commit
b7b05e88db
5 changed files with 267 additions and 0 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,3 +1,4 @@
|
|||
lego.exe
|
||||
lego
|
||||
.lego
|
||||
.idea
|
||||
|
|
1
cli.go
1
cli.go
|
@ -196,6 +196,7 @@ Here is an example bash command using the CloudFlare DNS provider:
|
|||
fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION")
|
||||
fmt.Fprintln(w, "\tdyn:\tDYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD")
|
||||
fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY")
|
||||
fmt.Fprintln(w, "\tovh:\tOVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY")
|
||||
w.Flush()
|
||||
|
||||
fmt.Println(`
|
||||
|
|
|
@ -21,6 +21,7 @@ import (
|
|||
"github.com/xenolf/lego/providers/dns/gandi"
|
||||
"github.com/xenolf/lego/providers/dns/googlecloud"
|
||||
"github.com/xenolf/lego/providers/dns/namecheap"
|
||||
"github.com/xenolf/lego/providers/dns/ovh"
|
||||
"github.com/xenolf/lego/providers/dns/rfc2136"
|
||||
"github.com/xenolf/lego/providers/dns/route53"
|
||||
"github.com/xenolf/lego/providers/dns/vultr"
|
||||
|
@ -123,6 +124,8 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
|
|||
provider, err = rfc2136.NewDNSProvider()
|
||||
case "vultr":
|
||||
provider, err = vultr.NewDNSProvider()
|
||||
case "ovh":
|
||||
provider, err = ovh.NewDNSProvider()
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
|
|
159
providers/dns/ovh/ovh.go
Normal file
159
providers/dns/ovh/ovh.go
Normal file
|
@ -0,0 +1,159 @@
|
|||
// Package OVH implements a DNS provider for solving the DNS-01
|
||||
// challenge using OVH DNS.
|
||||
package ovh
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/ovh/go-ovh/ovh"
|
||||
"github.com/xenolf/lego/acme"
|
||||
)
|
||||
|
||||
// OVH API reference: https://eu.api.ovh.com/
|
||||
// Create a Token: https://eu.api.ovh.com/createToken/
|
||||
|
||||
// DNSProvider is an implementation of the acme.ChallengeProvider interface
|
||||
// that uses OVH's REST API to manage TXT records for a domain.
|
||||
type DNSProvider struct {
|
||||
client *ovh.Client
|
||||
recordIDs map[string]int
|
||||
recordIDsMu sync.Mutex
|
||||
}
|
||||
|
||||
// NewDNSProvider returns a DNSProvider instance configured for OVH
|
||||
// Credentials must be passed in the environment variable:
|
||||
// OVH_ENDPOINT : it must be ovh-eu or ovh-ca
|
||||
// OVH_APPLICATION_KEY
|
||||
// OVH_APPLICATION_SECRET
|
||||
// OVH_CONSUMER_KEY
|
||||
func NewDNSProvider() (*DNSProvider, error) {
|
||||
apiEndpoint := os.Getenv("OVH_ENDPOINT")
|
||||
applicationKey := os.Getenv("OVH_APPLICATION_KEY")
|
||||
applicationSecret := os.Getenv("OVH_APPLICATION_SECRET")
|
||||
consumerKey := os.Getenv("OVH_CONSUMER_KEY")
|
||||
return NewDNSProviderCredentials(apiEndpoint, applicationKey, applicationSecret, consumerKey)
|
||||
}
|
||||
|
||||
// NewDNSProviderCredentials uses the supplied credentials to return a
|
||||
// DNSProvider instance configured for OVH.
|
||||
func NewDNSProviderCredentials(apiEndpoint, applicationKey, applicationSecret, consumerKey string) (*DNSProvider, error) {
|
||||
if apiEndpoint == "" || applicationKey == "" || applicationSecret == "" || consumerKey == "" {
|
||||
return nil, fmt.Errorf("OVH credentials missing")
|
||||
}
|
||||
|
||||
ovhClient, _ := ovh.NewClient(
|
||||
apiEndpoint,
|
||||
applicationKey,
|
||||
applicationSecret,
|
||||
consumerKey,
|
||||
)
|
||||
|
||||
return &DNSProvider{
|
||||
client: ovhClient,
|
||||
recordIDs: make(map[string]int),
|
||||
}, nil
|
||||
}
|
||||
|
||||
// Present creates a TXT record to fulfil the dns-01 challenge.
|
||||
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||
|
||||
// txtRecordRequest represents the request body to DO's API to make a TXT record
|
||||
type txtRecordRequest struct {
|
||||
FieldType string `json:"fieldType"`
|
||||
SubDomain string `json:"subDomain"`
|
||||
Target string `json:"target"`
|
||||
TTL int `json:"ttl"`
|
||||
}
|
||||
|
||||
// txtRecordResponse represents a response from DO's API after making a TXT record
|
||||
type txtRecordResponse struct {
|
||||
ID int `json:"id"`
|
||||
FieldType string `json:"fieldType"`
|
||||
SubDomain string `json:"subDomain"`
|
||||
Target string `json:"target"`
|
||||
TTL int `json:"ttl"`
|
||||
Zone string `json:"zone"`
|
||||
}
|
||||
|
||||
fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
|
||||
|
||||
// Parse domain name
|
||||
authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
|
||||
}
|
||||
|
||||
authZone = acme.UnFqdn(authZone)
|
||||
subDomain := d.extractRecordName(fqdn, authZone)
|
||||
|
||||
reqURL := fmt.Sprintf("/domain/zone/%s/record", authZone)
|
||||
reqData := txtRecordRequest{FieldType: "TXT", SubDomain: subDomain, Target: value, TTL: ttl}
|
||||
var respData txtRecordResponse
|
||||
|
||||
// Create TXT record
|
||||
err = d.client.Post(reqURL, reqData, &respData)
|
||||
if err != nil {
|
||||
fmt.Printf("Error when call OVH api to add record : %q \n", err)
|
||||
return err
|
||||
}
|
||||
|
||||
// Apply the change
|
||||
reqURL = fmt.Sprintf("/domain/zone/%s/refresh", authZone)
|
||||
err = d.client.Post(reqURL, nil, nil)
|
||||
if err != nil {
|
||||
fmt.Printf("Error when call OVH api to refresh zone : %q \n", err)
|
||||
return err
|
||||
}
|
||||
|
||||
d.recordIDsMu.Lock()
|
||||
d.recordIDs[fqdn] = respData.ID
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// CleanUp removes the TXT record matching the specified parameters
|
||||
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
|
||||
|
||||
// get the record's unique ID from when we created it
|
||||
d.recordIDsMu.Lock()
|
||||
recordID, ok := d.recordIDs[fqdn]
|
||||
d.recordIDsMu.Unlock()
|
||||
if !ok {
|
||||
return fmt.Errorf("unknown record ID for '%s'", fqdn)
|
||||
}
|
||||
|
||||
authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
|
||||
}
|
||||
|
||||
authZone = acme.UnFqdn(authZone)
|
||||
|
||||
reqURL := fmt.Sprintf("/domain/zone/%s/record/%d", authZone, recordID)
|
||||
|
||||
err = d.client.Delete(reqURL, nil)
|
||||
if err != nil {
|
||||
fmt.Printf("Error when call OVH api to delete challenge record : %q \n", err)
|
||||
return err
|
||||
}
|
||||
|
||||
// Delete record ID from map
|
||||
d.recordIDsMu.Lock()
|
||||
delete(d.recordIDs, fqdn)
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
|
||||
name := acme.UnFqdn(fqdn)
|
||||
if idx := strings.Index(name, "."+domain); idx != -1 {
|
||||
return name[:idx]
|
||||
}
|
||||
return name
|
||||
}
|
103
providers/dns/ovh/ovh_test.go
Normal file
103
providers/dns/ovh/ovh_test.go
Normal file
|
@ -0,0 +1,103 @@
|
|||
package ovh
|
||||
|
||||
import (
|
||||
"os"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
var (
|
||||
liveTest bool
|
||||
apiEndpoint string
|
||||
applicationKey string
|
||||
applicationSecret string
|
||||
consumerKey string
|
||||
domain string
|
||||
)
|
||||
|
||||
func init() {
|
||||
apiEndpoint = os.Getenv("OVH_ENDPOINT")
|
||||
applicationKey = os.Getenv("OVH_APPLICATION_KEY")
|
||||
applicationSecret = os.Getenv("OVH_APPLICATION_SECRET")
|
||||
consumerKey = os.Getenv("OVH_CONSUMER_KEY")
|
||||
liveTest = len(apiEndpoint) > 0 && len(applicationKey) > 0 && len(applicationSecret) > 0 && len(consumerKey) > 0
|
||||
}
|
||||
|
||||
func restoreEnv() {
|
||||
os.Setenv("OVH_ENDPOINT", apiEndpoint)
|
||||
os.Setenv("OVH_APPLICATION_KEY", applicationKey)
|
||||
os.Setenv("OVH_APPLICATION_SECRET", applicationSecret)
|
||||
os.Setenv("OVH_CONSUMER_KEY", consumerKey)
|
||||
}
|
||||
|
||||
func TestNewDNSProviderValidEnv(t *testing.T) {
|
||||
os.Setenv("OVH_ENDPOINT", "ovh-eu")
|
||||
os.Setenv("OVH_APPLICATION_KEY", "1234")
|
||||
os.Setenv("OVH_APPLICATION_SECRET", "5678")
|
||||
os.Setenv("OVH_CONSUMER_KEY", "abcde")
|
||||
defer restoreEnv()
|
||||
_, err := NewDNSProvider()
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
func TestNewDNSProviderMissingCredErr(t *testing.T) {
|
||||
os.Setenv("OVH_ENDPOINT", "")
|
||||
os.Setenv("OVH_APPLICATION_KEY", "1234")
|
||||
os.Setenv("OVH_APPLICATION_SECRET", "5678")
|
||||
os.Setenv("OVH_CONSUMER_KEY", "abcde")
|
||||
defer restoreEnv()
|
||||
_, err := NewDNSProvider()
|
||||
assert.EqualError(t, err, "OVH credentials missing")
|
||||
|
||||
os.Setenv("OVH_ENDPOINT", "ovh-eu")
|
||||
os.Setenv("OVH_APPLICATION_KEY", "")
|
||||
os.Setenv("OVH_APPLICATION_SECRET", "5678")
|
||||
os.Setenv("OVH_CONSUMER_KEY", "abcde")
|
||||
defer restoreEnv()
|
||||
_, err = NewDNSProvider()
|
||||
assert.EqualError(t, err, "OVH credentials missing")
|
||||
|
||||
os.Setenv("OVH_ENDPOINT", "ovh-eu")
|
||||
os.Setenv("OVH_APPLICATION_KEY", "1234")
|
||||
os.Setenv("OVH_APPLICATION_SECRET", "")
|
||||
os.Setenv("OVH_CONSUMER_KEY", "abcde")
|
||||
defer restoreEnv()
|
||||
_, err = NewDNSProvider()
|
||||
assert.EqualError(t, err, "OVH credentials missing")
|
||||
|
||||
os.Setenv("OVH_ENDPOINT", "ovh-eu")
|
||||
os.Setenv("OVH_APPLICATION_KEY", "1234")
|
||||
os.Setenv("OVH_APPLICATION_SECRET", "5678")
|
||||
os.Setenv("OVH_CONSUMER_KEY", "")
|
||||
defer restoreEnv()
|
||||
_, err = NewDNSProvider()
|
||||
assert.EqualError(t, err, "OVH credentials missing")
|
||||
}
|
||||
|
||||
func TestLivePresent(t *testing.T) {
|
||||
if !liveTest {
|
||||
t.Skip("skipping live test")
|
||||
}
|
||||
|
||||
provider, err := NewDNSProvider()
|
||||
assert.NoError(t, err)
|
||||
|
||||
err = provider.Present(domain, "", "123d==")
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
func TestLiveCleanUp(t *testing.T) {
|
||||
if !liveTest {
|
||||
t.Skip("skipping live test")
|
||||
}
|
||||
|
||||
time.Sleep(time.Second * 1)
|
||||
|
||||
provider, err := NewDNSProvider()
|
||||
assert.NoError(t, err)
|
||||
|
||||
err = provider.CleanUp(domain, "", "123d==")
|
||||
assert.NoError(t, err)
|
||||
}
|
Loading…
Reference in a new issue