From 216b60e98b2bb2ee7eb368d5b8774b2cafc56acb Mon Sep 17 00:00:00 2001 From: irbekrm Date: Wed, 18 Jan 2023 17:41:51 +0000 Subject: [PATCH] RFC2136 solver has an init option to reset secrets lister Signed-off-by: irbekrm --- pkg/issuer/acme/dns/rfc2136/provider.go | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/pkg/issuer/acme/dns/rfc2136/provider.go b/pkg/issuer/acme/dns/rfc2136/provider.go index 874b8689d..271b369cb 100644 --- a/pkg/issuer/acme/dns/rfc2136/provider.go +++ b/pkg/issuer/acme/dns/rfc2136/provider.go @@ -37,6 +37,8 @@ const SolverName = "rfc2136" type Solver struct { secretLister corelisters.SecretLister + // options to apply when the lister gets initialized + initOpts []Option // If specified, namespace will cause the rfc2136 provider to limit the // scope of the lister/watcher to a single namespace, to allow for @@ -58,6 +60,21 @@ func WithSecretsLister(secretLister corelisters.SecretLister) Option { } } +// InitializeResetLister is a hack to make RFC2136 solver fit the Solver +// interface. Unlike external solvers that are run as apiserver implementations, +// this solver is created as part of challenge controller initialization. That +// makes its Initialize method not fit the Solver interface very well as we want +// a way to initialize the solver with the existing Secrets lister rather than a +// new kube apiserver client. InitializeResetLister allows to reset secrets +// lister when Initialize function is called so that a new lister can be +// created. This is useful in tests where a kube clientset can get recreated for +// an existing solver (which would not happen when this solver runs normally). +func InitializeResetLister() Option { + return func(s *Solver) { + s.initOpts = []Option{func(s *Solver) { s.secretLister = nil }} + } +} + func New(opts ...Option) *Solver { s := &Solver{} for _, o := range opts { @@ -99,12 +116,12 @@ func (s *Solver) CleanUp(ch *whapi.ChallengeRequest) error { } func (s *Solver) Initialize(kubeClientConfig *restclient.Config, stopCh <-chan struct{}) error { + for _, opt := range s.initOpts { + opt(s) + } // Only start a secrets informerfactory if it is needed (if the solver // is not already initialized with a secrets lister) This is legacy - // functionality. If you have a secrets watcher already available in the - // caller, you probably want to use that to avoid double caching the - // Secrets - // TODO: refactor and remove this functionality + // functionality and is currently only used in integration tests. if s.secretLister == nil { cl, err := kubernetes.NewForConfig(kubeClientConfig) if err != nil {