cert_manager_test_resources = """
apiVersion: v1
kind: Namespace
metadata:
  name: cert-manager-test
---
apiVersion: cert-manager.io/{cert_manager_api_version}
kind: Issuer
metadata:
  name: test-selfsigned
  namespace: cert-manager-test
spec:
  selfSigned: {{}}
---
apiVersion: cert-manager.io/{cert_manager_api_version}
kind: Certificate
metadata:
  name: selfsigned-cert
  namespace: cert-manager-test
spec:
  dnsNames:
    - example.com
  secretName: selfsigned-cert-tls
  issuerRef:
    name: test-selfsigned
"""

# Deploys cert manager to your environment
def deploy_cert_manager(registry="quay.io/jetstack", version="v1.3.1", load_to_kind=False, kind_cluster_name="kind"):
    silent=True
    if version.startswith('v0'):
      cert_manager_test_resources_versioned = cert_manager_test_resources.format(cert_manager_api_version='v1alpha2')
    else:
      cert_manager_test_resources_versioned = cert_manager_test_resources.format(cert_manager_api_version='v1')

    if load_to_kind == True:
        print("Loading images to kind")
        # Prepull all the cert-manager images to your local environment and then load them directly into kind. This speeds up
        # setup if you're repeatedly destroying and recreating your kind cluster, as it doesn't have to pull the images over
        # the network each time.
        images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"]
        for image in images:
            local("docker pull {}/{}:{}".format(registry, image, version), quiet=silent, echo_off=silent)
            local("kind load docker-image --name {} {}/{}:{}".format(kind_cluster_name, registry, image, version), quiet=silent, echo_off=silent)

    # apply the cert-manager manifest
    # NOTE!
    # Applying the same manifest twice to same cluster kubectl get stuck with older versions of kubernetes/cert-manager.
    # https://github.com/jetstack/cert-manager/issues/3121
    print("Installing cert-manager")
    local("kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/{}/cert-manager.yaml".format(version), quiet=silent, echo_off=silent)

    # verifies cert-manager is properly working (https://cert-manager.io/docs/installation/kubernetes/#verifying-the-installation)
    # 1. wait for the cert-manager to be running
    print("Waiting for cert-manager to start")
    local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager", quiet=silent, echo_off=silent)
    local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-cainjector", quiet=silent, echo_off=silent)
    local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-webhook", quiet=silent, echo_off=silent)

    # 2. create a test certificate
    print("Testing cert-manager")
    # The webhook may refuse connections initially (despite the deployment being Available), so try several times.
    local("for i in 1 2 3 4 5 6; do (kubectl apply -f - <<EOF" + cert_manager_test_resources_versioned + "EOF\n) && break || sleep 15; done", quiet=silent, echo_off=silent)
    local("kubectl wait --for=condition=Ready --timeout=300s -n cert-manager-test certificate/selfsigned-cert ", quiet=silent, echo_off=silent)
    local("kubectl delete -f - <<EOF" + cert_manager_test_resources_versioned + "EOF", quiet=silent, echo_off=silent)
