feat: Add ServiceAccount CRD (#1126)

charts/controller/crds/deployments.plural.sh_prautomations.yaml

@@ -86,7 +86,8 @@ spec:
                     type: array
                 type: object
               branch:
-                description: Branch ...
+                description: The base branch this pr will be based on (defaults to
+                  the repo's main branch)
                 type: string
               clusterRef:
                 description: ClusterRef ...

charts/controller/crds/deployments.plural.sh_serviceaccounts.yaml

@@ -0,0 +1,159 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: serviceaccounts.deployments.plural.sh
+spec:
+  group: deployments.plural.sh
+  names:
+    kind: ServiceAccount
+    listKind: ServiceAccountList
+    plural: serviceaccounts
+    singular: serviceaccount
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - description: ID of the service account in the Console API.
+      jsonPath: .status.id
+      name: ID
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ServiceAccount is a type of non-human account that provides distinct
+          identity.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec reflects a Console API service account spec.
+            properties:
+              email:
+                description: Email address to that will be bound to this service account.
+                example: some@email.com
+                type: string
+              tokenSecretRef:
+                description: TokenSecretRef is a secret reference that should contain
+                  token.
+                properties:
+                  name:
+                    description: name is unique within a namespace to reference a
+                      secret resource.
+                    type: string
+                  namespace:
+                    description: namespace defines the space within which the secret
+                      name must be unique.
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+            required:
+            - email
+            type: object
+          status:
+            description: Status represent a status of this resource.
+            properties:
+              conditions:
+                description: Represents the observations of a PrAutomation's current
+                  state.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              id:
+                description: ID of the resource in the Console API.
+                type: string
+              sha:
+                description: SHA of last applied configuration.
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

controller/api/v1alpha1/common_types.go

@@ -110,6 +110,7 @@ func (c ConditionType) String() string {
 const (
 	ReadonlyConditionType     ConditionType = "Readonly"
 	ReadyConditionType        ConditionType = "Ready"
+	ReadyTokenConditionType   ConditionType = "ReadyToken"
 	SynchronizedConditionType ConditionType = "Synchronized"
 )
 
@@ -127,6 +128,8 @@ const (
 	SynchronizedConditionReasonError    ConditionReason = "Error"
 	SynchronizedConditionReasonNotFound ConditionReason = "NotFound"
 	SynchronizedConditionReasonDeleting ConditionReason = "Deleting"
+	ReadyTokenConditionReason           ConditionReason = "Ready"
+	ReadyTokenConditionReasonError      ConditionReason = "Error"
 )
 
 type ConditionMessage string
@@ -137,7 +140,7 @@ func (c ConditionMessage) String() string {
 
 const (
 	ReadonlyTrueConditionMessage         ConditionMessage = "Running in read-only mode"
-	SynchronizedNotFoundConditionMessage ConditionMessage = "Could not find ScmConnection in Console API"
+	SynchronizedNotFoundConditionMessage ConditionMessage = "Could not find resource in Console API"
 )
 
 // GitRef ...

controller/api/v1alpha1/serviceaccount_types.go

@@ -0,0 +1,84 @@
+package v1alpha1
+
+import (
+	console "github.com/pluralsh/console-client-go"
+	"github.com/samber/lo"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func init() {
+	SchemeBuilder.Register(&ServiceAccount{}, &ServiceAccountList{})
+}
+
+// ServiceAccountList is a list of service accounts.
+// +kubebuilder:object:root=true
+type ServiceAccountList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []ServiceAccount `json:"items"`
+}
+
+// ServiceAccount is a type of non-human account that provides distinct identity.
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope=Cluster
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="ID",type="string",JSONPath=".status.id",description="ID of the service account in the Console API."
+type ServiceAccount struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec reflects a Console API service account spec.
+	// +kubebuilder:validation:Required
+	Spec ServiceAccountSpec `json:"spec"`
+
+	// Status represent a status of this resource.
+	// +kubebuilder:validation:Optional
+	Status Status `json:"status,omitempty"`
+}
+
+// ConsoleID returns an ID used in Console API.
+func (in *ServiceAccount) ConsoleID() *string {
+	return in.Status.ID
+}
+
+// ConsoleName returns a name used in Console API.
+func (in *ServiceAccount) ConsoleName() string {
+	return in.Name
+}
+
+func (in *ServiceAccount) Attributes() console.ServiceAccountAttributes {
+	attrs := console.ServiceAccountAttributes{
+		Name:  lo.ToPtr(in.ConsoleName()),
+		Email: &in.Spec.Email,
+	}
+
+	return attrs
+}
+
+func (in *ServiceAccount) Diff(hasher Hasher) (changed bool, sha string, err error) {
+	currentSha, err := hasher(in.Spec)
+	if err != nil {
+		return false, "", err
+	}
+
+	return !in.Status.IsSHAEqual(currentSha), currentSha, nil
+}
+
+func (in *ServiceAccount) SetCondition(condition metav1.Condition) {
+	meta.SetStatusCondition(&in.Status.Conditions, condition)
+}
+
+type ServiceAccountSpec struct {
+	// Email address to that will be bound to this service account.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Type:=string
+	// +kubebuilder:example:=some@email.com
+	Email string `json:"email"`
+
+	// TokenSecretRef is a secret reference that should contain token.
+	// +kubebuilder:validation:Optional
+	TokenSecretRef *corev1.SecretReference `json:"tokenSecretRef,omitempty"`
+}

controller/config/crd/bases/deployments.plural.sh_prautomations.yaml

@@ -86,7 +86,8 @@ spec:
                     type: array
                 type: object
               branch:
-                description: Branch ...
+                description: The base branch this pr will be based on (defaults to
+                  the repo's main branch)
                 type: string
               clusterRef:
                 description: ClusterRef ...