Merge pull request #35 from dchudik/master

Added support for DNSv2 API

.golangci.yml

@@ -8,3 +8,18 @@ linters:
     - gosec
     - lll
     - wsl
+    - depguard
+    - testpackage
+    - exhaustruct
+    - tagliatelle
+    # Disbale deprecated linters
+    - interfacer
+    - ifshort
+    - structcheck
+    - maligned
+    - scopelint 
+    - deadcode
+    - nosnakecase
+    - golint
+    - varcheck
+    - exhaustivestruct

README.md

@@ -4,35 +4,151 @@
 
 Cert-manager ACME DNS webhook provider for Selectel.
 
-## Installing
+## Contents
 
-To install with helm in namespace: cert-manager, run:
+* [Issuing certificate in DNS Hosting (actual)](#issuing-certificate-in-dns-hosting-actual)
+  * [Installing](#installing)
+  * [Setup credentials](#setup-credentials)
+  * [Setup issuer](#setup-issuer)
+  * [Issuing certificate](#issuing-certificate)
+* [Issuing certificate in DNS Hosting (legacy)](#issuing-certificate-in-dns-hosting-legacy)
+  * [Legacy version](#legacy-version)
+  * [Installing](#installing-legacy)
+  * [Setup credentials](#setup-credentials-legacy)
+  * [Setup issuer](#setup-issuer-legacy)
+  * [Issuing certificate](#issuing-certificate-legacy)
+* [Development guide](#development-guide)
+  * [Running the test suite](#running-the-test-suite)
+
+## Issuing certificate in DNS Hosting (actual)
+
+### Installing
+
+To install with helm from helm-repository, run:
 
 ```bash
 $ helm repo add selectel https://selectel.github.io/cert-manager-webhook-selectel
 $ helm repo update
 $ helm install cert-manager-webhook-selectel selectel/cert-manager-webhook-selectel -n cert-manager
 ```
 
-OR
+Or install with helm from git-repository, run:
 
 ```bash
 $ git clone https://github.com/selectel/cert-manager-webhook-selectel.git
 $ cd cert-manager-webhook-selectel/deploy/cert-manager-webhook-selectel
 $ helm install cert-manager-webhook-selectel . -n cert-manager
 ```
 
-<!-- Without helm, run: -->
+### Setup credentials
 
-<!-- ```bash
-$ make rendered-manifest.yaml
-$ kubectl apply -f _out/rendered-manifest.yaml
-``` -->
+Create secret and fill authentication data.
 
-### Issuer/ClusterIssuer
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: selectel-dns-credentials
+  namespace: cert-manager
+type: Opaque
+stringData:
+  username: KEYSTONE_USER
+  password: KEYSTONE_PASSWORD
+  account_id: ACCOUNT_ID
+  project_id: SELECTEL_PROJECT_ID
+```
+
+**KEYSTONE_USER** - Name of the service user. To get the name, in the top right corner of the [Control panel](https://my.selectel.ru/profile/users_management/users?type=service), go to the account menu ⟶ **Profile and Settings** ⟶ **User management** ⟶ the **Service users** tab ⟶ copy the name of the required user. Learn more about [Service users](https://docs.selectel.ru/control-panel-actions/users-and-roles/user-types-and-roles/).
+
+**KEYSTONE_PASSWORD** - Password of the service user.
+
+**ACCOUNT_ID** - Selectel account ID. The account ID is in the top right corner of the [Control panel](https://my.selectel.ru/). Learn more about [Registration](https://docs.selectel.ru/control-panel-actions/account/registration/).
+
+**SELECTEL_PROJECT_ID** - Unique identifier of the associated Cloud Platform project. To get the project ID, in the [Control panel](https://my.selectel.ru/vpc/), go to Cloud Platform ⟶ project name ⟶ copy the ID of the required project. Learn more about [Cloud Platform projects](https://docs.selectel.ru/cloud/servers/about/projects/).
+
+### Setup issuer
 
 An example issuer:
 
+```yaml
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+  namespace: cert-manager
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: [email protected]
+    privateKeySecretRef:
+      name: letsencrypt-staging-account-key
+    solvers:
+    - dns01:
+        webhook:
+          groupName: acme.selectel.ru
+          solverName: selectel
+          config:
+            dnsSecretRef:
+              name: selectel-dns-credentials
+            # Optional config, shown with default values
+            #   all times in seconds
+            ttl: 120 # Default: 60
+            timeout: 60 # Default 40
+```
+
+### Issuing certificate
+
+Issuing certificate:
+
+```yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: sel-letsencrypt-crt
+  namespace: cert-manager
+spec:
+  # Setup secret name
+  secretName: example-com-tls
+  commonName: example.com
+  issuerRef:
+    name: letsencrypt-staging
+    kind: Issuer
+  # Setup names of zones
+  dnsNames:
+  - example.com
+  - www.example.com
+```
+
+## Issuing certificate in DNS Hosting (legacy)
+
+### Legacy version
+
+Cert-manager webhook provider for Selectel supporting two versions API.
+They are not compatible. They utilize different API and work with zones live on different authoritative servers.
+Zone created in v2 API not available via v1 api.
+
+### Installing (legacy)
+
+To install with helm from helm-repository, run:
+
+```bash
+$ helm repo add selectel https://selectel.github.io/cert-manager-webhook-selectel
+$ helm repo update
+$ helm install cert-manager-webhook-selectel selectel/cert-manager-webhook-selectel -n cert-manager --version 1.2.5
+```
+
+Or install with helm from git-repository, run:
+
+```bash
+$ git clone https://github.com/selectel/cert-manager-webhook-selectel.git --branch cert-manager-webhook-selectel-1.2.5
+$ cd cert-manager-webhook-selectel/deploy/cert-manager-webhook-selectel
+$ helm install cert-manager-webhook-selectel . -n cert-manager
+```
+
+### Setup credentials (legacy)
+
+Create secret and fill **APITOKEN_FROM_MY_SELECTEL_RU**.
+
 ```yaml
 apiVersion: v1
 kind: Secret
@@ -42,7 +158,15 @@ metadata:
 type: Opaque
 stringData:
   token: APITOKEN_FROM_MY_SELECTEL_RU
----
+```
+
+**APITOKEN_FROM_MY_SELECTEL_RU** - Selectel Token (API Key). For obtain Selectel Token read [here](https://developers.selectel.ru/docs/control-panel/authorization/).
+
+### Setup issuer (legacy)
+
+An example issuer:
+
+```yaml
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
@@ -72,7 +196,9 @@ spec:
             pollingInterval: 2
 ```
 
-And then you can issue a cert:
+### Issuing certificate (legacy)
+
+Issuing certificate:
 
 ```yaml
 apiVersion: cert-manager.io/v1
@@ -81,27 +207,29 @@ metadata:
   name: sel-letsencrypt-crt
   namespace: cert-manager
 spec:
+  # Setup secret name
   secretName: example-com-tls
   commonName: example.com
   issuerRef:
     name: letsencrypt-staging
     kind: Issuer
+  # Setup names of zones
   dnsNames:
   - example.com
   - www.example.com
 ```
 
-## Development
+## Development guide
 
 ### Running the test suite
 
 You can run the test suite with:
 
-1. Go to `https://my.selectel.ru/profile/apikeys`, get one or create new api token.
-2. Fill in the appropriate values in `testdata/selectel/apikey.yml` and `testdata/selectel/config.json`.
-    - Insert token `testdata/selectel/apikey.yml`.
-    - Check that `metadata.name` in `testdata/selectel/apikey.yml` equals value in `testdata/selectel/config.json` for key `apiKeySecretRef.name`.
-    - Check that key name in `testdata/selectel/apikey.yml` equals value in `testdata/selectel/config.json` for key `apiKeySecretRef.key`.
+1. Go to `https://my.selectel.ru/profile/users_management/users`, get one or create new user.
+2. Fill in the appropriate values in `testdata/selectel/dns-credentials.yml` and `testdata/selectel/config.json`.
+    * Insert values `testdata/selectel/dns-credentials.yml`.
+    * Check that `metadata.name` in `testdata/selectel/dns-credentials.yml` equals value in `testdata/selectel/config.json` for key `dnsSecretRef.name`.
+3. Run tests
 
 ```bash
 $ TEST_ZONE_NAME=example.com. make test

deploy/cert-manager-webhook-selectel/Chart.yaml

@@ -1,10 +1,10 @@
 ---
 apiVersion: v1
 name: cert-manager-webhook-selectel
-appVersion: "1.2.5"
+appVersion: "1.3.0"
 description: Selectel DNS cert-manager ACME webhook
 maintainers:
   - name: andrsp
     email: [email protected]
     url: https://github.com/andrsp
-version: 1.2.5
+version: 1.3.0

deploy/cert-manager-webhook-selectel/values.yaml

@@ -16,7 +16,7 @@ replicaCount: 1
 
 image:
   repository: ghcr.io/selectel/cert-manager-webhook-selectel
-  tag: v1.2.5
+  tag: v1.3.0
   pullPolicy: Always
 
 nameOverride: ""