Require asterisk denoted wildcard in acme solver config for wildcard certs

2018-04-25 15:25:25 +01:00 · 2018-04-25 15:25:25 +01:00 · c6e6b39fd2
commit c6e6b39fd2
parent 7d83e0da2d
2 changed files with 7 additions and 5 deletions
--- a/pkg/issuer/acme/prepare.go
+++ b/pkg/issuer/acme/prepare.go
@ -282,8 +282,7 @@ func (a *Acme) selectChallengesForAuthorizations(ctx context.Context, cl client.
 	chals := make([]v1alpha1.ACMEOrderChallenge, len(allAuthorizations))
 	var errs []error
 	for i, authz := range allAuthorizations {
-		domain := authz.Identifier.Value
-		cfg, err := acmeSolverConfiguration(crt.Spec.ACME, domain)
+		cfg, err := acmeSolverConfigurationForAuthorization(crt.Spec.ACME, authz)
 		if err != nil {
 			errs = append(errs, err)
 			continue
@ -299,6 +298,7 @@ func (a *Acme) selectChallengesForAuthorizations(ctx context.Context, cl client.
 			}
 		}

+		domain := authz.Identifier.Value
 		if challenge == nil {
 			errs = append(errs, fmt.Errorf("ACME server does not allow selected challenge type for domain %q", domain))
 			continue
@ -496,7 +496,11 @@ func getRemainingAuthorizations(ctx context.Context, cl client.Interface, urls .
 	return authzs, nil
 }

-func acmeSolverConfiguration(cfg *v1alpha1.ACMECertificateConfig, domain string) (*v1alpha1.ACMESolverConfig, error) {
+func acmeSolverConfigurationForAuthorization(cfg *v1alpha1.ACMECertificateConfig, authz *acme.Authorization) (*v1alpha1.ACMESolverConfig, error) {
+	domain := authz.Identifier.Value
+	if authz.Wildcard {
+		domain = "*." + domain
+	}
 	for _, d := range cfg.Config {
 		for _, dom := range d.Domains {
 			if dom != domain {
--- a/test/e2e/certificate/certificate_acme_dns01.go
+++ b/test/e2e/certificate/certificate_acme_dns01.go
@ -172,8 +172,6 @@ var _ = framework.CertManagerDescribe("ACME Certificate (DNS01)", func() {
 				},
 			},
 		})
-		// temporary hack whilst cert-manager does not understand wildcard domains in config
-		cert.Spec.ACME.Config[0].Domains = []string{dnsName}
 		cert, err := f.CertManagerClientSet.CertmanagerV1alpha1().Certificates(f.Namespace.Name).Create(cert)
 		Expect(err).NotTo(HaveOccurred())
 		f.WaitCertificateIssuedValid(cert)