From 24853d497a2a02dc903859be82f1566007f6619e Mon Sep 17 00:00:00 2001 From: Chris Date: Sat, 6 Apr 2024 22:09:39 +0200 Subject: [PATCH] Reverted to kubernetes --- {pkg/dns => _backup}/dns.go | 6 ++++ _backup/secrets.go | 38 +++++++++++++++++++++ {pkg/dns => _backup}/solver_sthome.go | 49 ++++++++++++++++++--------- {pkg/dns => _backup}/sthome_test.go | 0 deploy/sthome-webhook/Chart.yaml | 4 +-- deploy/sthome-webhook/values.yaml | 2 +- go.mod | 9 ++--- go.sum | 4 --- main.go | 23 +++++++------ pkg/dns/shell.go | 4 ++- {_backup => pkg/dns}/solver_local.go | 25 +++++++------- version.txt | 6 ++-- 12 files changed, 114 insertions(+), 56 deletions(-) rename {pkg/dns => _backup}/dns.go (84%) create mode 100644 _backup/secrets.go rename {pkg/dns => _backup}/solver_sthome.go (70%) rename {pkg/dns => _backup}/sthome_test.go (100%) rename {_backup => pkg/dns}/solver_local.go (92%) diff --git a/pkg/dns/dns.go b/_backup/dns.go similarity index 84% rename from pkg/dns/dns.go rename to _backup/dns.go index c1ee3c6..09a6874 100644 --- a/pkg/dns/dns.go +++ b/_backup/dns.go @@ -5,11 +5,13 @@ import ( "fmt" "github.com/miekg/dns" + "k8s.io/klog/v2" ) func (e *SthomeSolver) handleDNSRequest(w dns.ResponseWriter, req *dns.Msg) { msg := new(dns.Msg) msg.SetReply(req) + klog.Infof("Entering: %s ============\n", "handleDNSRequest") switch req.Opcode { case dns.OpcodeQuery: for _, q := range msg.Question { @@ -20,9 +22,11 @@ func (e *SthomeSolver) handleDNSRequest(w dns.ResponseWriter, req *dns.Msg) { } } w.WriteMsg(msg) + klog.Infof("Exiting: %s ============\n", "handleDNSRequest") } func (e *SthomeSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg) error { + klog.Infof("Entering: %s ============\n", "addDNSAnswer") switch q.Qtype { // Always return loopback for any A query case dns.TypeA: @@ -35,6 +39,7 @@ func (e *SthomeSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg) // TXT records are the only important record for ACME dns-01 challenges case dns.TypeTXT: + klog.Infof("case: %s ============\n", "dns.TypeTXT") e.RLock() record, found := e.txtRecords[q.Name] e.RUnlock() @@ -47,6 +52,7 @@ func (e *SthomeSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg) return err } msg.Answer = append(msg.Answer, rr) + klog.Infof("msg.Answer: %s ============\n", msg.Answer) return nil // NS and SOA are for authoritative lookups, return obviously invalid data diff --git a/_backup/secrets.go b/_backup/secrets.go new file mode 100644 index 0000000..0e5b325 --- /dev/null +++ b/_backup/secrets.go @@ -0,0 +1,38 @@ +package dns + +import ( + "context" + "fmt" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" +) + +//go:generate mockgen -destination=./mock/secrets.go -source=./secrets.go SecretFetcher +type SecretFetcher interface { + StringFromSecret(namespace, secretName, key string) (string, error) +} + +type kubeSecretFetcher struct { + client kubernetes.Interface + ctx context.Context +} + +func (k *kubeSecretFetcher) StringFromSecret(namespace, secretName, key string) (string, error) { + secret, err := k.client.CoreV1().Secrets(namespace).Get(k.ctx, secretName, metav1.GetOptions{}) + if err != nil { + return "", err + } + + binary, ok := secret.Data[key] + if !ok { + return "", fmt.Errorf("key `%q` not found in secretFetcher `%s/%s`", + key, namespace, secretName) + } + + return string(binary), nil +} + +func NewSecretFetcher() SecretFetcher { + return &kubeSecretFetcher{} +} diff --git a/pkg/dns/solver_sthome.go b/_backup/solver_sthome.go similarity index 70% rename from pkg/dns/solver_sthome.go rename to _backup/solver_sthome.go index 8f2e2b4..c8e1f6f 100644 --- a/pkg/dns/solver_sthome.go +++ b/_backup/solver_sthome.go @@ -2,22 +2,25 @@ package dns import ( + "context" "fmt" - "os" "strings" "sync" "github.com/cert-manager/cert-manager/pkg/acme/webhook" acme "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" "github.com/miekg/dns" + "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/klog/v2" ) type SthomeSolver struct { - name string - server *dns.Server - txtRecords map[string]string + ctx context.Context + name string + server *dns.Server + txtRecords map[string]string + secretFetcher SecretFetcher sync.RWMutex } @@ -84,22 +87,35 @@ func (e *SthomeSolver) CleanUp(ch *acme.ChallengeRequest) error { } func (e *SthomeSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error { - go func(done <-chan struct{}) { - <-done - if err := e.server.Shutdown(); err != nil { - fmt.Fprintf(os.Stderr, "%s\n", err.Error()) - } - }(stopCh) - go func() { - if err := e.server.ListenAndServe(); err != nil { - fmt.Fprintf(os.Stderr, "%s\n", err.Error()) - os.Exit(1) - } - }() + klog.Infof("Initializing sthome solver") + cl, err := kubernetes.NewForConfig(kubeClientConfig) + if err != nil { + return fmt.Errorf("failed to get kubernetes client: %w", err) + } + e.secretFetcher = &kubeSecretFetcher{ + client: cl, + ctx: e.ctx, + } + /* + go func(done <-chan struct{}) { + <-done + if err := e.server.Shutdown(); err != nil { + fmt.Fprintf(os.Stderr, "%s\n", err.Error()) + } + }(stopCh) + go func() { + if err := e.server.ListenAndServe(); err != nil { + fmt.Fprintf(os.Stderr, "%s\n", err.Error()) + os.Exit(1) + } + }() + */ + klog.Infof("Sthome solver initialized") return nil } func New(port string) webhook.Solver { + klog.Infof("Entering New") e := &SthomeSolver{ name: ProviderName, txtRecords: make(map[string]string), @@ -109,5 +125,6 @@ func New(port string) webhook.Solver { Net: "udp", Handler: dns.HandlerFunc(e.handleDNSRequest), } + klog.Infof("Exiting New") return e } diff --git a/pkg/dns/sthome_test.go b/_backup/sthome_test.go similarity index 100% rename from pkg/dns/sthome_test.go rename to _backup/sthome_test.go diff --git a/deploy/sthome-webhook/Chart.yaml b/deploy/sthome-webhook/Chart.yaml index 122e196..06ffda0 100644 --- a/deploy/sthome-webhook/Chart.yaml +++ b/deploy/sthome-webhook/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v0.0.5-alpha.1 +appVersion: v0.0.5-alpha.12 description: Cert-Manager webhook for sthome name: sthome-webhook -version: 0.0.5-alpha.1 +version: 0.0.5-alpha.12 diff --git a/deploy/sthome-webhook/values.yaml b/deploy/sthome-webhook/values.yaml index 9e4fed6..bf86756 100644 --- a/deploy/sthome-webhook/values.yaml +++ b/deploy/sthome-webhook/values.yaml @@ -31,7 +31,7 @@ clusterIssuer: image: repository: stuurmcp/cert-manager-webhook-sthome #repository: wstat.sthome.net:5000/cert-manager-webhook-sthome - tag: 0.0.5-alpha.1 + tag: 0.0.5-alpha.12 #pullPolicy should be IfNotPresent. Set to Always for testing purposes pullPolicy: IfNotPresent diff --git a/go.mod b/go.mod index 84234ca..d674e63 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,6 @@ toolchain go1.22.1 require ( github.com/cert-manager/cert-manager v1.14.4 - github.com/miekg/dns v1.1.58 k8s.io/api v0.29.0 k8s.io/apiextensions-apiserver v0.29.0 k8s.io/client-go v0.29.0 @@ -14,10 +13,7 @@ require ( require k8s.io/klog/v2 v2.110.1 -require ( - github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - k8s.io/apimachinery v0.29.0 // indirect -) +require k8s.io/apimachinery v0.29.0 // indirect require ( github.com/NYTimes/gziphandler v1.1.1 // indirect @@ -67,7 +63,7 @@ require ( github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect - github.com/stretchr/testify v1.9.0 + github.com/stretchr/testify v1.9.0 // indirect go.etcd.io/etcd/api/v3 v3.5.11 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect go.etcd.io/etcd/client/v3 v3.5.11 // indirect @@ -84,7 +80,6 @@ require ( go.uber.org/zap v1.26.0 // indirect golang.org/x/crypto v0.18.0 // indirect golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect - golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.20.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/sync v0.6.0 // indirect diff --git a/go.sum b/go.sum index 98d5bfb..7d99549 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,6 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= -github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= -github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -222,8 +220,6 @@ golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGb golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= diff --git a/main.go b/main.go index e251374..eb19d68 100644 --- a/main.go +++ b/main.go @@ -2,18 +2,18 @@ package main import ( _ "embed" - "fmt" "os" "strings" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" - "k8s.io/klog/v2" - - "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" + /* + "fmt" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + "k8s.io/klog/v2" + "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" + "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" + */ "github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd" - "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" - dns "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns" ) @@ -31,16 +31,18 @@ func main() { panic("GROUP_NAME must be specified") } cmd.RunWebhookServer(GroupName, - &dns.SthomeSolver{}, + &dns.LocalDNSProviderSolver{}, + //&dns.SthomeSolver{}, ) } +/* type LocalDNSProviderSolver struct { client kubernetes.Interface } func (p *LocalDNSProviderSolver) Name() string { - return dns.ProviderName + return dns.ProviderName + "loc" } func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error { @@ -114,3 +116,4 @@ func extractDomainName(zone string) string { } return util.UnFqdn(authZone) } +*/ diff --git a/pkg/dns/shell.go b/pkg/dns/shell.go index f09bb08..6d9b3a1 100644 --- a/pkg/dns/shell.go +++ b/pkg/dns/shell.go @@ -17,6 +17,8 @@ func Execute(shell string, arg ...string) (bool, error) { klog.Errorf("Script returned error: %s\nout:\n%serr:\n%s============\n", err, outb.String(), errb.String()) return false, err } - klog.Infof("Script returned success:\nout:\n%s============\n", outb.String()) + klog.Infof("script stdout:\n%s\n", outb.String()) + klog.Infof("script stderr:\n%s\n", errb.String()) + klog.Infof("Script returned success\n") return true, nil } diff --git a/_backup/solver_local.go b/pkg/dns/solver_local.go similarity index 92% rename from _backup/solver_local.go rename to pkg/dns/solver_local.go index 153b9a2..27ad21d 100644 --- a/_backup/solver_local.go +++ b/pkg/dns/solver_local.go @@ -9,7 +9,6 @@ import ( "k8s.io/klog/v2" "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" - "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" ) // LocalDNSProviderSolver implements the provider-specific logic needed to @@ -37,7 +36,7 @@ func (p *LocalDNSProviderSolver) Name() string { // solver has correctly configured the DNS provider. func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error { //domainName := extractDomainName(ch.ResolvedZone) - cfg, err := loadConfig(ch.Config) + cfg, err := LoadConfig(ch.Config) if err != nil { return err } @@ -78,19 +77,19 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error strings.Join(cfg.AllowedZones, ","), ) // TODO: convert shell script to golang - localip := getOutboundIP(dnsserver_net) + //localip := GetOutboundIP(Dnsserver_net) success, _ := Execute( - shell, - acmeAuthCmd, + Shell, + AcmeAuthCmd, "set", ch.DNSName, ch.ResolvedFQDN, ch.Key, "-l", - localip, + "\"\"", //localip, "-v", ) - klog.Infof("Execute set TXT returned success: %t", success) + klog.Infof("Execute set TXT returned success: %t\n", success) return nil } @@ -103,19 +102,19 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error { //domainName := extractDomainName(ch.ResolvedZone) // TODO: add code that deletes a record from the DNS provider's console - localip := getOutboundIP(dnsserver_net) + //localip := GetOutboundIP(Dnsserver_net) success, _ := Execute( - shell, - acmeAuthCmd, + Shell, + AcmeAuthCmd, "unset", ch.DNSName, ch.ResolvedFQDN, ch.Key, "-l", - localip, + "\"\"", //localip, "-v", ) - klog.Infof("Execute unset TXT returned success: %t", success) + klog.Infof("Execute unset TXT returned success: %t\n", success) return nil } @@ -138,6 +137,7 @@ func (loc *LocalDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, sto return nil } +/* func extractDomainName(zone string) string { authZone, err := util.FindZoneByFqdn(zone, util.RecursiveNameservers) if err != nil { @@ -146,3 +146,4 @@ func extractDomainName(zone string) string { } return util.UnFqdn(authZone) } +*/ diff --git a/version.txt b/version.txt index 712bf15..85a57ab 100644 --- a/version.txt +++ b/version.txt @@ -1,3 +1,3 @@ -0.0.5-alpha.1 -20240406-1230 -1 \ No newline at end of file +0.0.5-alpha.12 +20240406-2016 +12 \ No newline at end of file