From b7fa41f43f97dc6c005e74c4de3cbd06fee92481 Mon Sep 17 00:00:00 2001
From: Richard Cox <rcox@netskope.com>
Date: Wed, 20 Jul 2022 15:31:56 -0700
Subject: [PATCH 1/3] configurable DNS servers

---
 deploy/cert-manager-webhook-ns1/Chart.yaml          |  2 +-
 .../templates/deployment.yaml                       |  4 ++++
 deploy/cert-manager-webhook-ns1/values.yaml         |  7 +++++++
 main.go                                             | 13 ++++++++++---
 4 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/deploy/cert-manager-webhook-ns1/Chart.yaml b/deploy/cert-manager-webhook-ns1/Chart.yaml
index 7921146..842a83a 100644
--- a/deploy/cert-manager-webhook-ns1/Chart.yaml
+++ b/deploy/cert-manager-webhook-ns1/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "v0.1.0"
 description: NS1 Webhook for Cert Manager
 name: cert-manager-webhook-ns1
-version: 0.4.2
+version: 0.4.3
diff --git a/deploy/cert-manager-webhook-ns1/templates/deployment.yaml b/deploy/cert-manager-webhook-ns1/templates/deployment.yaml
index d3cd733..cfb5f5f 100644
--- a/deploy/cert-manager-webhook-ns1/templates/deployment.yaml
+++ b/deploy/cert-manager-webhook-ns1/templates/deployment.yaml
@@ -34,6 +34,10 @@ spec:
           env:
             - name: GROUP_NAME
               value: {{ .Values.groupName | quote }}
+            {{- if .Values.nameservers }}
+            - name: NAMESERVERS
+              value: {{ join "," .Values.nameservers }}
+            {{- end }}
           ports:
             - name: https
               containerPort: {{ .Values.containerPort }}
diff --git a/deploy/cert-manager-webhook-ns1/values.yaml b/deploy/cert-manager-webhook-ns1/values.yaml
index e55d23b..eb5612e 100644
--- a/deploy/cert-manager-webhook-ns1/values.yaml
+++ b/deploy/cert-manager-webhook-ns1/values.yaml
@@ -6,6 +6,13 @@
 # Users should not generally need to edit the groupName.
 groupName: acme.nsone.net
 
+# Nameservers is used to force the webhook to use specific name servers.
+# This is useful when you have a split DNS service that might return
+# SOA records internally that don't exist in NSOne.
+nameservers:
+  #- 8.8.8.8
+  #- 1.1.1.1
+
 certManager:
   namespace: cert-manager
   serviceAccountName: cert-manager
diff --git a/main.go b/main.go
index 61c6d54..ec8f021 100644
--- a/main.go
+++ b/main.go
@@ -24,12 +24,19 @@ import (
 )
 
 var groupName = os.Getenv("GROUP_NAME")
+var nameservers []string
 
 func main() {
 	if groupName == "" {
 		panic("GROUP_NAME must be specified")
 	}
 
+	if os.Getenv("RECURSIVE_NAMESERVERS") != "" {
+		nameservers = strings.Split(os.Getenv("NAMESERVERS"), ",")
+	} else {
+		nameservers = util.RecursiveNameservers
+	}
+
 	// This will register our NS1 DNS provider with the webhook serving
 	// library, making it available as an API under the provided groupName.
 	cmd.RunWebhookServer(groupName,
@@ -98,7 +105,7 @@ func (c *ns1DNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
 
 	_, err = c.ns1Client.Records.Create(record)
 	if err != nil {
-	  if err != ns1API.ErrRecordExists {
+		if err != ns1API.ErrRecordExists {
 			return err
 		}
 	}
@@ -227,13 +234,13 @@ func (c *ns1DNSProviderSolver) parseChallenge(ch *v1alpha1.ChallengeRequest) (
 ) {
 
 	if zone, err = util.FindZoneByFqdn(
-		ch.ResolvedFQDN, util.RecursiveNameservers,
+		ch.ResolvedFQDN, nameservers,
 	); err != nil {
 		return "", "", err
 	}
 	zone = util.UnFqdn(zone)
 
-	if idx := strings.Index(ch.ResolvedFQDN, "." + ch.ResolvedZone); idx != -1 {
+	if idx := strings.Index(ch.ResolvedFQDN, "."+ch.ResolvedZone); idx != -1 {
 		domain = ch.ResolvedFQDN[:idx]
 	} else {
 		domain = util.UnFqdn(ch.ResolvedFQDN)

From 1aeddfd31d629ee6720f4ae32fd9ccca9d3646c8 Mon Sep 17 00:00:00 2001
From: Richard Cox <rcox@netskope.com>
Date: Wed, 20 Jul 2022 15:50:24 -0700
Subject: [PATCH 2/3] fix helm example

---
 deploy/cert-manager-webhook-ns1/values.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy/cert-manager-webhook-ns1/values.yaml b/deploy/cert-manager-webhook-ns1/values.yaml
index eb5612e..7512314 100644
--- a/deploy/cert-manager-webhook-ns1/values.yaml
+++ b/deploy/cert-manager-webhook-ns1/values.yaml
@@ -10,8 +10,8 @@ groupName: acme.nsone.net
 # This is useful when you have a split DNS service that might return
 # SOA records internally that don't exist in NSOne.
 nameservers:
-  #- 8.8.8.8
-  #- 1.1.1.1
+  #- 8.8.8.8:53
+  #- 1.1.1.1:53
 
 certManager:
   namespace: cert-manager

From 555797633349b968fe5e27f664b51db4bc625d46 Mon Sep 17 00:00:00 2001
From: Richard Cox <rcox@netskope.com>
Date: Wed, 20 Jul 2022 17:23:49 -0700
Subject: [PATCH 3/3] type in nameservers enviorment name

---
 main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.go b/main.go
index ec8f021..c15af02 100644
--- a/main.go
+++ b/main.go
@@ -31,7 +31,7 @@ func main() {
 		panic("GROUP_NAME must be specified")
 	}
 
-	if os.Getenv("RECURSIVE_NAMESERVERS") != "" {
+	if os.Getenv("NAMESERVERS") != "" {
 		nameservers = strings.Split(os.Getenv("NAMESERVERS"), ",")
 	} else {
 		nameservers = util.RecursiveNameservers