limil/cert-manager-webhook-dnspod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

retrieve token from secret

Browse Source
This commit is contained in:
Hanfei Shen 2019-06-15 16:14:30 +08:00
parent 4d81e77710
commit c76a696b49
4 changed files with 43 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
go.mod
View File

@ -10,6 +10,7 @@ require (
golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a // indirect golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a // indirect
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
k8s.io/apiextensions-apiserver v0.0.0-20190413053546-d0acb7a76918 k8s.io/apiextensions-apiserver v0.0.0-20190413053546-d0acb7a76918
k8s.io/apimachinery v0.0.0-20190413052414-40a3f73b0fa2
k8s.io/client-go v11.0.0+incompatible k8s.io/client-go v11.0.0+incompatible
) )

2
go.sum
View File

@ -220,6 +220,7 @@ github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQ
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
@ -413,6 +414,7 @@ modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
sigs.k8s.io/controller-runtime v0.0.0-20190222182021-68ae79ea094a/go.mod h1:HFAYoOh6XMV+jKF1UjFwrknPbowfyHEHHRdJMf2jMX8= sigs.k8s.io/controller-runtime v0.0.0-20190222182021-68ae79ea094a/go.mod h1:HFAYoOh6XMV+jKF1UjFwrknPbowfyHEHHRdJMf2jMX8=
sigs.k8s.io/structured-merge-diff v0.0.0-20190302045857-e85c7b244fd2 h1:9r5DY45ef9LtcA6BnkhW8MPV7OKAfbf2AUwUhq3LeRk= sigs.k8s.io/structured-merge-diff v0.0.0-20190302045857-e85c7b244fd2 h1:9r5DY45ef9LtcA6BnkhW8MPV7OKAfbf2AUwUhq3LeRk=
sigs.k8s.io/structured-merge-diff v0.0.0-20190302045857-e85c7b244fd2/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff v0.0.0-20190302045857-e85c7b244fd2/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
sigs.k8s.io/testing_frameworks v0.1.1 h1:cP2l8fkA3O9vekpy5Ks8mmA0NW/F7yBdXf8brkWhVrs=
sigs.k8s.io/testing_frameworks v0.1.1/go.mod h1:VVBKrHmJ6Ekkfz284YKhQePcdycOzNH9qL6ht1zEr/U= sigs.k8s.io/testing_frameworks v0.1.1/go.mod h1:VVBKrHmJ6Ekkfz284YKhQePcdycOzNH9qL6ht1zEr/U=
sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

52
main.go
View File

@ -7,11 +7,13 @@ import (
"strings" "strings"
extapi "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" extapi "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
//"k8s.io/client-go/kubernetes" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
"github.com/jetstack/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" "github.com/jetstack/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
"github.com/jetstack/cert-manager/pkg/acme/webhook/cmd" "github.com/jetstack/cert-manager/pkg/acme/webhook/cmd"
certmanager_v1alpha1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
"github.com/jetstack/cert-manager/pkg/issuer/acme/dns/util" "github.com/jetstack/cert-manager/pkg/issuer/acme/dns/util"
"github.com/decker502/dnspod-go" "github.com/decker502/dnspod-go"
@ -49,7 +51,7 @@ type customDNSProviderSolver struct {
// 3. uncomment the relevant code in the Initialize method below // 3. uncomment the relevant code in the Initialize method below
// 4. ensure your webhook's service account has the required RBAC role // 4. ensure your webhook's service account has the required RBAC role
// assigned to it for interacting with the Kubernetes APIs you need. // assigned to it for interacting with the Kubernetes APIs you need.
//client kubernetes.Clientset client *kubernetes.Clientset
dnspod map[int]*dnspod.Client dnspod map[int]*dnspod.Client
} }
@ -74,9 +76,9 @@ type customDNSProviderConfig struct {
// These fields will be set by users in the // These fields will be set by users in the
// `issuer.spec.acme.dns01.providers.webhook.config` field. // `issuer.spec.acme.dns01.providers.webhook.config` field.
APIID int `json:"apiID"` APIID int `json:"apiID"`
APIToken string `json:"apiToken"` APITokenSecretRef certmanager_v1alpha1.SecretKeySelector `json:"apiTokenSecretRef"`
TTL *int `json:"ttl"` TTL *int `json:"ttl"`
} }
// Name is used as the name for this DNS solver when referencing it on the ACME // Name is used as the name for this DNS solver when referencing it on the ACME
@ -102,7 +104,10 @@ func (c *customDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
// TODO: do something more useful with the decoded configuration // TODO: do something more useful with the decoded configuration
fmt.Printf("Decoded configuration %v", cfg) fmt.Printf("Decoded configuration %v", cfg)
dnspodClient := c.getDNSPod(cfg) dnspodClient, err := c.getDNSPod(ch, cfg)
if err != nil {
return err
}
// TODO: add code that sets a record in the DNS provider's console // TODO: add code that sets a record in the DNS provider's console
domainID, err := getDomainID(dnspodClient, ch.ResolvedZone) domainID, err := getDomainID(dnspodClient, ch.ResolvedZone)
@ -133,7 +138,10 @@ func (c *customDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
// TODO: do something more useful with the decoded configuration // TODO: do something more useful with the decoded configuration
fmt.Printf("Decoded configuration %v", cfg) fmt.Printf("Decoded configuration %v", cfg)
dnspodClient := c.getDNSPod(cfg) dnspodClient, err := c.getDNSPod(ch, cfg)
if err != nil {
return err
}
// TODO: add code that deletes a record from the DNS provider's console // TODO: add code that deletes a record from the DNS provider's console
domainID, err := getDomainID(dnspodClient, ch.ResolvedZone) domainID, err := getDomainID(dnspodClient, ch.ResolvedZone)
@ -173,12 +181,12 @@ func (c *customDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stop
///// UNCOMMENT THE BELOW CODE TO MAKE A KUBERNETES CLIENTSET AVAILABLE TO ///// UNCOMMENT THE BELOW CODE TO MAKE A KUBERNETES CLIENTSET AVAILABLE TO
///// YOUR CUSTOM DNS PROVIDER ///// YOUR CUSTOM DNS PROVIDER
//cl, err := kubernetes.NewForConfig(kubeClientConfig) cl, err := kubernetes.NewForConfig(kubeClientConfig)
//if err != nil { if err != nil {
// return err return err
//} }
//
//c.client = cl c.client = cl
///// END OF CODE TO MAKE KUBERNETES CLIENTSET AVAILABLE ///// END OF CODE TO MAKE KUBERNETES CLIENTSET AVAILABLE
@ -187,17 +195,29 @@ func (c *customDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stop
return nil return nil
} }
func (c *customDNSProviderSolver) getDNSPod(cfg customDNSProviderConfig) *dnspod.Client { func (c *customDNSProviderSolver) getDNSPod(ch *v1alpha1.ChallengeRequest, cfg customDNSProviderConfig) (*dnspod.Client, error) {
apiID := cfg.APIID apiID := cfg.APIID
dnspodClient, ok := c.dnspod[apiID] dnspodClient, ok := c.dnspod[apiID]
if !ok { if !ok {
key := fmt.Sprintf("%d,%s", cfg.APIID, cfg.APIToken) ref := cfg.APITokenSecretRef
secret, err := c.client.CoreV1().Secrets(ch.ResourceNamespace).Get(ref.Name, metav1.GetOptions{})
if err != nil {
return nil, err
}
apiToken, ok := secret.Data[ref.Key]
if !ok {
return nil, fmt.Errorf("no api token for %q in secret '%s/%s'", ref.Name, ref.Key, ch.ResourceNamespace)
}
key := fmt.Sprintf("%d,%s", cfg.APIID, apiToken)
params := dnspod.CommonParams{LoginToken: key, Format: "json"} params := dnspod.CommonParams{LoginToken: key, Format: "json"}
dnspodClient = dnspod.NewClient(params) dnspodClient = dnspod.NewClient(params)
c.dnspod[cfg.APIID] = dnspodClient c.dnspod[cfg.APIID] = dnspodClient
} }
return dnspodClient return dnspodClient, nil
} }
// loadConfig is a small helper function that decodes JSON configuration into // loadConfig is a small helper function that decodes JSON configuration into

5
testdata/my-custom-solver/config.json vendored
View File

@ -1,5 +1,8 @@
{ {
"apiID": 12345, "apiID": 12345,
"apiToken": "abcdefg1234567", "apiTokenSecretRef": {
"Name": "dnspod-credentials",
"Key": "api-token"
},
"ttl": 600 "ttl": 600
} }