Add logging

Author: wirwolf

.dockerignore

@@ -0,0 +1,10 @@
+.idea
+.gitignore
+.github
+.dockerignore
+.git
+charts
+LICENSE
+README.md
+Makefile
+Dockerfile

Dockerfile

@@ -1,18 +1,40 @@
 FROM golang:1.16-alpine AS build
-RUN apk add --no-cache git curl ca-certificates socat bash openssl
 WORKDIR /workspace
 COPY go.mod .
 COPY go.sum .
 RUN go mod download
 COPY . .
-RUN curl -fsSL https://get.acme.sh | sh
 RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' .
 
-FROM alpine
-WORKDIR /root
-COPY --from=build /workspace/webhook /usr/local/bin/webhook
-COPY --from=build /root/.acme.sh /root/.acme.sh
-ADD acme_delegate.sh /root/acme_delegate.sh
-RUN apk add --no-cache ca-certificates curl socat bash openssl && chmod 755 /root/acme_delegate.sh
+FROM neilpang/acme.sh
 
-ENTRYPOINT ["webhook"]
+RUN apk add bash
+
+ARG DOCKER_APP_UID="1000"
+ARG DOCKER_APP_GID="1000"
+
+####
+#### User/Group
+####
+
+RUN set -eux \
+    && addgroup -g ${DOCKER_APP_GID} app \
+    && adduser -u ${DOCKER_APP_UID} -G app -s /bin/sh -D app \
+    && true
+
+
+RUN set -eux \
+    && mv /root/.acme.sh /opt/.acme.sh \
+    && chown -R app:app /opt/.acme.sh \
+    && chown -R app:app /acme.sh \
+    && true
+
+
+COPY --from=build --chown=app:app --chmod=777 /workspace/webhook /usr/local/bin/webhook
+COPY --chown=app:app --chmod=777 acme_delegate.sh /usr/local/bin/acme_delegate.sh
+
+
+USER app
+
+ENTRYPOINT ["/usr/local/bin/webhook"]
+CMD [""]

acme_delegate.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
 echo '__________________________ acme_delegate initialize __________________________'
-export HOME=/root
+export HOME=/opt
 export DEBUG=3
-cd /root
+cd /opt
 export
 
 echo '__________________________ acme.sh environments __________________________'
@@ -14,8 +14,8 @@ dosk_txtvalue="$4"
 dosk_lasterror=""
 
 echo '__________________________ acme.sh delegate __________________________'
-source /root/.acme.sh/acme.sh --info
-source /root/.acme.sh/dnsapi/${dosk_dnsapi}.sh
+source /opt/.acme.sh/acme.sh --info
+source /opt/.acme.sh/dnsapi/${dosk_dnsapi}.sh
 ${dosk_dnsapi}_${dosk_action} "$dosk_fulldomain" "$dosk_txtvalue"
 retval=$?
 

main.go

@@ -22,7 +22,7 @@ import (
 
 const (
 	defaultTTL      = 600
-	acmeDelegate    = "/acme_delegate.sh"
+	acmeDelegate    = "/usr/local/bin/acme_delegate.sh"
 	acmeReturnValue = "ACME_RETVAL"
 )
 
@@ -74,16 +74,9 @@ func (c *customDNSProviderSolver) DoDNSAPI(action string, ch *v1alpha1.Challenge
 		return err
 	}
 
-	envData, ok := envSecret.Data["env"]
-	if !ok {
-		klog.Errorf("Missing 'env' key in secret")
-		return fmt.Errorf("no env in secret")
-	}
-
-	env := envFromSecret{}
-	if err := json.Unmarshal(envData, &env); err != nil {
-		klog.Errorf("Failed to unmarshal env data: %v", err)
-		return err
+	envVars := []string{}
+	for key, val := range envSecret.Data {
+		envVars = append(envVars, fmt.Sprintf("%s=%s", key, string(val)))
 	}
 
 	uuid := uuid.New()
@@ -96,18 +89,12 @@ func (c *customDNSProviderSolver) DoDNSAPI(action string, ch *v1alpha1.Challenge
 
 	procAttr := &os.ProcAttr{
 		Files: []*os.File{os.Stdin, stdoutFile, os.Stderr},
-		Env:   env,
-	}
-
-	dir, err := os.Getwd()
-	if err != nil {
-		klog.Errorf("Failed to get working directory: %v", err)
-		return err
+		Env:   envVars,
 	}
 
 	klog.Infof("Executing %s with action=%s", acmeDelegate, action)
-	process, err := os.StartProcess(dir+acmeDelegate, []string{
-		dir + acmeDelegate, cfg.DNSAPI, action, util.UnFqdn(ch.ResolvedFQDN), ch.Key,
+	process, err := os.StartProcess(acmeDelegate, []string{
+		acmeDelegate, cfg.DNSAPI, action, util.UnFqdn(ch.ResolvedFQDN), ch.Key,
 	}, procAttr)
 	if err != nil {
 		klog.Errorf("Failed to start process: %v", err)