From 345d1cc4c0247255e5e999e8581b0abdb07b1a7c Mon Sep 17 00:00:00 2001 From: Jayson Wang Date: Thu, 21 Mar 2024 15:12:02 +0800 Subject: [PATCH] add configuration validation for webhook (#15) meanwhile, the webhook's error message is now clearer and more precise. --- .editorconfig | 3 +++ .github/workflows/go.yaml | 4 +--- README.md | 1 + VERSION | 2 +- alidns.go | 2 +- charts/alidns-webhook/Chart.yaml | 2 +- config.go | 16 ++++++++-------- config_test.go | 12 ++++++------ 8 files changed, 22 insertions(+), 20 deletions(-) diff --git a/.editorconfig b/.editorconfig index 549b63b..d8464a0 100644 --- a/.editorconfig +++ b/.editorconfig @@ -15,3 +15,6 @@ indent_style = tab [{*.yaml,*.yml,*.json}] indent_size = 2 + +[VERSION] +insert_final_newline = false diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml index b91bf44..6f755c1 100644 --- a/.github/workflows/go.yaml +++ b/.github/workflows/go.yaml @@ -8,8 +8,6 @@ on: push: branches: - main - tags: - - 'v*' jobs: test: @@ -19,7 +17,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Setup Go ${{ matrix.go-version }} + - name: Setup Go uses: actions/setup-go@v5 with: go-version-file: go.mod diff --git a/README.md b/README.md index c4f0411..9a55017 100644 --- a/README.md +++ b/README.md @@ -138,6 +138,7 @@ The following table lists the correspondences between alidns-webhook and k8s ver | Alidns-Webhook version | k8s supported version | Helm Chart Version | |------------------------|------------------------|--------------------| +| **v1.0.0** | 1.29, 1.28, 1.27, 1.26 | 1.0.* | | **v0.1.0** | 1.29, 1.28, 1.27, 1.26 | 0.1.* | diff --git a/VERSION b/VERSION index 6e8bf73..afaf360 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.1.0 +1.0.0 \ No newline at end of file diff --git a/alidns.go b/alidns.go index 2b55486..5768cea 100644 --- a/alidns.go +++ b/alidns.go @@ -118,7 +118,7 @@ func (s *AliSolver) loadAliDNS(challenge *acme.ChallengeRequest) (*AliDNS, error return nil, err } - accessKeySecret, err := s.loadSecretData(cfg.SecretAccessKeyRef, challenge.ResourceNamespace) + accessKeySecret, err := s.loadSecretData(cfg.AccessKeySecretRef, challenge.ResourceNamespace) if err != nil { return nil, err } diff --git a/charts/alidns-webhook/Chart.yaml b/charts/alidns-webhook/Chart.yaml index 43b8386..09614ef 100644 --- a/charts/alidns-webhook/Chart.yaml +++ b/charts/alidns-webhook/Chart.yaml @@ -18,7 +18,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 1.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/config.go b/config.go index d53fc09..0f89b2e 100644 --- a/config.go +++ b/config.go @@ -26,24 +26,24 @@ import ( // be used by your provider here, you should reference a Kubernetes Secret // resource and fetch these credentials using a Kubernetes clientset. type Config struct { - Region string `json:"region"` // optional - AccessKeyIdRef cmmeta.SecretKeySelector `json:"accessKeyIdRef"` - // AccessKeySecretRef will serve as the alias name for SecretAccessKeyRef + Region string `json:"region"` // optional + AccessKeyIdRef cmmeta.SecretKeySelector `json:"accessKeyIdRef"` AccessKeySecretRef cmmeta.SecretKeySelector `json:"accessKeySecretRef"` + // SecretAccessKeyRef will serve as the alias name for AccessKeySecretRef SecretAccessKeyRef cmmeta.SecretKeySelector `json:"secretAccessKeyRef"` } // Validate checks if the config of the webhook is valid. func (cfg *Config) Validate() error { if len(cfg.AccessKeyIdRef.Name) == 0 { - return errors.New("testAccessKeyIdRef may not be empty") + return errors.New("accessKeyIdRef may not be empty") } - if len(cfg.SecretAccessKeyRef.Name) == 0 { - cfg.AccessKeySecretRef.DeepCopyInto(&cfg.SecretAccessKeyRef) + if len(cfg.AccessKeySecretRef.Name) == 0 { + cfg.SecretAccessKeyRef.DeepCopyInto(&cfg.AccessKeySecretRef) } - if len(cfg.SecretAccessKeyRef.Name) == 0 { - return errors.New("AccessKeySecretRef may not be empty") + if len(cfg.AccessKeySecretRef.Name) == 0 { + return errors.New("accessKeySecretRef may not be empty") } return nil diff --git a/config_test.go b/config_test.go index fdd3a43..fecb900 100644 --- a/config_test.go +++ b/config_test.go @@ -19,11 +19,11 @@ var ( }, Key: "access-key-id", } - testSecretAccessKeyRef = cmmeta.SecretKeySelector{ + testAccessKeySecretRef = cmmeta.SecretKeySelector{ LocalObjectReference: cmmeta.LocalObjectReference{ Name: "alidns-secret", }, - Key: "secret-access-key", + Key: "access-key-secret", } ) @@ -31,7 +31,7 @@ func TestConfig_Validate(t *testing.T) { t.Run("happy", func(t *testing.T) { correct := &Config{ AccessKeyIdRef: testAccessKeyIdRef, - SecretAccessKeyRef: testSecretAccessKeyRef, + AccessKeySecretRef: testAccessKeySecretRef, } loaded, err := loadConfig(&extapi.JSON{Raw: mustMarshal(correct)}) @@ -43,7 +43,7 @@ func TestConfig_Validate(t *testing.T) { t.Run("compatible", func(t *testing.T) { correct := &Config{ AccessKeyIdRef: testAccessKeyIdRef, - AccessKeySecretRef: testSecretAccessKeyRef, + SecretAccessKeyRef: testAccessKeySecretRef, } loaded, err := loadConfig(&extapi.JSON{Raw: mustMarshal(correct)}) @@ -59,14 +59,14 @@ func TestConfig_Validate(t *testing.T) { t.Run("no accessKeyId", func(t *testing.T) { bad := &Config{ - SecretAccessKeyRef: testSecretAccessKeyRef, + SecretAccessKeyRef: testAccessKeySecretRef, } _, err := loadConfig(&extapi.JSON{Raw: mustMarshal(bad)}) assert.Error(t, err) }) - t.Run("no secretAccessKey", func(t *testing.T) { + t.Run("no accessKeySecret", func(t *testing.T) { bad := &Config{ AccessKeyIdRef: testAccessKeyIdRef, }