From 2fcbee05b78792e31cfd77c25fee2d830f817e3e Mon Sep 17 00:00:00 2001
From: James Munnelly <james.munnelly@jetstack.io>
Date: Mon, 6 Aug 2018 17:04:00 +0100
Subject: [PATCH] Update ACME issuer

---
 pkg/issuer/acme/acme.go    | 47 ++++++++++++--------------------------
 pkg/issuer/acme/issue.go   |  4 ++--
 pkg/issuer/acme/prepare.go |  4 ++--
 pkg/issuer/acme/setup.go   |  6 ++---
 4 files changed, 22 insertions(+), 39 deletions(-)

diff --git a/pkg/issuer/acme/acme.go b/pkg/issuer/acme/acme.go
index 82cd3786c..e0b60fe21 100644
--- a/pkg/issuer/acme/acme.go
+++ b/pkg/issuer/acme/acme.go
@@ -8,15 +8,13 @@ import (
 
 	"github.com/golang/glog"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/client-go/kubernetes"
 	corelisters "k8s.io/client-go/listers/core/v1"
 	extlisters "k8s.io/client-go/listers/extensions/v1beta1"
-	"k8s.io/client-go/tools/record"
 
 	"github.com/jetstack/cert-manager/pkg/acme"
 	"github.com/jetstack/cert-manager/pkg/acme/client"
 	"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
-	clientset "github.com/jetstack/cert-manager/pkg/client/clientset/versioned"
+	"github.com/jetstack/cert-manager/pkg/controller"
 	"github.com/jetstack/cert-manager/pkg/issuer"
 	"github.com/jetstack/cert-manager/pkg/issuer/acme/dns"
 	"github.com/jetstack/cert-manager/pkg/issuer/acme/http"
@@ -27,13 +25,9 @@ import (
 // certificates from any ACME server. It supports DNS01 and HTTP01 challenge
 // mechanisms.
 type Acme struct {
-	helper *acme.Helper
-
 	issuer v1alpha1.GenericIssuer
-
-	client   kubernetes.Interface
-	cmClient clientset.Interface
-	recorder record.EventRecorder
+	*controller.Context
+	helper *acme.Helper
 
 	secretsLister  corelisters.SecretLister
 	podsLister     corelisters.PodLister
@@ -76,10 +70,8 @@ type solver interface {
 }
 
 // New returns a new ACME issuer interface for the given issuer.
-func New(issuer v1alpha1.GenericIssuer,
-	client kubernetes.Interface,
-	cmClient clientset.Interface,
-	recorder record.EventRecorder,
+func New(ctx *controller.Context,
+	issuer v1alpha1.GenericIssuer,
 	resourceNamespace string,
 	acmeHTTP01SolverImage string,
 	secretsLister corelisters.SecretLister,
@@ -103,24 +95,17 @@ func New(issuer v1alpha1.GenericIssuer,
 	}
 
 	a := &Acme{
-		// TODO: helper *should* be instantiated with the ClusterResourceNamespace,
-		// whereas here we are instantiating it with the actual namespace that should
-		// be used to discover resources.
-		// This is okay in this instance, as we construct a dedicated Helper per Issuer
-		// and we also construct a dedicated 'Acme' per issuer too.
-		// With the ACME order changes, this line will change appropriately.
-		helper:         acme.NewHelper(secretsLister, resourceNamespace),
-		issuer:         issuer,
-		client:         client,
-		cmClient:       cmClient,
-		recorder:       recorder,
+		Context: ctx,
+		helper:  acme.NewHelper(secretsLister, ctx.ClusterResourceNamespace),
+		issuer:  issuer,
+
 		secretsLister:  secretsLister,
 		podsLister:     podsLister,
 		servicesLister: servicesLister,
 		ingressLister:  ingressLister,
 
-		dnsSolver:                dns.NewSolver(issuer, client, secretsLister, resourceNamespace, ambientCreds, dns01Nameservers),
-		httpSolver:               http.NewSolver(issuer, client, podsLister, servicesLister, ingressLister, acmeHTTP01SolverImage),
+		dnsSolver:                dns.NewSolver(issuer, ctx.Client, secretsLister, resourceNamespace, ambientCreds, dns01Nameservers),
+		httpSolver:               http.NewSolver(issuer, ctx.Client, podsLister, servicesLister, ingressLister, acmeHTTP01SolverImage),
 		issuerResourcesNamespace: resourceNamespace,
 	}
 	return a, nil
@@ -143,7 +128,7 @@ func (a *Acme) createOrder(ctx context.Context, cl client.Interface, crt *v1alph
 	}
 	order, err = cl.CreateOrder(ctx, order)
 	if err != nil {
-		a.recorder.Eventf(crt, corev1.EventTypeWarning, "ErrCreateOrder", "Error creating order: %v", err)
+		a.Recorder.Eventf(crt, corev1.EventTypeWarning, "ErrCreateOrder", "Error creating order: %v", err)
 		return nil, err
 	}
 
@@ -164,7 +149,7 @@ func (a *Acme) solverFor(challengeType string) (solver, error) {
 
 // Register this Issuer with the issuer factory
 func init() {
-	issuer.Register(issuer.IssuerACME, func(i v1alpha1.GenericIssuer, ctx *issuer.Context) (issuer.Interface, error) {
+	controller.RegisterIssuer(controller.IssuerACME, func(ctx *controller.Context, i v1alpha1.GenericIssuer) (issuer.Interface, error) {
 		issuerResourcesNamespace := i.GetObjectMeta().Namespace
 		if issuerResourcesNamespace == "" {
 			issuerResourcesNamespace = ctx.ClusterResourceNamespace
@@ -181,12 +166,10 @@ func init() {
 		}
 
 		return New(
+			ctx,
 			i,
-			ctx.Client,
-			ctx.CMClient,
-			ctx.Recorder,
 			issuerResourcesNamespace,
-			ctx.ACMEHTTP01SolverImage,
+			ctx.ACMEOptions.HTTP01SolverImage,
 			ctx.KubeSharedInformerFactory.Core().V1().Secrets().Lister(),
 			ctx.KubeSharedInformerFactory.Core().V1().Pods().Lister(),
 			ctx.KubeSharedInformerFactory.Core().V1().Services().Lister(),
diff --git a/pkg/issuer/acme/issue.go b/pkg/issuer/acme/issue.go
index 8454af148..5024b5a0c 100644
--- a/pkg/issuer/acme/issue.go
+++ b/pkg/issuer/acme/issue.go
@@ -104,7 +104,7 @@ func (a *Acme) obtainCertificate(ctx context.Context, crt *v1alpha1.Certificate)
 		// TODO: should we also set the FailedValidation status
 		// condition here so back off can be applied?
 		crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorIssueError, fmt.Sprintf("Failed to finalize order: %v", err), false)
-		a.recorder.Eventf(crt, corev1.EventTypeWarning, errorIssueError, "Failed to finalize order: %v", err)
+		a.Recorder.Eventf(crt, corev1.EventTypeWarning, errorIssueError, "Failed to finalize order: %v", err)
 		return nil, nil, fmt.Errorf("error getting certificate from acme server: %s", err)
 	}
 
@@ -114,7 +114,7 @@ func (a *Acme) obtainCertificate(ctx context.Context, crt *v1alpha1.Certificate)
 		pem.Encode(certBuffer, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
 	}
 
-	a.recorder.Eventf(crt, corev1.EventTypeNormal, successCertObtained, "Obtained certificate from ACME server")
+	a.Recorder.Eventf(crt, corev1.EventTypeNormal, successCertObtained, "Obtained certificate from ACME server")
 
 	glog.Infof("successfully obtained certificate: cn=%q altNames=%+v url=%q", commonName, altNames, orderURL)
 	// encode the private key and return
diff --git a/pkg/issuer/acme/prepare.go b/pkg/issuer/acme/prepare.go
index ceade8550..2f5168fa1 100644
--- a/pkg/issuer/acme/prepare.go
+++ b/pkg/issuer/acme/prepare.go
@@ -87,7 +87,7 @@ func (a *Acme) Prepare(ctx context.Context, crt *v1alpha1.Certificate) error {
 			crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorValidateError, fmt.Sprintf("Failed to create new order: %v", err), false)
 			return err
 		}
-		a.recorder.Eventf(crt, corev1.EventTypeNormal, reasonCreateOrder, "Created new ACME order, attempting validation...")
+		a.Recorder.Eventf(crt, corev1.EventTypeNormal, reasonCreateOrder, "Created new ACME order, attempting validation...")
 	}
 
 	// attempt to present/validate the order
@@ -492,7 +492,7 @@ func (a *Acme) acceptChallenge(ctx context.Context, cl client.Interface, crt *v1
 	}
 
 	glog.Infof("Successfully authorized domain %q", authorization.Identifier.Value)
-	a.recorder.Eventf(crt, corev1.EventTypeNormal, reasonDomainVerified, "Domain %q verified with %q validation", ch.Domain, ch.Type)
+	a.Recorder.Eventf(crt, corev1.EventTypeNormal, reasonDomainVerified, "Domain %q verified with %q validation", ch.Domain, ch.Type)
 
 	return nil
 }
diff --git a/pkg/issuer/acme/setup.go b/pkg/issuer/acme/setup.go
index 7da9ea78f..6e75cd5ff 100644
--- a/pkg/issuer/acme/setup.go
+++ b/pkg/issuer/acme/setup.go
@@ -59,7 +59,7 @@ func (a *Acme) Setup(ctx context.Context) error {
 	} else if err != nil {
 		s := messageAccountVerificationFailed + err.Error()
 		glog.V(4).Infof("%s: %s", a.issuer.GetObjectMeta().Name, s)
-		a.recorder.Event(a.issuer, v1.EventTypeWarning, errorAccountVerificationFailed, s)
+		a.Recorder.Event(a.issuer, v1.EventTypeWarning, errorAccountVerificationFailed, s)
 		return err
 	}
 
@@ -69,7 +69,7 @@ func (a *Acme) Setup(ctx context.Context) error {
 	if err != nil {
 		s := messageAccountVerificationFailed + err.Error()
 		glog.V(4).Infof("%s: %s", a.issuer.GetObjectMeta().Name, s)
-		a.recorder.Event(a.issuer, v1.EventTypeWarning, errorAccountVerificationFailed, s)
+		a.Recorder.Event(a.issuer, v1.EventTypeWarning, errorAccountVerificationFailed, s)
 		a.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorAccountRegistrationFailed, s)
 		return err
 	}
@@ -120,7 +120,7 @@ func (a *Acme) createAccountPrivateKey(sel v1alpha1.SecretKeySelector) (*rsa.Pri
 		return nil, err
 	}
 
-	_, err = a.client.CoreV1().Secrets(a.issuerResourcesNamespace).Create(&v1.Secret{
+	_, err = a.Client.CoreV1().Secrets(a.issuerResourcesNamespace).Create(&v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      sel.Name,
 			Namespace: a.issuerResourcesNamespace,