Moved to different client method. Will see if this works.

DNS gets updated but cert-manager/challenge still fails. Will try another solver method.
2024-04-06 10:41:00 +02:00 · 2024-04-06 10:20:48 +02:00
11 changed files with 88 additions and 40 deletions
--- a/_backup/solver_local.go
+++ b/_backup/solver_local.go
@ -2,7 +2,6 @@ package dns
 import (
 	"fmt"
 	"net"
 	"strings"
 	"k8s.io/client-go/kubernetes"
@ -13,17 +12,6 @@ import (
 	"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
 )
 const (
 	providerName = "sthome"
 	shell        = "/bin/bash"
 	acmeAuthCmd  = "/acme/acmeauth.sh"
 	dnsserver_net  = "10.0.0.15"
 	dnsserver_lan  = "192.168.2.1"
 	hostserver_net = "truenas.sthome.net"
 	hostserver_lan = "truenas.sthome.lan"
 )
 // LocalDNSProviderSolver implements the provider-specific logic needed to
 // 'present' an ACME challenge TXT record for your own DNS provider.
 // To do so, it must implement the `github.com/cert-manager/cert-manager/pkg/acme/webhook.Solver`
@ -158,17 +146,3 @@ func extractDomainName(zone string) string {
 	}
 	return util.UnFqdn(authZone)
 }
 // Get preferred outbound ip of this machine
 func getOutboundIP(dest string) string {
 	conn, err := net.Dial("udp", dest+":80")
 	if err != nil {
 		klog.Errorf("net.Dial error: %s", err)
 		return "0.0.0.0"
 	}
 	defer conn.Close()
 	localAddr := conn.LocalAddr().(*net.UDPAddr)
 	return localAddr.IP.String()
 }
--- a/deploy/sthome-webhook/Chart.yaml
+++ b/deploy/sthome-webhook/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v0.0.4-alpha.109
+appVersion: v0.0.4-alpha.112
 description: Cert-Manager webhook for sthome
 name: sthome-webhook
-version: 0.0.4-alpha.109
+version: 0.0.4-alpha.112
--- a/deploy/sthome-webhook/values.yaml
+++ b/deploy/sthome-webhook/values.yaml
@ -31,7 +31,7 @@ clusterIssuer:
 image:
  repository: stuurmcp/cert-manager-webhook-sthome
  #repository: wstat.sthome.net:5000/cert-manager-webhook-sthome
-  tag: 0.0.4-alpha.109
+  tag: 0.0.4-alpha.112
  #pullPolicy should be IfNotPresent. Set to Always for testing purposes
  pullPolicy: IfNotPresent
--- a/go.mod
+++ b/go.mod
@ -6,7 +6,7 @@ toolchain go1.22.1
 require (
 	github.com/cert-manager/cert-manager v1.14.4
-	github.com/miekg/dns v1.1.58 // indirect
+	github.com/miekg/dns v1.1.58
 	k8s.io/api v0.29.0
 	k8s.io/apiextensions-apiserver v0.29.0
 	k8s.io/client-go v0.29.0
@ -17,6 +17,8 @@ require (
 	k8s.io/klog/v2 v2.110.1
 )
 require github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 require (
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
@ -65,6 +67,7 @@ require (
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
 	github.com/stretchr/testify v1.9.0
 	go.etcd.io/etcd/api/v3 v3.5.11 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect
 	go.etcd.io/etcd/client/v3 v3.5.11 // indirect
--- a/go.sum
+++ b/go.sum
@ -162,8 +162,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
--- a/main.go
+++ b/main.go
@ -8,7 +8,7 @@ import (
 	"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"
-	sthome "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns"
+	dns "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns"
 )
 var (
@ -25,6 +25,6 @@ func main() {
 		panic("GROUP_NAME must be specified")
 	}
 	cmd.RunWebhookServer(GroupName,
-		&sthome.LocalDNSProviderSolver{},
+		&dns.SthomeSolver{},
 	)
 }
--- a/pkg/dns/config.go
+++ b/pkg/dns/config.go
@ -1,14 +1,25 @@
 package dns
 import (
 	"net"
 	"strings"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/klog/v2"
 )
 const (
 	SthomeAccessKeyEnv = "STHOME_ACCESS_KEY"
 	SthomeSecretKeyEnv = "STHOME_SECRET_KEY"
 	providerName = "sthome"
 	shell        = "/bin/bash"
 	acmeAuthCmd  = "/acme/acmeauth.sh"
 	dnsserver_net  = "10.0.0.15"
 	dnsserver_lan  = "192.168.2.1"
 	hostserver_net = "truenas.sthome.net"
 	hostserver_lan = "truenas.sthome.lan"
 )
 // localDNSProviderConfig is a structure that is used to decode into when
@ -98,3 +109,17 @@ func (cfg LocalDNSProviderConfig) IsAllowedZone(zone string) bool {
 	}
 	return false
 }
 // Get preferred outbound ip of this machine
 func getOutboundIP(dest string) string {
 	conn, err := net.Dial("udp", dest+":80")
 	if err != nil {
 		klog.Errorf("net.Dial error: %s", err)
 		return "0.0.0.0"
 	}
 	defer conn.Close()
 	localAddr := conn.LocalAddr().(*net.UDPAddr)
 	return localAddr.IP.String()
 }
--- a/pkg/dns/dns.go
+++ b/pkg/dns/dns.go
@ -1,5 +1,5 @@
 // not implemented
-package sthome
+package dns
 import (
 	"fmt"
--- a/pkg/dns/solver_sthome.go
+++ b/pkg/dns/solver_sthome.go
@ -1,15 +1,17 @@
 // not implemented
-package sthome
+package dns
 import (
 	"fmt"
 	"os"
 	"strings"
 	"sync"
 	"github.com/cert-manager/cert-manager/pkg/acme/webhook"
 	acme "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
 	"github.com/miekg/dns"
 	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 )
 type SthomeSolver struct {
@ -27,6 +29,37 @@ func (e *SthomeSolver) Present(ch *acme.ChallengeRequest) error {
 	e.Lock()
 	e.txtRecords[ch.ResolvedFQDN] = ch.Key
 	e.Unlock()
 	cfg, err := loadConfig(ch.Config)
 	if err != nil {
 		return err
 	}
 	klog.Infof("CZ: Presenting record for %s, type: %s, uid: %s, key: %s, ns: %s, fqdn: %s, zone: %s, allowambcred: %t, cfg.secret: %s, cfg.email: %s, cfg.allowz: %s",
 		ch.DNSName,
 		ch.UID,
 		ch.Type,
 		ch.Key,
 		ch.ResourceNamespace,
 		ch.ResolvedFQDN,
 		ch.ResolvedZone,
 		ch.AllowAmbientCredentials,
 		cfg.APIKeySecretRef.Name,
 		cfg.Email,
 		strings.Join(cfg.AllowedZones, ","),
 	)
 	// TODO: convert shell script to golang
 	localip := getOutboundIP(dnsserver_net)
 	success, _ := Execute(
 		shell,
 		acmeAuthCmd,
 		"set",
 		ch.DNSName,
 		ch.ResolvedFQDN,
 		ch.Key,
 		"-l",
 		localip,
 		"-v",
 	)
 	klog.Infof("Execute set TXT returned success: %t", success)
 	return nil
 }
@ -34,6 +67,19 @@ func (e *SthomeSolver) CleanUp(ch *acme.ChallengeRequest) error {
 	e.Lock()
 	delete(e.txtRecords, ch.ResolvedFQDN)
 	e.Unlock()
 	localip := getOutboundIP(dnsserver_net)
 	success, _ := Execute(
 		shell,
 		acmeAuthCmd,
 		"unset",
 		ch.DNSName,
 		ch.ResolvedFQDN,
 		ch.Key,
 		"-l",
 		localip,
 		"-v",
 	)
 	klog.Infof("Execute unset TXT returned success: %t", success)
 	return nil
 }
--- a/pkg/dns/sthome_test.go
+++ b/pkg/dns/sthome_test.go
@ -1,4 +1,4 @@
-package sthome
+package dns
 import (
 	"crypto/rand"
--- a/version.txt
+++ b/version.txt
@ -1,3 +1,3 @@
-0.0.4-alpha.109
+0.0.4-alpha.112
-20240405-2325
+20240406-0925
-109
+112
Author	SHA1	Message	Date
Chris	712c49164a	Moved to different client method. Will see if this works.	2024-04-06 10:41:00 +02:00
Chris	023c94af7d	DNS gets updated but cert-manager/challenge still fails. Will try another solver method.	2024-04-06 10:20:48 +02:00
`@ -1,3 +1,3 @@`
	`0.0.4-alpha.109`	`0.0.4-alpha.112`
	`20240405-2325`	`20240406-0925`
	`109`	`112`