Implement token request and first store in secret

PROJECT

@@ -7,5 +7,14 @@ layout:
 - go.kubebuilder.io/v3
 projectName: emergency-credentials-controller
 repo: github.com/appuio/emergency-credentials-controller
-resources: []
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: appuio.io
+  group: cluster
+  kind: EmergencyAccount
+  path: github.com/appuio/emergency-credentials-controller/api/v1beta1
+  version: v1beta1
 version: "3"

api/v1beta1/emergencyaccount_types.go

@@ -0,0 +1,67 @@
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EmergencyAccountSpec defines the desired state of EmergencyAccount
+type EmergencyAccountSpec struct {
+	// TokenStore defines the stores the created tokens are stored in
+	TokenStores []TokenStoreSpec `json:"tokenStores,omitempty"`
+}
+
+// EmergencyAccountStatus defines the observed state of EmergencyAccount
+type EmergencyAccountStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	Tokens []TokenStatus `json:"tokens,omitempty"`
+}
+
+// TokenStore defines the store the created tokens are stored in
+type TokenStoreSpec struct {
+	Type string `json:"type"`
+
+	SecretStoreSpec SecretTokenStoreSpec `json:"secretStore,omitempty"`
+	VaultStoreSpec  VaultTokenStoreSpec  `json:"vaultStore,omitempty"`
+}
+
+// SecretTokenStoreSpec defines the store the created tokens are stored in
+type SecretTokenStoreSpec struct {
+}
+
+// VaultTokenStoreSpec defines the store the created tokens are stored in
+type VaultTokenStoreSpec struct {
+}
+
+// TokenStatus defines the observed state of the managed token
+type TokenStatus struct {
+	// Ref is a reference to the token. The used storage should be able to uniquely identify the token
+	Ref string `json:"ref"`
+	// ExpirationTimestamp is the timestamp when the token expires
+	ExpirationTimestamp metav1.Time `json:"expirationTimestamp"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// EmergencyAccount is the Schema for the emergencyaccounts API
+type EmergencyAccount struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   EmergencyAccountSpec   `json:"spec,omitempty"`
+	Status EmergencyAccountStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// EmergencyAccountList contains a list of EmergencyAccount
+type EmergencyAccountList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []EmergencyAccount `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&EmergencyAccount{}, &EmergencyAccountList{})
+}

api/v1beta1/groupversion_info.go

@@ -0,0 +1,20 @@
+// Package v1beta1 contains API Schema definitions for the cluster.appuio.io v1beta1 API group
+// +kubebuilder:object:generate=true
+// +groupName=cluster.appuio.io
+package v1beta1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "cluster.appuio.io", Version: "v1beta1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

config/crd/bases/cluster.appuio.io_emergencyaccounts.yaml

@@ -0,0 +1,89 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: emergencyaccounts.cluster.appuio.io
+spec:
+  group: cluster.appuio.io
+  names:
+    kind: EmergencyAccount
+    listKind: EmergencyAccountList
+    plural: emergencyaccounts
+    singular: emergencyaccount
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: EmergencyAccount is the Schema for the emergencyaccounts API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: EmergencyAccountSpec defines the desired state of EmergencyAccount
+            properties:
+              tokenStores:
+                description: TokenStore defines the stores the created tokens are
+                  stored in
+                items:
+                  description: TokenStore defines the store the created tokens are
+                    stored in
+                  properties:
+                    secretStore:
+                      description: SecretTokenStoreSpec defines the store the created
+                        tokens are stored in
+                      type: object
+                    type:
+                      type: string
+                    vaultStore:
+                      description: VaultTokenStoreSpec defines the store the created
+                        tokens are stored in
+                      type: object
+                  required:
+                  - type
+                  type: object
+                type: array
+            type: object
+          status:
+            description: EmergencyAccountStatus defines the observed state of EmergencyAccount
+            properties:
+              tokens:
+                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
+                  of cluster Important: Run "make" to regenerate code after modifying
+                  this file'
+                items:
+                  description: TokenStatus defines the observed state of the managed
+                    token
+                  properties:
+                    expirationTimestamp:
+                      description: ExpirationTimestamp is the timestamp when the token
+                        expires
+                      format: date-time
+                      type: string
+                    ref:
+                      description: Ref is a reference to the token. The used storage
+                        should be able to uniquely identify the token
+                      type: string
+                  required:
+                  - expirationTimestamp
+                  - ref
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -0,0 +1,21 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/cluster.appuio.io_emergencyaccounts.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_emergencyaccounts.yaml
+#+kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+#- patches/cainjection_in_emergencyaccounts.yaml
+#+kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml