-
Notifications
You must be signed in to change notification settings - Fork 12
/
config.go
83 lines (69 loc) · 2.82 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
// SPDX-License-Identifier: MIT
package main
import (
"encoding/json"
"fmt"
cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
"github.com/pkg/errors"
extapi "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
)
// Config is a structure that is used to decode into when
// solving a DNS01 challenge.
//
// This information is provided by cert-manager, and may be a reference to
// additional configuration that's needed to solve the challenge for this
// particular certificate or issuer.
//
// This typically includes references to Secret resources containing DNS
// provider credentials, in cases where a 'multi-tenant' DNS solver is being
// created.
//
// You should not include sensitive information here. If credentials need to
// be used by your provider here, you should reference a Kubernetes Secret
// resource and fetch these credentials using a Kubernetes clientset.
type Config struct {
// Region can be used to select an access point close to the Webhook cluster node.
// Generally, it can be left unset.
//
// If you need to set it, refer to the table in https://next.api.aliyun.com/product/Alidns and
// fill in the value from the "Region ID" column on that page.
Region string `json:"region"`
// AccessKeyIdRef is a credential for accessing Aliyun OpenAPI, which can be created and managed
// in the RAM console.
AccessKeyIdRef cmmeta.SecretKeySelector `json:"accessKeyIdRef"`
// AccessKeySecretRef is the access credential secret that matches AccessKeyIdRef.
//
// This field follows Aliyun's naming style; you can configure either this or SecretAccessKeyRef.
AccessKeySecretRef cmmeta.SecretKeySelector `json:"accessKeySecretRef"`
// SecretAccessKeyRef is the access credential secret that matches AccessKeyIdRef.
// This field follows Amazon's naming style; you can configure either this or AccessKeySecretRef.
SecretAccessKeyRef cmmeta.SecretKeySelector `json:"secretAccessKeyRef"`
}
// Validate checks if the config of the webhook is valid.
func (cfg *Config) Validate() error {
if len(cfg.AccessKeyIdRef.Name) == 0 {
return errors.New("accessKeyIdRef may not be empty")
}
if len(cfg.AccessKeySecretRef.Name) == 0 {
cfg.SecretAccessKeyRef.DeepCopyInto(&cfg.AccessKeySecretRef)
}
if len(cfg.AccessKeySecretRef.Name) == 0 {
return errors.New("accessKeySecretRef may not be empty")
}
return nil
}
// loadConfig decodes JSON configuration into the Config struct.
func loadConfig(cfgJSON *extapi.JSON) (*Config, error) {
var cfg Config
// handle the 'base case' where no configuration has been provided
if cfgJSON == nil {
return &cfg, nil
}
if err := json.Unmarshal(cfgJSON.Raw, &cfg); err != nil {
return nil, fmt.Errorf("error decoding solver config: %v", err)
}
if err := cfg.Validate(); err != nil {
return nil, fmt.Errorf("validate solver config: %v", err)
}
return &cfg, nil
}