Add OVH DNS provider

This commit is contained in:
disaster 2016-06-16 21:11:19 +02:00
parent cae9c70e1e
commit 4f6c1d470f
5 changed files with 279 additions and 0 deletions

1
.gitignore vendored
View file

@ -1,3 +1,4 @@
lego.exe lego.exe
lego lego
.lego .lego
.idea

1
cli.go
View file

@ -188,6 +188,7 @@ Here is an example bash command using the CloudFlare DNS provider:
fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION") fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION")
fmt.Fprintln(w, "\tdyn:\tDYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD") fmt.Fprintln(w, "\tdyn:\tDYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD")
fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY") fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY")
fmt.Fprintln(w, "\tovh:\tOVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY")
w.Flush() w.Flush()
fmt.Println(` fmt.Println(`

View file

@ -21,6 +21,7 @@ import (
"github.com/xenolf/lego/providers/dns/rfc2136" "github.com/xenolf/lego/providers/dns/rfc2136"
"github.com/xenolf/lego/providers/dns/route53" "github.com/xenolf/lego/providers/dns/route53"
"github.com/xenolf/lego/providers/dns/vultr" "github.com/xenolf/lego/providers/dns/vultr"
"github.com/xenolf/lego/providers/dns/ovh"
"github.com/xenolf/lego/providers/http/webroot" "github.com/xenolf/lego/providers/http/webroot"
) )
@ -120,6 +121,8 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
provider, err = rfc2136.NewDNSProvider() provider, err = rfc2136.NewDNSProvider()
case "vultr": case "vultr":
provider, err = vultr.NewDNSProvider() provider, err = vultr.NewDNSProvider()
case "ovh":
provider, err = ovh.NewDNSProvider()
} }
if err != nil { if err != nil {

169
providers/dns/ovh/ovh.go Normal file
View file

@ -0,0 +1,169 @@
// Package OVH implements a DNS provider for solving the DNS-01
// challenge using OVH DNS.
package ovh
import (
"fmt"
"os"
"sync"
"strings"
"github.com/xenolf/lego/acme"
"github.com/ovh/go-ovh/ovh"
)
// OVH API reference: https://eu.api.ovh.com/
// Create a Token: https://eu.api.ovh.com/createToken/
// DNSProvider is an implementation of the acme.ChallengeProvider interface
// that uses OVH's REST API to manage TXT records for a domain.
type DNSProvider struct {
client *ovh.Client
recordIDs map[string]int
recordIDsMu sync.Mutex
}
// NewDNSProvider returns a DNSProvider instance configured for OVH
// Credentials must be passed in the environment variable:
// OVH_ENDPOINT : it must be ovh-eu or ovh-ca
// OVH_APPLICATION_KEY
// OVH_APPLICATION_SECRET
// OVH_CONSUMER_KEY
func NewDNSProvider() (*DNSProvider, error) {
apiEndpoint := os.Getenv("OVH_ENDPOINT")
applicationKey := os.Getenv("OVH_APPLICATION_KEY")
applicationSecret := os.Getenv("OVH_APPLICATION_SECRET")
consumerKey := os.Getenv("OVH_CONSUMER_KEY")
return NewDNSProviderCredentials(apiEndpoint, applicationKey, applicationSecret, consumerKey)
}
// NewDNSProviderCredentials uses the supplied credentials to return a
// DNSProvider instance configured for OVH.
func NewDNSProviderCredentials(apiEndpoint, applicationKey, applicationSecret, consumerKey string) (*DNSProvider, error) {
if apiEndpoint == "" || applicationKey == "" || applicationSecret == "" || consumerKey == "" {
return nil, fmt.Errorf("OVH credentials missing")
}
ovhClient, _ := ovh.NewClient(
apiEndpoint,
applicationKey,
applicationSecret,
consumerKey,
)
return &DNSProvider{
client: ovhClient,
recordIDs: make(map[string]int),
}, nil
}
// Present creates a TXT record to fulfil the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// txtRecordRequest represents the request body to DO's API to make a TXT record
type txtRecordRequest struct {
FieldType string `json:"fieldType"`
SubDomain string `json:"subDomain"`
Target string `json:"target"`
TTL int `json:"ttl"`
}
// txtRecordResponse represents a response from DO's API after making a TXT record
type txtRecordResponse struct {
ID int `json:"id"`
FieldType string `json:"fieldType"`
SubDomain string `json:"subDomain"`
Target string `json:"target"`
TTL int `json:"ttl"`
Zone string `json:"zone"`
}
fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
// Parse domain name
authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil {
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
}
authZone = acme.UnFqdn(authZone)
subDomain := d.extractRecordName(fqdn, authZone)
reqURL := fmt.Sprintf("/domain/zone/%s/record", authZone)
reqData := txtRecordRequest{FieldType: "TXT", SubDomain: subDomain, Target: value, TTL: ttl}
var respData txtRecordResponse
// Create TXT record
err = d.client.Post(reqURL, reqData, &respData)
if err != nil {
fmt.Printf("Error when call OVH api to add record : %q \n", err)
return err
}
// Apply the change
reqURL = fmt.Sprintf("/domain/zone/%s/refresh", authZone)
err = d.client.Post(reqURL, nil, nil)
if err != nil {
fmt.Printf("Error when call OVH api to refresh zone : %q \n", err)
return err
}
d.recordIDsMu.Lock()
d.recordIDs[fqdn] = respData.ID
d.recordIDsMu.Unlock()
return nil
}
// CleanUp removes the TXT record matching the specified parameters
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
// get the record's unique ID from when we created it
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[fqdn]
d.recordIDsMu.Unlock()
if !ok {
return fmt.Errorf("unknown record ID for '%s'", fqdn)
}
authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil {
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
}
authZone = acme.UnFqdn(authZone)
reqURL := fmt.Sprintf("/domain/zone/%s/record/%d",authZone, recordID)
err = d.client.Delete(reqURL, nil)
if err != nil {
fmt.Printf("Error when call OVH api to delete challenge record : %q \n", err)
return err
}
// Delete record ID from map
d.recordIDsMu.Lock()
delete(d.recordIDs, fqdn)
d.recordIDsMu.Unlock()
return nil
}
func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
name := acme.UnFqdn(fqdn)
if idx := strings.Index(name, "."+domain); idx != -1 {
return name[:idx]
}
return name
}

View file

@ -0,0 +1,105 @@
package ovh
import (
"os"
"testing"
"time"
"github.com/stretchr/testify/assert"
)
var (
liveTest bool
apiEndpoint string
applicationKey string
applicationSecret string
consumerKey string
domain string
)
func init() {
apiEndpoint = os.Getenv("OVH_ENDPOINT")
applicationKey = os.Getenv("OVH_APPLICATION_KEY")
applicationSecret = os.Getenv("OVH_APPLICATION_SECRET")
consumerKey = os.Getenv("OVH_CONSUMER_KEY")
liveTest = len(apiEndpoint) > 0 && len(applicationKey) > 0 && len(applicationSecret) > 0 && len(consumerKey) > 0
}
func restoreEnv() {
os.Setenv("OVH_ENDPOINT", apiEndpoint)
os.Setenv("OVH_APPLICATION_KEY", applicationKey)
os.Setenv("OVH_APPLICATION_SECRET", applicationSecret)
os.Setenv("OVH_CONSUMER_KEY", consumerKey)
}
func TestNewDNSProviderValidEnv(t *testing.T) {
os.Setenv("OVH_ENDPOINT", "ovh-eu")
os.Setenv("OVH_APPLICATION_KEY", "1234")
os.Setenv("OVH_APPLICATION_SECRET", "5678")
os.Setenv("OVH_CONSUMER_KEY", "abcde")
defer restoreEnv()
_, err := NewDNSProvider()
assert.NoError(t, err)
}
func TestNewDNSProviderMissingCredErr(t *testing.T) {
os.Setenv("OVH_ENDPOINT", "")
os.Setenv("OVH_APPLICATION_KEY", "1234")
os.Setenv("OVH_APPLICATION_SECRET", "5678")
os.Setenv("OVH_CONSUMER_KEY", "abcde")
defer restoreEnv()
_, err := NewDNSProvider()
assert.EqualError(t, err, "OVH credentials missing")
os.Setenv("OVH_ENDPOINT", "ovh-eu")
os.Setenv("OVH_APPLICATION_KEY", "")
os.Setenv("OVH_APPLICATION_SECRET", "5678")
os.Setenv("OVH_CONSUMER_KEY", "abcde")
defer restoreEnv()
_, err = NewDNSProvider()
assert.EqualError(t, err, "OVH credentials missing")
os.Setenv("OVH_ENDPOINT", "ovh-eu")
os.Setenv("OVH_APPLICATION_KEY", "1234")
os.Setenv("OVH_APPLICATION_SECRET", "")
os.Setenv("OVH_CONSUMER_KEY", "abcde")
defer restoreEnv()
_, err = NewDNSProvider()
assert.EqualError(t, err, "OVH credentials missing")
os.Setenv("OVH_ENDPOINT", "ovh-eu")
os.Setenv("OVH_APPLICATION_KEY", "1234")
os.Setenv("OVH_APPLICATION_SECRET", "5678")
os.Setenv("OVH_CONSUMER_KEY", "")
defer restoreEnv()
_, err = NewDNSProvider()
assert.EqualError(t, err, "OVH credentials missing")
}
func TestLivePresent(t *testing.T) {
if !liveTest {
t.Skip("skipping live test")
}
provider, err := NewDNSProvider()
assert.NoError(t, err)
err = provider.Present(domain, "", "123d==")
assert.NoError(t, err)
}
func TestLiveCleanUp(t *testing.T) {
if !liveTest {
t.Skip("skipping live test")
}
time.Sleep(time.Second * 1)
provider, err := NewDNSProvider()
assert.NoError(t, err)
err = provider.CleanUp(domain, "", "123d==")
assert.NoError(t, err)
}