Move token into secret for cert-manager

alexellis · alexellis · commit f67de9ed381c · 2019-01-31T11:55:05.000Z
Signed-off-by: Alex Ellis &lt;alexellis2@gmail.com&gt;
diff --git a/init.yaml b/init.yaml
@@ -128,7 +128,6 @@ enable_oauth: false
 ### your OpenFaaS Cloud.
 tls: true
 tls_config:
-
   email: "email@domain"
 
   # issuer_type: "prod"
@@ -148,4 +147,3 @@ tls_config:
 
   ### DigitalOcean
   dns_service: digitalocean
-  digitalocean_access_token: ""
diff --git a/pkg/tls/tls.go b/pkg/tls/tls.go
@@ -12,31 +12,27 @@ import (
 
 // TLSTemplate TLS configuration
 type TLSTemplate struct {
-	RootDomain              string
-	Email                   string
-	DNSService              string
-	ProjectID               string
-	IssuerType              string
-	Region                  string
-	AccessKeyID             string
-	DigitalOceanAccessToken string
+	RootDomain  string
+	Email       string
+	DNSService  string
+	ProjectID   string
+	IssuerType  string
+	Region      string
+	AccessKeyID string
 }
 
-var tlsTemplatesPath = "templates/k8s/tls/"
-
 // Apply executes the plan
 func Apply(plan types.Plan) error {
 
 	tlsTemplatesList, _ := listTLSTemplates()
 	tlsTemplate := TLSTemplate{
-		RootDomain:              plan.RootDomain,
-		Email:                   plan.TLSConfig.Email,
-		DNSService:              plan.TLSConfig.DNSService,
-		ProjectID:               plan.TLSConfig.ProjectID,
-		IssuerType:              plan.TLSConfig.IssuerType,
-		Region:                  plan.TLSConfig.Region,
-		AccessKeyID:             plan.TLSConfig.AccessKeyID,
-		DigitalOceanAccessToken: plan.TLSConfig.DigitalOceanAccessToken,
+		RootDomain:  plan.RootDomain,
+		Email:       plan.TLSConfig.Email,
+		DNSService:  plan.TLSConfig.DNSService,
+		ProjectID:   plan.TLSConfig.ProjectID,
+		IssuerType:  plan.TLSConfig.IssuerType,
+		Region:      plan.TLSConfig.Region,
+		AccessKeyID: plan.TLSConfig.AccessKeyID,
 	}
 
 	for _, template := range tlsTemplatesList {
@@ -55,23 +51,17 @@ func Apply(plan types.Plan) error {
 }
 
 func listTLSTemplates() ([]string, error) {
-	file, err := os.Open(tlsTemplatesPath)
 
-	if err != nil {
-		log.Fatalf("failed opening directory: %s, %s", tlsTemplatesPath, err)
-		return nil, err
-	}
-	defer file.Close()
-
-	list, _ := file.Readdirnames(0)
-	if err != nil {
-		log.Fatalf("failed reading filenames in directory %s, %s", tlsTemplatesPath, err)
-		return nil, err
-	}
-	return list, nil
+	return []string{
+		"issuer-prod.yml",
+		"issuer-staging.yml",
+		"wildcard-domain-cert.yml",
+		"auth-domain-cert.yml",
+	}, nil
 }
 
 func generateTemplate(fileName string, tlsTemplate TLSTemplate) (string, error) {
+	tlsTemplatesPath := "templates/k8s/tls/"
 
 	data, err := ioutil.ReadFile(tlsTemplatesPath + fileName)
 	if err != nil {
diff --git a/pkg/types/types.go b/pkg/types/types.go
@@ -70,11 +70,10 @@ type S3 struct {
 }
 
 type TLSConfig struct {
-	Email                   string `yaml:"email"`
-	DNSService              string `yaml:"dns_service"`
-	ProjectID               string `yaml:"project_id"`
-	IssuerType              string `yaml:"issuer_type"`
-	Region                  string `yaml:"region"`
-	AccessKeyID             string `yaml:"access_key_id"`
-	DigitalOceanAccessToken string `yaml:"digitalocean_access_token"`
+	Email       string `yaml:"email"`
+	DNSService  string `yaml:"dns_service"`
+	ProjectID   string `yaml:"project_id"`
+	IssuerType  string `yaml:"issuer_type"`
+	Region      string `yaml:"region"`
+	AccessKeyID string `yaml:"access_key_id"`
 }
diff --git a/scripts/reset.sh b/scripts/reset.sh
@@ -3,9 +3,9 @@
 helm delete --purge cert-manager nginxingress openfaas cloud-minio
 
 kubectl delete certificates --all -n openfaas
+kubectl delete clusterissuer letsencrypt-prod letsencrypt-staging
 
-kubectl delete ns openfaas openfaas-fn
-kubectl delete ns cert-manager
+kubectl delete ns openfaas openfaas-fn cert-manager
 
 kubectl delete crd sealedsecrets.bitnami.com
 kubectl delete \
diff --git a/templates/k8s/tls/issuer-prod.yml b/templates/k8s/tls/issuer-prod.yml
@@ -28,5 +28,5 @@ spec:
           {{else if eq .DNSService "digitalocean" }}
             tokenSecretRef:
               name: digitalocean-dns
-              key: "{{.DigitalOceanAccessToken}}"
+              key: access-token
           {{ end }}
diff --git a/templates/k8s/tls/issuer-staging.yml b/templates/k8s/tls/issuer-staging.yml
@@ -28,5 +28,5 @@ spec:
           {{else if eq .DNSService "digitalocean" }}
             tokenSecretRef:
               name: digitalocean-dns
-              key: "{{.DigitalOceanAccessToken}}"
+              key: access-token
           {{ end }}
