diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml new file mode 100644 index 0000000..092f346 --- /dev/null +++ b/.github/workflows/build-images.yaml @@ -0,0 +1,49 @@ +name: Build docker images + +env: + DOCKER_BASE_NAME: 'ghcr.io/${{ github.repository_owner }}/cert-manager-webhook-dnsimple' + +on: + workflow_call: + inputs: + tags: + description: 'Tags to build the image for (separated by a whitespace)' + required: true + type: string + + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + password: ${{ secrets.GITHUB_TOKEN }} + username: ${{ github.repository_owner }} + + - name: Format tags + id: format-tags + # prepends DOCKER_BASE_NAME to every entry in the string ${{ inputs.tags }} + run: | + echo "TAGS=$(printf '${{ env.DOCKER_BASE_NAME }}:%s,' ${{ inputs.tags }})" >> $GITHUB_OUTPUT + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.format-tags.outputs.TAGS }} diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml new file mode 100644 index 0000000..f567407 --- /dev/null +++ b/.github/workflows/helm-release.yaml @@ -0,0 +1,30 @@ +# This workflow publishes a new chart release to github pages +# The content of the branch gh-pages is then published to https://puzzle.github.io/cert-manager-webhook-dnsimple/ +name: Release a new chart version + +on: + workflow_dispatch: + +jobs: + release: + permissions: + contents: write + + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.6.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + with: + charts_dir: ./charts diff --git a/.github/workflows/test-go.yaml b/.github/workflows/test-go.yaml new file mode 100644 index 0000000..3e89bb1 --- /dev/null +++ b/.github/workflows/test-go.yaml @@ -0,0 +1,54 @@ +name: Run code tests + +on: + push: + workflow_call: + secrets: + DNSIMPLE_API_TOKEN: + required: true + DNSIMPLE_ZONE_NAME: + required: true + + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: src/go.mod + cache-dependency-path: src/go.sum + + + - name: Install kubebuilder fixtures + id: kubebuilder + run: | + go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest + echo "BIN_DIR=$(setup-envtest use -p path)" >> $GITHUB_OUTPUT + + + - name: Run tests + env: + DNSIMPLE_API_TOKEN: ${{ secrets.DNSIMPLE_API_TOKEN }} + DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME }} + run: | + export TEST_ASSET_KUBE_APISERVER=${{ steps.kubebuilder.outputs.BIN_DIR }}/kube-apiserver + export TEST_ASSET_ETCD=${{ steps.kubebuilder.outputs.BIN_DIR }}/etcd + export TEST_ASSET_KUBECTL=${{ steps.kubebuilder.outputs.BIN_DIR }}/kubectl + export TEST_ZONE_NAME="${DNSIMPLE_ZONE_NAME}." # add trailing dot + echo """apiVersion: v1 + kind: Secret + metadata: + name: dnsimple-token + type: Opaque + stringData: + token: $DNSIMPLE_API_TOKEN + """ > testdata/dnsimple-token.yaml + cd src + go test -v . diff --git a/.github/workflows/test-kubernetes.yaml b/.github/workflows/test-kubernetes.yaml new file mode 100644 index 0000000..2130eae --- /dev/null +++ b/.github/workflows/test-kubernetes.yaml @@ -0,0 +1,87 @@ +name: Run webhook tests in a full environment + +on: + workflow_call: + secrets: + DNSIMPLE_API_TOKEN: + required: true + DNSIMPLE_ZONE_NAME: + required: true + + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + + - name: Start minikube + uses: medyagh/setup-minikube@master + with: + kubernetes-version: 1.29.3 + + + - name: Install cert-manager, patch upstream dns servers, wait for readiness + run: | + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.3/cert-manager.yaml + # Patch cert-manager to use DNSimple's nameservers for faster propagation-checks + kubectl patch deployment cert-manager -n cert-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--dns01-recursive-nameservers=ns1.dnsimple.com:53"}]' + kubectl wait --for=condition=available --timeout=600s deployment/cert-manager-webhook -n cert-manager + + + - name: Install cert-manager-webhook-dnsimple, wait for readiness + env: + DNSIMPLE_API_TOKEN: ${{ secrets.DNSIMPLE_API_TOKEN }} + DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME}} + run: | + helm install cert-manager-webhook-dnsimple ./charts/cert-manager-webhook-dnsimple \ + --namespace cert-manager \ + --set dnsimple.token="$DNSIMPLE_API_TOKEN" \ + --set groupName="acme.$DNSIMPLE_ZONE_NAME" \ + --set image.repository=ghcr.io/${{ github.repository_owner }}/cert-manager-webhook-dnsimple \ + --set clusterIssuer.staging.enabled=true \ + --set clusterIssuer.email="noreply@$DNSIMPLE_ZONE_NAME" \ + --set image.tag=commit-${{ github.sha }} + kubectl wait --for=condition=available --timeout=600s deployment/cert-manager-webhook-dnsimple -n cert-manager + + + - name: Create sample certificate that uses the webhook + env: + DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME }} + run: | + echo """apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: dnsimple-test + namespace: default + spec: + dnsNames: + - gh-action-test.$DNSIMPLE_ZONE_NAME + issuerRef: + name: cert-manager-webhook-dnsimple-staging + kind: ClusterIssuer + secretName: dnsimple-test-tls + """ > certificate.yaml + kubectl apply -f certificate.yaml + + + - name: Assert that the DNS record was created + env: + DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME }} + timeout-minutes: 10 + run: | + while true; do + if nslookup -type=TXT _acme-challenge.gh-action-test.$DNSIMPLE_ZONE_NAME ns1.dnsimple.com; then + break + fi + sleep 30 + done + + + - name: Check the certificate status + run: | + kubectl wait --for=condition=ready --timeout=600s certificate/dnsimple-test + # this should not be necessary since the certificate is usually ready once the DNS record is propagated + kubectl get certificate dnsimple-test -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' | grep True diff --git a/.github/workflows/workflow_full-test-suite.yaml b/.github/workflows/workflow_full-test-suite.yaml new file mode 100644 index 0000000..88e2a40 --- /dev/null +++ b/.github/workflows/workflow_full-test-suite.yaml @@ -0,0 +1,32 @@ +name: Run full test suite + +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + code-test: + name: Run tests on code + uses: ./.github/workflows/test-go.yaml + secrets: inherit + + + build-image: + name: Build Docker image + uses: ./.github/workflows/build-images.yaml + with: + tags: > + commit-${{ github.sha }} + latest + needs: code-test + + + webhook-tests: + name: Run tests on webhooks + needs: build-image + uses: ./.github/workflows/test-kubernetes.yaml + secrets: inherit diff --git a/.github/workflows/workflow_tagged-build.yaml b/.github/workflows/workflow_tagged-build.yaml new file mode 100644 index 0000000..cd1566f --- /dev/null +++ b/.github/workflows/workflow_tagged-build.yaml @@ -0,0 +1,16 @@ +name: Publish a new tagged Docker image + +on: + push: + tags: # v* tags are protected in the repository settings + - 'v*' + +jobs: + docker-build: + name: Build tagged Docker image + uses: ./.github/workflows/build-images.yaml + with: + tags: > + ${{ github.ref_name }} + commit-${{ github.sha }} + latest diff --git a/.gitignore b/.gitignore index b4dd842..44c6e4c 100644 --- a/.gitignore +++ b/.gitignore @@ -11,8 +11,5 @@ # Output of the go coverage tool, specifically when used with LiteIDE *.out -# Ignore the built binary -cert-manager-webhook-dnsimple - -# Ignore test binaries -__test__/ +# Ignore kubebuilder test binaries +_test/ diff --git a/Dockerfile b/Dockerfile index acb1f02..fd2186d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,18 @@ -FROM golang:1.20-alpine AS build_deps +FROM golang:1.22-alpine AS build_deps RUN apk add --no-cache git WORKDIR /workspace ENV GO111MODULE=on -COPY go.mod . -COPY go.sum . +COPY src/go.mod . +COPY src/go.sum . RUN go mod download FROM build_deps AS build -COPY . . +COPY src . RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' . diff --git a/Makefile b/Makefile index 86e03c2..1c05642 100644 --- a/Makefile +++ b/Makefile @@ -1,21 +1,15 @@ GO ?= $(shell which go) OS ?= $(shell $(GO) env GOOS) ARCH ?= $(shell $(GO) env GOARCH) - -IMAGE_NAME := "neoskop/cert-manager-webhook-dnsimple" -IMAGE_TAG := "latest" - -OUT := $(shell pwd)/_out - KUBE_VERSION=1.25.0 -$(shell mkdir -p "$(OUT)") -export TEST_ASSET_ETCD=_test/kubebuilder/etcd -export TEST_ASSET_KUBE_APISERVER=_test/kubebuilder/kube-apiserver -export TEST_ASSET_KUBECTL=_test/kubebuilder/kubectl +# required by go tests +export TEST_ASSET_ETCD=../_test/kubebuilder/etcd +export TEST_ASSET_KUBE_APISERVER=../_test/kubebuilder/kube-apiserver +export TEST_ASSET_KUBECTL=../_test/kubebuilder/kubectl test: _test/kubebuilder - $(GO) test -v . + cd src && $(GO) test -v . _test/kubebuilder: curl -fsSL https://go.kubebuilder.io/test-tools/$(KUBE_VERSION)/$(OS)/$(ARCH) -o kubebuilder-tools.tar.gz @@ -28,15 +22,4 @@ _test/kubebuilder: clean: clean-kubebuilder clean-kubebuilder: - rm -Rf _test/kubebuilder - -build: - docker build -t "$(IMAGE_NAME):$(IMAGE_TAG)" . - -.PHONY: rendered-manifest.yaml -rendered-manifest.yaml: - helm template \ - --name dnsimple-webhook \ - --set image.repository=$(IMAGE_NAME) \ - --set image.tag=$(IMAGE_TAG) \ - deploy/dnsimple-webhook > "$(OUT)/rendered-manifest.yaml" \ No newline at end of file + rm -Rf _test diff --git a/README.md b/README.md index b5909e5..0b0e0c2 100644 --- a/README.md +++ b/README.md @@ -2,95 +2,148 @@ A [cert-manager][2] ACME DNS01 solver webhook for [DNSimple][1]. + ## Pre-requisites - [cert-manager][2] >= 0.13 (The Helm chart uses the new API versions) - Kubernetes >= 1.17.x - Helm 3 (otherwise adjust the example below accordingly) + ## Quickstart -Take note of your DNSimple API token from the account settings in the automation tab. Run the following commands replacing the API token / account ID placeholders and email address: +1. Take note of your DNSimple API token from the account settings in the automation tab. -```bash -$ helm repo add neoskop https://charts.neoskop.dev -$ helm install cert-manager-webhook-dnsimple \ - --namespace cert-manager \ - --dry-run \ - --set dnsimple.token='' \ - --set dnsimple.accountID='' # Only needed if using a User API token \ - --set clusterIssuer.production.enabled=true \ - --set clusterIssuer.staging.enabled=true \ - --set clusterIssuer.email=email@example.com \ - neoskop/cert-manager-webhook-dnsimple -``` +2. Add the helm repo published under the [Github pages deployment of this repository][4]: + ```bash + $ helm repo add certmanager-webhook https://puzzle.github.io/cert-manager-webhook-dnsimple + ``` -_(Alternatively you can check out this repository and substitute neoskop/cert-manager-webhook-dnsimple with ./deploy/dnsimple)_ +3. Install the application, replacing the API token and email placeholders: + ```bash + $ helm repo add certmanager-webhook https://puzzle.github.io/cert-manager-webhook-dnsimple + $ helm install cert-manager-webhook-dnsimple \ + --dry-run \ # remove once you are sure the values are correct + --namespace cert-manager \ + --set dnsimple.token='' \ + --set clusterIssuer.production.enabled=true \ + --set clusterIssuer.staging.enabled=true \ + --set clusterIssuer.email= \ + certmanager-webhook/cert-manager-webhook-dnsimple + ``` + Alternatively you can check out this repository and substitute the source of the install command with `./charts/cert-manager-webhook-dnsimple`. -Afterwards issue a certificate: +4. Afterwards you can issue a certificate: + ```bash + $ cat << EOF | kubectl apply -f - + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: dnsimple-test + spec: + dnsNames: + - test.example.com + issuerRef: + name: cert-manager-webhook-dnsimple-staging + kind: ClusterIssuer + secretName: dnsimple-test-tls + EOF + ``` -```bash -$ cat << EOF | kubectl apply -f - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: dnsimple-test - namespace: default -spec: - dnsNames: - - test.example.com - issuerRef: - name: cert-manager-webhook-dnsimple-production - kind: ClusterIssuer - secretName: dnsimple-test-tls -EOF -``` - -## Options +## Chart options The Helm chart accepts the following values: | name | required | description | default value | | ---------------------------------- | -------- | ----------------------------------------------- | --------------------------------------- | | `dnsimple.token` | ✔️ | DNSimple API Token | _empty_ | -| `dnsimple.accountID` | | DNSimple Account ID (required for User tokens) | _empty_ | -| `clusterIssuer.email` | | LetsEncrypt Admin Email | `name@example.com` | +| `dnsimple.accountID` | | DNSimple Account ID (required when `dnsimple.token` is a user-token) | _empty_ | +| `clusterIssuer.email` | | LetsEncrypt Admin Email | _empty_ | | `clusterIssuer.production.enabled` | | Create a production `ClusterIssuer` | `false` | | `clusterIssuer.staging.enabled` | | Create a staging `ClusterIssuer` | `false` | -| `image.repository` | ✔️ | Docker image for the webhook solver | `neoskop/cert-manager-webhook-dnsimple` | -| `image.tag` | ✔️ | Docker image tag of the solver | `latest` | +| `image.repository` | ✔️ | Docker image for the webhook solver | `ghcr.io/puzzle/cert-manager-webhook-dnsimple` | +| `image.tag` | ✔️ | Docker image tag of the solver | latest tagged docker build | | `image.pullPolicy` | ✔️ | Image pull policy of the solver | `IfNotPresent` | | `logLevel` | | Set the verbosity of the solver | _empty_ | -| `groupName` | ✔️ | Identifies the company that created the webhook | `acme.neoskop.de` | +| `groupName` | ✔️ | Identifies the company that created the webhook | _empty_ | | `certManager.namespace` | ✔️ | The namespace cert-manager was installed to | `cert-manager` | | `certManager.serviceAccountName` | ✔️ | The service account cert-manager runs under | `cert-manager` | -## Test suite -All cert-manager webhooks have to pass the DNS01 provider conformance testing suite. To run that test suite on this plug-in download the test binaries: +## Testing +All cert-manager webhooks have to pass the DNS01 provider conformance testing suite. +### Pull requests +Prerequisites for PRs are implemented as GitHub-actions. All tests should pass before a PR is merged: +- the `cert-manager` conformance suite is run with provided kubebuilder fixtures +- a custom test suite running on a working k8s cluster (using `minikube`) is executed as well + +### Local testing +#### Test suite +You can also run tests locally, as specified in the `Makefile`: + +1. Set-up `testdata/` according to its [README][3]. + - `dnsimple-token.yaml` should be filled with a valid token (for either the sandbox or production environment) + - `dnsimple.env` should contain the remaining environment variables (non sensitive) +2. Execute the test suite: + ```bash + make test + ``` +#### In-cluster testing +1. Install cert-manager: + ```bash + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.3/cert-manager.yaml + ``` +2. Install the webhook: + ```bash + helm install cert-manager-webhook-dnsimple \ + --namespace cert-manager \ + --set dnsimple.token='' \ + --set clusterIssuer.staging.enabled=true \ + ./charts/cert-manager-webhook-dnsimple + ``` +3. Test away... You can create a sample certificate to ensure the webhook is working correctly: + ```bash + kubectl apply -f - <<`. **We recommend using a specific version tag for production deployments instead.** + +Tagged images are considered stable, these are the ones referenced by the default helm values. + +### How to tag +Create a new tag and push it to the repository. This will trigger a new container build: ```bash -$ mkdir -p __main__/hack -$ wget -O- https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.14.1-linux-amd64.tar.gz | tar xz --strip-components=1 -C __main__/hack +git tag -a v0.1.0 -m "Release v0.1.0" +git push origin v0.1.0 ``` +We recommend the following versioning scheme: `vX.Y.Z` where `X` is the major version, `Y` the minor version and `Z` the patch version. -Then set-up `testdata/dnsimple/config.json` and `testdata/dnsimple/dnsimple-token.yaml` according to the [README][3]. +### Helm releases +Helm charts are only released when significant changes occur. We encourage users to update the underlying image versions on their own. A new release can be triggered manually under the _actions_ tab and running `helm-release`. This only works if a new version was specified in the `Chart.yaml`. The new release will be appended to the [Github pages deployment][4]. -Execute the test suite replacing `TEST_ZONE_NAME` with a DNS name you have control over with your DNSimple account: -```bash -# Mind the trailing dot in the TEST_ZONE_NAME value -$ TEST_ZONE_NAME=example.com. go test . -``` +## Contributing +We welcome contributions. Please open an issue or a pull request. -## Release -After you committed all of your changes, run the following command to tag a new version and build and push a new Docker image tag as well as a new Helm chart: - -```bash -$ ./scripts/release.sh -``` [1]: https://dnsimple.com/ [2]: https://cert-manager.io/docs/installation/kubernetes/ -[3]: ./testdata/dnsimple/README.md +[3]: ./testdata/README.md +[4]: https://puzzle.github.io/cert-manager-webhook-dnsimple diff --git a/deploy/dnsimple/.helmignore b/charts/cert-manager-webhook-dnsimple/.helmignore similarity index 100% rename from deploy/dnsimple/.helmignore rename to charts/cert-manager-webhook-dnsimple/.helmignore diff --git a/charts/cert-manager-webhook-dnsimple/Chart.yaml b/charts/cert-manager-webhook-dnsimple/Chart.yaml new file mode 100644 index 0000000..5bf46fa --- /dev/null +++ b/charts/cert-manager-webhook-dnsimple/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +appVersion: "0.1.2" +description: cert-manager webhook solver for ACME DNS01 challenge via DNSimple +name: cert-manager-webhook-dnsimple +version: 0.1.2 +home: https://github.com/puzzle/cert-manager-webhook-dnsimple +sources: + - https://github.com/puzzle/cert-manager-webhook-dnsimple +maintainers: + - name: Puzzle ITC + email: container@puzzle.ch + url: https://www.puzzle.ch diff --git a/deploy/dnsimple/templates/NOTES.txt b/charts/cert-manager-webhook-dnsimple/templates/NOTES.txt similarity index 100% rename from deploy/dnsimple/templates/NOTES.txt rename to charts/cert-manager-webhook-dnsimple/templates/NOTES.txt diff --git a/deploy/dnsimple/templates/_helpers.tpl b/charts/cert-manager-webhook-dnsimple/templates/_helpers.tpl similarity index 100% rename from deploy/dnsimple/templates/_helpers.tpl rename to charts/cert-manager-webhook-dnsimple/templates/_helpers.tpl diff --git a/deploy/dnsimple/templates/apiservice.yaml b/charts/cert-manager-webhook-dnsimple/templates/apiservice.yaml similarity index 100% rename from deploy/dnsimple/templates/apiservice.yaml rename to charts/cert-manager-webhook-dnsimple/templates/apiservice.yaml diff --git a/deploy/dnsimple/templates/deployment.yaml b/charts/cert-manager-webhook-dnsimple/templates/deployment.yaml similarity index 100% rename from deploy/dnsimple/templates/deployment.yaml rename to charts/cert-manager-webhook-dnsimple/templates/deployment.yaml diff --git a/deploy/dnsimple/templates/pki.yaml b/charts/cert-manager-webhook-dnsimple/templates/pki.yaml similarity index 100% rename from deploy/dnsimple/templates/pki.yaml rename to charts/cert-manager-webhook-dnsimple/templates/pki.yaml diff --git a/deploy/dnsimple/templates/production.cluster-issuer.yaml b/charts/cert-manager-webhook-dnsimple/templates/production.cluster-issuer.yaml similarity index 100% rename from deploy/dnsimple/templates/production.cluster-issuer.yaml rename to charts/cert-manager-webhook-dnsimple/templates/production.cluster-issuer.yaml diff --git a/deploy/dnsimple/templates/rbac.yaml b/charts/cert-manager-webhook-dnsimple/templates/rbac.yaml similarity index 100% rename from deploy/dnsimple/templates/rbac.yaml rename to charts/cert-manager-webhook-dnsimple/templates/rbac.yaml diff --git a/deploy/dnsimple/templates/secret.yaml b/charts/cert-manager-webhook-dnsimple/templates/secret.yaml similarity index 100% rename from deploy/dnsimple/templates/secret.yaml rename to charts/cert-manager-webhook-dnsimple/templates/secret.yaml diff --git a/deploy/dnsimple/templates/service.yaml b/charts/cert-manager-webhook-dnsimple/templates/service.yaml similarity index 100% rename from deploy/dnsimple/templates/service.yaml rename to charts/cert-manager-webhook-dnsimple/templates/service.yaml diff --git a/deploy/dnsimple/templates/staging.cluster-issuer.yaml b/charts/cert-manager-webhook-dnsimple/templates/staging.cluster-issuer.yaml similarity index 100% rename from deploy/dnsimple/templates/staging.cluster-issuer.yaml rename to charts/cert-manager-webhook-dnsimple/templates/staging.cluster-issuer.yaml diff --git a/deploy/dnsimple/values.yaml b/charts/cert-manager-webhook-dnsimple/values.yaml similarity index 94% rename from deploy/dnsimple/values.yaml rename to charts/cert-manager-webhook-dnsimple/values.yaml index c9fee27..af8f3a6 100644 --- a/deploy/dnsimple/values.yaml +++ b/charts/cert-manager-webhook-dnsimple/values.yaml @@ -6,7 +6,7 @@ # solve the DNS01 challenge. # This group name should be **unique**, hence using your own company's domain # here is recommended. -groupName: acme.neoskop.de +groupName: "" certManager: namespace: cert-manager serviceAccountName: cert-manager @@ -23,7 +23,7 @@ clusterIssuer: production: enabled: false image: - repository: neoskop/cert-manager-webhook-dnsimple + repository: ghcr.io/puzzle/cert-manager-webhook-dnsimple tag: 0.1.2 pullPolicy: IfNotPresent # pullSecret: "gcr" diff --git a/deploy/dnsimple/Chart.yaml b/deploy/dnsimple/Chart.yaml deleted file mode 100644 index d1679e5..0000000 --- a/deploy/dnsimple/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: "0.1.2" -description: cert-manager webhook solver for ACME DNS01 challenge via DNSimple -name: cert-manager-webhook-dnsimple -version: 0.1.2 -home: https://github.com/neoskop/cert-manager-webhook-dnsimple -sources: - - https://github.com/neoskop/cert-manager-webhook-dnsimple -maintainers: - - name: Arne Diekmann - email: diekmann@neoskop.de - url: https://www.neoskop.de diff --git a/scripts/fetch-test-binaries.sh b/scripts/fetch-test-binaries.sh deleted file mode 100755 index f1f641a..0000000 --- a/scripts/fetch-test-binaries.sh +++ /dev/null @@ -1 +0,0 @@ -#!/usr/bin/env bash diff --git a/scripts/release.sh b/scripts/release.sh deleted file mode 100755 index 3341e41..0000000 --- a/scripts/release.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/env bash - -set -e - -check_commands() { - for command in $@; do - if ! command -v $command >/dev/null; then - echo -e "Install \033[1m$command\033[0m" - exit 1 - fi - done -} - -inc_version() { - version=$1 - version_array=(${version//./ }) - - if [ $2 = "major" ]; then - ((version_array[0]++)) - version_array[1]=0 - version_array[2]=0 - fi - - if [ $2 = "minor" ]; then - ((version_array[1]++)) - version_array[2]=0 - fi - - if [ $2 = "patch" ]; then - ((version_array[2]++)) - fi - - echo "${version_array[0]}.${version_array[1]}.${version_array[2]}" -} - -check_commands git yq cr - -if [[ "$#" != "1" ]] || [[ ! "$1" =~ ^(patch|minor|major)$ ]]; then - echo -e "Usage: $0 \033[1mpatch|minor|major\033[0m" - exit 1 -fi - -if [[ $(git status --porcelain) ]]; then - echo -e "The repository has changes. Commit first...\033[0;31mAborting!\033[0m" - exit 1 -fi - -SCRIPT_DIR=$( - cd "$(dirname "$0")" >/dev/null 2>&1 - pwd -P -) - -git pull --rebase -current_version=$(yq e .version $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml) -version=$(inc_version $current_version $1) -cd $SCRIPT_DIR/.. -docker build -t neoskop/cert-manager-webhook-dnsimple:$version . -docker push neoskop/cert-manager-webhook-dnsimple:$version -cd - &>/dev/null -sed -i "s/appVersion: .*/appVersion: \"$version\"/" $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml -sed -i "s/version: .*/version: $version/" $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml - -yq e ".version=\"$version\"" -i $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml -yq e ".appVersion=\"$version\"" -i $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml -yq e ".image.tag=\"$version\"" -i $SCRIPT_DIR/../deploy/dnsimple/values.yaml -git add . -git commit -m "chore: Bump version to ${version}." -git push - -helm package deploy/dnsimple --destination .deploy -cr upload -o neoskop -r cert-manager-webhook-dnsimple -p .deploy -git checkout gh-pages -cr index -i ./index.yaml -p .deploy -o neoskop -r cert-manager-webhook-dnsimple -c https://neoskop.github.io/cert-manager-webhook-dnsimple/ -git add index.yaml -git commit -m "chore: Bump version to ${version}." -git push -git checkout master -rm -rf .deploy/ - -HELM_CHARTS_DIR=../neoskop-helm-charts -[ -d $HELM_CHARTS_DIR ] || git clone git@github.com:neoskop/helm-charts.git $HELM_CHARTS_DIR -cd $HELM_CHARTS_DIR -./update-index.sh -cd - &>/dev/null \ No newline at end of file diff --git a/go.mod b/src/go.mod similarity index 99% rename from go.mod rename to src/go.mod index 28b2e42..f84e3cf 100644 --- a/go.mod +++ b/src/go.mod @@ -1,6 +1,6 @@ module github.com/neoskop/cert-manager-webhook-dnsimple -go 1.20 +go 1.22 require ( github.com/cert-manager/cert-manager v1.12.1 diff --git a/go.sum b/src/go.sum similarity index 100% rename from go.sum rename to src/go.sum diff --git a/main.go b/src/main.go similarity index 99% rename from main.go rename to src/main.go index fd2e925..288dc00 100644 --- a/main.go +++ b/src/main.go @@ -138,16 +138,14 @@ func (c *dnsimpleDNSProviderSolver) getDomainAndEntry(ch *v1alpha1.ChallengeRequ } func (c *dnsimpleDNSProviderSolver) getExistingRecord(cfg *dnsimpleDNSProviderConfig, client *dnsimple.Client, accountID string, zoneName string, entry string, key string) (*dnsimple.ZoneRecord, error) { - // Look for existing TXT records. records, err := client.Zones.ListRecords(context.Background(), accountID, zoneName, &dnsimple.ZoneRecordListOptions{Type: dnsimple.String("TXT"), Name: dnsimple.String(entry)}) if err != nil { return nil, fmt.Errorf("unable to get resource records: %s", err) } - for _, record := range records.Data { - if record.Content == key { + if strings.Replace(record.Content, "\"", "", 2) == key { return &record, nil } } diff --git a/main_test.go b/src/main_test.go similarity index 64% rename from main_test.go rename to src/main_test.go index a860ac2..774b339 100644 --- a/main_test.go +++ b/src/main_test.go @@ -8,7 +8,8 @@ import ( ) var ( - zone = os.Getenv("TEST_ZONE_NAME") + zone = os.Getenv("TEST_ZONE_NAME") + testdata_dir = "../testdata" ) func TestRunsSuite(t *testing.T) { @@ -19,7 +20,11 @@ func TestRunsSuite(t *testing.T) { fixture := dns.NewFixture(&dnsimpleDNSProviderSolver{}, dns.SetResolvedZone(zone), dns.SetAllowAmbientCredentials(false), - dns.SetManifestPath("testdata/dnsimple"), + dns.SetManifestPath(testdata_dir), + dns.SetUseAuthoritative(false), + dns.SetDNSServer("ns1.dnsimple.com:53"), + // check against dnsimple nameservers for faster propagation + dns.SetStrict(true), ) fixture.RunConformance(t) diff --git a/testdata/dnsimple/.gitignore b/testdata/.gitignore similarity index 100% rename from testdata/dnsimple/.gitignore rename to testdata/.gitignore diff --git a/testdata/dnsimple/README.md b/testdata/README.md similarity index 100% rename from testdata/dnsimple/README.md rename to testdata/README.md diff --git a/testdata/dnsimple/config.json b/testdata/config.json similarity index 100% rename from testdata/dnsimple/config.json rename to testdata/config.json diff --git a/testdata/dnsimple/dnsimple-token.yaml.example b/testdata/dnsimple-token.yaml.example similarity index 100% rename from testdata/dnsimple/dnsimple-token.yaml.example rename to testdata/dnsimple-token.yaml.example