Fix up bug preventing saBytes being used. Add comments.

Signed-off-by: James Munnelly <james@munnelly.eu>
2018-09-10 13:20:25 +01:00 · 2018-09-10 13:20:25 +01:00 · 8c5c402d1e
commit 8c5c402d1e
parent 3b270623fd
2 changed files with 20 additions and 13 deletions
--- a/pkg/issuer/acme/dns/clouddns/clouddns.go
+++ b/pkg/issuer/acme/dns/clouddns/clouddns.go
@ -31,26 +31,27 @@ type DNSProvider struct {
 	client           *dns.Service
 }

-func NewDNSProvider(project string, saFile string, saBytes []byte, dns01Nameservers []string, ambient bool) (*DNSProvider, error) {
+func NewDNSProvider(project string, saBytes []byte, dns01Nameservers []string, ambient bool) (*DNSProvider, error) {
+	// project is a required field
 	if project == "" {
 		return nil, fmt.Errorf("Google Cloud project name missing")
 	}
-	if saFile == "" && len(saBytes) == 0 {
+	// if the service account bytes are not provided, we will attempt to instantiate
+	// with 'ambient credentials' (if they are allowed/enabled)
+	if len(saBytes) == 0 {
 		if !ambient {
 			return nil, fmt.Errorf("unable to construct clouddns provider: empty credentials; perhaps you meant to enable ambient credentials?")
 		}
 		return NewDNSProviderCredentials(project, dns01Nameservers)
 	}
-	if saFile != "" {
-		return NewDNSProviderServiceAccount(project, saFile, dns01Nameservers)
-	}
+	// if service account data is provided, we instantiate using that
 	if len(saBytes) != 0 {
 		return NewDNSProviderServiceAccountBytes(project, saBytes, dns01Nameservers)
 	}
-	return nil, fmt.Errorf("Google Cloud project name missing")
+	return nil, fmt.Errorf("missing Google Cloud DNS provider credentials")
 }

-// NewDNSProvider returns a DNSProvider instance configured for Google Cloud
+// NewDNSProviderEnvironment returns a DNSProvider instance configured for Google Cloud
 // DNS. Project name must be passed in the environment variable: GCE_PROJECT.
 // A Service Account file can be passed in the environment variable:
 // GCE_SERVICE_ACCOUNT_FILE
--- a/pkg/issuer/acme/dns/dns.go
+++ b/pkg/issuer/acme/dns/dns.go
@ -51,7 +51,7 @@ type solver interface {
 // It is useful for mocking out a given provider since an alternate set of
 // constructors may be set.
 type dnsProviderConstructors struct {
-	cloudDNS   func(project string, serviceAccountFile string, serviceAccount []byte, dns01Nameservers []string, ambient bool) (*clouddns.DNSProvider, error)
+	cloudDNS   func(project string, serviceAccount []byte, dns01Nameservers []string, ambient bool) (*clouddns.DNSProvider, error)
 	cloudFlare func(email, apikey string, dns01Nameservers []string) (*cloudflare.DNSProvider, error)
 	route53    func(accessKey, secretKey, hostedZoneID, region string, ambient bool, dns01Nameservers []string) (*route53.DNSProvider, error)
 	azureDNS   func(clientID, clientSecret, subscriptionID, tenentID, resourceGroupName, hostedZoneName string, dns01Nameservers []string) (*azuredns.DNSProvider, error)
@ -171,21 +171,27 @@ func (s *Solver) solverForIssuerProvider(issuer v1alpha1.GenericIssuer, provider
 			return nil, errors.Wrap(err, "error instantiating akamai challenge solver")
 		}
 	case providerConfig.CloudDNS != nil:
+		var keyData []byte

-		var key []byte
+		// if the serviceAccount.name field is set, we will load credentials from
+		// that secret.
+		// If it is not set, we will attempt to instantiate the provider using
+		// ambient credentials (if enabled).
 		if providerConfig.CloudDNS.ServiceAccount.Name != "" {
 			saSecret, err := s.secretLister.Secrets(resourceNamespace).Get(providerConfig.CloudDNS.ServiceAccount.Name)
 			if err != nil {
 				return nil, fmt.Errorf("error getting clouddns service account: %s", err)
 			}
-			saKey := providerConfig.CloudDNS.ServiceAccount.Key
-			saBytes := saSecret.Data[saKey]

-			if len(saBytes) == 0 {
+			saKey := providerConfig.CloudDNS.ServiceAccount.Key
+			keyData = saSecret.Data[saKey]
+			if len(keyData) == 0 {
 				return nil, fmt.Errorf("specfied key %q not found in secret %s/%s", saKey, saSecret.Namespace, saSecret.Name)
 			}
 		}
-		impl, err = s.dnsProviderConstructors.cloudDNS(providerConfig.CloudDNS.Project, "", key, s.DNS01Nameservers, s.CanUseAmbientCredentials(issuer))
+
+		// attempt to construct the cloud dns provider
+		impl, err = s.dnsProviderConstructors.cloudDNS(providerConfig.CloudDNS.Project, keyData, s.DNS01Nameservers, s.CanUseAmbientCredentials(issuer))
 		if err != nil {
 			return nil, fmt.Errorf("error instantiating google clouddns challenge solver: %s", err)
 		}