From 6f5f694cd593d18446d227b19ebdc44f14a38e57 Mon Sep 17 00:00:00 2001 From: Yuanhai He Date: Sat, 7 Aug 2021 18:07:31 +0800 Subject: [PATCH] alidns: support sts token credential (#1454) --- cmd/zz_gen_cmd_dnshelp.go | 1 + docs/content/dns/zz_gen_alidns.md | 1 + go.mod | 2 +- go.sum | 4 ++-- providers/dns/alidns/alidns.go | 20 +++++++++++++++----- providers/dns/alidns/alidns.toml | 1 + 6 files changed, 21 insertions(+), 8 deletions(-) diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go index 3e3c382f..9a80def6 100644 --- a/cmd/zz_gen_cmd_dnshelp.go +++ b/cmd/zz_gen_cmd_dnshelp.go @@ -143,6 +143,7 @@ func displayDNSHelp(name string) error { ew.writeln(`Credentials:`) ew.writeln(` - "ALICLOUD_ACCESS_KEY": Access key ID`) ew.writeln(` - "ALICLOUD_SECRET_KEY": Access Key secret`) + ew.writeln(` - "ALICLOUD_SECURITY_TOKEN": STS Security Token (optional)`) ew.writeln() ew.writeln(`Additional Configuration:`) diff --git a/docs/content/dns/zz_gen_alidns.md b/docs/content/dns/zz_gen_alidns.md index 15f3628b..daf8512c 100644 --- a/docs/content/dns/zz_gen_alidns.md +++ b/docs/content/dns/zz_gen_alidns.md @@ -35,6 +35,7 @@ lego --email myemail@example.com --dns alidns --domains my.example.org run |-----------------------|-------------| | `ALICLOUD_ACCESS_KEY` | Access key ID | | `ALICLOUD_SECRET_KEY` | Access Key secret | +| `ALICLOUD_SECURITY_TOKEN` | STS Security Token (optional) | The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. More information [here](/lego/dns/#configuration-and-credentials). diff --git a/go.mod b/go.mod index 6275910d..2fb07fed 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/BurntSushi/toml v0.3.1 github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1 - github.com/aliyun/alibaba-cloud-sdk-go v1.61.976 + github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183 github.com/aws/aws-sdk-go v1.39.0 github.com/cenkalti/backoff/v4 v4.1.1 github.com/cloudflare/cloudflare-go v0.18.0 diff --git a/go.sum b/go.sum index d2828ad1..fc940bf0 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1 h1:bLzehmpyCwQiqCE1Qe9Ny6fbF github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1/go.mod h1:kX6YddBkXqqywAe8c9LyvgTCyFuZCTMF4cRPQhc3Fy8= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/aliyun/alibaba-cloud-sdk-go v1.61.976 h1:I9fs4eZbZqimF3TstEqEwK66R2b7QKd6D6OCxibSD60= -github.com/aliyun/alibaba-cloud-sdk-go v1.61.976/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA= +github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183 h1:dkj8/dxOQ4L1XpwCzRLqukvUBbxuNdz3FeyvHFnRjmo= +github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= diff --git a/providers/dns/alidns/alidns.go b/providers/dns/alidns/alidns.go index d48a076c..8754edf1 100644 --- a/providers/dns/alidns/alidns.go +++ b/providers/dns/alidns/alidns.go @@ -8,6 +8,7 @@ import ( "time" "github.com/aliyun/alibaba-cloud-sdk-go/sdk" + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth" "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials" "github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests" "github.com/aliyun/alibaba-cloud-sdk-go/services/alidns" @@ -22,9 +23,10 @@ const defaultRegionID = "cn-hangzhou" const ( envNamespace = "ALICLOUD_" - EnvAccessKey = envNamespace + "ACCESS_KEY" - EnvSecretKey = envNamespace + "SECRET_KEY" - EnvRegionID = envNamespace + "REGION_ID" + EnvAccessKey = envNamespace + "ACCESS_KEY" + EnvSecretKey = envNamespace + "SECRET_KEY" + EnvSecurityToken = envNamespace + "SECURITY_TOKEN" + EnvRegionID = envNamespace + "REGION_ID" EnvTTL = envNamespace + "TTL" EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT" @@ -36,6 +38,7 @@ const ( type Config struct { APIKey string SecretKey string + SecurityToken string RegionID string PropagationTimeout time.Duration PollingInterval time.Duration @@ -61,7 +64,7 @@ type DNSProvider struct { // NewDNSProvider returns a DNSProvider instance configured for Alibaba Cloud DNS. // Credentials must be passed in the environment variables: -// ALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY. +// ALICLOUD_ACCESS_KEY, ALICLOUD_SECRET_KEY, and optionally ALICLOUD_SECURITY_TOKEN. func NewDNSProvider() (*DNSProvider, error) { values, err := env.Get(EnvAccessKey, EnvSecretKey) if err != nil { @@ -72,6 +75,7 @@ func NewDNSProvider() (*DNSProvider, error) { config.APIKey = values[EnvAccessKey] config.SecretKey = values[EnvSecretKey] config.RegionID = env.GetOrFile(EnvRegionID) + config.SecurityToken = env.GetOrFile(EnvSecurityToken) return NewDNSProviderConfig(config) } @@ -91,7 +95,13 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { } conf := sdk.NewConfig().WithTimeout(config.HTTPTimeout) - credential := credentials.NewAccessKeyCredential(config.APIKey, config.SecretKey) + + var credential auth.Credential + if config.SecurityToken == "" { + credential = credentials.NewAccessKeyCredential(config.APIKey, config.SecretKey) + } else { + credential = credentials.NewStsTokenCredential(config.APIKey, config.SecretKey, config.SecurityToken) + } client, err := alidns.NewClientWithOptions(config.RegionID, conf, credential) if err != nil { diff --git a/providers/dns/alidns/alidns.toml b/providers/dns/alidns/alidns.toml index ca4b0185..6988dd44 100644 --- a/providers/dns/alidns/alidns.toml +++ b/providers/dns/alidns/alidns.toml @@ -14,6 +14,7 @@ lego --email myemail@example.com --dns alidns --domains my.example.org run [Configuration.Credentials] ALICLOUD_ACCESS_KEY = "Access key ID" ALICLOUD_SECRET_KEY = "Access Key secret" + ALICLOUD_SECURITY_TOKEN = "STS Security Token (optional)" [Configuration.Additional] ALICLOUD_POLLING_INTERVAL = "Time between DNS propagation check" ALICLOUD_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"