autoConvert_v1alpha3_CertificateSpec_To_certmanager_CertificateSpec(in *v1a
 	out.URISANs = *(*[]string)(unsafe.Pointer(&in.URISANs))
 	out.EmailSANs = *(*[]string)(unsafe.Pointer(&in.EmailSANs))
 	out.SecretName = in.SecretName
+	// WARNING: in.SecretTemplate requires manual conversion: does not exist in peer-type
 	if in.Keystores != nil {
 		in, out := &in.Keystores, &out.Keystores
 		*out = new(certmanager.CertificateKeystores)
--- a/pkg/internal/apis/certmanager/v1beta1/zz_generated.conversion.go
+++ b/pkg/internal/apis/certmanager/v1beta1/zz_generated.conversion.go
@ -752,6 +752,7 @@ func autoConvert_v1beta1_CertificateSpec_To_certmanager_CertificateSpec(in *v1be
 	out.URISANs = *(*[]string)(unsafe.Pointer(&in.URISANs))
 	out.EmailSANs = *(*[]string)(unsafe.Pointer(&in.EmailSANs))
 	out.SecretName = in.SecretName
+	// WARNING: in.SecretTemplate requires manual conversion: does not exist in peer-type
 	if in.Keystores != nil {
 		in, out := &in.Keystores, &out.Keystores
 		*out = new(certmanager.CertificateKeystores)
@ -772,11 +773,6 @@ func autoConvert_v1beta1_CertificateSpec_To_certmanager_CertificateSpec(in *v1be
 	return nil
 }

-// Convert_v1beta1_CertificateSpec_To_certmanager_CertificateSpec is an autogenerated conversion function.
-func Convert_v1beta1_CertificateSpec_To_certmanager_CertificateSpec(in *v1beta1.CertificateSpec, out *certmanager.CertificateSpec, s conversion.Scope) error {
-	return autoConvert_v1beta1_CertificateSpec_To_certmanager_CertificateSpec(in, out, s)
-}
-
 func autoConvert_certmanager_CertificateSpec_To_v1beta1_CertificateSpec(in *certmanager.CertificateSpec, out *v1beta1.CertificateSpec, s conversion.Scope) error {
 	out.Subject = (*v1beta1.X509Subject)(unsafe.Pointer(in.Subject))
 	out.CommonName = in.CommonName