feat: add service account authirosation and replace swagger with sdk (#…

…37) * replace stackit dns client with stackit sdk * fix zone and repository tests * fix data races * linter * add new cnofig alteration for sa key path * fix linting * add unit tests for sa key path * fix test cases that changed each other due to global variable/env manipulation * make test cases parallel and add authetication config * solve race condition by allocating more memory * add sa in config * make relevant test cases parallel * add error casting in deleteRRSet * udpate readme and helm chart for new sa authentication * add error casting in deleteRRSet * fix linting --------- Co-authored-by: Patrick Koss <[email protected]>
stackitcloud · Apr 8, 2024 · 6d431b0 · 6d431b0
1 parent b35e63a
commit 6d431b0
Show file tree

Hide file tree

Showing 21 changed files with 461 additions and 244 deletions.
diff --git a/.gitignore b/.gitignore
@@ -23,4 +23,5 @@ go.work
 out/
 bin/
 stackit-cert-manager-webhook-0.1.0.tgz
+stackit-cert-manager-webhook-0.1.*
 index.yaml
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ ACME Issuer with [cert-manager](https://cert-manager.io/docs/).
 ```bash
 helm install stackit-cert-manager-webhook \
  --namespace cert-manager \
- https://github.com/stackitcloud/stackit-cert-manager-webhook/releases/download/v0.1.1/stackit-cert-manager-webhook-v0.1.1.tgz
+ https://github.com/stackitcloud/stackit-cert-manager-webhook/releases/download/v0.1.2/stackit-cert-manager-webhook-v0.1.2.tgz
 ```
 
 ## Usage
@@ -26,6 +26,34 @@ helm install stackit-cert-manager-webhook \
  --namespace=cert-manager \
  --from-literal=auth-token=<STACKIT AUTH TOKEN>
  ```
+ Or alternatively we can utilize the STACKIT service account path authentication:
+ ```
+ kubectl create secret generic stackit-sa-authentication -n cert-manager \
+ --from-literal=sa.json='{
+ "id": "4e1fe486-b463-4bcd-9210-288854268e34",
+ "publicKey": "-----BEGIN PUBLIC KEY-----\nPUBLIC_KEY\n-----END PUBLIC KEY-----",
+ "createdAt": "2024-04-02T13:12:17.678+00:00",
+ "validUntil": "2024-04-15T22:00:00.000+00:00",
+ "keyType": "USER_MANAGED",
+ "keyOrigin": "GENERATED",
+ "keyAlgorithm": "RSA_2048",
+ "active": true,
+ "credentials": {
+ "kid": "kid",
+ "iss": "iss",
+ "sub": "sub",
+ "aud": "aud",
+ "privateKey": "-----BEGIN PRIVATE KEY-----\nPRIVATE-KEY==\n-----END PRIVATE KEY-----"
+ }
+ }'
+ ```
+ You now need to adjust the deployment via helm to use the secret:
+ ```bash
+ helm upgrade stackit-cert-manager-webhook \
+ --namespace cert-manager \
+ https://github.com/stackitcloud/stackit-cert-manager-webhook/releases/download/v0.1.2/stackit-cert-manager-webhook-v0.1.2.tgz \
+ --set stackitSaAuthentication.enabled=true
+ ```
 
 2. ***Configuration of ClusterIssuer/Issuer:*** 
 For scenarios wherein zones and record sets are encapsulated within a singular project, utilize a ClusterIssuer:

diff --git a/deploy/stackit/Chart.yaml b/deploy/stackit/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
 name: stackit-cert-manager-webhook
-version: 0.1.0
+version: 0.1.2
diff --git a/deploy/stackit/templates/deployment.yaml b/deploy/stackit/templates/deployment.yaml
@@ -32,6 +32,10 @@ spec:
  env:
  - name: GROUP_NAME
  value: {{ .Values.groupName | quote }}
+ {{- if .Values.stackitSaAuthentication.enabled }}
+ - name: STACKIT_SERVICE_ACCOUNT_KEY_PATH
+ value: "{{ .Values.stackitSaAuthentication.mountPath}}/{{ .Values.stackitSaAuthentication.fileName}}"
+ {{- end }}
  ports:
  - name: https
  containerPort: 8443
@@ -54,12 +58,22 @@ spec:
  - name: certs
  mountPath: /tls
  readOnly: true
+ {{- if .Values.stackitSaAuthentication.enabled }}
+ - name: stackit-sa-authentication
+ mountPath: {{ .Values.stackitSaAuthentication.mountPath }}
+ readOnly: true
+ {{- end }}
  resources:
 {{ toYaml .Values.resources | indent 12 }}
  volumes:
  - name: certs
  secret:
  secretName: {{ include "stackit-cert-manager-webhook.servingCertificate" . }}
+ {{- if .Values.stackitSaAuthentication.enabled }}
+ - name: stackit-sa-authentication
+ secret:
+ secretName: {{ .Values.stackitSaAuthentication.secretName }}
+ {{- end }}
  {{- with .Values.podSecurityContext }}
  securityContext:
 {{ toYaml . | indent 8 }}

diff --git a/deploy/stackit/values.yaml b/deploy/stackit/values.yaml
@@ -22,6 +22,12 @@ image:
 nameOverride: ""
 fullnameOverride: ""
 
+stackitSaAuthentication:
+ enabled: false
+ secretName: stackit-sa-authentication
+ fileName: sa.json
+ mountPath: /var/run/secrets/stackit
+
 service:
  type: ClusterIP
  port: 443

diff --git a/go.mod b/go.mod
@@ -3,9 +3,10 @@ module github.com/stackitcloud/stackit-cert-manager-webhook
 go 1.21
 
 require (
- github.com/antihax/optional v1.0.0
  github.com/cert-manager/cert-manager v1.11.0
  github.com/stackitcloud/stackit-dns-api-client-go v0.0.0-20240207124424-bdfd0c2f7009
+ github.com/stackitcloud/stackit-sdk-go/core v0.10.0
+ github.com/stackitcloud/stackit-sdk-go/services/dns v0.8.4
  github.com/stretchr/testify v1.9.0
  go.uber.org/mock v0.4.0
  go.uber.org/zap v1.27.0
@@ -18,6 +19,7 @@ require (
 require (
  cloud.google.com/go/compute v1.7.0 // indirect
  github.com/NYTimes/gziphandler v1.1.1 // indirect
+ github.com/antihax/optional v1.0.0 // indirect
  github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
  github.com/beorn7/perks v1.0.1 // indirect
  github.com/blang/semver/v4 v4.0.0 // indirect
@@ -37,13 +39,14 @@ require (
  github.com/go-openapi/jsonreference v0.20.0 // indirect
  github.com/go-openapi/swag v0.19.14 // indirect
  github.com/gogo/protobuf v1.3.2 // indirect
+ github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
  github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
  github.com/golang/protobuf v1.5.2 // indirect
  github.com/google/cel-go v0.12.5 // indirect
  github.com/google/gnostic v0.6.9 // indirect
- github.com/google/go-cmp v0.5.9 // indirect
+ github.com/google/go-cmp v0.6.0 // indirect
  github.com/google/gofuzz v1.2.0 // indirect
- github.com/google/uuid v1.3.0 // indirect
+ github.com/google/uuid v1.6.0 // indirect
  github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
  github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
  github.com/imdario/mergo v0.3.12 // indirect

diff --git a/go.sum b/go.sum
@@ -71,8 +71,6 @@ github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwc
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
 github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
-github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
-github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -170,6 +168,8 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
+github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
@@ -228,8 +228,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -253,8 +253,8 @@ github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
@@ -384,6 +384,10 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stackitcloud/stackit-dns-api-client-go v0.0.0-20240207124424-bdfd0c2f7009 h1:/Ek2Z8ROQ+Id4HwyAcJkh1gCr63MRhd4vobCeEOsE0Q=
 github.com/stackitcloud/stackit-dns-api-client-go v0.0.0-20240207124424-bdfd0c2f7009/go.mod h1:gLPXU0qBgy+kT0XTzg3e+FBoE+V9i6rTGzDvfGXD2Ew=
+github.com/stackitcloud/stackit-sdk-go/core v0.10.0 h1:IcY8xa/6wo8EhRE9mpCvz4EtTkkoiIa2ZwPHuc5zGyw=
+github.com/stackitcloud/stackit-sdk-go/core v0.10.0/go.mod h1:B5dkVm2HlBRG7liBVIFNqncDb6TUHnJ7t0GsKhAFuRk=
+github.com/stackitcloud/stackit-sdk-go/services/dns v0.8.4 h1:n/X2pVdETDXGHk+vCsg0p3b2zGxSRMJ065to/aAoncg=
+github.com/stackitcloud/stackit-sdk-go/services/dns v0.8.4/go.mod h1:PvgUVFLgELRADWk2epZdCryk0fs8b4DN47ghEJjNWhk=
 github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -394,8 +398,6 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 h1:uruHq4dN7GR16kFc5fp3d1RIYzJW5onx8Ybykw2YQFA=
@@ -455,18 +457,14 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe
 go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
 go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
-go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
-go.uber.org/mock v0.2.0 h1:TaP3xedm7JaAgScZO7tlvlKrqT0p7I6OsdGB5YNSMDU=
-go.uber.org/mock v0.2.0/go.mod h1:J0y0rp9L3xiff1+ZBfKxlC1fz2+aO16tw0tsDOixfuM=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
 go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
 go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=
-go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -512,8 +510,7 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
-golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
 golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

diff --git a/internal/repository/config.go b/internal/repository/config.go
@@ -7,4 +7,6 @@ type Config struct {
  AuthToken string
  ProjectId string
  HttpClient *http.Client
+ SaKeyPath string
+ UseSaKey bool
 }
diff --git a/internal/repository/dns_client.go b/internal/repository/dns_client.go
@@ -1,18 +1,41 @@
 package repository
 
 import (
- "fmt"
-
- stackitdnsclient "github.com/stackitcloud/stackit-dns-api-client-go"
+ stackitconfig "github.com/stackitcloud/stackit-sdk-go/core/config"
+ stackitdnsclient "github.com/stackitcloud/stackit-sdk-go/services/dns"
 )
 
 func newStackitDnsClient(
- config Config,
-) *stackitdnsclient.APIClient {
- configClient := stackitdnsclient.NewConfiguration()
- configClient.DefaultHeader["Authorization"] = fmt.Sprintf("Bearer %s", config.AuthToken)
- configClient.BasePath = config.ApiBasePath
- configClient.HTTPClient = config.HttpClient
+ stackitConfig ...stackitconfig.ConfigurationOption,
+) (*stackitdnsclient.APIClient, error) {
+ return stackitdnsclient.NewAPIClient(stackitConfig...)
+}
+
+func newStackitDnsClientBearerToken(config Config) (*stackitdnsclient.APIClient, error) {
+ httpClient := *config.HttpClient
+
+ return newStackitDnsClient(
+ stackitconfig.WithToken(config.AuthToken),
+ stackitconfig.WithHTTPClient(&httpClient),
+ stackitconfig.WithEndpoint(config.ApiBasePath),
+ )
+}
+
+func newStackitDnsClientKeyPath(config Config) (*stackitdnsclient.APIClient, error) {
+ httpClient := *config.HttpClient
+
+ return newStackitDnsClient(
+ stackitconfig.WithServiceAccountKeyPath(config.SaKeyPath),
+ stackitconfig.WithHTTPClient(&httpClient),
+ stackitconfig.WithEndpoint(config.ApiBasePath),
+ )
+}
 
- return stackitdnsclient.NewAPIClient(configClient)
+func chooseNewStackitDnsClient(config Config) (*stackitdnsclient.APIClient, error) {
+ switch {
+ case config.UseSaKey:
+ return newStackitDnsClientKeyPath(config)
+ default:
+ return newStackitDnsClientBearerToken(config)
+ }
 }
diff --git a/internal/repository/mock/rrset_repository.go b/internal/repository/mock/rrset_repository.go