add cli validation test

- and pass in all the vars
nebari-dev · Feb 11, 2025 · 09e2b3f · 09e2b3f
1 parent a550063
commit 09e2b3f
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 3 deletions.
diff --git a/src/_nebari/stages/kubernetes_ingress/__init__.py b/src/_nebari/stages/kubernetes_ingress/__init__.py
@@ -137,7 +137,7 @@ class Certificate(schema.Base):
     # lets-encrypt
     acme_email: Optional[str] = None
     acme_server: str = "https://acme-v02.api.letsencrypt.org/directory"
-    acme_challenge_type: Optional[str] = AcmeChallengeType.dns.value
+    acme_challenge_type: Optional[str] = AcmeChallengeType.tls.value
 
 
 class DnsProvider(schema.Base):
@@ -202,6 +202,11 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]):
                     "Environment variables 'CLOUDFLARE_DNS_API_TOKEN' and 'CLOUDFLARE_EMAIL' "
                     "must be set for DNS challenge type ('acme_challenge_type: dns')"
                 )
+            else:
+                cert_details["cloudflare-dns-api-token"] = os.environ.get(
+                    "CLOUDFLARE_DNS_API_TOKEN"
+                )
+                cert_details["cloudflare-email"] = os.environ.get("CLOUDFLARE_EMAIL")
         return {
             **{
                 "traefik-image": {

diff --git a/src/_nebari/stages/kubernetes_ingress/template/main.tf b/src/_nebari/stages/kubernetes_ingress/template/main.tf
@@ -10,6 +10,9 @@ module "kubernetes-ingress" {
   certificate-service       = var.certificate-service
   acme-email                = var.acme-email
   acme-server               = var.acme-server
+  acme-challenge-type       = var.acme-challenge-type
+  cloudflare-email          = var.cloudflare-email
+  cloudflare-dns-api-token  = var.cloudflare-dns-api-token
   certificate-secret-name   = var.certificate-secret-name
   load-balancer-annotations = var.load-balancer-annotations
   load-balancer-ip          = var.load-balancer-ip

diff --git a/src/_nebari/stages/kubernetes_ingress/template/modules/kubernetes/ingress/main.tf b/src/_nebari/stages/kubernetes_ingress/template/modules/kubernetes/ingress/main.tf
@@ -15,14 +15,14 @@ locals {
     ]
   }
   # for dns challenge, we need to set the cloudflare env vars
-  cloudflare_env_vars = var.acme_challenge_type == "dns" ? [
+  cloudflare_env_vars = var.acme-challenge-type == "dns" ? [
     {
       name  = "CLOUDFLARE_EMAIL"
       value = var.cloudflare-email
     },
     {
       name  = "CLOUDFLARE_DNS_API_TOKEN"
-      value = var.cloudflare_dns_api_token
+      value = var.cloudflare-dns-api-token
     }
   ] : []
   certificate-settings = {

diff --git a/src/_nebari/stages/kubernetes_ingress/template/variables.tf b/src/_nebari/stages/kubernetes_ingress/template/variables.tf
@@ -37,6 +37,24 @@ variable "acme-server" {
   default = "https://acme-staging-v02.api.letsencrypt.org/directory"
 }
 
+variable "acme-challenge-type" {
+  # https://letsencrypt.org/docs/challenge-types
+  description = "ACME challenge type, 'tls' or 'dns'"
+  default     = "tls"
+}
+
+variable "cloudflare-email" {
+  # https://go-acme.github.io/lego/dns/cloudflare/
+  description = "Cloudflare email"
+  default     = null
+}
+
+variable "cloudflare-dns-api-token" {
+  # https://go-acme.github.io/lego/dns/cloudflare/
+  description = "Cloudflare dns api token for DNS challenge"
+  default     = null
+}
+
 variable "certificate-secret-name" {
   description = "Kubernetes secret used for certificate"
   default     = ""

diff --git a/tests/tests_unit/cli_validate/min.happy.certificate.yaml b/tests/tests_unit/cli_validate/min.happy.certificate.yaml
@@ -0,0 +1,6 @@
+project_name: test
+certificate:
+  type: lets-encrypt
+  acme_email: [email protected]
+  acme_server: https://acme-v02.api.letsencrypt.org/directory
+  acme_challenge_type: dns