Merge pull request #1789 from JoshVanL/303-certificate-request-resource

Adds CertificateRequest resource

deploy/manifests/00-crds.yaml

@@ -206,6 +206,140 @@ status:
 ---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: certificaterequests.certmanager.k8s.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.conditions[?(@.type=="Ready")].status
+    name: Ready
+    type: string
+  - JSONPath: .spec.issuerRef.name
+    name: Issuer
+    priority: 1
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    priority: 1
+    type: string
+  - JSONPath: .metadata.creationTimestamp
+    description: CreationTimestamp is a timestamp representing the server time when
+      this object was created. It is not guaranteed to be set in happens-before order
+      across separate operations. Clients may not set this value. It is represented
+      in RFC3339 form and is in UTC.
+    name: Age
+    type: date
+  group: certmanager.k8s.io
+  names:
+    kind: CertificateRequest
+    plural: certificaterequests
+    shortNames:
+    - cr
+    - crs
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          properties:
+            csr:
+              description: Byte slice containing the PEM encoded CertificateSigningRequest
+              format: byte
+              type: string
+            duration:
+              description: Requested certificate default Duration
+              type: string
+            isCA:
+              description: IsCA will mark the resulting certificate as valid for signing.
+                This implies that the 'signing' usage is set
+              type: boolean
+            issuerRef:
+              description: IssuerRef is a reference to the issuer for this CertificateRequest.  If
+                the 'kind' field is not set, or set to 'Issuer', an Issuer resource
+                with the given name in the same namespace as the CertificateRequest
+                will be used.  If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
+                with the provided name will be used.  The 'name' field in this stanza
+                is required at all times.
+              properties:
+                kind:
+                  type: string
+                name:
+                  type: string
+              required:
+              - name
+              type: object
+          required:
+          - issuerRef
+          type: object
+        status:
+          properties:
+            ca:
+              description: Byte slice containing the PEM encoded certificate authority
+                of the signed certificate.
+              format: byte
+              type: string
+            certificate:
+              description: Byte slice containing a PEM encoded signed certificate
+                resulting from the given certificate signing request.
+              format: byte
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    description: LastTransitionTime is the timestamp corresponding
+                      to the last status change of this condition.
+                    format: date-time
+                    type: string
+                  message:
+                    description: Message is a human readable description of the details
+                      of the last transition, complementing reason.
+                    type: string
+                  reason:
+                    description: Reason is a brief machine readable explanation for
+                      the condition's last transition.
+                    type: string
+                  status:
+                    description: Status of the condition, one of ('True', 'False',
+                      'Unknown').
+                    enum:
+                    - "True"
+                    - "False"
+                    - Unknown
+                    type: string
+                  type:
+                    description: Type of the condition, currently ('Ready').
+                    type: string
+                required:
+                - type
+                - status
+                type: object
+              type: array
+          type: object
+  version: v1alpha1
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
 metadata:
   creationTimestamp: null
   labels:

hack/update-crds.sh

@@ -34,7 +34,7 @@ out="deploy/manifests/00-crds.yaml"
 rm "$out" > /dev/null 2>&1 || true
 mkdir -p "$(dirname $out)"
 touch "$out"
-for file in $(find "${output}" -type f | sort); do
+for file in $(find "${output}" -type f | sort -V); do
     cat "$file" >> "$out"
     echo "---" >> "$out"
 done

pkg/apis/certmanager/v1alpha1/BUILD.bazel

@@ -11,6 +11,7 @@ go_library(
         "register.go",
         "types.go",
         "types_certificate.go",
+        "types_certificaterequest.go",
         "types_challenge.go",
         "types_issuer.go",
         "types_order.go",

pkg/apis/certmanager/v1alpha1/register.go

@@ -55,6 +55,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&IssuerList{},
 		&ClusterIssuer{},
 		&ClusterIssuerList{},
+		&CertificateRequest{},
+		&CertificateRequestList{},
 		&Order{},
 		&OrderList{},
 		&Challenge{},

pkg/apis/certmanager/v1alpha1/types.go

@@ -59,10 +59,11 @@ type ObjectReference struct {
 }
 
 const (
-	ClusterIssuerKind = "ClusterIssuer"
-	IssuerKind        = "Issuer"
-	CertificateKind   = "Certificate"
-	OrderKind         = "Order"
+	ClusterIssuerKind      = "ClusterIssuer"
+	IssuerKind             = "Issuer"
+	CertificateKind        = "Certificate"
+	CertificateRequestKind = "CertificateRequest"
+	OrderKind              = "Order"
 )
 
 type SecretKeySelector struct {

pkg/apis/certmanager/v1alpha1/types_certificaterequest.go

@@ -0,0 +1,125 @@
+/*
+Copyright 2019 The Jetstack cert-manager contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// CertificateRequest is a type to represent a Certificate Signing Request
+// +k8s:openapi-gen=true
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type=="Ready")].status",description=""
+// +kubebuilder:printcolumn:name="Issuer",type="string",JSONPath=".spec.issuerRef.name",description="",priority=1
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type=="Ready")].message",priority=1
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC."
+// +kubebuilder:resource:path=certificaterequests,shortName=cr;crs
+type CertificateRequest struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CertificateRequestSpec   `json:"spec,omitempty"`
+	Status CertificateRequestStatus `json:"status,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// CertificateRequestList is a list of Certificates
+type CertificateRequestList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+
+	Items []CertificateRequest `json:"items"`
+}
+
+// CertificateRequestSpec defines the desired state of CertificateRequest
+type CertificateRequestSpec struct {
+	// Requested certificate default Duration
+	// +optional
+	Duration *metav1.Duration `json:"duration,omitempty"`
+
+	// IssuerRef is a reference to the issuer for this CertificateRequest.  If
+	// the 'kind' field is not set, or set to 'Issuer', an Issuer resource with
+	// the given name in the same namespace as the CertificateRequest will be
+	// used.  If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with
+	// the provided name will be used.  The 'name' field in this stanza is
+	// required at all times.
+	IssuerRef ObjectReference `json:"issuerRef"`
+
+	// Byte slice containing the PEM encoded CertificateSigningRequest
+	// +optional
+	CSRPEM []byte `json:"csr,omitempty"`
+
+	// IsCA will mark the resulting certificate as valid for signing. This
+	// implies that the 'signing' usage is set
+	// +optional
+	IsCA bool `json:"isCA,omitempty"`
+}
+
+// CertificateStatus defines the observed state of CertificateRequest and
+// resulting signed certificate.
+type CertificateRequestStatus struct {
+	// +optional
+	Conditions []CertificateRequestCondition `json:"conditions,omitempty"`
+
+	// Byte slice containing a PEM encoded signed certificate resulting from the
+	// given certificate signing request.
+	// +optional
+	Certificate []byte `json:"certificate,omitempty"`
+
+	// Byte slice containing the PEM encoded certificate authority of the signed
+	// certificate.
+	// +optional
+	CA []byte `json:"ca,omitempty"`
+}
+
+// CertificateRequestCondition contains condition information for a CertificateRequest.
+type CertificateRequestCondition struct {
+	// Type of the condition, currently ('Ready').
+	Type CertificateRequestConditionType `json:"type"`
+
+	// Status of the condition, one of ('True', 'False', 'Unknown').
+	// +kubebuilder:validation:Enum=True,False,Unknown
+	Status ConditionStatus `json:"status"`
+
+	// LastTransitionTime is the timestamp corresponding to the last status
+	// change of this condition.
+	// +optional
+	LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
+
+	// Reason is a brief machine readable explanation for the condition's last
+	// transition.
+	// +optional
+	Reason string `json:"reason,omitempty"`
+
+	// Message is a human readable description of the details of the last
+	// transition, complementing reason.
+	// +optional
+	Message string `json:"message,omitempty"`
+}
+
+// CertificateRequestConditionType represents an Certificate condition value.
+type CertificateRequestConditionType string
+
+const (
+	// CertificateRequestConditionReady indicates that a certificate is ready for use.
+	// This is defined as:
+	// - The target certificate exists in CertificateRequest.Status
+	CertificateRequestConditionReady CertificateRequestConditionType = "Ready"
+)

pkg/apis/certmanager/v1alpha1/zz_generated.deepcopy.go

@@ -639,6 +639,147 @@ func (in *CertificateList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequest.
+func (in *CertificateRequest) DeepCopy() *CertificateRequest {
+	if in == nil {
+		return nil
+	}
+	out := new(CertificateRequest)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CertificateRequest) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CertificateRequestCondition) DeepCopyInto(out *CertificateRequestCondition) {
+	*out = *in
+	if in.LastTransitionTime != nil {
+		in, out := &in.LastTransitionTime, &out.LastTransitionTime
+		*out = (*in).DeepCopy()
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestCondition.
+func (in *CertificateRequestCondition) DeepCopy() *CertificateRequestCondition {
+	if in == nil {
+		return nil
+	}
+	out := new(CertificateRequestCondition)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	out.ListMeta = in.ListMeta
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]CertificateRequest, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestList.
+func (in *CertificateRequestList) DeepCopy() *CertificateRequestList {
+	if in == nil {
+		return nil
+	}
+	out := new(CertificateRequestList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CertificateRequestList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec) {
+	*out = *in
+	if in.Duration != nil {
+		in, out := &in.Duration, &out.Duration
+		*out = new(v1.Duration)
+		(*in).DeepCopyInto(*out)
+	}
+	out.IssuerRef = in.IssuerRef
+	if in.CSRPEM != nil {
+		in, out := &in.CSRPEM, &out.CSRPEM
+		*out = make([]byte, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestSpec.
+func (in *CertificateRequestSpec) DeepCopy() *CertificateRequestSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(CertificateRequestSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]CertificateRequestCondition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.Certificate != nil {
+		in, out := &in.Certificate, &out.Certificate
+		*out = make([]byte, len(*in))
+		copy(*out, *in)
+	}
+	if in.CA != nil {
+		in, out := &in.CA, &out.CA
+		*out = make([]byte, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestStatus.
+func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(CertificateRequestStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 	*out = *in

pkg/client/clientset/versioned/typed/certmanager/v1alpha1/BUILD.bazel

@@ -4,6 +4,7 @@ go_library(
     name = "go_default_library",
     srcs = [
         "certificate.go",
+        "certificaterequest.go",
         "certmanager_client.go",
         "challenge.go",
         "clusterissuer.go",

pkg/client/clientset/versioned/typed/certmanager/v1alpha1/certificaterequest.go

@@ -0,0 +1,191 @@
+/*
+Copyright 2019 The Jetstack cert-manager contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"time"
+
+	v1alpha1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
+	scheme "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// CertificateRequestsGetter has a method to return a CertificateRequestInterface.
+// A group's client should implement this interface.
+type CertificateRequestsGetter interface {
+	CertificateRequests(namespace string) CertificateRequestInterface
+}
+
+// CertificateRequestInterface has methods to work with CertificateRequest resources.
+type CertificateRequestInterface interface {
+	Create(*v1alpha1.CertificateRequest) (*v1alpha1.CertificateRequest, error)
+	Update(*v1alpha1.CertificateRequest) (*v1alpha1.CertificateRequest, error)
+	UpdateStatus(*v1alpha1.CertificateRequest) (*v1alpha1.CertificateRequest, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha1.CertificateRequest, error)
+	List(opts v1.ListOptions) (*v1alpha1.CertificateRequestList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CertificateRequest, err error)
+	CertificateRequestExpansion
+}
+
+// certificateRequests implements CertificateRequestInterface
+type certificateRequests struct {
+	client rest.Interface
+	ns     string
+}
+
+// newCertificateRequests returns a CertificateRequests
+func newCertificateRequests(c *CertmanagerV1alpha1Client, namespace string) *certificateRequests {
+	return &certificateRequests{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the certificateRequest, and returns the corresponding certificateRequest object, and an error if there is any.
+func (c *certificateRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.CertificateRequest, err error) {
+	result = &v1alpha1.CertificateRequest{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("certificaterequests").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of CertificateRequests that match those selectors.
+func (c *certificateRequests) List(opts v1.ListOptions) (result *v1alpha1.CertificateRequestList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.CertificateRequestList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("certificaterequests").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested certificateRequests.
+func (c *certificateRequests) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("certificaterequests").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch()
+}
+
+// Create takes the representation of a certificateRequest and creates it.  Returns the server's representation of the certificateRequest, and an error, if there is any.
+func (c *certificateRequests) Create(certificateRequest *v1alpha1.CertificateRequest) (result *v1alpha1.CertificateRequest, err error) {
+	result = &v1alpha1.CertificateRequest{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("certificaterequests").
+		Body(certificateRequest).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a certificateRequest and updates it. Returns the server's representation of the certificateRequest, and an error, if there is any.
+func (c *certificateRequests) Update(certificateRequest *v1alpha1.CertificateRequest) (result *v1alpha1.CertificateRequest, err error) {
+	result = &v1alpha1.CertificateRequest{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("certificaterequests").
+		Name(certificateRequest.Name).
+		Body(certificateRequest).
+		Do().
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+
+func (c *certificateRequests) UpdateStatus(certificateRequest *v1alpha1.CertificateRequest) (result *v1alpha1.CertificateRequest, err error) {
+	result = &v1alpha1.CertificateRequest{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("certificaterequests").
+		Name(certificateRequest.Name).
+		SubResource("status").
+		Body(certificateRequest).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the certificateRequest and deletes it. Returns an error if one occurs.
+func (c *certificateRequests) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("certificaterequests").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *certificateRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	var timeout time.Duration
+	if listOptions.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("certificaterequests").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Patch applies the patch and returns the patched certificateRequest.
+func (c *certificateRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CertificateRequest, err error) {
+	result = &v1alpha1.CertificateRequest{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("certificaterequests").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/client/clientset/versioned/typed/certmanager/v1alpha1/certmanager_client.go

@@ -28,6 +28,7 @@ import (
 type CertmanagerV1alpha1Interface interface {
 	RESTClient() rest.Interface
 	CertificatesGetter
+	CertificateRequestsGetter
 	ChallengesGetter
 	ClusterIssuersGetter
 	IssuersGetter
@@ -43,6 +44,10 @@ func (c *CertmanagerV1alpha1Client) Certificates(namespace string) CertificateIn
 	return newCertificates(c, namespace)
 }
 
+func (c *CertmanagerV1alpha1Client) CertificateRequests(namespace string) CertificateRequestInterface {
+	return newCertificateRequests(c, namespace)
+}
+
 func (c *CertmanagerV1alpha1Client) Challenges(namespace string) ChallengeInterface {
 	return newChallenges(c, namespace)
 }

pkg/client/clientset/versioned/typed/certmanager/v1alpha1/fake/BUILD.bazel

@@ -5,6 +5,7 @@ go_library(
     srcs = [
         "doc.go",
         "fake_certificate.go",
+        "fake_certificaterequest.go",
         "fake_certmanager_client.go",
         "fake_challenge.go",
         "fake_clusterissuer.go",

pkg/client/clientset/versioned/typed/certmanager/v1alpha1/fake/fake_certificaterequest.go

@@ -0,0 +1,140 @@
+/*
+Copyright 2019 The Jetstack cert-manager contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1alpha1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeCertificateRequests implements CertificateRequestInterface
+type FakeCertificateRequests struct {
+	Fake *FakeCertmanagerV1alpha1
+	ns   string
+}
+
+var certificaterequestsResource = schema.GroupVersionResource{Group: "certmanager.k8s.io", Version: "v1alpha1", Resource: "certificaterequests"}
+
+var certificaterequestsKind = schema.GroupVersionKind{Group: "certmanager.k8s.io", Version: "v1alpha1", Kind: "CertificateRequest"}
+
+// Get takes name of the certificateRequest, and returns the corresponding certificateRequest object, and an error if there is any.
+func (c *FakeCertificateRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.CertificateRequest, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(certificaterequestsResource, c.ns, name), &v1alpha1.CertificateRequest{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.CertificateRequest), err
+}
+
+// List takes label and field selectors, and returns the list of CertificateRequests that match those selectors.
+func (c *FakeCertificateRequests) List(opts v1.ListOptions) (result *v1alpha1.CertificateRequestList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(certificaterequestsResource, certificaterequestsKind, c.ns, opts), &v1alpha1.CertificateRequestList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.CertificateRequestList{ListMeta: obj.(*v1alpha1.CertificateRequestList).ListMeta}
+	for _, item := range obj.(*v1alpha1.CertificateRequestList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested certificateRequests.
+func (c *FakeCertificateRequests) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(certificaterequestsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a certificateRequest and creates it.  Returns the server's representation of the certificateRequest, and an error, if there is any.
+func (c *FakeCertificateRequests) Create(certificateRequest *v1alpha1.CertificateRequest) (result *v1alpha1.CertificateRequest, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(certificaterequestsResource, c.ns, certificateRequest), &v1alpha1.CertificateRequest{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.CertificateRequest), err
+}
+
+// Update takes the representation of a certificateRequest and updates it. Returns the server's representation of the certificateRequest, and an error, if there is any.
+func (c *FakeCertificateRequests) Update(certificateRequest *v1alpha1.CertificateRequest) (result *v1alpha1.CertificateRequest, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(certificaterequestsResource, c.ns, certificateRequest), &v1alpha1.CertificateRequest{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.CertificateRequest), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeCertificateRequests) UpdateStatus(certificateRequest *v1alpha1.CertificateRequest) (*v1alpha1.CertificateRequest, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateSubresourceAction(certificaterequestsResource, "status", c.ns, certificateRequest), &v1alpha1.CertificateRequest{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.CertificateRequest), err
+}
+
+// Delete takes name of the certificateRequest and deletes it. Returns an error if one occurs.
+func (c *FakeCertificateRequests) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(certificaterequestsResource, c.ns, name), &v1alpha1.CertificateRequest{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeCertificateRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(certificaterequestsResource, c.ns, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.CertificateRequestList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched certificateRequest.
+func (c *FakeCertificateRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CertificateRequest, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(certificaterequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.CertificateRequest{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.CertificateRequest), err
+}

pkg/client/clientset/versioned/typed/certmanager/v1alpha1/fake/fake_certmanager_client.go

@@ -32,6 +32,10 @@ func (c *FakeCertmanagerV1alpha1) Certificates(namespace string) v1alpha1.Certif
 	return &FakeCertificates{c, namespace}
 }
 
+func (c *FakeCertmanagerV1alpha1) CertificateRequests(namespace string) v1alpha1.CertificateRequestInterface {
+	return &FakeCertificateRequests{c, namespace}
+}
+
 func (c *FakeCertmanagerV1alpha1) Challenges(namespace string) v1alpha1.ChallengeInterface {
 	return &FakeChallenges{c, namespace}
 }

pkg/client/clientset/versioned/typed/certmanager/v1alpha1/generated_expansion.go

@@ -20,6 +20,8 @@ package v1alpha1
 
 type CertificateExpansion interface{}
 
+type CertificateRequestExpansion interface{}
+
 type ChallengeExpansion interface{}
 
 type ClusterIssuerExpansion interface{}

pkg/client/informers/externalversions/certmanager/v1alpha1/BUILD.bazel

@@ -4,6 +4,7 @@ go_library(
     name = "go_default_library",
     srcs = [
         "certificate.go",
+        "certificaterequest.go",
         "challenge.go",
         "clusterissuer.go",
         "interface.go",

pkg/client/informers/externalversions/certmanager/v1alpha1/certificaterequest.go

@@ -0,0 +1,89 @@
+/*
+Copyright 2019 The Jetstack cert-manager contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	time "time"
+
+	certmanagerv1alpha1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
+	versioned "github.com/jetstack/cert-manager/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/jetstack/cert-manager/pkg/client/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/jetstack/cert-manager/pkg/client/listers/certmanager/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// CertificateRequestInformer provides access to a shared informer and lister for
+// CertificateRequests.
+type CertificateRequestInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.CertificateRequestLister
+}
+
+type certificateRequestInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewCertificateRequestInformer constructs a new informer for CertificateRequest type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewCertificateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredCertificateRequestInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredCertificateRequestInformer constructs a new informer for CertificateRequest type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredCertificateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.CertmanagerV1alpha1().CertificateRequests(namespace).List(options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.CertmanagerV1alpha1().CertificateRequests(namespace).Watch(options)
+			},
+		},
+		&certmanagerv1alpha1.CertificateRequest{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *certificateRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredCertificateRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *certificateRequestInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&certmanagerv1alpha1.CertificateRequest{}, f.defaultInformer)
+}
+
+func (f *certificateRequestInformer) Lister() v1alpha1.CertificateRequestLister {
+	return v1alpha1.NewCertificateRequestLister(f.Informer().GetIndexer())
+}

pkg/client/informers/externalversions/certmanager/v1alpha1/interface.go

@@ -26,6 +26,8 @@ import (
 type Interface interface {
 	// Certificates returns a CertificateInformer.
 	Certificates() CertificateInformer
+	// CertificateRequests returns a CertificateRequestInformer.
+	CertificateRequests() CertificateRequestInformer
 	// Challenges returns a ChallengeInformer.
 	Challenges() ChallengeInformer
 	// ClusterIssuers returns a ClusterIssuerInformer.
@@ -52,6 +54,11 @@ func (v *version) Certificates() CertificateInformer {
 	return &certificateInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
 }
 
+// CertificateRequests returns a CertificateRequestInformer.
+func (v *version) CertificateRequests() CertificateRequestInformer {
+	return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
 // Challenges returns a ChallengeInformer.
 func (v *version) Challenges() ChallengeInformer {
 	return &challengeInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}

pkg/client/informers/externalversions/generic.go

@@ -55,6 +55,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 	// Group=certmanager.k8s.io, Version=v1alpha1
 	case v1alpha1.SchemeGroupVersion.WithResource("certificates"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1alpha1().Certificates().Informer()}, nil
+	case v1alpha1.SchemeGroupVersion.WithResource("certificaterequests"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1alpha1().CertificateRequests().Informer()}, nil
 	case v1alpha1.SchemeGroupVersion.WithResource("challenges"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1alpha1().Challenges().Informer()}, nil
 	case v1alpha1.SchemeGroupVersion.WithResource("clusterissuers"):

pkg/client/listers/certmanager/v1alpha1/BUILD.bazel

@@ -4,6 +4,7 @@ go_library(
     name = "go_default_library",
     srcs = [
         "certificate.go",
+        "certificaterequest.go",
         "challenge.go",
         "clusterissuer.go",
         "expansion_generated.go",

pkg/client/listers/certmanager/v1alpha1/certificaterequest.go

@@ -0,0 +1,94 @@
+/*
+Copyright 2019 The Jetstack cert-manager contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// CertificateRequestLister helps list CertificateRequests.
+type CertificateRequestLister interface {
+	// List lists all CertificateRequests in the indexer.
+	List(selector labels.Selector) (ret []*v1alpha1.CertificateRequest, err error)
+	// CertificateRequests returns an object that can list and get CertificateRequests.
+	CertificateRequests(namespace string) CertificateRequestNamespaceLister
+	CertificateRequestListerExpansion
+}
+
+// certificateRequestLister implements the CertificateRequestLister interface.
+type certificateRequestLister struct {
+	indexer cache.Indexer
+}
+
+// NewCertificateRequestLister returns a new CertificateRequestLister.
+func NewCertificateRequestLister(indexer cache.Indexer) CertificateRequestLister {
+	return &certificateRequestLister{indexer: indexer}
+}
+
+// List lists all CertificateRequests in the indexer.
+func (s *certificateRequestLister) List(selector labels.Selector) (ret []*v1alpha1.CertificateRequest, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.CertificateRequest))
+	})
+	return ret, err
+}
+
+// CertificateRequests returns an object that can list and get CertificateRequests.
+func (s *certificateRequestLister) CertificateRequests(namespace string) CertificateRequestNamespaceLister {
+	return certificateRequestNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// CertificateRequestNamespaceLister helps list and get CertificateRequests.
+type CertificateRequestNamespaceLister interface {
+	// List lists all CertificateRequests in the indexer for a given namespace.
+	List(selector labels.Selector) (ret []*v1alpha1.CertificateRequest, err error)
+	// Get retrieves the CertificateRequest from the indexer for a given namespace and name.
+	Get(name string) (*v1alpha1.CertificateRequest, error)
+	CertificateRequestNamespaceListerExpansion
+}
+
+// certificateRequestNamespaceLister implements the CertificateRequestNamespaceLister
+// interface.
+type certificateRequestNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all CertificateRequests in the indexer for a given namespace.
+func (s certificateRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CertificateRequest, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.CertificateRequest))
+	})
+	return ret, err
+}
+
+// Get retrieves the CertificateRequest from the indexer for a given namespace and name.
+func (s certificateRequestNamespaceLister) Get(name string) (*v1alpha1.CertificateRequest, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("certificaterequest"), name)
+	}
+	return obj.(*v1alpha1.CertificateRequest), nil
+}

pkg/client/listers/certmanager/v1alpha1/expansion_generated.go

@@ -26,6 +26,14 @@ type CertificateListerExpansion interface{}
 // CertificateNamespaceLister.
 type CertificateNamespaceListerExpansion interface{}
 
+// CertificateRequestListerExpansion allows custom methods to be added to
+// CertificateRequestLister.
+type CertificateRequestListerExpansion interface{}
+
+// CertificateRequestNamespaceListerExpansion allows custom methods to be added to
+// CertificateRequestNamespaceLister.
+type CertificateRequestNamespaceListerExpansion interface{}
+
 // ChallengeListerExpansion allows custom methods to be added to
 // ChallengeLister.
 type ChallengeListerExpansion interface{}