From 10777301d8d33f4b2717ca388dd3257cd71aa798 Mon Sep 17 00:00:00 2001
From: JoshVanL <vleeuwenjoshua@gmail.com>
Date: Wed, 11 Sep 2019 15:04:31 +0100
Subject: [PATCH] Adds DNS acme conformance tests

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
---
 .../conformance/certificates/acme/BUILD.bazel |   5 +-
 .../conformance/certificates/acme/acme.go     | 103 ++++++++++++++----
 2 files changed, 86 insertions(+), 22 deletions(-)

diff --git a/test/e2e/suite/conformance/certificates/acme/BUILD.bazel b/test/e2e/suite/conformance/certificates/acme/BUILD.bazel
index 02577b584..6bda145e7 100644
--- a/test/e2e/suite/conformance/certificates/acme/BUILD.bazel
+++ b/test/e2e/suite/conformance/certificates/acme/BUILD.bazel
@@ -13,6 +13,7 @@ go_library(
         "//test/e2e/framework/addon/pebble:go_default_library",
         "//test/e2e/framework/addon/tiller:go_default_library",
         "//test/e2e/suite/conformance/certificates:go_default_library",
+        "//test/e2e/suite/issuers/acme/dnsproviders:go_default_library",
         "@com_github_onsi_ginkgo//:go_default_library",
         "@com_github_onsi_gomega//:go_default_library",
         "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
@@ -21,14 +22,14 @@ go_library(
 
 filegroup(
     name = "package-srcs",
+    visibility = ["//visibility:private"],
     srcs = glob(["**"]),
     tags = ["automanaged"],
-    visibility = ["//visibility:private"],
 )
 
 filegroup(
     name = "all-srcs",
     srcs = [":package-srcs"],
-    tags = ["automanaged"],
     visibility = ["//visibility:public"],
+    tags = ["automanaged"],
 )
diff --git a/test/e2e/suite/conformance/certificates/acme/acme.go b/test/e2e/suite/conformance/certificates/acme/acme.go
index 1c0fb5be2..4805b349c 100644
--- a/test/e2e/suite/conformance/certificates/acme/acme.go
+++ b/test/e2e/suite/conformance/certificates/acme/acme.go
@@ -28,6 +28,7 @@ import (
 	"github.com/jetstack/cert-manager/test/e2e/framework/addon/pebble"
 	"github.com/jetstack/cert-manager/test/e2e/framework/addon/tiller"
 	"github.com/jetstack/cert-manager/test/e2e/suite/conformance/certificates"
+	"github.com/jetstack/cert-manager/test/e2e/suite/issuers/acme/dnsproviders"
 )
 
 var _ = framework.ConformanceDescribe("Certificates", func() {
@@ -39,51 +40,60 @@ var _ = framework.ConformanceDescribe("Certificates", func() {
 		certificates.DurationFeature,
 	)
 
-	provisioner := new(acmeIssuerProvisioner)
+	provisionerHTTP01 := new(acmeIssuerProvisioner)
 	(&certificates.Suite{
 		Name:                "ACME HTTP01",
-		CreateIssuerFunc:    provisioner.create,
-		DeleteIssuerFunc:    provisioner.delete,
+		CreateIssuerFunc:    provisionerHTTP01.createHTTP01,
+		DeleteIssuerFunc:    provisionerHTTP01.delete,
+		UnsupportedFeatures: unsupportedFeatures,
+	}).Define()
+
+	provisionerDNS01 := new(acmeIssuerProvisioner)
+	(&certificates.Suite{
+		Name:                "ACME DNS01",
+		CreateIssuerFunc:    provisionerDNS01.createDNS01,
+		DeleteIssuerFunc:    provisionerDNS01.delete,
 		UnsupportedFeatures: unsupportedFeatures,
 	}).Define()
 })
 
 type acmeIssuerProvisioner struct {
-	tiller *tiller.Tiller
-	pebble *pebble.Pebble
+	tiller     *tiller.Tiller
+	pebble     *pebble.Pebble
+	cloudflair *dnsproviders.Cloudflare
 }
 
 func (a *acmeIssuerProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) {
-	Expect(a.pebble.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision pebble")
+	if a.pebble != nil {
+		Expect(a.pebble.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision pebble")
+	}
+	if a.cloudflair != nil {
+		Expect(a.cloudflair.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision cloudflair")
+	}
 	Expect(a.tiller.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision tiller")
 }
 
-// create will deploy the required components to run an ACME issuer based test.
+// createXXX will deploy the required components to run an ACME issuer based test.
 // This includes:
 // - tiller
 // - pebble
 // - a properly configured Issuer resource
-func (a *acmeIssuerProvisioner) create(f *framework.Framework) cmmeta.ObjectReference {
-	a.tiller = &tiller.Tiller{
-		Name:               "tiller-deploy",
-		ClusterPermissions: false,
-		Namespace:          f.Namespace.Name,
-	}
-	Expect(a.tiller.Setup(f.Config)).NotTo(HaveOccurred(), "failed to setup tiller")
-	Expect(a.tiller.Provision()).NotTo(HaveOccurred(), "failed to provision tiller")
+
+func (a *acmeIssuerProvisioner) createHTTP01(f *framework.Framework) cmmeta.ObjectReference {
+	a.deployTiller(f, "http01")
 
 	a.pebble = &pebble.Pebble{
 		Tiller:    a.tiller,
-		Name:      "cm-e2e-create-acme-issuer",
+		Name:      "cm-e2e-create-acme-http01-issuer",
 		Namespace: f.Namespace.Name,
 	}
 	Expect(a.pebble.Setup(f.Config)).NotTo(HaveOccurred(), "failed to setup pebble")
 	Expect(a.pebble.Provision()).NotTo(HaveOccurred(), "failed to provision pebble")
 
-	By("Creating an ACME issuer")
+	By("Creating an ACME HTTP01 issuer")
 	issuer := &cmapi.Issuer{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: "acme-issuer",
+			Name: "acme-issuer-http01",
 		},
 		Spec: cmapi.IssuerSpec{
 			IssuerConfig: cmapi.IssuerConfig{
@@ -92,7 +102,7 @@ func (a *acmeIssuerProvisioner) create(f *framework.Framework) cmmeta.ObjectRefe
 					SkipTLSVerify: true,
 					PrivateKey: cmmeta.SecretKeySelector{
 						LocalObjectReference: cmmeta.LocalObjectReference{
-							Name: "acme-private-key",
+							Name: "acme-private-key-http01",
 						},
 					},
 					Solvers: []cmacme.ACMEChallengeSolver{
@@ -109,8 +119,9 @@ func (a *acmeIssuerProvisioner) create(f *framework.Framework) cmmeta.ObjectRefe
 			},
 		},
 	}
+
 	issuer, err := f.CertManagerClientSet.CertmanagerV1alpha2().Issuers(f.Namespace.Name).Create(issuer)
-	Expect(err).NotTo(HaveOccurred(), "failed to create acme issuer")
+	Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 issuer")
 
 	return cmmeta.ObjectReference{
 		Group: cmapi.SchemeGroupVersion.Group,
@@ -118,3 +129,55 @@ func (a *acmeIssuerProvisioner) create(f *framework.Framework) cmmeta.ObjectRefe
 		Name:  issuer.Name,
 	}
 }
+
+func (a *acmeIssuerProvisioner) createDNS01(f *framework.Framework) cmmeta.ObjectReference {
+	a.deployTiller(f, "dns01")
+
+	a.cloudflair = &dnsproviders.Cloudflare{}
+	Expect(a.cloudflair.Setup(f.Config)).NotTo(HaveOccurred(), "failed to setup cloudflair")
+	Expect(a.cloudflair.Provision()).NotTo(HaveOccurred(), "failed to provision cloudflair")
+
+	By("Creating an ACME DNS01 issuer")
+	issuer := &cmapi.Issuer{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "acme-issuer-dns01",
+		},
+		Spec: cmapi.IssuerSpec{
+			IssuerConfig: cmapi.IssuerConfig{
+				ACME: &cmacme.ACMEIssuer{
+					// Hardcode this to the acme staging endpoint now due to issues with pebble dns resolution
+					Server:        "https://acme-staging-v02.api.letsencrypt.org/directory",
+					SkipTLSVerify: true,
+					PrivateKey: cmmeta.SecretKeySelector{
+						LocalObjectReference: cmmeta.LocalObjectReference{
+							Name: "acme-private-key",
+						},
+					},
+					Solvers: []cmacme.ACMEChallengeSolver{
+						{
+							DNS01: &a.cloudflair.Details().ProviderConfig,
+						},
+					},
+				},
+			},
+		},
+	}
+	issuer, err := f.CertManagerClientSet.CertmanagerV1alpha2().Issuers(f.Namespace.Name).Create(issuer)
+	Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 issuer")
+
+	return cmmeta.ObjectReference{
+		Group: cmapi.SchemeGroupVersion.Group,
+		Kind:  cmapi.IssuerKind,
+		Name:  issuer.Name,
+	}
+}
+
+func (a *acmeIssuerProvisioner) deployTiller(f *framework.Framework, solverType string) {
+	a.tiller = &tiller.Tiller{
+		Name:               "tiller-deploy-" + solverType,
+		ClusterPermissions: false,
+		Namespace:          f.Namespace.Name,
+	}
+	Expect(a.tiller.Setup(f.Config)).NotTo(HaveOccurred(), "failed to setup tiller")
+	Expect(a.tiller.Provision()).NotTo(HaveOccurred(), "failed to provision tiller")
+}