Reverted to kubernetes

2024-04-06 22:09:39 +02:00 · 2024-04-06 22:09:39 +02:00 · 24853d497a
commit 24853d497a
parent a5f92861e7
12 changed files with 114 additions and 56 deletions
--- a/_backup/dns.go
+++ b/_backup/dns.go
@ -5,11 +5,13 @@ import (
 	"fmt"

 	"github.com/miekg/dns"
+	"k8s.io/klog/v2"
 )

 func (e *SthomeSolver) handleDNSRequest(w dns.ResponseWriter, req *dns.Msg) {
 	msg := new(dns.Msg)
 	msg.SetReply(req)
+	klog.Infof("Entering: %s ============\n", "handleDNSRequest")
 	switch req.Opcode {
 	case dns.OpcodeQuery:
 		for _, q := range msg.Question {
@ -20,9 +22,11 @@ func (e *SthomeSolver) handleDNSRequest(w dns.ResponseWriter, req *dns.Msg) {
 		}
 	}
 	w.WriteMsg(msg)
+	klog.Infof("Exiting: %s ============\n", "handleDNSRequest")
 }

 func (e *SthomeSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg) error {
+	klog.Infof("Entering: %s ============\n", "addDNSAnswer")
 	switch q.Qtype {
 	// Always return loopback for any A query
 	case dns.TypeA:
@ -35,6 +39,7 @@ func (e *SthomeSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg)

 	// TXT records are the only important record for ACME dns-01 challenges
 	case dns.TypeTXT:
+		klog.Infof("case: %s ============\n", "dns.TypeTXT")
 		e.RLock()
 		record, found := e.txtRecords[q.Name]
 		e.RUnlock()
@ -47,6 +52,7 @@ func (e *SthomeSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg)
 			return err
 		}
 		msg.Answer = append(msg.Answer, rr)
+		klog.Infof("msg.Answer: %s ============\n", msg.Answer)
 		return nil

 	// NS and SOA are for authoritative lookups, return obviously invalid data
--- a/_backup/secrets.go
+++ b/_backup/secrets.go
@ -0,0 +1,38 @@
+package dns
+
+import (
+	"context"
+	"fmt"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+)
+
+//go:generate mockgen -destination=./mock/secrets.go -source=./secrets.go SecretFetcher
+type SecretFetcher interface {
+	StringFromSecret(namespace, secretName, key string) (string, error)
+}
+
+type kubeSecretFetcher struct {
+	client kubernetes.Interface
+	ctx    context.Context
+}
+
+func (k *kubeSecretFetcher) StringFromSecret(namespace, secretName, key string) (string, error) {
+	secret, err := k.client.CoreV1().Secrets(namespace).Get(k.ctx, secretName, metav1.GetOptions{})
+	if err != nil {
+		return "", err
+	}
+
+	binary, ok := secret.Data[key]
+	if !ok {
+		return "", fmt.Errorf("key `%q` not found in secretFetcher `%s/%s`",
+			key, namespace, secretName)
+	}
+
+	return string(binary), nil
+}
+
+func NewSecretFetcher() SecretFetcher {
+	return &kubeSecretFetcher{}
+}
--- a/_backup/solver_sthome.go
+++ b/_backup/solver_sthome.go
@ -2,22 +2,25 @@
 package dns

 import (
+	"context"
 	"fmt"
-	"os"
 	"strings"
 	"sync"

 	"github.com/cert-manager/cert-manager/pkg/acme/webhook"
 	acme "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
 	"github.com/miekg/dns"
+	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 )

 type SthomeSolver struct {
+	ctx           context.Context
 	name          string
 	server        *dns.Server
 	txtRecords    map[string]string
+	secretFetcher SecretFetcher
 	sync.RWMutex
 }

@ -84,6 +87,16 @@ func (e *SthomeSolver) CleanUp(ch *acme.ChallengeRequest) error {
 }

 func (e *SthomeSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error {
+	klog.Infof("Initializing sthome solver")
+	cl, err := kubernetes.NewForConfig(kubeClientConfig)
+	if err != nil {
+		return fmt.Errorf("failed to get kubernetes client: %w", err)
+	}
+	e.secretFetcher = &kubeSecretFetcher{
+		client: cl,
+		ctx:    e.ctx,
+	}
+	/*
 		go func(done <-chan struct{}) {
 			<-done
 			if err := e.server.Shutdown(); err != nil {
@ -96,10 +109,13 @@ func (e *SthomeSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan s
 				os.Exit(1)
 			}
 		}()
+	*/
+	klog.Infof("Sthome solver initialized")
 	return nil
 }

 func New(port string) webhook.Solver {
+	klog.Infof("Entering New")
 	e := &SthomeSolver{
 		name:       ProviderName,
 		txtRecords: make(map[string]string),
@ -109,5 +125,6 @@ func New(port string) webhook.Solver {
 		Net:     "udp",
 		Handler: dns.HandlerFunc(e.handleDNSRequest),
 	}
+	klog.Infof("Exiting New")
 	return e
 }
--- a/_backup/sthome_test.go
+++ b/_backup/sthome_test.go
--- a/deploy/sthome-webhook/Chart.yaml
+++ b/deploy/sthome-webhook/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v0.0.5-alpha.1
+appVersion: v0.0.5-alpha.12
 description: Cert-Manager webhook for sthome
 name: sthome-webhook
-version: 0.0.5-alpha.1
+version: 0.0.5-alpha.12
--- a/deploy/sthome-webhook/values.yaml
+++ b/deploy/sthome-webhook/values.yaml
@ -31,7 +31,7 @@ clusterIssuer:
 image:
  repository: stuurmcp/cert-manager-webhook-sthome
  #repository: wstat.sthome.net:5000/cert-manager-webhook-sthome
-  tag: 0.0.5-alpha.1
+  tag: 0.0.5-alpha.12
  #pullPolicy should be IfNotPresent. Set to Always for testing purposes
  pullPolicy: IfNotPresent

--- a/go.mod
+++ b/go.mod
@ -6,7 +6,6 @@ toolchain go1.22.1

 require (
 	github.com/cert-manager/cert-manager v1.14.4
-	github.com/miekg/dns v1.1.58
 	k8s.io/api v0.29.0
 	k8s.io/apiextensions-apiserver v0.29.0
 	k8s.io/client-go v0.29.0
@ -14,10 +13,7 @@ require (

 require k8s.io/klog/v2 v2.110.1

-require (
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	k8s.io/apimachinery v0.29.0 // indirect
-)
+require k8s.io/apimachinery v0.29.0 // indirect

 require (
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
@ -67,7 +63,7 @@ require (
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.9.0 // indirect
 	go.etcd.io/etcd/api/v3 v3.5.11 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect
 	go.etcd.io/etcd/client/v3 v3.5.11 // indirect
@ -84,7 +80,6 @@ require (
 	go.uber.org/zap v1.26.0 // indirect
 	golang.org/x/crypto v0.18.0 // indirect
 	golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect
-	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/net v0.20.0 // indirect
 	golang.org/x/oauth2 v0.15.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -116,8 +116,6 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
 github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
-github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
-github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@ -222,8 +220,6 @@ golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGb
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
--- a/main.go
+++ b/main.go
@ -2,18 +2,18 @@ package main

 import (
 	_ "embed"
-	"fmt"
 	"os"
 	"strings"

+	/*
+		"fmt"
 		"k8s.io/client-go/kubernetes"
 		"k8s.io/client-go/rest"
 		"k8s.io/klog/v2"
-
 		"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
-	"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"
 		"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
-
+	*/
+	"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"
 	dns "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns"
 )

@ -31,16 +31,18 @@ func main() {
 		panic("GROUP_NAME must be specified")
 	}
 	cmd.RunWebhookServer(GroupName,
-		&dns.SthomeSolver{},
+		&dns.LocalDNSProviderSolver{},
+		//&dns.SthomeSolver{},
 	)
 }

+/*
 type LocalDNSProviderSolver struct {
 	client kubernetes.Interface
 }

 func (p *LocalDNSProviderSolver) Name() string {
-	return dns.ProviderName
+	return dns.ProviderName + "loc"
 }

 func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
@ -114,3 +116,4 @@ func extractDomainName(zone string) string {
 	}
 	return util.UnFqdn(authZone)
 }
+*/
--- a/pkg/dns/shell.go
+++ b/pkg/dns/shell.go
@ -17,6 +17,8 @@ func Execute(shell string, arg ...string) (bool, error) {
 		klog.Errorf("Script returned error: %s\nout:\n%serr:\n%s============\n", err, outb.String(), errb.String())
 		return false, err
 	}
-	klog.Infof("Script returned success:\nout:\n%s============\n", outb.String())
+	klog.Infof("script stdout:\n%s\n", outb.String())
+	klog.Infof("script stderr:\n%s\n", errb.String())
+	klog.Infof("Script returned success\n")
 	return true, nil
 }
--- a/pkg/dns/solver_local.go
+++ b/pkg/dns/solver_local.go
@ -9,7 +9,6 @@ import (
 	"k8s.io/klog/v2"

 	"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
-	"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
 )

 // LocalDNSProviderSolver implements the provider-specific logic needed to
@ -37,7 +36,7 @@ func (p *LocalDNSProviderSolver) Name() string {
 // solver has correctly configured the DNS provider.
 func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
 	//domainName := extractDomainName(ch.ResolvedZone)
-	cfg, err := loadConfig(ch.Config)
+	cfg, err := LoadConfig(ch.Config)
 	if err != nil {
 		return err
 	}
@ -78,19 +77,19 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
 		strings.Join(cfg.AllowedZones, ","),
 	)
 	// TODO: convert shell script to golang
-	localip := getOutboundIP(dnsserver_net)
+	//localip := GetOutboundIP(Dnsserver_net)
 	success, _ := Execute(
-		shell,
-		acmeAuthCmd,
+		Shell,
+		AcmeAuthCmd,
 		"set",
 		ch.DNSName,
 		ch.ResolvedFQDN,
 		ch.Key,
 		"-l",
-		localip,
+		"\"\"", //localip,
 		"-v",
 	)
-	klog.Infof("Execute set TXT returned success: %t", success)
+	klog.Infof("Execute set TXT returned success: %t\n", success)
 	return nil
 }

@ -103,19 +102,19 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
 func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
 	//domainName := extractDomainName(ch.ResolvedZone)
 	// TODO: add code that deletes a record from the DNS provider's console
-	localip := getOutboundIP(dnsserver_net)
+	//localip := GetOutboundIP(Dnsserver_net)
 	success, _ := Execute(
-		shell,
-		acmeAuthCmd,
+		Shell,
+		AcmeAuthCmd,
 		"unset",
 		ch.DNSName,
 		ch.ResolvedFQDN,
 		ch.Key,
 		"-l",
-		localip,
+		"\"\"", //localip,
 		"-v",
 	)
-	klog.Infof("Execute unset TXT returned success: %t", success)
+	klog.Infof("Execute unset TXT returned success: %t\n", success)
 	return nil
 }

@ -138,6 +137,7 @@ func (loc *LocalDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, sto
 	return nil
 }

+/*
 func extractDomainName(zone string) string {
 	authZone, err := util.FindZoneByFqdn(zone, util.RecursiveNameservers)
 	if err != nil {
@ -146,3 +146,4 @@ func extractDomainName(zone string) string {
 	}
 	return util.UnFqdn(authZone)
 }
+*/
--- a/version.txt
+++ b/version.txt
@ -1,3 +1,3 @@
-0.0.5-alpha.1
-20240406-1230
-1
+0.0.5-alpha.12
+20240406-2016
+12