117 lines
2.7 KiB
Go
117 lines
2.7 KiB
Go
package main
|
|
|
|
import (
|
|
_ "embed"
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
|
|
"k8s.io/client-go/kubernetes"
|
|
"k8s.io/client-go/rest"
|
|
"k8s.io/klog/v2"
|
|
|
|
"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
|
|
"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"
|
|
"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
|
|
|
|
dns "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns"
|
|
)
|
|
|
|
var (
|
|
// Version : current version
|
|
Version string = strings.TrimSpace(version)
|
|
//go:embed version.txt
|
|
version string
|
|
)
|
|
|
|
var GroupName = os.Getenv("GROUP_NAME")
|
|
|
|
func main() {
|
|
if GroupName == "" {
|
|
panic("GROUP_NAME must be specified")
|
|
}
|
|
cmd.RunWebhookServer(GroupName,
|
|
&dns.SthomeSolver{},
|
|
)
|
|
}
|
|
|
|
type LocalDNSProviderSolver struct {
|
|
client kubernetes.Interface
|
|
}
|
|
|
|
func (p *LocalDNSProviderSolver) Name() string {
|
|
return dns.ProviderName
|
|
}
|
|
|
|
func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
|
|
cfg, err := dns.LoadConfig(ch.Config)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
klog.Infof("CZ: Presenting record for %s, type: %s, uid: %s, key: %s, ns: %s, fqdn: %s, zone: %s, allowambcred: %t, cfg.secret: %s, cfg.email: %s, cfg.allowz: %s",
|
|
ch.DNSName,
|
|
ch.UID,
|
|
ch.Type,
|
|
ch.Key,
|
|
ch.ResourceNamespace,
|
|
ch.ResolvedFQDN,
|
|
ch.ResolvedZone,
|
|
ch.AllowAmbientCredentials,
|
|
cfg.APIKeySecretRef.Name,
|
|
cfg.Email,
|
|
strings.Join(cfg.AllowedZones, ","),
|
|
)
|
|
// TODO: convert shell script to golang
|
|
localip := dns.GetOutboundIP(dns.Dnsserver_net)
|
|
success, _ := dns.Execute(
|
|
dns.Shell,
|
|
dns.AcmeAuthCmd,
|
|
"set",
|
|
ch.DNSName,
|
|
ch.ResolvedFQDN,
|
|
ch.Key,
|
|
"-l",
|
|
localip,
|
|
"-v",
|
|
)
|
|
klog.Infof("Execute set TXT returned success: %t", success)
|
|
return nil
|
|
}
|
|
|
|
func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
|
|
//domainName := extractDomainName(ch.ResolvedZone)
|
|
// TODO: add code that deletes a record from the DNS provider's console
|
|
localip := dns.GetOutboundIP(dns.Dnsserver_net)
|
|
success, _ := dns.Execute(
|
|
dns.Shell,
|
|
dns.AcmeAuthCmd,
|
|
"unset",
|
|
ch.DNSName,
|
|
ch.ResolvedFQDN,
|
|
ch.Key,
|
|
"-l",
|
|
localip,
|
|
"-v",
|
|
)
|
|
klog.Infof("Execute unset TXT returned success: %t", success)
|
|
return nil
|
|
}
|
|
func (loc *LocalDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error {
|
|
cl, err := kubernetes.NewForConfig(kubeClientConfig)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to get kubernetes client: %w", err)
|
|
}
|
|
loc.client = cl
|
|
klog.InfoS("CZ: Successfully initialised kubernetes client!")
|
|
return nil
|
|
}
|
|
|
|
func extractDomainName(zone string) string {
|
|
authZone, err := util.FindZoneByFqdn(zone, util.RecursiveNameservers)
|
|
if err != nil {
|
|
klog.Errorf("could not get zone by fqdn %v", err)
|
|
return zone
|
|
}
|
|
return util.UnFqdn(authZone)
|
|
}
|