forked from TrueCloudLab/lego
alidns: support sts token credential (#1454)
This commit is contained in:
parent
8e7bba485f
commit
6f5f694cd5
6 changed files with 21 additions and 8 deletions
|
@ -143,6 +143,7 @@ func displayDNSHelp(name string) error {
|
|||
ew.writeln(`Credentials:`)
|
||||
ew.writeln(` - "ALICLOUD_ACCESS_KEY": Access key ID`)
|
||||
ew.writeln(` - "ALICLOUD_SECRET_KEY": Access Key secret`)
|
||||
ew.writeln(` - "ALICLOUD_SECURITY_TOKEN": STS Security Token (optional)`)
|
||||
ew.writeln()
|
||||
|
||||
ew.writeln(`Additional Configuration:`)
|
||||
|
|
|
@ -35,6 +35,7 @@ lego --email myemail@example.com --dns alidns --domains my.example.org run
|
|||
|-----------------------|-------------|
|
||||
| `ALICLOUD_ACCESS_KEY` | Access key ID |
|
||||
| `ALICLOUD_SECRET_KEY` | Access Key secret |
|
||||
| `ALICLOUD_SECURITY_TOKEN` | STS Security Token (optional) |
|
||||
|
||||
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
||||
More information [here](/lego/dns/#configuration-and-credentials).
|
||||
|
|
2
go.mod
2
go.mod
|
@ -14,7 +14,7 @@ require (
|
|||
github.com/BurntSushi/toml v0.3.1
|
||||
github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87
|
||||
github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1
|
||||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.976
|
||||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183
|
||||
github.com/aws/aws-sdk-go v1.39.0
|
||||
github.com/cenkalti/backoff/v4 v4.1.1
|
||||
github.com/cloudflare/cloudflare-go v0.18.0
|
||||
|
|
4
go.sum
4
go.sum
|
@ -61,8 +61,8 @@ github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1 h1:bLzehmpyCwQiqCE1Qe9Ny6fbF
|
|||
github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1/go.mod h1:kX6YddBkXqqywAe8c9LyvgTCyFuZCTMF4cRPQhc3Fy8=
|
||||
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
|
||||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.976 h1:I9fs4eZbZqimF3TstEqEwK66R2b7QKd6D6OCxibSD60=
|
||||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.976/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA=
|
||||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183 h1:dkj8/dxOQ4L1XpwCzRLqukvUBbxuNdz3FeyvHFnRjmo=
|
||||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA=
|
||||
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
|
||||
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
|
||||
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/services/alidns"
|
||||
|
@ -24,6 +25,7 @@ const (
|
|||
|
||||
EnvAccessKey = envNamespace + "ACCESS_KEY"
|
||||
EnvSecretKey = envNamespace + "SECRET_KEY"
|
||||
EnvSecurityToken = envNamespace + "SECURITY_TOKEN"
|
||||
EnvRegionID = envNamespace + "REGION_ID"
|
||||
|
||||
EnvTTL = envNamespace + "TTL"
|
||||
|
@ -36,6 +38,7 @@ const (
|
|||
type Config struct {
|
||||
APIKey string
|
||||
SecretKey string
|
||||
SecurityToken string
|
||||
RegionID string
|
||||
PropagationTimeout time.Duration
|
||||
PollingInterval time.Duration
|
||||
|
@ -61,7 +64,7 @@ type DNSProvider struct {
|
|||
|
||||
// NewDNSProvider returns a DNSProvider instance configured for Alibaba Cloud DNS.
|
||||
// Credentials must be passed in the environment variables:
|
||||
// ALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY.
|
||||
// ALICLOUD_ACCESS_KEY, ALICLOUD_SECRET_KEY, and optionally ALICLOUD_SECURITY_TOKEN.
|
||||
func NewDNSProvider() (*DNSProvider, error) {
|
||||
values, err := env.Get(EnvAccessKey, EnvSecretKey)
|
||||
if err != nil {
|
||||
|
@ -72,6 +75,7 @@ func NewDNSProvider() (*DNSProvider, error) {
|
|||
config.APIKey = values[EnvAccessKey]
|
||||
config.SecretKey = values[EnvSecretKey]
|
||||
config.RegionID = env.GetOrFile(EnvRegionID)
|
||||
config.SecurityToken = env.GetOrFile(EnvSecurityToken)
|
||||
|
||||
return NewDNSProviderConfig(config)
|
||||
}
|
||||
|
@ -91,7 +95,13 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
|
|||
}
|
||||
|
||||
conf := sdk.NewConfig().WithTimeout(config.HTTPTimeout)
|
||||
credential := credentials.NewAccessKeyCredential(config.APIKey, config.SecretKey)
|
||||
|
||||
var credential auth.Credential
|
||||
if config.SecurityToken == "" {
|
||||
credential = credentials.NewAccessKeyCredential(config.APIKey, config.SecretKey)
|
||||
} else {
|
||||
credential = credentials.NewStsTokenCredential(config.APIKey, config.SecretKey, config.SecurityToken)
|
||||
}
|
||||
|
||||
client, err := alidns.NewClientWithOptions(config.RegionID, conf, credential)
|
||||
if err != nil {
|
||||
|
|
|
@ -14,6 +14,7 @@ lego --email myemail@example.com --dns alidns --domains my.example.org run
|
|||
[Configuration.Credentials]
|
||||
ALICLOUD_ACCESS_KEY = "Access key ID"
|
||||
ALICLOUD_SECRET_KEY = "Access Key secret"
|
||||
ALICLOUD_SECURITY_TOKEN = "STS Security Token (optional)"
|
||||
[Configuration.Additional]
|
||||
ALICLOUD_POLLING_INTERVAL = "Time between DNS propagation check"
|
||||
ALICLOUD_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
|
||||
|
|
Loading…
Reference in a new issue