From 963c5566ae0a4eeabff2e1ba0ba8e12b78728433 Mon Sep 17 00:00:00 2001
From: Maartje Eyskens <maartje@eyskens.me>
Date: Mon, 8 Jun 2020 16:48:47 +0200
Subject: [PATCH 1/2] Make Cloudflare email an optional field

Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
---
 deploy/crds/crd-challenges.yaml                    | 2 --
 deploy/crds/crd-clusterissuers.yaml                | 2 --
 deploy/crds/crd-issuers.yaml                       | 2 --
 pkg/apis/acme/v1alpha2/types_issuer.go             | 1 +
 pkg/apis/acme/v1alpha3/types_issuer.go             | 1 +
 pkg/internal/apis/certmanager/validation/issuer.go | 2 +-
 6 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/deploy/crds/crd-challenges.yaml b/deploy/crds/crd-challenges.yaml
index 775053514..cc315d971 100644
--- a/deploy/crds/crd-challenges.yaml
+++ b/deploy/crds/crd-challenges.yaml
@@ -275,8 +275,6 @@ spec:
                       description: ACMEIssuerDNS01ProviderCloudflare is a structure
                         containing the DNS configuration for Cloudflare
                       type: object
-                      required:
-                      - email
                       properties:
                         apiKeySecretRef:
                           type: object
diff --git a/deploy/crds/crd-clusterissuers.yaml b/deploy/crds/crd-clusterissuers.yaml
index b2fdab330..381261a3d 100644
--- a/deploy/crds/crd-clusterissuers.yaml
+++ b/deploy/crds/crd-clusterissuers.yaml
@@ -313,8 +313,6 @@ spec:
                             description: ACMEIssuerDNS01ProviderCloudflare is a structure
                               containing the DNS configuration for Cloudflare
                             type: object
-                            required:
-                            - email
                             properties:
                               apiKeySecretRef:
                                 type: object
diff --git a/deploy/crds/crd-issuers.yaml b/deploy/crds/crd-issuers.yaml
index 322d75169..cb1198b71 100644
--- a/deploy/crds/crd-issuers.yaml
+++ b/deploy/crds/crd-issuers.yaml
@@ -313,8 +313,6 @@ spec:
                             description: ACMEIssuerDNS01ProviderCloudflare is a structure
                               containing the DNS configuration for Cloudflare
                             type: object
-                            required:
-                            - email
                             properties:
                               apiKeySecretRef:
                                 type: object
diff --git a/pkg/apis/acme/v1alpha2/types_issuer.go b/pkg/apis/acme/v1alpha2/types_issuer.go
index c0fa7c2d7..986753c3c 100644
--- a/pkg/apis/acme/v1alpha2/types_issuer.go
+++ b/pkg/apis/acme/v1alpha2/types_issuer.go
@@ -303,6 +303,7 @@ type ACMEIssuerDNS01ProviderCloudDNS struct {
 // ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS
 // configuration for Cloudflare
 type ACMEIssuerDNS01ProviderCloudflare struct {
+	// +optional
 	Email    string                    `json:"email"`
 	APIKey   *cmmeta.SecretKeySelector `json:"apiKeySecretRef,omitempty"`
 	APIToken *cmmeta.SecretKeySelector `json:"apiTokenSecretRef,omitempty"`
diff --git a/pkg/apis/acme/v1alpha3/types_issuer.go b/pkg/apis/acme/v1alpha3/types_issuer.go
index 4a72162ae..00a29518a 100644
--- a/pkg/apis/acme/v1alpha3/types_issuer.go
+++ b/pkg/apis/acme/v1alpha3/types_issuer.go
@@ -303,6 +303,7 @@ type ACMEIssuerDNS01ProviderCloudDNS struct {
 // ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS
 // configuration for Cloudflare
 type ACMEIssuerDNS01ProviderCloudflare struct {
+	// +optional
 	Email    string                    `json:"email"`
 	APIKey   *cmmeta.SecretKeySelector `json:"apiKeySecretRef,omitempty"`
 	APIToken *cmmeta.SecretKeySelector `json:"apiTokenSecretRef,omitempty"`
diff --git a/pkg/internal/apis/certmanager/validation/issuer.go b/pkg/internal/apis/certmanager/validation/issuer.go
index a65acb13b..03ec76870 100644
--- a/pkg/internal/apis/certmanager/validation/issuer.go
+++ b/pkg/internal/apis/certmanager/validation/issuer.go
@@ -316,7 +316,7 @@ func ValidateACMEChallengeSolverDNS01(p *cmacme.ACMEChallengeSolverDNS01, fldPat
 			if p.Cloudflare.APIKey == nil && p.Cloudflare.APIToken == nil {
 				el = append(el, field.Required(fldPath.Child("cloudflare"), "apiKeySecretRef or apiTokenSecretRef is required"))
 			}
-			if len(p.Cloudflare.Email) == 0 {
+			if len(p.Cloudflare.Email) == 0 && p.Cloudflare.APIKey != nil {
 				el = append(el, field.Required(fldPath.Child("cloudflare", "email"), ""))
 			}
 		}

From 4a59c875ee7b5f3f5f2fc792761406007506af63 Mon Sep 17 00:00:00 2001
From: Maartje Eyskens <maartje@eyskens.me>
Date: Mon, 8 Jun 2020 17:25:15 +0200
Subject: [PATCH 2/2] Do not send email if not set

Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
---
 pkg/issuer/acme/dns/cloudflare/cloudflare.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare.go b/pkg/issuer/acme/dns/cloudflare/cloudflare.go
index 8b2c3d3c0..86fe218d0 100644
--- a/pkg/issuer/acme/dns/cloudflare/cloudflare.go
+++ b/pkg/issuer/acme/dns/cloudflare/cloudflare.go
@@ -48,7 +48,7 @@ func NewDNSProvider(dns01Nameservers []string) (*DNSProvider, error) {
 // NewDNSProviderCredentials uses the supplied credentials to return a
 // DNSProvider instance configured for cloudflare.
 func NewDNSProviderCredentials(email, key, token string, dns01Nameservers []string) (*DNSProvider, error) {
-	if email == "" || (key == "" && token == "") {
+	if (email == "" && key != "") || (key == "" && token == "") {
 		return nil, fmt.Errorf("CloudFlare credentials missing")
 	}
 	if key != "" && token != "" {
@@ -221,7 +221,9 @@ func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawM
 		return nil, err
 	}
 
-	req.Header.Set("X-Auth-Email", c.authEmail)
+	if c.authEmail != "" {
+		req.Header.Set("X-Auth-Email", c.authEmail)
+	}
 	if c.authToken != "" {
 		req.Header.Set("Authorization", "Bearer "+c.authToken)
 	} else {