add default ttl parameter

stackitcloud · May 23, 2024 · aba56e1 · aba56e1
1 parent a27b153
commit aba56e1
Show file tree

Hide file tree

Showing 8 changed files with 132 additions and 101 deletions.
diff --git a/README.md b/README.md
@@ -185,6 +185,7 @@ spec:
             authTokenSecretKey: string
             authTokenSecretNamespace: string
             serviceAccountKeyPath: string
+            acmeTxtRecordTTL: int64
 ```
 
 - projectId: The unique identifier for the STACKIT project.
@@ -194,6 +195,7 @@ spec:
 - authTokenSecretKey: The key within the secret containing the STACKIT authentication token. (Default: auth-token)
 - authTokenSecretNamespace: The namespace of the secret containing the STACKIT authentication token. (Default: cert-manager)
 - serviceAccountKeyPath: The path to the service account key file. The file must be mounted into the container.
+- acmeTxtRecordTTL: The TTL for the ACME TXT record. (Default: 600)
 
 ## Test Procedures
 

diff --git a/internal/repository/mock/rrset_repository.go b/internal/repository/mock/rrset_repository.go
diff --git a/internal/repository/mock/zone_repository.go b/internal/repository/mock/zone_repository.go
diff --git a/internal/resolver/config.go b/internal/resolver/config.go
@@ -25,6 +25,7 @@ type StackitDnsProviderConfig struct {
 	AuthTokenSecretKey       string `json:"authTokenSecretKey"`
 	AuthTokenSecretNamespace string `json:"authTokenSecretNamespace"`
 	ServiceAccountKeyPath    string `json:"serviceAccountKeyPath"`
+	AcmeTxtRecordTTL         int64  `json:"acmeTxtRecordTTL"`
 }
 
 func (d defaultConfigProvider) LoadConfig(cfgJSON *extapi.JSON) (StackitDnsProviderConfig, error) {
@@ -79,6 +80,9 @@ func setDefaultValues(cfg *StackitDnsProviderConfig) {
 	if cfg.AuthTokenSecretKey == "" {
 		cfg.AuthTokenSecretKey = "auth-token"
 	}
+	if cfg.AcmeTxtRecordTTL == 0 {
+		cfg.AcmeTxtRecordTTL = 600
+	}
 }
 
 func determineNamespace(currentNamespace string, fileNamespaceName string) (string, error) {

diff --git a/internal/resolver/config_test.go b/internal/resolver/config_test.go
@@ -5,7 +5,6 @@ import (
 	"os"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/mock/gomock"
 	"go.uber.org/zap"
@@ -23,9 +22,9 @@ func TestLoadConfig(t *testing.T) {
 		t.Parallel()
 
 		cfg, err := d.LoadConfig(nil)
-		assert.Error(t, err)
-		assert.Equal(t, "no configProvider provided", err.Error())
-		assert.Equal(t, StackitDnsProviderConfig{}, cfg)
+		require.Error(t, err)
+		require.Equal(t, "no configProvider provided", err.Error())
+		require.Equal(t, StackitDnsProviderConfig{}, cfg)
 	})
 
 	t.Run("valid cfgJSON", func(t *testing.T) {
@@ -34,50 +33,51 @@ func TestLoadConfig(t *testing.T) {
 		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test", "authTokenSecretNamespace": "test"}`)}
 
 		cfg, err := d.LoadConfig(rawCfg)
-		assert.NoError(t, err)
-		assert.Equal(t, "test", cfg.ProjectId)
+		require.NoError(t, err)
+		require.Equal(t, "test", cfg.ProjectId)
 	})
 
 	t.Run("not parsable cfgJSON", func(t *testing.T) {
 		t.Parallel()
 
 		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":}`)}
 		cfg, err := d.LoadConfig(rawCfg)
-		assert.Error(t, err)
-		assert.Contains(t, err.Error(), "error decoding solver configProvider")
-		assert.Equal(t, StackitDnsProviderConfig{}, cfg)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "error decoding solver configProvider")
+		require.Equal(t, StackitDnsProviderConfig{}, cfg)
 	})
 
 	t.Run("invalid cfgJSON", func(t *testing.T) {
 		t.Parallel()
 
 		rawCfg := &v1.JSON{Raw: []byte(`{"projectId": ""}`)}
 		cfg, err := d.LoadConfig(rawCfg)
-		assert.Error(t, err)
-		assert.Contains(t, err.Error(), "projectId must be specified")
-		assert.Equal(t, StackitDnsProviderConfig{}, cfg)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "projectId must be specified")
+		require.Equal(t, StackitDnsProviderConfig{}, cfg)
 	})
 
 	t.Run("missing projectId", func(t *testing.T) {
 		t.Parallel()
 
 		rawCfg := &v1.JSON{Raw: []byte(`{}`)}
 		cfg, err := d.LoadConfig(rawCfg)
-		assert.Error(t, err)
-		assert.Equal(t, "projectId must be specified", err.Error())
-		assert.Equal(t, StackitDnsProviderConfig{}, cfg)
+		require.Error(t, err)
+		require.Equal(t, "projectId must be specified", err.Error())
+		require.Equal(t, StackitDnsProviderConfig{}, cfg)
 	})
 
 	t.Run("default values set", func(t *testing.T) {
 		t.Parallel()
 
 		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test", "authTokenSecretNamespace": "test"}`)} // Only projectId provided
 		cfg, err := d.LoadConfig(rawCfg)
-		assert.NoError(t, err)
-		assert.Equal(t, "test", cfg.ProjectId)
-		assert.Equal(t, "https://dns.api.stackit.cloud", cfg.ApiBasePath)
-		assert.Equal(t, "stackit-cert-manager-webhook", cfg.AuthTokenSecretRef)
-		assert.Equal(t, "auth-token", cfg.AuthTokenSecretKey)
+		require.NoError(t, err)
+		require.Equal(t, "test", cfg.ProjectId)
+		require.Equal(t, "https://dns.api.stackit.cloud", cfg.ApiBasePath)
+		require.Equal(t, "stackit-cert-manager-webhook", cfg.AuthTokenSecretRef)
+		require.Equal(t, "auth-token", cfg.AuthTokenSecretKey)
+		require.Equal(t, int64(600), cfg.AcmeTxtRecordTTL)
 	})
 }
 
@@ -95,17 +95,17 @@ func TestDefaultConfigProvider_LoadConfigNamespaceFile(t *testing.T) {
 		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test"}`)}
 
 		f, err := os.CreateTemp("", "example")
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		defer os.Remove(f.Name())
 		_, err = f.Write([]byte("test-namespace"))
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		err = f.Close()
-		assert.NoError(t, err)
+		require.NoError(t, err)
 
 		dcp := defaultConfigProvider{fileNamespaceName: f.Name()}
 		cfg, err := dcp.LoadConfig(rawCfg)
-		assert.NoError(t, err)
-		assert.Equal(t, "test-namespace", cfg.AuthTokenSecretNamespace)
+		require.NoError(t, err)
+		require.Equal(t, "test-namespace", cfg.AuthTokenSecretNamespace)
 	})
 
 	t.Run("fail determine namespace from file, no content", func(t *testing.T) {
@@ -114,17 +114,17 @@ func TestDefaultConfigProvider_LoadConfigNamespaceFile(t *testing.T) {
 		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test"}`)}
 
 		f, err := os.CreateTemp("", "example")
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		defer os.Remove(f.Name())
 		_, err = f.Write([]byte(""))
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		err = f.Close()
-		assert.NoError(t, err)
+		require.NoError(t, err)
 
 		dcp := defaultConfigProvider{fileNamespaceName: f.Name()}
 		_, err = dcp.LoadConfig(rawCfg)
-		assert.Error(t, err)
-		assert.Contains(t, err.Error(), "invalid webhook pod namespace provided")
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "invalid webhook pod namespace provided")
 	})
 
 	t.Run("fail to determine namespace from file", func(t *testing.T) {
@@ -133,8 +133,8 @@ func TestDefaultConfigProvider_LoadConfigNamespaceFile(t *testing.T) {
 		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test"}`)}
 
 		_, err := d.LoadConfig(rawCfg)
-		assert.Error(t, err)
-		assert.Contains(t, err.Error(), "failed to find the webhook pod namespace")
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "failed to find the webhook pod namespace")
 	})
 }
 
@@ -157,7 +157,6 @@ func TestGetRepositoryConfig_WithSaKeyPath(t *testing.T) {
 	}
 
 	config, err := r.getRepositoryConfig(cfg)
-
 	require.NoError(t, err)
 	require.Equal(t, saKeyPath, config.SaKeyPath)
 	require.True(t, config.UseSaKey)

diff --git a/internal/resolver/mock/config.go b/internal/resolver/mock/config.go
diff --git a/internal/resolver/mock/secrets.go b/internal/resolver/mock/secrets.go