From f6c70562bc27e665ac04bc55cb0a878574d7bc6c Mon Sep 17 00:00:00 2001 From: Marc Singer Date: Sat, 14 Feb 2026 23:54:45 +0100 Subject: [PATCH] fix: most simple copilot suggestions --- Dockerfile | 3 +-- main.go | 2 +- solver/solver.go | 68 +++++++++++++++++++++++------------------------- 3 files changed, 34 insertions(+), 39 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3274b71..8f826c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,8 +4,7 @@ RUN apk add --no-cache git WORKDIR /workspace -COPY go.mod . -COPY go.sum . +COPY . . RUN go mod download diff --git a/main.go b/main.go index 423ba1f..8d954be 100644 --- a/main.go +++ b/main.go @@ -13,7 +13,7 @@ func main() { // Read the custom group name from environment variables groupName, ok := os.LookupEnv("GROUP_NAME") // Without a custom group name, return the default (also defined in the Helm chart) - if !ok { + if !ok || groupName == "" { groupName = "acme.pr0ton11.github.com" } // Start the webhook server with our solver diff --git a/solver/solver.go b/solver/solver.go index 6f9227b..80c7eb3 100644 --- a/solver/solver.go +++ b/solver/solver.go @@ -24,8 +24,6 @@ type DeSECDNSProviderSolverConfig struct { // A DNS-01 challenge solver for the DeSEC DNS Provider type DeSECDNSProviderSolver struct { - // Client to communicate with the deSEC API - client *desec.Client // Client to communicate with the kubernetes API k8s *kubernetes.Clientset } @@ -35,43 +33,41 @@ func (s *DeSECDNSProviderSolver) Name() string { return "deSEC" } -// Returns the initialized API client or creates a new client if not initialized +// Initializes a new client func (s *DeSECDNSProviderSolver) getClient(config *apiextensionsv1.JSON, namespace string) (*desec.Client, error) { - // Check if client is not initialized - if s.client == nil { - if config == nil { - return nil, fmt.Errorf("missing configuration in issuer found; webhook configuration requires apiKeySecretRef containing deSEC API token") - } - // Initialize the configuration object and unmarhal json - solverConfig := DeSECDNSProviderSolverConfig{} - if err := json.Unmarshal(config.Raw, &solverConfig); err != nil { - return nil, fmt.Errorf("invalid configuration in issuer found; webhook configuration requires apiKeySecretRef containing deSEC API token") - } - // Check if the namespace has been provided within the configuration - // Otherwise use the namespace from the request - if solverConfig.APIKeySecretRefNamespace != "" { - fmt.Sprintf("k8s secret namespace has been overwitten in webhook configuration apiKeySecretRefNamespace from %s to %s", namespace, solverConfig.APIKeySecretRefNamespace) - namespace = solverConfig.APIKeySecretRefNamespace - } - // Check if the k8s client has been initialized - // This should never happen as cert-manager calls s.Initialize() which assigns the k8s client - if s.k8s == nil { - return nil, fmt.Errorf("k8s client has not been initialized by cert-manager; this should never happen") - } - // Read the secret from k8s - secret, err := s.k8s.CoreV1().Secrets(namespace).Get(context.Background(), solverConfig.APIKeySecretRef.Name, metav1.GetOptions{}) - if err != nil { - return nil, fmt.Errorf("k8s secret %s not found in namespace %s", solverConfig.APIKeySecretRef.Name, namespace) - } - token, ok := secret.Data[solverConfig.APIKeySecretRef.Key] - if !ok { - return nil, fmt.Errorf("k8s secret key %s not found in secret %s in namespace %s", solverConfig.APIKeySecretRef.Key, solverConfig.APIKeySecretRef.Name, namespace) - } - // Finally assign the client - s.client = desec.New(string(token), desec.NewDefaultClientOptions()) + if config == nil { + return nil, fmt.Errorf("missing configuration in issuer found; webhook configuration requires apiKeySecretRef containing deSEC API token") } + // Initialize the configuration object and unmarshal json + solverConfig := DeSECDNSProviderSolverConfig{} + if err := json.Unmarshal(config.Raw, &solverConfig); err != nil { + return nil, fmt.Errorf("invalid configuration in issuer found; webhook configuration requires apiKeySecretRef containing deSEC API token") + } + // Check if the namespace has been provided within the configuration + // Otherwise use the namespace from the request + if solverConfig.APIKeySecretRefNamespace != "" { + fmt.Sprintf("k8s secret namespace has been overwritten in webhook configuration apiKeySecretRefNamespace from %s to %s", namespace, solverConfig.APIKeySecretRefNamespace) + namespace = solverConfig.APIKeySecretRefNamespace + } + // Check if the k8s client has been initialized + // This should never happen as cert-manager calls s.Initialize() which assigns the k8s client + if s.k8s == nil { + return nil, fmt.Errorf("k8s client has not been initialized by cert-manager; this should never happen") + } + // Read the secret from k8s + secret, err := s.k8s.CoreV1().Secrets(namespace).Get(context.Background(), solverConfig.APIKeySecretRef.Name, metav1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("k8s secret %s not found in namespace %s", solverConfig.APIKeySecretRef.Name, namespace) + } + token, ok := secret.Data[solverConfig.APIKeySecretRef.Key] + if !ok { + return nil, fmt.Errorf("k8s secret key %s not found in secret %s in namespace %s", solverConfig.APIKeySecretRef.Key, solverConfig.APIKeySecretRef.Name, namespace) + } + // Finally assign the client + client := desec.New(string(token), desec.NewDefaultClientOptions()) + // Return the client (reuse if initialized) - return s.client, nil + return client, nil } // Present presents the TXT DNS entry after completion of the ACME DNS-01 challenge