optionally specify secretName for autoregistrated issuer, updated con…

…troller-manager-library dependency

Gopkg.toml

@@ -21,7 +21,7 @@ required = [
 
 [[constraint]]
   name = "github.com/gardener/external-dns-management"
-  version = "0.6.1"
+  version = "0.7.0"
 
 [[constraint]]
   name = "k8s.io/api"

examples/20-issuer-staging.yaml

@@ -8,3 +8,4 @@ spec:
     server: https://acme-staging-v02.api.letsencrypt.org/directory
     email: some.user@mydomain.com
     autoRegistration: true
+    autoRegistrationSecretName: issuer-staging-secret

pkg/apis/cert/v1alpha1/issuer.go

@@ -42,16 +42,35 @@ type Issuer struct {
 }
 
 type IssuerSpec struct {
+	// +optional
 	ACME *ACMESpec `json:"acme,omitempty"`
+
+	// +optional
+	SelfSigned *SelfSignedSpec `json:"selfSigned,omitempty"`
+
+	// +optional
+	CA *CASpec `json:"ca,omitempty"`
 }
 
 type ACMESpec struct {
-	Server              string                  `json:"server"`
-	Email               string                  `json:"email"`
-	AutoRegistration    bool                    `json:"autoRegistration,omitempty"`
+	Server string `json:"server"`
+	Email  string `json:"email"`
+
+	// +optional
+	AutoRegistration           bool   `json:"autoRegistration,omitempty"`
+	AutoRegistrationSecretName string `json:"autoRegistrationSecretName,omitempty"`
+
+	// +optional
 	PrivateKeySecretRef *corev1.SecretReference `json:"privateKeySecretRef,omitempty"`
 }
 
+type SelfSignedSpec struct {
+}
+
+type CASpec struct {
+	SecretRef *corev1.SecretReference `json:"secretRef,omitempty"`
+}
+
 type IssuerStatus struct {
 	ObservedGeneration int64   `json:"observedGeneration,omitempty"`
 	State              string  `json:"state"`

pkg/cert/source/reconciler.go

@@ -43,8 +43,8 @@ func SourceReconciler(sourceType CertSourceType, rtype controller.ReconcilerType
 			return nil, err
 		}
 		copt, _ := c.GetStringOption(OPT_CLASS)
-		classes := NewClasses(copt)
-		c.SetFinalizerHandler(NewFinalizer(c, c.GetDefinition().FinalizerName(), classes))
+		classes := controller.NewClasses(c, copt, ANNOT_CLASS, DefaultClass)
+		c.SetFinalizerHandler(controller.NewFinalizerForClasses(c, c.GetDefinition().FinalizerName(), classes))
 		targetclass, _ := c.GetStringOption(OPT_TARGETCLASS)
 		if targetclass == "" {
 			if !classes.Contains(DefaultClass) && classes.Main() != DefaultClass {
@@ -81,7 +81,7 @@ type sourceReconciler struct {
 	*reconcilers.NestedReconciler
 	*reconcilers.SlaveAccess
 	source      CertSource
-	classes     *Classes
+	classes     *controller.Classes
 	targetclass string
 	namespace   string
 	nameprefix  string

pkg/controller/issuer/acme/handler.go

@@ -96,11 +96,16 @@ func (r *acmeIssuerHandler) Reconcile(logger logger.LogContext, obj resources.Ob
 			return r.failedAcme(logger, obj, api.STATE_ERROR, fmt.Errorf("creating registration user failed with %s", err.Error()))
 		}
 
-		secretRef, err := r.support.WriteIssuerSecret(issuer.ObjectMeta, user, secret)
-		if err != nil {
-			return r.failedAcme(logger, obj, api.STATE_ERROR, fmt.Errorf("writing issuer secret failed with %s", err.Error()))
-		}
-		if secretRef != nil {
+		if secret != nil {
+			err = r.support.UpdateIssuerSecret(issuer.ObjectMeta, user, secret)
+			if err != nil {
+				return r.failedAcme(logger, obj, api.STATE_ERROR, fmt.Errorf("updating issuer secret failed with %s", err.Error()))
+			}
+		} else {
+			secretRef, err := r.support.WriteIssuerSecretFromRegistrationUser(issuer.ObjectMeta, user, acme.AutoRegistrationSecretName)
+			if err != nil {
+				return r.failedAcme(logger, obj, api.STATE_ERROR, fmt.Errorf("writing issuer secret failed with %s", err.Error()))
+			}
 			issuer.Spec.ACME.PrivateKeySecretRef = secretRef
 			r.support.RememberIssuerSecret(obj.ObjectName(), issuer.Spec.ACME.PrivateKeySecretRef)
 		}