forked from TrueCloudLab/lego
fix: ns1 auth zone. (#640)
This commit is contained in:
parent
3a46680b73
commit
621237d072
2 changed files with 61 additions and 13 deletions
|
@ -85,7 +85,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
|
||||||
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||||
fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
|
fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
|
||||||
|
|
||||||
zone, err := d.getHostedZone(domain)
|
zone, err := d.getHostedZone(fqdn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("ns1: %v", err)
|
return fmt.Errorf("ns1: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -93,7 +93,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||||
record := d.newTxtRecord(zone, fqdn, value, d.config.TTL)
|
record := d.newTxtRecord(zone, fqdn, value, d.config.TTL)
|
||||||
_, err = d.client.Records.Create(record)
|
_, err = d.client.Records.Create(record)
|
||||||
if err != nil && err != rest.ErrRecordExists {
|
if err != nil && err != rest.ErrRecordExists {
|
||||||
return fmt.Errorf("ns1: %v", err)
|
return fmt.Errorf("ns1: failed to create record [zone: %q, fqdn: %q]: %v", zone.Zone, fqdn, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -103,14 +103,14 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||||
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||||
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
|
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
|
||||||
|
|
||||||
zone, err := d.getHostedZone(domain)
|
zone, err := d.getHostedZone(fqdn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("ns1: %v", err)
|
return fmt.Errorf("ns1: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
name := acme.UnFqdn(fqdn)
|
name := acme.UnFqdn(fqdn)
|
||||||
_, err = d.client.Records.Delete(zone.Zone, name, "TXT")
|
_, err = d.client.Records.Delete(zone.Zone, name, "TXT")
|
||||||
return fmt.Errorf("ns1: %v", err)
|
return fmt.Errorf("ns1: failed to delete record [zone: %q, domain: %q]: %v", zone.Zone, name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Timeout returns the timeout and interval to use when checking for DNS propagation.
|
// Timeout returns the timeout and interval to use when checking for DNS propagation.
|
||||||
|
@ -119,15 +119,15 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
|
||||||
return d.config.PropagationTimeout, d.config.PollingInterval
|
return d.config.PropagationTimeout, d.config.PollingInterval
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *DNSProvider) getHostedZone(domain string) (*dns.Zone, error) {
|
func (d *DNSProvider) getHostedZone(fqdn string) (*dns.Zone, error) {
|
||||||
authZone, err := getAuthZone(domain)
|
authZone, err := getAuthZone(fqdn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("ns1: %v", err)
|
return nil, fmt.Errorf("failed to extract auth zone from fqdn %q: %v", fqdn, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
zone, _, err := d.client.Zones.Get(authZone)
|
zone, _, err := d.client.Zones.Get(authZone)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("ns1: %v", err)
|
return nil, fmt.Errorf("failed to get zone [authZone: %q, fqdn: %q]: %v", authZone, fqdn, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return zone, nil
|
return zone, nil
|
||||||
|
@ -139,11 +139,7 @@ func getAuthZone(fqdn string) (string, error) {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
if strings.HasSuffix(authZone, ".") {
|
return strings.TrimSuffix(authZone, "."), nil
|
||||||
authZone = authZone[:len(authZone)-len(".")]
|
|
||||||
}
|
|
||||||
|
|
||||||
return authZone, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *DNSProvider) newTxtRecord(zone *dns.Zone, fqdn, value string, ttl int) *dns.Record {
|
func (d *DNSProvider) newTxtRecord(zone *dns.Zone, fqdn, value string, ttl int) *dns.Record {
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -26,6 +27,57 @@ func restoreEnv() {
|
||||||
os.Setenv("NS1_API_KEY", apiKey)
|
os.Setenv("NS1_API_KEY", apiKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func Test_getAuthZone(t *testing.T) {
|
||||||
|
type expected struct {
|
||||||
|
AuthZone string
|
||||||
|
Error string
|
||||||
|
}
|
||||||
|
|
||||||
|
testCases := []struct {
|
||||||
|
desc string
|
||||||
|
fqdn string
|
||||||
|
expected expected
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
desc: "valid fqdn",
|
||||||
|
fqdn: "_acme-challenge.myhost.sub.example.com.",
|
||||||
|
expected: expected{
|
||||||
|
AuthZone: "example.com",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "invalid fqdn",
|
||||||
|
fqdn: "_acme-challenge.myhost.sub.example.com",
|
||||||
|
expected: expected{
|
||||||
|
Error: "dns: domain must be fully qualified",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "invalid authority",
|
||||||
|
fqdn: "_acme-challenge.myhost.sub.domain.tld.",
|
||||||
|
expected: expected{
|
||||||
|
Error: "could not find the start of authority",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, test := range testCases {
|
||||||
|
test := test
|
||||||
|
t.Run(test.desc, func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
authZone, err := getAuthZone(test.fqdn)
|
||||||
|
|
||||||
|
if len(test.expected.Error) > 0 {
|
||||||
|
assert.EqualError(t, err, test.expected.Error)
|
||||||
|
} else {
|
||||||
|
require.NoError(t, err)
|
||||||
|
assert.Equal(t, test.expected.AuthZone, authZone)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestNewDNSProviderValid(t *testing.T) {
|
func TestNewDNSProviderValid(t *testing.T) {
|
||||||
defer restoreEnv()
|
defer restoreEnv()
|
||||||
os.Setenv("NS1_API_KEY", "")
|
os.Setenv("NS1_API_KEY", "")
|
||||||
|
|
Loading…
Reference in a new issue