cert-manager
diff --git a/‎api/v1beta1/groupversion_info.go‎ renamed to ‎api/v1beta1/doc.go‎ b/‎api/v1beta1/groupversion_info.go‎ renamed to ‎api/v1beta1/doc.go‎
diff --git a/‎api/v1beta1/googlecasclusterissuer_types.go‎
Lines changed: 12 additions & 4 deletions b/‎api/v1beta1/googlecasclusterissuer_types.go‎
Lines changed: 12 additions & 4 deletions
diff --git a/‎api/v1beta1/googlecasissuer_types.go‎
Lines changed: 12 additions & 70 deletions b/‎api/v1beta1/googlecasissuer_types.go‎
Lines changed: 12 additions & 70 deletions
diff --git a/‎api/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 0 additions & 41 deletions b/‎api/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 0 additions & 41 deletions
diff --git a/‎cmd/root.go‎
Lines changed: 5 additions & 27 deletions b/‎cmd/root.go‎
Lines changed: 5 additions & 27 deletions
diff --git a/‎deploy/charts/google-cas-issuer/templates/clusterrole.yaml‎
Lines changed: 24 additions & 14 deletions b/‎deploy/charts/google-cas-issuer/templates/clusterrole.yaml‎
Lines changed: 24 additions & 14 deletions
@@ -17,12 +17,10 @@ limitations under the License.
 package v1beta1
 
 import (
+	"github.com/cert-manager/issuer-lib/api/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:scope=Cluster
 // +kubebuilder:printcolumn:name="ready",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
@@ -35,9 +33,19 @@ type GoogleCASClusterIssuer struct {
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	Spec   GoogleCASIssuerSpec   `json:"spec,omitempty"`
-	Status GoogleCASIssuerStatus `json:"status,omitempty"`
+	Status v1alpha1.IssuerStatus `json:"status,omitempty"`
+}
+
+func (vi *GoogleCASClusterIssuer) GetStatus() *v1alpha1.IssuerStatus {
+	return &vi.Status
 }
 
+func (vi *GoogleCASClusterIssuer) GetIssuerTypeIdentifier() string {
+	return "googlecasclusterissuers.cas-issuer.jetstack.io"
+}
+
+var _ v1alpha1.Issuer = &GoogleCASClusterIssuer{}
+
 // +kubebuilder:object:root=true
 // GoogleCASClusterIssuerList contains a list of GoogleCASClusterIssuer
 type GoogleCASClusterIssuerList struct {
 
@@ -18,17 +18,12 @@ package v1beta1
 
 import (
 	cmmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
+	"github.com/cert-manager/issuer-lib/api/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
 // GoogleCASIssuerSpec defines the desired state of GoogleCASIssuer
 type GoogleCASIssuerSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
-
 	// Project is the Google Cloud Project ID
 	Project string `json:"project,omitempty"`
 
@@ -54,15 +49,6 @@ type GoogleCASIssuerSpec struct {
 	CertificateTemplate string `json:"certificateTemplate,omitempty"`
 }
 
-// GoogleCASIssuerStatus defines the observed state of GoogleCASIssuer
-type GoogleCASIssuerStatus struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
-
-	// +optional
-	Conditions []GoogleCASIssuerCondition `json:"conditions,omitempty"`
-}
-
 // +kubebuilder:object:root=true
 // +kubebuilder:printcolumn:name="ready",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
 // +kubebuilder:printcolumn:name="reason",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].reason"
@@ -74,9 +60,19 @@ type GoogleCASIssuer struct {
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	Spec   GoogleCASIssuerSpec   `json:"spec,omitempty"`
-	Status GoogleCASIssuerStatus `json:"status,omitempty"`
+	Status v1alpha1.IssuerStatus `json:"status,omitempty"`
+}
+
+func (vi *GoogleCASIssuer) GetStatus() *v1alpha1.IssuerStatus {
+	return &vi.Status
+}
+
+func (vi *GoogleCASIssuer) GetIssuerTypeIdentifier() string {
+	return "googlecasissuers.cas-issuer.jetstack.io"
 }
 
+var _ v1alpha1.Issuer = &GoogleCASIssuer{}
+
 // +kubebuilder:object:root=true
 // GoogleCASIssuerList contains a list of GoogleCASIssuer
 type GoogleCASIssuerList struct {
@@ -85,60 +81,6 @@ type GoogleCASIssuerList struct {
 	Items           []GoogleCASIssuer `json:"items"`
 }
 
-// +kubebuilder:validation:Enum=Ready
-type GoogleCASIssuerConditionType string
-
-const (
-	// IssuerConditionReady indicates that a CAS Issuer is ready for use.
-	// This is defined as:
-	IssuerConditionReady GoogleCASIssuerConditionType = "Ready"
-)
-
-// ConditionStatus represents a condition's status.
-// +kubebuilder:validation:Enum=True;False;Unknown
-type ConditionStatus string
-
-// These are valid condition statuses. "ConditionTrue" means a resource is in
-// the condition; "ConditionFalse" means a resource is not in the condition;
-// "ConditionUnknown" means kubernetes can't decide if a resource is in the
-// condition or not. In the future, we could add other intermediate
-// conditions, e.g. ConditionDegraded.
-const (
-	// ConditionTrue represents the fact that a given condition is true
-	ConditionTrue ConditionStatus = "True"
-
-	// ConditionFalse represents the fact that a given condition is false
-	ConditionFalse ConditionStatus = "False"
-
-	// ConditionUnknown represents the fact that a given condition is unknown
-	ConditionUnknown ConditionStatus = "Unknown"
-)
-
-// IssuerCondition contains condition information for a CAS Issuer.
-type GoogleCASIssuerCondition struct {
-	// Type of the condition, currently ('Ready').
-	Type GoogleCASIssuerConditionType `json:"type"`
-
-	// Status of the condition, one of ('True', 'False', 'Unknown').
-	// +kubebuilder:validation:Enum=True;False;Unknown
-	Status ConditionStatus `json:"status"`
-
-	// LastTransitionTime is the timestamp corresponding to the last status
-	// change of this condition.
-	// +optional
-	LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
-
-	// Reason is a brief machine readable explanation for the condition's last
-	// transition.
-	// +optional
-	Reason string `json:"reason,omitempty"`
-
-	// Message is a human readable description of the details of the last
-	// transition, complementing reason.
-	// +optional
-	Message string `json:"message,omitempty"`
-}
-
 func init() {
 	SchemeBuilder.Register(&GoogleCASIssuer{}, &GoogleCASIssuerList{})
 }
@@ -18,6 +18,7 @@ package cmd
 
 import (
 	"flag"
+	"time"
 
 	cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	"github.com/spf13/cobra"
@@ -31,8 +32,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	issuersv1beta1 "github.com/jetstack/google-cas-issuer/api/v1beta1"
-	"github.com/jetstack/google-cas-issuer/pkg/controller/certificaterequest"
-	"github.com/jetstack/google-cas-issuer/pkg/controller/issuer"
+	controllers "github.com/jetstack/google-cas-issuer/pkg/controllers"
 )
 
 var (
@@ -99,34 +99,12 @@ func root() error {
 	ctx := ctrl.SetupSignalHandler()
 
 	// Start Controllers
-	if err = (&issuer.GoogleCASIssuerReconciler{
-		Kind:     "GoogleCASIssuer",
-		Client:   mgr.GetClient(),
-		Log:      ctrl.Log.WithName("controller").WithName("GoogleCASIssuer"),
-		Recorder: mgr.GetEventRecorderFor("cas-issuer-googlecasissuer-controller"),
-		Scheme:   mgr.GetScheme(),
-	}).SetupWithManager(mgr); err != nil {
+	if err = (&controllers.GoogleCAS{
+		MaxRetryDuration: 30 * time.Second,
+	}).SetupWithManager(ctx, mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "GoogleCASIssuer")
 		return err
 	}
-	if err = (&issuer.GoogleCASIssuerReconciler{
-		Kind:     "GoogleCASClusterIssuer",
-		Client:   mgr.GetClient(),
-		Log:      ctrl.Log.WithName("controller").WithName("GoogleCASClusterIssuer"),
-		Recorder: mgr.GetEventRecorderFor("cas-issuer-googlecasclusterissuer-controller"),
-		Scheme:   mgr.GetScheme(),
-	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "GoogleCASClusterIssuer")
-		return err
-	}
-	if err = (&certificaterequest.CertificateRequestReconciler{
-		Client:   mgr.GetClient(),
-		Log:      ctrl.Log.WithName("controller").WithName("CertificateRequest"),
-		Recorder: mgr.GetEventRecorderFor("cas-issuer-certificaterequest-controller"),
-	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "CertificateRequest")
-		return err
-	}
 	// +kubebuilder:scaffold:builder
 
 	setupLog.Info("starting manager")
 
@@ -20,63 +20,73 @@ rules:
   - get
   - list
   - watch
+
 - apiGroups:
   - cas-issuer.jetstack.io
   resources:
   - googlecasclusterissuers
   verbs:
-  - create
-  - delete
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
   - cas-issuer.jetstack.io
   resources:
   - googlecasclusterissuers/status
   verbs:
-  - get
   - patch
-  - update
 - apiGroups:
   - cas-issuer.jetstack.io
   resources:
   - googlecasissuers
   verbs:
-  - create
-  - delete
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
   - cas-issuer.jetstack.io
   resources:
   - googlecasissuers/status
   verbs:
-  - get
   - patch
-  - update
 - apiGroups:
   - cert-manager.io
   resources:
   - certificaterequests
   verbs:
   - get
   - list
-  - update
   - watch
 - apiGroups:
   - cert-manager.io
   resources:
   - certificaterequests/status
   verbs:
+  - patch
+
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
   - get
+  - list
+  - watch
+- apiGroups:
+  - certificates.k8s.io"
+  resources:
+  - certificatesigningrequests/status
+  verbs:
   - patch
-  - update
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - signers
+  verbs:
+  - sign
+  resourceNames:
+  - googlecasclusterissuers.cas-issuer.jetstack.io/*
+
 ---
 {{- if .Values.app.approval.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1