KropCloud/cert-manager-webhook-example
1
0
Fork 1
mirror of https://github.com/cert-manager/webhook-example.git synced 2026-03-16 18:02:51 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: most simple copilot suggestions

Browse source
This commit is contained in:
Marc Singer 2026-02-14 23:54:45 +01:00
parent f3a4903f27
commit f6c70562bc
3 changed files with 34 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Dockerfile
View file

@ -4,8 +4,7 @@ RUN apk add --no-cache git
WORKDIR /workspace WORKDIR /workspace
COPY go.mod . COPY . .
COPY go.sum .
RUN go mod download RUN go mod download

2
main.go
View file

@ -13,7 +13,7 @@ func main() {
// Read the custom group name from environment variables // Read the custom group name from environment variables
groupName, ok := os.LookupEnv("GROUP_NAME") groupName, ok := os.LookupEnv("GROUP_NAME")
// Without a custom group name, return the default (also defined in the Helm chart) // Without a custom group name, return the default (also defined in the Helm chart)
if !ok { if !ok || groupName == "" {
groupName = "acme.pr0ton11.github.com" groupName = "acme.pr0ton11.github.com"
} }
// Start the webhook server with our solver // Start the webhook server with our solver

68
solver/solver.go
View file

@ -24,8 +24,6 @@ type DeSECDNSProviderSolverConfig struct {
// A DNS-01 challenge solver for the DeSEC DNS Provider // A DNS-01 challenge solver for the DeSEC DNS Provider
type DeSECDNSProviderSolver struct { type DeSECDNSProviderSolver struct {
// Client to communicate with the deSEC API
client *desec.Client
// Client to communicate with the kubernetes API // Client to communicate with the kubernetes API
k8s *kubernetes.Clientset k8s *kubernetes.Clientset
} }
@ -35,43 +33,41 @@ func (s *DeSECDNSProviderSolver) Name() string {
return "deSEC" return "deSEC"
} }
// Returns the initialized API client or creates a new client if not initialized // Initializes a new client
func (s *DeSECDNSProviderSolver) getClient(config *apiextensionsv1.JSON, namespace string) (*desec.Client, error) { func (s *DeSECDNSProviderSolver) getClient(config *apiextensionsv1.JSON, namespace string) (*desec.Client, error) {
// Check if client is not initialized if config == nil {
if s.client == nil { return nil, fmt.Errorf("missing configuration in issuer found; webhook configuration requires apiKeySecretRef containing deSEC API token")
if config == nil {
return nil, fmt.Errorf("missing configuration in issuer found; webhook configuration requires apiKeySecretRef containing deSEC API token")
}
// Initialize the configuration object and unmarhal json
solverConfig := DeSECDNSProviderSolverConfig{}
if err := json.Unmarshal(config.Raw, &solverConfig); err != nil {
return nil, fmt.Errorf("invalid configuration in issuer found; webhook configuration requires apiKeySecretRef containing deSEC API token")
}
// Check if the namespace has been provided within the configuration
// Otherwise use the namespace from the request
if solverConfig.APIKeySecretRefNamespace != "" {
fmt.Sprintf("k8s secret namespace has been overwitten in webhook configuration apiKeySecretRefNamespace from %s to %s", namespace, solverConfig.APIKeySecretRefNamespace)
namespace = solverConfig.APIKeySecretRefNamespace
}
// Check if the k8s client has been initialized
// This should never happen as cert-manager calls s.Initialize() which assigns the k8s client
if s.k8s == nil {
return nil, fmt.Errorf("k8s client has not been initialized by cert-manager; this should never happen")
}
// Read the secret from k8s
secret, err := s.k8s.CoreV1().Secrets(namespace).Get(context.Background(), solverConfig.APIKeySecretRef.Name, metav1.GetOptions{})
if err != nil {
return nil, fmt.Errorf("k8s secret %s not found in namespace %s", solverConfig.APIKeySecretRef.Name, namespace)
}
token, ok := secret.Data[solverConfig.APIKeySecretRef.Key]
if !ok {
return nil, fmt.Errorf("k8s secret key %s not found in secret %s in namespace %s", solverConfig.APIKeySecretRef.Key, solverConfig.APIKeySecretRef.Name, namespace)
}
// Finally assign the client
s.client = desec.New(string(token), desec.NewDefaultClientOptions())
} }
// Initialize the configuration object and unmarshal json
solverConfig := DeSECDNSProviderSolverConfig{}
if err := json.Unmarshal(config.Raw, &solverConfig); err != nil {
return nil, fmt.Errorf("invalid configuration in issuer found; webhook configuration requires apiKeySecretRef containing deSEC API token")
}
// Check if the namespace has been provided within the configuration
// Otherwise use the namespace from the request
if solverConfig.APIKeySecretRefNamespace != "" {
fmt.Sprintf("k8s secret namespace has been overwritten in webhook configuration apiKeySecretRefNamespace from %s to %s", namespace, solverConfig.APIKeySecretRefNamespace)
namespace = solverConfig.APIKeySecretRefNamespace
}
// Check if the k8s client has been initialized
// This should never happen as cert-manager calls s.Initialize() which assigns the k8s client
if s.k8s == nil {
return nil, fmt.Errorf("k8s client has not been initialized by cert-manager; this should never happen")
}
// Read the secret from k8s
secret, err := s.k8s.CoreV1().Secrets(namespace).Get(context.Background(), solverConfig.APIKeySecretRef.Name, metav1.GetOptions{})
if err != nil {
return nil, fmt.Errorf("k8s secret %s not found in namespace %s", solverConfig.APIKeySecretRef.Name, namespace)
}
token, ok := secret.Data[solverConfig.APIKeySecretRef.Key]
if !ok {
return nil, fmt.Errorf("k8s secret key %s not found in secret %s in namespace %s", solverConfig.APIKeySecretRef.Key, solverConfig.APIKeySecretRef.Name, namespace)
}
// Finally assign the client
client := desec.New(string(token), desec.NewDefaultClientOptions())
// Return the client (reuse if initialized) // Return the client (reuse if initialized)
return s.client, nil return client, nil
} }
// Present presents the TXT DNS entry after completion of the ACME DNS-01 challenge // Present presents the TXT DNS entry after completion of the ACME DNS-01 challenge