Merge pull request #30 from itscontained/api/cleanup

api cleanup, cli output, and CI add
itscontained · Sep 10, 2020 · 46a4baa · 46a4baa
2 parents 73cc993 + 6e1a19f
commit 46a4baa
Show file tree

Hide file tree

Showing 15 changed files with 143 additions and 85 deletions.
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -0,0 +1,87 @@
+name: docker
+on:
+  schedule:
+    - cron: '0 10 * * *' # everyday at 10am
+  push:
+    branches: master
+    tags:
+      - 'v*.*.*'
+  pull_request:
+    branches: master
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Prepare
+        id: prep
+        run: |
+          DOCKER_IMAGE=itscontained/secret-manager
+          VERSION=edge
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+          fi
+          if [ "${{ github.event_name }}" = "schedule" ]; then
+            VERSION=nightly
+          fi
+          TAGS="${DOCKER_IMAGE}:${VERSION},ghcr.io/${DOCKER_IMAGE}:${VERSION},quay.io/${DOCKER_IMAGE}:${VERSION}"
+          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+            TAGS="$TAGS,${DOCKER_IMAGE}:latest,ghcr.io/${DOCKER_IMAGE}:latest,quay.io/${DOCKER_IMAGE}:latest"
+          fi
+          echo ::set-output name=version::${VERSION}
+          echo ::set-output name=tags::${TAGS}
+          echo ::set-output name=build_date::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+          echo ::set-output name=vcs_ref::${GITHUB_SHA::8}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          install: true
+          version: latest
+          driver-opts: image=moby/buildkit:master
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Login to Quay
+        uses: docker/login-action@v1
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USERNAME }}
+          password: ${{ secrets.GHCR_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: |
+            linux/amd64
+            linux/arm64
+            linux/arm/v7
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.prep.outputs.tags }}
+          build-args: |
+            VERSION=${{ steps.prep.outputs.version }}
+            BUILD_DATE=${{ steps.prep.outputs.build_date }}
+            VCS_REF=${{ steps.prep.outputs.vcs_ref }}
+      - name: Inspect
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          docker buildx imagetools inspect ${DOCKER_IMAGE}:${{ steps.prep.outputs.version }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.14.7-stretch as builder
+FROM golang:1.14.9-buster as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -21,6 +21,16 @@ RUN make build
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
+LABEL maintainer="DirtyCajunRice,mcavoyk" \
+  org.opencontainers.image.created=$BUILD_DATE \
+  org.opencontainers.image.url="https://github.com/itscontained/secret-manager" \
+  org.opencontainers.image.source="https://github.com/itscontained/secret-manager" \
+  org.opencontainers.image.version=$VERSION \
+  org.opencontainers.image.revision=$VCS_REF \
+  org.opencontainers.image.vendor="itscontained" \
+  org.opencontainers.image.title="secret-manager" \
+  org.opencontainers.image.description="Secret Manager is a set of Kubernetes CRDs and controllers which define a common method of interacting with External SecretStores." \
+  org.opencontainers.image.licenses="APACHE"
 COPY --from=builder /workspace/bin/manager .
 USER nonroot:nonroot
 

diff --git a/deploy/crds/legacy/secret-manager.itscontained.io_clustersecretstores.yaml b/deploy/crds/legacy/secret-manager.itscontained.io_clustersecretstores.yaml
@@ -9,9 +9,6 @@ metadata:
   name: clustersecretstores.secret-manager.itscontained.io
 spec:
   additionalPrinterColumns:
-  - JSONPath: .status.conditions[?(@.type=='Ready')].status
-    name: Type
-    type: string
   - JSONPath: .metadata.creationTimestamp
     name: AGE
     type: date
@@ -22,6 +19,8 @@ spec:
     kind: ClusterSecretStore
     listKind: ClusterSecretStoreList
     plural: clustersecretstores
+    shortNames:
+    - css
     singular: clustersecretstore
   preserveUnknownFields: false
   scope: Cluster

diff --git a/deploy/crds/legacy/secret-manager.itscontained.io_externalsecrets.yaml b/deploy/crds/legacy/secret-manager.itscontained.io_externalsecrets.yaml
@@ -9,19 +9,28 @@ metadata:
   name: externalsecrets.secret-manager.itscontained.io
 spec:
   additionalPrinterColumns:
+  - JSONPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
+    name: LAST SYNC
+    type: date
   - JSONPath: .status.conditions[?(@.type=='Ready')].status
-    name: READY
+    name: SYNCED
     type: string
   - JSONPath: .metadata.creationTimestamp
     name: AGE
     type: date
+  - JSONPath: .spec.storeRef.name
+    name: STORE
+    priority: 1
+    type: string
   group: secret-manager.itscontained.io
   names:
     categories:
     - secretmanager
     kind: ExternalSecret
     listKind: ExternalSecretList
     plural: externalsecrets
+    shortNames:
+    - es
     singular: externalsecret
   preserveUnknownFields: false
   scope: Namespaced
@@ -97,12 +106,6 @@ spec:
                     type: string
                 type: object
               type: array
-            renewAfter:
-              description: The amount of time before the SecretStore will renew the
-                values of of the ExternalSecret. If not set the secret will only be
-                synced on creation of the ExternalSecret.
-              format: duration
-              type: string
             storeRef:
               description: StoreRef is a reference to the store backend for this secret.
                 If the 'kind' field is not set, or set to 'SecretStore', a SecretStore
@@ -169,11 +172,6 @@ spec:
                 - type
                 type: object
               type: array
-            renewalTime:
-              description: RenewalTime is the time at which the secret values will
-                be next renewed. If not set, no upcoming renewal is scheduled.
-              format: date-time
-              type: string
           type: object
       type: object
   version: v1alpha1

diff --git a/deploy/crds/legacy/secret-manager.itscontained.io_secretstores.yaml b/deploy/crds/legacy/secret-manager.itscontained.io_secretstores.yaml
@@ -9,9 +9,6 @@ metadata:
   name: secretstores.secret-manager.itscontained.io
 spec:
   additionalPrinterColumns:
-  - JSONPath: .status.conditions[?(@.type=='Ready')].status
-    name: READY
-    type: string
   - JSONPath: .metadata.creationTimestamp
     name: AGE
     type: date
@@ -22,6 +19,8 @@ spec:
     kind: SecretStore
     listKind: SecretStoreList
     plural: secretstores
+    shortNames:
+    - ss
     singular: secretstore
   preserveUnknownFields: false
   scope: Namespaced

diff --git a/deploy/crds/secret-manager.itscontained.io_clustersecretstores.yaml b/deploy/crds/secret-manager.itscontained.io_clustersecretstores.yaml
@@ -15,13 +15,12 @@ spec:
     kind: ClusterSecretStore
     listKind: ClusterSecretStoreList
     plural: clustersecretstores
+    shortNames:
+    - css
     singular: clustersecretstore
   scope: Cluster
   versions:
   - additionalPrinterColumns:
-    - jsonPath: .status.conditions[?(@.type=='Ready')].status
-      name: Type
-      type: string
     - jsonPath: .metadata.creationTimestamp
       name: AGE
       type: date

diff --git a/deploy/crds/secret-manager.itscontained.io_externalsecrets.yaml b/deploy/crds/secret-manager.itscontained.io_externalsecrets.yaml
@@ -15,16 +15,25 @@ spec:
     kind: ExternalSecret
     listKind: ExternalSecretList
     plural: externalsecrets
+    shortNames:
+    - es
     singular: externalsecret
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
+      name: LAST SYNC
+      type: date
     - jsonPath: .status.conditions[?(@.type=='Ready')].status
-      name: READY
+      name: SYNCED
       type: string
     - jsonPath: .metadata.creationTimestamp
       name: AGE
       type: date
+    - jsonPath: .spec.storeRef.name
+      name: STORE
+      priority: 1
+      type: string
     name: v1alpha1
     schema:
       openAPIV3Schema:
@@ -96,12 +105,6 @@ spec:
                       type: string
                   type: object
                 type: array
-              renewAfter:
-                description: The amount of time before the SecretStore will renew
-                  the values of of the ExternalSecret. If not set the secret will
-                  only be synced on creation of the ExternalSecret.
-                format: duration
-                type: string
               storeRef:
                 description: StoreRef is a reference to the store backend for this
                   secret. If the 'kind' field is not set, or set to 'SecretStore',
@@ -168,11 +171,6 @@ spec:
                   - type
                   type: object
                 type: array
-              renewalTime:
-                description: RenewalTime is the time at which the secret values will
-                  be next renewed. If not set, no upcoming renewal is scheduled.
-                format: date-time
-                type: string
             type: object
         type: object
     served: true

diff --git a/deploy/crds/secret-manager.itscontained.io_secretstores.yaml b/deploy/crds/secret-manager.itscontained.io_secretstores.yaml
@@ -15,13 +15,12 @@ spec:
     kind: SecretStore
     listKind: SecretStoreList
     plural: secretstores
+    shortNames:
+    - ss
     singular: secretstore
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
-    - jsonPath: .status.conditions[?(@.type=='Ready')].status
-      name: READY
-      type: string
     - jsonPath: .metadata.creationTimestamp
       name: AGE
       type: date

diff --git a/pkg/apis/meta/v1/condition.go b/pkg/apis/meta/v1/condition.go
@@ -20,7 +20,6 @@ import (
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
-
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 

diff --git a/pkg/apis/secretmanager/v1alpha1/externalsecret_types.go b/pkg/apis/secretmanager/v1alpha1/externalsecret_types.go
@@ -31,13 +31,6 @@ type ExternalSecretSpec struct {
 	// The 'name' field in this stanza is required at all times.
 	StoreRef ObjectReference `json:"storeRef"`
 
-	// The amount of time before the SecretStore will renew the values of
-	// of the ExternalSecret. If not set the secret will only be synced on
-	// creation of the ExternalSecret.
-	// +kubebuilder:validation:Format=duration
-	// +optional
-	RenewAfter *metav1.Duration `json:"renewAfter,omitempty"`
-
 	// Template which will be deep merged into the generated secret.
 	// Can be used to set for example annotations or type on the generated secret.
 	// +kubebuilder:validation:Type=object
@@ -99,21 +92,17 @@ type ExternalSecretStatus struct {
 	// List of status conditions to indicate the status of ExternalSecret.
 	// Known condition types are `Ready`.
 	smmeta.ConditionedStatus `json:",inline"`
-
-	// RenewalTime is the time at which the secret values will be next
-	// renewed.
-	// If not set, no upcoming renewal is scheduled.
-	// +optional
-	RenewalTime *metav1.Time `json:"renewalTime,omitempty"`
 }
 
 // +kubebuilder:object:root=true
 
 // ExternalSecret is the Schema for the externalsecrets API
-// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
+// +kubebuilder:printcolumn:name="LAST SYNC",type="date",JSONPath=".status.conditions[?(@.type=='Ready')].lastTransitionTime"
+// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
 // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="STORE",type="string",JSONPath=".spec.storeRef.name",priority=1
 // +kubebuilder:subresource:status
-// +kubebuilder:resource:scope=Namespaced,categories={secretmanager}
+// +kubebuilder:resource:scope=Namespaced,categories={secretmanager},shortName=es
 type ExternalSecret struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

diff --git a/pkg/apis/secretmanager/v1alpha1/secretstore_types.go b/pkg/apis/secretmanager/v1alpha1/secretstore_types.go
@@ -41,10 +41,9 @@ type SecretStoreStatus struct {
 // +kubebuilder:object:root=true
 
 // SecretStore is the Schema for the SecretStore API
-// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
 // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
 // +kubebuilder:subresource:status
-// +kubebuilder:resource:scope=Namespaced,categories={secretmanager}
+// +kubebuilder:resource:scope=Namespaced,categories={secretmanager},shortName=ss
 type SecretStore struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -64,10 +63,9 @@ type SecretStoreList struct {
 // +kubebuilder:object:root=true
 
 // ClusterSecretStore is the Schema for the ClusterSecretStore API
-// +kubebuilder:printcolumn:name="Type",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
 // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
 // +kubebuilder:subresource:status
-// +kubebuilder:resource:scope=Cluster,categories={secretmanager}
+// +kubebuilder:resource:scope=Cluster,categories={secretmanager},shortName=css
 type ClusterSecretStore struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
-Original file line number
+Diff line change
@@ Expand Up / @@ -20,7 +20,6 @@ import ( @@
     	"strings"
     	corev1 "k8s.io/api/core/v1"
     	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
     )
@@ Expand Down @@