Add support for zone.ee as a DNS provider (#751)

This commit is contained in:
Elen Eisendle 2019-01-20 12:27:35 +01:00 committed by Ludovic Fernandez
parent a43ec709e8
commit 77afd0f732
6 changed files with 684 additions and 0 deletions

View file

@ -128,3 +128,4 @@ git push -u origin my-feature
| VegaDNS | `vegadns` | [documentation](https://github.com/shupp/VegaDNS-API) | [Go client](https://github.com/OpenDNS/vegadns2client) | | VegaDNS | `vegadns` | [documentation](https://github.com/shupp/VegaDNS-API) | [Go client](https://github.com/OpenDNS/vegadns2client) |
| Vultr | `vultr` | [documentation](https://www.vultr.com/api/#dns) | [Go client](https://github.com/JamesClonk/vultr) | | Vultr | `vultr` | [documentation](https://www.vultr.com/api/#dns) | [Go client](https://github.com/JamesClonk/vultr) |
| Vscale | `vscale` | [documentation](https://developers.vscale.io/documentation/api/v1/#api-Domains_Records) | - | | Vscale | `vscale` | [documentation](https://developers.vscale.io/documentation/api/v1/#api-Domains_Records) | - |
| Zone.ee | `zone` | [documentation](https://api.zone.eu/v2) | - |

View file

@ -81,6 +81,7 @@ Here is an example bash command using the CloudFlare DNS provider:
fmt.Fprintln(w, "\tvegadns:\tSECRET_VEGADNS_KEY, SECRET_VEGADNS_SECRET, VEGADNS_URL") fmt.Fprintln(w, "\tvegadns:\tSECRET_VEGADNS_KEY, SECRET_VEGADNS_SECRET, VEGADNS_URL")
fmt.Fprintln(w, "\tvscale:\tVSCALE_API_TOKEN") fmt.Fprintln(w, "\tvscale:\tVSCALE_API_TOKEN")
fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY") fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY")
fmt.Fprintln(w, "\tzoneee:\tZONEEE_ENDPOINT, ZONEEE_API_USER, ZONEEE_API_KEY")
fmt.Fprintln(w) fmt.Fprintln(w)
fmt.Fprintln(w, "Additional configuration environment variables:") fmt.Fprintln(w, "Additional configuration environment variables:")
fmt.Fprintln(w) fmt.Fprintln(w)
@ -132,6 +133,7 @@ Here is an example bash command using the CloudFlare DNS provider:
fmt.Fprintln(w, "\tvegadns:\tVEGADNS_POLLING_INTERVAL, VEGADNS_PROPAGATION_TIMEOUT, VEGADNS_TTL") fmt.Fprintln(w, "\tvegadns:\tVEGADNS_POLLING_INTERVAL, VEGADNS_PROPAGATION_TIMEOUT, VEGADNS_TTL")
fmt.Fprintln(w, "\tvscale:\tVSCALE_BASE_URL, VSCALE_TTL, VSCALE_PROPAGATION_TIMEOUT, VSCALE_POLLING_INTERVAL, VSCALE_HTTP_TIMEOUT") fmt.Fprintln(w, "\tvscale:\tVSCALE_BASE_URL, VSCALE_TTL, VSCALE_PROPAGATION_TIMEOUT, VSCALE_POLLING_INTERVAL, VSCALE_HTTP_TIMEOUT")
fmt.Fprintln(w, "\tvultr:\tVULTR_POLLING_INTERVAL, VULTR_PROPAGATION_TIMEOUT, VULTR_TTL, VULTR_HTTP_TIMEOUT") fmt.Fprintln(w, "\tvultr:\tVULTR_POLLING_INTERVAL, VULTR_PROPAGATION_TIMEOUT, VULTR_TTL, VULTR_HTTP_TIMEOUT")
fmt.Fprintln(w, "\tzoneee:\tZONEEE_POLLING_INTERVAL, ZONEEE_PROPAGATION_TIMEOUT, ZONEEE_HTTP_TIMEOUT")
w.Flush() w.Flush()

View file

@ -54,6 +54,7 @@ import (
"github.com/xenolf/lego/providers/dns/vegadns" "github.com/xenolf/lego/providers/dns/vegadns"
"github.com/xenolf/lego/providers/dns/vscale" "github.com/xenolf/lego/providers/dns/vscale"
"github.com/xenolf/lego/providers/dns/vultr" "github.com/xenolf/lego/providers/dns/vultr"
"github.com/xenolf/lego/providers/dns/zoneee"
) )
// NewDNSChallengeProviderByName Factory for DNS providers // NewDNSChallengeProviderByName Factory for DNS providers
@ -159,6 +160,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return vultr.NewDNSProvider() return vultr.NewDNSProvider()
case "vscale": case "vscale":
return vscale.NewDNSProvider() return vscale.NewDNSProvider()
case "zoneee":
return zoneee.NewDNSProvider()
default: default:
return nil, fmt.Errorf("unrecognised DNS provider: %s", name) return nil, fmt.Errorf("unrecognised DNS provider: %s", name)
} }

View file

@ -0,0 +1,132 @@
package zoneee
import (
"bytes"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"net/http"
"path"
)
const defaultEndpoint = "https://api.zone.eu/v2/dns/"
type txtRecord struct {
// Identifier (identificator)
ID string `json:"id,omitempty"`
// Hostname
Name string `json:"name"`
// TXT content value
Destination string `json:"destination"`
// Can this record be deleted
Delete bool `json:"delete,omitempty"`
// Can this record be modified
Modify bool `json:"modify,omitempty"`
// API url to get this entity
ResourceURL string `json:"resource_url,omitempty"`
}
func (d *DNSProvider) addTxtRecord(domain string, record txtRecord) ([]txtRecord, error) {
reqBody := &bytes.Buffer{}
if err := json.NewEncoder(reqBody).Encode(record); err != nil {
return nil, err
}
req, err := d.makeRequest(http.MethodPost, path.Join(domain, "txt"), reqBody)
if err != nil {
return nil, err
}
var resp []txtRecord
if err := d.sendRequest(req, &resp); err != nil {
return nil, err
}
return resp, nil
}
func (d *DNSProvider) getTxtRecords(domain string) ([]txtRecord, error) {
req, err := d.makeRequest(http.MethodGet, path.Join(domain, "txt"), nil)
if err != nil {
return nil, err
}
var resp []txtRecord
if err := d.sendRequest(req, &resp); err != nil {
return nil, err
}
return resp, nil
}
func (d *DNSProvider) removeTxtRecord(domain, id string) error {
req, err := d.makeRequest(http.MethodDelete, path.Join(domain, "txt", id), nil)
if err != nil {
return err
}
return d.sendRequest(req, nil)
}
func (d *DNSProvider) makeRequest(method, resource string, body io.Reader) (*http.Request, error) {
uri, err := d.config.Endpoint.Parse(resource)
if err != nil {
return nil, err
}
req, err := http.NewRequest(method, uri.String(), body)
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", "application/json")
req.SetBasicAuth(d.config.Username, d.config.APIKey)
return req, nil
}
func (d *DNSProvider) sendRequest(req *http.Request, result interface{}) error {
resp, err := d.config.HTTPClient.Do(req)
if err != nil {
return err
}
if err = checkResponse(resp); err != nil {
return err
}
defer resp.Body.Close()
if result == nil {
return nil
}
raw, err := ioutil.ReadAll(resp.Body)
if err != nil {
return err
}
err = json.Unmarshal(raw, result)
if err != nil {
return fmt.Errorf("unmarshaling %T error [status code=%d]: %v: %s", result, resp.StatusCode, err, string(raw))
}
return err
}
func checkResponse(resp *http.Response) error {
if resp.StatusCode < http.StatusBadRequest {
return nil
}
if resp.Body == nil {
return fmt.Errorf("response body is nil, status code=%d", resp.StatusCode)
}
defer resp.Body.Close()
raw, err := ioutil.ReadAll(resp.Body)
if err != nil {
return fmt.Errorf("unable to read body: status code=%d, error=%v", resp.StatusCode, err)
}
return fmt.Errorf("status code=%d: %s", resp.StatusCode, string(raw))
}

View file

@ -0,0 +1,134 @@
// Package zoneee implements a DNS provider for solving the DNS-01 challenge through zone.ee.
package zoneee
import (
"errors"
"fmt"
"net/http"
"net/url"
"time"
"github.com/xenolf/lego/challenge/dns01"
"github.com/xenolf/lego/platform/config/env"
)
// Config is used to configure the creation of the DNSProvider
type Config struct {
Endpoint *url.URL
Username string
APIKey string
PropagationTimeout time.Duration
PollingInterval time.Duration
HTTPClient *http.Client
}
// NewDefaultConfig returns a default configuration for the DNSProvider
func NewDefaultConfig() *Config {
endpoint, _ := url.Parse(defaultEndpoint)
return &Config{
Endpoint: endpoint,
// zone.ee can take up to 5min to propagate according to the support
PropagationTimeout: env.GetOrDefaultSecond("ZONEEE_PROPAGATION_TIMEOUT", 5*time.Minute),
PollingInterval: env.GetOrDefaultSecond("ZONEEE_POLLING_INTERVAL", 5*time.Second),
HTTPClient: &http.Client{
Timeout: env.GetOrDefaultSecond("ZONEEE_HTTP_TIMEOUT", 30*time.Second),
},
}
}
// DNSProvider describes a provider for acme-proxy
type DNSProvider struct {
config *Config
}
// NewDNSProvider returns a DNSProvider instance.
func NewDNSProvider() (*DNSProvider, error) {
values, err := env.Get("ZONEEE_API_USER", "ZONEEE_API_KEY")
if err != nil {
return nil, fmt.Errorf("zoneee: %v", err)
}
rawEndpoint := env.GetOrDefaultString("ZONEEE_ENDPOINT", defaultEndpoint)
endpoint, err := url.Parse(rawEndpoint)
if err != nil {
return nil, fmt.Errorf("zoneee: %v", err)
}
config := NewDefaultConfig()
config.Username = values["ZONEEE_API_USER"]
config.APIKey = values["ZONEEE_API_KEY"]
config.Endpoint = endpoint
return NewDNSProviderConfig(config)
}
// NewDNSProviderConfig return a DNSProvider .
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
return nil, errors.New("zoneee: the configuration of the DNS provider is nil")
}
if config.Username == "" {
return nil, fmt.Errorf("zoneee: credentials missing: username")
}
if config.APIKey == "" {
return nil, fmt.Errorf("zoneee: credentials missing: API key")
}
if config.Endpoint == nil {
return nil, errors.New("zoneee: the endpoint is missing")
}
return &DNSProvider{config: config}, nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval
}
// Present creates a TXT record to fulfill the dns-01 challenge
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value := dns01.GetRecord(domain, keyAuth)
record := txtRecord{
Name: fqdn[:len(fqdn)-1],
Destination: value,
}
_, err := d.addTxtRecord(domain, record)
if err != nil {
return fmt.Errorf("zoneee: %v", err)
}
return nil
}
// CleanUp removes the TXT record previously created
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
_, value := dns01.GetRecord(domain, keyAuth)
records, err := d.getTxtRecords(domain)
if err != nil {
return fmt.Errorf("zoneee: %v", err)
}
var id string
for _, record := range records {
if record.Destination == value {
id = record.ID
}
}
if id == "" {
return fmt.Errorf("zoneee: txt record does not exist for %v", value)
}
if err = d.removeTxtRecord(domain, id); err != nil {
return fmt.Errorf("zoneee: %v", err)
}
return nil
}

View file

@ -0,0 +1,412 @@
package zoneee
import (
"encoding/json"
"fmt"
"net/http"
"net/http/httptest"
"net/url"
"testing"
"time"
"github.com/stretchr/testify/require"
"github.com/xenolf/lego/platform/tester"
)
var envTest = tester.NewEnvTest("ZONEEE_ENDPOINT", "ZONEEE_API_USER", "ZONEEE_API_KEY").
WithLiveTestRequirements("ZONEEE_API_USER", "ZONEEE_API_KEY").
WithDomain("ZONEE_DOMAIN")
func TestNewDNSProvider(t *testing.T) {
testCases := []struct {
desc string
envVars map[string]string
expected string
}{
{
desc: "success",
envVars: map[string]string{
"ZONEEE_API_USER": "123",
"ZONEEE_API_KEY": "456",
},
},
{
desc: "missing credentials",
envVars: map[string]string{
"ZONEEE_API_USER": "",
"ZONEEE_API_KEY": "",
},
expected: "zoneee: some credentials information are missing: ZONEEE_API_USER,ZONEEE_API_KEY",
},
{
desc: "missing username",
envVars: map[string]string{
"ZONEEE_API_USER": "",
"ZONEEE_API_KEY": "456",
},
expected: "zoneee: some credentials information are missing: ZONEEE_API_USER",
},
{
desc: "missing API key",
envVars: map[string]string{
"ZONEEE_API_USER": "123",
"ZONEEE_API_KEY": "",
},
expected: "zoneee: some credentials information are missing: ZONEEE_API_KEY",
},
{
desc: "invalid URL",
envVars: map[string]string{
"ZONEEE_API_USER": "123",
"ZONEEE_API_KEY": "456",
"ZONEEE_ENDPOINT": ":",
},
expected: "zoneee: parse :: missing protocol scheme",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
envTest.ClearEnv()
envTest.Apply(test.envVars)
p, err := NewDNSProvider()
if len(test.expected) == 0 {
require.NoError(t, err)
require.NotNil(t, p)
require.NotNil(t, p.config)
} else {
require.EqualError(t, err, test.expected)
}
})
}
}
func TestNewDNSProviderConfig(t *testing.T) {
testCases := []struct {
desc string
apiUser string
apiKey string
endpoint string
expected string
}{
{
desc: "success",
apiKey: "123",
apiUser: "456",
},
{
desc: "missing credentials",
expected: "zoneee: credentials missing: username",
},
{
desc: "missing api key",
apiUser: "456",
expected: "zoneee: credentials missing: API key",
},
{
desc: "missing username",
apiKey: "123",
expected: "zoneee: credentials missing: username",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
config := NewDefaultConfig()
config.APIKey = test.apiKey
config.Username = test.apiUser
if len(test.endpoint) > 0 {
config.Endpoint = mustParse(test.endpoint)
}
p, err := NewDNSProviderConfig(config)
if len(test.expected) == 0 {
require.NoError(t, err)
require.NotNil(t, p)
require.NotNil(t, p.config)
} else {
require.EqualError(t, err, test.expected)
}
})
}
}
func TestDNSProvider_Present(t *testing.T) {
domain := "prefix.example.com"
testCases := []struct {
desc string
username string
apiKey string
handlers map[string]http.HandlerFunc
expectedError string
}{
{
desc: "success",
username: "bar",
apiKey: "foo",
handlers: map[string]http.HandlerFunc{
"/" + domain + "/txt": mockHandlerCreateRecord,
},
},
{
desc: "invalid auth",
username: "nope",
apiKey: "foo",
handlers: map[string]http.HandlerFunc{
"/" + domain + "/txt": mockHandlerCreateRecord,
},
expectedError: "zoneee: status code=401: Unauthorized\n",
},
{
desc: "error",
username: "bar",
apiKey: "foo",
expectedError: "zoneee: status code=404: 404 page not found\n",
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
mux := http.NewServeMux()
for uri, handler := range test.handlers {
mux.HandleFunc(uri, handler)
}
server := httptest.NewServer(mux)
config := NewDefaultConfig()
config.Endpoint = mustParse(server.URL)
config.Username = test.username
config.APIKey = test.apiKey
p, err := NewDNSProviderConfig(config)
require.NoError(t, err)
err = p.Present(domain, "token", "key")
if test.expectedError == "" {
require.NoError(t, err)
} else {
require.EqualError(t, err, test.expectedError)
}
})
}
}
func TestDNSProvider_Cleanup(t *testing.T) {
domain := "prefix.example.com"
testCases := []struct {
desc string
username string
apiKey string
handlers map[string]http.HandlerFunc
expectedError string
}{
{
desc: "success",
username: "bar",
apiKey: "foo",
handlers: map[string]http.HandlerFunc{
"/" + domain + "/txt": mockHandlerGetRecords([]txtRecord{{
ID: "1234",
Name: domain,
Destination: "LHDhK3oGRvkiefQnx7OOczTY5Tic_xZ6HcMOc_gmtoM",
Delete: true,
Modify: true,
}}),
"/" + domain + "/txt/1234": mockHandlerDeleteRecord,
},
},
{
desc: "no txt records",
username: "bar",
apiKey: "foo",
handlers: map[string]http.HandlerFunc{
"/" + domain + "/txt": mockHandlerGetRecords([]txtRecord{}),
"/" + domain + "/txt/1234": mockHandlerDeleteRecord,
},
expectedError: "zoneee: txt record does not exist for LHDhK3oGRvkiefQnx7OOczTY5Tic_xZ6HcMOc_gmtoM",
},
{
desc: "invalid auth",
username: "nope",
apiKey: "foo",
handlers: map[string]http.HandlerFunc{
"/" + domain + "/txt": mockHandlerGetRecords([]txtRecord{{
ID: "1234",
Name: domain,
Destination: "LHDhK3oGRvkiefQnx7OOczTY5Tic_xZ6HcMOc_gmtoM",
Delete: true,
Modify: true,
}}),
"/" + domain + "/txt/1234": mockHandlerDeleteRecord,
},
expectedError: "zoneee: status code=401: Unauthorized\n",
},
{
desc: "error",
username: "bar",
apiKey: "foo",
expectedError: "zoneee: status code=404: 404 page not found\n",
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
mux := http.NewServeMux()
for uri, handler := range test.handlers {
mux.HandleFunc(uri, handler)
}
server := httptest.NewServer(mux)
config := NewDefaultConfig()
config.Endpoint = mustParse(server.URL)
config.Username = test.username
config.APIKey = test.apiKey
p, err := NewDNSProviderConfig(config)
require.NoError(t, err)
err = p.CleanUp(domain, "token", "key")
if test.expectedError == "" {
require.NoError(t, err)
} else {
require.EqualError(t, err, test.expectedError)
}
})
}
}
func TestLivePresent(t *testing.T) {
if !envTest.IsLiveTest() {
t.Skip("skipping live test")
}
envTest.RestoreEnv()
provider, err := NewDNSProvider()
require.NoError(t, err)
err = provider.Present(envTest.GetDomain(), "", "123d==")
require.NoError(t, err)
}
func TestLiveCleanUp(t *testing.T) {
if !envTest.IsLiveTest() {
t.Skip("skipping live test")
}
envTest.RestoreEnv()
provider, err := NewDNSProvider()
require.NoError(t, err)
time.Sleep(2 * time.Second)
err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
require.NoError(t, err)
}
func mustParse(rawURL string) *url.URL {
uri, err := url.Parse(rawURL)
if err != nil {
panic(err)
}
return uri
}
func mockHandlerCreateRecord(rw http.ResponseWriter, req *http.Request) {
if req.Method != http.MethodPost {
http.Error(rw, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
}
username, apiKey, ok := req.BasicAuth()
if username != "bar" || apiKey != "foo" || !ok {
rw.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, "Please enter your username and API key."))
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
record := txtRecord{}
err := json.NewDecoder(req.Body).Decode(&record)
if err != nil {
http.Error(rw, err.Error(), http.StatusBadRequest)
return
}
record.ID = "1234"
record.Delete = true
record.Modify = true
record.ResourceURL = req.URL.String() + "/1234"
bytes, err := json.Marshal([]txtRecord{record})
if err != nil {
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
if _, err = rw.Write(bytes); err != nil {
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
}
func mockHandlerGetRecords(records []txtRecord) http.HandlerFunc {
return func(rw http.ResponseWriter, req *http.Request) {
if req.Method != http.MethodGet {
http.Error(rw, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
}
username, apiKey, ok := req.BasicAuth()
if username != "bar" || apiKey != "foo" || !ok {
rw.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, "Please enter your username and API key."))
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
for _, value := range records {
if len(value.ResourceURL) == 0 {
value.ResourceURL = req.URL.String() + "/" + value.ID
}
}
bytes, err := json.Marshal(records)
if err != nil {
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
if _, err = rw.Write(bytes); err != nil {
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
}
}
func mockHandlerDeleteRecord(rw http.ResponseWriter, req *http.Request) {
if req.Method != http.MethodDelete {
http.Error(rw, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
return
}
username, apiKey, ok := req.BasicAuth()
if username != "bar" || apiKey != "foo" || !ok {
rw.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, "Please enter your username and API key."))
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
rw.WriteHeader(http.StatusNoContent)
}