diff --git a/pkg/dns/solver_local.go b/_backup/solver_local.go similarity index 90% rename from pkg/dns/solver_local.go rename to _backup/solver_local.go index e6930d2..ee8c02d 100644 --- a/pkg/dns/solver_local.go +++ b/_backup/solver_local.go @@ -2,7 +2,6 @@ package dns import ( "fmt" - "net" "strings" "k8s.io/client-go/kubernetes" @@ -13,17 +12,6 @@ import ( "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" ) -const ( - providerName = "sthome" - shell = "/bin/bash" - acmeAuthCmd = "/acme/acmeauth.sh" - - dnsserver_net = "10.0.0.15" - dnsserver_lan = "192.168.2.1" - hostserver_net = "truenas.sthome.net" - hostserver_lan = "truenas.sthome.lan" -) - // LocalDNSProviderSolver implements the provider-specific logic needed to // 'present' an ACME challenge TXT record for your own DNS provider. // To do so, it must implement the `github.com/cert-manager/cert-manager/pkg/acme/webhook.Solver` @@ -158,17 +146,3 @@ func extractDomainName(zone string) string { } return util.UnFqdn(authZone) } - -// Get preferred outbound ip of this machine -func getOutboundIP(dest string) string { - conn, err := net.Dial("udp", dest+":80") - if err != nil { - klog.Errorf("net.Dial error: %s", err) - return "0.0.0.0" - } - defer conn.Close() - - localAddr := conn.LocalAddr().(*net.UDPAddr) - - return localAddr.IP.String() -} diff --git a/go.mod b/go.mod index 3059772..e2d8f0d 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ toolchain go1.22.1 require ( github.com/cert-manager/cert-manager v1.14.4 - github.com/miekg/dns v1.1.58 // indirect + github.com/miekg/dns v1.1.58 k8s.io/api v0.29.0 k8s.io/apiextensions-apiserver v0.29.0 k8s.io/client-go v0.29.0 @@ -17,6 +17,8 @@ require ( k8s.io/klog/v2 v2.110.1 ) +require github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + require ( github.com/NYTimes/gziphandler v1.1.1 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect @@ -65,6 +67,7 @@ require ( github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect + github.com/stretchr/testify v1.9.0 go.etcd.io/etcd/api/v3 v3.5.11 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect go.etcd.io/etcd/client/v3 v3.5.11 // indirect diff --git a/go.sum b/go.sum index 4748baa..98d5bfb 100644 --- a/go.sum +++ b/go.sum @@ -162,8 +162,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= diff --git a/main.go b/main.go index 129bb0c..c28f409 100644 --- a/main.go +++ b/main.go @@ -8,7 +8,7 @@ import ( "github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd" - sthome "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns" + dns "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns" ) var ( @@ -25,6 +25,6 @@ func main() { panic("GROUP_NAME must be specified") } cmd.RunWebhookServer(GroupName, - &sthome.LocalDNSProviderSolver{}, + &dns.SthomeSolver{}, ) } diff --git a/pkg/dns/config.go b/pkg/dns/config.go index aa6d38e..ceaa4f1 100644 --- a/pkg/dns/config.go +++ b/pkg/dns/config.go @@ -1,14 +1,25 @@ package dns import ( + "net" "strings" v1 "k8s.io/api/core/v1" + "k8s.io/klog/v2" ) const ( SthomeAccessKeyEnv = "STHOME_ACCESS_KEY" SthomeSecretKeyEnv = "STHOME_SECRET_KEY" + + providerName = "sthome" + shell = "/bin/bash" + acmeAuthCmd = "/acme/acmeauth.sh" + + dnsserver_net = "10.0.0.15" + dnsserver_lan = "192.168.2.1" + hostserver_net = "truenas.sthome.net" + hostserver_lan = "truenas.sthome.lan" ) // localDNSProviderConfig is a structure that is used to decode into when @@ -98,3 +109,17 @@ func (cfg LocalDNSProviderConfig) IsAllowedZone(zone string) bool { } return false } + +// Get preferred outbound ip of this machine +func getOutboundIP(dest string) string { + conn, err := net.Dial("udp", dest+":80") + if err != nil { + klog.Errorf("net.Dial error: %s", err) + return "0.0.0.0" + } + defer conn.Close() + + localAddr := conn.LocalAddr().(*net.UDPAddr) + + return localAddr.IP.String() +} diff --git a/_backup/dns.go b/pkg/dns/dns.go similarity index 99% rename from _backup/dns.go rename to pkg/dns/dns.go index aba25dd..c1ee3c6 100644 --- a/_backup/dns.go +++ b/pkg/dns/dns.go @@ -1,5 +1,5 @@ // not implemented -package sthome +package dns import ( "fmt" diff --git a/_backup/solver_sthome.go b/pkg/dns/solver_sthome.go similarity index 57% rename from _backup/solver_sthome.go rename to pkg/dns/solver_sthome.go index 79f6705..baacc41 100644 --- a/_backup/solver_sthome.go +++ b/pkg/dns/solver_sthome.go @@ -1,15 +1,17 @@ // not implemented -package sthome +package dns import ( "fmt" "os" + "strings" "sync" "github.com/cert-manager/cert-manager/pkg/acme/webhook" acme "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" "github.com/miekg/dns" "k8s.io/client-go/rest" + "k8s.io/klog/v2" ) type SthomeSolver struct { @@ -27,6 +29,37 @@ func (e *SthomeSolver) Present(ch *acme.ChallengeRequest) error { e.Lock() e.txtRecords[ch.ResolvedFQDN] = ch.Key e.Unlock() + cfg, err := loadConfig(ch.Config) + if err != nil { + return err + } + klog.Infof("CZ: Presenting record for %s, type: %s, uid: %s, key: %s, ns: %s, fqdn: %s, zone: %s, allowambcred: %t, cfg.secret: %s, cfg.email: %s, cfg.allowz: %s", + ch.DNSName, + ch.UID, + ch.Type, + ch.Key, + ch.ResourceNamespace, + ch.ResolvedFQDN, + ch.ResolvedZone, + ch.AllowAmbientCredentials, + cfg.APIKeySecretRef.Name, + cfg.Email, + strings.Join(cfg.AllowedZones, ","), + ) + // TODO: convert shell script to golang + localip := getOutboundIP(dnsserver_net) + success, _ := Execute( + shell, + acmeAuthCmd, + "set", + ch.DNSName, + ch.ResolvedFQDN, + ch.Key, + "-l", + localip, + "-v", + ) + klog.Infof("Execute set TXT returned success: %t", success) return nil } @@ -34,6 +67,19 @@ func (e *SthomeSolver) CleanUp(ch *acme.ChallengeRequest) error { e.Lock() delete(e.txtRecords, ch.ResolvedFQDN) e.Unlock() + localip := getOutboundIP(dnsserver_net) + success, _ := Execute( + shell, + acmeAuthCmd, + "unset", + ch.DNSName, + ch.ResolvedFQDN, + ch.Key, + "-l", + localip, + "-v", + ) + klog.Infof("Execute unset TXT returned success: %t", success) return nil } diff --git a/_backup/sthome_test.go b/pkg/dns/sthome_test.go similarity index 99% rename from _backup/sthome_test.go rename to pkg/dns/sthome_test.go index 50fbd9c..337ec03 100644 --- a/_backup/sthome_test.go +++ b/pkg/dns/sthome_test.go @@ -1,4 +1,4 @@ -package sthome +package dns import ( "crypto/rand"