This implements ambient credential support for AWS, gated behind flags
for issuers and cluster issuers.
This adds the pair of flags discussed in
https://github.com/jetstack/cert-manager/issues/308.
It provides an implementation for those flag's effects for the route53
solver.
The zone id is never read from the environment; this test tests
functionality which doesn't exist in the actual software, so there's no
point in having it.
This change maintains backwards compatibility, but makes the `accessKeyID` and `secretAccessKeySecretRef` fields of the `route53` DNS provider optional.
If not provided, AWS credentials will be loaded from `AWS_*` environment variables or the EC2 metadata service.
This should also work for things that impersonate the EC2 metadata service, such as [kube2iam](https://github.com/jtblin/kube2iam) and [kail](https://github.com/uswitch/kiam).
Signed-off-by: Matt Moyer <moyer@heptio.com>
This allows a developer to type 'make verify' and get working useful
output. The new char_verify behavior can't currently be run on a
developer's machine since it depends on a git pr sha being set.
I also fixed up the list of phony targets
The existing comparison fails due to the 'nounset' option being on.
That failure masks the nicely formatted error message the if message is
trying to print. This correctly prints the intended error instead of
bash's default unset behavior.
Previously, each provider's package-level 'New' function was being
called.
That made mocking it out for a different function that records data or
returns different output quite difficult.
This PR introduces an additional layer of abstraction in the form of
effectively a vtable struct for the dns providers. It's defaulted to the
same package-level constructors as before, but unit tests in the dns
package can easily override it.
A new test for the previously-introduced route53 trimming behavior is
also added.
