forked from TrueCloudLab/lego
140 lines
3.5 KiB
Go
140 lines
3.5 KiB
Go
|
package fastdns
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"os"
|
||
|
"reflect"
|
||
|
|
||
|
configdns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v1"
|
||
|
"github.com/akamai/AkamaiOPEN-edgegrid-golang/edgegrid"
|
||
|
"github.com/xenolf/lego/acme"
|
||
|
)
|
||
|
|
||
|
// DNSProvider is an implementation of the acme.ChallengeProvider interface.
|
||
|
type DNSProvider struct {
|
||
|
config edgegrid.Config
|
||
|
}
|
||
|
|
||
|
// NewDNSProvider uses the supplied environment variables to return a DNSProvider instance:
|
||
|
// AKAMAI_HOST, AKAMAI_CLIENT_TOKEN, AKAMAI_CLIENT_SECRET, AKAMAI_ACCESS_TOKEN
|
||
|
func NewDNSProvider() (*DNSProvider, error) {
|
||
|
host := os.Getenv("AKAMAI_HOST")
|
||
|
clientToken := os.Getenv("AKAMAI_CLIENT_TOKEN")
|
||
|
clientSecret := os.Getenv("AKAMAI_CLIENT_SECRET")
|
||
|
accessToken := os.Getenv("AKAMAI_ACCESS_TOKEN")
|
||
|
|
||
|
return NewDNSProviderClient(host, clientToken, clientSecret, accessToken)
|
||
|
}
|
||
|
|
||
|
// NewDNSProviderClient uses the supplied parameters to return a DNSProvider instance
|
||
|
// configured for FastDNS.
|
||
|
func NewDNSProviderClient(host, clientToken, clientSecret, accessToken string) (*DNSProvider, error) {
|
||
|
if clientToken == "" || clientSecret == "" || accessToken == "" || host == "" {
|
||
|
return nil, fmt.Errorf("Akamai FastDNS credentials missing")
|
||
|
}
|
||
|
config := edgegrid.Config{
|
||
|
Host: host,
|
||
|
ClientToken: clientToken,
|
||
|
ClientSecret: clientSecret,
|
||
|
AccessToken: accessToken,
|
||
|
MaxBody: 131072,
|
||
|
}
|
||
|
|
||
|
return &DNSProvider{
|
||
|
config: config,
|
||
|
}, nil
|
||
|
}
|
||
|
|
||
|
// Present creates a TXT record to fullfil the dns-01 challenge.
|
||
|
func (c *DNSProvider) Present(domain, token, keyAuth string) error {
|
||
|
fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
|
||
|
zoneName, recordName, err := c.findZoneAndRecordName(fqdn, domain)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
configdns.Init(c.config)
|
||
|
|
||
|
zone, err := configdns.GetZone(zoneName)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
record := configdns.NewTxtRecord()
|
||
|
record.SetField("name", recordName)
|
||
|
record.SetField("ttl", ttl)
|
||
|
record.SetField("target", value)
|
||
|
record.SetField("active", true)
|
||
|
|
||
|
existingRecord := c.findExistingRecord(zone, recordName)
|
||
|
|
||
|
if existingRecord != nil {
|
||
|
if reflect.DeepEqual(existingRecord.ToMap(), record.ToMap()) {
|
||
|
return nil
|
||
|
}
|
||
|
zone.RemoveRecord(existingRecord)
|
||
|
return c.createRecord(zone, record)
|
||
|
}
|
||
|
|
||
|
return c.createRecord(zone, record)
|
||
|
}
|
||
|
|
||
|
// CleanUp removes the record matching the specified parameters.
|
||
|
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||
|
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
|
||
|
zoneName, recordName, err := c.findZoneAndRecordName(fqdn, domain)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
configdns.Init(c.config)
|
||
|
|
||
|
zone, err := configdns.GetZone(zoneName)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
existingRecord := c.findExistingRecord(zone, recordName)
|
||
|
|
||
|
if existingRecord != nil {
|
||
|
err := zone.RemoveRecord(existingRecord)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
return zone.Save()
|
||
|
}
|
||
|
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
func (c *DNSProvider) findZoneAndRecordName(fqdn, domain string) (string, string, error) {
|
||
|
zone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
|
||
|
if err != nil {
|
||
|
return "", "", err
|
||
|
}
|
||
|
zone = acme.UnFqdn(zone)
|
||
|
name := acme.UnFqdn(fqdn)
|
||
|
name = name[:len(name)-len("."+zone)]
|
||
|
|
||
|
return zone, name, nil
|
||
|
}
|
||
|
|
||
|
func (c *DNSProvider) findExistingRecord(zone *configdns.Zone, recordName string) *configdns.TxtRecord {
|
||
|
for _, r := range zone.Zone.Txt {
|
||
|
if r.Name == recordName {
|
||
|
return r
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
func (c *DNSProvider) createRecord(zone *configdns.Zone, record *configdns.TxtRecord) error {
|
||
|
err := zone.AddRecord(record)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
return zone.Save()
|
||
|
}
|