Initial import of opfcli command line tool

This is my attempt at implementing what we talked about in
operate-first/SRE#299. It's an integrated command line tool written in
Go that currently provides equivalents for:

- onboarding.sh (called create-project)
- enable-monitoring.sh
- operate-first/apps#626 (called grant-access)

This is my first time writing Go, ever, so there may be lots of
non-idiomatic code. In your reviews, be kind, but be thorough smile.

.gitignore

@@ -0,0 +1 @@
+opfcli

Makefile

@@ -0,0 +1,19 @@
+SRCS = $(shell find . -type f -name '*.go')
+PKG = $(shell go list)
+VERSION = $(shell git describe --tags --exact-match 2> /dev/null || echo unknown)
+COMMIT = $(shell git rev-parse --short=10 HEAD)
+DATE = $(shell date -u +"%Y-%m-%dT%H:%M:%S")
+
+GOLDFLAGS = \
+	    -X '$(PKG)/version.BuildVersion=$(VERSION)' \
+	    -X '$(PKG)/version.BuildHash=$(COMMIT)' \
+	    -X '$(PKG)/version.BuildDate=$(DATE)'
+
+all: opfcli
+
+opfcli: $(SRCS)
+	go test ./...
+	go build -o $@ -ldflags "$(GOLDFLAGS)" .
+
+clean:
+	rm -f opfcli

README.md

@@ -1,33 +1,199 @@
-# Operate First template for repositories
+# opfcli
 
-Derive new repositories from this template
+## Building
 
-List of featurese:
+To build this tool from a checked out copy of the repository, run:
 
-## License
+```
+make
+```
+
+This will produce an executable named `opfcli`.
+
+## Usage
+
+```
+A command line tool for Operate First GitOps.
+
+Use opfcli to interact with an Operate First style Kubernetes
+configuration repository.
+
+Usage:
+  opfcli [command]
+
+Available Commands:
+  create-group      Create a group
+  create-project    Onboard a new project into Operate First
+  enable-monitoring Enable monitoring for a Kubernetes namespace
+  grant-access      Grant a group access to a namespace
+  help              Help about any command
+
+Flags:
+  -a, --app-name string   application name (default "cluster-scope")
+  -f, --config string     configuration file
+  -h, --help              help for opfcli
+  -R, --repodir string    path to opf repository
+```
+
+### create-group
+
+```
+Create a group.
+
+Create the group resource and associated kustomization file
+
+Usage:
+  opfcli create-group group [flags]
+
+Flags:
+  -h, --help                 help for create-project
+```
+
+### create-project
+
+```
+Onboard a new project into Operate First.
+
+- Register a new group
+- Register a new namespace with appropriate role bindings for your group
+
+Usage:
+  opfcli create-project projectName projectOwner [flags]
+
+Flags:
+  -d, --description string   Team description
+  -h, --help                 help for create-project
+```
+
+## enable-monitoring
+
+```
+Enable monitoring fora Kubernetes namespace.
+
+This will add a RoleBinding to the target namespace that permits
+Prometheus to access certain metrics about pods, services, etc.
 
-This template ensures new repos are created compliant with [ADR 0001](https://www.operate-first.cloud/blueprints/blueprint/docs/adr/0001-use-gpl3-as-license.md) and use GNU GPL v3 license.
+Usage:
+  opfcli enable-monitoring namespace [flags]
 
-## AI-CoE CI Github application
+Flags:
+  -h, --help   help for enable-monitoring
+```
 
-AI-CoE CI provides easy and quick integration for build pipelines and checks for pull requests.
+### grant-access
 
-An empty [`.aicoe-ci.yaml`](.aicoe-ci.yaml) is created here, disabling all checks via this CI provider by default. Documentation can be found [here](https://github.com/AICoE/aicoe-ci/).
+```
+Grant a group access to a namespace.
 
-## Prow CI
+Grant a group access to a namespace with the specifed role
+(admin, edit, or view).
 
-Prow is a CI provider developed for Kubernetes needs. Provides chat-ops management of pull requests, issues and declarative management for labels, branches and many more.
+Usage:
+  opfcli grant-access namespace group role [flags]
 
-We host our own deployment of Prow in Operate First available at [https://prow.operate-first.cloud/](https://prow.operate-first.cloud/).
+Flags:
+  -h, --help   help for grant-access
+```
 
-Supported commands are listed [here](https://prow.operate-first.cloud/command-help). We have also enabled Prow to consume on-repository configuration files. You can specify your config in [`.prow.yaml`](.prow.yaml). Additional centralized configuration can be found in the [thoth-application repository](https://github.com/thoth-station/thoth-application/tree/master/prow/overlays/cnv-prod).
+Use "opfcli [command] --help" for more information about a command.
 
-## Pre-commit
+## Configuration
+
+The `opfcli` command will look for a configuration file `.opfcli.yaml`
+in two places:
+
+- It first checks in the top level of the current git repository. If
+  you are running the `opfcli` command outside of a git repository it
+  will instead check the current directory.
+
+- If it doesn't find a local configuration file, it will look for
+  `~/.opfcli.yaml`.
+
+### Available configuration options
+
+- `app-name` -- sets the name of the directory containing your YAML
+  resources. This defaults to `cluster-scope`.
+
+## Examples
+
+### Create a project
+
+```
+opfcli create-project project1 group1 -d "This is project1"
+```
+
+This will result in:
+
+```
+cluster-scope/
+├── base
+│   ├── core
+│   │   └── namespaces
+│   │       └── project1
+│   │           ├── kustomization.yaml
+│   │           └── namespace.yaml
+│   └── user.openshift.io
+│       └── groups
+│           └── group1
+│               ├── group.yaml
+│               └── kustomization.yaml
+└── components
+    └── project-admin-rolebindings
+        └── group1
+            ├── kustomization.yaml
+            └── rbac.yaml
+```
+
+### Create a group
+
+```
+opfcli create-group group2
+```
+
+This will result in:
+
+```
+cluster-scope/
+└── base
+    └── user.openshift.io
+        └── groups
+            └── group1
+                ├── group.yaml
+                └── kustomization.yaml
+```
+
+### Grant access to a project
+
+```
+opfcli grant-access project1 group2 view
+```
+
+This will result in:
+
+```
+cluster-scope/components/project-view-rolebindings/
+└── group2
+    ├── kustomization.yaml
+    └── rbac.yaml
+```
+
+(And will modify
+`cluster-scope/base/core/namespaces/project1/kustomization.yaml`)
+
+## License
 
-By extension to Prow, we define a default pre-commit config for new repositories. Default hook configuration can be found in [`.pre-commit-config.yaml`](.pre-commit-config.yaml). Pre-commit is executed via Prow, see [`.prow.yaml`](.prow.yaml) for details.
+opfcli -- A tool for managing an Operate First style configuration repository.  
+Copyright (C) 2021 Operate First Team
 
-We enable yamllint hook by default, since most of our repositories use yaml files extensively. Default configuration for this hook is located at [`yamllint-config.yaml`](yamllint-config.yaml).
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
 
-To install and enable pre-commit locally please follow the instructions [here](https://pre-commit.com/#quick-start).
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
 
-It is advised for all contributors to enable pre-commit git hook via `pre-commit install` after cloning any repo within Operate First.
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.