From 6294ce1ff4a01e5970f7ed760c975ee98437e52c Mon Sep 17 00:00:00 2001 From: Charles Moulliard Date: Wed, 29 May 2019 10:33:01 +0200 Subject: [PATCH 1/8] Ignore idea and _out directory Signed-off-by: Charles Moulliard --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 7dcb1e9ee..e8e5c376d 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,8 @@ # Output of the go coverage tool, specifically when used with LiteIDE *.out +_out +.idea/ # Ignore the built binary cert-manager-webhook-example From 3bb6f6c51f7158974e79672b9bb0cff37faa8b8b Mon Sep 17 00:00:00 2001 From: Charles Moulliard Date: Wed, 29 May 2019 10:33:23 +0200 Subject: [PATCH 2/8] Add missing dot end of the DNS name Signed-off-by: Charles Moulliard --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dbf5a42c6..2be6b3f88 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ An example Go test file has been provided in [main_test.go](). You can run the test suite with: ```bash -$ TEST_ZONE_NAME=example.com go test . +$ TEST_ZONE_NAME=snowdrop.me. go test . ``` The example file has a number of areas you must fill in and replace with your From 9b4aa49de214578121faadedf52ebf635e3cff2d Mon Sep 17 00:00:00 2001 From: Charles Moulliard Date: Wed, 29 May 2019 10:34:05 +0200 Subject: [PATCH 3/8] Update dependencies. To be controlled Signed-off-by: Charles Moulliard --- go.sum | 2 ++ 1 file changed, 2 insertions(+) diff --git a/go.sum b/go.sum index f2dc0817d..c77fc7b43 100644 --- a/go.sum +++ b/go.sum @@ -84,6 +84,7 @@ github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0 github.com/go-ini/ini v1.42.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/zapr v0.1.1/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= @@ -448,6 +449,7 @@ k8s.io/klog v0.0.0-20190306015804-8e90cee79f82 h1:SHucoAy7lRb+w5oC/hbXyZg+zX+Wft k8s.io/klog v0.0.0-20190306015804-8e90cee79f82/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.2.0 h1:0ElL0OHzF3N+OhoJTL0uca20SxtYt4X4+bzHeqrB83c= k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/kube-aggregator v0.0.0-20190222095010-0b78038fe9e5 h1:ft+D1QY+Dwtek4Q9g3NFxRHm9qFjRwJmEkholIeF+NM= k8s.io/kube-aggregator v0.0.0-20190222095010-0b78038fe9e5/go.mod h1:8sbzT4QQKDEmSCIbfqjV0sd97GpUT7A4W626sBiYJmU= k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30 h1:TRb4wNWoBVrH9plmkp2q86FIDppkbrEXdXlxU3a3BMI= k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= From f96df3b8fd24c26cfc4432ff4400226099907888 Mon Sep 17 00:00:00 2001 From: Charles Moulliard Date: Wed, 29 May 2019 10:34:31 +0200 Subject: [PATCH 4/8] Uncomment email and ApiSecretRef Signed-off-by: Charles Moulliard --- main.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/main.go b/main.go index 85aeac934..0f650416b 100644 --- a/main.go +++ b/main.go @@ -11,6 +11,7 @@ import ( "github.com/jetstack/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" "github.com/jetstack/cert-manager/pkg/acme/webhook/cmd" + certmanagerv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1" ) var GroupName = os.Getenv("GROUP_NAME") @@ -64,8 +65,8 @@ type customDNSProviderConfig struct { // These fields will be set by users in the // `issuer.spec.acme.dns01.providers.webhook.config` field. - //Email string `json:"email"` - //APIKeySecretRef v1alpha1.SecretKeySelector `json:"apiKeySecretRef"` + Email string `json:"email"` + APIKeySecretRef certmanagerv1.SecretKeySelector `json:"apiKeySecretRef"` } // Name is used as the name for this DNS solver when referencing it on the ACME From 296fbdea85c5b9ce69ae1265199f912d272dc56f Mon Sep 17 00:00:00 2001 From: Charles Moulliard Date: Wed, 29 May 2019 10:34:56 +0200 Subject: [PATCH 5/8] Add script to fetch kubebuilder binaries Signed-off-by: Charles Moulliard --- scripts/fetch-test-binaries.sh | 60 ++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/scripts/fetch-test-binaries.sh b/scripts/fetch-test-binaries.sh index f1f641af1..810da5657 100755 --- a/scripts/fetch-test-binaries.sh +++ b/scripts/fetch-test-binaries.sh @@ -1 +1,61 @@ #!/usr/bin/env bash + +set -e + +#hack_dir=$(dirname ${BASH_SOURCE}) +#source ${hack_dir}/common.sh + +k8s_version=1.14.1 +goarch=amd64 +goos="unknown" + +if [[ "$OSTYPE" == "linux-gnu" ]]; then + goos="linux" +elif [[ "$OSTYPE" == "darwin"* ]]; then + goos="darwin" +fi + +if [[ "$goos" == "unknown" ]]; then + echo "OS '$OSTYPE' not supported. Aborting." >&2 + exit 1 +fi + +tmp_root=./_out +kb_root_dir=$tmp_root/kubebuilder + +# Turn colors in this script off by setting the NO_COLOR variable in your +# environment to any value: +# +# $ NO_COLOR=1 test.sh +NO_COLOR=${NO_COLOR:-""} +if [ -z "$NO_COLOR" ]; then + header=$'\e[1;33m' + reset=$'\e[0m' +else + header='' + reset='' +fi + +function header_text { + echo "$header$*$reset" +} + +# fetch k8s API gen tools and make it available under kb_root_dir/bin. +function fetch_kb_tools { + header_text "fetching tools" + mkdir -p $tmp_root + kb_tools_archive_name="kubebuilder-tools-$k8s_version-$goos-$goarch.tar.gz" + kb_tools_download_url="https://storage.googleapis.com/kubebuilder-tools/$kb_tools_archive_name" + + kb_tools_archive_path="$tmp_root/$kb_tools_archive_name" + if [ ! -f $kb_tools_archive_path ]; then + curl -sL ${kb_tools_download_url} -o "$kb_tools_archive_path" + fi + tar -zvxf "$kb_tools_archive_path" -C "$tmp_root/" +} + +header_text "using tools" +fetch_kb_tools + +header_text "kubebuilder tools (etcd, kubectl, kube-apiserver)used to perform local tests installed under $tmp_root/kubebuilder/bin/" +exit 0 From 060ffb3f2e0eb61cd8de6aad0528d3ef0f31d89c Mon Sep 17 00:00:00 2001 From: Charles Moulliard Date: Wed, 29 May 2019 10:35:13 +0200 Subject: [PATCH 6/8] Add DNS server. Set additional vars Signed-off-by: Charles Moulliard --- main_test.go | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/main_test.go b/main_test.go index 4e3241907..c639167a5 100644 --- a/main_test.go +++ b/main_test.go @@ -3,12 +3,22 @@ package main import ( "os" "testing" - + logf "github.com/jetstack/cert-manager/pkg/logs" "github.com/jetstack/cert-manager/test/acme/dns" + testserver "github.com/jetstack/cert-manager/test/acme/dns/server" ) var ( zone = os.Getenv("TEST_ZONE_NAME") + kubeBuilderBinPath = "./_out/kubebuilder/bin" + rfc2136TestDomain = "123456789.www.example.com" + rfc2136TestKeyAuth = "123d==" + rfc2136TestValue = "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo" + rfc2136TestFqdn = "_acme-challenge.123456789.www.example.com." + rfc2136TestZone = "example.com." + rfc2136TestTsigKeyName = "example.com." + rfc2136TestTTL = 60 + rfc2136TestTsigSecret = "IwBTJx9wrDp4Y1RyC3H0gA==" ) func TestRunsSuite(t *testing.T) { @@ -16,8 +26,23 @@ func TestRunsSuite(t *testing.T) { // snippet of valid configuration that should be included on the // ChallengeRequest passed as part of the test cases. + ctx := logf.NewContext(nil, nil, t.Name()) + server := &testserver.BasicServer{ + Zones: []string{rfc2136TestZone}, + EnableTSIG: true, + TSIGZone: rfc2136TestZone, + TSIGKeyName: rfc2136TestTsigKeyName, + TSIGKeySecret: rfc2136TestTsigSecret, + } + if err := server.Run(ctx); err != nil { + t.Fatalf("failed to start test server: %v", err) + } + defer server.Shutdown() + fixture := dns.NewFixture(&customDNSProviderSolver{}, + dns.SetBinariesPath(kubeBuilderBinPath), dns.SetResolvedZone(zone), + dns.SetDNSServer(server.ListenAddr()), dns.SetAllowAmbientCredentials(false), dns.SetManifestPath("testdata/my-custom-solver"), ) From 7621c6706d99c5d85e55d8914e9403524b4f07ec Mon Sep 17 00:00:00 2001 From: Charles Moulliard Date: Wed, 29 May 2019 11:16:34 +0200 Subject: [PATCH 7/8] Remove non used vars. Add setUseAuthoritative(false) to avoid the error : suite.go:49: error waiting for DNS record propagation: Could not determine authoritative nameservers for cert-manager-dns01-tests.example.com. --- main_test.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/main_test.go b/main_test.go index c639167a5..fc7d36406 100644 --- a/main_test.go +++ b/main_test.go @@ -11,13 +11,8 @@ import ( var ( zone = os.Getenv("TEST_ZONE_NAME") kubeBuilderBinPath = "./_out/kubebuilder/bin" - rfc2136TestDomain = "123456789.www.example.com" - rfc2136TestKeyAuth = "123d==" - rfc2136TestValue = "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo" - rfc2136TestFqdn = "_acme-challenge.123456789.www.example.com." rfc2136TestZone = "example.com." rfc2136TestTsigKeyName = "example.com." - rfc2136TestTTL = 60 rfc2136TestTsigSecret = "IwBTJx9wrDp4Y1RyC3H0gA==" ) @@ -45,6 +40,7 @@ func TestRunsSuite(t *testing.T) { dns.SetDNSServer(server.ListenAddr()), dns.SetAllowAmbientCredentials(false), dns.SetManifestPath("testdata/my-custom-solver"), + dns.SetUseAuthoritative(false), ) fixture.RunConformance(t) From 7415d9ab5353dbc770a8ae2c5e9ef93a16a915c9 Mon Sep 17 00:00:00 2001 From: Charles Moulliard Date: Mon, 3 Jun 2019 10:24:31 +0200 Subject: [PATCH 8/8] Added local DNS server. Signed-off-by: Charles Moulliard --- main_test.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/main_test.go b/main_test.go index fc7d36406..3b22419c7 100644 --- a/main_test.go +++ b/main_test.go @@ -1,16 +1,18 @@ package main import ( - "os" - "testing" + cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1" logf "github.com/jetstack/cert-manager/pkg/logs" "github.com/jetstack/cert-manager/test/acme/dns" testserver "github.com/jetstack/cert-manager/test/acme/dns/server" + "os" + "testing" ) var ( zone = os.Getenv("TEST_ZONE_NAME") kubeBuilderBinPath = "./_out/kubebuilder/bin" + rfc2136TestFqdn = "_acme-challenge.123456789.www.example.com." rfc2136TestZone = "example.com." rfc2136TestTsigKeyName = "example.com." rfc2136TestTsigSecret = "IwBTJx9wrDp4Y1RyC3H0gA==" @@ -34,9 +36,15 @@ func TestRunsSuite(t *testing.T) { } defer server.Shutdown() + var validConfig = cmapi.ACMEIssuerDNS01ProviderRFC2136{ + Nameserver: server.ListenAddr(), + } + fixture := dns.NewFixture(&customDNSProviderSolver{}, dns.SetBinariesPath(kubeBuilderBinPath), dns.SetResolvedZone(zone), + dns.SetResolvedFQDN(rfc2136TestFqdn), + dns.SetConfig(validConfig), dns.SetDNSServer(server.ListenAddr()), dns.SetAllowAmbientCredentials(false), dns.SetManifestPath("testdata/my-custom-solver"),