changes to solver_utils.go, new chart versions

akyriako · Apr 30, 2024 · 3effbae · 3effbae
1 parent 9949dd2
commit 3effbae
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 9 deletions.
diff --git a/Makefile b/Makefile
@@ -3,7 +3,7 @@ OS ?= $(shell $(GO) env GOOS)
 ARCH ?= $(shell $(GO) env GOARCH)
 
 IMAGE_NAME := "akyriako78/cert-manager-webhook-opentelekomcloud"
-IMAGE_TAG  ?= "v0.1.2"
+IMAGE_TAG  ?= "v0.1.3"
 
 OUT := $(shell pwd)/_out
 

diff --git a/README.md b/README.md
@@ -151,8 +151,10 @@ certificate from an `Issuer` or `ClusterIssuer`. The signed certificate and priv
 specified Secret resource. cert-manager will ensure that the certificate is auto-renewed before it expires and re-issued
 if requested.
 
-> [!IMPORTANT]
-In order to issue any certificates, you'll need to configure an `Issuer` or `ClusterIssuer` resource first.
+> [!CAUTION]
+> In order to issue any certificates, you'll need to configure an `Issuer` or `ClusterIssuer` resource first. **Nevertheless**,
+> at the time of this writing, cert-manager webhooks seems to have a known bug working with `Issuers` in this scenario 
+> and you are strongly recommended to create a `ClusterIssuer` instead, until it is officially solved.
 
 ```yaml
 apiVersion: cert-manager.io/v1
@@ -299,7 +301,7 @@ All DNS providers must run the DNS01 provider conformance testing suite, else th
 when used with cert-manager.
 
 ```bash
-$ OS_DEBUG=true OS_ACCESS_KEY={AccessKeyinBase64} OS_SECRET_KEY={SecretKeyinBase64} TEST_ZONE_NAME=example.com. make test
+$ OS_DEBUG=true OS_ACCESS_KEY={AccessKey} OS_SECRET_KEY={SecretKey} TEST_ZONE_NAME=example.com. make test
 ```
 > [!NOTE]
 > Fill in the values of `OS_ACCESS_KEY` and `OS_SECRET_KEY`. Replace `example.com.` with your own (sub)domain.

diff --git a/charts/cert-manager-webhook-opentelekomcloud/Chart.yaml b/charts/cert-manager-webhook-opentelekomcloud/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: "v0.1.2"
+appVersion: "v0.1.3"
 description: ACME DNS01 solver webhook for Open Telekom Cloud DNS
 name: cert-manager-webhook-opentelekomcloud
-version: 0.1.2
+version: 0.1.3
diff --git a/pkg/dns/solver_utils.go b/pkg/dns/solver_utils.go
@@ -143,11 +143,21 @@ func (s *OpenTelekomCloudDnsProviderSolver) getResolvedZone(ch *v1alpha1.Challen
 		return nil, errors.Wrap(err, fmt.Sprintf("%s up failed", strings.ToLower(string(ch.Action))))
 	}
 
-	if len(allZones) != 1 {
-		return nil, fmt.Errorf("%s failed: found %v while expecting 1 for zone %s", action, len(allZones), ch.ResolvedZone)
+	if len(allZones) < 1 {
+		return nil, fmt.Errorf("found %v while expecting 1 for zone %s", len(allZones), ch.ResolvedZone)
 	}
 
-	return &allZones[0], nil
+	minZoneNameLength := 256
+	zoneIdx := 0
+
+	for idx, zone := range allZones {
+		if len(zone.Name) < minZoneNameLength {
+			minZoneNameLength = len(zone.Name)
+			zoneIdx = idx
+		}
+	}
+
+	return &allZones[zoneIdx], nil
 }
 
 func (s *OpenTelekomCloudDnsProviderSolver) getTxtRecordSetsByZone(ch *v1alpha1.ChallengeRequest, zone *zones.Zone) ([]recordsets.RecordSet, error) {