From 1089667ceb07a9e99501aa6c27c5ea25229944ed Mon Sep 17 00:00:00 2001
From: Paul Tiplady <paul@qwil.co>
Date: Thu, 10 May 2018 19:26:30 -0700
Subject: [PATCH] Make CloudDNS service account errors debuggable

Improve logging in the case where the Service Account Secret is
loaded, but the Key is not found.

Previous behaviour was to fail without giving much help as to
why.

New behaviour confirms the key name and namespace/secret-name.

FIXES: 539
---
 pkg/issuer/acme/dns/dns.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/issuer/acme/dns/dns.go b/pkg/issuer/acme/dns/dns.go
index e077ed5a6..1181ea901 100644
--- a/pkg/issuer/acme/dns/dns.go
+++ b/pkg/issuer/acme/dns/dns.go
@@ -169,7 +169,13 @@ func (s *Solver) solverForIssuerProvider(providerName string) (solver, error) {
 		if err != nil {
 			return nil, fmt.Errorf("error getting clouddns service account: %s", err.Error())
 		}
-		saBytes := saSecret.Data[providerConfig.CloudDNS.ServiceAccount.Key]
+
+		saKey := providerConfig.CloudDNS.ServiceAccount.Key
+		saBytes := saSecret.Data[saKey]
+
+		if len(saBytes) == 0 {
+			return nil, fmt.Errorf("specfied key %q not found in secret %s/%s", saKey, saSecret.Namespace, saSecret.Name)
+		}
 
 		impl, err = s.dnsProviderConstructors.cloudDNS(providerConfig.CloudDNS.Project, saBytes)
 		if err != nil {