Add DNS challenge provider for Vultr.

This commit is contained in:
Rui Lopes 2016-03-20 23:23:37 +00:00
parent 735d41fbc8
commit 4d7223057d
4 changed files with 196 additions and 0 deletions

1
cli.go
View file

@ -169,6 +169,7 @@ Here is an example bash command using the CloudFlare DNS provider:
fmt.Fprintln(w, "\trfc2136:\tRFC2136_TSIG_KEY, RFC2136_TSIG_SECRET,\n\t\tRFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER") fmt.Fprintln(w, "\trfc2136:\tRFC2136_TSIG_KEY, RFC2136_TSIG_SECRET,\n\t\tRFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER")
fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION") fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION")
fmt.Fprintln(w, "\tdyn:\tDYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD") fmt.Fprintln(w, "\tdyn:\tDYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD")
fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY")
w.Flush() w.Flush()
fmt.Println(` fmt.Println(`

View file

@ -20,6 +20,7 @@ import (
"github.com/xenolf/lego/providers/dns/namecheap" "github.com/xenolf/lego/providers/dns/namecheap"
"github.com/xenolf/lego/providers/dns/rfc2136" "github.com/xenolf/lego/providers/dns/rfc2136"
"github.com/xenolf/lego/providers/dns/route53" "github.com/xenolf/lego/providers/dns/route53"
"github.com/xenolf/lego/providers/dns/vultr"
"github.com/xenolf/lego/providers/http/webroot" "github.com/xenolf/lego/providers/http/webroot"
) )
@ -108,6 +109,8 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
provider, err = route53.NewDNSProvider() provider, err = route53.NewDNSProvider()
case "rfc2136": case "rfc2136":
provider, err = rfc2136.NewDNSProvider() provider, err = rfc2136.NewDNSProvider()
case "vultr":
provider, err = vultr.NewDNSProvider()
} }
if err != nil { if err != nil {

View file

@ -0,0 +1,127 @@
// Package vultr implements a DNS provider for solving the DNS-01 challenge using
// the vultr DNS.
// See https://www.vultr.com/api/#dns
package vultr
import (
"fmt"
"os"
"strings"
vultr "github.com/JamesClonk/vultr/lib"
"github.com/xenolf/lego/acme"
)
// DNSProvider is an implementation of the acme.ChallengeProvider interface.
type DNSProvider struct {
client *vultr.Client
}
// NewDNSProvider returns a DNSProvider instance with a configured Vultr client.
// Authentication uses the VULTR_API_KEY environment variable.
func NewDNSProvider() (*DNSProvider, error) {
apiKey := os.Getenv("VULTR_API_KEY")
return NewDNSProviderCredentials(apiKey)
}
// NewDNSProviderCredentials uses the supplied credentials to return a DNSProvider
// instance configured for Vultr.
func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {
if apiKey == "" {
return nil, fmt.Errorf("Vultr credentials missing")
}
c := &DNSProvider{
client: vultr.NewClient(apiKey, nil),
}
return c, nil
}
// Present creates a TXT record to fulfil the DNS-01 challenge.
func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
zoneDomain, err := c.getHostedZone(domain)
if err != nil {
return err
}
name := c.extractRecordName(fqdn, zoneDomain)
err = c.client.CreateDnsRecord(zoneDomain, name, "TXT", `"`+value+`"`, 0, ttl)
if err != nil {
return fmt.Errorf("Vultr API call failed: %v", err)
}
return nil
}
// CleanUp removes the TXT record matching the specified parameters.
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
zoneDomain, records, err := c.findTxtRecords(domain, fqdn)
if err != nil {
return err
}
for _, rec := range records {
err := c.client.DeleteDnsRecord(zoneDomain, rec.RecordID)
if err != nil {
return err
}
}
return nil
}
func (c *DNSProvider) getHostedZone(domain string) (string, error) {
domains, err := c.client.GetDnsDomains()
if err != nil {
return "", fmt.Errorf("Vultr API call failed: %v", err)
}
var hostedDomain vultr.DnsDomain
for _, d := range domains {
if strings.HasSuffix(domain, d.Domain) {
if len(d.Domain) > len(hostedDomain.Domain) {
hostedDomain = d
}
}
}
if hostedDomain.Domain == "" {
return "", fmt.Errorf("No matching Vultr domain found for domain %s", domain)
}
return hostedDomain.Domain, nil
}
func (c *DNSProvider) findTxtRecords(domain, fqdn string) (string, []vultr.DnsRecord, error) {
zoneDomain, err := c.getHostedZone(domain)
if err != nil {
return "", nil, err
}
var records []vultr.DnsRecord
result, err := c.client.GetDnsRecords(zoneDomain)
if err != nil {
return "", records, fmt.Errorf("Vultr API call has failed: %v", err)
}
recordName := c.extractRecordName(fqdn, zoneDomain)
for _, record := range result {
if record.Type == "TXT" && record.Name == recordName {
records = append(records, record)
}
}
return zoneDomain, records, nil
}
func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
name := acme.UnFqdn(fqdn)
if idx := strings.Index(name, "."+domain); idx != -1 {
return name[:idx]
}
return name
}

View file

@ -0,0 +1,65 @@
package vultr
import (
"os"
"testing"
"time"
"github.com/stretchr/testify/assert"
)
var (
liveTest bool
apiKey string
domain string
)
func init() {
apiKey = os.Getenv("VULTR_API_KEY")
domain = os.Getenv("VULTR_TEST_DOMAIN")
liveTest = len(apiKey) > 0 && len(domain) > 0
}
func restoreEnv() {
os.Setenv("VULTR_API_KEY", apiKey)
}
func TestNewDNSProviderValidEnv(t *testing.T) {
os.Setenv("VULTR_API_KEY", "123")
defer restoreEnv()
_, err := NewDNSProvider()
assert.NoError(t, err)
}
func TestNewDNSProviderMissingCredErr(t *testing.T) {
os.Setenv("VULTR_API_KEY", "")
defer restoreEnv()
_, err := NewDNSProvider()
assert.EqualError(t, err, "Vultr credentials missing")
}
func TestLivePresent(t *testing.T) {
if !liveTest {
t.Skip("skipping live test")
}
provider, err := NewDNSProvider()
assert.NoError(t, err)
err = provider.Present(domain, "", "123d==")
assert.NoError(t, err)
}
func TestLiveCleanUp(t *testing.T) {
if !liveTest {
t.Skip("skipping live test")
}
time.Sleep(time.Second * 1)
provider, err := NewDNSProvider()
assert.NoError(t, err)
err = provider.CleanUp(domain, "", "123d==")
assert.NoError(t, err)
}