diff --git a/cli.go b/cli.go index c3fac160..052fc763 100644 --- a/cli.go +++ b/cli.go @@ -169,6 +169,7 @@ Here is an example bash command using the CloudFlare DNS provider: fmt.Fprintln(w, "\trfc2136:\tRFC2136_TSIG_KEY, RFC2136_TSIG_SECRET,\n\t\tRFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER") fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION") fmt.Fprintln(w, "\tdyn:\tDYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD") + fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY") w.Flush() fmt.Println(` diff --git a/cli_handlers.go b/cli_handlers.go index fe51438d..1601c43b 100644 --- a/cli_handlers.go +++ b/cli_handlers.go @@ -20,6 +20,7 @@ import ( "github.com/xenolf/lego/providers/dns/namecheap" "github.com/xenolf/lego/providers/dns/rfc2136" "github.com/xenolf/lego/providers/dns/route53" + "github.com/xenolf/lego/providers/dns/vultr" "github.com/xenolf/lego/providers/http/webroot" ) @@ -108,6 +109,8 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) { provider, err = route53.NewDNSProvider() case "rfc2136": provider, err = rfc2136.NewDNSProvider() + case "vultr": + provider, err = vultr.NewDNSProvider() } if err != nil { diff --git a/providers/dns/vultr/vultr.go b/providers/dns/vultr/vultr.go new file mode 100644 index 00000000..53804e27 --- /dev/null +++ b/providers/dns/vultr/vultr.go @@ -0,0 +1,127 @@ +// Package vultr implements a DNS provider for solving the DNS-01 challenge using +// the vultr DNS. +// See https://www.vultr.com/api/#dns +package vultr + +import ( + "fmt" + "os" + "strings" + + vultr "github.com/JamesClonk/vultr/lib" + "github.com/xenolf/lego/acme" +) + +// DNSProvider is an implementation of the acme.ChallengeProvider interface. +type DNSProvider struct { + client *vultr.Client +} + +// NewDNSProvider returns a DNSProvider instance with a configured Vultr client. +// Authentication uses the VULTR_API_KEY environment variable. +func NewDNSProvider() (*DNSProvider, error) { + apiKey := os.Getenv("VULTR_API_KEY") + return NewDNSProviderCredentials(apiKey) +} + +// NewDNSProviderCredentials uses the supplied credentials to return a DNSProvider +// instance configured for Vultr. +func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) { + if apiKey == "" { + return nil, fmt.Errorf("Vultr credentials missing") + } + + c := &DNSProvider{ + client: vultr.NewClient(apiKey, nil), + } + + return c, nil +} + +// Present creates a TXT record to fulfil the DNS-01 challenge. +func (c *DNSProvider) Present(domain, token, keyAuth string) error { + fqdn, value, ttl := acme.DNS01Record(domain, keyAuth) + + zoneDomain, err := c.getHostedZone(domain) + if err != nil { + return err + } + + name := c.extractRecordName(fqdn, zoneDomain) + + err = c.client.CreateDnsRecord(zoneDomain, name, "TXT", `"`+value+`"`, 0, ttl) + if err != nil { + return fmt.Errorf("Vultr API call failed: %v", err) + } + + return nil +} + +// CleanUp removes the TXT record matching the specified parameters. +func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { + fqdn, _, _ := acme.DNS01Record(domain, keyAuth) + + zoneDomain, records, err := c.findTxtRecords(domain, fqdn) + if err != nil { + return err + } + + for _, rec := range records { + err := c.client.DeleteDnsRecord(zoneDomain, rec.RecordID) + if err != nil { + return err + } + } + return nil +} + +func (c *DNSProvider) getHostedZone(domain string) (string, error) { + domains, err := c.client.GetDnsDomains() + if err != nil { + return "", fmt.Errorf("Vultr API call failed: %v", err) + } + + var hostedDomain vultr.DnsDomain + for _, d := range domains { + if strings.HasSuffix(domain, d.Domain) { + if len(d.Domain) > len(hostedDomain.Domain) { + hostedDomain = d + } + } + } + if hostedDomain.Domain == "" { + return "", fmt.Errorf("No matching Vultr domain found for domain %s", domain) + } + + return hostedDomain.Domain, nil +} + +func (c *DNSProvider) findTxtRecords(domain, fqdn string) (string, []vultr.DnsRecord, error) { + zoneDomain, err := c.getHostedZone(domain) + if err != nil { + return "", nil, err + } + + var records []vultr.DnsRecord + result, err := c.client.GetDnsRecords(zoneDomain) + if err != nil { + return "", records, fmt.Errorf("Vultr API call has failed: %v", err) + } + + recordName := c.extractRecordName(fqdn, zoneDomain) + for _, record := range result { + if record.Type == "TXT" && record.Name == recordName { + records = append(records, record) + } + } + + return zoneDomain, records, nil +} + +func (c *DNSProvider) extractRecordName(fqdn, domain string) string { + name := acme.UnFqdn(fqdn) + if idx := strings.Index(name, "."+domain); idx != -1 { + return name[:idx] + } + return name +} diff --git a/providers/dns/vultr/vultr_test.go b/providers/dns/vultr/vultr_test.go new file mode 100644 index 00000000..7c8cdaf1 --- /dev/null +++ b/providers/dns/vultr/vultr_test.go @@ -0,0 +1,65 @@ +package vultr + +import ( + "os" + "testing" + "time" + + "github.com/stretchr/testify/assert" +) + +var ( + liveTest bool + apiKey string + domain string +) + +func init() { + apiKey = os.Getenv("VULTR_API_KEY") + domain = os.Getenv("VULTR_TEST_DOMAIN") + liveTest = len(apiKey) > 0 && len(domain) > 0 +} + +func restoreEnv() { + os.Setenv("VULTR_API_KEY", apiKey) +} + +func TestNewDNSProviderValidEnv(t *testing.T) { + os.Setenv("VULTR_API_KEY", "123") + defer restoreEnv() + _, err := NewDNSProvider() + assert.NoError(t, err) +} + +func TestNewDNSProviderMissingCredErr(t *testing.T) { + os.Setenv("VULTR_API_KEY", "") + defer restoreEnv() + _, err := NewDNSProvider() + assert.EqualError(t, err, "Vultr credentials missing") +} + +func TestLivePresent(t *testing.T) { + if !liveTest { + t.Skip("skipping live test") + } + + provider, err := NewDNSProvider() + assert.NoError(t, err) + + err = provider.Present(domain, "", "123d==") + assert.NoError(t, err) +} + +func TestLiveCleanUp(t *testing.T) { + if !liveTest { + t.Skip("skipping live test") + } + + time.Sleep(time.Second * 1) + + provider, err := NewDNSProvider() + assert.NoError(t, err) + + err = provider.CleanUp(domain, "", "123d==") + assert.NoError(t, err) +}