add logging and adjust readme

Author: Patrick Koss

Makefile

@@ -1,4 +1,4 @@
-GOLANGCI_VERSION = 1.53.3
+GOLANGCI_VERSION = 1.58.1
 LICENCES_IGNORE_LIST = $(shell cat licenses/licenses-ignore-list.txt)
 
 VERSION ?= 0.0.1

README.md

@@ -1,4 +1,5 @@
 # STACKIT Webhook Integration for Cert Manager
+
 [![GoTemplate](https://img.shields.io/badge/go/template-black?logo=go)](https://github.com/golang-standards/project-layout)
 [![Go](https://img.shields.io/badge/go-1.21.0-blue?logo=go)](https://golang.org/)
 [![Helm](https://img.shields.io/badge/helm-3.12.3-blue?logo=helm)](https://helm.sh/)
@@ -8,18 +9,20 @@
 [![CI](https://github.com/stackitcloud/stackit-cert-manager-webhook/actions/workflows/main.yml/badge.svg)](https://github.com/stackitcloud/stackit-cert-manager-webhook/actions/workflows/main.yml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/stackitcloud/stackit-cert-manager-webhook)](https://goreportcard.com/report/github.com/stackitcloud/stackit-cert-manager-webhook)
 
-Facilitate a webhook integration for leveraging the STACKIT DNS alongside 
-its [API](https://docs.api.stackit.cloud/documentation/dns/version/v1) to act as a DNS01 
+Facilitate a webhook integration for leveraging the STACKIT DNS alongside
+its [API](https://docs.api.stackit.cloud/documentation/dns/version/v1) to act as a DNS01
 ACME Issuer with [cert-manager](https://cert-manager.io/docs/).
 
 ## Installation
+
 ```bash
 helm install stackit-cert-manager-webhook \
   --namespace cert-manager \
   https://github.com/stackitcloud/stackit-cert-manager-webhook/releases/download/v0.1.2/stackit-cert-manager-webhook-v0.1.2.tgz
 ```
 
 ## Usage
+
 1. ***Initiation of STACKIT Authentication Token Secret:***
     ```bash
     kubectl create secret generic stackit-cert-manager-webhook \
@@ -47,7 +50,7 @@ helm install stackit-cert-manager-webhook \
       }
     }'
     ```
-     You now need to adjust the deployment via helm to use the secret:
+   You now need to adjust the deployment via helm to use the secret:
     ```bash
     helm upgrade stackit-cert-manager-webhook \
       --namespace cert-manager \
@@ -56,7 +59,7 @@ helm install stackit-cert-manager-webhook \
     ```
 
 2. ***Configuration of ClusterIssuer/Issuer:***   
-For scenarios wherein zones and record sets are encapsulated within a singular project, utilize a ClusterIssuer:
+   For scenarios wherein zones and record sets are encapsulated within a singular project, utilize a ClusterIssuer:
     ```yaml
     apiVersion: cert-manager.io/v1
     kind: ClusterIssuer
@@ -77,9 +80,9 @@ For scenarios wherein zones and record sets are encapsulated within a singular p
                 projectId: <STACKIT PROJECT ID>
     ```
 
-    For diverse project architectures where zones are spread across varying projects, necessitating distinct 
-    authentication tokens per project, the Issuer configuration becomes pertinent. This approach inherently 
-    tethers namespaces to individual projects.
+   For diverse project architectures where zones are spread across varying projects, necessitating distinct
+   authentication tokens per project, the Issuer configuration becomes pertinent. This approach inherently
+   tethers namespaces to individual projects.
     ```bash
     kubectl create secret generic stackit-cert-manager-webhook \
       --namespace=default \
@@ -106,11 +109,11 @@ For scenarios wherein zones and record sets are encapsulated within a singular p
                 projectId: <STACKIT PROJECT ID>
                 authTokenSecretNamespace: default
     ```
-    *Note:* Ensure the creation of an authentication token secret within the namespace linked to the issuer. 
-    The secret must be vested with permissions to access zones in the stipulated project configuration.
+   *Note:* Ensure the creation of an authentication token secret within the namespace linked to the issuer.
+   The secret must be vested with permissions to access zones in the stipulated project configuration.
 3. ***Demonstration of Ingress Integration with Wildcard SSL/TLS Certificate Generation***   
-Given the preceding configuration, it is possible to exploit the capabilities of the Issuer or ClusterIssuer to 
-dynamically produce wildcard SSL/TLS certificates in the following manner:
+   Given the preceding configuration, it is possible to exploit the capabilities of the Issuer or ClusterIssuer to
+   dynamically produce wildcard SSL/TLS certificates in the following manner:
     ```yaml
     apiVersion: cert-manager.io/v1
     kind: Certificate
@@ -154,7 +157,46 @@ dynamically produce wildcard SSL/TLS certificates in the following manner:
           secretName: wildcard-example-tls
     ```
 
+## Config Options
+
+The following table delineates the configuration options available for the STACKIT Cert Manager Webhook:
+
+```yaml
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+  namespace: default
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: example@example.com # Replace this with your email address
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+      - dns01:
+        webhook:
+          solverName: stackit
+          groupName: acme.stackit.de
+          config:
+            projectId: string
+            apiBasePath: string
+            authTokenSecretRef: string
+            authTokenSecretKey: string
+            authTokenSecretNamespace: string
+            serviceAccountKeyPath: string
+```
+
+- projectId: The unique identifier for the STACKIT project.
+- apiBasePath: The base path for the STACKIT DNS API. (Default: https://dns.api.stackit.cloud)
+- authTokenSecretRef: The reference to the secret containing the STACKIT authentication token. (Default:
+  stackit-cert-manager-webhook)
+- authTokenSecretKey: The key within the secret containing the STACKIT authentication token. (Default: auth-token)
+- authTokenSecretNamespace: The namespace of the secret containing the STACKIT authentication token. (Default: cert-manager)
+- serviceAccountKeyPath: The path to the service account key file. The file must be mounted into the container.
+
 ## Test Procedures
+
 - Unit Testing:
     ```bash
     make test
@@ -171,21 +213,25 @@ dynamically produce wildcard SSL/TLS certificates in the following manner:
     ```
 
 - End-to-End Testing Workflow:  
-Follow the comprehensive guide available [here](e2e_test/README.md).
+  Follow the comprehensive guide available [here](e2e_test/README.md).
 
 ## Release Process Overview
-Our release pipeline leverages goreleaser for the generation and publishing of release assets. 
+
+Our release pipeline leverages goreleaser for the generation and publishing of release assets.
 This sophisticated approach ensures the streamlined delivery of:
+
 - Pre-compiled binaries tailored for various platforms.
 - Docker images optimized for production readiness.
 
-However, one should be cognizant of the fact that goreleaser doesn't inherently support Helm chart distributions 
-as part of its conventional workflow. Historically, the incorporation of Helm charts into our releases demanded manual 
-intervention. Post the foundational release generation via goreleaser, the Helm chart was affixed as an asset through 
+However, one should be cognizant of the fact that goreleaser doesn't inherently support Helm chart distributions
+as part of its conventional workflow. Historically, the incorporation of Helm charts into our releases demanded manual
+intervention. Post the foundational release generation via goreleaser, the Helm chart was affixed as an asset through
 manual processes.    
 For those interested in the Helm chart creation mechanics, the process was facilitated via the command:
+
 ```bash
 helm package deploy/stackit
 ```
-To release a new version of the Helm chart, one must meticulously update the version delineation in the 
+
+To release a new version of the Helm chart, one must meticulously update the version delineation in the
 [Chart.yaml](./deploy/stackit/Chart.yaml). Post this modification, initiate a new release to encompass these changes.

internal/resolver/config_test.go

@@ -137,7 +137,6 @@ func TestDefaultConfigProvider_LoadConfigNamespaceFile(t *testing.T) {
 	})
 }
 
-//nolint:paralleltest // changing env may lead to data races in parallel testing
 func TestGetRepositoryConfig_WithSaKeyPath(t *testing.T) {
 	saKeyPath := "/path/to/sa/key"
 
@@ -161,8 +160,6 @@ func TestGetRepositoryConfig_WithSaKeyPath(t *testing.T) {
 	require.Equal(t, saKeyPath, config.SaKeyPath)
 	require.True(t, config.UseSaKey)
 }
-
-//nolint:paralleltest // changing env may lead to data races in parallel testing
 func TestGetRepositoryConfig_NoEnvSet(t *testing.T) {
 	oldAuthToken := stackitAuthToken
 	stackitAuthToken = "token" // global variable from resolver.go

internal/resolver/resolver.go

@@ -224,12 +224,14 @@ func (s *stackitDnsProviderResolver) getRepositoryConfig(cfg *StackitDnsProvider
 	case s.checkUseSaAuthentication(cfg):
 		config.SaKeyPath = s.getSaKeyPath(cfg)
 		config.UseSaKey = true
+		s.logger.Info("Using service account key for authentication", zap.String("saKeyPath", config.SaKeyPath))
 	default:
 		authToken, err := s.getAuthToken(cfg)
 		if err != nil {
 			return repository.Config{}, err
 		}
 		config.AuthToken = authToken
+		s.logger.Info("Using auth token for authentication")
 	}
 
 	return config, nil