From 3effbaeab7837907faeb0448c50cc30946de6d36 Mon Sep 17 00:00:00 2001 From: Kyriakos Akriotis Date: Tue, 30 Apr 2024 08:19:08 +0200 Subject: [PATCH] changes to solver_utils.go, new chart versions --- Makefile | 2 +- README.md | 8 +++++--- .../Chart.yaml | 4 ++-- pkg/dns/solver_utils.go | 16 +++++++++++++--- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index 1eac2d3..6354026 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ OS ?= $(shell $(GO) env GOOS) ARCH ?= $(shell $(GO) env GOARCH) IMAGE_NAME := "akyriako78/cert-manager-webhook-opentelekomcloud" -IMAGE_TAG ?= "v0.1.2" +IMAGE_TAG ?= "v0.1.3" OUT := $(shell pwd)/_out diff --git a/README.md b/README.md index 9d7581d..c5e93e0 100644 --- a/README.md +++ b/README.md @@ -151,8 +151,10 @@ certificate from an `Issuer` or `ClusterIssuer`. The signed certificate and priv specified Secret resource. cert-manager will ensure that the certificate is auto-renewed before it expires and re-issued if requested. -> [!IMPORTANT] -In order to issue any certificates, you'll need to configure an `Issuer` or `ClusterIssuer` resource first. +> [!CAUTION] +> In order to issue any certificates, you'll need to configure an `Issuer` or `ClusterIssuer` resource first. **Nevertheless**, +> at the time of this writing, cert-manager webhooks seems to have a known bug working with `Issuers` in this scenario +> and you are strongly recommended to create a `ClusterIssuer` instead, until it is officially solved. ```yaml apiVersion: cert-manager.io/v1 @@ -299,7 +301,7 @@ All DNS providers must run the DNS01 provider conformance testing suite, else th when used with cert-manager. ```bash -$ OS_DEBUG=true OS_ACCESS_KEY={AccessKeyinBase64} OS_SECRET_KEY={SecretKeyinBase64} TEST_ZONE_NAME=example.com. make test +$ OS_DEBUG=true OS_ACCESS_KEY={AccessKey} OS_SECRET_KEY={SecretKey} TEST_ZONE_NAME=example.com. make test ``` > [!NOTE] > Fill in the values of `OS_ACCESS_KEY` and `OS_SECRET_KEY`. Replace `example.com.` with your own (sub)domain. diff --git a/charts/cert-manager-webhook-opentelekomcloud/Chart.yaml b/charts/cert-manager-webhook-opentelekomcloud/Chart.yaml index c3aebb6..0b1e995 100644 --- a/charts/cert-manager-webhook-opentelekomcloud/Chart.yaml +++ b/charts/cert-manager-webhook-opentelekomcloud/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "v0.1.2" +appVersion: "v0.1.3" description: ACME DNS01 solver webhook for Open Telekom Cloud DNS name: cert-manager-webhook-opentelekomcloud -version: 0.1.2 +version: 0.1.3 diff --git a/pkg/dns/solver_utils.go b/pkg/dns/solver_utils.go index 6318304..4623233 100644 --- a/pkg/dns/solver_utils.go +++ b/pkg/dns/solver_utils.go @@ -143,11 +143,21 @@ func (s *OpenTelekomCloudDnsProviderSolver) getResolvedZone(ch *v1alpha1.Challen return nil, errors.Wrap(err, fmt.Sprintf("%s up failed", strings.ToLower(string(ch.Action)))) } - if len(allZones) != 1 { - return nil, fmt.Errorf("%s failed: found %v while expecting 1 for zone %s", action, len(allZones), ch.ResolvedZone) + if len(allZones) < 1 { + return nil, fmt.Errorf("found %v while expecting 1 for zone %s", len(allZones), ch.ResolvedZone) } - return &allZones[0], nil + minZoneNameLength := 256 + zoneIdx := 0 + + for idx, zone := range allZones { + if len(zone.Name) < minZoneNameLength { + minZoneNameLength = len(zone.Name) + zoneIdx = idx + } + } + + return &allZones[zoneIdx], nil } func (s *OpenTelekomCloudDnsProviderSolver) getTxtRecordSetsByZone(ch *v1alpha1.ChallengeRequest, zone *zones.Zone) ([]recordsets.RecordSet, error) {