Merge pull request #299 from edeckers/add-auroradns

Add AuroraDNS support
This commit is contained in:
xenolf 2016-10-18 10:26:37 +02:00 committed by GitHub
commit bb51288200
4 changed files with 293 additions and 0 deletions

1
cli.go
View file

@ -189,6 +189,7 @@ Here is an example bash command using the CloudFlare DNS provider:
w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0) w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
fmt.Fprintln(w, "Valid providers and their associated credential environment variables:") fmt.Fprintln(w, "Valid providers and their associated credential environment variables:")
fmt.Fprintln(w) fmt.Fprintln(w)
fmt.Fprintln(w, "\tauroradns:\tAURORA_USER_ID, AURORA_KEY, AURORA_ENDPOINT")
fmt.Fprintln(w, "\tcloudflare:\tCLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY") fmt.Fprintln(w, "\tcloudflare:\tCLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY")
fmt.Fprintln(w, "\tdigitalocean:\tDO_AUTH_TOKEN") fmt.Fprintln(w, "\tdigitalocean:\tDO_AUTH_TOKEN")
fmt.Fprintln(w, "\tdnsimple:\tDNSIMPLE_EMAIL, DNSIMPLE_API_KEY") fmt.Fprintln(w, "\tdnsimple:\tDNSIMPLE_EMAIL, DNSIMPLE_API_KEY")

View file

@ -15,6 +15,7 @@ import (
"github.com/urfave/cli" "github.com/urfave/cli"
"github.com/xenolf/lego/acme" "github.com/xenolf/lego/acme"
"github.com/xenolf/lego/providers/dns/auroradns"
"github.com/xenolf/lego/providers/dns/cloudflare" "github.com/xenolf/lego/providers/dns/cloudflare"
"github.com/xenolf/lego/providers/dns/digitalocean" "github.com/xenolf/lego/providers/dns/digitalocean"
"github.com/xenolf/lego/providers/dns/dnsimple" "github.com/xenolf/lego/providers/dns/dnsimple"
@ -118,6 +119,8 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
var err error var err error
var provider acme.ChallengeProvider var provider acme.ChallengeProvider
switch c.GlobalString("dns") { switch c.GlobalString("dns") {
case "auroradns":
provider, err = auroradns.NewDNSProvider()
case "cloudflare": case "cloudflare":
provider, err = cloudflare.NewDNSProvider() provider, err = cloudflare.NewDNSProvider()
case "digitalocean": case "digitalocean":

View file

@ -0,0 +1,141 @@
package auroradns
import (
"fmt"
"github.com/edeckers/auroradnsclient"
"github.com/edeckers/auroradnsclient/records"
"github.com/edeckers/auroradnsclient/zones"
"github.com/xenolf/lego/acme"
"os"
"sync"
)
// DNSProvider describes a provider for AuroraDNS
type DNSProvider struct {
recordIDs map[string]string
recordIDsMu sync.Mutex
client *auroradnsclient.AuroraDNSClient
}
// NewDNSProvider returns a DNSProvider instance configured for AuroraDNS.
// Credentials must be passed in the environment variables: AURORA_USER_ID
// and AURORA_KEY.
func NewDNSProvider() (*DNSProvider, error) {
userID := os.Getenv("AURORA_USER_ID")
key := os.Getenv("AURORA_KEY")
endpoint := os.Getenv("AURORA_ENDPOINT")
if endpoint == "" {
endpoint = "https://api.auroradns.eu"
}
return NewDNSProviderCredentials(endpoint, userID, key)
}
// NewDNSProviderCredentials uses the supplied credentials to return a
// DNSProvider instance configured for AuroraDNS.
func NewDNSProviderCredentials(baseURL string, userID string, key string) (*DNSProvider, error) {
client, err := auroradnsclient.NewAuroraDNSClient(baseURL, userID, key)
if err != nil {
return nil, err
}
return &DNSProvider{
client: client,
recordIDs: make(map[string]string),
}, nil
}
func (provider *DNSProvider) getZoneInformationByName(name string) (zones.ZoneRecord, error) {
zs, err := provider.client.GetZones()
if err != nil {
return zones.ZoneRecord{}, err
}
for _, element := range zs {
if element.Name == name {
return element, nil
}
}
return zones.ZoneRecord{}, fmt.Errorf("Could not find Zone record")
}
// Present creates a record with a secret
func (provider *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil {
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
}
// 1. Aurora will happily create the TXT record when it is provided a fqdn,
// but it will only appear in the control panel and will not be
// propagated to DNS servers. Extract and use subdomain instead.
// 2. A trailing dot in the fqdn will cause Aurora to add a trailing dot to
// the subdomain, resulting in _acme-challenge..<domain> rather
// than _acme-challenge.<domain>
subdomain := fqdn[0 : len(fqdn)-len(authZone)-1]
authZone = acme.UnFqdn(authZone)
zoneRecord, err := provider.getZoneInformationByName(authZone)
reqData :=
records.CreateRecordRequest{
RecordType: "TXT",
Name: subdomain,
Content: value,
TTL: 300,
}
respData, err := provider.client.CreateRecord(zoneRecord.ID, reqData)
if err != nil {
return fmt.Errorf("Could not create record: '%s'.", err)
}
provider.recordIDsMu.Lock()
provider.recordIDs[fqdn] = respData.ID
provider.recordIDsMu.Unlock()
return nil
}
// CleanUp removes a given record that was generated by Present
func (provider *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
provider.recordIDsMu.Lock()
recordID, ok := provider.recordIDs[fqdn]
provider.recordIDsMu.Unlock()
if !ok {
return fmt.Errorf("Unknown recordID for '%s'", fqdn)
}
authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil {
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
}
authZone = acme.UnFqdn(authZone)
zoneRecord, err := provider.getZoneInformationByName(authZone)
if err != nil {
return err
}
_, err = provider.client.RemoveRecord(zoneRecord.ID, recordID)
if err != nil {
return err
}
provider.recordIDsMu.Lock()
delete(provider.recordIDs, fqdn)
provider.recordIDsMu.Unlock()
return nil
}

View file

@ -0,0 +1,148 @@
package auroradns
import (
"fmt"
"io/ioutil"
"net/http"
"net/http/httptest"
"testing"
)
var fakeAuroraDNSUserId = "asdf1234"
var fakeAuroraDNSKey = "key"
func TestAuroraDNSPresent(t *testing.T) {
var requestReceived bool
mock := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" && r.URL.Path == "/zones" {
w.WriteHeader(http.StatusCreated)
fmt.Fprintf(w, `[{
"id": "c56a4180-65aa-42ec-a945-5fd21dec0538",
"name": "example.com"
}]`)
return
}
requestReceived = true
if got, want := r.Method, "POST"; got != want {
t.Errorf("Expected method to be '%s' but got '%s'", want, got)
}
if got, want := r.URL.Path, "/zones/c56a4180-65aa-42ec-a945-5fd21dec0538/records"; got != want {
t.Errorf("Expected path to be '%s' but got '%s'", want, got)
}
if got, want := r.Header.Get("Content-Type"), "application/json"; got != want {
t.Errorf("Expected Content-Type to be '%s' but got '%s'", want, got)
}
reqBody, err := ioutil.ReadAll(r.Body)
if err != nil {
t.Fatalf("Error reading request body: %v", err)
}
if got, want := string(reqBody),
`{"type":"TXT","name":"_acme-challenge","content":"w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI","ttl":300}`; got != want {
t.Errorf("Expected body data to be: `%s` but got `%s`", want, got)
}
w.WriteHeader(http.StatusCreated)
fmt.Fprintf(w, `{
"id": "c56a4180-65aa-42ec-a945-5fd21dec0538",
"type": "TXT",
"name": "_acme-challenge",
"ttl": 300
}`)
}))
defer mock.Close()
auroraProvider, err := NewDNSProviderCredentials(mock.URL, fakeAuroraDNSUserId, fakeAuroraDNSKey)
if auroraProvider == nil {
t.Fatal("Expected non-nil AuroraDNS provider, but was nil")
}
if err != nil {
t.Fatalf("Expected no error creating provider, but got: %v", err)
}
err = auroraProvider.Present("example.com", "", "foobar")
if err != nil {
t.Fatalf("Expected no error creating TXT record, but got: %v", err)
}
if !requestReceived {
t.Error("Expected request to be received by mock backend, but it wasn't")
}
}
func TestAuroraDNSCleanUp(t *testing.T) {
var requestReceived bool
mock := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" && r.URL.Path == "/zones" {
w.WriteHeader(http.StatusCreated)
fmt.Fprintf(w, `[{
"id": "c56a4180-65aa-42ec-a945-5fd21dec0538",
"name": "example.com"
}]`)
return
}
if r.Method == "POST" && r.URL.Path == "/zones/c56a4180-65aa-42ec-a945-5fd21dec0538/records" {
w.WriteHeader(http.StatusCreated)
fmt.Fprintf(w, `{
"id": "ec56a4180-65aa-42ec-a945-5fd21dec0538",
"type": "TXT",
"name": "_acme-challenge",
"ttl": 300
}`)
return
}
requestReceived = true
if got, want := r.Method, "DELETE"; got != want {
t.Errorf("Expected method to be '%s' but got '%s'", want, got)
}
if got, want := r.URL.Path,
"/zones/c56a4180-65aa-42ec-a945-5fd21dec0538/records/ec56a4180-65aa-42ec-a945-5fd21dec0538"; got != want {
t.Errorf("Expected path to be '%s' but got '%s'", want, got)
}
if got, want := r.Header.Get("Content-Type"), "application/json"; got != want {
t.Errorf("Expected Content-Type to be '%s' but got '%s'", want, got)
}
w.WriteHeader(http.StatusCreated)
fmt.Fprintf(w, `{}`)
}))
defer mock.Close()
auroraProvider, err := NewDNSProviderCredentials(mock.URL, fakeAuroraDNSUserId, fakeAuroraDNSKey)
if auroraProvider == nil {
t.Fatal("Expected non-nil AuroraDNS provider, but was nil")
}
if err != nil {
t.Fatalf("Expected no error creating provider, but got: %v", err)
}
err = auroraProvider.Present("example.com", "", "foobar")
if err != nil {
t.Fatalf("Expected no error creating TXT record, but got: %v", err)
}
err = auroraProvider.CleanUp("example.com", "", "foobar")
if err != nil {
t.Fatalf("Expected no error removing TXT record, but got: %v", err)
}
if !requestReceived {
t.Error("Expected request to be received by mock backend, but it wasn't")
}
}