diff --git a/README.md b/README.md index 86b4ec2..7523360 100644 --- a/README.md +++ b/README.md @@ -56,11 +56,11 @@ spec: name: sthome-private-key-secret # Private ca's cert bundle in base64 - caBundle: + caBundle: solvers: - dns01: webhook: - groupName: acme.sthome.net + groupName: webhook.acme.cert-manager.io solverName: sthome ``` @@ -99,12 +99,12 @@ spec: name: sthome-acme # Private ca's cert bundle in base64 - caBundle: + caBundle: solvers: - dns01: webhook: - groupName: acme.sthome.net + groupName: webhook.acme.cert-manager.io solverName: sthome #config: # usernameSecretKeyRef: @@ -117,7 +117,7 @@ spec: To deploy the Cluster Issuer configuration file, run the following command: ``` -kubectl apply -f configuration/sthome-clusterissuer.yaml +kubectl apply -f sthome-clusterissuer.yaml ``` Check the status of the Cluster Issuer. diff --git a/main.go b/main.go index 0622881..8462371 100644 --- a/main.go +++ b/main.go @@ -11,6 +11,7 @@ import ( "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" "github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd" + "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" ) const ( @@ -24,21 +25,21 @@ func main() { panic("GROUP_NAME must be specified") } - // This will register our custom DNS provider with the webhook serving + // This will register our sthome DNS provider with the webhook serving // library, making it available as an API under the provided GroupName. // You can register multiple DNS provider implementations with a single // webhook, where the Name() method will be used to disambiguate between // the different implementations. cmd.RunWebhookServer(GroupName, - &customDNSProviderSolver{}, + &sthomeDNSProviderSolver{}, ) } -// customDNSProviderSolver implements the provider-specific logic needed to +// sthomeDNSProviderSolver implements the provider-specific logic needed to // 'present' an ACME challenge TXT record for your own DNS provider. // To do so, it must implement the `github.com/cert-manager/cert-manager/pkg/acme/webhook.Solver` // interface. -type customDNSProviderSolver struct { +type sthomeDNSProviderSolver struct { // If a Kubernetes 'clientset' is needed, you must: // 1. uncomment the additional `client` field in this structure below // 2. uncomment the "k8s.io/client-go/kubernetes" import at the top of the file @@ -48,7 +49,7 @@ type customDNSProviderSolver struct { client kubernetes.Clientset } -// customDNSProviderConfig is a structure that is used to decode into when +// sthomeDNSProviderConfig is a structure that is used to decode into when // solving a DNS01 challenge. // This information is provided by cert-manager, and may be a reference to // additional configuration that's needed to solve the challenge for this @@ -62,7 +63,7 @@ type customDNSProviderSolver struct { // You should not include sensitive information here. If credentials need to // be used by your provider here, you should reference a Kubernetes Secret // resource and fetch these credentials using a Kubernetes clientset. -type customDNSProviderConfig struct { +type sthomeDNSProviderConfig struct { // Change the two fields below according to the format of the configuration // to be decoded. // These fields will be set by users in the @@ -78,7 +79,7 @@ type customDNSProviderConfig struct { // solvers configured with the same Name() **so long as they do not co-exist // within a single webhook deployment**. // For example, `cloudflare` may be used as the name of a solver. -func (c *customDNSProviderSolver) Name() string { +func (c *sthomeDNSProviderSolver) Name() string { return providerName } @@ -87,7 +88,8 @@ func (c *customDNSProviderSolver) Name() string { // This method should tolerate being called multiple times with the same value. // cert-manager itself will later perform a self check to ensure that the // solver has correctly configured the DNS provider. -func (c *customDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error { +func (c *sthomeDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error { + domainName := extractDomainName(ch.ResolvedZone) cfg, err := loadConfig(ch.Config) if err != nil { return err @@ -95,7 +97,7 @@ func (c *customDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error { // TODO: do something more useful with the decoded configuration fmt.Printf("Decoded configuration %v", cfg) - + fmt.Printf("presenting record for %s (%s)\n", ch.ResolvedFQDN, domainName) // TODO: add code that sets a record in the DNS provider's console return nil } @@ -106,7 +108,7 @@ func (c *customDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error { // value provided on the ChallengeRequest should be cleaned up. // This is in order to facilitate multiple DNS validations for the same domain // concurrently. -func (c *customDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error { +func (c *sthomeDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error { // TODO: add code that deletes a record from the DNS provider's console return nil } @@ -120,9 +122,9 @@ func (c *customDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error { // provider accounts. // The stopCh can be used to handle early termination of the webhook, in cases // where a SIGTERM or similar signal is sent to the webhook process. -func (c *customDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error { +func (c *sthomeDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error { ///// UNCOMMENT THE BELOW CODE TO MAKE A KUBERNETES CLIENTSET AVAILABLE TO - ///// YOUR CUSTOM DNS PROVIDER + ///// YOUR sthome DNS PROVIDER cl, err := kubernetes.NewForConfig(kubeClientConfig) if err != nil { @@ -137,8 +139,8 @@ func (c *customDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stop // loadConfig is a small helper function that decodes JSON configuration into // the typed config struct. -func loadConfig(cfgJSON *extapi.JSON) (customDNSProviderConfig, error) { - cfg := customDNSProviderConfig{} +func loadConfig(cfgJSON *extapi.JSON) (sthomeDNSProviderConfig, error) { + cfg := sthomeDNSProviderConfig{} // handle the 'base case' where no configuration has been provided if cfgJSON == nil { return cfg, nil @@ -149,3 +151,12 @@ func loadConfig(cfgJSON *extapi.JSON) (customDNSProviderConfig, error) { return cfg, nil } + +func extractDomainName(zone string) string { + authZone, err := util.FindZoneByFqdn(zone, util.RecursiveNameservers) + if err != nil { + fmt.Printf("could not get zone by fqdn %v", err) + return zone + } + return util.UnFqdn(authZone) +}