Update index.yaml

Signed-off-by: toabi <toabi@users.noreply.github.com>
Update index.yaml
2021-03-12 08:07:13 +00:00 · 2021-03-10 16:31:51 +00:00
24 changed files with 588 additions and 174 deletions
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-IMAGE_NAME := "mecodia/cert-manager-webhook-manitu"
+IMAGE_NAME := "mecodia/cert-manager-webhook-hetzner"
 OS ?= $(shell go env GOOS)
 ARCH ?= $(shell go env GOARCH)

@ -36,4 +36,4 @@ rendered-manifest.yaml:
 	    --name example-webhook \
        --set image.repository=$(IMAGE_NAME) \
        --set image.tag=$(IMAGE_TAG) \
-        deploy/manitu-webhook > "$(OUT)/rendered-manifest.yaml"
+        deploy/hetzner-webhook > "$(OUT)/rendered-manifest.yaml"
--- a/README.md
+++ b/README.md
@ -1,11 +1,9 @@
-# ACME Webhook for Manitu DNS
+# ACME Webhook for Hetzner DNS

-This project provides a [cert-manager](https://cert-manager.io) ACME Webhook for [Manitu DNS](https://manitu.de/) 
+This project provides a [cert-manager](https://cert-manager.io) ACME Webhook for [Hetzner DNS](https://hetzner.de/) 
 and is based on the [Example Webhook](https://github.com/jetstack/cert-manager-webhook-example)

-This README and the inspiration for this webhook was mostly taken from [Stephan Müllers INWX Webhook](https://gitlab.com/smueller18/cert-manager-webhook-inwx).
-
-The Helm Chart is automatically published via [github pages](https://mecodia.github.io/cert-manager-webhook-manitu/).
+This README and the inspiration for this webhook was mostly taken from [Stephan Müllers INWX Webhook](https://gitlab.com/smueller18/cert-manager-webhook-inwx)

 ## Requirements

@ -19,10 +17,10 @@ The following table lists the configurable parameters of the cert-manager chart

 | Parameter | Description | Default |
 | --------- | ----------- | ------- |
-| `groupName` | Group name of the API service. | `dns.manitu.cloud` |
+| `groupName` | Group name of the API service. | `dns.hetzner.cloud` |
 | `certManager.namespace` | Namespace where cert-manager is deployed to. | `kube-system` |
 | `certManager.serviceAccountName` | Service account of cert-manager installation. | `cert-manager` |
-| `image.repository` | Image repository | `mecodia/cert-manager-webhook-manitu` |
+| `image.repository` | Image repository | `mecodia/cert-manager-webhook-hetzner` |
 | `image.tag` | Image tag | `latest` |
 | `image.pullPolicy` | Image pull policy | `Always` |
 | `service.type` | API service type | `ClusterIP` |
@ -41,16 +39,16 @@ Follow the [instructions](https://cert-manager.io/docs/installation/) using the
 ### Webhook

 ```bash
-git clone https://github.com/mecodia/cert-manager-webhook-manitu.git
-cd cert-manager-webhook-manitu
-helm install --namespace kube-system cert-manager-webhook-manitu ./deploy/cert-manager-webhook-manitu
+git clone https://github.com/mecodia/cert-manager-webhook-hetzner.git
+cd cert-manager-webhook-hetzner
+helm install --namespace kube-system cert-manager-webhook-hetzner ./deploy/cert-manager-webhook-hetzner
 ```

 **Note**: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.

 To uninstall the webhook run
 ```bash
-helm uninstall --namespace kube-system cert-manager-webhook-manitu
+helm uninstall --namespace kube-system cert-manager-webhook-hetzner
 ```

 ## Issuer
@ -76,15 +74,15 @@ spec:
    solvers:
      - dns01:
          webhook:
-            groupName: dns.manitu.cloud
-            solverName: manitu
+            groupName: dns.hetzner.cloud
+            solverName: hetzner
            config:
              APIKey: <YOUR-DNS-API-KEY-HERE>
 ```

 ### Credentials

-For accessing the Manitu DNS API, you need an API Token which you can create in the [DNS Console](https://dns.manitu.com/settings/api-token).
+For accessing the Hetzner DNS API, you need an API Token which you can create in the [DNS Console](https://dns.hetzner.com/settings/api-token).

 Currently we don't provide a way to use secrets for you API KEY.

@ -121,7 +119,7 @@ spec:
    scripts/fetch-test-binaries.sh
    ```

-1. Create a new test account at [Manitu DNS Console](https://dns.manitu.com/) or use an existing account
+1. Create a new test account at [Hetzner DNS Console](https://dns.hetzner.com/) or use an existing account

 1. Go to `testdata/config.json` and replace your api key.

@ -130,6 +128,12 @@ spec:
    go mod download
    ```

+<<<<<<< HEAD
+1. Run tests with your created domain
+    ```bash
+    TEST_ZONE_NAME="$YOUR_NEW_DOMAIN." go test .
+    ```
+=======
 An example Go test file has been provided in [main_test.go](https://github.com/jetstack/cert-manager-webhook-example/blob/master/main_test.go).

 ### Running the full suite with microk8s
@ -142,5 +146,5 @@ sudo microk8s.enable dns rbac
 sudo microk8s.kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager.yaml
 sudo microk8s.config > /tmp/microk8s.config
 export KUBECONFIG=/tmp/microk8s.config
-helm install --namespace kube-system cert-manager-webhook-manitu deploy/manitu-webhook
+helm install --namespace kube-system cert-manager-webhook-hetzner deploy/hetzner-webhook
 ```
--- a/charts/cert-manager-webhook-hetzner/Chart.yaml
+++ b/charts/cert-manager-webhook-hetzner/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v1
-description: A Helm chart for the Manitu DNS webhook for cert-manager
-name: cert-manager-webhook-manitu
-version: 0.2.0
-appVersion: 0.2.0
+description: A Helm chart for the Hetzner DNS webhook for cert-manager
+name: cert-manager-webhook-hetzner
+version: 0.1.1
+appVersion: 0.1.1
 maintainers:
  - name: mecodia GmbH
-    url: https://github.com/mecodia/cert-manager-webhook-manitu
+    url: https://github.com/mecodia/cert-manager-webhook-hetzner
--- a/charts/cert-manager-webhook-hetzner/templates/_helpers.tpl
+++ b/charts/cert-manager-webhook-hetzner/templates/_helpers.tpl
@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "cert-manager-webhook-manitu.name" -}}
+{{- define "cert-manager-webhook-hetzner.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "cert-manager-webhook-manitu.fullname" -}}
+{{- define "cert-manager-webhook-hetzner.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@ -27,22 +27,22 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "cert-manager-webhook-manitu.chart" -}}
+{{- define "cert-manager-webhook-hetzner.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

-{{- define "cert-manager-webhook-manitu.selfSignedIssuer" -}}
-{{ printf "%s-selfsign" (include "cert-manager-webhook-manitu.fullname" .) }}
+{{- define "cert-manager-webhook-hetzner.selfSignedIssuer" -}}
+{{ printf "%s-selfsign" (include "cert-manager-webhook-hetzner.fullname" .) }}
 {{- end -}}

-{{- define "cert-manager-webhook-manitu.rootCAIssuer" -}}
-{{ printf "%s-ca" (include "cert-manager-webhook-manitu.fullname" .) }}
+{{- define "cert-manager-webhook-hetzner.rootCAIssuer" -}}
+{{ printf "%s-ca" (include "cert-manager-webhook-hetzner.fullname" .) }}
 {{- end -}}

-{{- define "cert-manager-webhook-manitu.rootCACertificate" -}}
-{{ printf "%s-ca" (include "cert-manager-webhook-manitu.fullname" .) }}
+{{- define "cert-manager-webhook-hetzner.rootCACertificate" -}}
+{{ printf "%s-ca" (include "cert-manager-webhook-hetzner.fullname" .) }}
 {{- end -}}

-{{- define "cert-manager-webhook-manitu.servingCertificate" -}}
-{{ printf "%s-webhook-tls" (include "cert-manager-webhook-manitu.fullname" .) }}
+{{- define "cert-manager-webhook-hetzner.servingCertificate" -}}
+{{ printf "%s-webhook-tls" (include "cert-manager-webhook-hetzner.fullname" .) }}
 {{- end -}}
--- a/charts/cert-manager-webhook-hetzner/templates/apiservice.yaml
+++ b/charts/cert-manager-webhook-hetzner/templates/apiservice.yaml
@ -3,17 +3,17 @@ kind: APIService
 metadata:
  name: v1alpha1.{{ .Values.groupName }}
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
  annotations:
-    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "cert-manager-webhook-manitu.servingCertificate" . }}"
+    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "cert-manager-webhook-hetzner.servingCertificate" . }}"
 spec:
  group: {{ .Values.groupName }}
  groupPriorityMinimum: 1000
  versionPriority: 15
  service:
-    name: {{ include "cert-manager-webhook-manitu.fullname" . }}
+    name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
    namespace: {{ .Release.Namespace }}
  version: v1alpha1
--- a/charts/cert-manager-webhook-hetzner/templates/deployment.yaml
+++ b/charts/cert-manager-webhook-hetzner/templates/deployment.yaml
@ -1,26 +1,26 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.fullname" . }}
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
-      app: {{ include "cert-manager-webhook-manitu.name" . }}
+      app: {{ include "cert-manager-webhook-hetzner.name" . }}
      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
-        app: {{ include "cert-manager-webhook-manitu.name" . }}
+        app: {{ include "cert-manager-webhook-hetzner.name" . }}
        release: {{ .Release.Name }}
    spec:
-      serviceAccountName: {{ include "cert-manager-webhook-manitu.fullname" . }}
+      serviceAccountName: {{ include "cert-manager-webhook-hetzner.fullname" . }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@ -55,7 +55,7 @@ spec:
      volumes:
        - name: certs
          secret:
-            secretName: {{ include "cert-manager-webhook-manitu.servingCertificate" . }}
+            secretName: {{ include "cert-manager-webhook-hetzner.servingCertificate" . }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
 {{ toYaml . | indent 8 }}
--- a/charts/cert-manager-webhook-hetzner/templates/pki.yaml
+++ b/charts/cert-manager-webhook-hetzner/templates/pki.yaml
@ -1,14 +1,14 @@
 ---
 # Create a selfsigned Issuer, in order to create a root CA certificate for
 # signing webhook serving certificates
-apiVersion: cert-manager.io/v1
+apiVersion: cert-manager.io/v1alpha3
 kind: Issuer
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.selfSignedIssuer" . }}
+  name: {{ include "cert-manager-webhook-hetzner.selfSignedIssuer" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
@ -17,60 +17,60 @@ spec:
 ---

 # Generate a CA Certificate used to sign certificates for the webhook
-apiVersion: cert-manager.io/v1
+apiVersion: cert-manager.io/v1alpha3
 kind: Certificate
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.rootCACertificate" . }}
+  name: {{ include "cert-manager-webhook-hetzner.rootCACertificate" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
-  secretName: {{ include "cert-manager-webhook-manitu.rootCACertificate" . }}
+  secretName: {{ include "cert-manager-webhook-hetzner.rootCACertificate" . }}
  duration: 43800h # 5y
  issuerRef:
-    name: {{ include "cert-manager-webhook-manitu.selfSignedIssuer" . }}
-  commonName: "ca.cert-manager-webhook-manitu.cert-manager"
+    name: {{ include "cert-manager-webhook-hetzner.selfSignedIssuer" . }}
+  commonName: "ca.cert-manager-webhook-hetzner.cert-manager"
  isCA: true

 ---

 # Create an Issuer that uses the above generated CA certificate to issue certs
-apiVersion: cert-manager.io/v1
+apiVersion: cert-manager.io/v1alpha3
 kind: Issuer
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.rootCAIssuer" . }}
+  name: {{ include "cert-manager-webhook-hetzner.rootCAIssuer" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  ca:
-    secretName: {{ include "cert-manager-webhook-manitu.rootCACertificate" . }}
+    secretName: {{ include "cert-manager-webhook-hetzner.rootCACertificate" . }}

 ---

 # Finally, generate a serving certificate for the webhook to use
-apiVersion: cert-manager.io/v1
+apiVersion: cert-manager.io/v1alpha3
 kind: Certificate
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.servingCertificate" . }}
+  name: {{ include "cert-manager-webhook-hetzner.servingCertificate" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
-  secretName: {{ include "cert-manager-webhook-manitu.servingCertificate" . }}
+  secretName: {{ include "cert-manager-webhook-hetzner.servingCertificate" . }}
  duration: 8760h # 1y
  issuerRef:
-    name: {{ include "cert-manager-webhook-manitu.rootCAIssuer" . }}
+    name: {{ include "cert-manager-webhook-hetzner.rootCAIssuer" . }}
  dnsNames:
-  - {{ include "cert-manager-webhook-manitu.fullname" . }}
-  - {{ include "cert-manager-webhook-manitu.fullname" . }}.{{ .Release.Namespace }}
-  - {{ include "cert-manager-webhook-manitu.fullname" . }}.{{ .Release.Namespace }}.svc
+  - {{ include "cert-manager-webhook-hetzner.fullname" . }}
+  - {{ include "cert-manager-webhook-hetzner.fullname" . }}.{{ .Release.Namespace }}
+  - {{ include "cert-manager-webhook-hetzner.fullname" . }}.{{ .Release.Namespace }}.svc
--- a/charts/cert-manager-webhook-hetzner/templates/rbac.yaml
+++ b/charts/cert-manager-webhook-hetzner/templates/rbac.yaml
@ -1,11 +1,11 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.fullname" . }}
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 ---
@ -15,11 +15,11 @@ metadata:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.fullname" . }}:webhook-authentication-reader
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:webhook-authentication-reader
  namespace: kube-system
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 roleRef:
@ -29,7 +29,7 @@ roleRef:
 subjects:
  - apiGroup: ""
    kind: ServiceAccount
-    name: {{ include "cert-manager-webhook-manitu.fullname" . }}
+    name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
    namespace: {{ .Release.Namespace }}
 ---
 # apiserver gets the auth-delegator role to delegate auth decisions to
@ -37,10 +37,10 @@ subjects:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.fullname" . }}:auth-delegator
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:auth-delegator
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 roleRef:
@ -50,17 +50,17 @@ roleRef:
 subjects:
  - apiGroup: ""
    kind: ServiceAccount
-    name: {{ include "cert-manager-webhook-manitu.fullname" . }}
+    name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
    namespace: {{ .Release.Namespace }}
 ---
 # Grant cert-manager permission to validate using our apiserver
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.fullname" . }}:domain-solver
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:domain-solver
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 rules:
@ -74,16 +74,16 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.fullname" . }}:domain-solver
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:domain-solver
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: {{ include "cert-manager-webhook-manitu.fullname" . }}:domain-solver
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:domain-solver
 subjects:
  - apiGroup: ""
    kind: ServiceAccount
--- a/charts/cert-manager-webhook-hetzner/templates/service.yaml
+++ b/charts/cert-manager-webhook-hetzner/templates/service.yaml
@ -1,11 +1,11 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "cert-manager-webhook-manitu.fullname" . }}
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
-    chart: {{ include "cert-manager-webhook-manitu.chart" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
@ -16,5 +16,5 @@ spec:
      protocol: TCP
      name: https
  selector:
-    app: {{ include "cert-manager-webhook-manitu.name" . }}
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
    release: {{ .Release.Name }}
--- a/charts/cert-manager-webhook-hetzner/values.yaml
+++ b/charts/cert-manager-webhook-hetzner/values.yaml
@ -1,24 +1,24 @@
 # The GroupName here is used to identify your company or business unit that
 # created this webhook.
-# For manitu, this may be "acme.mycompany.com".
+# For hetzner, this may be "acme.mycompany.com".
 # This name will need to be referenced in each Issuer's `webhook` stanza to
 # inform cert-manager of where to send ChallengePayload resources in order to
 # solve the DNS01 challenge.
 # This group name should be **unique**, hence using your own company's domain
 # here is recommended.
-groupName: dns.manitu.cloud
+groupName: dns.hetzner.cloud

 certManager:
  namespace: cert-manager
  serviceAccountName: cert-manager

 image:
-  repository: mecodia/cert-manager-webhook-manitu
+  repository: mecodia/cert-manager-webhook-hetzner
  tag: latest
  pullPolicy: Always

-nameOverride: "webhook-manitu"
-fullnameOverride: "cert-manager-webhook-manitu"
+nameOverride: "webhook-hetzner"
+fullnameOverride: "cert-manager-webhook-hetzner"

 replicaCount: 1

--- a/deploy/cert-manager-webhook-hetzner/.helmignore
+++ b/deploy/cert-manager-webhook-hetzner/.helmignore
@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- a/deploy/cert-manager-webhook-hetzner/Chart.yaml
+++ b/deploy/cert-manager-webhook-hetzner/Chart.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+description: A Helm chart for the Hetzner DNS webhook for cert-manager
+name: cert-manager-webhook-hetzner
+version: 0.1.1
+appVersion: 0.1.1
+maintainers:
+  - name: mecodia GmbH
+    url: https://github.com/mecodia/cert-manager-webhook-hetzner
--- a/deploy/cert-manager-webhook-hetzner/templates/NOTES.txt
+++ b/deploy/cert-manager-webhook-hetzner/templates/NOTES.txt
--- a/deploy/cert-manager-webhook-hetzner/templates/_helpers.tpl
+++ b/deploy/cert-manager-webhook-hetzner/templates/_helpers.tpl
@ -0,0 +1,48 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cert-manager-webhook-hetzner.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cert-manager-webhook-hetzner.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cert-manager-webhook-hetzner.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "cert-manager-webhook-hetzner.selfSignedIssuer" -}}
+{{ printf "%s-selfsign" (include "cert-manager-webhook-hetzner.fullname" .) }}
+{{- end -}}
+
+{{- define "cert-manager-webhook-hetzner.rootCAIssuer" -}}
+{{ printf "%s-ca" (include "cert-manager-webhook-hetzner.fullname" .) }}
+{{- end -}}
+
+{{- define "cert-manager-webhook-hetzner.rootCACertificate" -}}
+{{ printf "%s-ca" (include "cert-manager-webhook-hetzner.fullname" .) }}
+{{- end -}}
+
+{{- define "cert-manager-webhook-hetzner.servingCertificate" -}}
+{{ printf "%s-webhook-tls" (include "cert-manager-webhook-hetzner.fullname" .) }}
+{{- end -}}
--- a/deploy/cert-manager-webhook-hetzner/templates/apiservice.yaml
+++ b/deploy/cert-manager-webhook-hetzner/templates/apiservice.yaml
@ -0,0 +1,19 @@
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1alpha1.{{ .Values.groupName }}
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "cert-manager-webhook-hetzner.servingCertificate" . }}"
+spec:
+  group: {{ .Values.groupName }}
+  groupPriorityMinimum: 1000
+  versionPriority: 15
+  service:
+    name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+  version: v1alpha1
--- a/deploy/cert-manager-webhook-hetzner/templates/deployment.yaml
+++ b/deploy/cert-manager-webhook-hetzner/templates/deployment.yaml
@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "cert-manager-webhook-hetzner.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "cert-manager-webhook-hetzner.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ include "cert-manager-webhook-hetzner.fullname" . }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - --tls-cert-file=/tls/tls.crt
+            - --tls-private-key-file=/tls/tls.key
+            - --secure-port=8443
+          env:
+            - name: GROUP_NAME
+              value: {{ .Values.groupName | quote }}
+          ports:
+            - name: https
+              containerPort: 8443
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /healthz
+              port: 8443
+          readinessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /healthz
+              port: 8443
+          volumeMounts:
+            - name: certs
+              mountPath: /tls
+              readOnly: true
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+      volumes:
+        - name: certs
+          secret:
+            secretName: {{ include "cert-manager-webhook-hetzner.servingCertificate" . }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
--- a/deploy/cert-manager-webhook-hetzner/templates/pki.yaml
+++ b/deploy/cert-manager-webhook-hetzner/templates/pki.yaml
@ -0,0 +1,76 @@
+---
+# Create a selfsigned Issuer, in order to create a root CA certificate for
+# signing webhook serving certificates
+apiVersion: cert-manager.io/v1alpha3
+kind: Issuer
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.selfSignedIssuer" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selfSigned: {}
+
+---
+
+# Generate a CA Certificate used to sign certificates for the webhook
+apiVersion: cert-manager.io/v1alpha3
+kind: Certificate
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.rootCACertificate" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  secretName: {{ include "cert-manager-webhook-hetzner.rootCACertificate" . }}
+  duration: 43800h # 5y
+  issuerRef:
+    name: {{ include "cert-manager-webhook-hetzner.selfSignedIssuer" . }}
+  commonName: "ca.cert-manager-webhook-hetzner.cert-manager"
+  isCA: true
+
+---
+
+# Create an Issuer that uses the above generated CA certificate to issue certs
+apiVersion: cert-manager.io/v1alpha3
+kind: Issuer
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.rootCAIssuer" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ca:
+    secretName: {{ include "cert-manager-webhook-hetzner.rootCACertificate" . }}
+
+---
+
+# Finally, generate a serving certificate for the webhook to use
+apiVersion: cert-manager.io/v1alpha3
+kind: Certificate
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.servingCertificate" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  secretName: {{ include "cert-manager-webhook-hetzner.servingCertificate" . }}
+  duration: 8760h # 1y
+  issuerRef:
+    name: {{ include "cert-manager-webhook-hetzner.rootCAIssuer" . }}
+  dnsNames:
+  - {{ include "cert-manager-webhook-hetzner.fullname" . }}
+  - {{ include "cert-manager-webhook-hetzner.fullname" . }}.{{ .Release.Namespace }}
+  - {{ include "cert-manager-webhook-hetzner.fullname" . }}.{{ .Release.Namespace }}.svc
--- a/deploy/cert-manager-webhook-hetzner/templates/rbac.yaml
+++ b/deploy/cert-manager-webhook-hetzner/templates/rbac.yaml
@ -0,0 +1,91 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+---
+# Grant the webhook permission to read the ConfigMap containing the Kubernetes
+# apiserver's requestheader-ca-certificate.
+# This ConfigMap is automatically created by the Kubernetes apiserver.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:webhook-authentication-reader
+  namespace: kube-system
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+---
+# apiserver gets the auth-delegator role to delegate auth decisions to
+# the core apiserver
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:auth-delegator
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+---
+# Grant cert-manager permission to validate using our apiserver
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:domain-solver
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups:
+      - {{ .Values.groupName }}
+    resources:
+      - '*'
+    verbs:
+      - 'create'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:domain-solver
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}:domain-solver
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: {{ .Values.certManager.serviceAccountName }}
+    namespace: {{ .Release.Namespace }}
--- a/deploy/cert-manager-webhook-hetzner/templates/service.yaml
+++ b/deploy/cert-manager-webhook-hetzner/templates/service.yaml
@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "cert-manager-webhook-hetzner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    chart: {{ include "cert-manager-webhook-hetzner.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: 8443
+      protocol: TCP
+      name: https
+  selector:
+    app: {{ include "cert-manager-webhook-hetzner.name" . }}
+    release: {{ .Release.Name }}
--- a/deploy/cert-manager-webhook-hetzner/values.yaml
+++ b/deploy/cert-manager-webhook-hetzner/values.yaml
@ -0,0 +1,45 @@
+# The GroupName here is used to identify your company or business unit that
+# created this webhook.
+# For hetzner, this may be "acme.mycompany.com".
+# This name will need to be referenced in each Issuer's `webhook` stanza to
+# inform cert-manager of where to send ChallengePayload resources in order to
+# solve the DNS01 challenge.
+# This group name should be **unique**, hence using your own company's domain
+# here is recommended.
+groupName: dns.hetzner.cloud
+
+certManager:
+  namespace: cert-manager
+  serviceAccountName: cert-manager
+
+image:
+  repository: mecodia/cert-manager-webhook-hetzner
+  tag: latest
+  pullPolicy: Always
+
+nameOverride: "webhook-hetzner"
+fullnameOverride: "cert-manager-webhook-hetzner"
+
+replicaCount: 1
+
+service:
+  type: ClusterIP
+  port: 443
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- a/go.mod
+++ b/go.mod
@ -1,4 +1,4 @@
-module github.com/mecodia/cert-manager-webhook-manitu
+module github.com/mecodia/cert-manager-webhook-hetzner

 go 1.13

--- a/index.yaml
+++ b/index.yaml
@ -0,0 +1,28 @@
+apiVersion: v1
+entries:
+  cert-manager-webhook-hetzner:
+  - apiVersion: v1
+    appVersion: 0.2.0
+    created: "2021-03-12T08:07:13.120652111Z"
+    description: A Helm chart for the Hetzner DNS webhook for cert-manager
+    digest: b605b6c5a8ba562ff8c6210d3657576738f78a00f39eb834c71d30175835d251
+    maintainers:
+    - name: mecodia GmbH
+      url: https://github.com/mecodia/cert-manager-webhook-hetzner
+    name: cert-manager-webhook-hetzner
+    urls:
+    - https://github.com/mecodia/cert-manager-webhook-hetzner/releases/download/cert-manager-webhook-hetzner-0.2.0/cert-manager-webhook-hetzner-0.2.0.tgz
+    version: 0.2.0
+  - apiVersion: v1
+    appVersion: 0.1.2
+    created: "2021-03-10T16:31:51.557957006Z"
+    description: A Helm chart for the Hetzner DNS webhook for cert-manager
+    digest: 858956ca452f8041dac9330a3c08b79492c66c4e84213d21f4b36be76fde9027
+    maintainers:
+    - name: mecodia GmbH
+      url: https://github.com/mecodia/cert-manager-webhook-hetzner
+    name: cert-manager-webhook-hetzner
+    urls:
+    - https://github.com/mecodia/cert-manager-webhook-hetzner/releases/download/cert-manager-webhook-hetzner-0.1.2/cert-manager-webhook-hetzner-0.1.2.tgz
+    version: 0.1.2
+generated: "2021-03-12T08:07:13.120662011Z"
--- a/main.go
+++ b/main.go
@ -15,7 +15,6 @@ import (

 	"github.com/jetstack/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
 	"github.com/jetstack/cert-manager/pkg/acme/webhook/cmd"
-	"github.com/jetstack/cert-manager/pkg/issuer/acme/dns/util"
 )

 var GroupName = os.Getenv("GROUP_NAME")
@ -31,15 +30,15 @@ func main() {
 	// webhook, where the Name() method will be used to disambiguate between
 	// the different implementations.
 	cmd.RunWebhookServer(GroupName,
-		&manituDNSProviderSolver{},
+		&hetznerDNSProviderSolver{},
 	)
 }

-// manituDNSProviderSolver implements the provider-specific logic needed to
+// hetznerDNSProviderSolver implements the provider-specific logic needed to
 // 'present' an ACME challenge TXT record for your own DNS provider.
 // To do so, it must implement the `github.com/jetstack/cert-manager/pkg/acme/webhook.Solver`
 // interface.
-type manituDNSProviderSolver struct {
+type hetznerDNSProviderSolver struct {
 	// If a Kubernetes 'clientset' is needed, you must:
 	// 1. uncomment the additional `client` field in this structure below
 	// 2. uncomment the "k8s.io/client-go/kubernetes" import at the top of the file
@ -49,7 +48,7 @@ type manituDNSProviderSolver struct {
 	//client kubernetes.Clientset
 }

-// manituDNSProviderConfig is a structure that is used to decode into when
+// hetznerDNSProviderConfig is a structure that is used to decode into when
 // solving a DNS01 challenge.
 // This information is provided by cert-manager, and may be a reference to
 // additional configuration that's needed to solve the challenge for this
@ -63,7 +62,7 @@ type manituDNSProviderSolver struct {
 // You should not include sensitive information here. If credentials need to
 // be used by your provider here, you should reference a Kubernetes Secret
 // resource and fetch these credentials using a Kubernetes clientset.
-type manituDNSProviderConfig struct {
+type hetznerDNSProviderConfig struct {
 	// Change the two fields below according to the format of the configuration
 	// to be decoded.
 	// These fields will be set by users in the
@ -78,8 +77,8 @@ type manituDNSProviderConfig struct {
 // solvers configured with the same Name() **so long as they do not co-exist
 // within a single webhook deployment**.
 // For example, `cloudflare` may be used as the name of a solver.
-func (c *manituDNSProviderSolver) Name() string {
-	return "manitu"
+func (c *hetznerDNSProviderSolver) Name() string {
+	return "hetzner"
 }

 type Zones struct {
@ -87,20 +86,20 @@ type Zones struct {
 }

 type Zone struct {
-	ZoneID string `json:"name"`
+	ZoneID string `json:"id"`
 }

 type Entries struct {
-	Records []Entry `json:"TXT"`
+	Records []Entry `json:"records"`
 }

 type Entry struct {
-	Name   string `json:"host"`
+	ID     string `json:"id,omitempty"`
+	Name   string `json:"name"`
 	TTL    int    `json:"ttl"`
 	Type   string `json:"type"`
-	ClassType   string `json:"classtype"`
 	Value  string `json:"value"`
-	ZoneID string `json:"zone"`
+	ZoneID string `json:"zone_id"`
 }

 // Present is responsible for actually presenting the DNS record with the
@ -108,7 +107,7 @@ type Entry struct {
 // This method should tolerate being called multiple times with the same value.
 // cert-manager itself will later perform a self check to ensure that the
 // solver has correctly configured the DNS provider.
-func (c *manituDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
+func (c *hetznerDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
 	cfg, err := loadConfig(ch.Config)
 	if err != nil {
 		return err
@ -119,14 +118,14 @@ func (c *manituDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {

 	name, zone := c.getDomainAndEntry(ch)

-	// Get Zones (GET https://dnsapi.elutions-network.de/api/v1/zones)
+	// Get Zones (GET https://dns.hetzner.com/api/v1/zones)
 	// Create client
 	client := &http.Client{}

 	// Create request
-	req, err := http.NewRequest("GET", "https://dnsapi.elutions-network.de/api/v1/zones/"+zone, nil)
+	req, err := http.NewRequest("GET", "https://dns.hetzner.com/api/v1/zones?search_name="+zone, nil)
 	// Headers
-	req.Header.Add("Authorization", cfg.APIKey)
+	req.Header.Add("Auth-API-Token", cfg.APIKey)

 	// Fetch Request
 	resp, err := client.Do(req)
@ -135,23 +134,23 @@ func (c *manituDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
 	}

 	// Read Response Body
-	respBody := Zone{}
+	respBody := Zones{}
 	json.NewDecoder(resp.Body).Decode(&respBody)

 	// Display Results
 	fmt.Println("response Status : ", resp.Status)
 	fmt.Println("response Headers : ", resp.Header)
-	fmt.Println("response Body : ", respBody.ZoneID)
+	fmt.Println("response Body : ", respBody.Zones[0].ZoneID)

 	// Create DNS
-	entry, err := json.Marshal(Entry{name, 300, "TXT", "IN", ch.Key, respBody.ZoneID})
+	entry, err := json.Marshal(Entry{"", name, 300, "TXT", ch.Key, respBody.Zones[0].ZoneID})
 	body := bytes.NewBuffer(entry)

 	// Create request
-	req, err = http.NewRequest("POST", "https://dnsapi.elutions-network.de/api/v1/zones/"+zone+"/records", body)
+	req, err = http.NewRequest("POST", "https://dns.hetzner.com/api/v1/records", body)
 	// Headers
 	req.Header.Add("Content-Type", "application/json")
-	req.Header.Add("Authorization", cfg.APIKey)
+	req.Header.Add("Auth-API-Token", cfg.APIKey)

 	// Fetch Request
 	resp, err = client.Do(req)
@ -176,7 +175,7 @@ func (c *manituDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
 // value provided on the ChallengeRequest should be cleaned up.
 // This is in order to facilitate multiple DNS validations for the same domain
 // concurrently.
-func (c *manituDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
+func (c *hetznerDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
 	cfg, err := loadConfig(ch.Config)
 	if err != nil {
 		return err
@ -187,14 +186,14 @@ func (c *manituDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {

 	name, zone := c.getDomainAndEntry(ch)

-	// Get Zones (GET https://dnsapi.elutions-network.de/api/v1/zones)
+	// Get Zones (GET https://dns.hetzner.com/api/v1/zones)
 	// Create client
 	client := &http.Client{}
-/*
+
 	// Create request
-	zReq, err := http.NewRequest("GET", "https://dnsapi.elutions-network.de/api/v1/zones/"+zone, nil)
+	zReq, err := http.NewRequest("GET", "https://dns.hetzner.com/api/v1/zones?search_name="+zone, nil)
 	// Headers
-	zReq.Header.Add("Authorization", cfg.APIKey)
+	zReq.Header.Add("Auth-API-Token", cfg.APIKey)

 	// Fetch Request
 	zResp, err := client.Do(zReq)
@ -203,19 +202,19 @@ func (c *manituDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
 	}

 	// Read Response Body
-	zRespBody := Zone{}
+	zRespBody := Zones{}
 	json.NewDecoder(zResp.Body).Decode(&zRespBody)

 	// Display Results
 	fmt.Println("response Status : ", zResp.Status)
 	fmt.Println("response Headers : ", zResp.Header)
-	fmt.Println("response Body : ", zRespBody.ZoneID)
+	fmt.Println("response Body : ", zRespBody.Zones[0].ZoneID)
 	fmt.Println("response Body : ", name)

 	// Create request
-	eReq, err := http.NewRequest("GET", "https://dnsapi.elutions-network.de/api/v1/zones/"+zRespBody.ZoneID+"/records", nil)
+	eReq, err := http.NewRequest("GET", "https://dns.hetzner.com/api/v1/records?zone_id="+zRespBody.Zones[0].ZoneID, nil)
 	// Headers
-	eReq.Header.Add("Authorization", cfg.APIKey)
+	eReq.Header.Add("Auth-API-Token", cfg.APIKey)

 	// Fetch Request
 	eResp, err := client.Do(eReq)
@ -228,42 +227,37 @@ func (c *manituDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
 	json.NewDecoder(eResp.Body).Decode(&eRespBody)

 	// Display Results
-
 	fmt.Println("response Status : ", eResp.Status)
 	fmt.Println("response Headers : ", eResp.Header)
-	fmt.Println("response Body : ", eRespBody)*/
+	fmt.Println("response Body : ", eRespBody)

-	/*for _, e := range eRespBody.Records {
-		fmt.Println("Try DOMAIN: ", e)
-		fmt.Println(e.Type,"== TXT")
-		fmt.Println(e.Name,"==", name)
-		fmt.Println(e.Value,"==", ch.Key)
+	for _, e := range eRespBody.Records {
 		if e.Type == "TXT" && e.Name == name && e.Value == ch.Key {
-	fmt.Println("Found DOMAIN: ", e)*/
-	// Delete Record 
-	// Create request
-	req, err := http.NewRequest("DELETE", "https://dnsapi.elutions-network.de/api/v1/zones/"+zone+"/records?host="+name+"&value="+ch.Key+"&type=TXT", nil)
+			fmt.Println("Found DOMAIN: ", e)
+			// Delete Record (DELETE https://dns.hetzner.com/api/v1/records/1)
+			// Create request
+			req, err := http.NewRequest("DELETE", "https://dns.hetzner.com/api/v1/records/"+e.ID, nil)

-	// Headers
-	req.Header.Add("Authorization", cfg.APIKey)
+			// Headers
+			req.Header.Add("Auth-API-Token", cfg.APIKey)

-	// Fetch Request
-	resp, err := client.Do(req)
+			// Fetch Request
+			resp, err := client.Do(req)

-	if err != nil {
-		fmt.Println("Failure : ", err)
+			if err != nil {
+				fmt.Println("Failure : ", err)
+			}
+
+			// Read Response Body
+			respBody, _ := ioutil.ReadAll(resp.Body)
+
+			// Display Results
+			fmt.Println("response Status : ", resp.Status)
+			fmt.Println("response Headers : ", resp.Header)
+			fmt.Println("response Body : ", string(respBody))
+		}
 	}

-	// Read Response Body
-	respBody, _ := ioutil.ReadAll(resp.Body)
-
-	// Display Results
-	fmt.Println("response Status : ", resp.Status)
-	fmt.Println("response Headers : ", resp.Header)
-	fmt.Println("response Body : ", string(respBody))
-		/*}
-	}*/
-
 	// TODO: add code that deletes a record from the DNS provider's console
 	return nil
 }
@ -277,14 +271,14 @@ func (c *manituDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
 // provider accounts.
 // The stopCh can be used to handle early termination of the webhook, in cases
 // where a SIGTERM or similar signal is sent to the webhook process.
-func (c *manituDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error {
+func (c *hetznerDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error {
 	return nil
 }

 // loadConfig is a small helper function that decodes JSON configuration into
 // the typed config struct.
-func loadConfig(cfgJSON *extapi.JSON) (manituDNSProviderConfig, error) {
-	cfg := manituDNSProviderConfig{}
+func loadConfig(cfgJSON *extapi.JSON) (hetznerDNSProviderConfig, error) {
+	cfg := hetznerDNSProviderConfig{}
 	// handle the 'base case' where no configuration has been provided
 	if cfgJSON == nil {
 		return cfg, nil
@ -296,20 +290,10 @@ func loadConfig(cfgJSON *extapi.JSON) (manituDNSProviderConfig, error) {
 	return cfg, nil
 }

-func (c *manituDNSProviderSolver) getDomainAndEntry(ch *v1alpha1.ChallengeRequest) (string, string) {
+func (c *hetznerDNSProviderSolver) getDomainAndEntry(ch *v1alpha1.ChallengeRequest) (string, string) {
 	// Both ch.ResolvedZone and ch.ResolvedFQDN end with a dot: '.'
-	domain := util.UnFqdn(ch.ResolvedZone)
-	entry := getSubDomain(domain, ch.ResolvedFQDN)
-	fmt.Println("ResolvedFQDN : ", ch.ResolvedFQDN)
-	fmt.Println("ResolvedZone : ", ch.ResolvedZone)
-	fmt.Println("domain : ", domain)
-	fmt.Println("entry : ", entry)
+	entry := strings.TrimSuffix(ch.ResolvedFQDN, ch.ResolvedZone)
+	entry = strings.TrimSuffix(entry, ".")
+	domain := strings.TrimSuffix(ch.ResolvedZone, ".")
 	return entry, domain
 }
-func getSubDomain(domain, fqdn string) string {
-	if idx := strings.Index(fqdn, "."+domain); idx != -1 {
-		return fqdn[:idx]
-	}
-
-	return util.UnFqdn(fqdn)
-}
--- a/main_test.go
+++ b/main_test.go
@ -28,7 +28,7 @@ func TestRunsSuite(t *testing.T) {
 	//	dns.SetBinariesPath("_test/kubebuilder/bin"),
 	//)

-	fixture := dns.NewFixture(&manituDNSProviderSolver{},
+	fixture := dns.NewFixture(&hetznerDNSProviderSolver{},
 		dns.SetBinariesPath(kubeBuilderBinPath),
 		dns.SetResolvedZone(zone),
 		dns.SetAllowAmbientCredentials(false),
Author	SHA1	Message	Date
toabi	9d32446675	Update index.yaml Signed-off-by: toabi <toabi@users.noreply.github.com>	2021-03-12 08:07:13 +00:00
NotANormalNerd	be9e121aba	Update index.yaml Signed-off-by: NotANormalNerd <NotANormalNerd@users.noreply.github.com>	2021-03-10 16:31:51 +00:00