fix: ns1 auth zone. (#640)

This commit is contained in:
Ludovic Fernandez 2018-09-21 17:47:58 +02:00 committed by GitHub
parent 3a46680b73
commit 621237d072
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 61 additions and 13 deletions

View file

@ -85,7 +85,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, _ := acme.DNS01Record(domain, keyAuth) fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
zone, err := d.getHostedZone(domain) zone, err := d.getHostedZone(fqdn)
if err != nil { if err != nil {
return fmt.Errorf("ns1: %v", err) return fmt.Errorf("ns1: %v", err)
} }
@ -93,7 +93,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
record := d.newTxtRecord(zone, fqdn, value, d.config.TTL) record := d.newTxtRecord(zone, fqdn, value, d.config.TTL)
_, err = d.client.Records.Create(record) _, err = d.client.Records.Create(record)
if err != nil && err != rest.ErrRecordExists { if err != nil && err != rest.ErrRecordExists {
return fmt.Errorf("ns1: %v", err) return fmt.Errorf("ns1: failed to create record [zone: %q, fqdn: %q]: %v", zone.Zone, fqdn, err)
} }
return nil return nil
@ -103,14 +103,14 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acme.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
zone, err := d.getHostedZone(domain) zone, err := d.getHostedZone(fqdn)
if err != nil { if err != nil {
return fmt.Errorf("ns1: %v", err) return fmt.Errorf("ns1: %v", err)
} }
name := acme.UnFqdn(fqdn) name := acme.UnFqdn(fqdn)
_, err = d.client.Records.Delete(zone.Zone, name, "TXT") _, err = d.client.Records.Delete(zone.Zone, name, "TXT")
return fmt.Errorf("ns1: %v", err) return fmt.Errorf("ns1: failed to delete record [zone: %q, domain: %q]: %v", zone.Zone, name, err)
} }
// Timeout returns the timeout and interval to use when checking for DNS propagation. // Timeout returns the timeout and interval to use when checking for DNS propagation.
@ -119,15 +119,15 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval return d.config.PropagationTimeout, d.config.PollingInterval
} }
func (d *DNSProvider) getHostedZone(domain string) (*dns.Zone, error) { func (d *DNSProvider) getHostedZone(fqdn string) (*dns.Zone, error) {
authZone, err := getAuthZone(domain) authZone, err := getAuthZone(fqdn)
if err != nil { if err != nil {
return nil, fmt.Errorf("ns1: %v", err) return nil, fmt.Errorf("failed to extract auth zone from fqdn %q: %v", fqdn, err)
} }
zone, _, err := d.client.Zones.Get(authZone) zone, _, err := d.client.Zones.Get(authZone)
if err != nil { if err != nil {
return nil, fmt.Errorf("ns1: %v", err) return nil, fmt.Errorf("failed to get zone [authZone: %q, fqdn: %q]: %v", authZone, fqdn, err)
} }
return zone, nil return zone, nil
@ -139,11 +139,7 @@ func getAuthZone(fqdn string) (string, error) {
return "", err return "", err
} }
if strings.HasSuffix(authZone, ".") { return strings.TrimSuffix(authZone, "."), nil
authZone = authZone[:len(authZone)-len(".")]
}
return authZone, err
} }
func (d *DNSProvider) newTxtRecord(zone *dns.Zone, fqdn, value string, ttl int) *dns.Record { func (d *DNSProvider) newTxtRecord(zone *dns.Zone, fqdn, value string, ttl int) *dns.Record {

View file

@ -6,6 +6,7 @@ import (
"time" "time"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
var ( var (
@ -26,6 +27,57 @@ func restoreEnv() {
os.Setenv("NS1_API_KEY", apiKey) os.Setenv("NS1_API_KEY", apiKey)
} }
func Test_getAuthZone(t *testing.T) {
type expected struct {
AuthZone string
Error string
}
testCases := []struct {
desc string
fqdn string
expected expected
}{
{
desc: "valid fqdn",
fqdn: "_acme-challenge.myhost.sub.example.com.",
expected: expected{
AuthZone: "example.com",
},
},
{
desc: "invalid fqdn",
fqdn: "_acme-challenge.myhost.sub.example.com",
expected: expected{
Error: "dns: domain must be fully qualified",
},
},
{
desc: "invalid authority",
fqdn: "_acme-challenge.myhost.sub.domain.tld.",
expected: expected{
Error: "could not find the start of authority",
},
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
authZone, err := getAuthZone(test.fqdn)
if len(test.expected.Error) > 0 {
assert.EqualError(t, err, test.expected.Error)
} else {
require.NoError(t, err)
assert.Equal(t, test.expected.AuthZone, authZone)
}
})
}
}
func TestNewDNSProviderValid(t *testing.T) { func TestNewDNSProviderValid(t *testing.T) {
defer restoreEnv() defer restoreEnv()
os.Setenv("NS1_API_KEY", "") os.Setenv("NS1_API_KEY", "")