{"id":39682703,"url":"https://github.com/hpi-schul-cloud/infra-otc-cert-manager-webhook","last_synced_at":"2026-01-18T09:54:56.239Z","repository":{"id":64307417,"uuid":"372854011","full_name":"hpi-schul-cloud/infra-otc-cert-manager-webhook","owner":"hpi-schul-cloud","description":"Cert manager acme dns01 webhook provider for the Open Telekom Cloud (OTC).","archived":false,"fork":false,"pushed_at":"2024-08-12T14:14:45.000Z","size":141,"stargazers_count":7,"open_issues_count":1,"forks_count":1,"subscribers_count":11,"default_branch":"main","last_synced_at":"2024-08-12T16:23:46.703Z","etag":null,"topics":["cert-manager","cert-manager-webhook","letsencrypt","otc","telekom"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hpi-schul-cloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-01T14:13:07.000Z","updated_at":"2024-08-12T14:08:37.000Z","dependencies_parsed_at":"2024-08-12T16:19:27.777Z","dependency_job_id":null,"html_url":"https://github.com/hpi-schul-cloud/infra-otc-cert-manager-webhook","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/hpi-schul-cloud/infra-otc-cert-manager-webhook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpi-schul-cloud%2Finfra-otc-cert-manager-webhook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpi-schul-cloud%2Finfra-otc-cert-manager-webhook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpi-schul-cloud%2Finfra-otc-cert-manager-webhook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpi-schul-cloud%2Finfra-otc-cert-manager-webhook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hpi-schul-cloud","download_url":"https://codeload.github.com/hpi-schul-cloud/infra-otc-cert-manager-webhook/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpi-schul-cloud%2Finfra-otc-cert-manager-webhook/sbom","scorecard":{"id":470164,"data":{"date":"2025-08-11","repo":{"name":"github.com/hpi-schul-cloud/infra-otc-cert-manager-webhook","commit":"539feeed4d7af510d2c4983567983de2bda22995"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 1/22 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/main.yml:12"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact infra-otc-cert-manager-webhook-1.0.1 not signed: https://api.github.com/repos/hpi-schul-cloud/infra-otc-cert-manager-webhook/releases/45085894","Warn: release artifact infra-otc-cert-manager-webhook-0.2.0 not signed: https://api.github.com/repos/hpi-schul-cloud/infra-otc-cert-manager-webhook/releases/45007760","Warn: release artifact infra-otc-cert-manager-webhook-0.1.0 not signed: https://api.github.com/repos/hpi-schul-cloud/infra-otc-cert-manager-webhook/releases/44272375","Warn: release artifact infra-otc-cert-manager-webhook-1.0.1 does not have provenance: https://api.github.com/repos/hpi-schul-cloud/infra-otc-cert-manager-webhook/releases/45085894","Warn: release artifact infra-otc-cert-manager-webhook-0.2.0 does not have provenance: https://api.github.com/repos/hpi-schul-cloud/infra-otc-cert-manager-webhook/releases/45007760","Warn: release artifact infra-otc-cert-manager-webhook-0.1.0 does not have provenance: https://api.github.com/repos/hpi-schul-cloud/infra-otc-cert-manager-webhook/releases/44272375"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/hpi-schul-cloud/infra-otc-cert-manager-webhook/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/hpi-schul-cloud/infra-otc-cert-manager-webhook/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hpi-schul-cloud/infra-otc-cert-manager-webhook/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/hpi-schul-cloud/infra-otc-cert-manager-webhook/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/hpi-schul-cloud/infra-otc-cert-manager-webhook/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hpi-schul-cloud/infra-otc-cert-manager-webhook/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/hpi-schul-cloud/infra-otc-cert-manager-webhook/release.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:12","Warn: containerImage not pinned by hash: Dockerfile:18: pin your Docker image by updating alpine:3.20 to alpine:3.20@sha256:b3119ef930faabb6b7b976780c0c7a9c1aa24d0c75e9179ac10e6bc9ac080d0d","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 9 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3282 / GHSA-r4pg-vg54-wxx4","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T13:41:51.712Z","repository_id":64307417,"created_at":"2025-08-19T13:41:51.712Z","updated_at":"2025-08-19T13:41:51.712Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28534197,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cert-manager","cert-manager-webhook","letsencrypt","otc","telekom"],"created_at":"2026-01-18T09:54:55.679Z","updated_at":"2026-01-18T09:54:56.221Z","avatar_url":"https://github.com/hpi-schul-cloud.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Let's Encrypt ACME Webhook for the Open Telekom Cloud DNS (OTCDNS)\n\nThis project provides a cert-manager webhook for the [Open Telekom Cloud (OTC)](https://open-telekom-cloud.com/de) DNS. \n\nThis webhook is available on GitHub [hpi-schul-cloud /\ninfra-otc-cert-manager-webhook](https://github.com/hpi-schul-cloud/infra-otc-cert-manager-webhook). It is written in Go and uses the Go API of the OTC [gophertelekomcloud](https://github.com/opentelekomcloud/gophertelekomcloud). The gophertelekomcloud is part of the Open Telekom Cloud (T-Systems, Deutsche Telekom) project available on GitHub https://github.com/opentelekomcloud.\n\n## Requirements\n\n- [kubernetes](https://kubernetes.io/) \u003e= v1.18.0\n- [cert-manager](https://cert-manager.io/) \u003e= 1.14.5\n- [helm](https://helm.sh/) \u003e= v3.0.0\n\n## Configuration\n\nThe Helm chart for this project is located in the [deploy/infra-otc-cert-manager-webhook](deploy/infra-otc-cert-manager-webhook) directory.\n\nThe following table lists the configurable parameters of the infra-otc-cert-manager-webhook chart and their default values.\n\n| Parameter | Description | Default |\n| --------- | ----------- | ------- |\n| `groupName` | The groupName  is used to identify your company or business unit that created this webhook. For example, this may be \"acme.mycompany.com\". This name will need to be referenced in each Issuer's `webhook` stanza to inform cert-manager of where to send ChallengePayload resources in order to solve the DNS01 challenge. This group name should be **unique**, hence using your own company's domain here is recommended. | `infra-otc-cert-manager-webhook.hpi-schul-cloud.github.com` |\n| `credentialsSecretRef` | The name of secret where the credentials to access the OTCDNS are stored. | `otcdns-credentials` |\n| `certManager.namespace` | Namespace where cert-manager is deployed to. | `cert-manager` |\n| `certManager.serviceAccountName` | Service account of cert-manager installation. | `cert-manager` |\n| `image.repository` | Image repository | `schulcloud/infra-otc-cert-manager-webhook` |\n| `image.tag` | Image tag | `sha-6e4a13b` |\n| `image.pullPolicy` | Image pull policy | `IfNotPresent` |\n| `image.pullSecrets` | Image pull secrets | `[]` |\n| `nameOverride` | Override for the chartname | `` |\n| `fullnameOverride` | Override for the fullname of the chart | `` |\n| `loglevel` | Number for the log level verbosity of webhook. | 2 |\n| `service.type` | API service type | `ClusterIP` |\n| `service.port` | API service port | `443` |\n| `resources` | CPU/memory resource requests/limits | `{}` |\n| `nodeSelector` | Node labels for pod assignment | `{}` |\n| `affinity` | Node affinity for pod assignment | `{}` |\n| `tolerations` | Node tolerations for pod assignment | `[]` |\n| `properties.disableSecurityContext` | Disable security context for container | `false` |\n| `properties.runAsUser` | UID of user with which to run the container | `10000` |\n| `properties.runAsGroup` | GID of group with which to run the container | `10001` |\n| `properties.fsGroup` | GID of group which will own the mounted volumes | `10001` |\n| `properties.readOnlyRootFilesystem` | Sets filesystem to read-only | `false` |\n\n## Installation\n\n### cert-manager\n\nFollow the [instructions](https://cert-manager.io/docs/installation/) using the cert-manager documentation to install it within your cluster.\n\n### OTC Credentials\n\nTo access the OTC IAM and OTC DNS an access key and and a secret key (AK/SK) are needed. See [Automating the Open Telekom Cloud with APIs](https://open-telekom-cloud.com/en/support/tutorials/automating-opentelekomcloud-apis), chapter *API authentication*. The webhook will read this information to get access to the OTC. The user that provides the key must have grants to create and read DNS records.\n\nAn example file is provided in [_examples/secret-otcdns-credentials.yaml](_examples/secret-otcdns-credentials.yaml):\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: otcdns-credentials\n  namespace: cert-manager\ntype: Opaque\ndata:\n  accessKey: \"[OTCDNS ACCESSKEY BASE64]\"\n  secretKey: \"[OTCDNS SECRETKEY BASE64]\"\n```\n- Copy the example to another directory. Preferably ignored by Git (e.g. \"testdata\").\n- Replace the placeholders with the base64 encoded values of your OTC access user.\n- Apply the secret-otcdns-credentials.yaml to your Kubernetes installation.\n\n```kubectl apply -f secret-otcdns-credentials.yaml```\n\n### Webhook\n\nInstall the webhook\n\n```bash\nhelm repo add otcdnswebhook https://hpi-schul-cloud.github.io/infra-otc-cert-manager-webhook/\nhelm repo update\nhelm install --namespace cert-manager otcdns-release otcdnswebhook/infra-otc-cert-manager-webhook\n```\n\nTo uninstall run\n\n```bash\nhelm uninstall --namespace cert-manager otcdns-release\n```\n\n## Issuer\n\nWhen the cert-manager finds an Ingress annotation or Certificate resource it can handle, it will start the issuing process. Multiple issuers can coexist and each issuer can have multiple solvers that help to solve the challenges. This OTCDNS webhook can be configured as solver in a `ClusterIssuer` or `Issuer` resource. For more information, see [Issuing an ACME certificate using DNS validation](https://cert-manager.io/docs/tutorials/acme/dns-validation/#issuing-an-acme-certificate-using-dns-validation)\n\nExample files are provided in [_examples/clusterissuer-solver-dns01-webhook.yaml](_examples/clusterissuer-solver-dns01-webhook.yaml) and [_examples/clusterissuer-staging-solver-dns01-webhook.yaml](_examples/clusterissuer-staging-solver-dns01-webhook.yaml).\n\nThis is an example for Let's Encrypt staging:\n\n```yaml\napiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n  name: sc-cert-manager-clusterissuer-letsencrypt-staging-otcdns\nspec:\n  acme:\n    # The ACME server URL\n    server: https://acme-staging-v02.api.letsencrypt.org/directory\n\n    # Email address used for ACME registration\n    email: mail@example.com # REPLACE THIS WITH YOUR EMAIL!!!\n\n    # Name of a secret used to store the ACME account private key\n    privateKeySecretRef:\n      name: letsencrypt-staging-otcdms\n\n    solvers:\n      - dns01:\n          webhook:\n            groupName: infra-otc-cert-manager-webhook.hpi-schul-cloud.github.com\n            solverName: otcdns\n            config:\n              authURL: \"https://iam.eu-de.otc.t-systems.com:443/v3\"\n              region: \"eu-de\"\n              \n              # Only for local testing, if no secrets are available.\n              # accessKey: ACCESSKEY\n              # secretKey: SECRETKEY\n\n              accessKeySecretRef:\n                name: otcdns-credentials\n                key: accessKey\n              secretKeySecretRef:\n                name: otcdns-credentials\n                key: secretKey\n```\nThe groupName must match the groupName in the Helm chart configuration. The default value is set here and should usually be fine.\n\nThe commented out accessKey and secretKey entries are for local testing only. They shall be removed if used on Kubernetes.\n\naccessKeySecretRef.name and secretKeySecretRef.name point to the secret created above. This will give the webhook access to the OTC API.\n\n- Copy the example to another directory. Preferably ignored by Git (e.g. \"testdata\"). Use the staging or the prod yaml as template.\n- Usually it is necessary to edit the email field only. The other values should be fine as they are in the template.\n- Apply the edited [_examples/clusterissuer-solver-dns01-webhook.yaml](_examples/clusterissuer-solver-dns01-webhook.yaml) or [_examples/clusterissuer-staging-solver-dns01-webhook.yaml](_examples/clusterissuer-staging-solver-dns01-webhook.yaml) to your Kubernetes installation.\n\nThe cert-manager can now identify the installed OTCDNS webhook and forward the selected solver configuration to it.\n\n## Create a certificate\n\nTo trigger the certificate creation you can a) create a Certificate resource or b) define an Ingress annotation for the cert-manager. We use method a) here.\n\nExamples Certificate resources can be found here: [_examples/wildcard-certificate-examplesubdomain.yaml](_examples/wildcard-certificate-examplesubdomain.yaml) and [_examples/wildcard-certificate-staging-examplesubdomain.yaml](_examples/wildcard-certificate-staging-examplesubdomain.yaml)\n\n```yaml\napiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n  name: wildcard-certificate-staging-examplesubdomain\n  namespace: examplesubdomain\nspec:\n  # commonName: *.examplesubdomain.example.com\n  dnsNames:\n  - '*.examplesubdomain.example.com'\n  - '*.dev.examplesubdomain.example.com'\n  issuerRef:\n    kind: ClusterIssuer\n    name: sc-cert-manager-clusterissuer-letsencrypt-staging-otcdns\n  secretName: wildcard-certificate-staging-examplesubdomain-tls\n```\nThe dnsNames will appear as common name (the first one) and als subject alternative names in the issued certificate. You must be the legitimized owner of the domain.\n\nThe issuerRef.name must match the Issuer you want to use (see above).\n\nThe secretName is the name of the secret where the certificate given by the issuer is finally stored. This is the secret that must be configured in the Ingress of your application as tls.secretName, if you want to use the certificate.\n\n- Create the certificate yaml and upload it to Kubernetes\n\nThe cert-manager will detect it and start the issuing process. See [Troubleshooting a failed certificate request](https://cert-manager.io/docs/faq/troubleshooting/) to see how to track its state in detail.\n\n## Development\n\n### Requirements\n\n- [go](https://golang.org/) \u003e= 1.22.3\n\n### Configure the tests\n\n#### clouds.yaml\n\nThere is an example clouds.yaml configuration in [_examples/clouds.yaml](_examples/clouds.yaml). The clouds.yaml is part of the Openstack Telekom configuration.\n\n- Copy it to ~/.config/openstack/\n- Add the OTC credentials you want to use for testing.\n\nThere are tests that have no credential input parameters. These use the local clouds.yaml config (EnvOS). E.g. all tests that call NewDNSV2Client, will behave that way.\n\n#### config.json\n\nThere is an example config.json in [_examples/config.json](_examples/config.json)\n\n- Copy it to [testdata/otcdns/manifests/](testdata/otcdns/manifests/)\n- Configure the OTC credentials in the accessKey and secretKey variables.\n\nNote that the ...secretRef cannot be used in a local context. For local tests use \"accessKey\" and \"secretKey\". In Kubernetes use the \"...SecretRef\" entries.\n\nThe config.json is used in tests that have credentials as input parameters. E.g. all tests that call NewDNSV2Client**WithAuth** and especially the conformance test in main_test.go.\n\n### Run the tests\n\n#### Makefile\n\nRun \"make\" to download kubebuilder into _test/kubebuilder/bin and to run the main testsuite.\n\n```bash\nmake\n```\n\nWhen the credentials are configured as described above, the tests shall immediatly succeed.\n\nThe tests you just ran using the makefile are described in the next two chapters.\n\nOptional: Run \"make rendered-manifest.yaml\" to render the Helmchart into the \"_out\" directory. This give you an impression about the Kubernetes configuration.\n\nOptional: Run \"make build\" to locally build the Docker container.\n\nNote that a docker image of the Webhook application is not needed for running tests. The source code is sufficient.\n\n#### OTC DNS Client Tests\n\nThe test functionality concerning the OTC API is in [otcdns/client_test.go](otcdns/client_test.go).\n\nAs of today a valid OTC setup is needed. This means you need a local ~/.config/openstack/clouds.yaml. The clouds.yaml must contain a profile \"otcaksk\" and \"otcuser\" (see config.go \u003e otcProfileName). More details can be found here [Telekom - Open Telekom Cloud extensions Python configuration](https://python-otcextensions.readthedocs.io/en/latest/install/configuration.html). There is an example clouds.yaml in the [_examples/clouds.yaml](_examples/clouds.yaml) directory.\n\nTo run all OTC DNS Client tests from the command line:\n\n```bash\ncd otcdns\ngo test -v .\n```    \n\n#### Cert-Manager Solver Tests\n\nThe solver tests are located in main_test.go.\n\nThe solver tests rely on the kubebuilder binaries. They are installed by the first target in the Makefile.\n\n- cd into the main project directory where the Makefile is and run make:\n\n```bash\nmake\n```\n\nThis will install the kubebuilder testenvironment and run the cert-manager solver testsuite tests within it.\n\nIf the kubebuilder is already installed, you can run\n```bash\ngo test -v .\n```\ninstead.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhpi-schul-cloud%2Finfra-otc-cert-manager-webhook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhpi-schul-cloud%2Finfra-otc-cert-manager-webhook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhpi-schul-cloud%2Finfra-otc-cert-manager-webhook/lists"}