Merge pull request #1227 from munnerz/use-cached-account-uri

Use cached ACME account URL when constructing ACME client
2019-01-17 15:50:01 +00:00 · 2019-01-17 15:50:01 +00:00 · 63562421b8
commit 63562421b8
parent af81d3245a 4b6351a4f2
2 changed files with 19 additions and 3 deletions
--- a/pkg/acme/acme.go
+++ b/pkg/acme/acme.go
@ -111,13 +111,20 @@ func ClientWithKey(iss cmapi.GenericIssuer, pk *rsa.PrivateKey) (acme.Interface,
 	if acmeSpec == nil {
 		return nil, fmt.Errorf("issuer %q is not an ACME issuer. Ensure the 'acme' stanza is correctly specified on your Issuer resource", iss.GetObjectMeta().Name)
 	}
-
-	return acmemw.NewLogger(&acmecl.Client{
+	acmeStatus := iss.GetStatus().ACME
+	accountURI := ""
+	if acmeStatus != nil && acmeStatus.URI != "" {
+		accountURI = acmeStatus.URI
+	}
+	acmeCl := &acmecl.Client{
 		HTTPClient:   buildHTTPClient(acmeSpec.SkipTLSVerify),
 		Key:          pk,
 		DirectoryURL: acmeSpec.Server,
 		UserAgent:    util.CertManagerUserAgent,
-	}), nil
+	}
+	acmeCl.SetAccountURL(accountURI)
+
+	return acmemw.NewLogger(acmeCl), nil
 }

 // ClientForIssuer will return a properly configure ACME client for the given
--- a/third_party/crypto/acme/acme.go
+++ b/third_party/crypto/acme/acme.go
@ -90,6 +90,15 @@ type Client struct {
 	accountURL string
 }

+// SetAccountURL will set the account URL cached by the client.
+// This should be used with caution, in order to reduce the number of calls
+// made to the 'new-acct' endpoint in 'cacheAccountURL'
+func (c *Client) SetAccountURL(url string) {
+	c.urlMu.Lock()
+	defer c.urlMu.Unlock()
+	c.accountURL = url
+}
+
 // Discover performs ACME server discovery using c.DirectoryURL.
 //
 // It caches successful result. So, subsequent calls will not result in