penguin/webhook-freedns
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Tidy example package

Browse Source 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
This commit is contained in:
Jake Sanders 2021-02-22 16:02:41 +00:00
parent 4f51af7d86
commit 1f895be0fe
No known key found for this signature in database
GPG Key ID: 7E708D7933B84690
3 changed files with 63 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Dockerfile
View File

@ -1,9 +1,8 @@
FROM golang:1.15-alpine AS build_deps FROM golang:1.16-alpine AS build_deps
RUN apk add --no-cache git RUN apk add --no-cache git
WORKDIR /workspace WORKDIR /workspace
ENV GO111MODULE=on
COPY go.mod . COPY go.mod .
COPY go.sum . COPY go.sum .

88
example/dns.go
View File

@ -2,6 +2,7 @@ package example
import ( import (
"fmt" "fmt"
"github.com/miekg/dns" "github.com/miekg/dns"
) )
@ -11,45 +12,7 @@ func (e *exampleSolver) handleDNSRequest(w dns.ResponseWriter, req *dns.Msg) {
switch req.Opcode { switch req.Opcode {
case dns.OpcodeQuery: case dns.OpcodeQuery:
for _, q := range msg.Question { for _, q := range msg.Question {
switch q.Qtype { if err := e.addDNSAnswer(q, msg, req); err != nil {
case dns.TypeA:
rr, err := dns.NewRR(fmt.Sprintf("%s 5 IN A 127.0.0.1", q.Name))
if err != nil {
msg.SetRcode(req, dns.RcodeNameError)
} else {
msg.Answer = append(msg.Answer, rr)
}
case dns.TypeTXT:
// get record
e.RLock()
record, found := e.txtRecords[q.Name]
e.RUnlock()
if !found {
msg.SetRcode(req, dns.RcodeNameError)
} else {
rr, err := dns.NewRR(fmt.Sprintf("%s 5 IN TXT %s", q.Name, record))
if err != nil {
msg.SetRcode(req, dns.RcodeServerFailure)
break
}
msg.Answer = append(msg.Answer, rr)
}
case dns.TypeNS:
rr, err := dns.NewRR(fmt.Sprintf("%s 5 IN NS ns.example-acme-webook.invalid.", q.Name))
if err != nil {
msg.SetRcode(req, dns.RcodeServerFailure)
break
} else {
msg.Answer = append(msg.Answer, rr)
}
case dns.TypeSOA:
rr, err := dns.NewRR(fmt.Sprintf("%s 5 IN SOA %s 20 5 5 5 5", "ns.example-acme-webook.invalid.", "ns.example-acme-webook.invalid."))
if err != nil {
msg.SetRcode(req, dns.RcodeServerFailure)
break
}
msg.Answer = append(msg.Answer, rr)
default:
msg.SetRcode(req, dns.RcodeServerFailure) msg.SetRcode(req, dns.RcodeServerFailure)
break break
} }
@ -57,3 +20,50 @@ func (e *exampleSolver) handleDNSRequest(w dns.ResponseWriter, req *dns.Msg) {
} }
w.WriteMsg(msg) w.WriteMsg(msg)
} }
func (e *exampleSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg) error {
switch q.Qtype {
// Always return loopback for any A query
case dns.TypeA:
rr, err := dns.NewRR(fmt.Sprintf("%s 5 IN A 127.0.0.1", q.Name))
if err != nil {
return err
}
msg.Answer = append(msg.Answer, rr)
return nil
// TXT records are the only important record for ACME dns-01 challenges
case dns.TypeTXT:
e.RLock()
record, found := e.txtRecords[q.Name]
e.RUnlock()
if !found {
msg.SetRcode(req, dns.RcodeNameError)
return nil
}
rr, err := dns.NewRR(fmt.Sprintf("%s 5 IN TXT %s", q.Name, record))
if err != nil {
return err
}
msg.Answer = append(msg.Answer, rr)
return nil
// NS and SOA are for authoritative lookups, return obviously invalid data
case dns.TypeNS:
rr, err := dns.NewRR(fmt.Sprintf("%s 5 IN NS ns.example-acme-webook.invalid.", q.Name))
if err != nil {
return err
}
msg.Answer = append(msg.Answer, rr)
return nil
case dns.TypeSOA:
rr, err := dns.NewRR(fmt.Sprintf("%s 5 IN SOA %s 20 5 5 5 5", "ns.example-acme-webook.invalid.", "ns.example-acme-webook.invalid."))
if err != nil {
return err
}
msg.Answer = append(msg.Answer, rr)
return nil
default:
return fmt.Errorf("unimplemented record type %v", q.Qtype)
}
}

19
example/example.go
View File

@ -3,6 +3,8 @@
package example package example
import ( import (
"fmt"
"os"
"sync" "sync"
"github.com/jetstack/cert-manager/pkg/acme/webhook" "github.com/jetstack/cert-manager/pkg/acme/webhook"
@ -18,31 +20,36 @@ type exampleSolver struct {
sync.RWMutex sync.RWMutex
} }
func (e exampleSolver) Name() string { func (e *exampleSolver) Name() string {
return e.name return e.name
} }
func (e exampleSolver) Present(ch *acme.ChallengeRequest) error { func (e *exampleSolver) Present(ch *acme.ChallengeRequest) error {
e.Lock() e.Lock()
e.txtRecords[ch.ResolvedFQDN] = ch.Key e.txtRecords[ch.ResolvedFQDN] = ch.Key
e.Unlock() e.Unlock()
return nil return nil
} }
func (e exampleSolver) CleanUp(ch *acme.ChallengeRequest) error { func (e *exampleSolver) CleanUp(ch *acme.ChallengeRequest) error {
e.Lock() e.Lock()
delete(e.txtRecords, ch.ResolvedFQDN) delete(e.txtRecords, ch.ResolvedFQDN)
e.Unlock() e.Unlock()
return nil return nil
} }
func (e exampleSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error { func (e *exampleSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error {
go func(done <-chan struct{}) { go func(done <-chan struct{}) {
<-done <-done
e.server.Shutdown() if err := e.server.Shutdown(); err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err.Error())
}
}(stopCh) }(stopCh)
go func() { go func() {
e.server.ListenAndServe() if err := e.server.ListenAndServe(); err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err.Error())
os.Exit(1)
}
}() }()
return nil return nil
} }