cert_manager_test_resources = """
apiVersion: v1
kind: Namespace
metadata:
  name: cert-manager-test
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: test-selfsigned
  namespace: cert-manager-test
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: selfsigned-cert
  namespace: cert-manager-test
spec:
  dnsNames:
    - example.com
  secretName: selfsigned-cert-tls
  issuerRef:
    name: test-selfsigned
"""

# Deploys cert manager to your environment
def deploy_cert_manager(registry="quay.io/jetstack", version="v0.16.1", load_to_kind=False, kind_cluster_name="kind"):
    silent=True

    # check if cert-mamager is already installed, otherwise pre-load images & apply the manifest
    # NB. this is required until https://github.com/jetstack/cert-manager/issues/3121 is addressed otherwise
    # when applying the manifest twice to same cluster kubectl get stuck
    existsCheck = str(local("kubectl get namespaces", quiet=silent, echo_off=silent))
    if existsCheck.find("cert-manager") == -1:
        if load_to_kind == True:
            print("Loading images to kind")
            # Prepull all the cert-manager images to your local environment and then load them directly into kind. This speeds up
            # setup if you're repeatedly destroying and recreating your kind cluster, as it doesn't have to pull the images over
            # the network each time.
            images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"]
            for image in images:
                local("docker pull {}/{}:{}".format(registry, image, version), quiet=silent, echo_off=silent)
                local("kind load docker-image --name {} {}/{}:{}".format(kind_cluster_name, registry, image, version), quiet=silent, echo_off=silent)

        # apply the cert-manager manifest
        print("Installing cert-manager")
        local("kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/{}/cert-manager.yaml".format(version), quiet=silent, echo_off=silent)

    # verifies cert-manager is properly working (https://cert-manager.io/docs/installation/kubernetes/#verifying-the-installation)
    # 1. wait for the cert-manager to be running
    print("Waiting for cert-manager to start")
    local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager", quiet=silent, echo_off=silent)
    local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-cainjector", quiet=silent, echo_off=silent)
    local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-webhook", quiet=silent, echo_off=silent)

    # 2. create a test certificate
    print("Testing cert-manager")
    local("cat << EOF | kubectl apply -f - " + cert_manager_test_resources + "EOF", quiet=silent, echo_off=silent)
    local("kubectl wait --for=condition=Ready --timeout=300s -n cert-manager-test certificate/selfsigned-cert ", quiet=silent, echo_off=silent)
    local("cat << EOF | kubectl delete -f - " + cert_manager_test_resources + "EOF", quiet=silent, echo_off=silent)
