diff --git a/cmd/controller/main.go b/cmd/controller/main.go index cbbc8bc5c8d..8a651060090 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -20,7 +20,15 @@ import ( // Uncomment the following line to load the gcp plugin (only required to authenticate against GKE clusters). // _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" + "knative.dev/eventing/pkg/apis/feature" + "knative.dev/eventing/pkg/client/certmanager/injection/informers/acme/v1/challenge" + v1certificate "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificate" + "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest" + "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer" + "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/issuer" + "knative.dev/pkg/injection" "knative.dev/pkg/injection/sharedmain" + "knative.dev/pkg/logging" filteredFactory "knative.dev/pkg/client/injection/kube/informers/factory/filtered" "knative.dev/pkg/signals" @@ -53,8 +61,19 @@ func main() { auth.OIDCLabelSelector, eventingtls.TrustBundleLabelSelector, sinks.JobSinkJobsLabelSelector, + "app.kubernetes.io/name", ) + var featureStore *feature.Store + featureStore = feature.NewStore(logging.FromContext(ctx).Named("feature-config-store"), func(name string, value interface{}) { + featureFlags := value.(feature.Flags) + if !featureFlags.IsDisabledTransportEncryption() && featureStore != nil { + for _, inf := range []injection.InformerInjector{challenge.WithInformer, v1certificate.WithInformer, certificaterequest.WithInformer, clusterissuer.WithInformer, issuer.WithInformer} { + injection.Default.RegisterInformer(inf) + } + } + }) + sharedmain.MainWithContext(ctx, "controller", // Messaging channel.NewController, diff --git a/config/core-tls/integration-sink-tls-certificate.yaml b/config/core-tls/integration-sink-tls-certificate.yaml deleted file mode 100644 index 7feca251d27..00000000000 --- a/config/core-tls/integration-sink-tls-certificate.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2023 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: integration-sink-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: integration-sink-server-tls - - secretTemplate: - labels: - app.kubernetes.io/component: integration-sink - app.kubernetes.io/name: knative-eventing - - # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator - duration: 2160h0m0s # 90d - renewBefore: 360h0m0s # 15d - subject: - organizations: - - local - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - rotationPolicy: Always - - dnsNames: - - integration-sink.knative-eventing.svc.cluster.local - - integration-sink.knative-eventing.svc - - issuerRef: - name: knative-eventing-ca-issuer - kind: ClusterIssuer - group: cert-manager.io diff --git a/config/core/roles/controller-clusterroles.yaml b/config/core/roles/controller-clusterroles.yaml index eef3298792b..824f8ad14c2 100644 --- a/config/core/roles/controller-clusterroles.yaml +++ b/config/core/roles/controller-clusterroles.yaml @@ -221,3 +221,32 @@ rules: - "delete" - "patch" - "watch" + + - apiGroups: + - "cert-manager.io" + resources: + - "certificates" + - "clusterissuers" + - "certificaterequests" + - "issuers" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + + - apiGroups: + - "acme.cert-manager.io" + resources: + - "challenges" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" diff --git a/go.mod b/go.mod index 76d1f4bd50a..83f846eaaa6 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.22.7 require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210420163308-c1402a70e2f1 + github.com/cert-manager/cert-manager v1.13.3 github.com/cloudevents/conformance v0.2.0 github.com/cloudevents/sdk-go/observability/opencensus/v2 v2.15.2 github.com/cloudevents/sdk-go/protocol/mqtt_paho/v2 v2.0.0-20240508060731-1ed9471c98bd @@ -60,7 +61,7 @@ require ( github.com/blendle/zapdriver v1.3.1 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect @@ -84,7 +85,7 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.55.0 // indirect @@ -119,6 +120,7 @@ require ( k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 // indirect + sigs.k8s.io/gateway-api v0.8.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index 2426d69edda..b8f898a5be5 100644 --- a/go.sum +++ b/go.sum @@ -64,6 +64,8 @@ github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= +github.com/cert-manager/cert-manager v1.13.3 h1:3R4G0RI7K0OkTZhWlVOC5SGZMYa2NwqmQJoyKydrz/M= +github.com/cert-manager/cert-manager v1.13.3/go.mod h1:BM2+Pt/NmSv1Zr25/MHv6BgIEF9IUxA1xAjp80qkxgc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= @@ -91,8 +93,9 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= @@ -327,8 +330,9 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -850,6 +854,8 @@ knative.dev/reconciler-test v0.0.0-20241223131247-96258bea6ce4/go.mod h1:zDapuiJ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +sigs.k8s.io/gateway-api v0.8.0 h1:isQQ3Jx2qFP7vaA3ls0846F0Amp9Eq14P08xbSwVbQg= +sigs.k8s.io/gateway-api v0.8.0/go.mod h1:okOnjPNBFbIS/Rw9kAhuIUaIkLhTKEu+ARIuXk2dgaM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index dc5206ae11d..5022868f8a4 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -44,6 +44,13 @@ kube::codegen::gen_client \ --with-watch \ "${REPO_ROOT_DIR}/pkg/apis" +kube::codegen::gen_client \ + --boilerplate "${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt" \ + --output-dir "${REPO_ROOT_DIR}/pkg/client/certmanager" \ + --output-pkg "knative.dev/eventing/pkg/client/certmanager" \ + --with-watch \ + "${REPO_ROOT_DIR}/vendor/github.com/cert-manager/cert-manager/pkg/apis" + group "Knative Codegen" # Knative Injection @@ -52,6 +59,13 @@ ${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \ "sinks:v1alpha1 eventing:v1alpha1 eventing:v1beta1 eventing:v1beta2 eventing:v1beta3 eventing:v1 messaging:v1 flows:v1 sources:v1alpha1 sources:v1beta2 sources:v1 duck:v1beta1 duck:v1" \ --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt +# Knative Injection (for cert-manager) +${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \ + knative.dev/eventing/pkg/client/certmanager github.com/cert-manager/cert-manager/pkg/apis \ + "certmanager:v1 acme:v1" \ + --disable-informer-init \ + --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt + group "Generating API reference docs" ${REPO_ROOT_DIR}/hack/update-reference-docs.sh diff --git a/pkg/client/certmanager/clientset/versioned/clientset.go b/pkg/client/certmanager/clientset/versioned/clientset.go new file mode 100644 index 00000000000..6997909367d --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/clientset.go @@ -0,0 +1,133 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package versioned + +import ( + "fmt" + "net/http" + + discovery "k8s.io/client-go/discovery" + rest "k8s.io/client-go/rest" + flowcontrol "k8s.io/client-go/util/flowcontrol" + acmev1 "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/typed/acme/v1" + certmanagerv1 "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1" +) + +type Interface interface { + Discovery() discovery.DiscoveryInterface + AcmeV1() acmev1.AcmeV1Interface + CertmanagerV1() certmanagerv1.CertmanagerV1Interface +} + +// Clientset contains the clients for groups. +type Clientset struct { + *discovery.DiscoveryClient + acmeV1 *acmev1.AcmeV1Client + certmanagerV1 *certmanagerv1.CertmanagerV1Client +} + +// AcmeV1 retrieves the AcmeV1Client +func (c *Clientset) AcmeV1() acmev1.AcmeV1Interface { + return c.acmeV1 +} + +// CertmanagerV1 retrieves the CertmanagerV1Client +func (c *Clientset) CertmanagerV1() certmanagerv1.CertmanagerV1Interface { + return c.certmanagerV1 +} + +// Discovery retrieves the DiscoveryClient +func (c *Clientset) Discovery() discovery.DiscoveryInterface { + if c == nil { + return nil + } + return c.DiscoveryClient +} + +// NewForConfig creates a new Clientset for the given config. +// If config's RateLimiter is not set and QPS and Burst are acceptable, +// NewForConfig will generate a rate-limiter in configShallowCopy. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*Clientset, error) { + configShallowCopy := *c + + if configShallowCopy.UserAgent == "" { + configShallowCopy.UserAgent = rest.DefaultKubernetesUserAgent() + } + + // share the transport between all clients + httpClient, err := rest.HTTPClientFor(&configShallowCopy) + if err != nil { + return nil, err + } + + return NewForConfigAndClient(&configShallowCopy, httpClient) +} + +// NewForConfigAndClient creates a new Clientset for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +// If config's RateLimiter is not set and QPS and Burst are acceptable, +// NewForConfigAndClient will generate a rate-limiter in configShallowCopy. +func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, error) { + configShallowCopy := *c + if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { + if configShallowCopy.Burst <= 0 { + return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0") + } + configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) + } + + var cs Clientset + var err error + cs.acmeV1, err = acmev1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + cs.certmanagerV1, err = certmanagerv1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + + cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + return &cs, nil +} + +// NewForConfigOrDie creates a new Clientset for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *Clientset { + cs, err := NewForConfig(c) + if err != nil { + panic(err) + } + return cs +} + +// New creates a new Clientset for the given RESTClient. +func New(c rest.Interface) *Clientset { + var cs Clientset + cs.acmeV1 = acmev1.New(c) + cs.certmanagerV1 = certmanagerv1.New(c) + + cs.DiscoveryClient = discovery.NewDiscoveryClient(c) + return &cs +} diff --git a/pkg/client/certmanager/clientset/versioned/fake/clientset_generated.go b/pkg/client/certmanager/clientset/versioned/fake/clientset_generated.go new file mode 100644 index 00000000000..417cffbfe22 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/fake/clientset_generated.go @@ -0,0 +1,92 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/client-go/discovery" + fakediscovery "k8s.io/client-go/discovery/fake" + "k8s.io/client-go/testing" + clientset "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + acmev1 "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/typed/acme/v1" + fakeacmev1 "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake" + certmanagerv1 "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1" + fakecertmanagerv1 "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake" +) + +// NewSimpleClientset returns a clientset that will respond with the provided objects. +// It's backed by a very simple object tracker that processes creates, updates and deletions as-is, +// without applying any validations and/or defaults. It shouldn't be considered a replacement +// for a real clientset and is mostly useful in simple unit tests. +func NewSimpleClientset(objects ...runtime.Object) *Clientset { + o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) + for _, obj := range objects { + if err := o.Add(obj); err != nil { + panic(err) + } + } + + cs := &Clientset{tracker: o} + cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake} + cs.AddReactor("*", "*", testing.ObjectReaction(o)) + cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) { + gvr := action.GetResource() + ns := action.GetNamespace() + watch, err := o.Watch(gvr, ns) + if err != nil { + return false, nil, err + } + return true, watch, nil + }) + + return cs +} + +// Clientset implements clientset.Interface. Meant to be embedded into a +// struct to get a default implementation. This makes faking out just the method +// you want to test easier. +type Clientset struct { + testing.Fake + discovery *fakediscovery.FakeDiscovery + tracker testing.ObjectTracker +} + +func (c *Clientset) Discovery() discovery.DiscoveryInterface { + return c.discovery +} + +func (c *Clientset) Tracker() testing.ObjectTracker { + return c.tracker +} + +var ( + _ clientset.Interface = &Clientset{} + _ testing.FakeClient = &Clientset{} +) + +// AcmeV1 retrieves the AcmeV1Client +func (c *Clientset) AcmeV1() acmev1.AcmeV1Interface { + return &fakeacmev1.FakeAcmeV1{Fake: &c.Fake} +} + +// CertmanagerV1 retrieves the CertmanagerV1Client +func (c *Clientset) CertmanagerV1() certmanagerv1.CertmanagerV1Interface { + return &fakecertmanagerv1.FakeCertmanagerV1{Fake: &c.Fake} +} diff --git a/pkg/client/certmanager/clientset/versioned/fake/doc.go b/pkg/client/certmanager/clientset/versioned/fake/doc.go new file mode 100644 index 00000000000..51ebc03dc3a --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/fake/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated fake clientset. +package fake diff --git a/pkg/client/certmanager/clientset/versioned/fake/register.go b/pkg/client/certmanager/clientset/versioned/fake/register.go new file mode 100644 index 00000000000..447bef5420b --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/fake/register.go @@ -0,0 +1,58 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + serializer "k8s.io/apimachinery/pkg/runtime/serializer" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" +) + +var scheme = runtime.NewScheme() +var codecs = serializer.NewCodecFactory(scheme) + +var localSchemeBuilder = runtime.SchemeBuilder{ + acmev1.AddToScheme, + certmanagerv1.AddToScheme, +} + +// AddToScheme adds all types of this clientset into the given scheme. This allows composition +// of clientsets, like in: +// +// import ( +// "k8s.io/client-go/kubernetes" +// clientsetscheme "k8s.io/client-go/kubernetes/scheme" +// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" +// ) +// +// kclientset, _ := kubernetes.NewForConfig(c) +// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) +// +// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types +// correctly. +var AddToScheme = localSchemeBuilder.AddToScheme + +func init() { + v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"}) + utilruntime.Must(AddToScheme(scheme)) +} diff --git a/pkg/client/certmanager/clientset/versioned/scheme/doc.go b/pkg/client/certmanager/clientset/versioned/scheme/doc.go new file mode 100644 index 00000000000..5768b36ee37 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/scheme/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package contains the scheme of the automatically generated clientset. +package scheme diff --git a/pkg/client/certmanager/clientset/versioned/scheme/register.go b/pkg/client/certmanager/clientset/versioned/scheme/register.go new file mode 100644 index 00000000000..373049da0d7 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/scheme/register.go @@ -0,0 +1,58 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package scheme + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + serializer "k8s.io/apimachinery/pkg/runtime/serializer" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" +) + +var Scheme = runtime.NewScheme() +var Codecs = serializer.NewCodecFactory(Scheme) +var ParameterCodec = runtime.NewParameterCodec(Scheme) +var localSchemeBuilder = runtime.SchemeBuilder{ + acmev1.AddToScheme, + certmanagerv1.AddToScheme, +} + +// AddToScheme adds all types of this clientset into the given scheme. This allows composition +// of clientsets, like in: +// +// import ( +// "k8s.io/client-go/kubernetes" +// clientsetscheme "k8s.io/client-go/kubernetes/scheme" +// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" +// ) +// +// kclientset, _ := kubernetes.NewForConfig(c) +// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) +// +// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types +// correctly. +var AddToScheme = localSchemeBuilder.AddToScheme + +func init() { + v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) + utilruntime.Must(AddToScheme(Scheme)) +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/acme_client.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/acme_client.go new file mode 100644 index 00000000000..bd95bb6764c --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/acme_client.go @@ -0,0 +1,112 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "net/http" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + rest "k8s.io/client-go/rest" + "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/scheme" +) + +type AcmeV1Interface interface { + RESTClient() rest.Interface + ChallengesGetter + OrdersGetter +} + +// AcmeV1Client is used to interact with features provided by the acme.cert-manager.io group. +type AcmeV1Client struct { + restClient rest.Interface +} + +func (c *AcmeV1Client) Challenges(namespace string) ChallengeInterface { + return newChallenges(c, namespace) +} + +func (c *AcmeV1Client) Orders(namespace string) OrderInterface { + return newOrders(c, namespace) +} + +// NewForConfig creates a new AcmeV1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*AcmeV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new AcmeV1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*AcmeV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &AcmeV1Client{client}, nil +} + +// NewForConfigOrDie creates a new AcmeV1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *AcmeV1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new AcmeV1Client for the given RESTClient. +func New(c rest.Interface) *AcmeV1Client { + return &AcmeV1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *AcmeV1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/challenge.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/challenge.go new file mode 100644 index 00000000000..e8a0f26f4ad --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/challenge.go @@ -0,0 +1,195 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/scheme" +) + +// ChallengesGetter has a method to return a ChallengeInterface. +// A group's client should implement this interface. +type ChallengesGetter interface { + Challenges(namespace string) ChallengeInterface +} + +// ChallengeInterface has methods to work with Challenge resources. +type ChallengeInterface interface { + Create(ctx context.Context, challenge *v1.Challenge, opts metav1.CreateOptions) (*v1.Challenge, error) + Update(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (*v1.Challenge, error) + UpdateStatus(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (*v1.Challenge, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Challenge, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ChallengeList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Challenge, err error) + ChallengeExpansion +} + +// challenges implements ChallengeInterface +type challenges struct { + client rest.Interface + ns string +} + +// newChallenges returns a Challenges +func newChallenges(c *AcmeV1Client, namespace string) *challenges { + return &challenges{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the challenge, and returns the corresponding challenge object, and an error if there is any. +func (c *challenges) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Get(). + Namespace(c.ns). + Resource("challenges"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of Challenges that match those selectors. +func (c *challenges) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ChallengeList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ChallengeList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("challenges"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested challenges. +func (c *challenges) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("challenges"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a challenge and creates it. Returns the server's representation of the challenge, and an error, if there is any. +func (c *challenges) Create(ctx context.Context, challenge *v1.Challenge, opts metav1.CreateOptions) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Post(). + Namespace(c.ns). + Resource("challenges"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(challenge). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a challenge and updates it. Returns the server's representation of the challenge, and an error, if there is any. +func (c *challenges) Update(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Put(). + Namespace(c.ns). + Resource("challenges"). + Name(challenge.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(challenge). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *challenges) UpdateStatus(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Put(). + Namespace(c.ns). + Resource("challenges"). + Name(challenge.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(challenge). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the challenge and deletes it. Returns an error if one occurs. +func (c *challenges) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("challenges"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *challenges) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("challenges"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched challenge. +func (c *challenges) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Challenge, err error) { + result = &v1.Challenge{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("challenges"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/doc.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/doc.go new file mode 100644 index 00000000000..2ce17146a02 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1 diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/doc.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/doc.go new file mode 100644 index 00000000000..40528db3a52 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go new file mode 100644 index 00000000000..7e52c617993 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go @@ -0,0 +1,44 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" + v1 "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/typed/acme/v1" +) + +type FakeAcmeV1 struct { + *testing.Fake +} + +func (c *FakeAcmeV1) Challenges(namespace string) v1.ChallengeInterface { + return &FakeChallenges{c, namespace} +} + +func (c *FakeAcmeV1) Orders(namespace string) v1.OrderInterface { + return &FakeOrders{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeAcmeV1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_challenge.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_challenge.go new file mode 100644 index 00000000000..02f6a0fe6de --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_challenge.go @@ -0,0 +1,141 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeChallenges implements ChallengeInterface +type FakeChallenges struct { + Fake *FakeAcmeV1 + ns string +} + +var challengesResource = v1.SchemeGroupVersion.WithResource("challenges") + +var challengesKind = v1.SchemeGroupVersion.WithKind("Challenge") + +// Get takes name of the challenge, and returns the corresponding challenge object, and an error if there is any. +func (c *FakeChallenges) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Challenge, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(challengesResource, c.ns, name), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} + +// List takes label and field selectors, and returns the list of Challenges that match those selectors. +func (c *FakeChallenges) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ChallengeList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(challengesResource, challengesKind, c.ns, opts), &v1.ChallengeList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.ChallengeList{ListMeta: obj.(*v1.ChallengeList).ListMeta} + for _, item := range obj.(*v1.ChallengeList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested challenges. +func (c *FakeChallenges) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(challengesResource, c.ns, opts)) + +} + +// Create takes the representation of a challenge and creates it. Returns the server's representation of the challenge, and an error, if there is any. +func (c *FakeChallenges) Create(ctx context.Context, challenge *v1.Challenge, opts metav1.CreateOptions) (result *v1.Challenge, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(challengesResource, c.ns, challenge), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} + +// Update takes the representation of a challenge and updates it. Returns the server's representation of the challenge, and an error, if there is any. +func (c *FakeChallenges) Update(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (result *v1.Challenge, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(challengesResource, c.ns, challenge), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeChallenges) UpdateStatus(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (*v1.Challenge, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(challengesResource, "status", c.ns, challenge), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} + +// Delete takes name of the challenge and deletes it. Returns an error if one occurs. +func (c *FakeChallenges) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(challengesResource, c.ns, name, opts), &v1.Challenge{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeChallenges) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(challengesResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.ChallengeList{}) + return err +} + +// Patch applies the patch and returns the patched challenge. +func (c *FakeChallenges) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Challenge, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(challengesResource, c.ns, name, pt, data, subresources...), &v1.Challenge{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Challenge), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_order.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_order.go new file mode 100644 index 00000000000..2135c177468 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/fake/fake_order.go @@ -0,0 +1,141 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeOrders implements OrderInterface +type FakeOrders struct { + Fake *FakeAcmeV1 + ns string +} + +var ordersResource = v1.SchemeGroupVersion.WithResource("orders") + +var ordersKind = v1.SchemeGroupVersion.WithKind("Order") + +// Get takes name of the order, and returns the corresponding order object, and an error if there is any. +func (c *FakeOrders) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Order, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(ordersResource, c.ns, name), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} + +// List takes label and field selectors, and returns the list of Orders that match those selectors. +func (c *FakeOrders) List(ctx context.Context, opts metav1.ListOptions) (result *v1.OrderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(ordersResource, ordersKind, c.ns, opts), &v1.OrderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.OrderList{ListMeta: obj.(*v1.OrderList).ListMeta} + for _, item := range obj.(*v1.OrderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested orders. +func (c *FakeOrders) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(ordersResource, c.ns, opts)) + +} + +// Create takes the representation of a order and creates it. Returns the server's representation of the order, and an error, if there is any. +func (c *FakeOrders) Create(ctx context.Context, order *v1.Order, opts metav1.CreateOptions) (result *v1.Order, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(ordersResource, c.ns, order), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} + +// Update takes the representation of a order and updates it. Returns the server's representation of the order, and an error, if there is any. +func (c *FakeOrders) Update(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (result *v1.Order, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(ordersResource, c.ns, order), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOrders) UpdateStatus(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (*v1.Order, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(ordersResource, "status", c.ns, order), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} + +// Delete takes name of the order and deletes it. Returns an error if one occurs. +func (c *FakeOrders) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(ordersResource, c.ns, name, opts), &v1.Order{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeOrders) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(ordersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.OrderList{}) + return err +} + +// Patch applies the patch and returns the patched order. +func (c *FakeOrders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Order, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(ordersResource, c.ns, name, pt, data, subresources...), &v1.Order{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Order), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/generated_expansion.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/generated_expansion.go new file mode 100644 index 00000000000..a5254e0e303 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/generated_expansion.go @@ -0,0 +1,23 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +type ChallengeExpansion interface{} + +type OrderExpansion interface{} diff --git a/pkg/client/certmanager/clientset/versioned/typed/acme/v1/order.go b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/order.go new file mode 100644 index 00000000000..fce94c2f1c2 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/acme/v1/order.go @@ -0,0 +1,195 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/scheme" +) + +// OrdersGetter has a method to return a OrderInterface. +// A group's client should implement this interface. +type OrdersGetter interface { + Orders(namespace string) OrderInterface +} + +// OrderInterface has methods to work with Order resources. +type OrderInterface interface { + Create(ctx context.Context, order *v1.Order, opts metav1.CreateOptions) (*v1.Order, error) + Update(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (*v1.Order, error) + UpdateStatus(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (*v1.Order, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Order, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.OrderList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Order, err error) + OrderExpansion +} + +// orders implements OrderInterface +type orders struct { + client rest.Interface + ns string +} + +// newOrders returns a Orders +func newOrders(c *AcmeV1Client, namespace string) *orders { + return &orders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the order, and returns the corresponding order object, and an error if there is any. +func (c *orders) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Get(). + Namespace(c.ns). + Resource("orders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of Orders that match those selectors. +func (c *orders) List(ctx context.Context, opts metav1.ListOptions) (result *v1.OrderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.OrderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("orders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested orders. +func (c *orders) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("orders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a order and creates it. Returns the server's representation of the order, and an error, if there is any. +func (c *orders) Create(ctx context.Context, order *v1.Order, opts metav1.CreateOptions) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Post(). + Namespace(c.ns). + Resource("orders"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(order). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a order and updates it. Returns the server's representation of the order, and an error, if there is any. +func (c *orders) Update(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Put(). + Namespace(c.ns). + Resource("orders"). + Name(order.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(order). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *orders) UpdateStatus(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Put(). + Namespace(c.ns). + Resource("orders"). + Name(order.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(order). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the order and deletes it. Returns an error if one occurs. +func (c *orders) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("orders"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *orders) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("orders"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched order. +func (c *orders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Order, err error) { + result = &v1.Order{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("orders"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificate.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificate.go new file mode 100644 index 00000000000..33456feb601 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificate.go @@ -0,0 +1,195 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/scheme" +) + +// CertificatesGetter has a method to return a CertificateInterface. +// A group's client should implement this interface. +type CertificatesGetter interface { + Certificates(namespace string) CertificateInterface +} + +// CertificateInterface has methods to work with Certificate resources. +type CertificateInterface interface { + Create(ctx context.Context, certificate *v1.Certificate, opts metav1.CreateOptions) (*v1.Certificate, error) + Update(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (*v1.Certificate, error) + UpdateStatus(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (*v1.Certificate, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Certificate, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.CertificateList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Certificate, err error) + CertificateExpansion +} + +// certificates implements CertificateInterface +type certificates struct { + client rest.Interface + ns string +} + +// newCertificates returns a Certificates +func newCertificates(c *CertmanagerV1Client, namespace string) *certificates { + return &certificates{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the certificate, and returns the corresponding certificate object, and an error if there is any. +func (c *certificates) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Get(). + Namespace(c.ns). + Resource("certificates"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of Certificates that match those selectors. +func (c *certificates) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.CertificateList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("certificates"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested certificates. +func (c *certificates) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("certificates"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a certificate and creates it. Returns the server's representation of the certificate, and an error, if there is any. +func (c *certificates) Create(ctx context.Context, certificate *v1.Certificate, opts metav1.CreateOptions) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Post(). + Namespace(c.ns). + Resource("certificates"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificate). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a certificate and updates it. Returns the server's representation of the certificate, and an error, if there is any. +func (c *certificates) Update(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Put(). + Namespace(c.ns). + Resource("certificates"). + Name(certificate.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificate). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *certificates) UpdateStatus(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Put(). + Namespace(c.ns). + Resource("certificates"). + Name(certificate.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificate). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the certificate and deletes it. Returns an error if one occurs. +func (c *certificates) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("certificates"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *certificates) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("certificates"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched certificate. +func (c *certificates) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Certificate, err error) { + result = &v1.Certificate{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("certificates"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificaterequest.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificaterequest.go new file mode 100644 index 00000000000..3bd45a86b89 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certificaterequest.go @@ -0,0 +1,195 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/scheme" +) + +// CertificateRequestsGetter has a method to return a CertificateRequestInterface. +// A group's client should implement this interface. +type CertificateRequestsGetter interface { + CertificateRequests(namespace string) CertificateRequestInterface +} + +// CertificateRequestInterface has methods to work with CertificateRequest resources. +type CertificateRequestInterface interface { + Create(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.CreateOptions) (*v1.CertificateRequest, error) + Update(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (*v1.CertificateRequest, error) + UpdateStatus(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (*v1.CertificateRequest, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.CertificateRequest, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.CertificateRequestList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.CertificateRequest, err error) + CertificateRequestExpansion +} + +// certificateRequests implements CertificateRequestInterface +type certificateRequests struct { + client rest.Interface + ns string +} + +// newCertificateRequests returns a CertificateRequests +func newCertificateRequests(c *CertmanagerV1Client, namespace string) *certificateRequests { + return &certificateRequests{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the certificateRequest, and returns the corresponding certificateRequest object, and an error if there is any. +func (c *certificateRequests) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Get(). + Namespace(c.ns). + Resource("certificaterequests"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of CertificateRequests that match those selectors. +func (c *certificateRequests) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateRequestList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.CertificateRequestList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("certificaterequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested certificateRequests. +func (c *certificateRequests) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("certificaterequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a certificateRequest and creates it. Returns the server's representation of the certificateRequest, and an error, if there is any. +func (c *certificateRequests) Create(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.CreateOptions) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Post(). + Namespace(c.ns). + Resource("certificaterequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificateRequest). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a certificateRequest and updates it. Returns the server's representation of the certificateRequest, and an error, if there is any. +func (c *certificateRequests) Update(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("certificaterequests"). + Name(certificateRequest.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificateRequest). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *certificateRequests) UpdateStatus(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("certificaterequests"). + Name(certificateRequest.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(certificateRequest). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the certificateRequest and deletes it. Returns an error if one occurs. +func (c *certificateRequests) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("certificaterequests"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *certificateRequests) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("certificaterequests"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched certificateRequest. +func (c *certificateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.CertificateRequest, err error) { + result = &v1.CertificateRequest{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("certificaterequests"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certmanager_client.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certmanager_client.go new file mode 100644 index 00000000000..13e86184c1b --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/certmanager_client.go @@ -0,0 +1,122 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "net/http" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + rest "k8s.io/client-go/rest" + "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/scheme" +) + +type CertmanagerV1Interface interface { + RESTClient() rest.Interface + CertificatesGetter + CertificateRequestsGetter + ClusterIssuersGetter + IssuersGetter +} + +// CertmanagerV1Client is used to interact with features provided by the cert-manager.io group. +type CertmanagerV1Client struct { + restClient rest.Interface +} + +func (c *CertmanagerV1Client) Certificates(namespace string) CertificateInterface { + return newCertificates(c, namespace) +} + +func (c *CertmanagerV1Client) CertificateRequests(namespace string) CertificateRequestInterface { + return newCertificateRequests(c, namespace) +} + +func (c *CertmanagerV1Client) ClusterIssuers() ClusterIssuerInterface { + return newClusterIssuers(c) +} + +func (c *CertmanagerV1Client) Issuers(namespace string) IssuerInterface { + return newIssuers(c, namespace) +} + +// NewForConfig creates a new CertmanagerV1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*CertmanagerV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new CertmanagerV1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*CertmanagerV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &CertmanagerV1Client{client}, nil +} + +// NewForConfigOrDie creates a new CertmanagerV1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *CertmanagerV1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new CertmanagerV1Client for the given RESTClient. +func New(c rest.Interface) *CertmanagerV1Client { + return &CertmanagerV1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *CertmanagerV1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/clusterissuer.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/clusterissuer.go new file mode 100644 index 00000000000..37de6f73ebe --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/clusterissuer.go @@ -0,0 +1,184 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/scheme" +) + +// ClusterIssuersGetter has a method to return a ClusterIssuerInterface. +// A group's client should implement this interface. +type ClusterIssuersGetter interface { + ClusterIssuers() ClusterIssuerInterface +} + +// ClusterIssuerInterface has methods to work with ClusterIssuer resources. +type ClusterIssuerInterface interface { + Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + ClusterIssuerExpansion +} + +// clusterIssuers implements ClusterIssuerInterface +type clusterIssuers struct { + client rest.Interface +} + +// newClusterIssuers returns a ClusterIssuers +func newClusterIssuers(c *CertmanagerV1Client) *clusterIssuers { + return &clusterIssuers{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *clusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Get(). + Resource("clusterissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *clusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterIssuerList{} + err = c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *clusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Post(). + Resource("clusterissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *clusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Put(). + Resource("clusterissuers"). + Name(clusterIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *clusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *clusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + result = &v1.ClusterIssuer{} + err = c.client.Patch(pt). + Resource("clusterissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/doc.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/doc.go new file mode 100644 index 00000000000..2ce17146a02 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1 diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/doc.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/doc.go new file mode 100644 index 00000000000..40528db3a52 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go new file mode 100644 index 00000000000..b87a96a156f --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go @@ -0,0 +1,141 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeCertificates implements CertificateInterface +type FakeCertificates struct { + Fake *FakeCertmanagerV1 + ns string +} + +var certificatesResource = v1.SchemeGroupVersion.WithResource("certificates") + +var certificatesKind = v1.SchemeGroupVersion.WithKind("Certificate") + +// Get takes name of the certificate, and returns the corresponding certificate object, and an error if there is any. +func (c *FakeCertificates) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Certificate, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(certificatesResource, c.ns, name), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} + +// List takes label and field selectors, and returns the list of Certificates that match those selectors. +func (c *FakeCertificates) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(certificatesResource, certificatesKind, c.ns, opts), &v1.CertificateList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.CertificateList{ListMeta: obj.(*v1.CertificateList).ListMeta} + for _, item := range obj.(*v1.CertificateList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested certificates. +func (c *FakeCertificates) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(certificatesResource, c.ns, opts)) + +} + +// Create takes the representation of a certificate and creates it. Returns the server's representation of the certificate, and an error, if there is any. +func (c *FakeCertificates) Create(ctx context.Context, certificate *v1.Certificate, opts metav1.CreateOptions) (result *v1.Certificate, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(certificatesResource, c.ns, certificate), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} + +// Update takes the representation of a certificate and updates it. Returns the server's representation of the certificate, and an error, if there is any. +func (c *FakeCertificates) Update(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (result *v1.Certificate, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(certificatesResource, c.ns, certificate), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeCertificates) UpdateStatus(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (*v1.Certificate, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(certificatesResource, "status", c.ns, certificate), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} + +// Delete takes name of the certificate and deletes it. Returns an error if one occurs. +func (c *FakeCertificates) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(certificatesResource, c.ns, name, opts), &v1.Certificate{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeCertificates) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(certificatesResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.CertificateList{}) + return err +} + +// Patch applies the patch and returns the patched certificate. +func (c *FakeCertificates) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Certificate, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(certificatesResource, c.ns, name, pt, data, subresources...), &v1.Certificate{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Certificate), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go new file mode 100644 index 00000000000..fd1cd2f32d8 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go @@ -0,0 +1,141 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeCertificateRequests implements CertificateRequestInterface +type FakeCertificateRequests struct { + Fake *FakeCertmanagerV1 + ns string +} + +var certificaterequestsResource = v1.SchemeGroupVersion.WithResource("certificaterequests") + +var certificaterequestsKind = v1.SchemeGroupVersion.WithKind("CertificateRequest") + +// Get takes name of the certificateRequest, and returns the corresponding certificateRequest object, and an error if there is any. +func (c *FakeCertificateRequests) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.CertificateRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(certificaterequestsResource, c.ns, name), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} + +// List takes label and field selectors, and returns the list of CertificateRequests that match those selectors. +func (c *FakeCertificateRequests) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateRequestList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(certificaterequestsResource, certificaterequestsKind, c.ns, opts), &v1.CertificateRequestList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.CertificateRequestList{ListMeta: obj.(*v1.CertificateRequestList).ListMeta} + for _, item := range obj.(*v1.CertificateRequestList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested certificateRequests. +func (c *FakeCertificateRequests) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(certificaterequestsResource, c.ns, opts)) + +} + +// Create takes the representation of a certificateRequest and creates it. Returns the server's representation of the certificateRequest, and an error, if there is any. +func (c *FakeCertificateRequests) Create(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.CreateOptions) (result *v1.CertificateRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(certificaterequestsResource, c.ns, certificateRequest), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} + +// Update takes the representation of a certificateRequest and updates it. Returns the server's representation of the certificateRequest, and an error, if there is any. +func (c *FakeCertificateRequests) Update(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (result *v1.CertificateRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(certificaterequestsResource, c.ns, certificateRequest), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeCertificateRequests) UpdateStatus(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (*v1.CertificateRequest, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(certificaterequestsResource, "status", c.ns, certificateRequest), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} + +// Delete takes name of the certificateRequest and deletes it. Returns an error if one occurs. +func (c *FakeCertificateRequests) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(certificaterequestsResource, c.ns, name, opts), &v1.CertificateRequest{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeCertificateRequests) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(certificaterequestsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.CertificateRequestList{}) + return err +} + +// Patch applies the patch and returns the patched certificateRequest. +func (c *FakeCertificateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.CertificateRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(certificaterequestsResource, c.ns, name, pt, data, subresources...), &v1.CertificateRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.CertificateRequest), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go new file mode 100644 index 00000000000..8972cfb15bd --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" + v1 "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1" +) + +type FakeCertmanagerV1 struct { + *testing.Fake +} + +func (c *FakeCertmanagerV1) Certificates(namespace string) v1.CertificateInterface { + return &FakeCertificates{c, namespace} +} + +func (c *FakeCertmanagerV1) CertificateRequests(namespace string) v1.CertificateRequestInterface { + return &FakeCertificateRequests{c, namespace} +} + +func (c *FakeCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { + return &FakeClusterIssuers{c} +} + +func (c *FakeCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { + return &FakeIssuers{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeCertmanagerV1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go new file mode 100644 index 00000000000..fd06fd9e0a0 --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go @@ -0,0 +1,132 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterIssuers implements ClusterIssuerInterface +type FakeClusterIssuers struct { + Fake *FakeCertmanagerV1 +} + +var clusterissuersResource = v1.SchemeGroupVersion.WithResource("clusterissuers") + +var clusterissuersKind = v1.SchemeGroupVersion.WithKind("ClusterIssuer") + +// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. +func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterissuersResource, name), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} + +// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. +func (c *FakeClusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterissuersResource, clusterissuersKind, opts), &v1.ClusterIssuerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.ClusterIssuerList{ListMeta: obj.(*v1.ClusterIssuerList).ListMeta} + for _, item := range obj.(*v1.ClusterIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterIssuers. +func (c *FakeClusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterissuersResource, opts)) +} + +// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterissuersResource, clusterIssuer), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} + +// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. +func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterissuersResource, clusterIssuer), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clusterissuersResource, "status", clusterIssuer), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} + +// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. +func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &v1.ClusterIssuer{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterissuersResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1.ClusterIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched clusterIssuer. +func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterissuersResource, name, pt, data, subresources...), &v1.ClusterIssuer{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterIssuer), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go new file mode 100644 index 00000000000..78053a6bf7d --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go @@ -0,0 +1,141 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeIssuers implements IssuerInterface +type FakeIssuers struct { + Fake *FakeCertmanagerV1 + ns string +} + +var issuersResource = v1.SchemeGroupVersion.WithResource("issuers") + +var issuersKind = v1.SchemeGroupVersion.WithKind("Issuer") + +// Get takes name of the issuer, and returns the corresponding issuer object, and an error if there is any. +func (c *FakeIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Issuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(issuersResource, c.ns, name), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} + +// List takes label and field selectors, and returns the list of Issuers that match those selectors. +func (c *FakeIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.IssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(issuersResource, issuersKind, c.ns, opts), &v1.IssuerList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.IssuerList{ListMeta: obj.(*v1.IssuerList).ListMeta} + for _, item := range obj.(*v1.IssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested issuers. +func (c *FakeIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(issuersResource, c.ns, opts)) + +} + +// Create takes the representation of a issuer and creates it. Returns the server's representation of the issuer, and an error, if there is any. +func (c *FakeIssuers) Create(ctx context.Context, issuer *v1.Issuer, opts metav1.CreateOptions) (result *v1.Issuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(issuersResource, c.ns, issuer), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} + +// Update takes the representation of a issuer and updates it. Returns the server's representation of the issuer, and an error, if there is any. +func (c *FakeIssuers) Update(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (result *v1.Issuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(issuersResource, c.ns, issuer), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeIssuers) UpdateStatus(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (*v1.Issuer, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(issuersResource, "status", c.ns, issuer), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} + +// Delete takes name of the issuer and deletes it. Returns an error if one occurs. +func (c *FakeIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(issuersResource, c.ns, name, opts), &v1.Issuer{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(issuersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.IssuerList{}) + return err +} + +// Patch applies the patch and returns the patched issuer. +func (c *FakeIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Issuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(issuersResource, c.ns, name, pt, data, subresources...), &v1.Issuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.Issuer), err +} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/generated_expansion.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/generated_expansion.go new file mode 100644 index 00000000000..566c1dc77fb --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/generated_expansion.go @@ -0,0 +1,27 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +type CertificateExpansion interface{} + +type CertificateRequestExpansion interface{} + +type ClusterIssuerExpansion interface{} + +type IssuerExpansion interface{} diff --git a/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/issuer.go b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/issuer.go new file mode 100644 index 00000000000..6776ba0ef3d --- /dev/null +++ b/pkg/client/certmanager/clientset/versioned/typed/certmanager/v1/issuer.go @@ -0,0 +1,195 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + scheme "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/scheme" +) + +// IssuersGetter has a method to return a IssuerInterface. +// A group's client should implement this interface. +type IssuersGetter interface { + Issuers(namespace string) IssuerInterface +} + +// IssuerInterface has methods to work with Issuer resources. +type IssuerInterface interface { + Create(ctx context.Context, issuer *v1.Issuer, opts metav1.CreateOptions) (*v1.Issuer, error) + Update(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (*v1.Issuer, error) + UpdateStatus(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (*v1.Issuer, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Issuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.IssuerList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Issuer, err error) + IssuerExpansion +} + +// issuers implements IssuerInterface +type issuers struct { + client rest.Interface + ns string +} + +// newIssuers returns a Issuers +func newIssuers(c *CertmanagerV1Client, namespace string) *issuers { + return &issuers{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the issuer, and returns the corresponding issuer object, and an error if there is any. +func (c *issuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Get(). + Namespace(c.ns). + Resource("issuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of Issuers that match those selectors. +func (c *issuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.IssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.IssuerList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("issuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested issuers. +func (c *issuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("issuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a issuer and creates it. Returns the server's representation of the issuer, and an error, if there is any. +func (c *issuers) Create(ctx context.Context, issuer *v1.Issuer, opts metav1.CreateOptions) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Post(). + Namespace(c.ns). + Resource("issuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(issuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a issuer and updates it. Returns the server's representation of the issuer, and an error, if there is any. +func (c *issuers) Update(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("issuers"). + Name(issuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(issuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *issuers) UpdateStatus(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("issuers"). + Name(issuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(issuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the issuer and deletes it. Returns an error if one occurs. +func (c *issuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("issuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *issuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("issuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched issuer. +func (c *issuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Issuer, err error) { + result = &v1.Issuer{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("issuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/certmanager/informers/externalversions/acme/interface.go b/pkg/client/certmanager/informers/externalversions/acme/interface.go new file mode 100644 index 00000000000..ee63cb3af2f --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/acme/interface.go @@ -0,0 +1,46 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package acme + +import ( + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme/v1" + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1 provides access to shared informers for resources in V1. + V1() v1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1 returns a new v1.Interface. +func (g *group) V1() v1.Interface { + return v1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/pkg/client/certmanager/informers/externalversions/acme/v1/challenge.go b/pkg/client/certmanager/informers/externalversions/acme/v1/challenge.go new file mode 100644 index 00000000000..c5ae421974f --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/acme/v1/challenge.go @@ -0,0 +1,90 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/eventing/pkg/client/certmanager/listers/acme/v1" +) + +// ChallengeInformer provides access to a shared informer and lister for +// Challenges. +type ChallengeInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ChallengeLister +} + +type challengeInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewChallengeInformer constructs a new informer for Challenge type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewChallengeInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredChallengeInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredChallengeInformer constructs a new informer for Challenge type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredChallengeInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Challenges(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Challenges(namespace).Watch(context.TODO(), options) + }, + }, + &acmev1.Challenge{}, + resyncPeriod, + indexers, + ) +} + +func (f *challengeInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredChallengeInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *challengeInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&acmev1.Challenge{}, f.defaultInformer) +} + +func (f *challengeInformer) Lister() v1.ChallengeLister { + return v1.NewChallengeLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/acme/v1/interface.go b/pkg/client/certmanager/informers/externalversions/acme/v1/interface.go new file mode 100644 index 00000000000..56c0b55fd6b --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/acme/v1/interface.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // Challenges returns a ChallengeInformer. + Challenges() ChallengeInformer + // Orders returns a OrderInformer. + Orders() OrderInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// Challenges returns a ChallengeInformer. +func (v *version) Challenges() ChallengeInformer { + return &challengeInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// Orders returns a OrderInformer. +func (v *version) Orders() OrderInformer { + return &orderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/certmanager/informers/externalversions/acme/v1/order.go b/pkg/client/certmanager/informers/externalversions/acme/v1/order.go new file mode 100644 index 00000000000..92ef07b6808 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/acme/v1/order.go @@ -0,0 +1,90 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/eventing/pkg/client/certmanager/listers/acme/v1" +) + +// OrderInformer provides access to a shared informer and lister for +// Orders. +type OrderInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.OrderLister +} + +type orderInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewOrderInformer constructs a new informer for Order type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewOrderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredOrderInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredOrderInformer constructs a new informer for Order type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredOrderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Orders(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Orders(namespace).Watch(context.TODO(), options) + }, + }, + &acmev1.Order{}, + resyncPeriod, + indexers, + ) +} + +func (f *orderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredOrderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *orderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&acmev1.Order{}, f.defaultInformer) +} + +func (f *orderInformer) Lister() v1.OrderLister { + return v1.NewOrderLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/interface.go b/pkg/client/certmanager/informers/externalversions/certmanager/interface.go new file mode 100644 index 00000000000..5822fc2133d --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/interface.go @@ -0,0 +1,46 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package certmanager + +import ( + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1" + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1 provides access to shared informers for resources in V1. + V1() v1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1 returns a new v1.Interface. +func (g *group) V1() v1.Interface { + return v1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificate.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificate.go new file mode 100644 index 00000000000..371c02956d4 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificate.go @@ -0,0 +1,90 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" +) + +// CertificateInformer provides access to a shared informer and lister for +// Certificates. +type CertificateInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.CertificateLister +} + +type certificateInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewCertificateInformer constructs a new informer for Certificate type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCertificateInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCertificateInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredCertificateInformer constructs a new informer for Certificate type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCertificateInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Certificates(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Certificates(namespace).Watch(context.TODO(), options) + }, + }, + &certmanagerv1.Certificate{}, + resyncPeriod, + indexers, + ) +} + +func (f *certificateInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCertificateInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *certificateInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&certmanagerv1.Certificate{}, f.defaultInformer) +} + +func (f *certificateInformer) Lister() v1.CertificateLister { + return v1.NewCertificateLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificaterequest.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificaterequest.go new file mode 100644 index 00000000000..38e7d1d2b61 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/certificaterequest.go @@ -0,0 +1,90 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" +) + +// CertificateRequestInformer provides access to a shared informer and lister for +// CertificateRequests. +type CertificateRequestInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.CertificateRequestLister +} + +type certificateRequestInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewCertificateRequestInformer constructs a new informer for CertificateRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCertificateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCertificateRequestInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredCertificateRequestInformer constructs a new informer for CertificateRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCertificateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().CertificateRequests(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().CertificateRequests(namespace).Watch(context.TODO(), options) + }, + }, + &certmanagerv1.CertificateRequest{}, + resyncPeriod, + indexers, + ) +} + +func (f *certificateRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCertificateRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *certificateRequestInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&certmanagerv1.CertificateRequest{}, f.defaultInformer) +} + +func (f *certificateRequestInformer) Lister() v1.CertificateRequestLister { + return v1.NewCertificateRequestLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/clusterissuer.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/clusterissuer.go new file mode 100644 index 00000000000..e9db2121e5b --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/clusterissuer.go @@ -0,0 +1,89 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" +) + +// ClusterIssuerInformer provides access to a shared informer and lister for +// ClusterIssuers. +type ClusterIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterIssuerLister +} + +type clusterIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterIssuerInformer constructs a new informer for ClusterIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().ClusterIssuers().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + }, + }, + &certmanagerv1.ClusterIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&certmanagerv1.ClusterIssuer{}, f.defaultInformer) +} + +func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { + return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/interface.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/interface.go new file mode 100644 index 00000000000..3d108f4c602 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/interface.go @@ -0,0 +1,66 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // Certificates returns a CertificateInformer. + Certificates() CertificateInformer + // CertificateRequests returns a CertificateRequestInformer. + CertificateRequests() CertificateRequestInformer + // ClusterIssuers returns a ClusterIssuerInformer. + ClusterIssuers() ClusterIssuerInformer + // Issuers returns a IssuerInformer. + Issuers() IssuerInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// Certificates returns a CertificateInformer. +func (v *version) Certificates() CertificateInformer { + return &certificateInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// CertificateRequests returns a CertificateRequestInformer. +func (v *version) CertificateRequests() CertificateRequestInformer { + return &certificateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// ClusterIssuers returns a ClusterIssuerInformer. +func (v *version) ClusterIssuers() ClusterIssuerInformer { + return &clusterIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + +// Issuers returns a IssuerInformer. +func (v *version) Issuers() IssuerInformer { + return &issuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/certmanager/informers/externalversions/certmanager/v1/issuer.go b/pkg/client/certmanager/informers/externalversions/certmanager/v1/issuer.go new file mode 100644 index 00000000000..eb0d57de3dc --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/certmanager/v1/issuer.go @@ -0,0 +1,90 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" + v1 "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" +) + +// IssuerInformer provides access to a shared informer and lister for +// Issuers. +type IssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.IssuerLister +} + +type issuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewIssuerInformer constructs a new informer for Issuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredIssuerInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredIssuerInformer constructs a new informer for Issuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Issuers(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Issuers(namespace).Watch(context.TODO(), options) + }, + }, + &certmanagerv1.Issuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *issuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *issuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&certmanagerv1.Issuer{}, f.defaultInformer) +} + +func (f *issuerInformer) Lister() v1.IssuerLister { + return v1.NewIssuerLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/certmanager/informers/externalversions/factory.go b/pkg/client/certmanager/informers/externalversions/factory.go new file mode 100644 index 00000000000..b2017cf1cc5 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/factory.go @@ -0,0 +1,267 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package externalversions + +import ( + reflect "reflect" + sync "sync" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + acme "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme" + certmanager "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager" + internalinterfaces "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/internalinterfaces" +) + +// SharedInformerOption defines the functional option type for SharedInformerFactory. +type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory + +type sharedInformerFactory struct { + client versioned.Interface + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc + lock sync.Mutex + defaultResync time.Duration + customResync map[reflect.Type]time.Duration + transform cache.TransformFunc + + informers map[reflect.Type]cache.SharedIndexInformer + // startedInformers is used for tracking which informers have been started. + // This allows Start() to be called multiple times safely. + startedInformers map[reflect.Type]bool + // wg tracks how many goroutines were started. + wg sync.WaitGroup + // shuttingDown is true when Shutdown has been called. It may still be running + // because it needs to wait for goroutines. + shuttingDown bool +} + +// WithCustomResyncConfig sets a custom resync period for the specified informer types. +func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + for k, v := range resyncConfig { + factory.customResync[reflect.TypeOf(k)] = v + } + return factory + } +} + +// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory. +func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.tweakListOptions = tweakListOptions + return factory + } +} + +// WithNamespace limits the SharedInformerFactory to the specified namespace. +func WithNamespace(namespace string) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.namespace = namespace + return factory + } +} + +// WithTransform sets a transform on all informers. +func WithTransform(transform cache.TransformFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.transform = transform + return factory + } +} + +// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. +func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory { + return NewSharedInformerFactoryWithOptions(client, defaultResync) +} + +// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory. +// Listers obtained via this SharedInformerFactory will be subject to the same filters +// as specified here. +// Deprecated: Please use NewSharedInformerFactoryWithOptions instead +func NewFilteredSharedInformerFactory(client versioned.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory { + return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions)) +} + +// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options. +func NewSharedInformerFactoryWithOptions(client versioned.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory { + factory := &sharedInformerFactory{ + client: client, + namespace: v1.NamespaceAll, + defaultResync: defaultResync, + informers: make(map[reflect.Type]cache.SharedIndexInformer), + startedInformers: make(map[reflect.Type]bool), + customResync: make(map[reflect.Type]time.Duration), + } + + // Apply all options + for _, opt := range options { + factory = opt(factory) + } + + return factory +} + +func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) { + f.lock.Lock() + defer f.lock.Unlock() + + if f.shuttingDown { + return + } + + for informerType, informer := range f.informers { + if !f.startedInformers[informerType] { + f.wg.Add(1) + // We need a new variable in each loop iteration, + // otherwise the goroutine would use the loop variable + // and that keeps changing. + informer := informer + go func() { + defer f.wg.Done() + informer.Run(stopCh) + }() + f.startedInformers[informerType] = true + } + } +} + +func (f *sharedInformerFactory) Shutdown() { + f.lock.Lock() + f.shuttingDown = true + f.lock.Unlock() + + // Will return immediately if there is nothing to wait for. + f.wg.Wait() +} + +func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool { + informers := func() map[reflect.Type]cache.SharedIndexInformer { + f.lock.Lock() + defer f.lock.Unlock() + + informers := map[reflect.Type]cache.SharedIndexInformer{} + for informerType, informer := range f.informers { + if f.startedInformers[informerType] { + informers[informerType] = informer + } + } + return informers + }() + + res := map[reflect.Type]bool{} + for informType, informer := range informers { + res[informType] = cache.WaitForCacheSync(stopCh, informer.HasSynced) + } + return res +} + +// InformerFor returns the SharedIndexInformer for obj using an internal +// client. +func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer { + f.lock.Lock() + defer f.lock.Unlock() + + informerType := reflect.TypeOf(obj) + informer, exists := f.informers[informerType] + if exists { + return informer + } + + resyncPeriod, exists := f.customResync[informerType] + if !exists { + resyncPeriod = f.defaultResync + } + + informer = newFunc(f.client, resyncPeriod) + informer.SetTransform(f.transform) + f.informers[informerType] = informer + + return informer +} + +// SharedInformerFactory provides shared informers for resources in all known +// API group versions. +// +// It is typically used like this: +// +// ctx, cancel := context.Background() +// defer cancel() +// factory := NewSharedInformerFactory(client, resyncPeriod) +// defer factory.WaitForStop() // Returns immediately if nothing was started. +// genericInformer := factory.ForResource(resource) +// typedInformer := factory.SomeAPIGroup().V1().SomeType() +// factory.Start(ctx.Done()) // Start processing these informers. +// synced := factory.WaitForCacheSync(ctx.Done()) +// for v, ok := range synced { +// if !ok { +// fmt.Fprintf(os.Stderr, "caches failed to sync: %v", v) +// return +// } +// } +// +// // Creating informers can also be created after Start, but then +// // Start must be called again: +// anotherGenericInformer := factory.ForResource(resource) +// factory.Start(ctx.Done()) +type SharedInformerFactory interface { + internalinterfaces.SharedInformerFactory + + // Start initializes all requested informers. They are handled in goroutines + // which run until the stop channel gets closed. + Start(stopCh <-chan struct{}) + + // Shutdown marks a factory as shutting down. At that point no new + // informers can be started anymore and Start will return without + // doing anything. + // + // In addition, Shutdown blocks until all goroutines have terminated. For that + // to happen, the close channel(s) that they were started with must be closed, + // either before Shutdown gets called or while it is waiting. + // + // Shutdown may be called multiple times, even concurrently. All such calls will + // block until all goroutines have terminated. + Shutdown() + + // WaitForCacheSync blocks until all started informers' caches were synced + // or the stop channel gets closed. + WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool + + // ForResource gives generic access to a shared informer of the matching type. + ForResource(resource schema.GroupVersionResource) (GenericInformer, error) + + // InformerFor returns the SharedIndexInformer for obj using an internal + // client. + InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer + + Acme() acme.Interface + Certmanager() certmanager.Interface +} + +func (f *sharedInformerFactory) Acme() acme.Interface { + return acme.New(f, f.namespace, f.tweakListOptions) +} + +func (f *sharedInformerFactory) Certmanager() certmanager.Interface { + return certmanager.New(f, f.namespace, f.tweakListOptions) +} diff --git a/pkg/client/certmanager/informers/externalversions/generic.go b/pkg/client/certmanager/informers/externalversions/generic.go new file mode 100644 index 00000000000..cb5a0be6df6 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/generic.go @@ -0,0 +1,75 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package externalversions + +import ( + "fmt" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + schema "k8s.io/apimachinery/pkg/runtime/schema" + cache "k8s.io/client-go/tools/cache" +) + +// GenericInformer is type of SharedIndexInformer which will locate and delegate to other +// sharedInformers based on type +type GenericInformer interface { + Informer() cache.SharedIndexInformer + Lister() cache.GenericLister +} + +type genericInformer struct { + informer cache.SharedIndexInformer + resource schema.GroupResource +} + +// Informer returns the SharedIndexInformer. +func (f *genericInformer) Informer() cache.SharedIndexInformer { + return f.informer +} + +// Lister returns the GenericLister. +func (f *genericInformer) Lister() cache.GenericLister { + return cache.NewGenericLister(f.Informer().GetIndexer(), f.resource) +} + +// ForResource gives generic access to a shared informer of the matching type +// TODO extend this to unknown resources with a client pool +func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { + switch resource { + // Group=acme.cert-manager.io, Version=v1 + case v1.SchemeGroupVersion.WithResource("challenges"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Acme().V1().Challenges().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("orders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Acme().V1().Orders().Informer()}, nil + + // Group=cert-manager.io, Version=v1 + case certmanagerv1.SchemeGroupVersion.WithResource("certificates"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1().Certificates().Informer()}, nil + case certmanagerv1.SchemeGroupVersion.WithResource("certificaterequests"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1().CertificateRequests().Informer()}, nil + case certmanagerv1.SchemeGroupVersion.WithResource("clusterissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1().ClusterIssuers().Informer()}, nil + case certmanagerv1.SchemeGroupVersion.WithResource("issuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Certmanager().V1().Issuers().Informer()}, nil + + } + + return nil, fmt.Errorf("no informer found for %v", resource) +} diff --git a/pkg/client/certmanager/informers/externalversions/internalinterfaces/factory_interfaces.go b/pkg/client/certmanager/informers/externalversions/internalinterfaces/factory_interfaces.go new file mode 100644 index 00000000000..79c136d94f4 --- /dev/null +++ b/pkg/client/certmanager/informers/externalversions/internalinterfaces/factory_interfaces.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package internalinterfaces + +import ( + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + cache "k8s.io/client-go/tools/cache" + versioned "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" +) + +// NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer. +type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer + +// SharedInformerFactory a small interface to allow for adding an informer without an import cycle +type SharedInformerFactory interface { + Start(stopCh <-chan struct{}) + InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer +} + +// TweakListOptionsFunc is a function that transforms a v1.ListOptions. +type TweakListOptionsFunc func(*v1.ListOptions) diff --git a/pkg/client/certmanager/injection/client/client.go b/pkg/client/certmanager/injection/client/client.go new file mode 100644 index 00000000000..a9cf608ae05 --- /dev/null +++ b/pkg/client/certmanager/injection/client/client.go @@ -0,0 +1,57 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package client + +import ( + context "context" + + rest "k8s.io/client-go/rest" + versioned "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterClient(withClientFromConfig) + injection.Default.RegisterClientFetcher(func(ctx context.Context) interface{} { + return Get(ctx) + }) +} + +// Key is used as the key for associating information with a context.Context. +type Key struct{} + +func withClientFromConfig(ctx context.Context, cfg *rest.Config) context.Context { + return context.WithValue(ctx, Key{}, versioned.NewForConfigOrDie(cfg)) +} + +// Get extracts the versioned.Interface client from the context. +func Get(ctx context.Context) versioned.Interface { + untyped := ctx.Value(Key{}) + if untyped == nil { + if injection.GetConfig(ctx) == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/clientset/versioned.Interface from context. This context is not the application context (which is typically given to constructors via sharedmain).") + } else { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/clientset/versioned.Interface from context.") + } + } + return untyped.(versioned.Interface) +} diff --git a/pkg/client/certmanager/injection/client/fake/fake.go b/pkg/client/certmanager/injection/client/fake/fake.go new file mode 100644 index 00000000000..43e4a7239f8 --- /dev/null +++ b/pkg/client/certmanager/injection/client/fake/fake.go @@ -0,0 +1,57 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + runtime "k8s.io/apimachinery/pkg/runtime" + rest "k8s.io/client-go/rest" + fake "knative.dev/eventing/pkg/client/certmanager/clientset/versioned/fake" + client "knative.dev/eventing/pkg/client/certmanager/injection/client" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Fake.RegisterClient(withClient) + injection.Fake.RegisterClientFetcher(func(ctx context.Context) interface{} { + return Get(ctx) + }) +} + +func withClient(ctx context.Context, cfg *rest.Config) context.Context { + ctx, _ = With(ctx) + return ctx +} + +func With(ctx context.Context, objects ...runtime.Object) (context.Context, *fake.Clientset) { + cs := fake.NewSimpleClientset(objects...) + return context.WithValue(ctx, client.Key{}, cs), cs +} + +// Get extracts the Kubernetes client from the context. +func Get(ctx context.Context) *fake.Clientset { + untyped := ctx.Value(client.Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/clientset/versioned/fake.Clientset from context.") + } + return untyped.(*fake.Clientset) +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/challenge/challenge.go b/pkg/client/certmanager/injection/informers/acme/v1/challenge/challenge.go new file mode 100644 index 00000000000..22969ecc776 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/challenge.go @@ -0,0 +1,47 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package challenge + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme/v1" + factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory" + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Acme().V1().Challenges() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.ChallengeInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme/v1.ChallengeInformer from context.") + } + return untyped.(v1.ChallengeInformer) +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/challenge/fake/fake.go b/pkg/client/certmanager/injection/informers/acme/v1/challenge/fake/fake.go new file mode 100644 index 00000000000..7864ec8b2cb --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + challenge "knative.dev/eventing/pkg/client/certmanager/injection/informers/acme/v1/challenge" + fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" +) + +var Get = challenge.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Acme().V1().Challenges() + return context.WithValue(ctx, challenge.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/challenge.go b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/challenge.go new file mode 100644 index 00000000000..8b44b4dc597 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/challenge.go @@ -0,0 +1,65 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme/v1" + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Acme().V1().Challenges() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.ChallengeInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme/v1.ChallengeInformer with selector %s from context.", selector) + } + return untyped.(v1.ChallengeInformer) +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/fake/fake.go new file mode 100644 index 00000000000..6b56dbb7b6a --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered" + factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Acme().V1().Challenges() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/order/fake/fake.go b/pkg/client/certmanager/injection/informers/acme/v1/order/fake/fake.go new file mode 100644 index 00000000000..1bc1b0dffb1 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/order/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + order "knative.dev/eventing/pkg/client/certmanager/injection/informers/acme/v1/order" + fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" +) + +var Get = order.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Acme().V1().Orders() + return context.WithValue(ctx, order.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/fake/fake.go new file mode 100644 index 00000000000..10be33fe2c9 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/acme/v1/order/filtered" + factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Acme().V1().Orders() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/order.go b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/order.go new file mode 100644 index 00000000000..e843ce8ff38 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/order.go @@ -0,0 +1,65 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme/v1" + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Acme().V1().Orders() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.OrderInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme/v1.OrderInformer with selector %s from context.", selector) + } + return untyped.(v1.OrderInformer) +} diff --git a/pkg/client/certmanager/injection/informers/acme/v1/order/order.go b/pkg/client/certmanager/injection/informers/acme/v1/order/order.go new file mode 100644 index 00000000000..33c30d2ea46 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/acme/v1/order/order.go @@ -0,0 +1,47 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package order + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme/v1" + factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory" + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Acme().V1().Orders() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.OrderInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/acme/v1.OrderInformer from context.") + } + return untyped.(v1.OrderInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/certificate.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/certificate.go new file mode 100644 index 00000000000..ee96d7d0171 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/certificate.go @@ -0,0 +1,47 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package certificate + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1" + factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory" + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Certmanager().V1().Certificates() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.CertificateInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1.CertificateInformer from context.") + } + return untyped.(v1.CertificateInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/fake/fake.go new file mode 100644 index 00000000000..4a1f2987fed --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + certificate "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificate" + fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" +) + +var Get = certificate.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Certmanager().V1().Certificates() + return context.WithValue(ctx, certificate.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/certificate.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/certificate.go new file mode 100644 index 00000000000..409f43366fd --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/certificate.go @@ -0,0 +1,65 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1" + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Certmanager().V1().Certificates() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.CertificateInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1.CertificateInformer with selector %s from context.", selector) + } + return untyped.(v1.CertificateInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/fake/fake.go new file mode 100644 index 00000000000..f1ee094462a --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered" + factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Certmanager().V1().Certificates() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/certificaterequest.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/certificaterequest.go new file mode 100644 index 00000000000..b9e39c09731 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/certificaterequest.go @@ -0,0 +1,47 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package certificaterequest + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1" + factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory" + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Certmanager().V1().CertificateRequests() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.CertificateRequestInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1.CertificateRequestInformer from context.") + } + return untyped.(v1.CertificateRequestInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/fake/fake.go new file mode 100644 index 00000000000..72b86ab276f --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + certificaterequest "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest" + fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" +) + +var Get = certificaterequest.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Certmanager().V1().CertificateRequests() + return context.WithValue(ctx, certificaterequest.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/certificaterequest.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/certificaterequest.go new file mode 100644 index 00000000000..573d54c9c75 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/certificaterequest.go @@ -0,0 +1,65 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1" + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Certmanager().V1().CertificateRequests() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.CertificateRequestInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1.CertificateRequestInformer with selector %s from context.", selector) + } + return untyped.(v1.CertificateRequestInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/fake/fake.go new file mode 100644 index 00000000000..885b4162c51 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered" + factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Certmanager().V1().CertificateRequests() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/clusterissuer.go b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/clusterissuer.go new file mode 100644 index 00000000000..2e3299608db --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/clusterissuer.go @@ -0,0 +1,47 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package clusterissuer + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1" + factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory" + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Certmanager().V1().ClusterIssuers() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.ClusterIssuerInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1.ClusterIssuerInformer from context.") + } + return untyped.(v1.ClusterIssuerInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/fake/fake.go new file mode 100644 index 00000000000..a73e1c5b76d --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + clusterissuer "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer" + fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" +) + +var Get = clusterissuer.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Certmanager().V1().ClusterIssuers() + return context.WithValue(ctx, clusterissuer.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/clusterissuer.go b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/clusterissuer.go new file mode 100644 index 00000000000..cd0d6027523 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/clusterissuer.go @@ -0,0 +1,65 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1" + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Certmanager().V1().ClusterIssuers() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.ClusterIssuerInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1.ClusterIssuerInformer with selector %s from context.", selector) + } + return untyped.(v1.ClusterIssuerInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/fake/fake.go new file mode 100644 index 00000000000..804dc43a79f --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered" + factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Certmanager().V1().ClusterIssuers() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/fake/fake.go new file mode 100644 index 00000000000..8cae3f8d208 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/fake/fake.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + issuer "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/issuer" + fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" +) + +var Get = issuer.Get + +func init() { + injection.Fake.RegisterInformer(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, controller.Informer) { + f := fake.Get(ctx) + inf := f.Certmanager().V1().Issuers() + return context.WithValue(ctx, issuer.Key{}, inf), inf.Informer() +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/fake/fake.go b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/fake/fake.go new file mode 100644 index 00000000000..d2e8f958fb7 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered" + factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Certmanager().V1().Issuers() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/issuer.go b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/issuer.go new file mode 100644 index 00000000000..c09145efe4a --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/issuer.go @@ -0,0 +1,65 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1" + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Certmanager().V1().Issuers() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.IssuerInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1.IssuerInformer with selector %s from context.", selector) + } + return untyped.(v1.IssuerInformer) +} diff --git a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/issuer.go b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/issuer.go new file mode 100644 index 00000000000..ea3ce85479c --- /dev/null +++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/issuer.go @@ -0,0 +1,47 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package issuer + +import ( + context "context" + + v1 "knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1" + factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory" + controller "knative.dev/pkg/controller" + logging "knative.dev/pkg/logging" +) + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithInformer(ctx context.Context) (context.Context, controller.Informer) { + f := factory.Get(ctx) + inf := f.Certmanager().V1().Issuers() + return context.WithValue(ctx, Key{}, inf), inf.Informer() +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) v1.IssuerInformer { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions/certmanager/v1.IssuerInformer from context.") + } + return untyped.(v1.IssuerInformer) +} diff --git a/pkg/client/certmanager/injection/informers/factory/factory.go b/pkg/client/certmanager/injection/informers/factory/factory.go new file mode 100644 index 00000000000..feeac1a93e6 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/factory/factory.go @@ -0,0 +1,56 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package factory + +import ( + context "context" + + externalversions "knative.dev/eventing/pkg/client/certmanager/informers/externalversions" + client "knative.dev/eventing/pkg/client/certmanager/injection/client" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterInformerFactory(withInformerFactory) +} + +// Key is used as the key for associating information with a context.Context. +type Key struct{} + +func withInformerFactory(ctx context.Context) context.Context { + c := client.Get(ctx) + opts := make([]externalversions.SharedInformerOption, 0, 1) + if injection.HasNamespaceScope(ctx) { + opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) + } + return context.WithValue(ctx, Key{}, + externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) +} + +// Get extracts the InformerFactory from the context. +func Get(ctx context.Context) externalversions.SharedInformerFactory { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions.SharedInformerFactory from context.") + } + return untyped.(externalversions.SharedInformerFactory) +} diff --git a/pkg/client/certmanager/injection/informers/factory/fake/fake.go b/pkg/client/certmanager/injection/informers/factory/fake/fake.go new file mode 100644 index 00000000000..c608b86107a --- /dev/null +++ b/pkg/client/certmanager/injection/informers/factory/fake/fake.go @@ -0,0 +1,45 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + externalversions "knative.dev/eventing/pkg/client/certmanager/informers/externalversions" + fake "knative.dev/eventing/pkg/client/certmanager/injection/client/fake" + factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" +) + +var Get = factory.Get + +func init() { + injection.Fake.RegisterInformerFactory(withInformerFactory) +} + +func withInformerFactory(ctx context.Context) context.Context { + c := fake.Get(ctx) + opts := make([]externalversions.SharedInformerOption, 0, 1) + if injection.HasNamespaceScope(ctx) { + opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) + } + return context.WithValue(ctx, factory.Key{}, + externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) +} diff --git a/pkg/client/certmanager/injection/informers/factory/filtered/fake/fake_filtered_factory.go b/pkg/client/certmanager/injection/informers/factory/filtered/fake/fake_filtered_factory.go new file mode 100644 index 00000000000..2ce583dd428 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/factory/filtered/fake/fake_filtered_factory.go @@ -0,0 +1,60 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fakeFilteredFactory + +import ( + context "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + externalversions "knative.dev/eventing/pkg/client/certmanager/informers/externalversions" + fake "knative.dev/eventing/pkg/client/certmanager/injection/client/fake" + filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterInformerFactory(withInformerFactory) +} + +func withInformerFactory(ctx context.Context) context.Context { + c := fake.Get(ctx) + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + for _, selector := range labelSelectors { + selectorVal := selector + opts := []externalversions.SharedInformerOption{} + if injection.HasNamespaceScope(ctx) { + opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) + } + opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { + l.LabelSelector = selectorVal + })) + ctx = context.WithValue(ctx, filtered.Key{Selector: selectorVal}, + externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) + } + return ctx +} diff --git a/pkg/client/certmanager/injection/informers/factory/filtered/filtered_factory.go b/pkg/client/certmanager/injection/informers/factory/filtered/filtered_factory.go new file mode 100644 index 00000000000..81197395057 --- /dev/null +++ b/pkg/client/certmanager/injection/informers/factory/filtered/filtered_factory.go @@ -0,0 +1,78 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filteredFactory + +import ( + context "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + externalversions "knative.dev/eventing/pkg/client/certmanager/informers/externalversions" + client "knative.dev/eventing/pkg/client/certmanager/injection/client" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterInformerFactory(withInformerFactory) +} + +// Key is used as the key for associating information with a context.Context. +type Key struct { + Selector string +} + +type LabelKey struct{} + +func WithSelectors(ctx context.Context, selector ...string) context.Context { + return context.WithValue(ctx, LabelKey{}, selector) +} + +func withInformerFactory(ctx context.Context) context.Context { + c := client.Get(ctx) + untyped := ctx.Value(LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + for _, selector := range labelSelectors { + selectorVal := selector + opts := []externalversions.SharedInformerOption{} + if injection.HasNamespaceScope(ctx) { + opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) + } + opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { + l.LabelSelector = selectorVal + })) + ctx = context.WithValue(ctx, Key{Selector: selectorVal}, + externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) + } + return ctx +} + +// Get extracts the InformerFactory from the context. +func Get(ctx context.Context, selector string) externalversions.SharedInformerFactory { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch knative.dev/eventing/pkg/client/certmanager/informers/externalversions.SharedInformerFactory with selector %s from context.", selector) + } + return untyped.(externalversions.SharedInformerFactory) +} diff --git a/pkg/client/certmanager/listers/acme/v1/challenge.go b/pkg/client/certmanager/listers/acme/v1/challenge.go new file mode 100644 index 00000000000..33ba82b624e --- /dev/null +++ b/pkg/client/certmanager/listers/acme/v1/challenge.go @@ -0,0 +1,99 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ChallengeLister helps list Challenges. +// All objects returned here must be treated as read-only. +type ChallengeLister interface { + // List lists all Challenges in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Challenge, err error) + // Challenges returns an object that can list and get Challenges. + Challenges(namespace string) ChallengeNamespaceLister + ChallengeListerExpansion +} + +// challengeLister implements the ChallengeLister interface. +type challengeLister struct { + indexer cache.Indexer +} + +// NewChallengeLister returns a new ChallengeLister. +func NewChallengeLister(indexer cache.Indexer) ChallengeLister { + return &challengeLister{indexer: indexer} +} + +// List lists all Challenges in the indexer. +func (s *challengeLister) List(selector labels.Selector) (ret []*v1.Challenge, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Challenge)) + }) + return ret, err +} + +// Challenges returns an object that can list and get Challenges. +func (s *challengeLister) Challenges(namespace string) ChallengeNamespaceLister { + return challengeNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// ChallengeNamespaceLister helps list and get Challenges. +// All objects returned here must be treated as read-only. +type ChallengeNamespaceLister interface { + // List lists all Challenges in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Challenge, err error) + // Get retrieves the Challenge from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.Challenge, error) + ChallengeNamespaceListerExpansion +} + +// challengeNamespaceLister implements the ChallengeNamespaceLister +// interface. +type challengeNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Challenges in the indexer for a given namespace. +func (s challengeNamespaceLister) List(selector labels.Selector) (ret []*v1.Challenge, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Challenge)) + }) + return ret, err +} + +// Get retrieves the Challenge from the indexer for a given namespace and name. +func (s challengeNamespaceLister) Get(name string) (*v1.Challenge, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("challenge"), name) + } + return obj.(*v1.Challenge), nil +} diff --git a/pkg/client/certmanager/listers/acme/v1/expansion_generated.go b/pkg/client/certmanager/listers/acme/v1/expansion_generated.go new file mode 100644 index 00000000000..3ac442b5f7c --- /dev/null +++ b/pkg/client/certmanager/listers/acme/v1/expansion_generated.go @@ -0,0 +1,35 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +// ChallengeListerExpansion allows custom methods to be added to +// ChallengeLister. +type ChallengeListerExpansion interface{} + +// ChallengeNamespaceListerExpansion allows custom methods to be added to +// ChallengeNamespaceLister. +type ChallengeNamespaceListerExpansion interface{} + +// OrderListerExpansion allows custom methods to be added to +// OrderLister. +type OrderListerExpansion interface{} + +// OrderNamespaceListerExpansion allows custom methods to be added to +// OrderNamespaceLister. +type OrderNamespaceListerExpansion interface{} diff --git a/pkg/client/certmanager/listers/acme/v1/order.go b/pkg/client/certmanager/listers/acme/v1/order.go new file mode 100644 index 00000000000..7c6d360f6d9 --- /dev/null +++ b/pkg/client/certmanager/listers/acme/v1/order.go @@ -0,0 +1,99 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// OrderLister helps list Orders. +// All objects returned here must be treated as read-only. +type OrderLister interface { + // List lists all Orders in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Order, err error) + // Orders returns an object that can list and get Orders. + Orders(namespace string) OrderNamespaceLister + OrderListerExpansion +} + +// orderLister implements the OrderLister interface. +type orderLister struct { + indexer cache.Indexer +} + +// NewOrderLister returns a new OrderLister. +func NewOrderLister(indexer cache.Indexer) OrderLister { + return &orderLister{indexer: indexer} +} + +// List lists all Orders in the indexer. +func (s *orderLister) List(selector labels.Selector) (ret []*v1.Order, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Order)) + }) + return ret, err +} + +// Orders returns an object that can list and get Orders. +func (s *orderLister) Orders(namespace string) OrderNamespaceLister { + return orderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// OrderNamespaceLister helps list and get Orders. +// All objects returned here must be treated as read-only. +type OrderNamespaceLister interface { + // List lists all Orders in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Order, err error) + // Get retrieves the Order from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.Order, error) + OrderNamespaceListerExpansion +} + +// orderNamespaceLister implements the OrderNamespaceLister +// interface. +type orderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Orders in the indexer for a given namespace. +func (s orderNamespaceLister) List(selector labels.Selector) (ret []*v1.Order, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Order)) + }) + return ret, err +} + +// Get retrieves the Order from the indexer for a given namespace and name. +func (s orderNamespaceLister) Get(name string) (*v1.Order, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("order"), name) + } + return obj.(*v1.Order), nil +} diff --git a/pkg/client/certmanager/listers/certmanager/v1/certificate.go b/pkg/client/certmanager/listers/certmanager/v1/certificate.go new file mode 100644 index 00000000000..7787987e7a5 --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/certificate.go @@ -0,0 +1,99 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// CertificateLister helps list Certificates. +// All objects returned here must be treated as read-only. +type CertificateLister interface { + // List lists all Certificates in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Certificate, err error) + // Certificates returns an object that can list and get Certificates. + Certificates(namespace string) CertificateNamespaceLister + CertificateListerExpansion +} + +// certificateLister implements the CertificateLister interface. +type certificateLister struct { + indexer cache.Indexer +} + +// NewCertificateLister returns a new CertificateLister. +func NewCertificateLister(indexer cache.Indexer) CertificateLister { + return &certificateLister{indexer: indexer} +} + +// List lists all Certificates in the indexer. +func (s *certificateLister) List(selector labels.Selector) (ret []*v1.Certificate, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Certificate)) + }) + return ret, err +} + +// Certificates returns an object that can list and get Certificates. +func (s *certificateLister) Certificates(namespace string) CertificateNamespaceLister { + return certificateNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// CertificateNamespaceLister helps list and get Certificates. +// All objects returned here must be treated as read-only. +type CertificateNamespaceLister interface { + // List lists all Certificates in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Certificate, err error) + // Get retrieves the Certificate from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.Certificate, error) + CertificateNamespaceListerExpansion +} + +// certificateNamespaceLister implements the CertificateNamespaceLister +// interface. +type certificateNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Certificates in the indexer for a given namespace. +func (s certificateNamespaceLister) List(selector labels.Selector) (ret []*v1.Certificate, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Certificate)) + }) + return ret, err +} + +// Get retrieves the Certificate from the indexer for a given namespace and name. +func (s certificateNamespaceLister) Get(name string) (*v1.Certificate, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("certificate"), name) + } + return obj.(*v1.Certificate), nil +} diff --git a/pkg/client/certmanager/listers/certmanager/v1/certificaterequest.go b/pkg/client/certmanager/listers/certmanager/v1/certificaterequest.go new file mode 100644 index 00000000000..bbb6860864b --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/certificaterequest.go @@ -0,0 +1,99 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// CertificateRequestLister helps list CertificateRequests. +// All objects returned here must be treated as read-only. +type CertificateRequestLister interface { + // List lists all CertificateRequests in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) + // CertificateRequests returns an object that can list and get CertificateRequests. + CertificateRequests(namespace string) CertificateRequestNamespaceLister + CertificateRequestListerExpansion +} + +// certificateRequestLister implements the CertificateRequestLister interface. +type certificateRequestLister struct { + indexer cache.Indexer +} + +// NewCertificateRequestLister returns a new CertificateRequestLister. +func NewCertificateRequestLister(indexer cache.Indexer) CertificateRequestLister { + return &certificateRequestLister{indexer: indexer} +} + +// List lists all CertificateRequests in the indexer. +func (s *certificateRequestLister) List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.CertificateRequest)) + }) + return ret, err +} + +// CertificateRequests returns an object that can list and get CertificateRequests. +func (s *certificateRequestLister) CertificateRequests(namespace string) CertificateRequestNamespaceLister { + return certificateRequestNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// CertificateRequestNamespaceLister helps list and get CertificateRequests. +// All objects returned here must be treated as read-only. +type CertificateRequestNamespaceLister interface { + // List lists all CertificateRequests in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) + // Get retrieves the CertificateRequest from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.CertificateRequest, error) + CertificateRequestNamespaceListerExpansion +} + +// certificateRequestNamespaceLister implements the CertificateRequestNamespaceLister +// interface. +type certificateRequestNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all CertificateRequests in the indexer for a given namespace. +func (s certificateRequestNamespaceLister) List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.CertificateRequest)) + }) + return ret, err +} + +// Get retrieves the CertificateRequest from the indexer for a given namespace and name. +func (s certificateRequestNamespaceLister) Get(name string) (*v1.CertificateRequest, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("certificaterequest"), name) + } + return obj.(*v1.CertificateRequest), nil +} diff --git a/pkg/client/certmanager/listers/certmanager/v1/clusterissuer.go b/pkg/client/certmanager/listers/certmanager/v1/clusterissuer.go new file mode 100644 index 00000000000..0a59a5b8fb4 --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/clusterissuer.go @@ -0,0 +1,68 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterIssuerLister helps list ClusterIssuers. +// All objects returned here must be treated as read-only. +type ClusterIssuerLister interface { + // List lists all ClusterIssuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) + // Get retrieves the ClusterIssuer from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterIssuer, error) + ClusterIssuerListerExpansion +} + +// clusterIssuerLister implements the ClusterIssuerLister interface. +type clusterIssuerLister struct { + indexer cache.Indexer +} + +// NewClusterIssuerLister returns a new ClusterIssuerLister. +func NewClusterIssuerLister(indexer cache.Indexer) ClusterIssuerLister { + return &clusterIssuerLister{indexer: indexer} +} + +// List lists all ClusterIssuers in the indexer. +func (s *clusterIssuerLister) List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterIssuer)) + }) + return ret, err +} + +// Get retrieves the ClusterIssuer from the index for a given name. +func (s *clusterIssuerLister) Get(name string) (*v1.ClusterIssuer, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusterissuer"), name) + } + return obj.(*v1.ClusterIssuer), nil +} diff --git a/pkg/client/certmanager/listers/certmanager/v1/expansion_generated.go b/pkg/client/certmanager/listers/certmanager/v1/expansion_generated.go new file mode 100644 index 00000000000..d8a20ac3c8b --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/expansion_generated.go @@ -0,0 +1,47 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +// CertificateListerExpansion allows custom methods to be added to +// CertificateLister. +type CertificateListerExpansion interface{} + +// CertificateNamespaceListerExpansion allows custom methods to be added to +// CertificateNamespaceLister. +type CertificateNamespaceListerExpansion interface{} + +// CertificateRequestListerExpansion allows custom methods to be added to +// CertificateRequestLister. +type CertificateRequestListerExpansion interface{} + +// CertificateRequestNamespaceListerExpansion allows custom methods to be added to +// CertificateRequestNamespaceLister. +type CertificateRequestNamespaceListerExpansion interface{} + +// ClusterIssuerListerExpansion allows custom methods to be added to +// ClusterIssuerLister. +type ClusterIssuerListerExpansion interface{} + +// IssuerListerExpansion allows custom methods to be added to +// IssuerLister. +type IssuerListerExpansion interface{} + +// IssuerNamespaceListerExpansion allows custom methods to be added to +// IssuerNamespaceLister. +type IssuerNamespaceListerExpansion interface{} diff --git a/pkg/client/certmanager/listers/certmanager/v1/issuer.go b/pkg/client/certmanager/listers/certmanager/v1/issuer.go new file mode 100644 index 00000000000..4e91d70d91b --- /dev/null +++ b/pkg/client/certmanager/listers/certmanager/v1/issuer.go @@ -0,0 +1,99 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// IssuerLister helps list Issuers. +// All objects returned here must be treated as read-only. +type IssuerLister interface { + // List lists all Issuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Issuer, err error) + // Issuers returns an object that can list and get Issuers. + Issuers(namespace string) IssuerNamespaceLister + IssuerListerExpansion +} + +// issuerLister implements the IssuerLister interface. +type issuerLister struct { + indexer cache.Indexer +} + +// NewIssuerLister returns a new IssuerLister. +func NewIssuerLister(indexer cache.Indexer) IssuerLister { + return &issuerLister{indexer: indexer} +} + +// List lists all Issuers in the indexer. +func (s *issuerLister) List(selector labels.Selector) (ret []*v1.Issuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Issuer)) + }) + return ret, err +} + +// Issuers returns an object that can list and get Issuers. +func (s *issuerLister) Issuers(namespace string) IssuerNamespaceLister { + return issuerNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// IssuerNamespaceLister helps list and get Issuers. +// All objects returned here must be treated as read-only. +type IssuerNamespaceLister interface { + // List lists all Issuers in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.Issuer, err error) + // Get retrieves the Issuer from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.Issuer, error) + IssuerNamespaceListerExpansion +} + +// issuerNamespaceLister implements the IssuerNamespaceLister +// interface. +type issuerNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Issuers in the indexer for a given namespace. +func (s issuerNamespaceLister) List(selector labels.Selector) (ret []*v1.Issuer, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.Issuer)) + }) + return ret, err +} + +// Get retrieves the Issuer from the indexer for a given namespace and name. +func (s issuerNamespaceLister) Get(name string) (*v1.Issuer, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("issuer"), name) + } + return obj.(*v1.Issuer), nil +} diff --git a/pkg/eventingtls/eventingtls.go b/pkg/eventingtls/eventingtls.go index eedea290d51..718a744c197 100644 --- a/pkg/eventingtls/eventingtls.go +++ b/pkg/eventingtls/eventingtls.go @@ -57,9 +57,6 @@ const ( BrokerFilterServerTLSSecretName = "mt-broker-filter-server-tls" //nolint:gosec // This is not a hardcoded credential // BrokerIngressServerTLSSecretName is the name of the tls secret for the broker ingress server BrokerIngressServerTLSSecretName = "mt-broker-ingress-server-tls" //nolint:gosec // This is not a hardcoded credential - - // IntegrationSinkDispatcherServerTLSSecretName is the name of the tls secret for the integration sink dispatcher server - IntegrationSinkDispatcherServerTLSSecretName = "integration-sink-server-tls" //nolint:gosec // This is not a hardcoded credential ) type ClientConfig struct { diff --git a/pkg/reconciler/integration/sink/controller.go b/pkg/reconciler/integration/sink/controller.go index a50e2e8c9ac..3019bf28783 100644 --- a/pkg/reconciler/integration/sink/controller.go +++ b/pkg/reconciler/integration/sink/controller.go @@ -19,6 +19,10 @@ package sink import ( "context" + cmclient "knative.dev/eventing/pkg/client/certmanager/injection/client" + cmcertinformer "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificate" + pkgreconciler "knative.dev/pkg/reconciler" + "k8s.io/client-go/tools/cache" "knative.dev/eventing/pkg/apis/feature" v1alpha1 "knative.dev/eventing/pkg/apis/sinks/v1alpha1" @@ -28,15 +32,12 @@ import ( deploymentinformer "knative.dev/pkg/client/injection/kube/informers/apps/v1/deployment" "knative.dev/pkg/client/injection/kube/informers/core/v1/service" - secretinformer "knative.dev/pkg/injection/clients/namespacedkube/informers/core/v1/secret" - integrationsinkreconciler "knative.dev/eventing/pkg/client/injection/reconciler/sinks/v1alpha1/integrationsink" - "knative.dev/eventing/pkg/eventingtls" kubeclient "knative.dev/pkg/client/injection/kube/client" + secretinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/secret/filtered" "knative.dev/pkg/configmap" "knative.dev/pkg/controller" "knative.dev/pkg/logging" - "knative.dev/pkg/system" ) // NewController creates a Reconciler for IntegrationSource and returns the result of NewImpl. @@ -45,7 +46,7 @@ func NewController( cmw configmap.Watcher, ) *controller.Impl { integrationSinkInformer := integrationsink.Get(ctx) - secretInformer := secretinformer.Get(ctx) + secretInformer := secretinformer.Get(ctx, "app.kubernetes.io/name") eventPolicyInformer := eventpolicy.Get(ctx) deploymentInformer := deploymentinformer.Get(ctx) @@ -57,11 +58,12 @@ func NewController( deploymentLister: deploymentInformer.Lister(), serviceLister: serviceInformer.Lister(), - systemNamespace: system.Namespace(), secretLister: secretInformer.Lister(), eventPolicyLister: eventPolicyInformer.Lister(), } + // featureFlags := feature.FromContext(ctx) + var globalResync func(obj interface{}) featureStore := feature.NewStore(logging.FromContext(ctx).Named("feature-config-store"), func(name string, value interface{}) { @@ -71,6 +73,13 @@ func NewController( }) featureStore.WatchConfigs(cmw) + // If not enabled, it is disable, strict or Permissive + if featureStore.Load().IsPermissiveTransportEncryption() || featureStore.Load().IsStrictTransportEncryption() { + cmCertificateInformer := cmcertinformer.Get(ctx) + r.cmCertificateLister = cmCertificateInformer.Lister() + r.certManagerClient = cmclient.Get(ctx) + } + impl := integrationsinkreconciler.NewImpl(ctx, r, func(impl *controller.Impl) controller.Options { return controller.Options{ ConfigStore: featureStore, @@ -82,8 +91,9 @@ func NewController( globalResync = func(interface{}) { impl.GlobalResync(integrationSinkInformer.Informer()) } + secretInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: controller.FilterWithName(eventingtls.IntegrationSinkDispatcherServerTLSSecretName), + FilterFunc: pkgreconciler.LabelFilterFunc("app.kubernetes.io/name", "integration-sink", false), Handler: controller.HandleAll(globalResync), }) diff --git a/pkg/reconciler/integration/sink/integrationsink.go b/pkg/reconciler/integration/sink/integrationsink.go index fcce9483eb3..ea8cd421410 100644 --- a/pkg/reconciler/integration/sink/integrationsink.go +++ b/pkg/reconciler/integration/sink/integrationsink.go @@ -20,6 +20,8 @@ import ( "context" "fmt" + cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + v1 "k8s.io/api/apps/v1" "k8s.io/apimachinery/pkg/api/equality" @@ -40,6 +42,11 @@ import ( sinks "knative.dev/eventing/pkg/apis/sinks/v1alpha1" "knative.dev/eventing/pkg/auth" eventingv1alpha1listers "knative.dev/eventing/pkg/client/listers/eventing/v1alpha1" + + certmanagerclientset "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + + certmanagerlisters "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" + "knative.dev/eventing/pkg/eventingtls" duckv1 "knative.dev/pkg/apis/duck/v1" "knative.dev/pkg/controller" @@ -49,11 +56,12 @@ import ( const ( // Name of the corev1.Events emitted from the reconciliation process - sinkReconciled = "IntegrationSinkReconciled" - deploymentCreated = "DeploymentCreated" - deploymentUpdated = "DeploymentUpdated" - serviceCreated = "ServiceCreated" - serviceUpdated = "ServiceUpdated" + sinkReconciled = "IntegrationSinkReconciled" + deploymentCreated = "DeploymentCreated" + deploymentUpdated = "DeploymentUpdated" + serviceCreated = "ServiceCreated" + certificateCreated = "CertificateCreated" + serviceUpdated = "ServiceUpdated" ) type Reconciler struct { @@ -62,10 +70,10 @@ type Reconciler struct { kubeClientSet kubernetes.Interface - deploymentLister appsv1listers.DeploymentLister - serviceLister corev1listers.ServiceLister - - systemNamespace string + deploymentLister appsv1listers.DeploymentLister + serviceLister corev1listers.ServiceLister + cmCertificateLister certmanagerlisters.CertificateLister + certManagerClient certmanagerclientset.Interface } // newReconciledNormal makes a new reconciler event with event type Normal, and @@ -77,7 +85,15 @@ func newReconciledNormal(namespace, name string) reconciler.Event { func (r *Reconciler) ReconcileKind(ctx context.Context, sink *sinks.IntegrationSink) reconciler.Event { featureFlags := feature.FromContext(ctx) - _, err := r.reconcileDeployment(ctx, sink) + if featureFlags.IsPermissiveTransportEncryption() || featureFlags.IsStrictTransportEncryption() { + _, err := r.reconcileCMCertificate(ctx, sink) + if err != nil { + logging.FromContext(ctx).Errorw("Error reconciling Certificate", zap.Error(err)) + return err + } + } + + _, err := r.reconcileDeployment(ctx, sink, featureFlags) if err != nil { logging.FromContext(ctx).Errorw("Error reconciling Pod", zap.Error(err)) return err @@ -101,9 +117,9 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, sink *sinks.IntegrationS return newReconciledNormal(sink.Namespace, sink.Name) } -func (r *Reconciler) reconcileDeployment(ctx context.Context, sink *sinks.IntegrationSink) (*v1.Deployment, error) { +func (r *Reconciler) reconcileDeployment(ctx context.Context, sink *sinks.IntegrationSink, featureFlags feature.Flags) (*v1.Deployment, error) { - expected := resources.MakeDeploymentSpec(sink) + expected := resources.MakeDeploymentSpec(sink, featureFlags) deployment, err := r.deploymentLister.Deployments(sink.Namespace).Get(expected.Name) if apierrors.IsNotFound(err) { deployment, err = r.kubeClientSet.AppsV1().Deployments(sink.Namespace).Create(ctx, expected, metav1.CreateOptions{}) @@ -152,11 +168,33 @@ func (r *Reconciler) reconcileService(ctx context.Context, sink *sinks.Integrati return svc, nil } +func (r *Reconciler) reconcileCMCertificate(ctx context.Context, sink *sinks.IntegrationSink) (*cmv1.Certificate, error) { + + expected := resources.MakeCertificate(sink) + + cert, err := r.cmCertificateLister.Certificates(sink.Namespace).Get(expected.Name) + if apierrors.IsNotFound(err) { + cert, err := r.certManagerClient.CertmanagerV1().Certificates(sink.Namespace).Create(ctx, expected, metav1.CreateOptions{}) + if err != nil { + return nil, fmt.Errorf("creating new Certificate: %v", err) + } + controller.GetEventRecorder(ctx).Eventf(sink, corev1.EventTypeNormal, certificateCreated, "Certificate created %q", cert.Name) + } else if err != nil { + return nil, fmt.Errorf("getting Certificate: %v", err) + } else if !metav1.IsControlledBy(cert, sink) { + return nil, fmt.Errorf("Certificate %q is not owned by IntegrationSink %q", cert.Name, sink.Name) + } else { + logging.FromContext(ctx).Debugw("Reusing existing Certificate", zap.Any("Certificate", cert)) + } + + return cert, nil +} + func (r *Reconciler) reconcileAddress(ctx context.Context, sink *sinks.IntegrationSink) error { featureFlags := feature.FromContext(ctx) if featureFlags.IsPermissiveTransportEncryption() { - caCerts, err := r.getCaCerts() + caCerts, err := r.getCaCerts(sink) if err != nil { return err } @@ -175,7 +213,7 @@ func (r *Reconciler) reconcileAddress(ctx context.Context, sink *sinks.Integrati // - status.address https address with path-based routing // - status.addresses: // - https address with path-based routing - caCerts, err := r.getCaCerts() + caCerts, err := r.getCaCerts(sink) if err != nil { return err } @@ -209,11 +247,10 @@ func (r *Reconciler) reconcileAddress(ctx context.Context, sink *sinks.Integrati return nil } -func (r *Reconciler) getCaCerts() (*string, error) { - // Getting the secret called "imc-dispatcher-tls" from system namespace - secret, err := r.secretLister.Secrets(r.systemNamespace).Get(eventingtls.IntegrationSinkDispatcherServerTLSSecretName) +func (r *Reconciler) getCaCerts(sink *sinks.IntegrationSink) (*string, error) { + secret, err := r.secretLister.Secrets(sink.Namespace).Get(resources.CertificateName(sink)) if err != nil { - return nil, fmt.Errorf("failed to get CA certs from %s/%s: %w", r.systemNamespace, eventingtls.IntegrationSinkDispatcherServerTLSSecretName, err) + return nil, fmt.Errorf("failed to get CA certs from %s/%s: %w", sink.Namespace, resources.CertificateName(sink), err) } caCerts, ok := secret.Data[eventingtls.SecretCACert] if !ok { diff --git a/pkg/reconciler/integration/sink/integrationsink_test.go b/pkg/reconciler/integration/sink/integrationsink_test.go index 8bb0be6f67f..59697487d51 100644 --- a/pkg/reconciler/integration/sink/integrationsink_test.go +++ b/pkg/reconciler/integration/sink/integrationsink_test.go @@ -152,7 +152,6 @@ func TestReconcile(t *testing.T) { serviceLister: listers.GetServiceLister(), secretLister: listers.GetSecretLister(), eventPolicyLister: listers.GetEventPolicyLister(), - systemNamespace: testNS, } return integrationsink.NewReconciler(ctx, logging.FromContext(ctx), fakeeventingclient.Get(ctx), listers.GetIntegrationSinkLister(), controller.GetEventRecorder(ctx), r) @@ -205,11 +204,18 @@ func makeDeployment(sink *sinksv1alpha1.IntegrationSink, ready *corev1.Condition Name: "sink", Image: "gcr.io/knative-nightly/log-sink:latest", ImagePullPolicy: corev1.PullIfNotPresent, - Ports: []corev1.ContainerPort{{ - ContainerPort: 8080, - Protocol: corev1.ProtocolTCP, - Name: "http", - }}, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8080, + Protocol: corev1.ProtocolTCP, + Name: "http", + }, + { + ContainerPort: 8443, + Protocol: corev1.ProtocolTCP, + Name: "https", + }, + }, Env: []corev1.EnvVar{ { Name: "CAMEL_KAMELET_LOG_SINK_LEVEL", @@ -295,6 +301,12 @@ func makeService(name, namespace string) *corev1.Service { Port: 80, TargetPort: intstr.IntOrString{IntVal: 8080}, }, + { + Name: "https", + Protocol: corev1.ProtocolTCP, + Port: 443, + TargetPort: intstr.IntOrString{IntVal: 8443}, + }, }, Selector: integration.Labels(sinkName), }, diff --git a/pkg/reconciler/integration/sink/resources/certificate.go b/pkg/reconciler/integration/sink/resources/certificate.go new file mode 100644 index 00000000000..cb1da713432 --- /dev/null +++ b/pkg/reconciler/integration/sink/resources/certificate.go @@ -0,0 +1,75 @@ +/* +Copyright 2024 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package resources + +import ( + "fmt" + "time" + + cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + "knative.dev/pkg/kmeta" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "knative.dev/eventing/pkg/apis/sinks/v1alpha1" +) + +func MakeCertificate(sink *v1alpha1.IntegrationSink) *cmv1.Certificate { + return &cmv1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: CertificateName(sink), + Namespace: sink.Namespace, + OwnerReferences: []metav1.OwnerReference{ + *kmeta.NewControllerRef(sink), + }, + }, + Spec: cmv1.CertificateSpec{ + SecretName: CertificateName(sink), + SecretTemplate: &cmv1.CertificateSecretTemplate{ + Labels: map[string]string{ + "app.kubernetes.io/component": "knative-eventing", + "app.kubernetes.io/name": "integration-sink", + }, + }, + Duration: &metav1.Duration{ + Duration: 90 * 24 * time.Hour, // 90 days + }, + RenewBefore: &metav1.Duration{ + Duration: 15 * 24 * time.Hour, // 15 days + }, + + Subject: &cmv1.X509Subject{ + Organizations: []string{"local"}, + }, + PrivateKey: &cmv1.CertificatePrivateKey{ + Algorithm: cmv1.RSAKeyAlgorithm, + Encoding: cmv1.PKCS1, + Size: 2048, + RotationPolicy: cmv1.RotationPolicyAlways, + }, + DNSNames: []string{ + fmt.Sprintf("%s.%s.svc.cluster.local", DeploymentName(sink), sink.Namespace), + fmt.Sprintf("%s.%s.svc", DeploymentName(sink), sink.Namespace), + }, + IssuerRef: cmmeta.ObjectReference{ + Name: "knative-eventing-ca-issuer", + Kind: "ClusterIssuer", + Group: "cert-manager.io", + }, + }, + } +} diff --git a/pkg/reconciler/integration/sink/resources/container_image.go b/pkg/reconciler/integration/sink/resources/container_image.go index 65091c17596..916452f4201 100644 --- a/pkg/reconciler/integration/sink/resources/container_image.go +++ b/pkg/reconciler/integration/sink/resources/container_image.go @@ -22,6 +22,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" commonv1a1 "knative.dev/eventing/pkg/apis/common/integration/v1alpha1" + "knative.dev/eventing/pkg/apis/feature" "knative.dev/eventing/pkg/apis/sinks/v1alpha1" "knative.dev/eventing/pkg/reconciler/integration" "knative.dev/pkg/kmeta" @@ -34,7 +35,8 @@ var sinkImageMap = map[string]string{ "aws-sns": "gcr.io/knative-nightly/aws-sns-sink:latest", } -func MakeDeploymentSpec(sink *v1alpha1.IntegrationSink) *appsv1.Deployment { +func MakeDeploymentSpec(sink *v1alpha1.IntegrationSink, featureFlags feature.Flags) *appsv1.Deployment { + t := true deploy := &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ @@ -58,17 +60,41 @@ func MakeDeploymentSpec(sink *v1alpha1.IntegrationSink) *appsv1.Deployment { Labels: integration.Labels(sink.Name), }, Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + { + Name: CertificateName(sink), + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: CertificateName(sink), + Optional: &t, + }, + }, + }, + }, Containers: []corev1.Container{ { Name: "sink", Image: selectImage(sink), ImagePullPolicy: corev1.PullIfNotPresent, - Ports: []corev1.ContainerPort{{ - ContainerPort: 8080, - Protocol: corev1.ProtocolTCP, - Name: "http", - }}, - Env: makeEnv(sink), + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8080, + Protocol: corev1.ProtocolTCP, + Name: "http", + }, + { + ContainerPort: 8443, + Protocol: corev1.ProtocolTCP, + Name: "https", + }}, + Env: makeEnv(sink, featureFlags), + VolumeMounts: []corev1.VolumeMount{ + { + Name: CertificateName(sink), + MountPath: "/etc/" + CertificateName(sink), + ReadOnly: true, + }, + }, }, }, }, @@ -102,18 +128,44 @@ func MakeService(sink *v1alpha1.IntegrationSink) *corev1.Service { Port: 80, TargetPort: intstr.IntOrString{IntVal: 8080}, }, + { + Name: "https", + Protocol: corev1.ProtocolTCP, + Port: 443, + TargetPort: intstr.IntOrString{IntVal: 8443}, + }, }, }, } } -func DeploymentName(sink *v1alpha1.IntegrationSink) string { - return kmeta.ChildName(sink.Name, "-deployment") -} - -func makeEnv(sink *v1alpha1.IntegrationSink) []corev1.EnvVar { +func makeEnv(sink *v1alpha1.IntegrationSink, featureFlags feature.Flags) []corev1.EnvVar { var envVars []corev1.EnvVar + // Transport encryption environment variables + if !featureFlags.IsDisabledTransportEncryption() { + envVars = append(envVars, []corev1.EnvVar{ + { + Name: "QUARKUS_HTTP_SSL_CERTIFICATE_FILES", + Value: "/etc/" + CertificateName(sink) + "/tls.crt", + }, + { + Name: "QUARKUS_HTTP_SSL_CERTIFICATE_KEY-FILES", + Value: "/etc/" + CertificateName(sink) + "/tls.key", + }, + }...) + } + + // No HTTP with strict TLS + if featureFlags.IsStrictTransportEncryption() { + envVars = append(envVars, []corev1.EnvVar{ + { + Name: "QUARKUS_HTTP_INSECURE_REQUESTS", + Value: "disabled", + }, + }...) + } + // Log environment variables if sink.Spec.Log != nil { envVars = append(envVars, integration.GenerateEnvVarsFromStruct("CAMEL_KAMELET_LOG_SINK", *sink.Spec.Log)...) diff --git a/pkg/reconciler/integration/sink/resources/names.go b/pkg/reconciler/integration/sink/resources/names.go new file mode 100644 index 00000000000..2dbe721b4b5 --- /dev/null +++ b/pkg/reconciler/integration/sink/resources/names.go @@ -0,0 +1,30 @@ +/* + Copyright 2024 The Knative Authors + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package resources + +import ( + "knative.dev/eventing/pkg/apis/sinks/v1alpha1" + "knative.dev/pkg/kmeta" +) + +func CertificateName(sink *v1alpha1.IntegrationSink) string { + return kmeta.ChildName(sink.Name, "-server-tls") +} + +func DeploymentName(sink *v1alpha1.IntegrationSink) string { + return kmeta.ChildName(sink.Name, "-deployment") +} diff --git a/test/rekt/integration_sink_test.go b/test/rekt/integration_sink_test.go index a05b38a1995..249c36b921e 100644 --- a/test/rekt/integration_sink_test.go +++ b/test/rekt/integration_sink_test.go @@ -25,6 +25,7 @@ import ( "knative.dev/eventing/test/rekt/features/integrationsink" "knative.dev/pkg/system" "knative.dev/reconciler-test/pkg/environment" + "knative.dev/reconciler-test/pkg/eventshub" "knative.dev/reconciler-test/pkg/k8s" "knative.dev/reconciler-test/pkg/knative" ) @@ -42,3 +43,18 @@ func TestIntegrationSinkSuccess(t *testing.T) { env.Test(ctx, t, integrationsink.Success()) } + +func TestIntegrationSinkSuccessTLS(t *testing.T) { + t.Parallel() + + ctx, env := global.Environment( + knative.WithKnativeNamespace(system.Namespace()), + knative.WithLoggingConfig, + knative.WithTracingConfig, + k8s.WithEventListener, + eventshub.WithTLS(t), + environment.Managed(t), + ) + + env.Test(ctx, t, integrationsink.SuccessTLS()) +} diff --git a/vendor/github.com/cert-manager/cert-manager/LICENSE b/vendor/github.com/cert-manager/cert-manager/LICENSE new file mode 100644 index 00000000000..d6456956733 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/cert-manager/cert-manager/LICENSES b/vendor/github.com/cert-manager/cert-manager/LICENSES new file mode 100644 index 00000000000..22764fe9def --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/LICENSES @@ -0,0 +1,169 @@ +cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.2.3/compute/metadata/LICENSE,Apache-2.0 +github.com/Azure/azure-sdk-for-go,https://github.com/Azure/azure-sdk-for-go/blob/v68.0.0/LICENSE.txt,MIT +github.com/Azure/go-autorest/autorest,https://github.com/Azure/go-autorest/blob/autorest/v0.11.29/autorest/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/autorest/adal,https://github.com/Azure/go-autorest/blob/autorest/adal/v0.9.23/autorest/adal/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/autorest/date,https://github.com/Azure/go-autorest/blob/autorest/date/v0.3.0/autorest/date/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/autorest/to,https://github.com/Azure/go-autorest/blob/autorest/to/v0.4.0/autorest/to/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/autorest/validation,https://github.com/Azure/go-autorest/blob/autorest/validation/v0.3.1/autorest/validation/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/logger,https://github.com/Azure/go-autorest/blob/logger/v0.2.1/logger/LICENSE,Apache-2.0 +github.com/Azure/go-autorest/tracing,https://github.com/Azure/go-autorest/blob/tracing/v0.6.0/tracing/LICENSE,Apache-2.0 +github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT +github.com/NYTimes/gziphandler,https://github.com/NYTimes/gziphandler/blob/v1.1.1/LICENSE,Apache-2.0 +github.com/Venafi/vcert/v4,https://github.com/Venafi/vcert/blob/69f417ae176d/LICENSE,Apache-2.0 +github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0 +github.com/antlr/antlr4/runtime/Go/antlr/v4,https://github.com/antlr/antlr4/blob/8188dc5388df/runtime/Go/antlr/v4/LICENSE,BSD-3-Clause +github.com/asaskevich/govalidator,https://github.com/asaskevich/govalidator/blob/21a406dcc535/LICENSE,MIT +github.com/aws/aws-sdk-go,https://github.com/aws/aws-sdk-go/blob/v1.45.7/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go/internal/sync/singleflight,https://github.com/aws/aws-sdk-go/blob/v1.45.7/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT +github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT +github.com/cenkalti/backoff/v3,https://github.com/cenkalti/backoff/blob/v3.2.2/LICENSE,MIT +github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.2.1/LICENSE,MIT +github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/azuredns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/azuredns/LICENSE,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/clouddns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/clouddns/LICENSE,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/cloudflare,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/cloudflare/LICENSE,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/route53,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/route53/LICENSE,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/util/LICENSE,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/coreos/go-semver/semver,https://github.com/coreos/go-semver/blob/v0.3.1/LICENSE,Apache-2.0 +github.com/coreos/go-systemd/v22,https://github.com/coreos/go-systemd/blob/v22.5.0/LICENSE,Apache-2.0 +github.com/cpu/goacmedns,https://github.com/cpu/goacmedns/blob/v0.1.1/LICENSE,MIT +github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC +github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.102.1/LICENSE.txt,MIT +github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.102.1/LICENSE.txt,BSD-3-Clause +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.0/LICENSE,MIT +github.com/evanphx/json-patch,https://github.com/evanphx/json-patch/blob/v5.6.0/LICENSE,BSD-3-Clause +github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.6.0/v5/LICENSE,BSD-3-Clause +github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT +github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.6.0/LICENSE,BSD-3-Clause +github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.4/LICENSE,MIT +github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.1/LICENSE,Apache-2.0 +github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.1/json/LICENSE,BSD-3-Clause +github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.5/v3/LICENSE,MIT +github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.3.0/LICENSE,Apache-2.0 +github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 +github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.2.4/LICENSE,Apache-2.0 +github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.19.6/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.2/LICENSE,Apache-2.0 +github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.3/LICENSE,Apache-2.0 +github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause +github.com/golang-jwt/jwt/v4,https://github.com/golang-jwt/jwt/blob/v4.5.0/LICENSE,MIT +github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 +github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause +github.com/golang/snappy,https://github.com/golang/snappy/blob/v0.0.4/LICENSE,BSD-3-Clause +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.16.0/LICENSE,Apache-2.0 +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.16.0/LICENSE,BSD-3-Clause +github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 +github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause +github.com/google/go-querystring/query,https://github.com/google/go-querystring/blob/v1.1.0/LICENSE,BSD-3-Clause +github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 +github.com/google/s2a-go,https://github.com/google/s2a-go/blob/v0.1.7/LICENSE.md,Apache-2.0 +github.com/google/uuid,https://github.com/google/uuid/blob/v1.3.1/LICENSE,BSD-3-Clause +github.com/googleapis/enterprise-certificate-proxy/client,https://github.com/googleapis/enterprise-certificate-proxy/blob/v0.2.5/LICENSE,Apache-2.0 +github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/v2.12.0/v2/LICENSE,BSD-3-Clause +github.com/grpc-ecosystem/go-grpc-prometheus,https://github.com/grpc-ecosystem/go-grpc-prometheus/blob/v1.2.0/LICENSE,Apache-2.0 +github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.16.0/LICENSE.txt,BSD-3-Clause +github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 +github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 +github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.4/LICENSE,MPL-2.0 +github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 +github.com/hashicorp/go-secure-stdlib/parseutil,https://github.com/hashicorp/go-secure-stdlib/blob/parseutil/v0.1.7/parseutil/LICENSE,MPL-2.0 +github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 +github.com/hashicorp/go-sockaddr,https://github.com/hashicorp/go-sockaddr/blob/v1.0.2/LICENSE,MPL-2.0 +github.com/hashicorp/hcl,https://github.com/hashicorp/hcl/blob/v1.0.1-vault-5/LICENSE,MPL-2.0 +github.com/hashicorp/vault/api,https://github.com/hashicorp/vault/blob/api/v1.10.0/api/LICENSE,MPL-2.0 +github.com/hashicorp/vault/sdk/helper,https://github.com/hashicorp/vault/blob/sdk/v0.10.0/sdk/LICENSE,MPL-2.0 +github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.13/LICENSE,BSD-3-Clause +github.com/jmespath/go-jmespath,https://github.com/jmespath/go-jmespath/blob/b0104c826a24/LICENSE,Apache-2.0 +github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT +github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LICENSE,MIT +github.com/kr/pretty,https://github.com/kr/pretty/blob/v0.3.1/License,MIT +github.com/kr/text,https://github.com/kr/text/blob/v0.2.0/License,MIT +github.com/mailru/easyjson,https://github.com/mailru/easyjson/blob/v0.7.7/LICENSE,MIT +github.com/matttproud/golang_protobuf_extensions/pbutil,https://github.com/matttproud/golang_protobuf_extensions/blob/v1.0.4/LICENSE,Apache-2.0 +github.com/miekg/dns,https://github.com/miekg/dns/blob/v1.1.55/LICENSE,BSD-3-Clause +github.com/mitchellh/go-homedir,https://github.com/mitchellh/go-homedir/blob/v1.1.0/LICENSE,MIT +github.com/mitchellh/mapstructure,https://github.com/mitchellh/mapstructure/blob/v1.5.0/LICENSE,MIT +github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0 +github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0 +github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause +github.com/patrickmn/go-cache,https://github.com/patrickmn/go-cache/blob/v2.1.0/LICENSE,MIT +github.com/pavlo-v-chernykh/keystore-go/v4,https://github.com/pavlo-v-chernykh/keystore-go/blob/v4.5.0/LICENSE,MIT +github.com/pierrec/lz4,https://github.com/pierrec/lz4/blob/v2.6.1/LICENSE,BSD-3-Clause +github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause +github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.16.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.4.0/LICENSE,Apache-2.0 +github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.44.0/LICENSE,Apache-2.0 +github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.44.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.10.1/LICENSE,Apache-2.0 +github.com/rogpeppe/go-internal/fmtsort,https://github.com/rogpeppe/go-internal/blob/v1.11.0/LICENSE,BSD-3-Clause +github.com/ryanuber/go-glob,https://github.com/ryanuber/go-glob/blob/v1.0.0/LICENSE,MIT +github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.9.3/LICENSE,MIT +github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.7.0/LICENSE.txt,Apache-2.0 +github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause +github.com/stoewer/go-strcase,https://github.com/stoewer/go-strcase/blob/v1.2.0/LICENSE,MIT +github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/1326539a0a0a/LICENSE,MIT +go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.9/api/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.9/client/pkg/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.9/client/v3/LICENSE,Apache-2.0 +go.opencensus.io,https://github.com/census-instrumentation/opencensus-go/blob/v0.24.0/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.46.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.46.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 +go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.20.0/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.20.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.20.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.20.0/metric/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.20.0/sdk/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.20.0/trace/LICENSE,Apache-2.0 +go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.0.0/otlp/LICENSE,Apache-2.0 +go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.25.0/LICENSE.txt,MIT +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.14.0:LICENSE,BSD-3-Clause +golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/92128663:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.12.0:LICENSE,BSD-3-Clause +golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.3.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.14.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.13.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.13.0:LICENSE,BSD-3-Clause +golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.3.0:LICENSE,BSD-3-Clause +gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 +google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.140.0/LICENSE,BSD-3-Clause +google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.140.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause +google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/b8732ec3820d/googleapis/api/LICENSE,Apache-2.0 +google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/2d3300fd4832/googleapis/rpc/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.59.0/LICENSE,Apache-2.0 +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.31.0/LICENSE,BSD-3-Clause +gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause +gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.62.0/LICENSE,Apache-2.0 +gopkg.in/natefinch/lumberjack.v2,https://github.com/natefinch/lumberjack/blob/v2.2.1/LICENSE,MIT +gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 +gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT +k8s.io/api,https://github.com/kubernetes/api/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.28.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.100.1/LICENSE,Apache-2.0 +k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.28.1/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/pkg/validation/errors/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/d090da108d2f/pkg/validation/strfmt/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/3b25d923346b/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/3b25d923346b/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.1.2/konnectivity-client/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.16.1/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v0.8.0/LICENSE,Apache-2.0 +sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 +sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause +sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.3.0/LICENSE,Apache-2.0 +sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,MIT +sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,BSD-3-Clause +software.sslmate.com/src/go-pkcs12,https://github.com/SSLMate/go-pkcs12/blob/v0.2.1/LICENSE,BSD-3-Clause diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/doc.go new file mode 100644 index 00000000000..745de66dc2e --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +groupName=acme.cert-manager.io + +// Package acme contains types in the acme cert-manager API group +package acme + +const GroupName = "acme.cert-manager.io" diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/const.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/const.go new file mode 100644 index 00000000000..287ed2f6d7d --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/const.go @@ -0,0 +1,21 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +const ( + ACMEFinalizer = "finalizer.acme.cert-manager.io" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go new file mode 100644 index 00000000000..92b6583d629 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1 is the v1 version of the API. +// +k8s:deepcopy-gen=package,register +// +groupName=acme.cert-manager.io +package v1 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/register.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/register.go new file mode 100644 index 00000000000..e36ef7cf216 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/register.go @@ -0,0 +1,58 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + "github.com/cert-manager/cert-manager/pkg/apis/acme" +) + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: acme.GroupName, Version: "v1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &Order{}, + &OrderList{}, + &Challenge{}, + &ChallengeList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go new file mode 100644 index 00000000000..edfc16f1e65 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go @@ -0,0 +1,57 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +const ( + // ACMECertificateHTTP01IngressNameOverride is annotation to override ingress name. + // If this annotation is specified on a Certificate or Order resource when + // using the HTTP01 solver type, the ingress.name field of the HTTP01 + // solver's configuration will be set to the value given here. + // This is especially useful for users of Ingress controllers that maintain + // a 1:1 mapping between endpoint IP and Ingress resource. + ACMECertificateHTTP01IngressNameOverride = "acme.cert-manager.io/http01-override-ingress-name" + + // ACMECertificateHTTP01IngressClassOverride is annotation to override ingress class. + // If this annotation is specified on a Certificate or Order resource when + // using the HTTP01 solver type, the ingress.class field of the HTTP01 + // solver's configuration will be set to the value given here. + // This is especially useful for users deploying many different ingress + // classes into a single cluster that want to be able to re-use a single + // solver for each ingress class. + ACMECertificateHTTP01IngressClassOverride = "acme.cert-manager.io/http01-override-ingress-class" + + // IngressEditInPlaceAnnotationKey is used to toggle the use of ingressClass instead + // of ingress on the created Certificate resource + IngressEditInPlaceAnnotationKey = "acme.cert-manager.io/http01-edit-in-place" + + // DomainLabelKey is added to the labels of a Pod serving an ACME challenge. + // Its value will be the hash of the domain name that is being verified. + DomainLabelKey = "acme.cert-manager.io/http-domain" + + // TokenLabelKey is added to the labels of a Pod serving an ACME challenge. + // Its value will be the hash of the challenge token that is being served by the pod. + TokenLabelKey = "acme.cert-manager.io/http-token" + + // SolverIdentificationLabelKey is added to the labels of a Pod serving an ACME challenge. + // Its value will be the "true" if the Pod is an HTTP-01 solver. + SolverIdentificationLabelKey = "acme.cert-manager.io/http01-solver" +) + +const ( + OrderKind = "Order" + ChallengeKind = "Challenge" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go new file mode 100644 index 00000000000..cfc4f241429 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go @@ -0,0 +1,146 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// Challenge is a type to represent a Challenge request with an ACME server +// +k8s:openapi-gen=true +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state" +// +kubebuilder:printcolumn:name="Domain",type="string",JSONPath=".spec.dnsName" +// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason",description="",priority=1 +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=challenges +type Challenge struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + + Spec ChallengeSpec `json:"spec"` + // +optional + Status ChallengeStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ChallengeList is a list of Challenges +type ChallengeList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []Challenge `json:"items"` +} + +type ChallengeSpec struct { + // The URL of the ACME Challenge resource for this challenge. + // This can be used to lookup details about the status of this challenge. + URL string `json:"url"` + + // The URL to the ACME Authorization resource that this + // challenge is a part of. + AuthorizationURL string `json:"authorizationURL"` + + // dnsName is the identifier that this challenge is for, e.g. example.com. + // If the requested DNSName is a 'wildcard', this field MUST be set to the + // non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + DNSName string `json:"dnsName"` + + // wildcard will be true if this challenge is for a wildcard identifier, + // for example '*.example.com'. + // +optional + Wildcard bool `json:"wildcard"` + + // The type of ACME challenge this resource represents. + // One of "HTTP-01" or "DNS-01". + Type ACMEChallengeType `json:"type"` + + // The ACME challenge token for this challenge. + // This is the raw value returned from the ACME server. + Token string `json:"token"` + + // The ACME challenge key for this challenge + // For HTTP01 challenges, this is the value that must be responded with to + // complete the HTTP01 challenge in the format: + // `.`. + // For DNS01 challenges, this is the base64 encoded SHA256 sum of the + // `.` + // text that must be set as the TXT record content. + Key string `json:"key"` + + // Contains the domain solving configuration that should be used to + // solve this challenge resource. + Solver ACMEChallengeSolver `json:"solver"` + + // References a properly configured ACME-type Issuer which should + // be used to create this Challenge. + // If the Issuer does not exist, processing will be retried. + // If the Issuer is not an 'ACME' Issuer, an error will be returned and the + // Challenge will be marked as failed. + IssuerRef cmmeta.ObjectReference `json:"issuerRef"` +} + +// The type of ACME challenge. Only HTTP-01 and DNS-01 are supported. +// +kubebuilder:validation:Enum=HTTP-01;DNS-01 +type ACMEChallengeType string + +const ( + // ACMEChallengeTypeHTTP01 denotes a Challenge is of type http-01 + // More info: https://letsencrypt.org/docs/challenge-types/#http-01-challenge + ACMEChallengeTypeHTTP01 ACMEChallengeType = "HTTP-01" + + // ACMEChallengeTypeDNS01 denotes a Challenge is of type dns-01 + // More info: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge + ACMEChallengeTypeDNS01 ACMEChallengeType = "DNS-01" +) + +type ChallengeStatus struct { + // Used to denote whether this challenge should be processed or not. + // This field will only be set to true by the 'scheduling' component. + // It will only be set to false by the 'challenges' controller, after the + // challenge has reached a final state or timed out. + // If this field is set to false, the challenge controller will not take + // any more action. + // +optional + Processing bool `json:"processing"` + + // presented will be set to true if the challenge values for this challenge + // are currently 'presented'. + // This *does not* imply the self check is passing. Only that the values + // have been 'submitted' for the appropriate challenge mechanism (i.e. the + // DNS01 TXT record has been presented, or the HTTP01 configuration has been + // configured). + // +optional + Presented bool `json:"presented"` + + // Contains human readable information on why the Challenge is in the + // current state. + // +optional + Reason string `json:"reason,omitempty"` + + // Contains the current 'state' of the challenge. + // If not set, the state of the challenge is unknown. + // +optional + State State `json:"state,omitempty"` +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go new file mode 100644 index 00000000000..9f663280cbc --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go @@ -0,0 +1,650 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + gwapi "sigs.k8s.io/gateway-api/apis/v1beta1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// ACMEIssuer contains the specification for an ACME issuer. +// This uses the RFC8555 specification to obtain certificates by completing +// 'challenges' to prove ownership of domain identifiers. +// Earlier draft versions of the ACME specification are not supported. +type ACMEIssuer struct { + // Email is the email address to be associated with the ACME account. + // This field is optional, but it is strongly recommended to be set. + // It will be used to contact you in case of issues with your account or + // certificates, including expiry notification emails. + // This field may be updated after the account is initially registered. + // +optional + Email string `json:"email,omitempty"` + + // Server is the URL used to access the ACME server's 'directory' endpoint. + // For example, for Let's Encrypt's staging endpoint, you would use: + // "https://acme-staging-v02.api.letsencrypt.org/directory". + // Only ACME v2 endpoints (i.e. RFC 8555) are supported. + Server string `json:"server"` + + // PreferredChain is the chain to use if the ACME server outputs multiple. + // PreferredChain is no guarantee that this one gets delivered by the ACME + // endpoint. + // For example, for Let's Encrypt's DST crosssign you would use: + // "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. + // This value picks the first certificate bundle in the ACME alternative + // chains that has a certificate with this value as its issuer's CN + // +optional + // +kubebuilder:validation:MaxLength=64 + PreferredChain string `json:"preferredChain,omitempty"` + + // Base64-encoded bundle of PEM CAs which can be used to validate the certificate + // chain presented by the ACME server. + // Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various + // kinds of security vulnerabilities. + // If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + // the container is used to validate the TLS connection. + // +optional + CABundle []byte `json:"caBundle,omitempty"` + + // INSECURE: Enables or disables validation of the ACME server TLS certificate. + // If true, requests to the ACME server will not have the TLS certificate chain + // validated. + // Mutually exclusive with CABundle; prefer using CABundle to prevent various + // kinds of security vulnerabilities. + // Only enable this option in development environments. + // If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + // the container is used to validate the TLS connection. + // Defaults to false. + // +optional + SkipTLSVerify bool `json:"skipTLSVerify,omitempty"` + + // ExternalAccountBinding is a reference to a CA external account of the ACME + // server. + // If set, upon registration cert-manager will attempt to associate the given + // external account credentials with the registered ACME account. + // +optional + ExternalAccountBinding *ACMEExternalAccountBinding `json:"externalAccountBinding,omitempty"` + + // PrivateKey is the name of a Kubernetes Secret resource that will be used to + // store the automatically generated ACME account private key. + // Optionally, a `key` may be specified to select a specific entry within + // the named Secret resource. + // If `key` is not specified, a default of `tls.key` will be used. + PrivateKey cmmeta.SecretKeySelector `json:"privateKeySecretRef"` + + // Solvers is a list of challenge solvers that will be used to solve + // ACME challenges for the matching domains. + // Solver configurations must be provided in order to obtain certificates + // from an ACME server. + // For more information, see: https://cert-manager.io/docs/configuration/acme/ + // +optional + Solvers []ACMEChallengeSolver `json:"solvers,omitempty"` + + // Enables or disables generating a new ACME account key. + // If true, the Issuer resource will *not* request a new account but will expect + // the account key to be supplied via an existing secret. + // If false, the cert-manager system will generate a new ACME account key + // for the Issuer. + // Defaults to false. + // +optional + DisableAccountKeyGeneration bool `json:"disableAccountKeyGeneration,omitempty"` + + // Enables requesting a Not After date on certificates that matches the + // duration of the certificate. This is not supported by all ACME servers + // like Let's Encrypt. If set to true when the ACME server does not support + // it it will create an error on the Order. + // Defaults to false. + // +optional + EnableDurationFeature bool `json:"enableDurationFeature,omitempty"` +} + +// ACMEExternalAccountBinding is a reference to a CA external account of the ACME +// server. +type ACMEExternalAccountBinding struct { + // keyID is the ID of the CA key that the External Account is bound to. + KeyID string `json:"keyID"` + + // keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes + // Secret which holds the symmetric MAC key of the External Account Binding. + // The `key` is the index string that is paired with the key data in the + // Secret and should not be confused with the key data itself, or indeed with + // the External Account Binding keyID above. + // The secret key stored in the Secret **must** be un-padded, base64 URL + // encoded data. + Key cmmeta.SecretKeySelector `json:"keySecretRef"` + + // Deprecated: keyAlgorithm field exists for historical compatibility + // reasons and should not be used. The algorithm is now hardcoded to HS256 + // in golang/x/crypto/acme. + // +optional + KeyAlgorithm HMACKeyAlgorithm `json:"keyAlgorithm,omitempty"` +} + +// HMACKeyAlgorithm is the name of a key algorithm used for HMAC encryption +// +kubebuilder:validation:Enum=HS256;HS384;HS512 +type HMACKeyAlgorithm string + +const ( + HS256 HMACKeyAlgorithm = "HS256" + HS384 HMACKeyAlgorithm = "HS384" + HS512 HMACKeyAlgorithm = "HS512" +) + +// An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. +// A selector may be provided to use different solving strategies for different DNS names. +// Only one of HTTP01 or DNS01 must be provided. +type ACMEChallengeSolver struct { + // Selector selects a set of DNSNames on the Certificate resource that + // should be solved using this challenge solver. + // If not specified, the solver will be treated as the 'default' solver + // with the lowest priority, i.e. if any other solver has a more specific + // match, it will be used instead. + // +optional + Selector *CertificateDNSNameSelector `json:"selector,omitempty"` + + // Configures cert-manager to attempt to complete authorizations by + // performing the HTTP01 challenge flow. + // It is not possible to obtain certificates for wildcard domain names + // (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + // +optional + HTTP01 *ACMEChallengeSolverHTTP01 `json:"http01,omitempty"` + + // Configures cert-manager to attempt to complete authorizations by + // performing the DNS01 challenge flow. + // +optional + DNS01 *ACMEChallengeSolverDNS01 `json:"dns01,omitempty"` +} + +// CertificateDNSNameSelector selects certificates using a label selector, and +// can optionally select individual DNS names within those certificates. +// If both MatchLabels and DNSNames are empty, this selector will match all +// certificates and DNS names within them. +type CertificateDNSNameSelector struct { + // A label selector that is used to refine the set of certificate's that + // this challenge solver will apply to. + // +optional + MatchLabels map[string]string `json:"matchLabels,omitempty"` + + // List of DNSNames that this solver will be used to solve. + // If specified and a match is found, a dnsNames selector will take + // precedence over a dnsZones selector. + // If multiple solvers match with the same dnsNames value, the solver + // with the most matching labels in matchLabels will be selected. + // If neither has more matches, the solver defined earlier in the list + // will be selected. + // +optional + DNSNames []string `json:"dnsNames,omitempty"` + + // List of DNSZones that this solver will be used to solve. + // The most specific DNS zone match specified here will take precedence + // over other DNS zone matches, so a solver specifying sys.example.com + // will be selected over one specifying example.com for the domain + // www.sys.example.com. + // If multiple solvers match with the same dnsZones value, the solver + // with the most matching labels in matchLabels will be selected. + // If neither has more matches, the solver defined earlier in the list + // will be selected. + // +optional + DNSZones []string `json:"dnsZones,omitempty"` +} + +// ACMEChallengeSolverHTTP01 contains configuration detailing how to solve +// HTTP01 challenges within a Kubernetes cluster. +// Typically this is accomplished through creating 'routes' of some description +// that configure ingress controllers to direct traffic to 'solver pods', which +// are responsible for responding to the ACME server's HTTP requests. +// Only one of Ingress / Gateway can be specified. +type ACMEChallengeSolverHTTP01 struct { + // The ingress based HTTP01 challenge solver will solve challenges by + // creating or modifying Ingress resources in order to route requests for + // '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are + // provisioned by cert-manager for each Challenge to be completed. + // +optional + Ingress *ACMEChallengeSolverHTTP01Ingress `json:"ingress,omitempty"` + + // The Gateway API is a sig-network community API that models service networking + // in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will + // create HTTPRoutes with the specified labels in the same namespace as the challenge. + // This solver is experimental, and fields / behaviour may change in the future. + // +optional + GatewayHTTPRoute *ACMEChallengeSolverHTTP01GatewayHTTPRoute `json:"gatewayHTTPRoute,omitempty"` +} + +type ACMEChallengeSolverHTTP01Ingress struct { + // Optional service type for Kubernetes solver service. Supported values + // are NodePort or ClusterIP. If unset, defaults to NodePort. + // +optional + ServiceType corev1.ServiceType `json:"serviceType,omitempty"` + + // This field configures the field `ingressClassName` on the created Ingress + // resources used to solve ACME challenges that use this challenge solver. + // This is the recommended way of configuring the ingress class. Only one of + // `class`, `name` or `ingressClassName` may be specified. + // +optional + IngressClassName *string `json:"ingressClassName,omitempty"` + + // This field configures the annotation `kubernetes.io/ingress.class` when + // creating Ingress resources to solve ACME challenges that use this + // challenge solver. Only one of `class`, `name` or `ingressClassName` may + // be specified. + // +optional + Class *string `json:"class,omitempty"` + + // The name of the ingress resource that should have ACME challenge solving + // routes inserted into it in order to solve HTTP01 challenges. + // This is typically used in conjunction with ingress controllers like + // ingress-gce, which maintains a 1:1 mapping between external IPs and + // ingress resources. Only one of `class`, `name` or `ingressClassName` may + // be specified. + // +optional + Name string `json:"name,omitempty"` + + // Optional pod template used to configure the ACME challenge solver pods + // used for HTTP01 challenges. + // +optional + PodTemplate *ACMEChallengeSolverHTTP01IngressPodTemplate `json:"podTemplate,omitempty"` + + // Optional ingress template used to configure the ACME challenge solver + // ingress used for HTTP01 challenges. + // +optional + IngressTemplate *ACMEChallengeSolverHTTP01IngressTemplate `json:"ingressTemplate,omitempty"` +} + +// The ACMEChallengeSolverHTTP01GatewayHTTPRoute solver will create HTTPRoute objects for a Gateway class +// routing to an ACME challenge solver pod. +type ACMEChallengeSolverHTTP01GatewayHTTPRoute struct { + // Optional service type for Kubernetes solver service. Supported values + // are NodePort or ClusterIP. If unset, defaults to NodePort. + // +optional + ServiceType corev1.ServiceType `json:"serviceType,omitempty"` + + // Custom labels that will be applied to HTTPRoutes created by cert-manager + // while solving HTTP-01 challenges. + // +optional + Labels map[string]string `json:"labels,omitempty"` + + // When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. + // cert-manager needs to know which parentRefs should be used when creating + // the HTTPRoute. Usually, the parentRef references a Gateway. See: + // https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + ParentRefs []gwapi.ParentReference `json:"parentRefs,omitempty"` +} + +type ACMEChallengeSolverHTTP01IngressPodTemplate struct { + // ObjectMeta overrides for the pod used to solve HTTP01 challenges. + // Only the 'labels' and 'annotations' fields may be set. + // If labels or annotations overlap with in-built values, the values here + // will override the in-built values. + // +optional + ACMEChallengeSolverHTTP01IngressPodObjectMeta `json:"metadata"` + + // PodSpec defines overrides for the HTTP01 challenge solver pod. + // Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. + // All other fields will be ignored. + // +optional + Spec ACMEChallengeSolverHTTP01IngressPodSpec `json:"spec"` +} + +type ACMEChallengeSolverHTTP01IngressPodObjectMeta struct { + // Annotations that should be added to the create ACME HTTP01 solver pods. + // +optional + Annotations map[string]string `json:"annotations,omitempty"` + + // Labels that should be added to the created ACME HTTP01 solver pods. + // +optional + Labels map[string]string `json:"labels,omitempty"` +} + +type ACMEChallengeSolverHTTP01IngressPodSpec struct { + // NodeSelector is a selector which must be true for the pod to fit on a node. + // Selector which must match a node's labels for the pod to be scheduled on that node. + // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + // +optional + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + + // If specified, the pod's scheduling constraints + // +optional + Affinity *corev1.Affinity `json:"affinity,omitempty"` + + // If specified, the pod's tolerations. + // +optional + Tolerations []corev1.Toleration `json:"tolerations,omitempty"` + + // If specified, the pod's priorityClassName. + // +optional + PriorityClassName string `json:"priorityClassName,omitempty"` + + // If specified, the pod's service account + // +optional + ServiceAccountName string `json:"serviceAccountName,omitempty"` + + // If specified, the pod's imagePullSecrets + // +optional + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"` +} + +type ACMEChallengeSolverHTTP01IngressTemplate struct { + // ObjectMeta overrides for the ingress used to solve HTTP01 challenges. + // Only the 'labels' and 'annotations' fields may be set. + // If labels or annotations overlap with in-built values, the values here + // will override the in-built values. + // +optional + ACMEChallengeSolverHTTP01IngressObjectMeta `json:"metadata"` +} + +type ACMEChallengeSolverHTTP01IngressObjectMeta struct { + // Annotations that should be added to the created ACME HTTP01 solver ingress. + // +optional + Annotations map[string]string `json:"annotations,omitempty"` + + // Labels that should be added to the created ACME HTTP01 solver ingress. + // +optional + Labels map[string]string `json:"labels,omitempty"` +} + +// Used to configure a DNS01 challenge provider to be used when solving DNS01 +// challenges. +// Only one DNS provider may be configured per solver. +type ACMEChallengeSolverDNS01 struct { + // CNAMEStrategy configures how the DNS01 provider should handle CNAME + // records when found in DNS zones. + // +optional + CNAMEStrategy CNAMEStrategy `json:"cnameStrategy,omitempty"` + + // Use the Akamai DNS zone management API to manage DNS01 challenge records. + // +optional + Akamai *ACMEIssuerDNS01ProviderAkamai `json:"akamai,omitempty"` + + // Use the Google Cloud DNS API to manage DNS01 challenge records. + // +optional + CloudDNS *ACMEIssuerDNS01ProviderCloudDNS `json:"cloudDNS,omitempty"` + + // Use the Cloudflare API to manage DNS01 challenge records. + // +optional + Cloudflare *ACMEIssuerDNS01ProviderCloudflare `json:"cloudflare,omitempty"` + + // Use the AWS Route53 API to manage DNS01 challenge records. + // +optional + Route53 *ACMEIssuerDNS01ProviderRoute53 `json:"route53,omitempty"` + + // Use the Microsoft Azure DNS API to manage DNS01 challenge records. + // +optional + AzureDNS *ACMEIssuerDNS01ProviderAzureDNS `json:"azureDNS,omitempty"` + + // Use the DigitalOcean DNS API to manage DNS01 challenge records. + // +optional + DigitalOcean *ACMEIssuerDNS01ProviderDigitalOcean `json:"digitalocean,omitempty"` + + // Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage + // DNS01 challenge records. + // +optional + AcmeDNS *ACMEIssuerDNS01ProviderAcmeDNS `json:"acmeDNS,omitempty"` + + // Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) + // to manage DNS01 challenge records. + // +optional + RFC2136 *ACMEIssuerDNS01ProviderRFC2136 `json:"rfc2136,omitempty"` + + // Configure an external webhook based DNS01 challenge solver to manage + // DNS01 challenge records. + // +optional + Webhook *ACMEIssuerDNS01ProviderWebhook `json:"webhook,omitempty"` +} + +// CNAMEStrategy configures how the DNS01 provider should handle CNAME records +// when found in DNS zones. +// By default, the None strategy will be applied (i.e. do not follow CNAMEs). +// +kubebuilder:validation:Enum=None;Follow +type CNAMEStrategy string + +const ( + // NoneStrategy indicates that no CNAME resolution strategy should be used + // when determining which DNS zone to update during DNS01 challenges. + NoneStrategy = "None" + + // FollowStrategy will cause cert-manager to recurse through CNAMEs in + // order to determine which DNS zone to update during DNS01 challenges. + // This is useful if you do not want to grant cert-manager access to your + // root DNS zone, and instead delegate the _acme-challenge.example.com + // subdomain to some other, less privileged domain. + FollowStrategy = "Follow" +) + +// ACMEIssuerDNS01ProviderAkamai is a structure containing the DNS +// configuration for Akamai DNS—Zone Record Management API +type ACMEIssuerDNS01ProviderAkamai struct { + ServiceConsumerDomain string `json:"serviceConsumerDomain"` + ClientToken cmmeta.SecretKeySelector `json:"clientTokenSecretRef"` + ClientSecret cmmeta.SecretKeySelector `json:"clientSecretSecretRef"` + AccessToken cmmeta.SecretKeySelector `json:"accessTokenSecretRef"` +} + +// ACMEIssuerDNS01ProviderCloudDNS is a structure containing the DNS +// configuration for Google Cloud DNS +type ACMEIssuerDNS01ProviderCloudDNS struct { + // +optional + ServiceAccount *cmmeta.SecretKeySelector `json:"serviceAccountSecretRef,omitempty"` + Project string `json:"project"` + + // HostedZoneName is an optional field that tells cert-manager in which + // Cloud DNS zone the challenge record has to be created. + // If left empty cert-manager will automatically choose a zone. + // +optional + HostedZoneName string `json:"hostedZoneName,omitempty"` +} + +// ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS +// configuration for Cloudflare. +// One of `apiKeySecretRef` or `apiTokenSecretRef` must be provided. +type ACMEIssuerDNS01ProviderCloudflare struct { + // Email of the account, only required when using API key based authentication. + // +optional + Email string `json:"email,omitempty"` + + // API key to use to authenticate with Cloudflare. + // Note: using an API token to authenticate is now the recommended method + // as it allows greater control of permissions. + // +optional + APIKey *cmmeta.SecretKeySelector `json:"apiKeySecretRef,omitempty"` + + // API token used to authenticate with Cloudflare. + // +optional + APIToken *cmmeta.SecretKeySelector `json:"apiTokenSecretRef,omitempty"` +} + +// ACMEIssuerDNS01ProviderDigitalOcean is a structure containing the DNS +// configuration for DigitalOcean Domains +type ACMEIssuerDNS01ProviderDigitalOcean struct { + Token cmmeta.SecretKeySelector `json:"tokenSecretRef"` +} + +// ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53 +// configuration for AWS +type ACMEIssuerDNS01ProviderRoute53 struct { + // The AccessKeyID is used for authentication. + // Cannot be set when SecretAccessKeyID is set. + // If neither the Access Key nor Key ID are set, we fall-back to using env + // vars, shared credentials file or AWS Instance metadata, + // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + // +optional + AccessKeyID string `json:"accessKeyID,omitempty"` + + // The SecretAccessKey is used for authentication. If set, pull the AWS + // access key ID from a key within a Kubernetes Secret. + // Cannot be set when AccessKeyID is set. + // If neither the Access Key nor Key ID are set, we fall-back to using env + // vars, shared credentials file or AWS Instance metadata, + // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + // +optional + SecretAccessKeyID *cmmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"` + + // The SecretAccessKey is used for authentication. + // If neither the Access Key nor Key ID are set, we fall-back to using env + // vars, shared credentials file or AWS Instance metadata, + // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + // +optional + SecretAccessKey cmmeta.SecretKeySelector `json:"secretAccessKeySecretRef"` + + // Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey + // or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + // +optional + Role string `json:"role,omitempty"` + + // If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + // +optional + HostedZoneID string `json:"hostedZoneID,omitempty"` + + // Always set the region when using AccessKeyID and SecretAccessKey + Region string `json:"region"` +} + +// ACMEIssuerDNS01ProviderAzureDNS is a structure containing the +// configuration for Azure DNS +type ACMEIssuerDNS01ProviderAzureDNS struct { + // if both this and ClientSecret are left unset MSI will be used + // +optional + ClientID string `json:"clientID,omitempty"` + + // if both this and ClientID are left unset MSI will be used + // +optional + ClientSecret *cmmeta.SecretKeySelector `json:"clientSecretSecretRef,omitempty"` + + // ID of the Azure subscription + SubscriptionID string `json:"subscriptionID"` + + // when specifying ClientID and ClientSecret then this field is also needed + // +optional + TenantID string `json:"tenantID,omitempty"` + + // resource group the DNS zone is located in + ResourceGroupName string `json:"resourceGroupName"` + + // name of the DNS zone that should be used + // +optional + HostedZoneName string `json:"hostedZoneName,omitempty"` + + // name of the Azure environment (default AzurePublicCloud) + // +optional + Environment AzureDNSEnvironment `json:"environment,omitempty"` + + // managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + // +optional + ManagedIdentity *AzureManagedIdentity `json:"managedIdentity,omitempty"` +} + +type AzureManagedIdentity struct { + // client ID of the managed identity, can not be used at the same time as resourceID + // +optional + ClientID string `json:"clientID,omitempty"` + + // resource ID of the managed identity, can not be used at the same time as clientID + // +optional + ResourceID string `json:"resourceID,omitempty"` +} + +// +kubebuilder:validation:Enum=AzurePublicCloud;AzureChinaCloud;AzureGermanCloud;AzureUSGovernmentCloud +type AzureDNSEnvironment string + +const ( + AzurePublicCloud AzureDNSEnvironment = "AzurePublicCloud" + AzureChinaCloud AzureDNSEnvironment = "AzureChinaCloud" + AzureGermanCloud AzureDNSEnvironment = "AzureGermanCloud" + AzureUSGovernmentCloud AzureDNSEnvironment = "AzureUSGovernmentCloud" +) + +// ACMEIssuerDNS01ProviderAcmeDNS is a structure containing the +// configuration for ACME-DNS servers +type ACMEIssuerDNS01ProviderAcmeDNS struct { + Host string `json:"host"` + + AccountSecret cmmeta.SecretKeySelector `json:"accountSecretRef"` +} + +// ACMEIssuerDNS01ProviderRFC2136 is a structure containing the +// configuration for RFC2136 DNS +type ACMEIssuerDNS01ProviderRFC2136 struct { + // The IP address or hostname of an authoritative DNS server supporting + // RFC2136 in the form host:port. If the host is an IPv6 address it must be + // enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. + // This field is required. + Nameserver string `json:"nameserver"` + + // The name of the secret containing the TSIG value. + // If ``tsigKeyName`` is defined, this field is required. + // +optional + TSIGSecret cmmeta.SecretKeySelector `json:"tsigSecretSecretRef,omitempty"` + + // The TSIG Key name configured in the DNS. + // If ``tsigSecretSecretRef`` is defined, this field is required. + // +optional + TSIGKeyName string `json:"tsigKeyName,omitempty"` + + // The TSIG Algorithm configured in the DNS supporting RFC2136. Used only + // when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. + // Supported values are (case-insensitive): ``HMACMD5`` (default), + // ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + // +optional + TSIGAlgorithm string `json:"tsigAlgorithm,omitempty"` +} + +// ACMEIssuerDNS01ProviderWebhook specifies configuration for a webhook DNS01 +// provider, including where to POST ChallengePayload resources. +type ACMEIssuerDNS01ProviderWebhook struct { + // The API group name that should be used when POSTing ChallengePayload + // resources to the webhook apiserver. + // This should be the same as the GroupName specified in the webhook + // provider implementation. + GroupName string `json:"groupName"` + + // The name of the solver to use, as defined in the webhook provider + // implementation. + // This will typically be the name of the provider, e.g. 'cloudflare'. + SolverName string `json:"solverName"` + + // Additional configuration that should be passed to the webhook apiserver + // when challenges are processed. + // This can contain arbitrary JSON data. + // Secret values should not be specified in this stanza. + // If secret values are needed (e.g. credentials for a DNS service), you + // should use a SecretKeySelector to reference a Secret resource. + // For details on the schema of this field, consult the webhook provider + // implementation's documentation. + // +optional + Config *apiextensionsv1.JSON `json:"config,omitempty"` +} + +type ACMEIssuerStatus struct { + // URI is the unique account identifier, which can also be used to retrieve + // account details from the CA + // +optional + URI string `json:"uri,omitempty"` + + // LastRegisteredEmail is the email associated with the latest registered + // ACME account, in order to track changes made to registered account + // associated with the Issuer + // +optional + LastRegisteredEmail string `json:"lastRegisteredEmail,omitempty"` + + // LastPrivateKeyHash is a hash of the private key associated with the latest + // registered ACME account, in order to track changes made to registered account + // associated with the Issuer + // +optional + LastPrivateKeyHash string `json:"lastPrivateKeyHash,omitempty"` +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go new file mode 100644 index 00000000000..e9a50a30134 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go @@ -0,0 +1,240 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// Order is a type to represent an Order with an ACME server +// +k8s:openapi-gen=true +type Order struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + + Spec OrderSpec `json:"spec"` + // +optional + Status OrderStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OrderList is a list of Orders +type OrderList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []Order `json:"items"` +} + +type OrderSpec struct { + // Certificate signing request bytes in DER encoding. + // This will be used when finalizing the order. + // This field must be set on the order. + Request []byte `json:"request"` + + // IssuerRef references a properly configured ACME-type Issuer which should + // be used to create this Order. + // If the Issuer does not exist, processing will be retried. + // If the Issuer is not an 'ACME' Issuer, an error will be returned and the + // Order will be marked as failed. + IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + + // CommonName is the common name as specified on the DER encoded CSR. + // If specified, this value must also be present in `dnsNames` or `ipAddresses`. + // This field must match the corresponding field on the DER encoded CSR. + // +optional + CommonName string `json:"commonName,omitempty"` + + // DNSNames is a list of DNS names that should be included as part of the Order + // validation process. + // This field must match the corresponding field on the DER encoded CSR. + //+optional + DNSNames []string `json:"dnsNames,omitempty"` + + // IPAddresses is a list of IP addresses that should be included as part of the Order + // validation process. + // This field must match the corresponding field on the DER encoded CSR. + // +optional + IPAddresses []string `json:"ipAddresses,omitempty"` + + // Duration is the duration for the not after date for the requested certificate. + // this is set on order creation as pe the ACME spec. + // +optional + Duration *metav1.Duration `json:"duration,omitempty"` +} + +type OrderStatus struct { + // URL of the Order. + // This will initially be empty when the resource is first created. + // The Order controller will populate this field when the Order is first processed. + // This field will be immutable after it is initially set. + // +optional + URL string `json:"url,omitempty"` + + // FinalizeURL of the Order. + // This is used to obtain certificates for this order once it has been completed. + // +optional + FinalizeURL string `json:"finalizeURL,omitempty"` + + // Authorizations contains data returned from the ACME server on what + // authorizations must be completed in order to validate the DNS names + // specified on the Order. + // +optional + Authorizations []ACMEAuthorization `json:"authorizations,omitempty"` + + // Certificate is a copy of the PEM encoded certificate for this Order. + // This field will be populated after the order has been successfully + // finalized with the ACME server, and the order has transitioned to the + // 'valid' state. + // +optional + Certificate []byte `json:"certificate,omitempty"` + + // State contains the current state of this Order resource. + // States 'success' and 'expired' are 'final' + // +optional + State State `json:"state,omitempty"` + + // Reason optionally provides more information about a why the order is in + // the current state. + // +optional + Reason string `json:"reason,omitempty"` + + // FailureTime stores the time that this order failed. + // This is used to influence garbage collection and back-off. + // +optional + FailureTime *metav1.Time `json:"failureTime,omitempty"` +} + +// ACMEAuthorization contains data returned from the ACME server on an +// authorization that must be completed in order validate a DNS name on an ACME +// Order resource. +type ACMEAuthorization struct { + // URL is the URL of the Authorization that must be completed + URL string `json:"url"` + + // Identifier is the DNS name to be validated as part of this authorization + // +optional + Identifier string `json:"identifier,omitempty"` + + // Wildcard will be true if this authorization is for a wildcard DNS name. + // If this is true, the identifier will be the *non-wildcard* version of + // the DNS name. + // For example, if '*.example.com' is the DNS name being validated, this + // field will be 'true' and the 'identifier' field will be 'example.com'. + // +optional + Wildcard *bool `json:"wildcard,omitempty"` + + // InitialState is the initial state of the ACME authorization when first + // fetched from the ACME server. + // If an Authorization is already 'valid', the Order controller will not + // create a Challenge resource for the authorization. This will occur when + // working with an ACME server that enables 'authz reuse' (such as Let's + // Encrypt's production endpoint). + // If not set and 'identifier' is set, the state is assumed to be pending + // and a Challenge will be created. + // +optional + InitialState State `json:"initialState,omitempty"` + + // Challenges specifies the challenge types offered by the ACME server. + // One of these challenge types will be selected when validating the DNS + // name and an appropriate Challenge resource will be created to perform + // the ACME challenge process. + // +optional + Challenges []ACMEChallenge `json:"challenges,omitempty"` +} + +// Challenge specifies a challenge offered by the ACME server for an Order. +// An appropriate Challenge resource can be created to perform the ACME +// challenge process. +type ACMEChallenge struct { + // URL is the URL of this challenge. It can be used to retrieve additional + // metadata about the Challenge from the ACME server. + URL string `json:"url"` + + // Token is the token that must be presented for this challenge. + // This is used to compute the 'key' that must also be presented. + Token string `json:"token"` + + // Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', + // 'tls-sni-01', etc. + // This is the raw value retrieved from the ACME server. + // Only 'http-01' and 'dns-01' are supported by cert-manager, other values + // will be ignored. + Type string `json:"type"` +} + +// State represents the state of an ACME resource, such as an Order. +// The possible options here map to the corresponding values in the +// ACME specification. +// Full details of these values can be found here: https://tools.ietf.org/html/draft-ietf-acme-acme-15#section-7.1.6 +// Clients utilising this type must also gracefully handle unknown +// values, as the contents of this enumeration may be added to over time. +// +kubebuilder:validation:Enum=valid;ready;pending;processing;invalid;expired;errored +type State string + +const ( + // Unknown is not a real state as part of the ACME spec. + // It is used to represent an unrecognised value. + Unknown State = "" + + // Valid signifies that an ACME resource is in a valid state. + // If an order is 'valid', it has been finalized with the ACME server and + // the certificate can be retrieved from the ACME server using the + // certificate URL stored in the Order's status subresource. + // This is a final state. + Valid State = "valid" + + // Ready signifies that an ACME resource is in a ready state. + // If an order is 'ready', all of its challenges have been completed + // successfully and the order is ready to be finalized. + // Once finalized, it will transition to the Valid state. + // This is a transient state. + Ready State = "ready" + + // Pending signifies that an ACME resource is still pending and is not yet ready. + // If an Order is marked 'Pending', the validations for that Order are still in progress. + // This is a transient state. + Pending State = "pending" + + // Processing signifies that an ACME resource is being processed by the server. + // If an Order is marked 'Processing', the validations for that Order are currently being processed. + // This is a transient state. + Processing State = "processing" + + // Invalid signifies that an ACME resource is invalid for some reason. + // If an Order is marked 'invalid', one of its validations be have invalid for some reason. + // This is a final state. + Invalid State = "invalid" + + // Expired signifies that an ACME resource has expired. + // If an Order is marked 'Expired', one of its validations may have expired or the Order itself. + // This is a final state. + Expired State = "expired" + + // Errored signifies that the ACME resource has errored for some reason. + // This is a catch-all state, and is used for marking internal cert-manager + // errors such as validation failures. + // This is a final state. + Errored State = "errored" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..b5472216ccd --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go @@ -0,0 +1,919 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + corev1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEAuthorization) DeepCopyInto(out *ACMEAuthorization) { + *out = *in + if in.Wildcard != nil { + in, out := &in.Wildcard, &out.Wildcard + *out = new(bool) + **out = **in + } + if in.Challenges != nil { + in, out := &in.Challenges, &out.Challenges + *out = make([]ACMEChallenge, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEAuthorization. +func (in *ACMEAuthorization) DeepCopy() *ACMEAuthorization { + if in == nil { + return nil + } + out := new(ACMEAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallenge) DeepCopyInto(out *ACMEChallenge) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallenge. +func (in *ACMEChallenge) DeepCopy() *ACMEChallenge { + if in == nil { + return nil + } + out := new(ACMEChallenge) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolver) DeepCopyInto(out *ACMEChallengeSolver) { + *out = *in + if in.Selector != nil { + in, out := &in.Selector, &out.Selector + *out = new(CertificateDNSNameSelector) + (*in).DeepCopyInto(*out) + } + if in.HTTP01 != nil { + in, out := &in.HTTP01, &out.HTTP01 + *out = new(ACMEChallengeSolverHTTP01) + (*in).DeepCopyInto(*out) + } + if in.DNS01 != nil { + in, out := &in.DNS01, &out.DNS01 + *out = new(ACMEChallengeSolverDNS01) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolver. +func (in *ACMEChallengeSolver) DeepCopy() *ACMEChallengeSolver { + if in == nil { + return nil + } + out := new(ACMEChallengeSolver) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverDNS01) DeepCopyInto(out *ACMEChallengeSolverDNS01) { + *out = *in + if in.Akamai != nil { + in, out := &in.Akamai, &out.Akamai + *out = new(ACMEIssuerDNS01ProviderAkamai) + **out = **in + } + if in.CloudDNS != nil { + in, out := &in.CloudDNS, &out.CloudDNS + *out = new(ACMEIssuerDNS01ProviderCloudDNS) + (*in).DeepCopyInto(*out) + } + if in.Cloudflare != nil { + in, out := &in.Cloudflare, &out.Cloudflare + *out = new(ACMEIssuerDNS01ProviderCloudflare) + (*in).DeepCopyInto(*out) + } + if in.Route53 != nil { + in, out := &in.Route53, &out.Route53 + *out = new(ACMEIssuerDNS01ProviderRoute53) + (*in).DeepCopyInto(*out) + } + if in.AzureDNS != nil { + in, out := &in.AzureDNS, &out.AzureDNS + *out = new(ACMEIssuerDNS01ProviderAzureDNS) + (*in).DeepCopyInto(*out) + } + if in.DigitalOcean != nil { + in, out := &in.DigitalOcean, &out.DigitalOcean + *out = new(ACMEIssuerDNS01ProviderDigitalOcean) + **out = **in + } + if in.AcmeDNS != nil { + in, out := &in.AcmeDNS, &out.AcmeDNS + *out = new(ACMEIssuerDNS01ProviderAcmeDNS) + **out = **in + } + if in.RFC2136 != nil { + in, out := &in.RFC2136, &out.RFC2136 + *out = new(ACMEIssuerDNS01ProviderRFC2136) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(ACMEIssuerDNS01ProviderWebhook) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverDNS01. +func (in *ACMEChallengeSolverDNS01) DeepCopy() *ACMEChallengeSolverDNS01 { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverDNS01) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01) DeepCopyInto(out *ACMEChallengeSolverHTTP01) { + *out = *in + if in.Ingress != nil { + in, out := &in.Ingress, &out.Ingress + *out = new(ACMEChallengeSolverHTTP01Ingress) + (*in).DeepCopyInto(*out) + } + if in.GatewayHTTPRoute != nil { + in, out := &in.GatewayHTTPRoute, &out.GatewayHTTPRoute + *out = new(ACMEChallengeSolverHTTP01GatewayHTTPRoute) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01. +func (in *ACMEChallengeSolverHTTP01) DeepCopy() *ACMEChallengeSolverHTTP01 { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01GatewayHTTPRoute) DeepCopyInto(out *ACMEChallengeSolverHTTP01GatewayHTTPRoute) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.ParentRefs != nil { + in, out := &in.ParentRefs, &out.ParentRefs + *out = make([]v1beta1.ParentReference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01GatewayHTTPRoute. +func (in *ACMEChallengeSolverHTTP01GatewayHTTPRoute) DeepCopy() *ACMEChallengeSolverHTTP01GatewayHTTPRoute { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01GatewayHTTPRoute) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopyInto(out *ACMEChallengeSolverHTTP01Ingress) { + *out = *in + if in.IngressClassName != nil { + in, out := &in.IngressClassName, &out.IngressClassName + *out = new(string) + **out = **in + } + if in.Class != nil { + in, out := &in.Class, &out.Class + *out = new(string) + **out = **in + } + if in.PodTemplate != nil { + in, out := &in.PodTemplate, &out.PodTemplate + *out = new(ACMEChallengeSolverHTTP01IngressPodTemplate) + (*in).DeepCopyInto(*out) + } + if in.IngressTemplate != nil { + in, out := &in.IngressTemplate, &out.IngressTemplate + *out = new(ACMEChallengeSolverHTTP01IngressTemplate) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01Ingress. +func (in *ACMEChallengeSolverHTTP01Ingress) DeepCopy() *ACMEChallengeSolverHTTP01Ingress { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01Ingress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressObjectMeta) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressObjectMeta. +func (in *ACMEChallengeSolverHTTP01IngressObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressObjectMeta { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressObjectMeta) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodObjectMeta) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodObjectMeta. +func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodObjectMeta { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressPodObjectMeta) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodSpec) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Affinity != nil { + in, out := &in.Affinity, &out.Affinity + *out = new(corev1.Affinity) + (*in).DeepCopyInto(*out) + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]corev1.LocalObjectReference, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodSpec. +func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodSpec { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressPodSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodTemplate) { + *out = *in + in.ACMEChallengeSolverHTTP01IngressPodObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressPodObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodTemplate. +func (in *ACMEChallengeSolverHTTP01IngressPodTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodTemplate { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressPodTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressTemplate) { + *out = *in + in.ACMEChallengeSolverHTTP01IngressObjectMeta.DeepCopyInto(&out.ACMEChallengeSolverHTTP01IngressObjectMeta) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressTemplate. +func (in *ACMEChallengeSolverHTTP01IngressTemplate) DeepCopy() *ACMEChallengeSolverHTTP01IngressTemplate { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEExternalAccountBinding) DeepCopyInto(out *ACMEExternalAccountBinding) { + *out = *in + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEExternalAccountBinding. +func (in *ACMEExternalAccountBinding) DeepCopy() *ACMEExternalAccountBinding { + if in == nil { + return nil + } + out := new(ACMEExternalAccountBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuer) DeepCopyInto(out *ACMEIssuer) { + *out = *in + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.ExternalAccountBinding != nil { + in, out := &in.ExternalAccountBinding, &out.ExternalAccountBinding + *out = new(ACMEExternalAccountBinding) + **out = **in + } + out.PrivateKey = in.PrivateKey + if in.Solvers != nil { + in, out := &in.Solvers, &out.Solvers + *out = make([]ACMEChallengeSolver, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuer. +func (in *ACMEIssuer) DeepCopy() *ACMEIssuer { + if in == nil { + return nil + } + out := new(ACMEIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAcmeDNS) { + *out = *in + out.AccountSecret = in.AccountSecret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAcmeDNS. +func (in *ACMEIssuerDNS01ProviderAcmeDNS) DeepCopy() *ACMEIssuerDNS01ProviderAcmeDNS { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderAcmeDNS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopyInto(out *ACMEIssuerDNS01ProviderAkamai) { + *out = *in + out.ClientToken = in.ClientToken + out.ClientSecret = in.ClientSecret + out.AccessToken = in.AccessToken + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAkamai. +func (in *ACMEIssuerDNS01ProviderAkamai) DeepCopy() *ACMEIssuerDNS01ProviderAkamai { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderAkamai) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderAzureDNS) { + *out = *in + if in.ClientSecret != nil { + in, out := &in.ClientSecret, &out.ClientSecret + *out = new(metav1.SecretKeySelector) + **out = **in + } + if in.ManagedIdentity != nil { + in, out := &in.ManagedIdentity, &out.ManagedIdentity + *out = new(AzureManagedIdentity) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderAzureDNS. +func (in *ACMEIssuerDNS01ProviderAzureDNS) DeepCopy() *ACMEIssuerDNS01ProviderAzureDNS { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderAzureDNS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudDNS) { + *out = *in + if in.ServiceAccount != nil { + in, out := &in.ServiceAccount, &out.ServiceAccount + *out = new(metav1.SecretKeySelector) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudDNS. +func (in *ACMEIssuerDNS01ProviderCloudDNS) DeepCopy() *ACMEIssuerDNS01ProviderCloudDNS { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderCloudDNS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopyInto(out *ACMEIssuerDNS01ProviderCloudflare) { + *out = *in + if in.APIKey != nil { + in, out := &in.APIKey, &out.APIKey + *out = new(metav1.SecretKeySelector) + **out = **in + } + if in.APIToken != nil { + in, out := &in.APIToken, &out.APIToken + *out = new(metav1.SecretKeySelector) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderCloudflare. +func (in *ACMEIssuerDNS01ProviderCloudflare) DeepCopy() *ACMEIssuerDNS01ProviderCloudflare { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderCloudflare) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopyInto(out *ACMEIssuerDNS01ProviderDigitalOcean) { + *out = *in + out.Token = in.Token + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderDigitalOcean. +func (in *ACMEIssuerDNS01ProviderDigitalOcean) DeepCopy() *ACMEIssuerDNS01ProviderDigitalOcean { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderDigitalOcean) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopyInto(out *ACMEIssuerDNS01ProviderRFC2136) { + *out = *in + out.TSIGSecret = in.TSIGSecret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRFC2136. +func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC2136 { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderRFC2136) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) { + *out = *in + if in.SecretAccessKeyID != nil { + in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID + *out = new(metav1.SecretKeySelector) + **out = **in + } + out.SecretAccessKey = in.SecretAccessKey + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderRoute53. +func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopy() *ACMEIssuerDNS01ProviderRoute53 { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderRoute53) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopyInto(out *ACMEIssuerDNS01ProviderWebhook) { + *out = *in + if in.Config != nil { + in, out := &in.Config, &out.Config + *out = new(apiextensionsv1.JSON) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerDNS01ProviderWebhook. +func (in *ACMEIssuerDNS01ProviderWebhook) DeepCopy() *ACMEIssuerDNS01ProviderWebhook { + if in == nil { + return nil + } + out := new(ACMEIssuerDNS01ProviderWebhook) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEIssuerStatus) DeepCopyInto(out *ACMEIssuerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEIssuerStatus. +func (in *ACMEIssuerStatus) DeepCopy() *ACMEIssuerStatus { + if in == nil { + return nil + } + out := new(ACMEIssuerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureManagedIdentity) DeepCopyInto(out *AzureManagedIdentity) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureManagedIdentity. +func (in *AzureManagedIdentity) DeepCopy() *AzureManagedIdentity { + if in == nil { + return nil + } + out := new(AzureManagedIdentity) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateDNSNameSelector) DeepCopyInto(out *CertificateDNSNameSelector) { + *out = *in + if in.MatchLabels != nil { + in, out := &in.MatchLabels, &out.MatchLabels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.DNSNames != nil { + in, out := &in.DNSNames, &out.DNSNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.DNSZones != nil { + in, out := &in.DNSZones, &out.DNSZones + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateDNSNameSelector. +func (in *CertificateDNSNameSelector) DeepCopy() *CertificateDNSNameSelector { + if in == nil { + return nil + } + out := new(CertificateDNSNameSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Challenge) DeepCopyInto(out *Challenge) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Challenge. +func (in *Challenge) DeepCopy() *Challenge { + if in == nil { + return nil + } + out := new(Challenge) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Challenge) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ChallengeList) DeepCopyInto(out *ChallengeList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Challenge, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeList. +func (in *ChallengeList) DeepCopy() *ChallengeList { + if in == nil { + return nil + } + out := new(ChallengeList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ChallengeList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ChallengeSpec) DeepCopyInto(out *ChallengeSpec) { + *out = *in + in.Solver.DeepCopyInto(&out.Solver) + out.IssuerRef = in.IssuerRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeSpec. +func (in *ChallengeSpec) DeepCopy() *ChallengeSpec { + if in == nil { + return nil + } + out := new(ChallengeSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ChallengeStatus) DeepCopyInto(out *ChallengeStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeStatus. +func (in *ChallengeStatus) DeepCopy() *ChallengeStatus { + if in == nil { + return nil + } + out := new(ChallengeStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Order) DeepCopyInto(out *Order) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Order. +func (in *Order) DeepCopy() *Order { + if in == nil { + return nil + } + out := new(Order) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Order) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OrderList) DeepCopyInto(out *OrderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Order, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderList. +func (in *OrderList) DeepCopy() *OrderList { + if in == nil { + return nil + } + out := new(OrderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OrderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OrderSpec) DeepCopyInto(out *OrderSpec) { + *out = *in + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.IssuerRef = in.IssuerRef + if in.DNSNames != nil { + in, out := &in.DNSNames, &out.DNSNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IPAddresses != nil { + in, out := &in.IPAddresses, &out.IPAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(apismetav1.Duration) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderSpec. +func (in *OrderSpec) DeepCopy() *OrderSpec { + if in == nil { + return nil + } + out := new(OrderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OrderStatus) DeepCopyInto(out *OrderStatus) { + *out = *in + if in.Authorizations != nil { + in, out := &in.Authorizations, &out.Authorizations + *out = make([]ACMEAuthorization, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Certificate != nil { + in, out := &in.Certificate, &out.Certificate + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.FailureTime != nil { + in, out := &in.FailureTime, &out.FailureTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrderStatus. +func (in *OrderStatus) DeepCopy() *OrderStatus { + if in == nil { + return nil + } + out := new(OrderStatus) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/doc.go new file mode 100644 index 00000000000..16c92a1d987 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/doc.go @@ -0,0 +1,23 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +groupName=cert-manager.io +// +groupGoName=Certmanager + +// Package certmanager is the internal version of the API. +package certmanager + +const GroupName = "cert-manager.io" diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/const.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/const.go new file mode 100644 index 00000000000..7b8a8b0b678 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/const.go @@ -0,0 +1,43 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import "time" + +const ( + // minimum permitted certificate duration by cert-manager + MinimumCertificateDuration = time.Hour + + // default certificate duration if Issuer.spec.duration is not set + DefaultCertificateDuration = time.Hour * 24 * 90 + + // minimum certificate duration before certificate expiration + MinimumRenewBefore = time.Minute * 5 + + // Deprecated: the default is now 2/3 of Certificate's duration + DefaultRenewBefore = time.Hour * 24 * 30 +) + +const ( + // Default index key for the Secret reference for Token authentication + DefaultVaultTokenAuthSecretKey = "token" + + // Default mount path location for Kubernetes ServiceAccount authentication + // (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so + // left as the default, `/v1/auth/kubernetes/login` will be called. + DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go new file mode 100644 index 00000000000..348211c6859 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1 is the v1 version of the API. +// +k8s:deepcopy-gen=package,register +// +groupName=cert-manager.io +// +groupGoName=Certmanager +package v1 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go new file mode 100644 index 00000000000..d757978fe0c --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go @@ -0,0 +1,85 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + + cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" +) + +type GenericIssuer interface { + runtime.Object + metav1.Object + + GetObjectMeta() *metav1.ObjectMeta + GetSpec() *IssuerSpec + GetStatus() *IssuerStatus +} + +var _ GenericIssuer = &Issuer{} +var _ GenericIssuer = &ClusterIssuer{} + +func (c *ClusterIssuer) GetObjectMeta() *metav1.ObjectMeta { + return &c.ObjectMeta +} +func (c *ClusterIssuer) GetSpec() *IssuerSpec { + return &c.Spec +} +func (c *ClusterIssuer) GetStatus() *IssuerStatus { + return &c.Status +} +func (c *ClusterIssuer) SetSpec(spec IssuerSpec) { + c.Spec = spec +} +func (c *ClusterIssuer) SetStatus(status IssuerStatus) { + c.Status = status +} +func (c *ClusterIssuer) Copy() GenericIssuer { + return c.DeepCopy() +} +func (c *Issuer) GetObjectMeta() *metav1.ObjectMeta { + return &c.ObjectMeta +} +func (c *Issuer) GetSpec() *IssuerSpec { + return &c.Spec +} +func (c *Issuer) GetStatus() *IssuerStatus { + return &c.Status +} +func (c *Issuer) SetSpec(spec IssuerSpec) { + c.Spec = spec +} +func (c *Issuer) SetStatus(status IssuerStatus) { + c.Status = status +} +func (c *Issuer) Copy() GenericIssuer { + return c.DeepCopy() +} + +// TODO: refactor these functions away +func (i *IssuerStatus) ACMEStatus() *cmacme.ACMEIssuerStatus { + // this is an edge case, but this will prevent panics + if i == nil { + return &cmacme.ACMEIssuerStatus{} + } + if i.ACME == nil { + i.ACME = &cmacme.ACMEIssuerStatus{} + } + return i.ACME +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/register.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/register.go new file mode 100644 index 00000000000..fb745dbb642 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/register.go @@ -0,0 +1,62 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + "github.com/cert-manager/cert-manager/pkg/apis/certmanager" +) + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: certmanager.GroupName, Version: "v1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &Certificate{}, + &CertificateList{}, + &Issuer{}, + &IssuerList{}, + &ClusterIssuer{}, + &ClusterIssuerList{}, + &CertificateRequest{}, + &CertificateRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go new file mode 100644 index 00000000000..276722793e9 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go @@ -0,0 +1,300 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +const ( + + // Common label keys added to resources + // Label key that indicates that a resource is of interest to + // cert-manager controller By default this is set on + // certificate.spec.secretName secret as well as on the temporary + // private key Secret. If using SecretsFilteredCaching feature, you + // might want to set this (with a value of 'true') to any other Secrets + // that cert-manager controller needs to read, such as issuer + // credentials Secrets. + // fao = 'for attention of' + // See https://github.com/cert-manager/cert-manager/blob/master/design/20221205-memory-management.md#risks-and-mitigations + PartOfCertManagerControllerLabelKey = "controller.cert-manager.io/fao" + + // Common annotation keys added to resources + + // Annotation key for DNS subjectAltNames. + AltNamesAnnotationKey = "cert-manager.io/alt-names" + + // Annotation key for IP subjectAltNames. + IPSANAnnotationKey = "cert-manager.io/ip-sans" + + // Annotation key for URI subjectAltNames. + URISANAnnotationKey = "cert-manager.io/uri-sans" + + // Annotation key for certificate common name. + CommonNameAnnotationKey = "cert-manager.io/common-name" + + // Duration key for certificate duration. + DurationAnnotationKey = "cert-manager.io/duration" + + // Annotation key for certificate renewBefore. + RenewBeforeAnnotationKey = "cert-manager.io/renew-before" + + // Annotation key for emails subjectAltNames. + EmailsAnnotationKey = "cert-manager.io/email-sans" + + // Annotation key for subject organization. + SubjectOrganizationsAnnotationKey = "cert-manager.io/subject-organizations" + + // Annotation key for subject organizational units. + SubjectOrganizationalUnitsAnnotationKey = "cert-manager.io/subject-organizationalunits" + + // Annotation key for subject organizational units. + SubjectCountriesAnnotationKey = "cert-manager.io/subject-countries" + + // Annotation key for subject provinces. + SubjectProvincesAnnotationKey = "cert-manager.io/subject-provinces" + + // Annotation key for subject localities. + SubjectLocalitiesAnnotationKey = "cert-manager.io/subject-localities" + + // Annotation key for subject provinces. + SubjectStreetAddressesAnnotationKey = "cert-manager.io/subject-streetaddresses" + + // Annotation key for subject postal codes. + SubjectPostalCodesAnnotationKey = "cert-manager.io/subject-postalcodes" + + // Annotation key for subject serial number. + SubjectSerialNumberAnnotationKey = "cert-manager.io/subject-serialnumber" + + // Annotation key for certificate key usages. + UsagesAnnotationKey = "cert-manager.io/usages" + + // Annotation key the 'name' of the Issuer resource. + IssuerNameAnnotationKey = "cert-manager.io/issuer-name" + + // Annotation key for the 'kind' of the Issuer resource. + IssuerKindAnnotationKey = "cert-manager.io/issuer-kind" + + // Annotation key for the 'group' of the Issuer resource. + IssuerGroupAnnotationKey = "cert-manager.io/issuer-group" + + // Annotation key for the name of the certificate that a resource is related to. + CertificateNameKey = "cert-manager.io/certificate-name" + + // Annotation key used to denote whether a Secret is named on a Certificate + // as a 'next private key' Secret resource. + IsNextPrivateKeySecretLabelKey = "cert-manager.io/next-private-key" + + // Annotation key used to limit the number of CertificateRequests to be kept for a Certificate. + // Minimum value is 1. + // If unset all CertificateRequests will be kept. + RevisionHistoryLimitAnnotationKey = "cert-manager.io/revision-history-limit" + + // Annotation key used to set the PrivateKeyAlgorithm for a Certificate. + // If PrivateKeyAlgorithm is specified and `size` is not provided, + // key size of 256 will be used for `ECDSA` key algorithm and + // key size of 2048 will be used for `RSA` key algorithm. + // key size is ignored when using the `Ed25519` key algorithm. + // If unset an algorithm `RSA` will be used. + PrivateKeyAlgorithmAnnotationKey = "cert-manager.io/private-key-algorithm" + + // Annotation key used to set the PrivateKeyEncoding for a Certificate. + // If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 + // and PKCS#8, respectively. + // If unset an encoding `PKCS1` will be used. + PrivateKeyEncodingAnnotationKey = "cert-manager.io/private-key-encoding" + + // Annotation key used to set the size of the private key for a Certificate. + // If PrivateKeyAlgorithm is set to `RSA`, valid values are `2048`, `4096` or `8192`, + // and will default to `2048` if not specified. + // If PrivateKeyAlgorithm is set to `ECDSA`, valid values are `256`, `384` or `521`, + // and will default to `256` if not specified. + // If PrivateKeyAlgorithm is set to `Ed25519`, Size is ignored. + // No other values are allowed. + PrivateKeySizeAnnotationKey = "cert-manager.io/private-key-size" + + // Annotation key used to set the PrivateKeyRotationPolicy for a Certificate. + // If unset a policy `Never` will be used. + PrivateKeyRotationPolicyAnnotationKey = "cert-manager.io/private-key-rotation-policy" +) + +const ( + // IngressIssuerNameAnnotationKey holds the issuerNameAnnotation value which can be + // used to override the issuer specified on the created Certificate resource. + IngressIssuerNameAnnotationKey = "cert-manager.io/issuer" + // IngressClusterIssuerNameAnnotationKey holds the clusterIssuerNameAnnotation value which + // can be used to override the issuer specified on the created Certificate resource. The Certificate + // will reference the specified *ClusterIssuer* instead of normal issuer. + IngressClusterIssuerNameAnnotationKey = "cert-manager.io/cluster-issuer" + // IngressACMEIssuerHTTP01IngressClassAnnotationKey holds the acmeIssuerHTTP01IngressClassAnnotation value + // which can be used to override the http01 ingressClass if the challenge type is set to http01 + IngressACMEIssuerHTTP01IngressClassAnnotationKey = "acme.cert-manager.io/http01-ingress-class" + + // IngressClassAnnotationKey picks a specific "class" for the Ingress. The + // controller only processes Ingresses with this annotation either unset, or + // set to either the configured value or the empty string. + IngressClassAnnotationKey = "kubernetes.io/ingress.class" +) + +// Annotation names for CertificateRequests +const ( + // Annotation added to CertificateRequest resources to denote the name of + // a Secret resource containing the private key used to sign the CSR stored + // on the resource. + // This annotation *may* not be present, and is used by the 'self signing' + // issuer type to self-sign certificates. + CertificateRequestPrivateKeyAnnotationKey = "cert-manager.io/private-key-secret-name" + + // Annotation to declare the CertificateRequest "revision", belonging to a Certificate Resource + CertificateRequestRevisionAnnotationKey = "cert-manager.io/certificate-revision" +) + +const ( + // IssueTemporaryCertificateAnnotation is an annotation that can be added to + // Certificate resources. + // If it is present, a temporary internally signed certificate will be + // stored in the target Secret resource whilst the real Issuer is processing + // the certificate request. + IssueTemporaryCertificateAnnotation = "cert-manager.io/issue-temporary-certificate" +) + +// Common/known resource kinds. +const ( + ClusterIssuerKind = "ClusterIssuer" + IssuerKind = "Issuer" + CertificateKind = "Certificate" + CertificateRequestKind = "CertificateRequest" +) + +const ( + // WantInjectAnnotation is the annotation that specifies that a particular + // object wants injection of CAs. It takes the form of a reference to a certificate + // as namespace/name. The certificate is expected to have the is-serving-for annotations. + WantInjectAnnotation = "cert-manager.io/inject-ca-from" + + // WantInjectAPIServerCAAnnotation will - if set to "true" - make the cainjector + // inject the CA certificate for the Kubernetes apiserver into the resource. + // It discovers the apiserver's CA by inspecting the service account credentials + // mounted into the cainjector pod. + WantInjectAPIServerCAAnnotation = "cert-manager.io/inject-apiserver-ca" + + // WantInjectFromSecretAnnotation is the annotation that specifies that a particular + // object wants injection of CAs. It takes the form of a reference to a Secret + // as namespace/name. + WantInjectFromSecretAnnotation = "cert-manager.io/inject-ca-from-secret" + + // AllowsInjectionFromSecretAnnotation is an annotation that must be added + // to Secret resource that want to denote that they can be directly + // injected into injectables that have a `inject-ca-from-secret` annotation. + // If an injectable references a Secret that does NOT have this annotation, + // the cainjector will refuse to inject the secret. + AllowsInjectionFromSecretAnnotation = "cert-manager.io/allow-direct-injection" +) + +// Issuer specific Annotations +const ( + // VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer + // This will only work with Venafi TPP v19.3 and higher + // The value is an array with objects containing the name and value keys + // for example: `[{"name": "custom-field", "value": "custom-value"}]` + VenafiCustomFieldsAnnotationKey = "venafi.cert-manager.io/custom-fields" + + // VenafiPickupIDAnnotationKey is the annotation key used to record the + // Venafi Pickup ID of a certificate signing request that has been submitted + // to the Venafi API for collection later. + VenafiPickupIDAnnotationKey = "venafi.cert-manager.io/pickup-id" +) + +// KeyUsage specifies valid usage contexts for keys. +// See: +// https://tools.ietf.org/html/rfc5280#section-4.2.1.3 +// https://tools.ietf.org/html/rfc5280#section-4.2.1.12 +// +// Valid KeyUsage values are as follows: +// "signing", +// "digital signature", +// "content commitment", +// "key encipherment", +// "key agreement", +// "data encipherment", +// "cert sign", +// "crl sign", +// "encipher only", +// "decipher only", +// "any", +// "server auth", +// "client auth", +// "code signing", +// "email protection", +// "s/mime", +// "ipsec end system", +// "ipsec tunnel", +// "ipsec user", +// "timestamping", +// "ocsp signing", +// "microsoft sgc", +// "netscape sgc" +// +kubebuilder:validation:Enum="signing";"digital signature";"content commitment";"key encipherment";"key agreement";"data encipherment";"cert sign";"crl sign";"encipher only";"decipher only";"any";"server auth";"client auth";"code signing";"email protection";"s/mime";"ipsec end system";"ipsec tunnel";"ipsec user";"timestamping";"ocsp signing";"microsoft sgc";"netscape sgc" +type KeyUsage string + +const ( + UsageSigning KeyUsage = "signing" + UsageDigitalSignature KeyUsage = "digital signature" + UsageContentCommitment KeyUsage = "content commitment" + UsageKeyEncipherment KeyUsage = "key encipherment" + UsageKeyAgreement KeyUsage = "key agreement" + UsageDataEncipherment KeyUsage = "data encipherment" + UsageCertSign KeyUsage = "cert sign" + UsageCRLSign KeyUsage = "crl sign" + UsageEncipherOnly KeyUsage = "encipher only" + UsageDecipherOnly KeyUsage = "decipher only" + UsageAny KeyUsage = "any" + UsageServerAuth KeyUsage = "server auth" + UsageClientAuth KeyUsage = "client auth" + UsageCodeSigning KeyUsage = "code signing" + UsageEmailProtection KeyUsage = "email protection" + UsageSMIME KeyUsage = "s/mime" + UsageIPsecEndSystem KeyUsage = "ipsec end system" + UsageIPsecTunnel KeyUsage = "ipsec tunnel" + UsageIPsecUser KeyUsage = "ipsec user" + UsageTimestamping KeyUsage = "timestamping" + UsageOCSPSigning KeyUsage = "ocsp signing" + UsageMicrosoftSGC KeyUsage = "microsoft sgc" + UsageNetscapeSGC KeyUsage = "netscape sgc" +) + +// Keystore specific secret keys +const ( + // PKCS12SecretKey is the name of the data entry in the Secret resource + // used to store the p12 file. + PKCS12SecretKey = "keystore.p12" + // Data Entry Name in the Secret resource for PKCS12 containing Certificate Authority + PKCS12TruststoreKey = "truststore.p12" + + // JKSSecretKey is the name of the data entry in the Secret resource + // used to store the jks file. + JKSSecretKey = "keystore.jks" + // Data Entry Name in the Secret resource for JKS containing Certificate Authority + JKSTruststoreKey = "truststore.jks" +) + +// DefaultKeyUsages contains the default list of key usages +func DefaultKeyUsages() []KeyUsage { + // The serverAuth EKU is required as of Mac OS Catalina: https://support.apple.com/en-us/HT210176 + // Without this usage, certificates will _always_ flag a warning in newer Mac OS browsers. + // We don't explicitly add it here as it leads to strange behaviour when a user sets isCA: true + // (in which case, 'serverAuth' on the CA can break a lot of clients). + // CAs can (and often do) opt to automatically add usages. + return []KeyUsage{UsageDigitalSignature, UsageKeyEncipherment} +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go new file mode 100644 index 00000000000..64e789443bb --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go @@ -0,0 +1,598 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// NOTE: Be mindful of adding OpenAPI validation- see https://github.com/cert-manager/cert-manager/issues/3644 + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// A Certificate resource should be created to ensure an up to date and signed +// X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. +// +// The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). +type Certificate struct { + metav1.TypeMeta `json:",inline"` + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Specification of the desired state of the Certificate resource. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + Spec CertificateSpec `json:"spec"` + + // Status of the Certificate. + // This is set and managed automatically. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + Status CertificateStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CertificateList is a list of Certificates. +type CertificateList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + + // List of Certificates + Items []Certificate `json:"items"` +} + +// +kubebuilder:validation:Enum=RSA;ECDSA;Ed25519 +type PrivateKeyAlgorithm string + +const ( + // RSA private key algorithm. + RSAKeyAlgorithm PrivateKeyAlgorithm = "RSA" + + // ECDSA private key algorithm. + ECDSAKeyAlgorithm PrivateKeyAlgorithm = "ECDSA" + + // Ed25519 private key algorithm. + Ed25519KeyAlgorithm PrivateKeyAlgorithm = "Ed25519" +) + +// +kubebuilder:validation:Enum=PKCS1;PKCS8 +type PrivateKeyEncoding string + +const ( + // PKCS1 private key encoding. + // PKCS1 produces a PEM block that contains the private key algorithm + // in the header and the private key in the body. A key that uses this + // can be recognised by its `BEGIN RSA PRIVATE KEY` or `BEGIN EC PRIVATE KEY` header. + // NOTE: This encoding is not supported for Ed25519 keys. Attempting to use + // this encoding with an Ed25519 key will be ignored and default to PKCS8. + PKCS1 PrivateKeyEncoding = "PKCS1" + + // PKCS8 private key encoding. + // PKCS8 produces a PEM block with a static header and both the private + // key algorithm and the private key in the body. A key that uses this + // encoding can be recognised by its `BEGIN PRIVATE KEY` header. + PKCS8 PrivateKeyEncoding = "PKCS8" +) + +// CertificateSpec defines the desired state of Certificate. +// +// NOTE: The specification contains a lot of "requested" certificate attributes, it is +// important to note that the issuer can choose to ignore or change any of +// these requested attributes. How the issuer maps a certificate request to a +// signed certificate is the full responsibility of the issuer itself. For example, +// as an edge case, an issuer that inverts the isCA value is free to do so. +// +// A valid Certificate requires at least one of a CommonName, LiteralSubject, DNSName, or +// URI to be valid. +type CertificateSpec struct { + // Requested set of X509 certificate subject attributes. + // More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + // + // The common name attribute is specified separately in the `commonName` field. + // Cannot be set if the `literalSubject` field is set. + // +optional + Subject *X509Subject `json:"subject,omitempty"` + + // Requested X.509 certificate subject, represented using the LDAP "String + // Representation of a Distinguished Name" [1]. + // Important: the LDAP string format also specifies the order of the attributes + // in the subject, this is important when issuing certs for LDAP authentication. + // Example: `CN=foo,DC=corp,DC=example,DC=com` + // More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 + // More info: https://github.com/cert-manager/cert-manager/issues/3203 + // More info: https://github.com/cert-manager/cert-manager/issues/4424 + // + // Cannot be set if the `subject` or `commonName` field is set. + // This is an Alpha Feature and is only enabled with the + // `--feature-gates=LiteralCertificateSubject=true` option set on both + // the controller and webhook components. + // +optional + LiteralSubject string `json:"literalSubject,omitempty"` + + // Requested common name X509 certificate subject attribute. + // More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + // NOTE: TLS clients will ignore this value when any subject alternative name is + // set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). + // + // Should have a length of 64 characters or fewer to avoid generating invalid CSRs. + // Cannot be set if the `literalSubject` field is set. + // +optional + CommonName string `json:"commonName,omitempty"` + + // Requested 'duration' (i.e. lifetime) of the Certificate. Note that the + // issuer may choose to ignore the requested duration, just like any other + // requested attribute. + // + // If unset, this defaults to 90 days. + // Minimum accepted duration is 1 hour. + // Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + // +optional + Duration *metav1.Duration `json:"duration,omitempty"` + + // How long before the currently issued certificate's expiry cert-manager should + // renew the certificate. For example, if a certificate is valid for 60 minutes, + // and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate + // 50 minutes after it was issued (i.e. when there are 10 minutes remaining until + // the certificate is no longer valid). + // + // NOTE: The actual lifetime of the issued certificate is used to determine the + // renewal time. If an issuer returns a certificate with a different lifetime than + // the one requested, cert-manager will use the lifetime of the issued certificate. + // + // If unset, this defaults to 1/3 of the issued certificate's lifetime. + // Minimum accepted value is 5 minutes. + // Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + // +optional + RenewBefore *metav1.Duration `json:"renewBefore,omitempty"` + + // Requested DNS subject alternative names. + // +optional + DNSNames []string `json:"dnsNames,omitempty"` + + // Requested IP address subject alternative names. + // +optional + IPAddresses []string `json:"ipAddresses,omitempty"` + + // Requested URI subject alternative names. + // +optional + URIs []string `json:"uris,omitempty"` + + // Requested email subject alternative names. + // +optional + EmailAddresses []string `json:"emailAddresses,omitempty"` + + // Name of the Secret resource that will be automatically created and + // managed by this Certificate resource. It will be populated with a + // private key and certificate, signed by the denoted issuer. The Secret + // resource lives in the same namespace as the Certificate resource. + SecretName string `json:"secretName"` + + // Defines annotations and labels to be copied to the Certificate's Secret. + // Labels and annotations on the Secret will be changed as they appear on the + // SecretTemplate when added or removed. SecretTemplate annotations are added + // in conjunction with, and cannot overwrite, the base set of annotations + // cert-manager sets on the Certificate's Secret. + // +optional + SecretTemplate *CertificateSecretTemplate `json:"secretTemplate,omitempty"` + + // Additional keystore output formats to be stored in the Certificate's Secret. + // +optional + Keystores *CertificateKeystores `json:"keystores,omitempty"` + + // Reference to the issuer responsible for issuing the certificate. + // If the issuer is namespace-scoped, it must be in the same namespace + // as the Certificate. If the issuer is cluster-scoped, it can be used + // from any namespace. + // + // The `name` field of the reference must always be specified. + IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + + // Requested basic constraints isCA value. + // The isCA value is used to set the `isCA` field on the created CertificateRequest + // resources. Note that the issuer may choose to ignore the requested isCA value, just + // like any other requested attribute. + // + // If true, this will automatically add the `cert sign` usage to the list + // of requested `usages`. + // +optional + IsCA bool `json:"isCA,omitempty"` + + // Requested key usages and extended key usages. + // These usages are used to set the `usages` field on the created CertificateRequest + // resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages + // will additionally be encoded in the `request` field which contains the CSR blob. + // + // If unset, defaults to `digital signature` and `key encipherment`. + // +optional + Usages []KeyUsage `json:"usages,omitempty"` + + // Private key options. These include the key algorithm and size, the used + // encoding and the rotation policy. + // +optional + PrivateKey *CertificatePrivateKey `json:"privateKey,omitempty"` + + // Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. + // + // This option defaults to true, and should only be disabled if the target + // issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions. + // +optional + EncodeUsagesInRequest *bool `json:"encodeUsagesInRequest,omitempty"` + + // The maximum number of CertificateRequest revisions that are maintained in + // the Certificate's history. Each revision represents a single `CertificateRequest` + // created by this Certificate, either when it was created, renewed, or Spec + // was changed. Revisions will be removed by oldest first if the number of + // revisions exceeds this number. + // + // If set, revisionHistoryLimit must be a value of `1` or greater. + // If unset (`nil`), revisions will not be garbage collected. + // Default value is `nil`. + // +optional + RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty"` + + // Defines extra output formats of the private key and signed certificate chain + // to be written to this Certificate's target Secret. + // + // This is an Alpha Feature and is only enabled with the + // `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both + // the controller and webhook components. + // +optional + AdditionalOutputFormats []CertificateAdditionalOutputFormat `json:"additionalOutputFormats,omitempty"` +} + +// CertificatePrivateKey contains configuration options for private keys +// used by the Certificate controller. +// These include the key algorithm and size, the used encoding and the +// rotation policy. +type CertificatePrivateKey struct { + // RotationPolicy controls how private keys should be regenerated when a + // re-issuance is being processed. + // + // If set to `Never`, a private key will only be generated if one does not + // already exist in the target `spec.secretName`. If one does exists but it + // does not have the correct algorithm or size, a warning will be raised + // to await user intervention. + // If set to `Always`, a private key matching the specified requirements + // will be generated whenever a re-issuance occurs. + // Default is `Never` for backward compatibility. + // +optional + RotationPolicy PrivateKeyRotationPolicy `json:"rotationPolicy,omitempty"` + + // The private key cryptography standards (PKCS) encoding for this + // certificate's private key to be encoded in. + // + // If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 + // and PKCS#8, respectively. + // Defaults to `PKCS1` if not specified. + // +optional + Encoding PrivateKeyEncoding `json:"encoding,omitempty"` + + // Algorithm is the private key algorithm of the corresponding private key + // for this certificate. + // + // If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. + // If `algorithm` is specified and `size` is not provided, + // key size of 2048 will be used for `RSA` key algorithm and + // key size of 256 will be used for `ECDSA` key algorithm. + // key size is ignored when using the `Ed25519` key algorithm. + // +optional + Algorithm PrivateKeyAlgorithm `json:"algorithm,omitempty"` + + // Size is the key bit size of the corresponding private key for this certificate. + // + // If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, + // and will default to `2048` if not specified. + // If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, + // and will default to `256` if not specified. + // If `algorithm` is set to `Ed25519`, Size is ignored. + // No other values are allowed. + // +optional + Size int `json:"size,omitempty"` +} + +// Denotes how private keys should be generated or sourced when a Certificate +// is being issued. +// +kubebuilder:validation:Enum=Never;Always +type PrivateKeyRotationPolicy string + +var ( + // RotationPolicyNever means a private key will only be generated if one + // does not already exist in the target `spec.secretName`. + // If one does exists but it does not have the correct algorithm or size, + // a warning will be raised to await user intervention. + RotationPolicyNever PrivateKeyRotationPolicy = "Never" + + // RotationPolicyAlways means a private key matching the specified + // requirements will be generated whenever a re-issuance occurs. + RotationPolicyAlways PrivateKeyRotationPolicy = "Always" +) + +// CertificateOutputFormatType specifies which additional output formats should +// be written to the Certificate's target Secret. +// Allowed values are `DER` or `CombinedPEM`. +// When Type is set to `DER` an additional entry `key.der` will be written to +// the Secret, containing the binary format of the private key. +// When Type is set to `CombinedPEM` an additional entry `tls-combined.pem` +// will be written to the Secret, containing the PEM formatted private key and +// signed certificate chain (tls.key + tls.crt concatenated). +// +kubebuilder:validation:Enum=DER;CombinedPEM +type CertificateOutputFormatType string + +const ( + // CertificateOutputFormatDERKey is the name of the data entry in the Secret + // resource used to store the DER formatted private key. + CertificateOutputFormatDERKey string = "key.der" + + // CertificateOutputFormatDER writes the Certificate's private key in DER + // binary format to the `key.der` target Secret Data key. + CertificateOutputFormatDER CertificateOutputFormatType = "DER" + + // CertificateOutputFormatCombinedPEMKey is the name of the data entry in the Secret + // resource used to store the combined PEM (key + signed certificate). + CertificateOutputFormatCombinedPEMKey string = "tls-combined.pem" + + // CertificateOutputFormatCombinedPEM writes the Certificate's signed + // certificate chain and private key, in PEM format, to the + // `tls-combined.pem` target Secret Data key. The value at this key will + // include the private key PEM document, followed by at least one new line + // character, followed by the chain of signed certificate PEM documents + // (` + \n + `). + CertificateOutputFormatCombinedPEM CertificateOutputFormatType = "CombinedPEM" +) + +// CertificateAdditionalOutputFormat defines an additional output format of a +// Certificate resource. These contain supplementary data formats of the signed +// certificate chain and paired private key. +type CertificateAdditionalOutputFormat struct { + // Type is the name of the format type that should be written to the + // Certificate's target Secret. + Type CertificateOutputFormatType `json:"type"` +} + +// X509Subject Full X509 name specification +type X509Subject struct { + // Organizations to be used on the Certificate. + // +optional + Organizations []string `json:"organizations,omitempty"` + // Countries to be used on the Certificate. + // +optional + Countries []string `json:"countries,omitempty"` + // Organizational Units to be used on the Certificate. + // +optional + OrganizationalUnits []string `json:"organizationalUnits,omitempty"` + // Cities to be used on the Certificate. + // +optional + Localities []string `json:"localities,omitempty"` + // State/Provinces to be used on the Certificate. + // +optional + Provinces []string `json:"provinces,omitempty"` + // Street addresses to be used on the Certificate. + // +optional + StreetAddresses []string `json:"streetAddresses,omitempty"` + // Postal codes to be used on the Certificate. + // +optional + PostalCodes []string `json:"postalCodes,omitempty"` + // Serial number to be used on the Certificate. + // +optional + SerialNumber string `json:"serialNumber,omitempty"` +} + +// CertificateKeystores configures additional keystore output formats to be +// created in the Certificate's output Secret. +type CertificateKeystores struct { + // JKS configures options for storing a JKS keystore in the + // `spec.secretName` Secret resource. + // +optional + JKS *JKSKeystore `json:"jks,omitempty"` + + // PKCS12 configures options for storing a PKCS12 keystore in the + // `spec.secretName` Secret resource. + // +optional + PKCS12 *PKCS12Keystore `json:"pkcs12,omitempty"` +} + +// JKS configures options for storing a JKS keystore in the `spec.secretName` +// Secret resource. +type JKSKeystore struct { + // Create enables JKS keystore creation for the Certificate. + // If true, a file named `keystore.jks` will be created in the target + // Secret resource, encrypted using the password stored in + // `passwordSecretRef`. + // The keystore file will be updated immediately. + // If the issuer provided a CA certificate, a file named `truststore.jks` + // will also be created in the target Secret resource, encrypted using the + // password stored in `passwordSecretRef` + // containing the issuing Certificate Authority + Create bool `json:"create"` + + // PasswordSecretRef is a reference to a key in a Secret resource + // containing the password used to encrypt the JKS keystore. + PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"` +} + +// PKCS12 configures options for storing a PKCS12 keystore in the +// `spec.secretName` Secret resource. +type PKCS12Keystore struct { + // Create enables PKCS12 keystore creation for the Certificate. + // If true, a file named `keystore.p12` will be created in the target + // Secret resource, encrypted using the password stored in + // `passwordSecretRef`. + // The keystore file will be updated immediately. + // If the issuer provided a CA certificate, a file named `truststore.p12` will + // also be created in the target Secret resource, encrypted using the + // password stored in `passwordSecretRef` containing the issuing Certificate + // Authority + Create bool `json:"create"` + + // PasswordSecretRef is a reference to a key in a Secret resource + // containing the password used to encrypt the PKCS12 keystore. + PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"` +} + +// CertificateStatus defines the observed state of Certificate +type CertificateStatus struct { + // List of status conditions to indicate the status of certificates. + // Known condition types are `Ready` and `Issuing`. + // +listType=map + // +listMapKey=type + // +optional + Conditions []CertificateCondition `json:"conditions,omitempty"` + + // LastFailureTime is set only if the lastest issuance for this + // Certificate failed and contains the time of the failure. If an + // issuance has failed, the delay till the next issuance will be + // calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - + // 1). If the latest issuance has succeeded this field will be unset. + // +optional + LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"` + + // The time after which the certificate stored in the secret named + // by this resource in `spec.secretName` is valid. + // +optional + NotBefore *metav1.Time `json:"notBefore,omitempty"` + + // The expiration time of the certificate stored in the secret named + // by this resource in `spec.secretName`. + // +optional + NotAfter *metav1.Time `json:"notAfter,omitempty"` + + // RenewalTime is the time at which the certificate will be next + // renewed. + // If not set, no upcoming renewal is scheduled. + // +optional + RenewalTime *metav1.Time `json:"renewalTime,omitempty"` + + // The current 'revision' of the certificate as issued. + // + // When a CertificateRequest resource is created, it will have the + // `cert-manager.io/certificate-revision` set to one greater than the + // current value of this field. + // + // Upon issuance, this field will be set to the value of the annotation + // on the CertificateRequest resource used to issue the certificate. + // + // Persisting the value on the CertificateRequest resource allows the + // certificates controller to know whether a request is part of an old + // issuance or if it is part of the ongoing revision's issuance by + // checking if the revision value in the annotation is greater than this + // field. + // +optional + Revision *int `json:"revision,omitempty"` + + // The name of the Secret resource containing the private key to be used + // for the next certificate iteration. + // The keymanager controller will automatically set this field if the + // `Issuing` condition is set to `True`. + // It will automatically unset this field when the Issuing condition is + // not set or False. + // +optional + NextPrivateKeySecretName *string `json:"nextPrivateKeySecretName,omitempty"` + + // The number of continuous failed issuance attempts up till now. This + // field gets removed (if set) on a successful issuance and gets set to + // 1 if unset and an issuance has failed. If an issuance has failed, the + // delay till the next issuance will be calculated using formula + // time.Hour * 2 ^ (failedIssuanceAttempts - 1). + // +optional + FailedIssuanceAttempts *int `json:"failedIssuanceAttempts,omitempty"` +} + +// CertificateCondition contains condition information for an Certificate. +type CertificateCondition struct { + // Type of the condition, known values are (`Ready`, `Issuing`). + Type CertificateConditionType `json:"type"` + + // Status of the condition, one of (`True`, `False`, `Unknown`). + Status cmmeta.ConditionStatus `json:"status"` + + // LastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + // +optional + LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` + + // Reason is a brief machine readable explanation for the condition's last + // transition. + // +optional + Reason string `json:"reason,omitempty"` + + // Message is a human readable description of the details of the last + // transition, complementing reason. + // +optional + Message string `json:"message,omitempty"` + + // If set, this represents the .metadata.generation that the condition was + // set based upon. + // For instance, if .metadata.generation is currently 12, but the + // .status.condition[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the Certificate. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` +} + +// CertificateConditionType represents an Certificate condition value. +type CertificateConditionType string + +const ( + // CertificateConditionReady indicates that a certificate is ready for use. + // This is defined as: + // - The target secret exists + // - The target secret contains a certificate that has not expired + // - The target secret contains a private key valid for the certificate + // - The commonName and dnsNames attributes match those specified on the Certificate + CertificateConditionReady CertificateConditionType = "Ready" + + // A condition added to Certificate resources when an issuance is required. + // This condition will be automatically added and set to true if: + // * No keypair data exists in the target Secret + // * The data stored in the Secret cannot be decoded + // * The private key and certificate do not have matching public keys + // * If a CertificateRequest for the current revision exists and the + // certificate data stored in the Secret does not match the + // `status.certificate` on the CertificateRequest. + // * If no CertificateRequest resource exists for the current revision, + // the options on the Certificate resource are compared against the + // X.509 data in the Secret, similar to what's done in earlier versions. + // If there is a mismatch, an issuance is triggered. + // This condition may also be added by external API consumers to trigger + // a re-issuance manually for any other reason. + // + // It will be removed by the 'issuing' controller upon completing issuance. + CertificateConditionIssuing CertificateConditionType = "Issuing" +) + +// CertificateSecretTemplate defines the default labels and annotations +// to be copied to the Kubernetes Secret resource named in `CertificateSpec.secretName`. +type CertificateSecretTemplate struct { + // Annotations is a key value map to be copied to the target Kubernetes Secret. + // +optional + Annotations map[string]string `json:"annotations,omitempty"` + + // Labels is a key value map to be copied to the target Kubernetes Secret. + // +optional + Labels map[string]string `json:"labels,omitempty"` +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go new file mode 100644 index 00000000000..59797c76c75 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go @@ -0,0 +1,249 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +const ( + // Pending indicates that a CertificateRequest is still in progress. + CertificateRequestReasonPending = "Pending" + + // Failed indicates that a CertificateRequest has failed permanently, + // either due to timing out or some other critical failure. + // The `status.failureTime` field should be set in this case. + CertificateRequestReasonFailed = "Failed" + + // Issued indicates that a CertificateRequest has been completed, and that + // the `status.certificate` field is set. + CertificateRequestReasonIssued = "Issued" + + // Denied is a Ready condition reason that indicates that a + // CertificateRequest has been denied, and the CertificateRequest will never + // be issued. + // The `status.failureTime` field should be set in this case. + CertificateRequestReasonDenied = "Denied" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// A CertificateRequest is used to request a signed certificate from one of the +// configured issuers. +// +// All fields within the CertificateRequest's `spec` are immutable after creation. +// A CertificateRequest will either succeed or fail, as denoted by its `Ready` status +// condition and its `status.failureTime` field. +// +// A CertificateRequest is a one-shot resource, meaning it represents a single +// point in time request for a certificate and cannot be re-used. +// +k8s:openapi-gen=true +type CertificateRequest struct { + metav1.TypeMeta `json:",inline"` + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Specification of the desired state of the CertificateRequest resource. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + Spec CertificateRequestSpec `json:"spec"` + + // Status of the CertificateRequest. + // This is set and managed automatically. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + Status CertificateRequestStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CertificateRequestList is a list of CertificateRequests. +type CertificateRequestList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + + // List of CertificateRequests + Items []CertificateRequest `json:"items"` +} + +// CertificateRequestSpec defines the desired state of CertificateRequest +// +// NOTE: It is important to note that the issuer can choose to ignore or change +// any of the requested attributes. How the issuer maps a certificate request +// to a signed certificate is the full responsibility of the issuer itself. +// For example, as an edge case, an issuer that inverts the isCA value is +// free to do so. +type CertificateRequestSpec struct { + // Requested 'duration' (i.e. lifetime) of the Certificate. Note that the + // issuer may choose to ignore the requested duration, just like any other + // requested attribute. + // +optional + Duration *metav1.Duration `json:"duration,omitempty"` + + // Reference to the issuer responsible for issuing the certificate. + // If the issuer is namespace-scoped, it must be in the same namespace + // as the Certificate. If the issuer is cluster-scoped, it can be used + // from any namespace. + // + // The `name` field of the reference must always be specified. + IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + + // The PEM-encoded X.509 certificate signing request to be submitted to the + // issuer for signing. + // + // If the CSR has a BasicConstraints extension, its isCA attribute must + // match the `isCA` value of this CertificateRequest. + // If the CSR has a KeyUsage extension, its key usages must match the + // key usages in the `usages` field of this CertificateRequest. + // If the CSR has a ExtKeyUsage extension, its extended key usages + // must match the extended key usages in the `usages` field of this + // CertificateRequest. + Request []byte `json:"request"` + + // Requested basic constraints isCA value. Note that the issuer may choose + // to ignore the requested isCA value, just like any other requested attribute. + // + // NOTE: If the CSR in the `Request` field has a BasicConstraints extension, + // it must have the same isCA value as specified here. + // + // If true, this will automatically add the `cert sign` usage to the list + // of requested `usages`. + // +optional + IsCA bool `json:"isCA,omitempty"` + + // Requested key usages and extended key usages. + // + // NOTE: If the CSR in the `Request` field has uses the KeyUsage or + // ExtKeyUsage extension, these extensions must have the same values + // as specified here without any additional values. + // + // If unset, defaults to `digital signature` and `key encipherment`. + // +optional + Usages []KeyUsage `json:"usages,omitempty"` + + // Username contains the name of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + // +optional + Username string `json:"username,omitempty"` + // UID contains the uid of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + // +optional + UID string `json:"uid,omitempty"` + // Groups contains group membership of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + // +listType=atomic + // +optional + Groups []string `json:"groups,omitempty"` + // Extra contains extra attributes of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + // +optional + Extra map[string][]string `json:"extra,omitempty"` +} + +// CertificateRequestStatus defines the observed state of CertificateRequest and +// resulting signed certificate. +type CertificateRequestStatus struct { + // List of status conditions to indicate the status of a CertificateRequest. + // Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. + // +listType=map + // +listMapKey=type + // +optional + Conditions []CertificateRequestCondition `json:"conditions,omitempty"` + + // The PEM encoded X.509 certificate resulting from the certificate + // signing request. + // If not set, the CertificateRequest has either not been completed or has + // failed. More information on failure can be found by checking the + // `conditions` field. + // +optional + Certificate []byte `json:"certificate,omitempty"` + + // The PEM encoded X.509 certificate of the signer, also known as the CA + // (Certificate Authority). + // This is set on a best-effort basis by different issuers. + // If not set, the CA is assumed to be unknown/not available. + // +optional + CA []byte `json:"ca,omitempty"` + + // FailureTime stores the time that this CertificateRequest failed. This is + // used to influence garbage collection and back-off. + // +optional + FailureTime *metav1.Time `json:"failureTime,omitempty"` +} + +// CertificateRequestCondition contains condition information for a CertificateRequest. +type CertificateRequestCondition struct { + // Type of the condition, known values are (`Ready`, `InvalidRequest`, + // `Approved`, `Denied`). + Type CertificateRequestConditionType `json:"type"` + + // Status of the condition, one of (`True`, `False`, `Unknown`). + Status cmmeta.ConditionStatus `json:"status"` + + // LastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + // +optional + LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` + + // Reason is a brief machine readable explanation for the condition's last + // transition. + // +optional + Reason string `json:"reason,omitempty"` + + // Message is a human readable description of the details of the last + // transition, complementing reason. + // +optional + Message string `json:"message,omitempty"` +} + +// CertificateRequestConditionType represents an Certificate condition value. +type CertificateRequestConditionType string + +const ( + // CertificateRequestConditionReady indicates that a certificate is ready for use. + // This is defined as: + // - The target certificate exists in CertificateRequest.Status + CertificateRequestConditionReady CertificateRequestConditionType = "Ready" + + // CertificateRequestConditionInvalidRequest indicates that a certificate + // signer has refused to sign the request due to at least one of the input + // parameters being invalid. Additional information about why the request + // was rejected can be found in the `reason` and `message` fields. + CertificateRequestConditionInvalidRequest CertificateRequestConditionType = "InvalidRequest" + + // CertificateRequestConditionApproved indicates that a certificate request + // is approved and ready for signing. Condition must never have a status of + // `False`, and cannot be modified once set. Cannot be set alongside + // `Denied`. + CertificateRequestConditionApproved CertificateRequestConditionType = "Approved" + + // CertificateRequestConditionDenied indicates that a certificate request is + // denied, and must never be signed. Condition must never have a status of + // `False`, and cannot be modified once set. Cannot be set alongside + // `Approved`. + CertificateRequestConditionDenied CertificateRequestConditionType = "Denied" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go new file mode 100644 index 00000000000..c901d9e7a40 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go @@ -0,0 +1,376 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// A ClusterIssuer represents a certificate issuing authority which can be +// referenced as part of `issuerRef` fields. +// It is similar to an Issuer, however it is cluster-scoped and therefore can +// be referenced by resources that exist in *any* namespace, not just the same +// namespace as the referent. +type ClusterIssuer struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Desired state of the ClusterIssuer resource. + Spec IssuerSpec `json:"spec"` + + // Status of the ClusterIssuer. This is set and managed automatically. + // +optional + Status IssuerStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterIssuerList is a list of Issuers +type ClusterIssuerList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ClusterIssuer `json:"items"` +} + +// +genclient +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion + +// An Issuer represents a certificate issuing authority which can be +// referenced as part of `issuerRef` fields. +// It is scoped to a single namespace and can therefore only be referenced by +// resources within the same namespace. +type Issuer struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Desired state of the Issuer resource. + Spec IssuerSpec `json:"spec"` + + // Status of the Issuer. This is set and managed automatically. + // +optional + Status IssuerStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// IssuerList is a list of Issuers +type IssuerList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []Issuer `json:"items"` +} + +// IssuerSpec is the specification of an Issuer. This includes any +// configuration required for the issuer. +type IssuerSpec struct { + IssuerConfig `json:",inline"` +} + +// The configuration for the issuer. +// Only one of these can be set. +type IssuerConfig struct { + // ACME configures this issuer to communicate with a RFC8555 (ACME) server + // to obtain signed x509 certificates. + // +optional + ACME *cmacme.ACMEIssuer `json:"acme,omitempty"` + + // CA configures this issuer to sign certificates using a signing CA keypair + // stored in a Secret resource. + // This is used to build internal PKIs that are managed by cert-manager. + // +optional + CA *CAIssuer `json:"ca,omitempty"` + + // Vault configures this issuer to sign certificates using a HashiCorp Vault + // PKI backend. + // +optional + Vault *VaultIssuer `json:"vault,omitempty"` + + // SelfSigned configures this issuer to 'self sign' certificates using the + // private key used to create the CertificateRequest object. + // +optional + SelfSigned *SelfSignedIssuer `json:"selfSigned,omitempty"` + + // Venafi configures this issuer to sign certificates using a Venafi TPP + // or Venafi Cloud policy zone. + // +optional + Venafi *VenafiIssuer `json:"venafi,omitempty"` +} + +// Configures an issuer to sign certificates using a Venafi TPP +// or Cloud policy zone. +type VenafiIssuer struct { + // Zone is the Venafi Policy Zone to use for this issuer. + // All requests made to the Venafi platform will be restricted by the named + // zone policy. + // This field is required. + Zone string `json:"zone"` + + // TPP specifies Trust Protection Platform configuration settings. + // Only one of TPP or Cloud may be specified. + // +optional + TPP *VenafiTPP `json:"tpp,omitempty"` + + // Cloud specifies the Venafi cloud configuration settings. + // Only one of TPP or Cloud may be specified. + // +optional + Cloud *VenafiCloud `json:"cloud,omitempty"` +} + +// VenafiTPP defines connection configuration details for a Venafi TPP instance +type VenafiTPP struct { + // URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, + // for example: "https://tpp.example.com/vedsdk". + URL string `json:"url"` + + // CredentialsRef is a reference to a Secret containing the username and + // password for the TPP server. + // The secret must contain two keys, 'username' and 'password'. + CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"` + + // Base64-encoded bundle of PEM CAs which will be used to validate the certificate + // chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. + // If undefined, the certificate bundle in the cert-manager controller container + // is used to validate the chain. + // +optional + CABundle []byte `json:"caBundle,omitempty"` +} + +// VenafiCloud defines connection configuration details for Venafi Cloud +type VenafiCloud struct { + // URL is the base URL for Venafi Cloud. + // Defaults to "https://api.venafi.cloud/v1". + // +optional + URL string `json:"url,omitempty"` + + // APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + APITokenSecretRef cmmeta.SecretKeySelector `json:"apiTokenSecretRef"` +} + +// Configures an issuer to 'self sign' certificates using the +// private key used to create the CertificateRequest object. +type SelfSignedIssuer struct { + // The CRL distribution points is an X.509 v3 certificate extension which identifies + // the location of the CRL from which the revocation of this certificate can be checked. + // If not set certificate will be issued without CDP. Values are strings. + // +optional + CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"` +} + +// Configures an issuer to sign certificates using a HashiCorp Vault +// PKI backend. +type VaultIssuer struct { + // Auth configures how cert-manager authenticates with the Vault server. + Auth VaultAuth `json:"auth"` + + // Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + Server string `json:"server"` + + // Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: + // "my_pki_mount/sign/my-role-name". + Path string `json:"path"` + + // Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" + // More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + // +optional + Namespace string `json:"namespace,omitempty"` + + // Base64-encoded bundle of PEM CAs which will be used to validate the certificate + // chain presented by Vault. Only used if using HTTPS to connect to Vault and + // ignored for HTTP connections. + // Mutually exclusive with CABundleSecretRef. + // If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + // the cert-manager controller container is used to validate the TLS connection. + // +optional + CABundle []byte `json:"caBundle,omitempty"` + + // Reference to a Secret containing a bundle of PEM-encoded CAs to use when + // verifying the certificate chain presented by Vault when using HTTPS. + // Mutually exclusive with CABundle. + // If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + // the cert-manager controller container is used to validate the TLS connection. + // If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + // +optional + CABundleSecretRef *cmmeta.SecretKeySelector `json:"caBundleSecretRef,omitempty"` +} + +// VaultAuth is configuration used to authenticate with a Vault server. The +// order of precedence is [`tokenSecretRef`, `appRole` or `kubernetes`]. +type VaultAuth struct { + // TokenSecretRef authenticates with Vault by presenting a token. + // +optional + TokenSecretRef *cmmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"` + + // AppRole authenticates with Vault using the App Role auth mechanism, + // with the role and secret stored in a Kubernetes Secret resource. + // +optional + AppRole *VaultAppRole `json:"appRole,omitempty"` + + // Kubernetes authenticates with Vault by passing the ServiceAccount + // token stored in the named Secret resource to the Vault server. + // +optional + Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"` +} + +// VaultAppRole authenticates with Vault using the App Role auth mechanism, +// with the role and secret stored in a Kubernetes Secret resource. +type VaultAppRole struct { + // Path where the App Role authentication backend is mounted in Vault, e.g: + // "approle" + Path string `json:"path"` + + // RoleID configured in the App Role authentication backend when setting + // up the authentication backend in Vault. + RoleId string `json:"roleId"` + + // Reference to a key in a Secret that contains the App Role secret used + // to authenticate with Vault. + // The `key` field must be specified and denotes which entry within the Secret + // resource is used as the app role secret. + SecretRef cmmeta.SecretKeySelector `json:"secretRef"` +} + +// Authenticate against Vault using a Kubernetes ServiceAccount token stored in +// a Secret. +type VaultKubernetesAuth struct { + // The Vault mountPath here is the mount path to use when authenticating with + // Vault. For example, setting a value to `/v1/auth/foo`, will use the path + // `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the + // default value "/v1/auth/kubernetes" will be used. + // +optional + Path string `json:"mountPath,omitempty"` + + // The required Secret field containing a Kubernetes ServiceAccount JWT used + // for authenticating with Vault. Use of 'ambient credentials' is not + // supported. + // +optional + SecretRef cmmeta.SecretKeySelector `json:"secretRef,omitempty"` + // Note: we don't use a pointer here for backwards compatibility. + + // A reference to a service account that will be used to request a bound + // token (also known as "projected token"). Compared to using "secretRef", + // using this field means that you don't rely on statically bound tokens. To + // use this field, you must configure an RBAC rule to let cert-manager + // request a token. + // +optional + ServiceAccountRef *ServiceAccountRef `json:"serviceAccountRef,omitempty"` + + // A required field containing the Vault Role to assume. A Role binds a + // Kubernetes ServiceAccount with a set of Vault policies. + Role string `json:"role"` +} + +// ServiceAccountRef is a service account used by cert-manager to request a +// token. The audience cannot be configured. The audience is generated by +// cert-manager and takes the form `vault://namespace-name/issuer-name` for an +// Issuer and `vault://issuer-name` for a ClusterIssuer. The expiration of the +// token is also set by cert-manager to 10 minutes. +type ServiceAccountRef struct { + // Name of the ServiceAccount used to request a token. + Name string `json:"name"` +} + +type CAIssuer struct { + // SecretName is the name of the secret used to sign Certificates issued + // by this Issuer. + SecretName string `json:"secretName"` + + // The CRL distribution points is an X.509 v3 certificate extension which identifies + // the location of the CRL from which the revocation of this certificate can be checked. + // If not set, certificates will be issued without distribution points set. + // +optional + CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"` + + // The OCSP server list is an X.509 v3 extension that defines a list of + // URLs of OCSP responders. The OCSP responders can be queried for the + // revocation status of an issued certificate. If not set, the + // certificate will be issued with no OCSP servers set. For example, an + // OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + // +optional + OCSPServers []string `json:"ocspServers,omitempty"` +} + +// IssuerStatus contains status information about an Issuer +type IssuerStatus struct { + // List of status conditions to indicate the status of a CertificateRequest. + // Known condition types are `Ready`. + // +listType=map + // +listMapKey=type + // +optional + Conditions []IssuerCondition `json:"conditions,omitempty"` + + // ACME specific status options. + // This field should only be set if the Issuer is configured to use an ACME + // server to issue certificates. + // +optional + ACME *cmacme.ACMEIssuerStatus `json:"acme,omitempty"` +} + +// IssuerCondition contains condition information for an Issuer. +type IssuerCondition struct { + // Type of the condition, known values are (`Ready`). + Type IssuerConditionType `json:"type"` + + // Status of the condition, one of (`True`, `False`, `Unknown`). + Status cmmeta.ConditionStatus `json:"status"` + + // LastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + // +optional + LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` + + // Reason is a brief machine readable explanation for the condition's last + // transition. + // +optional + Reason string `json:"reason,omitempty"` + + // Message is a human readable description of the details of the last + // transition, complementing reason. + // +optional + Message string `json:"message,omitempty"` + + // If set, this represents the .metadata.generation that the condition was + // set based upon. + // For instance, if .metadata.generation is currently 12, but the + // .status.condition[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the Issuer. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` +} + +// IssuerConditionType represents an Issuer condition value. +type IssuerConditionType string + +const ( + // IssuerConditionReady represents the fact that a given Issuer condition + // is in ready state and able to issue certificates. + // If the `status` of this condition is `False`, CertificateRequest controllers + // should prevent attempts to sign certificates. + IssuerConditionReady IssuerConditionType = "Ready" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..8ba5ea3aaf6 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go @@ -0,0 +1,1047 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + apismetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CAIssuer) DeepCopyInto(out *CAIssuer) { + *out = *in + if in.CRLDistributionPoints != nil { + in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.OCSPServers != nil { + in, out := &in.OCSPServers, &out.OCSPServers + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAIssuer. +func (in *CAIssuer) DeepCopy() *CAIssuer { + if in == nil { + return nil + } + out := new(CAIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Certificate) DeepCopyInto(out *Certificate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate. +func (in *Certificate) DeepCopy() *Certificate { + if in == nil { + return nil + } + out := new(Certificate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Certificate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateAdditionalOutputFormat) DeepCopyInto(out *CertificateAdditionalOutputFormat) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAdditionalOutputFormat. +func (in *CertificateAdditionalOutputFormat) DeepCopy() *CertificateAdditionalOutputFormat { + if in == nil { + return nil + } + out := new(CertificateAdditionalOutputFormat) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition) { + *out = *in + if in.LastTransitionTime != nil { + in, out := &in.LastTransitionTime, &out.LastTransitionTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition. +func (in *CertificateCondition) DeepCopy() *CertificateCondition { + if in == nil { + return nil + } + out := new(CertificateCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateKeystores) DeepCopyInto(out *CertificateKeystores) { + *out = *in + if in.JKS != nil { + in, out := &in.JKS, &out.JKS + *out = new(JKSKeystore) + **out = **in + } + if in.PKCS12 != nil { + in, out := &in.PKCS12, &out.PKCS12 + *out = new(PKCS12Keystore) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateKeystores. +func (in *CertificateKeystores) DeepCopy() *CertificateKeystores { + if in == nil { + return nil + } + out := new(CertificateKeystores) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateList) DeepCopyInto(out *CertificateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Certificate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList. +func (in *CertificateList) DeepCopy() *CertificateList { + if in == nil { + return nil + } + out := new(CertificateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CertificateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificatePrivateKey) DeepCopyInto(out *CertificatePrivateKey) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificatePrivateKey. +func (in *CertificatePrivateKey) DeepCopy() *CertificatePrivateKey { + if in == nil { + return nil + } + out := new(CertificatePrivateKey) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequest. +func (in *CertificateRequest) DeepCopy() *CertificateRequest { + if in == nil { + return nil + } + out := new(CertificateRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CertificateRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequestCondition) DeepCopyInto(out *CertificateRequestCondition) { + *out = *in + if in.LastTransitionTime != nil { + in, out := &in.LastTransitionTime, &out.LastTransitionTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestCondition. +func (in *CertificateRequestCondition) DeepCopy() *CertificateRequestCondition { + if in == nil { + return nil + } + out := new(CertificateRequestCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CertificateRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestList. +func (in *CertificateRequestList) DeepCopy() *CertificateRequestList { + if in == nil { + return nil + } + out := new(CertificateRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CertificateRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec) { + *out = *in + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(metav1.Duration) + **out = **in + } + out.IssuerRef = in.IssuerRef + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.Usages != nil { + in, out := &in.Usages, &out.Usages + *out = make([]KeyUsage, len(*in)) + copy(*out, *in) + } + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string][]string, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make([]string, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestSpec. +func (in *CertificateRequestSpec) DeepCopy() *CertificateRequestSpec { + if in == nil { + return nil + } + out := new(CertificateRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]CertificateRequestCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Certificate != nil { + in, out := &in.Certificate, &out.Certificate + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.CA != nil { + in, out := &in.CA, &out.CA + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.FailureTime != nil { + in, out := &in.FailureTime, &out.FailureTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestStatus. +func (in *CertificateRequestStatus) DeepCopy() *CertificateRequestStatus { + if in == nil { + return nil + } + out := new(CertificateRequestStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateSecretTemplate) DeepCopyInto(out *CertificateSecretTemplate) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSecretTemplate. +func (in *CertificateSecretTemplate) DeepCopy() *CertificateSecretTemplate { + if in == nil { + return nil + } + out := new(CertificateSecretTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) { + *out = *in + if in.Subject != nil { + in, out := &in.Subject, &out.Subject + *out = new(X509Subject) + (*in).DeepCopyInto(*out) + } + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(metav1.Duration) + **out = **in + } + if in.RenewBefore != nil { + in, out := &in.RenewBefore, &out.RenewBefore + *out = new(metav1.Duration) + **out = **in + } + if in.DNSNames != nil { + in, out := &in.DNSNames, &out.DNSNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IPAddresses != nil { + in, out := &in.IPAddresses, &out.IPAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.URIs != nil { + in, out := &in.URIs, &out.URIs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.EmailAddresses != nil { + in, out := &in.EmailAddresses, &out.EmailAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.SecretTemplate != nil { + in, out := &in.SecretTemplate, &out.SecretTemplate + *out = new(CertificateSecretTemplate) + (*in).DeepCopyInto(*out) + } + if in.Keystores != nil { + in, out := &in.Keystores, &out.Keystores + *out = new(CertificateKeystores) + (*in).DeepCopyInto(*out) + } + out.IssuerRef = in.IssuerRef + if in.Usages != nil { + in, out := &in.Usages, &out.Usages + *out = make([]KeyUsage, len(*in)) + copy(*out, *in) + } + if in.PrivateKey != nil { + in, out := &in.PrivateKey, &out.PrivateKey + *out = new(CertificatePrivateKey) + **out = **in + } + if in.EncodeUsagesInRequest != nil { + in, out := &in.EncodeUsagesInRequest, &out.EncodeUsagesInRequest + *out = new(bool) + **out = **in + } + if in.RevisionHistoryLimit != nil { + in, out := &in.RevisionHistoryLimit, &out.RevisionHistoryLimit + *out = new(int32) + **out = **in + } + if in.AdditionalOutputFormats != nil { + in, out := &in.AdditionalOutputFormats, &out.AdditionalOutputFormats + *out = make([]CertificateAdditionalOutputFormat, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec. +func (in *CertificateSpec) DeepCopy() *CertificateSpec { + if in == nil { + return nil + } + out := new(CertificateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]CertificateCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LastFailureTime != nil { + in, out := &in.LastFailureTime, &out.LastFailureTime + *out = (*in).DeepCopy() + } + if in.NotBefore != nil { + in, out := &in.NotBefore, &out.NotBefore + *out = (*in).DeepCopy() + } + if in.NotAfter != nil { + in, out := &in.NotAfter, &out.NotAfter + *out = (*in).DeepCopy() + } + if in.RenewalTime != nil { + in, out := &in.RenewalTime, &out.RenewalTime + *out = (*in).DeepCopy() + } + if in.Revision != nil { + in, out := &in.Revision, &out.Revision + *out = new(int) + **out = **in + } + if in.NextPrivateKeySecretName != nil { + in, out := &in.NextPrivateKeySecretName, &out.NextPrivateKeySecretName + *out = new(string) + **out = **in + } + if in.FailedIssuanceAttempts != nil { + in, out := &in.FailedIssuanceAttempts, &out.FailedIssuanceAttempts + *out = new(int) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus. +func (in *CertificateStatus) DeepCopy() *CertificateStatus { + if in == nil { + return nil + } + out := new(CertificateStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterIssuer) DeepCopyInto(out *ClusterIssuer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuer. +func (in *ClusterIssuer) DeepCopy() *ClusterIssuer { + if in == nil { + return nil + } + out := new(ClusterIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterIssuer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterIssuerList) DeepCopyInto(out *ClusterIssuerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterIssuer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterIssuerList. +func (in *ClusterIssuerList) DeepCopy() *ClusterIssuerList { + if in == nil { + return nil + } + out := new(ClusterIssuerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterIssuerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Issuer) DeepCopyInto(out *Issuer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer. +func (in *Issuer) DeepCopy() *Issuer { + if in == nil { + return nil + } + out := new(Issuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Issuer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerCondition) DeepCopyInto(out *IssuerCondition) { + *out = *in + if in.LastTransitionTime != nil { + in, out := &in.LastTransitionTime, &out.LastTransitionTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerCondition. +func (in *IssuerCondition) DeepCopy() *IssuerCondition { + if in == nil { + return nil + } + out := new(IssuerCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig) { + *out = *in + if in.ACME != nil { + in, out := &in.ACME, &out.ACME + *out = new(acmev1.ACMEIssuer) + (*in).DeepCopyInto(*out) + } + if in.CA != nil { + in, out := &in.CA, &out.CA + *out = new(CAIssuer) + (*in).DeepCopyInto(*out) + } + if in.Vault != nil { + in, out := &in.Vault, &out.Vault + *out = new(VaultIssuer) + (*in).DeepCopyInto(*out) + } + if in.SelfSigned != nil { + in, out := &in.SelfSigned, &out.SelfSigned + *out = new(SelfSignedIssuer) + (*in).DeepCopyInto(*out) + } + if in.Venafi != nil { + in, out := &in.Venafi, &out.Venafi + *out = new(VenafiIssuer) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerConfig. +func (in *IssuerConfig) DeepCopy() *IssuerConfig { + if in == nil { + return nil + } + out := new(IssuerConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerList) DeepCopyInto(out *IssuerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Issuer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerList. +func (in *IssuerList) DeepCopy() *IssuerList { + if in == nil { + return nil + } + out := new(IssuerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IssuerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerSpec) DeepCopyInto(out *IssuerSpec) { + *out = *in + in.IssuerConfig.DeepCopyInto(&out.IssuerConfig) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerSpec. +func (in *IssuerSpec) DeepCopy() *IssuerSpec { + if in == nil { + return nil + } + out := new(IssuerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IssuerStatus) DeepCopyInto(out *IssuerStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]IssuerCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ACME != nil { + in, out := &in.ACME, &out.ACME + *out = new(acmev1.ACMEIssuerStatus) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerStatus. +func (in *IssuerStatus) DeepCopy() *IssuerStatus { + if in == nil { + return nil + } + out := new(IssuerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *JKSKeystore) DeepCopyInto(out *JKSKeystore) { + *out = *in + out.PasswordSecretRef = in.PasswordSecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JKSKeystore. +func (in *JKSKeystore) DeepCopy() *JKSKeystore { + if in == nil { + return nil + } + out := new(JKSKeystore) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKCS12Keystore) DeepCopyInto(out *PKCS12Keystore) { + *out = *in + out.PasswordSecretRef = in.PasswordSecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKCS12Keystore. +func (in *PKCS12Keystore) DeepCopy() *PKCS12Keystore { + if in == nil { + return nil + } + out := new(PKCS12Keystore) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SelfSignedIssuer) DeepCopyInto(out *SelfSignedIssuer) { + *out = *in + if in.CRLDistributionPoints != nil { + in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSignedIssuer. +func (in *SelfSignedIssuer) DeepCopy() *SelfSignedIssuer { + if in == nil { + return nil + } + out := new(SelfSignedIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountRef. +func (in *ServiceAccountRef) DeepCopy() *ServiceAccountRef { + if in == nil { + return nil + } + out := new(ServiceAccountRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole) { + *out = *in + out.SecretRef = in.SecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole. +func (in *VaultAppRole) DeepCopy() *VaultAppRole { + if in == nil { + return nil + } + out := new(VaultAppRole) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultAuth) DeepCopyInto(out *VaultAuth) { + *out = *in + if in.TokenSecretRef != nil { + in, out := &in.TokenSecretRef, &out.TokenSecretRef + *out = new(apismetav1.SecretKeySelector) + **out = **in + } + if in.AppRole != nil { + in, out := &in.AppRole, &out.AppRole + *out = new(VaultAppRole) + **out = **in + } + if in.Kubernetes != nil { + in, out := &in.Kubernetes, &out.Kubernetes + *out = new(VaultKubernetesAuth) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth. +func (in *VaultAuth) DeepCopy() *VaultAuth { + if in == nil { + return nil + } + out := new(VaultAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultIssuer) DeepCopyInto(out *VaultIssuer) { + *out = *in + in.Auth.DeepCopyInto(&out.Auth) + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.CABundleSecretRef != nil { + in, out := &in.CABundleSecretRef, &out.CABundleSecretRef + *out = new(apismetav1.SecretKeySelector) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIssuer. +func (in *VaultIssuer) DeepCopy() *VaultIssuer { + if in == nil { + return nil + } + out := new(VaultIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth) { + *out = *in + out.SecretRef = in.SecretRef + if in.ServiceAccountRef != nil { + in, out := &in.ServiceAccountRef, &out.ServiceAccountRef + *out = new(ServiceAccountRef) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth. +func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth { + if in == nil { + return nil + } + out := new(VaultKubernetesAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VenafiCloud) DeepCopyInto(out *VenafiCloud) { + *out = *in + out.APITokenSecretRef = in.APITokenSecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiCloud. +func (in *VenafiCloud) DeepCopy() *VenafiCloud { + if in == nil { + return nil + } + out := new(VenafiCloud) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VenafiIssuer) DeepCopyInto(out *VenafiIssuer) { + *out = *in + if in.TPP != nil { + in, out := &in.TPP, &out.TPP + *out = new(VenafiTPP) + (*in).DeepCopyInto(*out) + } + if in.Cloud != nil { + in, out := &in.Cloud, &out.Cloud + *out = new(VenafiCloud) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiIssuer. +func (in *VenafiIssuer) DeepCopy() *VenafiIssuer { + if in == nil { + return nil + } + out := new(VenafiIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VenafiTPP) DeepCopyInto(out *VenafiTPP) { + *out = *in + out.CredentialsRef = in.CredentialsRef + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VenafiTPP. +func (in *VenafiTPP) DeepCopy() *VenafiTPP { + if in == nil { + return nil + } + out := new(VenafiTPP) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *X509Subject) DeepCopyInto(out *X509Subject) { + *out = *in + if in.Organizations != nil { + in, out := &in.Organizations, &out.Organizations + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Countries != nil { + in, out := &in.Countries, &out.Countries + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.OrganizationalUnits != nil { + in, out := &in.OrganizationalUnits, &out.OrganizationalUnits + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Localities != nil { + in, out := &in.Localities, &out.Localities + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Provinces != nil { + in, out := &in.Provinces, &out.Provinces + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.StreetAddresses != nil { + in, out := &in.StreetAddresses, &out.StreetAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.PostalCodes != nil { + in, out := &in.PostalCodes, &out.PostalCodes + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509Subject. +func (in *X509Subject) DeepCopy() *X509Subject { + if in == nil { + return nil + } + out := new(X509Subject) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go new file mode 100644 index 00000000000..f391663af4e --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +groupName=meta.cert-manager.io + +// Package meta contains meta types for cert-manager APIs +package meta + +const GroupName = "meta.cert-manager.io" diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go new file mode 100644 index 00000000000..9a673685d6e --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1 contains meta types for cert-manager APIs +// +k8s:deepcopy-gen=package +// +gencrdrefdocs:force +// +groupName=meta.cert-manager.io +package v1 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/register.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/register.go new file mode 100644 index 00000000000..d3c19886e40 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/register.go @@ -0,0 +1,51 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta" +) + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: cmmeta.GroupName, Version: "v1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + // No types to register in the meta group + return nil +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go new file mode 100644 index 00000000000..24e72d15ffd --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go @@ -0,0 +1,79 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +// ConditionStatus represents a condition's status. +// +kubebuilder:validation:Enum=True;False;Unknown +type ConditionStatus string + +// These are valid condition statuses. "ConditionTrue" means a resource is in +// the condition; "ConditionFalse" means a resource is not in the condition; +// "ConditionUnknown" means kubernetes can't decide if a resource is in the +// condition or not. In the future, we could add other intermediate +// conditions, e.g. ConditionDegraded. +const ( + // ConditionTrue represents the fact that a given condition is true + ConditionTrue ConditionStatus = "True" + + // ConditionFalse represents the fact that a given condition is false + ConditionFalse ConditionStatus = "False" + + // ConditionUnknown represents the fact that a given condition is unknown + ConditionUnknown ConditionStatus = "Unknown" +) + +// A reference to an object in the same namespace as the referent. +// If the referent is a cluster-scoped resource (e.g. a ClusterIssuer), +// the reference instead refers to the resource with the given name in the +// configured 'cluster resource namespace', which is set as a flag on the +// controller component (and defaults to the namespace that cert-manager +// runs in). +type LocalObjectReference struct { + // Name of the resource being referred to. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Name string `json:"name"` +} + +// ObjectReference is a reference to an object with a given name, kind and group. +type ObjectReference struct { + // Name of the resource being referred to. + Name string `json:"name"` + // Kind of the resource being referred to. + // +optional + Kind string `json:"kind,omitempty"` + // Group of the resource being referred to. + // +optional + Group string `json:"group,omitempty"` +} + +// A reference to a specific 'key' within a Secret resource. +// In some instances, `key` is a required field. +type SecretKeySelector struct { + // The name of the Secret resource being referred to. + LocalObjectReference `json:",inline"` + + // The key of the entry in the Secret resource's `data` field to be used. + // Some instances of this field may be defaulted, in others it may be + // required. + // +optional + Key string `json:"key,omitempty"` +} + +const ( + // Used as a data key in Secret resources to store a CA certificate. + TLSCAKey = "ca.crt" +) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..9fa10e5e665 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go @@ -0,0 +1,71 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference. +func (in *LocalObjectReference) DeepCopy() *LocalObjectReference { + if in == nil { + return nil + } + out := new(LocalObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. +func (in *ObjectReference) DeepCopy() *ObjectReference { + if in == nil { + return nil + } + out := new(ObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in + out.LocalObjectReference = in.LocalObjectReference + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 340eeb03618..a7a6ec71b1c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -31,6 +31,14 @@ github.com/census-instrumentation/opencensus-proto/gen-go/agent/trace/v1 github.com/census-instrumentation/opencensus-proto/gen-go/metrics/v1 github.com/census-instrumentation/opencensus-proto/gen-go/resource/v1 github.com/census-instrumentation/opencensus-proto/gen-go/trace/v1 +# github.com/cert-manager/cert-manager v1.13.3 +## explicit; go 1.20 +github.com/cert-manager/cert-manager/pkg/apis/acme +github.com/cert-manager/cert-manager/pkg/apis/acme/v1 +github.com/cert-manager/cert-manager/pkg/apis/certmanager +github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1 +github.com/cert-manager/cert-manager/pkg/apis/meta +github.com/cert-manager/cert-manager/pkg/apis/meta/v1 # github.com/cespare/xxhash/v2 v2.3.0 ## explicit; go 1.11 github.com/cespare/xxhash/v2 @@ -79,7 +87,7 @@ github.com/cloudevents/sdk-go/v2/types # github.com/coreos/go-oidc/v3 v3.9.0 ## explicit; go 1.19 github.com/coreos/go-oidc/v3/oidc -# github.com/davecgh/go-spew v1.1.1 +# github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc ## explicit github.com/davecgh/go-spew/spew # github.com/eclipse/paho.golang v0.12.0 @@ -233,7 +241,7 @@ github.com/phayes/freeport # github.com/pkg/errors v0.9.1 ## explicit github.com/pkg/errors -# github.com/pmezard/go-difflib v1.0.0 +# github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 ## explicit github.com/pmezard/go-difflib/difflib # github.com/prometheus/client_golang v1.19.1 @@ -1259,6 +1267,9 @@ knative.dev/reconciler-test/pkg/resources/serviceaccount knative.dev/reconciler-test/pkg/state knative.dev/reconciler-test/pkg/tracing knative.dev/reconciler-test/resources/certificate +# sigs.k8s.io/gateway-api v0.8.0 +## explicit; go 1.20 +sigs.k8s.io/gateway-api/apis/v1beta1 # sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd ## explicit; go 1.18 sigs.k8s.io/json diff --git a/vendor/sigs.k8s.io/gateway-api/LICENSE b/vendor/sigs.k8s.io/gateway-api/LICENSE new file mode 100644 index 00000000000..a5949bd7a2f --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2020 The Kubernetes Authors + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/doc.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/doc.go new file mode 100644 index 00000000000..328100aee81 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta1 contains API Schema definitions for the +// gateway.networking.k8s.io API group. +// +// +kubebuilder:object:generate=true +// +groupName=gateway.networking.k8s.io +package v1beta1 diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gateway_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gateway_types.go new file mode 100644 index 00000000000..033c1c2a16a --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gateway_types.go @@ -0,0 +1,946 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=gateway-api,shortName=gtw +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Class",type=string,JSONPath=`.spec.gatewayClassName` +// +kubebuilder:printcolumn:name="Address",type=string,JSONPath=`.status.addresses[*].value` +// +kubebuilder:printcolumn:name="Programmed",type=string,JSONPath=`.status.conditions[?(@.type=="Programmed")].status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` + +// Gateway represents an instance of a service-traffic handling infrastructure +// by binding Listeners to a set of IP addresses. +type Gateway struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of Gateway. + Spec GatewaySpec `json:"spec"` + + // Status defines the current state of Gateway. + // + // +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"},{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}} + Status GatewayStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// GatewayList contains a list of Gateways. +type GatewayList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Gateway `json:"items"` +} + +// GatewaySpec defines the desired state of Gateway. +// +// Not all possible combinations of options specified in the Spec are +// valid. Some invalid configurations can be caught synchronously via a +// webhook, but there are many cases that will require asynchronous +// signaling via the GatewayStatus block. +type GatewaySpec struct { + // GatewayClassName used for this Gateway. This is the name of a + // GatewayClass resource. + GatewayClassName ObjectName `json:"gatewayClassName"` + + // Listeners associated with this Gateway. Listeners define + // logical endpoints that are bound on this Gateway's addresses. + // At least one Listener MUST be specified. + // + // Each listener in a Gateway must have a unique combination of Hostname, + // Port, and Protocol. + // + // Within the HTTP Conformance Profile, the below combinations of port and + // protocol are considered Core and MUST be supported: + // + // 1. Port: 80, Protocol: HTTP + // 2. Port: 443, Protocol: HTTPS + // + // Within the TLS Conformance Profile, the below combinations of port and + // protocol are considered Core and MUST be supported: + // + // 1. Port: 443, Protocol: TLS + // + // Port and protocol combinations not listed above are considered Extended. + // + // An implementation MAY group Listeners by Port and then collapse each + // group of Listeners into a single Listener if the implementation + // determines that the Listeners in the group are "compatible". An + // implementation MAY also group together and collapse compatible + // Listeners belonging to different Gateways. + // + // For example, an implementation might consider Listeners to be + // compatible with each other if all of the following conditions are + // met: + // + // 1. Either each Listener within the group specifies the "HTTP" + // Protocol or each Listener within the group specifies either + // the "HTTPS" or "TLS" Protocol. + // + // 2. Each Listener within the group specifies a Hostname that is unique + // within the group. + // + // 3. As a special case, one Listener within a group may omit Hostname, + // in which case this Listener matches when no other Listener + // matches. + // + // If the implementation does collapse compatible Listeners, the + // hostname provided in the incoming client request MUST be + // matched to a Listener to find the correct set of Routes. + // The incoming hostname MUST be matched using the Hostname + // field for each Listener in order of most to least specific. + // That is, exact matches must be processed before wildcard + // matches. + // + // If this field specifies multiple Listeners that have the same + // Port value but are not compatible, the implementation must raise + // a "Conflicted" condition in the Listener status. + // + // Support: Core + // + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=64 + // +kubebuilder:validation:XValidation:message="tls must be specified for protocols ['HTTPS', 'TLS']",rule="self.all(l, l.protocol in ['HTTPS', 'TLS'] ? has(l.tls) : true)" + // +kubebuilder:validation:XValidation:message="tls must not be specified for protocols ['HTTP', 'TCP', 'UDP']",rule="self.all(l, l.protocol in ['HTTP', 'TCP', 'UDP'] ? !has(l.tls) : true)" + // +kubebuilder:validation:XValidation:message="hostname must not be specified for protocols ['TCP', 'UDP']",rule="self.all(l, l.protocol in ['TCP', 'UDP'] ? (!has(l.hostname) || l.hostname == '') : true)" + // +kubebuilder:validation:XValidation:message="Listener name must be unique within the Gateway",rule="self.all(l1, self.exists_one(l2, l1.name == l2.name))" + // +kubebuilder:validation:XValidation:message="Combination of port, protocol and hostname must be unique for each listener",rule="self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : true)))" + Listeners []Listener `json:"listeners"` + + // Addresses requested for this Gateway. This is optional and behavior can + // depend on the implementation. If a value is set in the spec and the + // requested address is invalid or unavailable, the implementation MUST + // indicate this in the associated entry in GatewayStatus.Addresses. + // + // The Addresses field represents a request for the address(es) on the + // "outside of the Gateway", that traffic bound for this Gateway will use. + // This could be the IP address or hostname of an external load balancer or + // other networking infrastructure, or some other address that traffic will + // be sent to. + // + // The .listener.hostname field is used to route traffic that has already + // arrived at the Gateway to the correct in-cluster destination. + // + // If no Addresses are specified, the implementation MAY schedule the + // Gateway in an implementation-specific manner, assigning an appropriate + // set of Addresses. + // + // The implementation MUST bind all Listeners to every GatewayAddress that + // it assigns to the Gateway and add a corresponding entry in + // GatewayStatus.Addresses. + // + // Support: Extended + // + // +optional + // + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:message="IPAddress values must be unique",rule="self.all(a1, a1.type == 'IPAddress' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + // +kubebuilder:validation:XValidation:message="Hostname values must be unique",rule="self.all(a1, a1.type == 'Hostname' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + Addresses []GatewayAddress `json:"addresses,omitempty"` +} + +// Listener embodies the concept of a logical endpoint where a Gateway accepts +// network connections. +type Listener struct { + // Name is the name of the Listener. This name MUST be unique within a + // Gateway. + // + // Support: Core + Name SectionName `json:"name"` + + // Hostname specifies the virtual hostname to match for protocol types that + // define this concept. When unspecified, all hostnames are matched. This + // field is ignored for protocols that don't require hostname based + // matching. + // + // Implementations MUST apply Hostname matching appropriately for each of + // the following protocols: + // + // * TLS: The Listener Hostname MUST match the SNI. + // * HTTP: The Listener Hostname MUST match the Host header of the request. + // * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP + // protocol layers as described above. If an implementation does not + // ensure that both the SNI and Host header match the Listener hostname, + // it MUST clearly document that. + // + // For HTTPRoute and TLSRoute resources, there is an interaction with the + // `spec.hostnames` array. When both listener and route specify hostnames, + // there MUST be an intersection between the values for a Route to be + // accepted. For more information, refer to the Route specific Hostnames + // documentation. + // + // Hostnames that are prefixed with a wildcard label (`*.`) are interpreted + // as a suffix match. That means that a match for `*.example.com` would match + // both `test.example.com`, and `foo.test.example.com`, but not `example.com`. + // + // Support: Core + // + // +optional + Hostname *Hostname `json:"hostname,omitempty"` + + // Port is the network port. Multiple listeners may use the + // same port, subject to the Listener compatibility rules. + // + // Support: Core + Port PortNumber `json:"port"` + + // Protocol specifies the network protocol this listener expects to receive. + // + // Support: Core + Protocol ProtocolType `json:"protocol"` + + // TLS is the TLS configuration for the Listener. This field is required if + // the Protocol field is "HTTPS" or "TLS". It is invalid to set this field + // if the Protocol field is "HTTP", "TCP", or "UDP". + // + // The association of SNIs to Certificate defined in GatewayTLSConfig is + // defined based on the Hostname field for this listener. + // + // The GatewayClass MUST use the longest matching SNI out of all + // available certificates for any TLS handshake. + // + // Support: Core + // + // +optional + TLS *GatewayTLSConfig `json:"tls,omitempty"` + + // AllowedRoutes defines the types of routes that MAY be attached to a + // Listener and the trusted namespaces where those Route resources MAY be + // present. + // + // Although a client request may match multiple route rules, only one rule + // may ultimately receive the request. Matching precedence MUST be + // determined in order of the following criteria: + // + // * The most specific match as defined by the Route type. + // * The oldest Route based on creation timestamp. For example, a Route with + // a creation timestamp of "2020-09-08 01:02:03" is given precedence over + // a Route with a creation timestamp of "2020-09-08 01:02:04". + // * If everything else is equivalent, the Route appearing first in + // alphabetical order (namespace/name) should be given precedence. For + // example, foo/bar is given precedence over foo/baz. + // + // All valid rules within a Route attached to this Listener should be + // implemented. Invalid Route rules can be ignored (sometimes that will mean + // the full Route). If a Route rule transitions from valid to invalid, + // support for that Route rule should be dropped to ensure consistency. For + // example, even if a filter specified by a Route rule is invalid, the rest + // of the rules within that Route should still be supported. + // + // Support: Core + // +kubebuilder:default={namespaces:{from: Same}} + // +optional + AllowedRoutes *AllowedRoutes `json:"allowedRoutes,omitempty"` +} + +// ProtocolType defines the application protocol accepted by a Listener. +// Implementations are not required to accept all the defined protocols. If an +// implementation does not support a specified protocol, it MUST set the +// "Accepted" condition to False for the affected Listener with a reason of +// "UnsupportedProtocol". +// +// Core ProtocolType values are listed in the table below. +// +// Implementations can define their own protocols if a core ProtocolType does not +// exist. Such definitions must use prefixed name, such as +// `mycompany.com/my-custom-protocol`. Un-prefixed names are reserved for core +// protocols. Any protocol defined by implementations will fall under +// Implementation-specific conformance. +// +// Valid values include: +// +// * "HTTP" - Core support +// * "example.com/bar" - Implementation-specific support +// +// Invalid values include: +// +// * "example.com" - must include path if domain is used +// * "foo.example.com" - must include path if domain is used +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=255 +// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$` +type ProtocolType string + +const ( + // Accepts cleartext HTTP/1.1 sessions over TCP. Implementations MAY also + // support HTTP/2 over cleartext. If implementations support HTTP/2 over + // cleartext on "HTTP" listeners, that MUST be clearly documented by the + // implementation. + HTTPProtocolType ProtocolType = "HTTP" + + // Accepts HTTP/1.1 or HTTP/2 sessions over TLS. + HTTPSProtocolType ProtocolType = "HTTPS" + + // Accepts TLS sessions over TCP. + TLSProtocolType ProtocolType = "TLS" + + // Accepts TCP sessions. + TCPProtocolType ProtocolType = "TCP" + + // Accepts UDP packets. + UDPProtocolType ProtocolType = "UDP" +) + +// GatewayTLSConfig describes a TLS configuration. +// +// +kubebuilder:validation:XValidation:message="certificateRefs must be specified when TLSModeType is Terminate",rule="self.mode == 'Terminate' ? size(self.certificateRefs) > 0 : true" +type GatewayTLSConfig struct { + // Mode defines the TLS behavior for the TLS session initiated by the client. + // There are two possible modes: + // + // - Terminate: The TLS session between the downstream client + // and the Gateway is terminated at the Gateway. This mode requires + // certificateRefs to be set and contain at least one element. + // - Passthrough: The TLS session is NOT terminated by the Gateway. This + // implies that the Gateway can't decipher the TLS stream except for + // the ClientHello message of the TLS protocol. + // CertificateRefs field is ignored in this mode. + // + // Support: Core + // + // +optional + // +kubebuilder:default=Terminate + Mode *TLSModeType `json:"mode,omitempty"` + + // CertificateRefs contains a series of references to Kubernetes objects that + // contains TLS certificates and private keys. These certificates are used to + // establish a TLS handshake for requests that match the hostname of the + // associated listener. + // + // A single CertificateRef to a Kubernetes Secret has "Core" support. + // Implementations MAY choose to support attaching multiple certificates to + // a Listener, but this behavior is implementation-specific. + // + // References to a resource in different namespace are invalid UNLESS there + // is a ReferenceGrant in the target namespace that allows the certificate + // to be attached. If a ReferenceGrant does not allow this reference, the + // "ResolvedRefs" condition MUST be set to False for this listener with the + // "RefNotPermitted" reason. + // + // This field is required to have at least one element when the mode is set + // to "Terminate" (default) and is optional otherwise. + // + // CertificateRefs can reference to standard Kubernetes resources, i.e. + // Secret, or implementation-specific custom resources. + // + // Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls + // + // Support: Implementation-specific (More than one reference or other resource types) + // + // +optional + // +kubebuilder:validation:MaxItems=64 + CertificateRefs []SecretObjectReference `json:"certificateRefs,omitempty"` + + // Options are a list of key/value pairs to enable extended TLS + // configuration for each implementation. For example, configuring the + // minimum TLS version or supported cipher suites. + // + // A set of common keys MAY be defined by the API in the future. To avoid + // any ambiguity, implementation-specific definitions MUST use + // domain-prefixed names, such as `example.com/my-custom-option`. + // Un-prefixed names are reserved for key names defined by Gateway API. + // + // Support: Implementation-specific + // + // +optional + // +kubebuilder:validation:MaxProperties=16 + Options map[AnnotationKey]AnnotationValue `json:"options,omitempty"` +} + +// TLSModeType type defines how a Gateway handles TLS sessions. +// +// +kubebuilder:validation:Enum=Terminate;Passthrough +type TLSModeType string + +const ( + // In this mode, TLS session between the downstream client + // and the Gateway is terminated at the Gateway. + TLSModeTerminate TLSModeType = "Terminate" + + // In this mode, the TLS session is NOT terminated by the Gateway. This + // implies that the Gateway can't decipher the TLS stream except for + // the ClientHello message of the TLS protocol. + // + // Note that SSL passthrough is only supported by TLSRoute. + TLSModePassthrough TLSModeType = "Passthrough" +) + +// AllowedRoutes defines which Routes may be attached to this Listener. +type AllowedRoutes struct { + // Namespaces indicates namespaces from which Routes may be attached to this + // Listener. This is restricted to the namespace of this Gateway by default. + // + // Support: Core + // + // +optional + // +kubebuilder:default={from: Same} + Namespaces *RouteNamespaces `json:"namespaces,omitempty"` + + // Kinds specifies the groups and kinds of Routes that are allowed to bind + // to this Gateway Listener. When unspecified or empty, the kinds of Routes + // selected are determined using the Listener protocol. + // + // A RouteGroupKind MUST correspond to kinds of Routes that are compatible + // with the application protocol specified in the Listener's Protocol field. + // If an implementation does not support or recognize this resource type, it + // MUST set the "ResolvedRefs" condition to False for this Listener with the + // "InvalidRouteKinds" reason. + // + // Support: Core + // + // +optional + // +kubebuilder:validation:MaxItems=8 + Kinds []RouteGroupKind `json:"kinds,omitempty"` +} + +// FromNamespaces specifies namespace from which Routes may be attached to a +// Gateway. +// +// +kubebuilder:validation:Enum=All;Selector;Same +type FromNamespaces string + +const ( + // Routes in all namespaces may be attached to this Gateway. + NamespacesFromAll FromNamespaces = "All" + // Only Routes in namespaces selected by the selector may be attached to + // this Gateway. + NamespacesFromSelector FromNamespaces = "Selector" + // Only Routes in the same namespace as the Gateway may be attached to this + // Gateway. + NamespacesFromSame FromNamespaces = "Same" +) + +// RouteNamespaces indicate which namespaces Routes should be selected from. +type RouteNamespaces struct { + // From indicates where Routes will be selected for this Gateway. Possible + // values are: + // + // * All: Routes in all namespaces may be used by this Gateway. + // * Selector: Routes in namespaces selected by the selector may be used by + // this Gateway. + // * Same: Only Routes in the same namespace may be used by this Gateway. + // + // Support: Core + // + // +optional + // +kubebuilder:default=Same + From *FromNamespaces `json:"from,omitempty"` + + // Selector must be specified when From is set to "Selector". In that case, + // only Routes in Namespaces matching this Selector will be selected by this + // Gateway. This field is ignored for other values of "From". + // + // Support: Core + // + // +optional + Selector *metav1.LabelSelector `json:"selector,omitempty"` +} + +// RouteGroupKind indicates the group and kind of a Route resource. +type RouteGroupKind struct { + // Group is the group of the Route. + // + // +optional + // +kubebuilder:default=gateway.networking.k8s.io + Group *Group `json:"group,omitempty"` + + // Kind is the kind of the Route. + Kind Kind `json:"kind"` +} + +// GatewayAddress describes an address that can be bound to a Gateway. +// +// +kubebuilder:validation:XValidation:message="Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)",rule="self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" +type GatewayAddress struct { + // Type of the address. + // + // +optional + // +kubebuilder:default=IPAddress + Type *AddressType `json:"type,omitempty"` + + // Value of the address. The validity of the values will depend + // on the type and support by the controller. + // + // Examples: `1.2.3.4`, `128::1`, `my-ip-address`. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + Value string `json:"value"` +} + +// GatewayStatusAddress describes an address that is bound to a Gateway. +// +// +kubebuilder:validation:XValidation:message="Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)",rule="self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" +type GatewayStatusAddress struct { + // Type of the address. + // + // +optional + // +kubebuilder:default=IPAddress + Type *AddressType `json:"type,omitempty"` + + // Value of the address. The validity of the values will depend + // on the type and support by the controller. + // + // Examples: `1.2.3.4`, `128::1`, `my-ip-address`. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + Value string `json:"value"` +} + +// GatewayStatus defines the observed state of Gateway. +type GatewayStatus struct { + // Addresses lists the IP addresses that have actually been + // bound to the Gateway. These addresses may differ from the + // addresses in the Spec, e.g. if the Gateway automatically + // assigns an address from a reserved pool. + // + // +optional + // + // +kubebuilder:validation:MaxItems=16 + Addresses []GatewayStatusAddress `json:"addresses,omitempty"` + + // Conditions describe the current conditions of the Gateway. + // + // Implementations should prefer to express Gateway conditions + // using the `GatewayConditionType` and `GatewayConditionReason` + // constants so that operators and tools can converge on a common + // vocabulary to describe Gateway state. + // + // Known condition types are: + // + // * "Accepted" + // * "Programmed" + // * "Ready" + // + // +optional + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:default={{type: "Accepted", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"},{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}} + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // Listeners provide status for each unique listener port defined in the Spec. + // + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=64 + Listeners []ListenerStatus `json:"listeners,omitempty"` +} + +// GatewayConditionType is a type of condition associated with a +// Gateway. This type should be used with the GatewayStatus.Conditions +// field. +type GatewayConditionType string + +// GatewayConditionReason defines the set of reasons that explain why a +// particular Gateway condition type has been raised. +type GatewayConditionReason string + +const ( + // This condition indicates whether a Gateway has generated some + // configuration that is assumed to be ready soon in the underlying data + // plane. + // + // It is a positive-polarity summary condition, and so should always be + // present on the resource with ObservedGeneration set. + // + // It should be set to Unknown if the controller performs updates to the + // status before it has all the information it needs to be able to determine + // if the condition is true. + // + // Possible reasons for this condition to be True are: + // + // * "Programmed" + // + // Possible reasons for this condition to be False are: + // + // * "Invalid" + // * "Pending" + // * "NoResources" + // * "AddressNotAssigned" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + GatewayConditionProgrammed GatewayConditionType = "Programmed" + + // This reason is used with the "Programmed" condition when the condition is + // true. + GatewayReasonProgrammed GatewayConditionReason = "Programmed" + + // This reason is used with the "Programmed" and "Accepted" conditions when the Gateway is + // syntactically or semantically invalid. + GatewayReasonInvalid GatewayConditionReason = "Invalid" + + // This reason is used with the "Programmed" condition when the + // Gateway is not scheduled because insufficient infrastructure + // resources are available. + GatewayReasonNoResources GatewayConditionReason = "NoResources" + + // This reason is used with the "Programmed" condition when none of the requested + // addresses have been assigned to the Gateway. This reason can be used to + // express a range of circumstances, including (but not limited to) IPAM + // address exhaustion, address not yet allocated, or a named address not being found. + GatewayReasonAddressNotAssigned GatewayConditionReason = "AddressNotAssigned" +) + +const ( + // This condition is true when the controller managing the Gateway is + // syntactically and semantically valid enough to produce some configuration + // in the underlying data plane. This does not indicate whether or not the + // configuration has been propagated to the data plane. + // + // Possible reasons for this condition to be True are: + // + // * "Accepted" + // * "ListenersNotValid" + // + // Possible reasons for this condition to be False are: + // + // * "Invalid" + // * "NotReconciled" + // * "UnsupportedAddress" + // * "ListenersNotValid" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + GatewayConditionAccepted GatewayConditionType = "Accepted" + + // This reason is used with the "Accepted" condition when the condition is + // True. + GatewayReasonAccepted GatewayConditionReason = "Accepted" + + // This reason is used with the "Accepted" condition when one or + // more Listeners have an invalid or unsupported configuration + // and cannot be configured on the Gateway. + // This can be the reason when "Accepted" is "True" or "False", depending on whether + // the listener being invalid causes the entire Gateway to not be accepted. + GatewayReasonListenersNotValid GatewayConditionReason = "ListenersNotValid" + + // This reason is used with the "Accepted" and "Programmed" + // conditions when the status is "Unknown" and no controller has reconciled + // the Gateway. + GatewayReasonPending GatewayConditionReason = "Pending" + + // This reason is used with the "Accepted" condition when the Gateway could not be configured + // because the requested address is not supported. This reason could be used in a number of + // instances, including: + // + // * The address is already in use. + // * The type of address is not supported by the implementation. + GatewayReasonUnsupportedAddress GatewayConditionReason = "UnsupportedAddress" +) + +const ( + // Deprecated: use "Accepted" instead. + GatewayConditionScheduled GatewayConditionType = "Scheduled" + + // This reason is used with the "Scheduled" condition when the condition is + // True. + // + // Deprecated: use the "Accepted" condition with reason "Accepted" instead. + GatewayReasonScheduled GatewayConditionReason = "Scheduled" + + // Deprecated: Use "Pending" instead. + GatewayReasonNotReconciled GatewayConditionReason = "NotReconciled" +) + +const ( + // "Ready" is a condition type reserved for future use. It should not be used by implementations. + // + // If used in the future, "Ready" will represent the final state where all configuration is confirmed good + // _and has completely propagated to the data plane_. That is, it is a _guarantee_ that, as soon as something + // sees the Condition as `true`, then connections will be correctly routed _immediately_. + // + // This is a very strong guarantee, and to date no implementation has satisfied it enough to implement it. + // This reservation can be discussed in the future if necessary. + // + // Note: This condition is not really "deprecated", but rather "reserved"; however, deprecated triggers Go linters + // to alert about usage. + // Deprecated: Ready is reserved for future use + GatewayConditionReady GatewayConditionType = "Ready" + + // Deprecated: Ready is reserved for future use + GatewayReasonReady GatewayConditionReason = "Ready" + + // Deprecated: Ready is reserved for future use + GatewayReasonListenersNotReady GatewayConditionReason = "ListenersNotReady" +) + +// ListenerStatus is the status associated with a Listener. +type ListenerStatus struct { + // Name is the name of the Listener that this status corresponds to. + Name SectionName `json:"name"` + + // SupportedKinds is the list indicating the Kinds supported by this + // listener. This MUST represent the kinds an implementation supports for + // that Listener configuration. + // + // If kinds are specified in Spec that are not supported, they MUST NOT + // appear in this list and an implementation MUST set the "ResolvedRefs" + // condition to "False" with the "InvalidRouteKinds" reason. If both valid + // and invalid Route kinds are specified, the implementation MUST + // reference the valid Route kinds that have been specified. + // + // +kubebuilder:validation:MaxItems=8 + SupportedKinds []RouteGroupKind `json:"supportedKinds"` + + // AttachedRoutes represents the total number of accepted Routes that have been + // successfully attached to this Listener. + AttachedRoutes int32 `json:"attachedRoutes"` + + // Conditions describe the current condition of this listener. + // + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions"` +} + +// ListenerConditionType is a type of condition associated with the +// listener. This type should be used with the ListenerStatus.Conditions +// field. +type ListenerConditionType string + +// ListenerConditionReason defines the set of reasons that explain +// why a particular Listener condition type has been raised. +type ListenerConditionReason string + +const ( + // This condition indicates that the controller was unable to resolve + // conflicting specification requirements for this Listener. If a + // Listener is conflicted, its network port should not be configured + // on any network elements. + // + // Possible reasons for this condition to be true are: + // + // * "HostnameConflict" + // * "ProtocolConflict" + // + // Possible reasons for this condition to be False are: + // + // * "NoConflicts" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + ListenerConditionConflicted ListenerConditionType = "Conflicted" + + // This reason is used with the "Conflicted" condition when + // the Listener conflicts with hostnames in other Listeners. For + // example, this reason would be used when multiple Listeners on + // the same port use `example.com` in the hostname field. + ListenerReasonHostnameConflict ListenerConditionReason = "HostnameConflict" + + // This reason is used with the "Conflicted" condition when + // multiple Listeners are specified with the same Listener port + // number, but have conflicting protocol specifications. + ListenerReasonProtocolConflict ListenerConditionReason = "ProtocolConflict" + + // This reason is used with the "Conflicted" condition when the condition + // is False. + ListenerReasonNoConflicts ListenerConditionReason = "NoConflicts" +) + +const ( + // This condition indicates that the listener is syntactically and + // semantically valid, and that all features used in the listener's spec are + // supported. + // + // In general, a Listener will be marked as Accepted when the supplied + // configuration will generate at least some data plane configuration. + // + // For example, a Listener with an unsupported protocol will never generate + // any data plane config, and so will have Accepted set to `false.` + // Conversely, a Listener that does not have any Routes will be able to + // generate data plane config, and so will have Accepted set to `true`. + // + // Possible reasons for this condition to be True are: + // + // * "Accepted" + // + // Possible reasons for this condition to be False are: + // + // * "PortUnavailable" + // * "UnsupportedProtocol" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + ListenerConditionAccepted ListenerConditionType = "Accepted" + + // Deprecated: use "Accepted" instead. + ListenerConditionDetached ListenerConditionType = "Detached" + + // This reason is used with the "Accepted" condition when the condition is + // True. + ListenerReasonAccepted ListenerConditionReason = "Accepted" + + // This reason is used with the "Detached" condition when the condition is + // False. + // + // Deprecated: use the "Accepted" condition with reason "Accepted" instead. + ListenerReasonAttached ListenerConditionReason = "Attached" + + // This reason is used with the "Accepted" condition when the Listener + // requests a port that cannot be used on the Gateway. This reason could be + // used in a number of instances, including: + // + // * The port is already in use. + // * The port is not supported by the implementation. + ListenerReasonPortUnavailable ListenerConditionReason = "PortUnavailable" + + // This reason is used with the "Accepted" condition when the + // Listener could not be attached to be Gateway because its + // protocol type is not supported. + ListenerReasonUnsupportedProtocol ListenerConditionReason = "UnsupportedProtocol" +) + +const ( + // This condition indicates whether the controller was able to + // resolve all the object references for the Listener. + // + // Possible reasons for this condition to be true are: + // + // * "ResolvedRefs" + // + // Possible reasons for this condition to be False are: + // + // * "InvalidCertificateRef" + // * "InvalidRouteKinds" + // * "RefNotPermitted" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + ListenerConditionResolvedRefs ListenerConditionType = "ResolvedRefs" + + // This reason is used with the "ResolvedRefs" condition when the condition + // is true. + ListenerReasonResolvedRefs ListenerConditionReason = "ResolvedRefs" + + // This reason is used with the "ResolvedRefs" condition when the + // Listener has a TLS configuration with at least one TLS CertificateRef + // that is invalid or does not exist. + // A CertificateRef is considered invalid when it refers to a nonexistent + // or unsupported resource or kind, or when the data within that resource + // is malformed. + // This reason must be used only when the reference is allowed, either by + // referencing an object in the same namespace as the Gateway, or when + // a cross-namespace reference has been explicitly allowed by a ReferenceGrant. + // If the reference is not allowed, the reason RefNotPermitted must be used + // instead. + ListenerReasonInvalidCertificateRef ListenerConditionReason = "InvalidCertificateRef" + + // This reason is used with the "ResolvedRefs" condition when an invalid or + // unsupported Route kind is specified by the Listener. + ListenerReasonInvalidRouteKinds ListenerConditionReason = "InvalidRouteKinds" + + // This reason is used with the "ResolvedRefs" condition when the + // Listener has a TLS configuration that references an object in another + // namespace, where the object in the other namespace does not have a + // ReferenceGrant explicitly allowing the reference. + ListenerReasonRefNotPermitted ListenerConditionReason = "RefNotPermitted" +) + +const ( + // This condition indicates whether a Listener has generated some + // configuration that will soon be ready in the underlying data plane. + // + // It is a positive-polarity summary condition, and so should always be + // present on the resource with ObservedGeneration set. + // + // It should be set to Unknown if the controller performs updates to the + // status before it has all the information it needs to be able to determine + // if the condition is true. + // + // Possible reasons for this condition to be True are: + // + // * "Programmed" + // + // Possible reasons for this condition to be False are: + // + // * "Invalid" + // * "Pending" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + ListenerConditionProgrammed ListenerConditionType = "Programmed" + + // This reason is used with the "Programmed" condition when the condition is + // true. + ListenerReasonProgrammed ListenerConditionReason = "Programmed" + + // This reason is used with the "Ready" and "Programmed" conditions when the + // Listener is syntactically or semantically invalid. + ListenerReasonInvalid ListenerConditionReason = "Invalid" + + // This reason is used with the "Accepted", "Ready" and "Programmed" + // conditions when the Listener is either not yet reconciled or not yet not + // online and ready to accept client traffic. + ListenerReasonPending ListenerConditionReason = "Pending" +) + +const ( + // "Ready" is a condition type reserved for future use. It should not be used by implementations. + // Note: This condition is not really "deprecated", but rather "reserved"; however, deprecated triggers Go linters + // to alert about usage. + // + // If used in the future, "Ready" will represent the final state where all configuration is confirmed good + // _and has completely propagated to the data plane_. That is, it is a _guarantee_ that, as soon as something + // sees the Condition as `true`, then connections will be correctly routed _immediately_. + // + // This is a very strong guarantee, and to date no implementation has satisfied it enough to implement it. + // This reservation can be discussed in the future if necessary. + // + // Deprecated: Ready is reserved for future use + ListenerConditionReady ListenerConditionType = "Ready" + + // Deprecated: Ready is reserved for future use + ListenerReasonReady ListenerConditionReason = "Ready" +) diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gatewayclass_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gatewayclass_types.go new file mode 100644 index 00000000000..9d166700d02 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gatewayclass_types.go @@ -0,0 +1,212 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=gateway-api,scope=Cluster,shortName=gc +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Controller",type=string,JSONPath=`.spec.controllerName` +// +kubebuilder:printcolumn:name="Accepted",type=string,JSONPath=`.status.conditions[?(@.type=="Accepted")].status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:printcolumn:name="Description",type=string,JSONPath=`.spec.description`,priority=1 + +// GatewayClass describes a class of Gateways available to the user for creating +// Gateway resources. +// +// It is recommended that this resource be used as a template for Gateways. This +// means that a Gateway is based on the state of the GatewayClass at the time it +// was created and changes to the GatewayClass or associated parameters are not +// propagated down to existing Gateways. This recommendation is intended to +// limit the blast radius of changes to GatewayClass or associated parameters. +// If implementations choose to propagate GatewayClass changes to existing +// Gateways, that MUST be clearly documented by the implementation. +// +// Whenever one or more Gateways are using a GatewayClass, implementations SHOULD +// add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the +// associated GatewayClass. This ensures that a GatewayClass associated with a +// Gateway is not deleted while in use. +// +// GatewayClass is a Cluster level resource. +type GatewayClass struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of GatewayClass. + Spec GatewayClassSpec `json:"spec"` + + // Status defines the current state of GatewayClass. + // + // Implementations MUST populate status on all GatewayClass resources which + // specify their controller name. + // + // +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", message: "Waiting for controller", reason: "Waiting", lastTransitionTime: "1970-01-01T00:00:00Z"}}} + Status GatewayClassStatus `json:"status,omitempty"` +} + +const ( + // GatewayClassFinalizerGatewaysExist should be added as a finalizer to the + // GatewayClass whenever there are provisioned Gateways using a + // GatewayClass. + GatewayClassFinalizerGatewaysExist = "gateway-exists-finalizer.gateway.networking.k8s.io" +) + +// GatewayClassSpec reflects the configuration of a class of Gateways. +type GatewayClassSpec struct { + // ControllerName is the name of the controller that is managing Gateways of + // this class. The value of this field MUST be a domain prefixed path. + // + // Example: "example.net/gateway-controller". + // + // This field is not mutable and cannot be empty. + // + // Support: Core + // + // +kubebuilder:validation:XValidation:message="Value is immutable",rule="self == oldSelf" + ControllerName GatewayController `json:"controllerName"` + + // ParametersRef is a reference to a resource that contains the configuration + // parameters corresponding to the GatewayClass. This is optional if the + // controller does not require any additional configuration. + // + // ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, + // or an implementation-specific custom resource. The resource can be + // cluster-scoped or namespace-scoped. + // + // If the referent cannot be found, the GatewayClass's "InvalidParameters" + // status condition will be true. + // + // Support: Implementation-specific + // + // +optional + ParametersRef *ParametersReference `json:"parametersRef,omitempty"` + + // Description helps describe a GatewayClass with more details. + // + // +kubebuilder:validation:MaxLength=64 + // +optional + Description *string `json:"description,omitempty"` +} + +// ParametersReference identifies an API object containing controller-specific +// configuration resource within the cluster. +type ParametersReference struct { + // Group is the group of the referent. + Group Group `json:"group"` + + // Kind is kind of the referent. + Kind Kind `json:"kind"` + + // Name is the name of the referent. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + Name string `json:"name"` + + // Namespace is the namespace of the referent. + // This field is required when referring to a Namespace-scoped resource and + // MUST be unset when referring to a Cluster-scoped resource. + // + // +optional + Namespace *Namespace `json:"namespace,omitempty"` +} + +// GatewayClassConditionType is the type for status conditions on +// Gateway resources. This type should be used with the +// GatewayClassStatus.Conditions field. +type GatewayClassConditionType string + +// GatewayClassConditionReason defines the set of reasons that explain why a +// particular GatewayClass condition type has been raised. +type GatewayClassConditionReason string + +const ( + // This condition indicates whether the GatewayClass has been accepted by + // the controller requested in the `spec.controller` field. + // + // This condition defaults to Unknown, and MUST be set by a controller when + // it sees a GatewayClass using its controller string. The status of this + // condition MUST be set to True if the controller will support provisioning + // Gateways using this class. Otherwise, this status MUST be set to False. + // If the status is set to False, the controller SHOULD set a Message and + // Reason as an explanation. + // + // Possible reasons for this condition to be true are: + // + // * "Accepted" + // + // Possible reasons for this condition to be False are: + // + // * "InvalidParameters" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers should prefer to use the values of GatewayClassConditionReason + // for the corresponding Reason, where appropriate. + GatewayClassConditionStatusAccepted GatewayClassConditionType = "Accepted" + + // This reason is used with the "Accepted" condition when the condition is + // true. + GatewayClassReasonAccepted GatewayClassConditionReason = "Accepted" + + // This reason is used with the "Accepted" condition when the + // GatewayClass was not accepted because the parametersRef field + // was invalid, with more detail in the message. + GatewayClassReasonInvalidParameters GatewayClassConditionReason = "InvalidParameters" + + // This reason is used with the "Accepted" condition when the + // requested controller has not yet made a decision about whether + // to admit the GatewayClass. It is the default Reason on a new + // GatewayClass. + GatewayClassReasonPending GatewayClassConditionReason = "Pending" + + // Deprecated: Use "Pending" instead. + GatewayClassReasonWaiting GatewayClassConditionReason = "Waiting" +) + +// GatewayClassStatus is the current status for the GatewayClass. +type GatewayClassStatus struct { + // Conditions is the current status from the controller for + // this GatewayClass. + // + // Controllers should prefer to publish conditions using values + // of GatewayClassConditionType for the type of each Condition. + // + // +optional + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:default={{type: "Accepted", status: "Unknown", message: "Waiting for controller", reason: "Pending", lastTransitionTime: "1970-01-01T00:00:00Z"}} + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +kubebuilder:object:root=true + +// GatewayClassList contains a list of GatewayClass +type GatewayClassList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []GatewayClass `json:"items"` +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/httproute_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/httproute_types.go new file mode 100644 index 00000000000..e8216ed33cb --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/httproute_types.go @@ -0,0 +1,1115 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=gateway-api +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Hostnames",type=string,JSONPath=`.spec.hostnames` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` + +// HTTPRoute provides a way to route HTTP requests. This includes the capability +// to match requests by hostname, path, header, or query param. Filters can be +// used to specify additional processing steps. Backends specify where matching +// requests should be routed. +type HTTPRoute struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of HTTPRoute. + Spec HTTPRouteSpec `json:"spec"` + + // Status defines the current state of HTTPRoute. + Status HTTPRouteStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// HTTPRouteList contains a list of HTTPRoute. +type HTTPRouteList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []HTTPRoute `json:"items"` +} + +// HTTPRouteSpec defines the desired state of HTTPRoute +type HTTPRouteSpec struct { + CommonRouteSpec `json:",inline"` + + // Hostnames defines a set of hostnames that should match against the HTTP Host + // header to select a HTTPRoute used to process the request. Implementations + // MUST ignore any port value specified in the HTTP Host header while + // performing a match and (absent of any applicable header modification + // configuration) MUST forward this header unmodified to the backend. + // + // Valid values for Hostnames are determined by RFC 1123 definition of a + // hostname with 2 notable exceptions: + // + // 1. IPs are not allowed. + // 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard + // label must appear by itself as the first label. + // + // If a hostname is specified by both the Listener and HTTPRoute, there + // must be at least one intersecting hostname for the HTTPRoute to be + // attached to the Listener. For example: + // + // * A Listener with `test.example.com` as the hostname matches HTTPRoutes + // that have either not specified any hostnames, or have specified at + // least one of `test.example.com` or `*.example.com`. + // * A Listener with `*.example.com` as the hostname matches HTTPRoutes + // that have either not specified any hostnames or have specified at least + // one hostname that matches the Listener hostname. For example, + // `*.example.com`, `test.example.com`, and `foo.test.example.com` would + // all match. On the other hand, `example.com` and `test.example.net` would + // not match. + // + // Hostnames that are prefixed with a wildcard label (`*.`) are interpreted + // as a suffix match. That means that a match for `*.example.com` would match + // both `test.example.com`, and `foo.test.example.com`, but not `example.com`. + // + // If both the Listener and HTTPRoute have specified hostnames, any + // HTTPRoute hostnames that do not match the Listener hostname MUST be + // ignored. For example, if a Listener specified `*.example.com`, and the + // HTTPRoute specified `test.example.com` and `test.example.net`, + // `test.example.net` must not be considered for a match. + // + // If both the Listener and HTTPRoute have specified hostnames, and none + // match with the criteria above, then the HTTPRoute is not accepted. The + // implementation must raise an 'Accepted' Condition with a status of + // `False` in the corresponding RouteParentStatus. + // + // In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. + // overlapping wildcard matching and exact matching hostnames), precedence must + // be given to rules from the HTTPRoute with the largest number of: + // + // * Characters in a matching non-wildcard hostname. + // * Characters in a matching hostname. + // + // If ties exist across multiple Routes, the matching precedence rules for + // HTTPRouteMatches takes over. + // + // Support: Core + // + // +optional + // +kubebuilder:validation:MaxItems=16 + Hostnames []Hostname `json:"hostnames,omitempty"` + + // Rules are a list of HTTP matchers, filters and actions. + // + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:default={{matches: {{path: {type: "PathPrefix", value: "/"}}}}} + Rules []HTTPRouteRule `json:"rules,omitempty"` +} + +// HTTPRouteRule defines semantics for matching an HTTP request based on +// conditions (matches), processing it (filters), and forwarding the request to +// an API object (backendRefs). +// +// +kubebuilder:validation:XValidation:message="RequestRedirect filter must not be used together with backendRefs",rule="(has(self.backendRefs) && size(self.backendRefs) > 0) ? (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): true" +// +kubebuilder:validation:XValidation:message="When using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified",rule="(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" +// +kubebuilder:validation:XValidation:message="When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified",rule="(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" +// +kubebuilder:validation:XValidation:message="Within backendRefs, when using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified",rule="(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" +// +kubebuilder:validation:XValidation:message="Within backendRefs, When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified",rule="(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" +type HTTPRouteRule struct { + // Matches define conditions used for matching the rule against incoming + // HTTP requests. Each match is independent, i.e. this rule will be matched + // if **any** one of the matches is satisfied. + // + // For example, take the following matches configuration: + // + // ``` + // matches: + // - path: + // value: "/foo" + // headers: + // - name: "version" + // value: "v2" + // - path: + // value: "/v2/foo" + // ``` + // + // For a request to match against this rule, a request must satisfy + // EITHER of the two conditions: + // + // - path prefixed with `/foo` AND contains the header `version: v2` + // - path prefix of `/v2/foo` + // + // See the documentation for HTTPRouteMatch on how to specify multiple + // match conditions that should be ANDed together. + // + // If no matches are specified, the default is a prefix + // path match on "/", which has the effect of matching every + // HTTP request. + // + // Proxy or Load Balancer routing configuration generated from HTTPRoutes + // MUST prioritize matches based on the following criteria, continuing on + // ties. Across all rules specified on applicable Routes, precedence must be + // given to the match having: + // + // * "Exact" path match. + // * "Prefix" path match with largest number of characters. + // * Method match. + // * Largest number of header matches. + // * Largest number of query param matches. + // + // Note: The precedence of RegularExpression path matches are implementation-specific. + // + // If ties still exist across multiple Routes, matching precedence MUST be + // determined in order of the following criteria, continuing on ties: + // + // * The oldest Route based on creation timestamp. + // * The Route appearing first in alphabetical order by + // "{namespace}/{name}". + // + // If ties still exist within an HTTPRoute, matching precedence MUST be granted + // to the FIRST matching rule (in list order) with a match meeting the above + // criteria. + // + // When no rules matching a request have been successfully attached to the + // parent a request is coming from, a HTTP 404 status code MUST be returned. + // + // +optional + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:default={{path:{ type: "PathPrefix", value: "/"}}} + Matches []HTTPRouteMatch `json:"matches,omitempty"` + + // Filters define the filters that are applied to requests that match + // this rule. + // + // The effects of ordering of multiple behaviors are currently unspecified. + // This can change in the future based on feedback during the alpha stage. + // + // Conformance-levels at this level are defined based on the type of filter: + // + // - ALL core filters MUST be supported by all implementations. + // - Implementers are encouraged to support extended filters. + // - Implementation-specific custom filters have no API guarantees across + // implementations. + // + // Specifying the same filter multiple times is not supported unless explicitly + // indicated in the filter. + // + // All filters are expected to be compatible with each other except for the + // URLRewrite and RequestRedirect filters, which may not be combined. If an + // implementation can not support other combinations of filters, they must clearly + // document that limitation. In cases where incompatible or unsupported + // filters are specified and cause the `Accepted` condition to be set to status + // `False`, implementations may use the `IncompatibleFilters` reason to specify + // this configuration error. + // + // Support: Core + // + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:message="May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both",rule="!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + // +kubebuilder:validation:XValidation:message="RequestHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="ResponseHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="RequestRedirect filter cannot be repeated",rule="self.filter(f, f.type == 'RequestRedirect').size() <= 1" + // +kubebuilder:validation:XValidation:message="URLRewrite filter cannot be repeated",rule="self.filter(f, f.type == 'URLRewrite').size() <= 1" + Filters []HTTPRouteFilter `json:"filters,omitempty"` + + // BackendRefs defines the backend(s) where matching requests should be + // sent. + // + // Failure behavior here depends on how many BackendRefs are specified and + // how many are invalid. + // + // If *all* entries in BackendRefs are invalid, and there are also no filters + // specified in this route rule, *all* traffic which matches this rule MUST + // receive a 500 status code. + // + // See the HTTPBackendRef definition for the rules about what makes a single + // HTTPBackendRef invalid. + // + // When a HTTPBackendRef is invalid, 500 status codes MUST be returned for + // requests that would have otherwise been routed to an invalid backend. If + // multiple backends are specified, and some are invalid, the proportion of + // requests that would otherwise have been routed to an invalid backend + // MUST receive a 500 status code. + // + // For example, if two backends are specified with equal weights, and one is + // invalid, 50 percent of traffic must receive a 500. Implementations may + // choose how that 50 percent is determined. + // + // Support: Core for Kubernetes Service + // + // Support: Extended for Kubernetes ServiceImport + // + // Support: Implementation-specific for any other resource + // + // Support for weight: Core + // + // +optional + // +kubebuilder:validation:MaxItems=16 + BackendRefs []HTTPBackendRef `json:"backendRefs,omitempty"` +} + +// PathMatchType specifies the semantics of how HTTP paths should be compared. +// Valid PathMatchType values, along with their support levels, are: +// +// * "Exact" - Core +// * "PathPrefix" - Core +// * "RegularExpression" - Implementation Specific +// +// PathPrefix and Exact paths must be syntactically valid: +// +// - Must begin with the `/` character +// - Must not contain consecutive `/` characters (e.g. `/foo///`, `//`). +// +// Note that values may be added to this enum, implementations +// must ensure that unknown values will not cause a crash. +// +// Unknown values here must result in the implementation setting the +// Accepted Condition for the Route to `status: False`, with a +// Reason of `UnsupportedValue`. +// +// +kubebuilder:validation:Enum=Exact;PathPrefix;RegularExpression +type PathMatchType string + +const ( + // Matches the URL path exactly and with case sensitivity. This means that + // an exact path match on `/abc` will only match requests to `/abc`, NOT + // `/abc/`, `/Abc`, or `/abcd`. + PathMatchExact PathMatchType = "Exact" + + // Matches based on a URL path prefix split by `/`. Matching is + // case sensitive and done on a path element by element basis. A + // path element refers to the list of labels in the path split by + // the `/` separator. When specified, a trailing `/` is ignored. + // + // For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match + // the prefix `/abc`, but the path `/abcd` would not. + // + // "PathPrefix" is semantically equivalent to the "Prefix" path type in the + // Kubernetes Ingress API. + PathMatchPathPrefix PathMatchType = "PathPrefix" + + // Matches if the URL path matches the given regular expression with + // case sensitivity. + // + // Since `"RegularExpression"` has implementation-specific conformance, + // implementations can support POSIX, PCRE, RE2 or any other regular expression + // dialect. + // Please read the implementation's documentation to determine the supported + // dialect. + PathMatchRegularExpression PathMatchType = "RegularExpression" +) + +// HTTPPathMatch describes how to select a HTTP route by matching the HTTP request path. +// +// +kubebuilder:validation:XValidation:message="value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" +// +kubebuilder:validation:XValidation:message="must not contain '//' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" +// +kubebuilder:validation:XValidation:message="must not contain '/./' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" +// +kubebuilder:validation:XValidation:message="must not contain '/../' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" +// +kubebuilder:validation:XValidation:message="must not contain '%2f' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" +// +kubebuilder:validation:XValidation:message="must not contain '%2F' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" +// +kubebuilder:validation:XValidation:message="must not contain '#' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" +// +kubebuilder:validation:XValidation:message="must not end with '/..' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" +// +kubebuilder:validation:XValidation:message="must not end with '/.' when type one of ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" +// +kubebuilder:validation:XValidation:message="type must be one of ['Exact', 'PathPrefix', 'RegularExpression']",rule="self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" +// +kubebuilder:validation:XValidation:message="must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']",rule="(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" +type HTTPPathMatch struct { + // Type specifies how to match against the path Value. + // + // Support: Core (Exact, PathPrefix) + // + // Support: Implementation-specific (RegularExpression) + // + // +optional + // +kubebuilder:default=PathPrefix + Type *PathMatchType `json:"type,omitempty"` + + // Value of the HTTP path to match against. + // + // +optional + // +kubebuilder:default="/" + // +kubebuilder:validation:MaxLength=1024 + Value *string `json:"value,omitempty"` +} + +// HeaderMatchType specifies the semantics of how HTTP header values should be +// compared. Valid HeaderMatchType values, along with their conformance levels, are: +// +// * "Exact" - Core +// * "RegularExpression" - Implementation Specific +// +// Note that values may be added to this enum, implementations +// must ensure that unknown values will not cause a crash. +// +// Unknown values here must result in the implementation setting the +// Accepted Condition for the Route to `status: False`, with a +// Reason of `UnsupportedValue`. +// +// +kubebuilder:validation:Enum=Exact;RegularExpression +type HeaderMatchType string + +// HeaderMatchType constants. +const ( + HeaderMatchExact HeaderMatchType = "Exact" + HeaderMatchRegularExpression HeaderMatchType = "RegularExpression" +) + +// HTTPHeaderName is the name of an HTTP header. +// +// Valid values include: +// +// * "Authorization" +// * "Set-Cookie" +// +// Invalid values include: +// +// - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo +// headers are not currently supported by this type. +// - "/invalid" - "/ " is an invalid character +type HTTPHeaderName HeaderName + +// HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request +// headers. +type HTTPHeaderMatch struct { + // Type specifies how to match against the value of the header. + // + // Support: Core (Exact) + // + // Support: Implementation-specific (RegularExpression) + // + // Since RegularExpression HeaderMatchType has implementation-specific + // conformance, implementations can support POSIX, PCRE or any other dialects + // of regular expressions. Please read the implementation's documentation to + // determine the supported dialect. + // + // +optional + // +kubebuilder:default=Exact + Type *HeaderMatchType `json:"type,omitempty"` + + // Name is the name of the HTTP Header to be matched. Name matching MUST be + // case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + // + // If multiple entries specify equivalent header names, only the first + // entry with an equivalent name MUST be considered for a match. Subsequent + // entries with an equivalent header name MUST be ignored. Due to the + // case-insensitivity of header names, "foo" and "Foo" are considered + // equivalent. + // + // When a header is repeated in an HTTP request, it is + // implementation-specific behavior as to how this is represented. + // Generally, proxies should follow the guidance from the RFC: + // https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding + // processing a repeated header, with special handling for "Set-Cookie". + Name HTTPHeaderName `json:"name"` + + // Value is the value of HTTP Header to be matched. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=4096 + Value string `json:"value"` +} + +// QueryParamMatchType specifies the semantics of how HTTP query parameter +// values should be compared. Valid QueryParamMatchType values, along with their +// conformance levels, are: +// +// * "Exact" - Core +// * "RegularExpression" - Implementation Specific +// +// Note that values may be added to this enum, implementations +// must ensure that unknown values will not cause a crash. +// +// Unknown values here must result in the implementation setting the +// Accepted Condition for the Route to `status: False`, with a +// Reason of `UnsupportedValue`. +// +// +kubebuilder:validation:Enum=Exact;RegularExpression +type QueryParamMatchType string + +// QueryParamMatchType constants. +const ( + QueryParamMatchExact QueryParamMatchType = "Exact" + QueryParamMatchRegularExpression QueryParamMatchType = "RegularExpression" +) + +// HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP +// query parameters. +type HTTPQueryParamMatch struct { + // Type specifies how to match against the value of the query parameter. + // + // Support: Extended (Exact) + // + // Support: Implementation-specific (RegularExpression) + // + // Since RegularExpression QueryParamMatchType has Implementation-specific + // conformance, implementations can support POSIX, PCRE or any other + // dialects of regular expressions. Please read the implementation's + // documentation to determine the supported dialect. + // + // +optional + // +kubebuilder:default=Exact + Type *QueryParamMatchType `json:"type,omitempty"` + + // Name is the name of the HTTP query param to be matched. This must be an + // exact string match. (See + // https://tools.ietf.org/html/rfc7230#section-2.7.3). + // + // If multiple entries specify equivalent query param names, only the first + // entry with an equivalent name MUST be considered for a match. Subsequent + // entries with an equivalent query param name MUST be ignored. + // + // If a query param is repeated in an HTTP request, the behavior is + // purposely left undefined, since different data planes have different + // capabilities. However, it is *recommended* that implementations should + // match against the first value of the param if the data plane supports it, + // as this behavior is expected in other load balancing contexts outside of + // the Gateway API. + // + // Users SHOULD NOT route traffic based on repeated query params to guard + // themselves against potential differences in the implementations. + Name HTTPHeaderName `json:"name"` + + // Value is the value of HTTP query param to be matched. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Value string `json:"value"` +} + +// HTTPMethod describes how to select a HTTP route by matching the HTTP +// method as defined by +// [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-4) and +// [RFC 5789](https://datatracker.ietf.org/doc/html/rfc5789#section-2). +// The value is expected in upper case. +// +// Note that values may be added to this enum, implementations +// must ensure that unknown values will not cause a crash. +// +// Unknown values here must result in the implementation setting the +// Accepted Condition for the Route to `status: False`, with a +// Reason of `UnsupportedValue`. +// +// +kubebuilder:validation:Enum=GET;HEAD;POST;PUT;DELETE;CONNECT;OPTIONS;TRACE;PATCH +type HTTPMethod string + +const ( + HTTPMethodGet HTTPMethod = "GET" + HTTPMethodHead HTTPMethod = "HEAD" + HTTPMethodPost HTTPMethod = "POST" + HTTPMethodPut HTTPMethod = "PUT" + HTTPMethodDelete HTTPMethod = "DELETE" + HTTPMethodConnect HTTPMethod = "CONNECT" + HTTPMethodOptions HTTPMethod = "OPTIONS" + HTTPMethodTrace HTTPMethod = "TRACE" + HTTPMethodPatch HTTPMethod = "PATCH" +) + +// HTTPRouteMatch defines the predicate used to match requests to a given +// action. Multiple match types are ANDed together, i.e. the match will +// evaluate to true only if all conditions are satisfied. +// +// For example, the match below will match a HTTP request only if its path +// starts with `/foo` AND it contains the `version: v1` header: +// +// ``` +// match: +// +// path: +// value: "/foo" +// headers: +// - name: "version" +// value "v1" +// +// ``` +type HTTPRouteMatch struct { + // Path specifies a HTTP request path matcher. If this field is not + // specified, a default prefix match on the "/" path is provided. + // + // +optional + // +kubebuilder:default={type: "PathPrefix", value: "/"} + Path *HTTPPathMatch `json:"path,omitempty"` + + // Headers specifies HTTP request header matchers. Multiple match values are + // ANDed together, meaning, a request must match all the specified headers + // to select the route. + // + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=16 + Headers []HTTPHeaderMatch `json:"headers,omitempty"` + + // QueryParams specifies HTTP query parameter matchers. Multiple match + // values are ANDed together, meaning, a request must match all the + // specified query parameters to select the route. + // + // Support: Extended + // + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=16 + QueryParams []HTTPQueryParamMatch `json:"queryParams,omitempty"` + + // Method specifies HTTP method matcher. + // When specified, this route will be matched only if the request has the + // specified method. + // + // Support: Extended + // + // +optional + Method *HTTPMethod `json:"method,omitempty"` +} + +// HTTPRouteFilter defines processing steps that must be completed during the +// request or response lifecycle. HTTPRouteFilters are meant as an extension +// point to express processing that may be done in Gateway implementations. Some +// examples include request or response modification, implementing +// authentication strategies, rate-limiting, and traffic shaping. API +// guarantee/conformance is defined based on the type of the filter. +// +// +kubebuilder:validation:XValidation:message="filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier",rule="!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" +// +kubebuilder:validation:XValidation:message="filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type",rule="!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" +// +kubebuilder:validation:XValidation:message="filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier",rule="!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" +// +kubebuilder:validation:XValidation:message="filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type",rule="!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" +// +kubebuilder:validation:XValidation:message="filter.requestMirror must be nil if the filter.type is not RequestMirror",rule="!(has(self.requestMirror) && self.type != 'RequestMirror')" +// +kubebuilder:validation:XValidation:message="filter.requestMirror must be specified for RequestMirror filter.type",rule="!(!has(self.requestMirror) && self.type == 'RequestMirror')" +// +kubebuilder:validation:XValidation:message="filter.requestRedirect must be nil if the filter.type is not RequestRedirect",rule="!(has(self.requestRedirect) && self.type != 'RequestRedirect')" +// +kubebuilder:validation:XValidation:message="filter.requestRedirect must be specified for RequestRedirect filter.type",rule="!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" +// +kubebuilder:validation:XValidation:message="filter.urlRewrite must be nil if the filter.type is not URLRewrite",rule="!(has(self.urlRewrite) && self.type != 'URLRewrite')" +// +kubebuilder:validation:XValidation:message="filter.urlRewrite must be specified for URLRewrite filter.type",rule="!(!has(self.urlRewrite) && self.type == 'URLRewrite')" +// +kubebuilder:validation:XValidation:message="filter.extensionRef must be nil if the filter.type is not ExtensionRef",rule="!(has(self.extensionRef) && self.type != 'ExtensionRef')" +// +kubebuilder:validation:XValidation:message="filter.extensionRef must be specified for ExtensionRef filter.type",rule="!(!has(self.extensionRef) && self.type == 'ExtensionRef')" +type HTTPRouteFilter struct { + // Type identifies the type of filter to apply. As with other API fields, + // types are classified into three conformance levels: + // + // - Core: Filter types and their corresponding configuration defined by + // "Support: Core" in this package, e.g. "RequestHeaderModifier". All + // implementations must support core filters. + // + // - Extended: Filter types and their corresponding configuration defined by + // "Support: Extended" in this package, e.g. "RequestMirror". Implementers + // are encouraged to support extended filters. + // + // - Implementation-specific: Filters that are defined and supported by + // specific vendors. + // In the future, filters showing convergence in behavior across multiple + // implementations will be considered for inclusion in extended or core + // conformance levels. Filter-specific configuration for such filters + // is specified using the ExtensionRef field. `Type` should be set to + // "ExtensionRef" for custom filters. + // + // Implementers are encouraged to define custom implementation types to + // extend the core API with implementation-specific behavior. + // + // If a reference to a custom filter type cannot be resolved, the filter + // MUST NOT be skipped. Instead, requests that would have been processed by + // that filter MUST receive a HTTP error response. + // + // Note that values may be added to this enum, implementations + // must ensure that unknown values will not cause a crash. + // + // Unknown values here must result in the implementation setting the + // Accepted Condition for the Route to `status: False`, with a + // Reason of `UnsupportedValue`. + // + // +unionDiscriminator + // +kubebuilder:validation:Enum=RequestHeaderModifier;ResponseHeaderModifier;RequestMirror;RequestRedirect;URLRewrite;ExtensionRef + Type HTTPRouteFilterType `json:"type"` + + // RequestHeaderModifier defines a schema for a filter that modifies request + // headers. + // + // Support: Core + // + // +optional + RequestHeaderModifier *HTTPHeaderFilter `json:"requestHeaderModifier,omitempty"` + + // ResponseHeaderModifier defines a schema for a filter that modifies response + // headers. + // + // Support: Extended + // + // +optional + ResponseHeaderModifier *HTTPHeaderFilter `json:"responseHeaderModifier,omitempty"` + + // RequestMirror defines a schema for a filter that mirrors requests. + // Requests are sent to the specified destination, but responses from + // that destination are ignored. + // + // This filter can be used multiple times within the same rule. Note that + // not all implementations will be able to support mirroring to multiple + // backends. + // + // Support: Extended + // + // +optional + RequestMirror *HTTPRequestMirrorFilter `json:"requestMirror,omitempty"` + + // RequestRedirect defines a schema for a filter that responds to the + // request with an HTTP redirection. + // + // Support: Core + // + // +optional + RequestRedirect *HTTPRequestRedirectFilter `json:"requestRedirect,omitempty"` + + // URLRewrite defines a schema for a filter that modifies a request during forwarding. + // + // Support: Extended + // + // +optional + URLRewrite *HTTPURLRewriteFilter `json:"urlRewrite,omitempty"` + + // ExtensionRef is an optional, implementation-specific extension to the + // "filter" behavior. For example, resource "myroutefilter" in group + // "networking.example.net"). ExtensionRef MUST NOT be used for core and + // extended filters. + // + // This filter can be used multiple times within the same rule. + // + // Support: Implementation-specific + // + // +optional + ExtensionRef *LocalObjectReference `json:"extensionRef,omitempty"` +} + +// HTTPRouteFilterType identifies a type of HTTPRoute filter. +type HTTPRouteFilterType string + +const ( + // HTTPRouteFilterRequestHeaderModifier can be used to add or remove an HTTP + // header from an HTTP request before it is sent to the upstream target. + // + // Support in HTTPRouteRule: Core + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterRequestHeaderModifier HTTPRouteFilterType = "RequestHeaderModifier" + + // HTTPRouteFilterResponseHeaderModifier can be used to add or remove an HTTP + // header from an HTTP response before it is sent to the client. + // + // Support in HTTPRouteRule: Extended + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterResponseHeaderModifier HTTPRouteFilterType = "ResponseHeaderModifier" + + // HTTPRouteFilterRequestRedirect can be used to redirect a request to + // another location. This filter can also be used for HTTP to HTTPS + // redirects. This may not be used on the same Route rule or BackendRef as a + // URLRewrite filter. + // + // Support in HTTPRouteRule: Core + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterRequestRedirect HTTPRouteFilterType = "RequestRedirect" + + // HTTPRouteFilterURLRewrite can be used to modify a request during + // forwarding. At most one of these filters may be used on a Route rule. + // This may not be used on the same Route rule or BackendRef as a + // RequestRedirect filter. + // + // Support in HTTPRouteRule: Extended + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterURLRewrite HTTPRouteFilterType = "URLRewrite" + + // HTTPRouteFilterRequestMirror can be used to mirror HTTP requests to a + // different backend. The responses from this backend MUST be ignored by + // the Gateway. + // + // Support in HTTPRouteRule: Extended + // + // Support in HTTPBackendRef: Extended + HTTPRouteFilterRequestMirror HTTPRouteFilterType = "RequestMirror" + + // HTTPRouteFilterExtensionRef should be used for configuring custom + // HTTP filters. + // + // Support in HTTPRouteRule: Implementation-specific + // + // Support in HTTPBackendRef: Implementation-specific + HTTPRouteFilterExtensionRef HTTPRouteFilterType = "ExtensionRef" +) + +// HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. +type HTTPHeader struct { + // Name is the name of the HTTP Header to be matched. Name matching MUST be + // case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + // + // If multiple entries specify equivalent header names, the first entry with + // an equivalent name MUST be considered for a match. Subsequent entries + // with an equivalent header name MUST be ignored. Due to the + // case-insensitivity of header names, "foo" and "Foo" are considered + // equivalent. + Name HTTPHeaderName `json:"name"` + + // Value is the value of HTTP Header to be matched. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=4096 + Value string `json:"value"` +} + +// HTTPHeaderFilter defines a filter that modifies the headers of an HTTP +// request or response. Only one action for a given header name is permitted. +// Filters specifying multiple actions of the same or different type for any one +// header name are invalid and will be rejected by the webhook if installed. +// Configuration to set or add multiple values for a header must use RFC 7230 +// header value formatting, separating each value with a comma. +type HTTPHeaderFilter struct { + // Set overwrites the request with the given header (name, value) + // before the action. + // + // Input: + // GET /foo HTTP/1.1 + // my-header: foo + // + // Config: + // set: + // - name: "my-header" + // value: "bar" + // + // Output: + // GET /foo HTTP/1.1 + // my-header: bar + // + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=16 + Set []HTTPHeader `json:"set,omitempty"` + + // Add adds the given header(s) (name, value) to the request + // before the action. It appends to any existing values associated + // with the header name. + // + // Input: + // GET /foo HTTP/1.1 + // my-header: foo + // + // Config: + // add: + // - name: "my-header" + // value: "bar,baz" + // + // Output: + // GET /foo HTTP/1.1 + // my-header: foo,bar,baz + // + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=16 + Add []HTTPHeader `json:"add,omitempty"` + + // Remove the given header(s) from the HTTP request before the action. The + // value of Remove is a list of HTTP header names. Note that the header + // names are case-insensitive (see + // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + // + // Input: + // GET /foo HTTP/1.1 + // my-header1: foo + // my-header2: bar + // my-header3: baz + // + // Config: + // remove: ["my-header1", "my-header3"] + // + // Output: + // GET /foo HTTP/1.1 + // my-header2: bar + // + // +optional + // +listType=set + // +kubebuilder:validation:MaxItems=16 + Remove []string `json:"remove,omitempty"` +} + +// HTTPPathModifierType defines the type of path redirect or rewrite. +type HTTPPathModifierType string + +const ( + // This type of modifier indicates that the full path will be replaced + // by the specified value. + FullPathHTTPPathModifier HTTPPathModifierType = "ReplaceFullPath" + + // This type of modifier indicates that any prefix path matches will be + // replaced by the substitution value. For example, a path with a prefix + // match of "/foo" and a ReplacePrefixMatch substitution of "/bar" will have + // the "/foo" prefix replaced with "/bar" in matching requests. + // + // Note that this matches the behavior of the PathPrefix match type. This + // matches full path elements. A path element refers to the list of labels + // in the path split by the `/` separator. When specified, a trailing `/` is + // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + // match the prefix `/abc`, but the path `/abcd` would not. + PrefixMatchHTTPPathModifier HTTPPathModifierType = "ReplacePrefixMatch" +) + +// HTTPPathModifier defines configuration for path modifiers. +// +// +kubebuilder:validation:XValidation:message="replaceFullPath must be specified when type is set to 'ReplaceFullPath'",rule="self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" +// +kubebuilder:validation:XValidation:message="type must be 'ReplaceFullPath' when replaceFullPath is set",rule="has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" +// +kubebuilder:validation:XValidation:message="replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'",rule="self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" +// +kubebuilder:validation:XValidation:message="type must be 'ReplacePrefixMatch' when replacePrefixMatch is set",rule="has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" +type HTTPPathModifier struct { + // Type defines the type of path modifier. Additional types may be + // added in a future release of the API. + // + // Note that values may be added to this enum, implementations + // must ensure that unknown values will not cause a crash. + // + // Unknown values here must result in the implementation setting the + // Accepted Condition for the Route to `status: False`, with a + // Reason of `UnsupportedValue`. + // + // +kubebuilder:validation:Enum=ReplaceFullPath;ReplacePrefixMatch + Type HTTPPathModifierType `json:"type"` + + // ReplaceFullPath specifies the value with which to replace the full path + // of a request during a rewrite or redirect. + // + // +kubebuilder:validation:MaxLength=1024 + // +optional + ReplaceFullPath *string `json:"replaceFullPath,omitempty"` + + // ReplacePrefixMatch specifies the value with which to replace the prefix + // match of a request during a rewrite or redirect. For example, a request + // to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + // of "/xyz" would be modified to "/xyz/bar". + // + // Note that this matches the behavior of the PathPrefix match type. This + // matches full path elements. A path element refers to the list of labels + // in the path split by the `/` separator. When specified, a trailing `/` is + // ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + // match the prefix `/abc`, but the path `/abcd` would not. + // + // ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + // Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + // the implementation setting the Accepted Condition for the Route to `status: False`. + // + // Request Path | Prefix Match | Replace Prefix | Modified Path + // -------------|--------------|----------------|---------- + // /foo/bar | /foo | /xyz | /xyz/bar + // /foo/bar | /foo | /xyz/ | /xyz/bar + // /foo/bar | /foo/ | /xyz | /xyz/bar + // /foo/bar | /foo/ | /xyz/ | /xyz/bar + // /foo | /foo | /xyz | /xyz + // /foo/ | /foo | /xyz | /xyz/ + // /foo/bar | /foo | | /bar + // /foo/ | /foo | | / + // /foo | /foo | | / + // /foo/ | /foo | / | / + // /foo | /foo | / | / + // + // +kubebuilder:validation:MaxLength=1024 + // +optional + ReplacePrefixMatch *string `json:"replacePrefixMatch,omitempty"` +} + +// HTTPRequestRedirect defines a filter that redirects a request. This filter +// MUST NOT be used on the same Route rule as a HTTPURLRewrite filter. +type HTTPRequestRedirectFilter struct { + // Scheme is the scheme to be used in the value of the `Location` header in + // the response. When empty, the scheme of the request is used. + // + // Scheme redirects can affect the port of the redirect, for more information, + // refer to the documentation for the port field of this filter. + // + // Note that values may be added to this enum, implementations + // must ensure that unknown values will not cause a crash. + // + // Unknown values here must result in the implementation setting the + // Accepted Condition for the Route to `status: False`, with a + // Reason of `UnsupportedValue`. + // + // Support: Extended + // + // +optional + // +kubebuilder:validation:Enum=http;https + Scheme *string `json:"scheme,omitempty"` + + // Hostname is the hostname to be used in the value of the `Location` + // header in the response. + // When empty, the hostname in the `Host` header of the request is used. + // + // Support: Core + // + // +optional + Hostname *PreciseHostname `json:"hostname,omitempty"` + + // Path defines parameters used to modify the path of the incoming request. + // The modified path is then used to construct the `Location` header. When + // empty, the request path is used as-is. + // + // Support: Extended + // + // +optional + Path *HTTPPathModifier `json:"path,omitempty"` + + // Port is the port to be used in the value of the `Location` + // header in the response. + // + // If no port is specified, the redirect port MUST be derived using the + // following rules: + // + // * If redirect scheme is not-empty, the redirect port MUST be the well-known + // port associated with the redirect scheme. Specifically "http" to port 80 + // and "https" to port 443. If the redirect scheme does not have a + // well-known port, the listener port of the Gateway SHOULD be used. + // * If redirect scheme is empty, the redirect port MUST be the Gateway + // Listener port. + // + // Implementations SHOULD NOT add the port number in the 'Location' + // header in the following cases: + // + // * A Location header that will use HTTP (whether that is determined via + // the Listener protocol or the Scheme field) _and_ use port 80. + // * A Location header that will use HTTPS (whether that is determined via + // the Listener protocol or the Scheme field) _and_ use port 443. + // + // Support: Extended + // + // +optional + Port *PortNumber `json:"port,omitempty"` + + // StatusCode is the HTTP status code to be used in response. + // + // Note that values may be added to this enum, implementations + // must ensure that unknown values will not cause a crash. + // + // Unknown values here must result in the implementation setting the + // Accepted Condition for the Route to `status: False`, with a + // Reason of `UnsupportedValue`. + // + // Support: Core + // + // +optional + // +kubebuilder:default=302 + // +kubebuilder:validation:Enum=301;302 + StatusCode *int `json:"statusCode,omitempty"` +} + +// HTTPURLRewriteFilter defines a filter that modifies a request during +// forwarding. At most one of these filters may be used on a Route rule. This +// MUST NOT be used on the same Route rule as a HTTPRequestRedirect filter. +// +// Support: Extended +type HTTPURLRewriteFilter struct { + // Hostname is the value to be used to replace the Host header value during + // forwarding. + // + // Support: Extended + // + // +optional + Hostname *PreciseHostname `json:"hostname,omitempty"` + + // Path defines a path rewrite. + // + // Support: Extended + // + // +optional + Path *HTTPPathModifier `json:"path,omitempty"` +} + +// HTTPRequestMirrorFilter defines configuration for the RequestMirror filter. +type HTTPRequestMirrorFilter struct { + // BackendRef references a resource where mirrored requests are sent. + // + // Mirrored requests must be sent only to a single destination endpoint + // within this BackendRef, irrespective of how many endpoints are present + // within this BackendRef. + // + // If the referent cannot be found, this BackendRef is invalid and must be + // dropped from the Gateway. The controller must ensure the "ResolvedRefs" + // condition on the Route status is set to `status: False` and not configure + // this backend in the underlying implementation. + // + // If there is a cross-namespace reference to an *existing* object + // that is not allowed by a ReferenceGrant, the controller must ensure the + // "ResolvedRefs" condition on the Route is set to `status: False`, + // with the "RefNotPermitted" reason and not configure this backend in the + // underlying implementation. + // + // In either error case, the Message of the `ResolvedRefs` Condition + // should be used to provide more detail about the problem. + // + // Support: Extended for Kubernetes Service + // + // Support: Implementation-specific for any other resource + BackendRef BackendObjectReference `json:"backendRef"` +} + +// HTTPBackendRef defines how a HTTPRoute should forward an HTTP request. +type HTTPBackendRef struct { + // BackendRef is a reference to a backend to forward matched requests to. + // + // A BackendRef can be invalid for the following reasons. In all cases, the + // implementation MUST ensure the `ResolvedRefs` Condition on the Route + // is set to `status: False`, with a Reason and Message that indicate + // what is the cause of the error. + // + // A BackendRef is invalid if: + // + // * It refers to an unknown or unsupported kind of resource. In this + // case, the Reason must be set to `InvalidKind` and Message of the + // Condition must explain which kind of resource is unknown or unsupported. + // + // * It refers to a resource that does not exist. In this case, the Reason must + // be set to `BackendNotFound` and the Message of the Condition must explain + // which resource does not exist. + // + // * It refers a resource in another namespace when the reference has not been + // explicitly allowed by a ReferenceGrant (or equivalent concept). In this + // case, the Reason must be set to `RefNotPermitted` and the Message of the + // Condition must explain which cross-namespace reference is not allowed. + // + // Support: Core for Kubernetes Service + // + // Support: Implementation-specific for any other resource + // + // Support for weight: Core + // + // +optional + BackendRef `json:",inline"` + + // Filters defined at this level should be executed if and only if the + // request is being forwarded to the backend defined here. + // + // Support: Implementation-specific (For broader support of filters, use the + // Filters field in HTTPRouteRule.) + // + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:message="May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both",rule="!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + // +kubebuilder:validation:XValidation:message="May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both",rule="!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + // +kubebuilder:validation:XValidation:message="RequestHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="ResponseHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="RequestRedirect filter cannot be repeated",rule="self.filter(f, f.type == 'RequestRedirect').size() <= 1" + // +kubebuilder:validation:XValidation:message="URLRewrite filter cannot be repeated",rule="self.filter(f, f.type == 'URLRewrite').size() <= 1" + Filters []HTTPRouteFilter `json:"filters,omitempty"` +} + +// HTTPRouteStatus defines the observed state of HTTPRoute. +type HTTPRouteStatus struct { + RouteStatus `json:",inline"` +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/object_reference_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/object_reference_types.go new file mode 100644 index 00000000000..4ef1c37891a --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/object_reference_types.go @@ -0,0 +1,147 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +// LocalObjectReference identifies an API object within the namespace of the +// referrer. +// The API object must be valid in the cluster; the Group and Kind must +// be registered in the cluster for this reference to be valid. +// +// References to objects with invalid Group and Kind are not valid, and must +// be rejected by the implementation, with appropriate Conditions set +// on the containing object. +type LocalObjectReference struct { + // Group is the group of the referent. For example, "gateway.networking.k8s.io". + // When unspecified or empty string, core API group is inferred. + Group Group `json:"group"` + + // Kind is kind of the referent. For example "HTTPRoute" or "Service". + Kind Kind `json:"kind"` + + // Name is the name of the referent. + Name ObjectName `json:"name"` +} + +// SecretObjectReference identifies an API object including its namespace, +// defaulting to Secret. +// +// The API object must be valid in the cluster; the Group and Kind must +// be registered in the cluster for this reference to be valid. +// +// References to objects with invalid Group and Kind are not valid, and must +// be rejected by the implementation, with appropriate Conditions set +// on the containing object. +type SecretObjectReference struct { + // Group is the group of the referent. For example, "gateway.networking.k8s.io". + // When unspecified or empty string, core API group is inferred. + // + // +optional + // +kubebuilder:default="" + Group *Group `json:"group"` + + // Kind is kind of the referent. For example "Secret". + // + // +optional + // +kubebuilder:default=Secret + Kind *Kind `json:"kind"` + + // Name is the name of the referent. + Name ObjectName `json:"name"` + + // Namespace is the namespace of the backend. When unspecified, the local + // namespace is inferred. + // + // Note that when a namespace different than the local namespace is specified, + // a ReferenceGrant object is required in the referent namespace to allow that + // namespace's owner to accept the reference. See the ReferenceGrant + // documentation for details. + // + // Support: Core + // + // +optional + Namespace *Namespace `json:"namespace,omitempty"` +} + +// BackendObjectReference defines how an ObjectReference that is +// specific to BackendRef. It includes a few additional fields and features +// than a regular ObjectReference. +// +// Note that when a namespace different than the local namespace is specified, a +// ReferenceGrant object is required in the referent namespace to allow that +// namespace's owner to accept the reference. See the ReferenceGrant +// documentation for details. +// +// The API object must be valid in the cluster; the Group and Kind must +// be registered in the cluster for this reference to be valid. +// +// References to objects with invalid Group and Kind are not valid, and must +// be rejected by the implementation, with appropriate Conditions set +// on the containing object. +// +// +kubebuilder:validation:XValidation:message="Must have port for Service reference",rule="(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" +type BackendObjectReference struct { + // Group is the group of the referent. For example, "gateway.networking.k8s.io". + // When unspecified or empty string, core API group is inferred. + // + // +optional + // +kubebuilder:default="" + Group *Group `json:"group,omitempty"` + + // Kind is the Kubernetes resource kind of the referent. For example + // "Service". + // + // Defaults to "Service" when not specified. + // + // ExternalName services can refer to CNAME DNS records that may live + // outside of the cluster and as such are difficult to reason about in + // terms of conformance. They also may not be safe to forward to (see + // CVE-2021-25740 for more information). Implementations SHOULD NOT + // support ExternalName Services. + // + // Support: Core (Services with a type other than ExternalName) + // + // Support: Implementation-specific (Services with type ExternalName) + // + // +optional + // +kubebuilder:default=Service + Kind *Kind `json:"kind,omitempty"` + + // Name is the name of the referent. + Name ObjectName `json:"name"` + + // Namespace is the namespace of the backend. When unspecified, the local + // namespace is inferred. + // + // Note that when a namespace different than the local namespace is specified, + // a ReferenceGrant object is required in the referent namespace to allow that + // namespace's owner to accept the reference. See the ReferenceGrant + // documentation for details. + // + // Support: Core + // + // +optional + Namespace *Namespace `json:"namespace,omitempty"` + + // Port specifies the destination port number to use for this resource. + // Port is required when the referent is a Kubernetes Service. In this + // case, the port number is the service port number, not the target port. + // For other resources, destination port might be derived from the referent + // resource or this field. + // + // +optional + Port *PortNumber `json:"port,omitempty"` +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/referencegrant_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/referencegrant_types.go new file mode 100644 index 00000000000..0b0caf70882 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/referencegrant_types.go @@ -0,0 +1,143 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=gateway-api,shortName=refgrant +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:storageversion + +// ReferenceGrant identifies kinds of resources in other namespaces that are +// trusted to reference the specified kinds of resources in the same namespace +// as the policy. +// +// Each ReferenceGrant can be used to represent a unique trust relationship. +// Additional Reference Grants can be used to add to the set of trusted +// sources of inbound references for the namespace they are defined within. +// +// All cross-namespace references in Gateway API (with the exception of cross-namespace +// Gateway-route attachment) require a ReferenceGrant. +// +// ReferenceGrant is a form of runtime verification allowing users to assert +// which cross-namespace object references are permitted. Implementations that +// support ReferenceGrant MUST NOT permit cross-namespace references which have +// no grant, and MUST respond to the removal of a grant by revoking the access +// that the grant allowed. +type ReferenceGrant struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of ReferenceGrant. + Spec ReferenceGrantSpec `json:"spec,omitempty"` + + // Note that `Status` sub-resource has been excluded at the + // moment as it was difficult to work out the design. + // `Status` sub-resource may be added in future. +} + +// +kubebuilder:object:root=true +// ReferenceGrantList contains a list of ReferenceGrant. +type ReferenceGrantList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ReferenceGrant `json:"items"` +} + +// ReferenceGrantSpec identifies a cross namespace relationship that is trusted +// for Gateway API. +type ReferenceGrantSpec struct { + // From describes the trusted namespaces and kinds that can reference the + // resources described in "To". Each entry in this list MUST be considered + // to be an additional place that references can be valid from, or to put + // this another way, entries MUST be combined using OR. + // + // Support: Core + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + From []ReferenceGrantFrom `json:"from"` + + // To describes the resources that may be referenced by the resources + // described in "From". Each entry in this list MUST be considered to be an + // additional place that references can be valid to, or to put this another + // way, entries MUST be combined using OR. + // + // Support: Core + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + To []ReferenceGrantTo `json:"to"` +} + +// ReferenceGrantFrom describes trusted namespaces and kinds. +type ReferenceGrantFrom struct { + // Group is the group of the referent. + // When empty, the Kubernetes core API group is inferred. + // + // Support: Core + Group Group `json:"group"` + + // Kind is the kind of the referent. Although implementations may support + // additional resources, the following types are part of the "Core" + // support level for this field. + // + // When used to permit a SecretObjectReference: + // + // * Gateway + // + // When used to permit a BackendObjectReference: + // + // * GRPCRoute + // * HTTPRoute + // * TCPRoute + // * TLSRoute + // * UDPRoute + Kind Kind `json:"kind"` + + // Namespace is the namespace of the referent. + // + // Support: Core + Namespace Namespace `json:"namespace"` +} + +// ReferenceGrantTo describes what Kinds are allowed as targets of the +// references. +type ReferenceGrantTo struct { + // Group is the group of the referent. + // When empty, the Kubernetes core API group is inferred. + // + // Support: Core + Group Group `json:"group"` + + // Kind is the kind of the referent. Although implementations may support + // additional resources, the following types are part of the "Core" + // support level for this field: + // + // * Secret when used to permit a SecretObjectReference + // * Service when used to permit a BackendObjectReference + Kind Kind `json:"kind"` + + // Name is the name of the referent. When unspecified, this policy + // refers to all resources of the specified Group and Kind in the local + // namespace. + // + // +optional + Name *ObjectName `json:"name,omitempty"` +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/shared_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/shared_types.go new file mode 100644 index 00000000000..b18af1d0e06 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/shared_types.go @@ -0,0 +1,643 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// ParentReference identifies an API object (usually a Gateway) that can be considered +// a parent of this resource (usually a route). There are two kinds of parent resources +// with "Core" support: +// +// * Gateway (Gateway conformance profile) +// * Service (Mesh conformance profile, experimental, ClusterIP Services only) +// +// This API may be extended in the future to support additional kinds of parent +// resources. +// +// The API object must be valid in the cluster; the Group and Kind must +// be registered in the cluster for this reference to be valid. +type ParentReference struct { + // Group is the group of the referent. + // When unspecified, "gateway.networking.k8s.io" is inferred. + // To set the core API group (such as for a "Service" kind referent), + // Group must be explicitly set to "" (empty string). + // + // Support: Core + // + // +kubebuilder:default=gateway.networking.k8s.io + // +optional + Group *Group `json:"group,omitempty"` + + // Kind is kind of the referent. + // + // There are two kinds of parent resources with "Core" support: + // + // * Gateway (Gateway conformance profile) + // * Service (Mesh conformance profile, experimental, ClusterIP Services only) + // + // Support for other resources is Implementation-Specific. + // + // +kubebuilder:default=Gateway + // +optional + Kind *Kind `json:"kind,omitempty"` + + // Namespace is the namespace of the referent. When unspecified, this refers + // to the local namespace of the Route. + // + // Note that there are specific rules for ParentRefs which cross namespace + // boundaries. Cross-namespace references are only valid if they are explicitly + // allowed by something in the namespace they are referring to. For example: + // Gateway has the AllowedRoutes field, and ReferenceGrant provides a + // generic way to enable any other kind of cross-namespace reference. + // + // ParentRefs from a Route to a Service in the same namespace are "producer" + // routes, which apply default routing rules to inbound connections from + // any namespace to the Service. + // + // ParentRefs from a Route to a Service in a different namespace are + // "consumer" routes, and these routing rules are only applied to outbound + // connections originating from the same namespace as the Route, for which + // the intended destination of the connections are a Service targeted as a + // ParentRef of the Route. + // + // Support: Core + // + // +optional + Namespace *Namespace `json:"namespace,omitempty"` + + // Name is the name of the referent. + // + // Support: Core + Name ObjectName `json:"name"` + + // SectionName is the name of a section within the target resource. In the + // following resources, SectionName is interpreted as the following: + // + // * Gateway: Listener Name. When both Port (experimental) and SectionName + // are specified, the name and port of the selected listener must match + // both specified values. + // * Service: Port Name. When both Port (experimental) and SectionName + // are specified, the name and port of the selected listener must match + // both specified values. Note that attaching Routes to Services as Parents + // is part of experimental Mesh support and is not supported for any other + // purpose. + // + // Implementations MAY choose to support attaching Routes to other resources. + // If that is the case, they MUST clearly document how SectionName is + // interpreted. + // + // When unspecified (empty string), this will reference the entire resource. + // For the purpose of status, an attachment is considered successful if at + // least one section in the parent resource accepts it. For example, Gateway + // listeners can restrict which Routes can attach to them by Route kind, + // namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + // the referencing Route, the Route MUST be considered successfully + // attached. If no Gateway listeners accept attachment from this Route, the + // Route MUST be considered detached from the Gateway. + // + // Support: Core + // + // +optional + SectionName *SectionName `json:"sectionName,omitempty"` + + // Port is the network port this Route targets. It can be interpreted + // differently based on the type of parent resource. + // + // When the parent resource is a Gateway, this targets all listeners + // listening on the specified port that also support this kind of Route(and + // select this Route). It's not recommended to set `Port` unless the + // networking behaviors specified in a Route must apply to a specific port + // as opposed to a listener(s) whose port(s) may be changed. When both Port + // and SectionName are specified, the name and port of the selected listener + // must match both specified values. + // + // When the parent resource is a Service, this targets a specific port in the + // Service spec. When both Port (experimental) and SectionName are specified, + // the name and port of the selected port must match both specified values. + // + // Implementations MAY choose to support other parent resources. + // Implementations supporting other types of parent resources MUST clearly + // document how/if Port is interpreted. + // + // For the purpose of status, an attachment is considered successful as + // long as the parent resource accepts it partially. For example, Gateway + // listeners can restrict which Routes can attach to them by Route kind, + // namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + // from the referencing Route, the Route MUST be considered successfully + // attached. If no Gateway listeners accept attachment from this Route, + // the Route MUST be considered detached from the Gateway. + // + // Support: Extended + // + // +optional + // + Port *PortNumber `json:"port,omitempty"` +} + +// CommonRouteSpec defines the common attributes that all Routes MUST include +// within their spec. +type CommonRouteSpec struct { + // ParentRefs references the resources (usually Gateways) that a Route wants + // to be attached to. Note that the referenced parent resource needs to + // allow this for the attachment to be complete. For Gateways, that means + // the Gateway needs to allow attachment from Routes of this kind and + // namespace. For Services, that means the Service must either be in the same + // namespace for a "producer" route, or the mesh implementation must support + // and allow "consumer" routes for the referenced Service. ReferenceGrant is + // not applicable for governing ParentRefs to Services - it is not possible to + // create a "producer" route for a Service in a different namespace from the + // Route. + // + // There are two kinds of parent resources with "Core" support: + // + // * Gateway (Gateway conformance profile) + // * Service (Mesh conformance profile, experimental, ClusterIP Services only) + // + // This API may be extended in the future to support additional kinds of parent + // resources. + // + // It is invalid to reference an identical parent more than once. It is + // valid to reference multiple distinct sections within the same parent + // resource, such as two separate Listeners on the same Gateway or two separate + // ports on the same Service. + // + // It is possible to separately reference multiple distinct objects that may + // be collapsed by an implementation. For example, some implementations may + // choose to merge compatible Gateway Listeners together. If that is the + // case, the list of routes attached to those resources should also be + // merged. + // + // Note that for ParentRefs that cross namespace boundaries, there are specific + // rules. Cross-namespace references are only valid if they are explicitly + // allowed by something in the namespace they are referring to. For example, + // Gateway has the AllowedRoutes field, and ReferenceGrant provides a + // generic way to enable other kinds of cross-namespace reference. + // + // ParentRefs from a Route to a Service in the same namespace are "producer" + // routes, which apply default routing rules to inbound connections from + // any namespace to the Service. + // + // ParentRefs from a Route to a Service in a different namespace are + // "consumer" routes, and these routing rules are only applied to outbound + // connections originating from the same namespace as the Route, for which + // the intended destination of the connections are a Service targeted as a + // ParentRef of the Route. + // + // +optional + // +kubebuilder:validation:MaxItems=32 + // + // + // + // + ParentRefs []ParentReference `json:"parentRefs,omitempty"` +} + +// PortNumber defines a network port. +// +// +kubebuilder:validation:Minimum=1 +// +kubebuilder:validation:Maximum=65535 +type PortNumber int32 + +// BackendRef defines how a Route should forward a request to a Kubernetes +// resource. +// +// Note that when a namespace different than the local namespace is specified, a +// ReferenceGrant object is required in the referent namespace to allow that +// namespace's owner to accept the reference. See the ReferenceGrant +// documentation for details. +type BackendRef struct { + // BackendObjectReference references a Kubernetes object. + BackendObjectReference `json:",inline"` + + // Weight specifies the proportion of requests forwarded to the referenced + // backend. This is computed as weight/(sum of all weights in this + // BackendRefs list). For non-zero values, there may be some epsilon from + // the exact proportion defined here depending on the precision an + // implementation supports. Weight is not a percentage and the sum of + // weights does not need to equal 100. + // + // If only one backend is specified and it has a weight greater than 0, 100% + // of the traffic is forwarded to that backend. If weight is set to 0, no + // traffic should be forwarded for this entry. If unspecified, weight + // defaults to 1. + // + // Support for this field varies based on the context where used. + // + // +optional + // +kubebuilder:default=1 + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000000 + Weight *int32 `json:"weight,omitempty"` +} + +// RouteConditionType is a type of condition for a route. +type RouteConditionType string + +// RouteConditionReason is a reason for a route condition. +type RouteConditionReason string + +const ( + // This condition indicates whether the route has been accepted or rejected + // by a Gateway, and why. + // + // Possible reasons for this condition to be true are: + // + // * "Accepted" + // + // Possible reasons for this condition to be False are: + // + // * "NotAllowedByListeners" + // * "NoMatchingListenerHostname" + // * "NoMatchingParent" + // * "UnsupportedValue" + // + // Possible reasons for this condition to be Unknown are: + // + // * "Pending" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + RouteConditionAccepted RouteConditionType = "Accepted" + + // This reason is used with the "Accepted" condition when the Route has been + // accepted by the Gateway. + RouteReasonAccepted RouteConditionReason = "Accepted" + + // This reason is used with the "Accepted" condition when the route has not + // been accepted by a Gateway because the Gateway has no Listener whose + // allowedRoutes criteria permit the route + RouteReasonNotAllowedByListeners RouteConditionReason = "NotAllowedByListeners" + + // This reason is used with the "Accepted" condition when the Gateway has no + // compatible Listeners whose Hostname matches the route + RouteReasonNoMatchingListenerHostname RouteConditionReason = "NoMatchingListenerHostname" + + // This reason is used with the "Accepted" condition when there are + // no matching Parents. In the case of Gateways, this can occur when + // a Route ParentRef specifies a Port and/or SectionName that does not + // match any Listeners in the Gateway. + RouteReasonNoMatchingParent RouteConditionReason = "NoMatchingParent" + + // This reason is used with the "Accepted" condition when a value for an Enum + // is not recognized. + RouteReasonUnsupportedValue RouteConditionReason = "UnsupportedValue" + + // This reason is used with the "Accepted" when a controller has not yet + // reconciled the route. + RouteReasonPending RouteConditionReason = "Pending" + + // This reason is used with the "Accepted" condition when there + // are incompatible filters present on a route rule (for example if + // the URLRewrite and RequestRedirect are both present on an HTTPRoute). + RouteReasonIncompatibleFilters RouteConditionReason = "IncompatibleFilters" + + // This condition indicates whether the controller was able to resolve all + // the object references for the Route. + // + // Possible reasons for this condition to be true are: + // + // * "ResolvedRefs" + // + // Possible reasons for this condition to be false are: + // + // * "RefNotPermitted" + // * "InvalidKind" + // * "BackendNotFound" + // + // Controllers may raise this condition with other reasons, + // but should prefer to use the reasons listed above to improve + // interoperability. + RouteConditionResolvedRefs RouteConditionType = "ResolvedRefs" + + // This reason is used with the "ResolvedRefs" condition when the condition + // is true. + RouteReasonResolvedRefs RouteConditionReason = "ResolvedRefs" + + // This reason is used with the "ResolvedRefs" condition when + // one of the Listener's Routes has a BackendRef to an object in + // another namespace, where the object in the other namespace does + // not have a ReferenceGrant explicitly allowing the reference. + RouteReasonRefNotPermitted RouteConditionReason = "RefNotPermitted" + + // This reason is used with the "ResolvedRefs" condition when + // one of the Route's rules has a reference to an unknown or unsupported + // Group and/or Kind. + RouteReasonInvalidKind RouteConditionReason = "InvalidKind" + + // This reason is used with the "ResolvedRefs" condition when one of the + // Route's rules has a reference to a resource that does not exist. + RouteReasonBackendNotFound RouteConditionReason = "BackendNotFound" +) + +// RouteParentStatus describes the status of a route with respect to an +// associated Parent. +type RouteParentStatus struct { + // ParentRef corresponds with a ParentRef in the spec that this + // RouteParentStatus struct describes the status of. + ParentRef ParentReference `json:"parentRef"` + + // ControllerName is a domain/path string that indicates the name of the + // controller that wrote this status. This corresponds with the + // controllerName field on GatewayClass. + // + // Example: "example.net/gateway-controller". + // + // The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are + // valid Kubernetes names + // (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + // + // Controllers MUST populate this field when writing status. Controllers should ensure that + // entries to status populated with their ControllerName are cleaned up when they are no + // longer necessary. + ControllerName GatewayController `json:"controllerName"` + + // Conditions describes the status of the route with respect to the Gateway. + // Note that the route's availability is also subject to the Gateway's own + // status conditions and listener status. + // + // If the Route's ParentRef specifies an existing Gateway that supports + // Routes of this kind AND that Gateway's controller has sufficient access, + // then that Gateway's controller MUST set the "Accepted" condition on the + // Route, to indicate whether the route has been accepted or rejected by the + // Gateway, and why. + // + // A Route MUST be considered "Accepted" if at least one of the Route's + // rules is implemented by the Gateway. + // + // There are a number of cases where the "Accepted" condition may not be set + // due to lack of controller visibility, that includes when: + // + // * The Route refers to a non-existent parent. + // * The Route is of a type that the controller does not support. + // * The Route is in a namespace the controller does not have access to. + // + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// RouteStatus defines the common attributes that all Routes MUST include within +// their status. +type RouteStatus struct { + // Parents is a list of parent resources (usually Gateways) that are + // associated with the route, and the status of the route with respect to + // each parent. When this route attaches to a parent, the controller that + // manages the parent must add an entry to this list when the controller + // first sees the route and should update the entry as appropriate when the + // route or gateway is modified. + // + // Note that parent references that cannot be resolved by an implementation + // of this API will not be added to this list. Implementations of this API + // can only populate Route status for the Gateways/parent resources they are + // responsible for. + // + // A maximum of 32 Gateways will be represented in this list. An empty list + // means the route has not been attached to any Gateway. + // + // +kubebuilder:validation:MaxItems=32 + Parents []RouteParentStatus `json:"parents"` +} + +// Hostname is the fully qualified domain name of a network host. This matches +// the RFC 1123 definition of a hostname with 2 notable exceptions: +// +// 1. IPs are not allowed. +// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard +// label must appear by itself as the first label. +// +// Hostname can be "precise" which is a domain name without the terminating +// dot of a network host (e.g. "foo.example.com") or "wildcard", which is a +// domain name prefixed with a single wildcard label (e.g. `*.example.com`). +// +// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case +// alphanumeric characters or '-', and must start and end with an alphanumeric +// character. No other punctuation is allowed. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` +type Hostname string + +// PreciseHostname is the fully qualified domain name of a network host. This +// matches the RFC 1123 definition of a hostname with 1 notable exception that +// numeric IP addresses are not allowed. +// +// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case +// alphanumeric characters or '-', and must start and end with an alphanumeric +// character. No other punctuation is allowed. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` +type PreciseHostname string + +// Group refers to a Kubernetes Group. It must either be an empty string or a +// RFC 1123 subdomain. +// +// This validation is based off of the corresponding Kubernetes validation: +// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208 +// +// Valid values include: +// +// * "" - empty string implies core Kubernetes API group +// * "gateway.networking.k8s.io" +// * "foo.example.com" +// +// Invalid values include: +// +// * "example.com/bar" - "/" is an invalid character +// +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` +type Group string + +// Kind refers to a Kubernetes Kind. +// +// Valid values include: +// +// * "Service" +// * "HTTPRoute" +// +// Invalid values include: +// +// * "invalid/kind" - "/" is an invalid character +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=63 +// +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$` +type Kind string + +// ObjectName refers to the name of a Kubernetes object. +// Object names can have a variety of forms, including RFC1123 subdomains, +// RFC 1123 labels, or RFC 1035 labels. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +type ObjectName string + +// Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label. +// +// This validation is based off of the corresponding Kubernetes validation: +// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187 +// +// This is used for Namespace name validation here: +// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63 +// +// Valid values include: +// +// * "example" +// +// Invalid values include: +// +// * "example.com" - "." is an invalid character +// +// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=63 +type Namespace string + +// SectionName is the name of a section in a Kubernetes resource. +// +// This validation is based off of the corresponding Kubernetes validation: +// https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208 +// +// Valid values include: +// +// * "example.com" +// * "foo.example.com" +// +// Invalid values include: +// +// * "example.com/bar" - "/" is an invalid character +// +// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +type SectionName string + +// GatewayController is the name of a Gateway API controller. It must be a +// domain prefixed path. +// +// Valid values include: +// +// * "example.com/bar" +// +// Invalid values include: +// +// * "example.com" - must include path +// * "foo.example.com" - must include path +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$` +type GatewayController string + +// AnnotationKey is the key of an annotation in Gateway API. This is used for +// validation of maps such as TLS options. This matches the Kubernetes +// "qualified name" validation that is used for annotations and other common +// values. +// +// Valid values include: +// +// * example +// * example.com +// * example.com/path +// * example.com/path.html +// +// Invalid values include: +// +// * example~ - "~" is an invalid character +// * example.com. - can not start or end with "." +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]/?)*$` +type AnnotationKey string + +// AnnotationValue is the value of an annotation in Gateway API. This is used +// for validation of maps such as TLS options. This roughly matches Kubernetes +// annotation validation, although the length validation in that case is based +// on the entire size of the annotations struct. +// +// +kubebuilder:validation:MinLength=0 +// +kubebuilder:validation:MaxLength=4096 +type AnnotationValue string + +// AddressType defines how a network address is represented as a text string. +// This may take two possible forms: +// +// * A predefined CamelCase string identifier (currently limited to `IPAddress` or `Hostname`) +// * A domain-prefixed string identifier (like `acme.io/CustomAddressType`) +// +// Values `IPAddress` and `Hostname` have Extended support. +// +// The `NamedAddress` value has been deprecated in favor of implementation +// specific domain-prefixed strings. +// +// All other values, including domain-prefixed values have Implementation-specific support, +// which are used in implementation-specific behaviors. Support for additional +// predefined CamelCase identifiers may be added in future releases. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$` +type AddressType string + +// HeaderName is the name of a header or query parameter. +// +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=256 +// +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$` +// +k8s:deepcopy-gen=false +type HeaderName string + +const ( + // A textual representation of a numeric IP address. IPv4 + // addresses must be in dotted-decimal form. IPv6 addresses + // must be in a standard IPv6 text representation + // (see [RFC 5952](https://tools.ietf.org/html/rfc5952)). + // + // This type is intended for specific addresses. Address ranges are not + // supported (e.g. you can not use a CIDR range like 127.0.0.0/24 as an + // IPAddress). + // + // Support: Extended + IPAddressType AddressType = "IPAddress" + + // A Hostname represents a DNS based ingress point. This is similar to the + // corresponding hostname field in Kubernetes load balancer status. For + // example, this concept may be used for cloud load balancers where a DNS + // name is used to expose a load balancer. + // + // Support: Extended + HostnameAddressType AddressType = "Hostname" + + // A NamedAddress provides a way to reference a specific IP address by name. + // For example, this may be a name or other unique identifier that refers + // to a resource on a cloud provider such as a static IP. + // + // The `NamedAddress` type has been deprecated in favor of implementation + // specific domain-prefixed strings. + // + // Support: Implementation-specific + NamedAddressType AddressType = "NamedAddress" +) diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..d1d46269d26 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,1271 @@ +//go:build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowedRoutes) DeepCopyInto(out *AllowedRoutes) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = new(RouteNamespaces) + (*in).DeepCopyInto(*out) + } + if in.Kinds != nil { + in, out := &in.Kinds, &out.Kinds + *out = make([]RouteGroupKind, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedRoutes. +func (in *AllowedRoutes) DeepCopy() *AllowedRoutes { + if in == nil { + return nil + } + out := new(AllowedRoutes) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackendObjectReference) DeepCopyInto(out *BackendObjectReference) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(Group) + **out = **in + } + if in.Kind != nil { + in, out := &in.Kind, &out.Kind + *out = new(Kind) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(Namespace) + **out = **in + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(PortNumber) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendObjectReference. +func (in *BackendObjectReference) DeepCopy() *BackendObjectReference { + if in == nil { + return nil + } + out := new(BackendObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackendRef) DeepCopyInto(out *BackendRef) { + *out = *in + in.BackendObjectReference.DeepCopyInto(&out.BackendObjectReference) + if in.Weight != nil { + in, out := &in.Weight, &out.Weight + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendRef. +func (in *BackendRef) DeepCopy() *BackendRef { + if in == nil { + return nil + } + out := new(BackendRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CommonRouteSpec) DeepCopyInto(out *CommonRouteSpec) { + *out = *in + if in.ParentRefs != nil { + in, out := &in.ParentRefs, &out.ParentRefs + *out = make([]ParentReference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonRouteSpec. +func (in *CommonRouteSpec) DeepCopy() *CommonRouteSpec { + if in == nil { + return nil + } + out := new(CommonRouteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Gateway) DeepCopyInto(out *Gateway) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. +func (in *Gateway) DeepCopy() *Gateway { + if in == nil { + return nil + } + out := new(Gateway) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Gateway) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayAddress) DeepCopyInto(out *GatewayAddress) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(AddressType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayAddress. +func (in *GatewayAddress) DeepCopy() *GatewayAddress { + if in == nil { + return nil + } + out := new(GatewayAddress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayClass) DeepCopyInto(out *GatewayClass) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClass. +func (in *GatewayClass) DeepCopy() *GatewayClass { + if in == nil { + return nil + } + out := new(GatewayClass) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GatewayClass) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayClassList) DeepCopyInto(out *GatewayClassList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]GatewayClass, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClassList. +func (in *GatewayClassList) DeepCopy() *GatewayClassList { + if in == nil { + return nil + } + out := new(GatewayClassList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GatewayClassList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayClassSpec) DeepCopyInto(out *GatewayClassSpec) { + *out = *in + if in.ParametersRef != nil { + in, out := &in.ParametersRef, &out.ParametersRef + *out = new(ParametersReference) + (*in).DeepCopyInto(*out) + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClassSpec. +func (in *GatewayClassSpec) DeepCopy() *GatewayClassSpec { + if in == nil { + return nil + } + out := new(GatewayClassSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayClassStatus) DeepCopyInto(out *GatewayClassStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClassStatus. +func (in *GatewayClassStatus) DeepCopy() *GatewayClassStatus { + if in == nil { + return nil + } + out := new(GatewayClassStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayList) DeepCopyInto(out *GatewayList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Gateway, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayList. +func (in *GatewayList) DeepCopy() *GatewayList { + if in == nil { + return nil + } + out := new(GatewayList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GatewayList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewaySpec) DeepCopyInto(out *GatewaySpec) { + *out = *in + if in.Listeners != nil { + in, out := &in.Listeners, &out.Listeners + *out = make([]Listener, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]GatewayAddress, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewaySpec. +func (in *GatewaySpec) DeepCopy() *GatewaySpec { + if in == nil { + return nil + } + out := new(GatewaySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayStatus) DeepCopyInto(out *GatewayStatus) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]GatewayStatusAddress, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Listeners != nil { + in, out := &in.Listeners, &out.Listeners + *out = make([]ListenerStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayStatus. +func (in *GatewayStatus) DeepCopy() *GatewayStatus { + if in == nil { + return nil + } + out := new(GatewayStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayStatusAddress) DeepCopyInto(out *GatewayStatusAddress) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(AddressType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayStatusAddress. +func (in *GatewayStatusAddress) DeepCopy() *GatewayStatusAddress { + if in == nil { + return nil + } + out := new(GatewayStatusAddress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayTLSConfig) DeepCopyInto(out *GatewayTLSConfig) { + *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(TLSModeType) + **out = **in + } + if in.CertificateRefs != nil { + in, out := &in.CertificateRefs, &out.CertificateRefs + *out = make([]SecretObjectReference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Options != nil { + in, out := &in.Options, &out.Options + *out = make(map[AnnotationKey]AnnotationValue, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayTLSConfig. +func (in *GatewayTLSConfig) DeepCopy() *GatewayTLSConfig { + if in == nil { + return nil + } + out := new(GatewayTLSConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPBackendRef) DeepCopyInto(out *HTTPBackendRef) { + *out = *in + in.BackendRef.DeepCopyInto(&out.BackendRef) + if in.Filters != nil { + in, out := &in.Filters, &out.Filters + *out = make([]HTTPRouteFilter, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBackendRef. +func (in *HTTPBackendRef) DeepCopy() *HTTPBackendRef { + if in == nil { + return nil + } + out := new(HTTPBackendRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. +func (in *HTTPHeader) DeepCopy() *HTTPHeader { + if in == nil { + return nil + } + out := new(HTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPHeaderFilter) DeepCopyInto(out *HTTPHeaderFilter) { + *out = *in + if in.Set != nil { + in, out := &in.Set, &out.Set + *out = make([]HTTPHeader, len(*in)) + copy(*out, *in) + } + if in.Add != nil { + in, out := &in.Add, &out.Add + *out = make([]HTTPHeader, len(*in)) + copy(*out, *in) + } + if in.Remove != nil { + in, out := &in.Remove, &out.Remove + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeaderFilter. +func (in *HTTPHeaderFilter) DeepCopy() *HTTPHeaderFilter { + if in == nil { + return nil + } + out := new(HTTPHeaderFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPHeaderMatch) DeepCopyInto(out *HTTPHeaderMatch) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(HeaderMatchType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeaderMatch. +func (in *HTTPHeaderMatch) DeepCopy() *HTTPHeaderMatch { + if in == nil { + return nil + } + out := new(HTTPHeaderMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPPathMatch) DeepCopyInto(out *HTTPPathMatch) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(PathMatchType) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPathMatch. +func (in *HTTPPathMatch) DeepCopy() *HTTPPathMatch { + if in == nil { + return nil + } + out := new(HTTPPathMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPPathModifier) DeepCopyInto(out *HTTPPathModifier) { + *out = *in + if in.ReplaceFullPath != nil { + in, out := &in.ReplaceFullPath, &out.ReplaceFullPath + *out = new(string) + **out = **in + } + if in.ReplacePrefixMatch != nil { + in, out := &in.ReplacePrefixMatch, &out.ReplacePrefixMatch + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPathModifier. +func (in *HTTPPathModifier) DeepCopy() *HTTPPathModifier { + if in == nil { + return nil + } + out := new(HTTPPathModifier) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPQueryParamMatch) DeepCopyInto(out *HTTPQueryParamMatch) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(QueryParamMatchType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPQueryParamMatch. +func (in *HTTPQueryParamMatch) DeepCopy() *HTTPQueryParamMatch { + if in == nil { + return nil + } + out := new(HTTPQueryParamMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRequestMirrorFilter) DeepCopyInto(out *HTTPRequestMirrorFilter) { + *out = *in + in.BackendRef.DeepCopyInto(&out.BackendRef) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRequestMirrorFilter. +func (in *HTTPRequestMirrorFilter) DeepCopy() *HTTPRequestMirrorFilter { + if in == nil { + return nil + } + out := new(HTTPRequestMirrorFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRequestRedirectFilter) DeepCopyInto(out *HTTPRequestRedirectFilter) { + *out = *in + if in.Scheme != nil { + in, out := &in.Scheme, &out.Scheme + *out = new(string) + **out = **in + } + if in.Hostname != nil { + in, out := &in.Hostname, &out.Hostname + *out = new(PreciseHostname) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(HTTPPathModifier) + (*in).DeepCopyInto(*out) + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(PortNumber) + **out = **in + } + if in.StatusCode != nil { + in, out := &in.StatusCode, &out.StatusCode + *out = new(int) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRequestRedirectFilter. +func (in *HTTPRequestRedirectFilter) DeepCopy() *HTTPRequestRedirectFilter { + if in == nil { + return nil + } + out := new(HTTPRequestRedirectFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. +func (in *HTTPRoute) DeepCopy() *HTTPRoute { + if in == nil { + return nil + } + out := new(HTTPRoute) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HTTPRoute) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteFilter) DeepCopyInto(out *HTTPRouteFilter) { + *out = *in + if in.RequestHeaderModifier != nil { + in, out := &in.RequestHeaderModifier, &out.RequestHeaderModifier + *out = new(HTTPHeaderFilter) + (*in).DeepCopyInto(*out) + } + if in.ResponseHeaderModifier != nil { + in, out := &in.ResponseHeaderModifier, &out.ResponseHeaderModifier + *out = new(HTTPHeaderFilter) + (*in).DeepCopyInto(*out) + } + if in.RequestMirror != nil { + in, out := &in.RequestMirror, &out.RequestMirror + *out = new(HTTPRequestMirrorFilter) + (*in).DeepCopyInto(*out) + } + if in.RequestRedirect != nil { + in, out := &in.RequestRedirect, &out.RequestRedirect + *out = new(HTTPRequestRedirectFilter) + (*in).DeepCopyInto(*out) + } + if in.URLRewrite != nil { + in, out := &in.URLRewrite, &out.URLRewrite + *out = new(HTTPURLRewriteFilter) + (*in).DeepCopyInto(*out) + } + if in.ExtensionRef != nil { + in, out := &in.ExtensionRef, &out.ExtensionRef + *out = new(LocalObjectReference) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilter. +func (in *HTTPRouteFilter) DeepCopy() *HTTPRouteFilter { + if in == nil { + return nil + } + out := new(HTTPRouteFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteList) DeepCopyInto(out *HTTPRouteList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]HTTPRoute, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteList. +func (in *HTTPRouteList) DeepCopy() *HTTPRouteList { + if in == nil { + return nil + } + out := new(HTTPRouteList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HTTPRouteList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteMatch) DeepCopyInto(out *HTTPRouteMatch) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(HTTPPathMatch) + (*in).DeepCopyInto(*out) + } + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make([]HTTPHeaderMatch, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.QueryParams != nil { + in, out := &in.QueryParams, &out.QueryParams + *out = make([]HTTPQueryParamMatch, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Method != nil { + in, out := &in.Method, &out.Method + *out = new(HTTPMethod) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteMatch. +func (in *HTTPRouteMatch) DeepCopy() *HTTPRouteMatch { + if in == nil { + return nil + } + out := new(HTTPRouteMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteRule) DeepCopyInto(out *HTTPRouteRule) { + *out = *in + if in.Matches != nil { + in, out := &in.Matches, &out.Matches + *out = make([]HTTPRouteMatch, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Filters != nil { + in, out := &in.Filters, &out.Filters + *out = make([]HTTPRouteFilter, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.BackendRefs != nil { + in, out := &in.BackendRefs, &out.BackendRefs + *out = make([]HTTPBackendRef, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteRule. +func (in *HTTPRouteRule) DeepCopy() *HTTPRouteRule { + if in == nil { + return nil + } + out := new(HTTPRouteRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteSpec) DeepCopyInto(out *HTTPRouteSpec) { + *out = *in + in.CommonRouteSpec.DeepCopyInto(&out.CommonRouteSpec) + if in.Hostnames != nil { + in, out := &in.Hostnames, &out.Hostnames + *out = make([]Hostname, len(*in)) + copy(*out, *in) + } + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]HTTPRouteRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteSpec. +func (in *HTTPRouteSpec) DeepCopy() *HTTPRouteSpec { + if in == nil { + return nil + } + out := new(HTTPRouteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPRouteStatus) DeepCopyInto(out *HTTPRouteStatus) { + *out = *in + in.RouteStatus.DeepCopyInto(&out.RouteStatus) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteStatus. +func (in *HTTPRouteStatus) DeepCopy() *HTTPRouteStatus { + if in == nil { + return nil + } + out := new(HTTPRouteStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPURLRewriteFilter) DeepCopyInto(out *HTTPURLRewriteFilter) { + *out = *in + if in.Hostname != nil { + in, out := &in.Hostname, &out.Hostname + *out = new(PreciseHostname) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(HTTPPathModifier) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPURLRewriteFilter. +func (in *HTTPURLRewriteFilter) DeepCopy() *HTTPURLRewriteFilter { + if in == nil { + return nil + } + out := new(HTTPURLRewriteFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Listener) DeepCopyInto(out *Listener) { + *out = *in + if in.Hostname != nil { + in, out := &in.Hostname, &out.Hostname + *out = new(Hostname) + **out = **in + } + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(GatewayTLSConfig) + (*in).DeepCopyInto(*out) + } + if in.AllowedRoutes != nil { + in, out := &in.AllowedRoutes, &out.AllowedRoutes + *out = new(AllowedRoutes) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Listener. +func (in *Listener) DeepCopy() *Listener { + if in == nil { + return nil + } + out := new(Listener) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ListenerStatus) DeepCopyInto(out *ListenerStatus) { + *out = *in + if in.SupportedKinds != nil { + in, out := &in.SupportedKinds, &out.SupportedKinds + *out = make([]RouteGroupKind, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListenerStatus. +func (in *ListenerStatus) DeepCopy() *ListenerStatus { + if in == nil { + return nil + } + out := new(ListenerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference. +func (in *LocalObjectReference) DeepCopy() *LocalObjectReference { + if in == nil { + return nil + } + out := new(LocalObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersReference) DeepCopyInto(out *ParametersReference) { + *out = *in + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(Namespace) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersReference. +func (in *ParametersReference) DeepCopy() *ParametersReference { + if in == nil { + return nil + } + out := new(ParametersReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParentReference) DeepCopyInto(out *ParentReference) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(Group) + **out = **in + } + if in.Kind != nil { + in, out := &in.Kind, &out.Kind + *out = new(Kind) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(Namespace) + **out = **in + } + if in.SectionName != nil { + in, out := &in.SectionName, &out.SectionName + *out = new(SectionName) + **out = **in + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(PortNumber) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParentReference. +func (in *ParentReference) DeepCopy() *ParentReference { + if in == nil { + return nil + } + out := new(ParentReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrant) DeepCopyInto(out *ReferenceGrant) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrant. +func (in *ReferenceGrant) DeepCopy() *ReferenceGrant { + if in == nil { + return nil + } + out := new(ReferenceGrant) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ReferenceGrant) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantFrom) DeepCopyInto(out *ReferenceGrantFrom) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantFrom. +func (in *ReferenceGrantFrom) DeepCopy() *ReferenceGrantFrom { + if in == nil { + return nil + } + out := new(ReferenceGrantFrom) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantList) DeepCopyInto(out *ReferenceGrantList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ReferenceGrant, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantList. +func (in *ReferenceGrantList) DeepCopy() *ReferenceGrantList { + if in == nil { + return nil + } + out := new(ReferenceGrantList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ReferenceGrantList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantSpec) DeepCopyInto(out *ReferenceGrantSpec) { + *out = *in + if in.From != nil { + in, out := &in.From, &out.From + *out = make([]ReferenceGrantFrom, len(*in)) + copy(*out, *in) + } + if in.To != nil { + in, out := &in.To, &out.To + *out = make([]ReferenceGrantTo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantSpec. +func (in *ReferenceGrantSpec) DeepCopy() *ReferenceGrantSpec { + if in == nil { + return nil + } + out := new(ReferenceGrantSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantTo) DeepCopyInto(out *ReferenceGrantTo) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(ObjectName) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantTo. +func (in *ReferenceGrantTo) DeepCopy() *ReferenceGrantTo { + if in == nil { + return nil + } + out := new(ReferenceGrantTo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteGroupKind) DeepCopyInto(out *RouteGroupKind) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(Group) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteGroupKind. +func (in *RouteGroupKind) DeepCopy() *RouteGroupKind { + if in == nil { + return nil + } + out := new(RouteGroupKind) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteNamespaces) DeepCopyInto(out *RouteNamespaces) { + *out = *in + if in.From != nil { + in, out := &in.From, &out.From + *out = new(FromNamespaces) + **out = **in + } + if in.Selector != nil { + in, out := &in.Selector, &out.Selector + *out = new(v1.LabelSelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteNamespaces. +func (in *RouteNamespaces) DeepCopy() *RouteNamespaces { + if in == nil { + return nil + } + out := new(RouteNamespaces) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteParentStatus) DeepCopyInto(out *RouteParentStatus) { + *out = *in + in.ParentRef.DeepCopyInto(&out.ParentRef) + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteParentStatus. +func (in *RouteParentStatus) DeepCopy() *RouteParentStatus { + if in == nil { + return nil + } + out := new(RouteParentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteStatus) DeepCopyInto(out *RouteStatus) { + *out = *in + if in.Parents != nil { + in, out := &in.Parents, &out.Parents + *out = make([]RouteParentStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteStatus. +func (in *RouteStatus) DeepCopy() *RouteStatus { + if in == nil { + return nil + } + out := new(RouteStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretObjectReference) DeepCopyInto(out *SecretObjectReference) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(Group) + **out = **in + } + if in.Kind != nil { + in, out := &in.Kind, &out.Kind + *out = new(Kind) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(Namespace) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretObjectReference. +func (in *SecretObjectReference) DeepCopy() *SecretObjectReference { + if in == nil { + return nil + } + out := new(SecretObjectReference) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go new file mode 100644 index 00000000000..05d7898b385 --- /dev/null +++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go @@ -0,0 +1,73 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by register-gen. DO NOT EDIT. + +package v1beta1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName specifies the group name used to register the objects. +const GroupName = "gateway.networking.k8s.io" + +// GroupVersion specifies the group and the version used to register the objects. +var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1beta1"} + +// SchemeGroupVersion is group version used to register these objects +// Deprecated: use GroupVersion instead. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + // Depreciated: use Install instead + AddToScheme = localSchemeBuilder.AddToScheme + Install = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &Gateway{}, + &GatewayClass{}, + &GatewayClassList{}, + &GatewayList{}, + &HTTPRoute{}, + &HTTPRouteList{}, + &ReferenceGrant{}, + &ReferenceGrantList{}, + ) + // AddToGroupVersion allows the serialization of client types like ListOptions. + v1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +}