forked from TrueCloudLab/lego
fix: use token as unique ID. (#1003)
This commit is contained in:
parent
46680f6524
commit
738e40f446
7 changed files with 42 additions and 24 deletions
|
@ -32,6 +32,7 @@ var load = loader.EnvLoader{
|
|||
}
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
os.Setenv("LEGO_E2E_TESTS", "LEGO_E2E_TESTS")
|
||||
os.Exit(load.MainTest(m))
|
||||
}
|
||||
|
||||
|
@ -258,10 +259,14 @@ func TestChallengeTLS_Client_Obtain(t *testing.T) {
|
|||
require.NoError(t, err)
|
||||
user.registration = reg
|
||||
|
||||
// https://github.com/letsencrypt/pebble/issues/285
|
||||
privateKeyCSR, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
require.NoError(t, err, "Could not generate test key")
|
||||
|
||||
request := certificate.ObtainRequest{
|
||||
Domains: []string{"acme.wtf"},
|
||||
Bundle: true,
|
||||
PrivateKey: privateKey,
|
||||
PrivateKey: privateKeyCSR,
|
||||
}
|
||||
resource, err := client.Certificate.Obtain(request)
|
||||
require.NoError(t, err)
|
||||
|
|
|
@ -103,10 +103,14 @@ func TestChallengeDNS_Client_Obtain(t *testing.T) {
|
|||
|
||||
domains := []string{"*.légo.acme", "légo.acme"}
|
||||
|
||||
// https://github.com/letsencrypt/pebble/issues/285
|
||||
privateKeyCSR, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
require.NoError(t, err, "Could not generate test key")
|
||||
|
||||
request := certificate.ObtainRequest{
|
||||
Domains: domains,
|
||||
Bundle: true,
|
||||
PrivateKey: privateKey,
|
||||
PrivateKey: privateKeyCSR,
|
||||
}
|
||||
resource, err := client.Certificate.Obtain(request)
|
||||
require.NoError(t, err)
|
||||
|
|
|
@ -127,7 +127,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||
}
|
||||
|
||||
d.recordIDsMu.Lock()
|
||||
d.recordIDs[fqdn] = newRecord.ID
|
||||
d.recordIDs[token] = newRecord.ID
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
return nil
|
||||
|
@ -138,7 +138,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
fqdn, _ := dns01.GetRecord(domain, keyAuth)
|
||||
|
||||
d.recordIDsMu.Lock()
|
||||
recordID, ok := d.recordIDs[fqdn]
|
||||
recordID, ok := d.recordIDs[token]
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
if !ok {
|
||||
|
@ -163,7 +163,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
}
|
||||
|
||||
d.recordIDsMu.Lock()
|
||||
delete(d.recordIDs, fqdn)
|
||||
delete(d.recordIDs, token)
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
return nil
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
cloudflare "github.com/cloudflare/cloudflare-go"
|
||||
|
@ -47,6 +48,9 @@ func NewDefaultConfig() *Config {
|
|||
type DNSProvider struct {
|
||||
client *metaClient
|
||||
config *Config
|
||||
|
||||
recordIDs map[string]string
|
||||
recordIDsMu sync.Mutex
|
||||
}
|
||||
|
||||
// NewDNSProvider returns a DNSProvider instance configured for Cloudflare.
|
||||
|
@ -140,6 +144,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||
return fmt.Errorf("cloudflare: failed to create TXT record: %+v %+v", response.Errors, response.Messages)
|
||||
}
|
||||
|
||||
d.recordIDsMu.Lock()
|
||||
d.recordIDs[token] = response.Result.ID
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
log.Infof("cloudflare: new record for %s, ID %s", domain, response.Result.ID)
|
||||
|
||||
return nil
|
||||
|
@ -159,22 +167,23 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
return fmt.Errorf("cloudflare: failed to find zone %s: %v", authZone, err)
|
||||
}
|
||||
|
||||
dnsRecord := cloudflare.DNSRecord{
|
||||
Type: "TXT",
|
||||
Name: dns01.UnFqdn(fqdn),
|
||||
// get the record's unique ID from when we created it
|
||||
d.recordIDsMu.Lock()
|
||||
recordID, ok := d.recordIDs[token]
|
||||
d.recordIDsMu.Unlock()
|
||||
if !ok {
|
||||
return fmt.Errorf("cloudflare: unknown record ID for '%s'", fqdn)
|
||||
}
|
||||
|
||||
records, err := d.client.DNSRecords(zoneID, dnsRecord)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cloudflare: failed to find TXT records: %v", err)
|
||||
}
|
||||
|
||||
for _, record := range records {
|
||||
err = d.client.DeleteDNSRecord(zoneID, record.ID)
|
||||
err = d.client.DeleteDNSRecord(zoneID, recordID)
|
||||
if err != nil {
|
||||
log.Printf("cloudflare: failed to delete TXT record: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// Delete record ID from map
|
||||
d.recordIDsMu.Lock()
|
||||
delete(d.recordIDs, token)
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -94,7 +94,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||
}
|
||||
|
||||
d.recordIDsMu.Lock()
|
||||
d.recordIDs[fqdn] = respData.DomainRecord.ID
|
||||
d.recordIDs[token] = respData.DomainRecord.ID
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
return nil
|
||||
|
@ -111,7 +111,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
|
||||
// get the record's unique ID from when we created it
|
||||
d.recordIDsMu.Lock()
|
||||
recordID, ok := d.recordIDs[fqdn]
|
||||
recordID, ok := d.recordIDs[token]
|
||||
d.recordIDsMu.Unlock()
|
||||
if !ok {
|
||||
return fmt.Errorf("digitalocean: unknown record ID for '%s'", fqdn)
|
||||
|
@ -124,7 +124,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
|
||||
// Delete record ID from map
|
||||
d.recordIDsMu.Lock()
|
||||
delete(d.recordIDs, fqdn)
|
||||
delete(d.recordIDs, token)
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
return nil
|
||||
|
|
|
@ -163,9 +163,9 @@ func TestDNSProvider_CleanUp(t *testing.T) {
|
|||
})
|
||||
|
||||
provider.recordIDsMu.Lock()
|
||||
provider.recordIDs["_acme-challenge.example.com."] = 1234567
|
||||
provider.recordIDs["token"] = 1234567
|
||||
provider.recordIDsMu.Unlock()
|
||||
|
||||
err := provider.CleanUp("example.com", "", "")
|
||||
err := provider.CleanUp("example.com", "token", "")
|
||||
require.NoError(t, err, "fail to remove TXT record")
|
||||
}
|
||||
|
|
|
@ -141,7 +141,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||
}
|
||||
|
||||
d.recordIDsMu.Lock()
|
||||
d.recordIDs[fqdn] = respData.ID
|
||||
d.recordIDs[token] = respData.ID
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
return nil
|
||||
|
@ -153,7 +153,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
|
||||
// get the record's unique ID from when we created it
|
||||
d.recordIDsMu.Lock()
|
||||
recordID, ok := d.recordIDs[fqdn]
|
||||
recordID, ok := d.recordIDs[token]
|
||||
d.recordIDsMu.Unlock()
|
||||
if !ok {
|
||||
return fmt.Errorf("ovh: unknown record ID for '%s'", fqdn)
|
||||
|
@ -182,7 +182,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
|
||||
// Delete record ID from map
|
||||
d.recordIDsMu.Lock()
|
||||
delete(d.recordIDs, fqdn)
|
||||
delete(d.recordIDs, token)
|
||||
d.recordIDsMu.Unlock()
|
||||
|
||||
return nil
|
||||
|
|
Loading…
Reference in a new issue