forked from TrueCloudLab/lego
Merge pull request #201 from janeczku/route53-fix-priv-zone
Route 53: Make sure we don't provision to a private hosted zone
This commit is contained in:
commit
06124e0954
1 changed files with 18 additions and 12 deletions
|
@ -84,7 +84,7 @@ func (r *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||||
func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
|
func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
|
||||||
hostedZoneID, err := r.getHostedZoneID(fqdn)
|
hostedZoneID, err := r.getHostedZoneID(fqdn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("Failed to determine Route 53 hosted zone ID: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
recordSet := newTXTRecordSet(fqdn, value, ttl)
|
recordSet := newTXTRecordSet(fqdn, value, ttl)
|
||||||
|
@ -103,7 +103,7 @@ func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
|
||||||
|
|
||||||
resp, err := r.client.ChangeResourceRecordSets(reqParams)
|
resp, err := r.client.ChangeResourceRecordSets(reqParams)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("Failed to change Route 53 record set: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
statusID := resp.ChangeInfo.Id
|
statusID := resp.ChangeInfo.Id
|
||||||
|
@ -114,7 +114,7 @@ func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
|
||||||
}
|
}
|
||||||
resp, err := r.client.GetChange(reqParams)
|
resp, err := r.client.GetChange(reqParams)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, fmt.Errorf("Failed to query Route 53 change status: %v", err)
|
||||||
}
|
}
|
||||||
if *resp.ChangeInfo.Status == route53.ChangeStatusInsync {
|
if *resp.ChangeInfo.Status == route53.ChangeStatusInsync {
|
||||||
return true, nil
|
return true, nil
|
||||||
|
@ -131,25 +131,31 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
|
||||||
|
|
||||||
// .DNSName should not have a trailing dot
|
// .DNSName should not have a trailing dot
|
||||||
reqParams := &route53.ListHostedZonesByNameInput{
|
reqParams := &route53.ListHostedZonesByNameInput{
|
||||||
DNSName: aws.String(acme.UnFqdn(authZone)),
|
DNSName: aws.String(acme.UnFqdn(authZone)),
|
||||||
MaxItems: aws.String("1"),
|
|
||||||
}
|
}
|
||||||
resp, err := r.client.ListHostedZonesByName(reqParams)
|
resp, err := r.client.ListHostedZonesByName(reqParams)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
// .Name has a trailing dot
|
var hostedZoneID string
|
||||||
if len(resp.HostedZones) == 0 || *resp.HostedZones[0].Name != authZone {
|
for _, hostedZone := range resp.HostedZones {
|
||||||
return "", fmt.Errorf("Zone %s not found in Route53 for domain %s", authZone, fqdn)
|
// .Name has a trailing dot
|
||||||
|
if !*hostedZone.Config.PrivateZone && *hostedZone.Name == authZone {
|
||||||
|
hostedZoneID = *hostedZone.Id
|
||||||
|
break
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
zoneID := *resp.HostedZones[0].Id
|
if len(hostedZoneID) == 0 {
|
||||||
if strings.HasPrefix(zoneID, "/hostedzone/") {
|
return "", fmt.Errorf("Zone %s not found in Route 53 for domain %s", authZone, fqdn)
|
||||||
zoneID = strings.TrimPrefix(zoneID, "/hostedzone/")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return zoneID, nil
|
if strings.HasPrefix(hostedZoneID, "/hostedzone/") {
|
||||||
|
hostedZoneID = strings.TrimPrefix(hostedZoneID, "/hostedzone/")
|
||||||
|
}
|
||||||
|
|
||||||
|
return hostedZoneID, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func newTXTRecordSet(fqdn, value string, ttl int) *route53.ResourceRecordSet {
|
func newTXTRecordSet(fqdn, value string, ttl int) *route53.ResourceRecordSet {
|
||||||
|
|
Loading…
Reference in a new issue