Moved to different client method. Will see if this works.

DNS gets updated but cert-manager/challenge still fails. Will try another solver method.
2024-04-06 10:41:00 +02:00 · 2024-04-06 10:20:48 +02:00
11 changed files with 88 additions and 40 deletions
--- a/_backup/solver_local.go
+++ b/_backup/solver_local.go
@ -2,7 +2,6 @@ package dns

 import (
 	"fmt"
-	"net"
 	"strings"

 	"k8s.io/client-go/kubernetes"
@ -13,17 +12,6 @@ import (
 	"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
 )

-const (
-	providerName = "sthome"
-	shell        = "/bin/bash"
-	acmeAuthCmd  = "/acme/acmeauth.sh"
-
-	dnsserver_net  = "10.0.0.15"
-	dnsserver_lan  = "192.168.2.1"
-	hostserver_net = "truenas.sthome.net"
-	hostserver_lan = "truenas.sthome.lan"
-)
-
 // LocalDNSProviderSolver implements the provider-specific logic needed to
 // 'present' an ACME challenge TXT record for your own DNS provider.
 // To do so, it must implement the `github.com/cert-manager/cert-manager/pkg/acme/webhook.Solver`
@ -158,17 +146,3 @@ func extractDomainName(zone string) string {
 	}
 	return util.UnFqdn(authZone)
 }
-
-// Get preferred outbound ip of this machine
-func getOutboundIP(dest string) string {
-	conn, err := net.Dial("udp", dest+":80")
-	if err != nil {
-		klog.Errorf("net.Dial error: %s", err)
-		return "0.0.0.0"
-	}
-	defer conn.Close()
-
-	localAddr := conn.LocalAddr().(*net.UDPAddr)
-
-	return localAddr.IP.String()
-}
--- a/deploy/sthome-webhook/Chart.yaml
+++ b/deploy/sthome-webhook/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v0.0.4-alpha.109
+appVersion: v0.0.4-alpha.112
 description: Cert-Manager webhook for sthome
 name: sthome-webhook
-version: 0.0.4-alpha.109
+version: 0.0.4-alpha.112
--- a/deploy/sthome-webhook/values.yaml
+++ b/deploy/sthome-webhook/values.yaml
@ -31,7 +31,7 @@ clusterIssuer:
 image:
  repository: stuurmcp/cert-manager-webhook-sthome
  #repository: wstat.sthome.net:5000/cert-manager-webhook-sthome
-  tag: 0.0.4-alpha.109
+  tag: 0.0.4-alpha.112
  #pullPolicy should be IfNotPresent. Set to Always for testing purposes
  pullPolicy: IfNotPresent

--- a/go.mod
+++ b/go.mod
@ -6,7 +6,7 @@ toolchain go1.22.1

 require (
 	github.com/cert-manager/cert-manager v1.14.4
-	github.com/miekg/dns v1.1.58 // indirect
+	github.com/miekg/dns v1.1.58
 	k8s.io/api v0.29.0
 	k8s.io/apiextensions-apiserver v0.29.0
 	k8s.io/client-go v0.29.0
@ -17,6 +17,8 @@ require (
 	k8s.io/klog/v2 v2.110.1
 )

+require github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+
 require (
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
@ -65,6 +67,7 @@ require (
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
+	github.com/stretchr/testify v1.9.0
 	go.etcd.io/etcd/api/v3 v3.5.11 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect
 	go.etcd.io/etcd/client/v3 v3.5.11 // indirect
--- a/go.sum
+++ b/go.sum
@ -162,8 +162,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
--- a/main.go
+++ b/main.go
@ -8,7 +8,7 @@ import (

 	"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"

-	sthome "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns"
+	dns "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns"
 )

 var (
@ -25,6 +25,6 @@ func main() {
 		panic("GROUP_NAME must be specified")
 	}
 	cmd.RunWebhookServer(GroupName,
-		&sthome.LocalDNSProviderSolver{},
+		&dns.SthomeSolver{},
 	)
 }
--- a/pkg/dns/config.go
+++ b/pkg/dns/config.go
@ -1,14 +1,25 @@
 package dns

 import (
+	"net"
 	"strings"

 	v1 "k8s.io/api/core/v1"
+	"k8s.io/klog/v2"
 )

 const (
 	SthomeAccessKeyEnv = "STHOME_ACCESS_KEY"
 	SthomeSecretKeyEnv = "STHOME_SECRET_KEY"
+
+	providerName = "sthome"
+	shell        = "/bin/bash"
+	acmeAuthCmd  = "/acme/acmeauth.sh"
+
+	dnsserver_net  = "10.0.0.15"
+	dnsserver_lan  = "192.168.2.1"
+	hostserver_net = "truenas.sthome.net"
+	hostserver_lan = "truenas.sthome.lan"
 )

 // localDNSProviderConfig is a structure that is used to decode into when
@ -98,3 +109,17 @@ func (cfg LocalDNSProviderConfig) IsAllowedZone(zone string) bool {
 	}
 	return false
 }
+
+// Get preferred outbound ip of this machine
+func getOutboundIP(dest string) string {
+	conn, err := net.Dial("udp", dest+":80")
+	if err != nil {
+		klog.Errorf("net.Dial error: %s", err)
+		return "0.0.0.0"
+	}
+	defer conn.Close()
+
+	localAddr := conn.LocalAddr().(*net.UDPAddr)
+
+	return localAddr.IP.String()
+}
--- a/pkg/dns/dns.go
+++ b/pkg/dns/dns.go
@ -1,5 +1,5 @@
 // not implemented
-package sthome
+package dns

 import (
 	"fmt"
--- a/pkg/dns/solver_sthome.go
+++ b/pkg/dns/solver_sthome.go
@ -1,15 +1,17 @@
 // not implemented
-package sthome
+package dns

 import (
 	"fmt"
 	"os"
+	"strings"
 	"sync"

 	"github.com/cert-manager/cert-manager/pkg/acme/webhook"
 	acme "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
 	"github.com/miekg/dns"
 	"k8s.io/client-go/rest"
+	"k8s.io/klog/v2"
 )

 type SthomeSolver struct {
@ -27,6 +29,37 @@ func (e *SthomeSolver) Present(ch *acme.ChallengeRequest) error {
 	e.Lock()
 	e.txtRecords[ch.ResolvedFQDN] = ch.Key
 	e.Unlock()
+	cfg, err := loadConfig(ch.Config)
+	if err != nil {
+		return err
+	}
+	klog.Infof("CZ: Presenting record for %s, type: %s, uid: %s, key: %s, ns: %s, fqdn: %s, zone: %s, allowambcred: %t, cfg.secret: %s, cfg.email: %s, cfg.allowz: %s",
+		ch.DNSName,
+		ch.UID,
+		ch.Type,
+		ch.Key,
+		ch.ResourceNamespace,
+		ch.ResolvedFQDN,
+		ch.ResolvedZone,
+		ch.AllowAmbientCredentials,
+		cfg.APIKeySecretRef.Name,
+		cfg.Email,
+		strings.Join(cfg.AllowedZones, ","),
+	)
+	// TODO: convert shell script to golang
+	localip := getOutboundIP(dnsserver_net)
+	success, _ := Execute(
+		shell,
+		acmeAuthCmd,
+		"set",
+		ch.DNSName,
+		ch.ResolvedFQDN,
+		ch.Key,
+		"-l",
+		localip,
+		"-v",
+	)
+	klog.Infof("Execute set TXT returned success: %t", success)
 	return nil
 }

@ -34,6 +67,19 @@ func (e *SthomeSolver) CleanUp(ch *acme.ChallengeRequest) error {
 	e.Lock()
 	delete(e.txtRecords, ch.ResolvedFQDN)
 	e.Unlock()
+	localip := getOutboundIP(dnsserver_net)
+	success, _ := Execute(
+		shell,
+		acmeAuthCmd,
+		"unset",
+		ch.DNSName,
+		ch.ResolvedFQDN,
+		ch.Key,
+		"-l",
+		localip,
+		"-v",
+	)
+	klog.Infof("Execute unset TXT returned success: %t", success)
 	return nil
 }

--- a/pkg/dns/sthome_test.go
+++ b/pkg/dns/sthome_test.go
@ -1,4 +1,4 @@
-package sthome
+package dns

 import (
 	"crypto/rand"
--- a/version.txt
+++ b/version.txt
@ -1,3 +1,3 @@
-0.0.4-alpha.109
-20240405-2325
-109
+0.0.4-alpha.112
+20240406-0925
+112
Author	SHA1	Message	Date
Chris	712c49164a	Moved to different client method. Will see if this works.	2024-04-06 10:41:00 +02:00
Chris	023c94af7d	DNS gets updated but cert-manager/challenge still fails. Will try another solver method.	2024-04-06 10:20:48 +02:00