regru: client certificate support (#2050)

Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
This commit is contained in:
Alexander Kazarin 2023-11-10 04:15:33 +03:00 committed by GitHub
parent d51b5e408b
commit cab8e1f556
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 0 deletions

View file

@ -2184,6 +2184,8 @@ func displayDNSHelp(w io.Writer, name string) error {
ew.writeln(` - "REGRU_HTTP_TIMEOUT": API request timeout`) ew.writeln(` - "REGRU_HTTP_TIMEOUT": API request timeout`)
ew.writeln(` - "REGRU_POLLING_INTERVAL": Time between DNS propagation check`) ew.writeln(` - "REGRU_POLLING_INTERVAL": Time between DNS propagation check`)
ew.writeln(` - "REGRU_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`) ew.writeln(` - "REGRU_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`)
ew.writeln(` - "REGRU_TLS_CERT": authentication certificate`)
ew.writeln(` - "REGRU_TLS_KEY": authentication private key`)
ew.writeln(` - "REGRU_TTL": The TTL of the TXT record used for the DNS challenge`) ew.writeln(` - "REGRU_TTL": The TTL of the TXT record used for the DNS challenge`)
ew.writeln() ew.writeln()

View file

@ -52,6 +52,8 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
| `REGRU_HTTP_TIMEOUT` | API request timeout | | `REGRU_HTTP_TIMEOUT` | API request timeout |
| `REGRU_POLLING_INTERVAL` | Time between DNS propagation check | | `REGRU_POLLING_INTERVAL` | Time between DNS propagation check |
| `REGRU_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation | | `REGRU_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
| `REGRU_TLS_CERT` | authentication certificate |
| `REGRU_TLS_KEY` | authentication private key |
| `REGRU_TTL` | The TTL of the TXT record used for the DNS challenge | | `REGRU_TTL` | The TTL of the TXT record used for the DNS challenge |
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.

View file

@ -3,6 +3,7 @@ package regru
import ( import (
"context" "context"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"net/http" "net/http"
@ -19,6 +20,8 @@ const (
EnvUsername = envNamespace + "USERNAME" EnvUsername = envNamespace + "USERNAME"
EnvPassword = envNamespace + "PASSWORD" EnvPassword = envNamespace + "PASSWORD"
EnvTLSCert = envNamespace + "TLS_CERT"
EnvTLSKey = envNamespace + "TLS_KEY"
EnvTTL = envNamespace + "TTL" EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT" EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@ -30,6 +33,8 @@ const (
type Config struct { type Config struct {
Username string Username string
Password string Password string
TLSCert string
TLSKey string
PropagationTimeout time.Duration PropagationTimeout time.Duration
PollingInterval time.Duration PollingInterval time.Duration
@ -67,6 +72,8 @@ func NewDNSProvider() (*DNSProvider, error) {
config := NewDefaultConfig() config := NewDefaultConfig()
config.Username = values[EnvUsername] config.Username = values[EnvUsername]
config.Password = values[EnvPassword] config.Password = values[EnvPassword]
config.TLSCert = env.GetOrDefaultString(EnvTLSCert, "")
config.TLSKey = env.GetOrDefaultString(EnvTLSKey, "")
return NewDNSProviderConfig(config) return NewDNSProviderConfig(config)
} }
@ -87,6 +94,27 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient client.HTTPClient = config.HTTPClient
} }
if config.TLSCert != "" || config.TLSKey != "" {
if config.TLSCert == "" {
return nil, errors.New("regru: TLS certificate is missing")
}
if config.TLSKey == "" {
return nil, errors.New("regru: TLS key is missing")
}
tlsCert, err := tls.X509KeyPair([]byte(config.TLSCert), []byte(config.TLSKey))
if err != nil {
return nil, fmt.Errorf("regru: %w", err)
}
client.HTTPClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
Certificates: []tls.Certificate{tlsCert},
},
}
}
return &DNSProvider{config: config, client: client}, nil return &DNSProvider{config: config, client: client}, nil
} }

View file

@ -15,6 +15,8 @@ lego --email you@example.com --dns regru --domains my.example.org run
REGRU_USERNAME = "API username" REGRU_USERNAME = "API username"
REGRU_PASSWORD = "API password" REGRU_PASSWORD = "API password"
[Configuration.Additional] [Configuration.Additional]
REGRU_TLS_CERT = "authentication certificate"
REGRU_TLS_KEY = "authentication private key"
REGRU_POLLING_INTERVAL = "Time between DNS propagation check" REGRU_POLLING_INTERVAL = "Time between DNS propagation check"
REGRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation" REGRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
REGRU_TTL = "The TTL of the TXT record used for the DNS challenge" REGRU_TTL = "The TTL of the TXT record used for the DNS challenge"