alidns: support sts token credential (#1454)

This commit is contained in:
Yuanhai He 2021-08-07 18:07:31 +08:00 committed by GitHub
parent 8e7bba485f
commit 6f5f694cd5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 21 additions and 8 deletions

View file

@ -143,6 +143,7 @@ func displayDNSHelp(name string) error {
ew.writeln(`Credentials:`)
ew.writeln(` - "ALICLOUD_ACCESS_KEY": Access key ID`)
ew.writeln(` - "ALICLOUD_SECRET_KEY": Access Key secret`)
ew.writeln(` - "ALICLOUD_SECURITY_TOKEN": STS Security Token (optional)`)
ew.writeln()
ew.writeln(`Additional Configuration:`)

View file

@ -35,6 +35,7 @@ lego --email myemail@example.com --dns alidns --domains my.example.org run
|-----------------------|-------------|
| `ALICLOUD_ACCESS_KEY` | Access key ID |
| `ALICLOUD_SECRET_KEY` | Access Key secret |
| `ALICLOUD_SECURITY_TOKEN` | STS Security Token (optional) |
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here](/lego/dns/#configuration-and-credentials).

2
go.mod
View file

@ -14,7 +14,7 @@ require (
github.com/BurntSushi/toml v0.3.1
github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87
github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1
github.com/aliyun/alibaba-cloud-sdk-go v1.61.976
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183
github.com/aws/aws-sdk-go v1.39.0
github.com/cenkalti/backoff/v4 v4.1.1
github.com/cloudflare/cloudflare-go v0.18.0

4
go.sum
View file

@ -61,8 +61,8 @@ github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1 h1:bLzehmpyCwQiqCE1Qe9Ny6fbF
github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1/go.mod h1:kX6YddBkXqqywAe8c9LyvgTCyFuZCTMF4cRPQhc3Fy8=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/aliyun/alibaba-cloud-sdk-go v1.61.976 h1:I9fs4eZbZqimF3TstEqEwK66R2b7QKd6D6OCxibSD60=
github.com/aliyun/alibaba-cloud-sdk-go v1.61.976/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA=
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183 h1:dkj8/dxOQ4L1XpwCzRLqukvUBbxuNdz3FeyvHFnRjmo=
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=

View file

@ -8,6 +8,7 @@ import (
"time"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/services/alidns"
@ -24,6 +25,7 @@ const (
EnvAccessKey = envNamespace + "ACCESS_KEY"
EnvSecretKey = envNamespace + "SECRET_KEY"
EnvSecurityToken = envNamespace + "SECURITY_TOKEN"
EnvRegionID = envNamespace + "REGION_ID"
EnvTTL = envNamespace + "TTL"
@ -36,6 +38,7 @@ const (
type Config struct {
APIKey string
SecretKey string
SecurityToken string
RegionID string
PropagationTimeout time.Duration
PollingInterval time.Duration
@ -61,7 +64,7 @@ type DNSProvider struct {
// NewDNSProvider returns a DNSProvider instance configured for Alibaba Cloud DNS.
// Credentials must be passed in the environment variables:
// ALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY.
// ALICLOUD_ACCESS_KEY, ALICLOUD_SECRET_KEY, and optionally ALICLOUD_SECURITY_TOKEN.
func NewDNSProvider() (*DNSProvider, error) {
values, err := env.Get(EnvAccessKey, EnvSecretKey)
if err != nil {
@ -72,6 +75,7 @@ func NewDNSProvider() (*DNSProvider, error) {
config.APIKey = values[EnvAccessKey]
config.SecretKey = values[EnvSecretKey]
config.RegionID = env.GetOrFile(EnvRegionID)
config.SecurityToken = env.GetOrFile(EnvSecurityToken)
return NewDNSProviderConfig(config)
}
@ -91,7 +95,13 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
}
conf := sdk.NewConfig().WithTimeout(config.HTTPTimeout)
credential := credentials.NewAccessKeyCredential(config.APIKey, config.SecretKey)
var credential auth.Credential
if config.SecurityToken == "" {
credential = credentials.NewAccessKeyCredential(config.APIKey, config.SecretKey)
} else {
credential = credentials.NewStsTokenCredential(config.APIKey, config.SecretKey, config.SecurityToken)
}
client, err := alidns.NewClientWithOptions(config.RegionID, conf, credential)
if err != nil {

View file

@ -14,6 +14,7 @@ lego --email myemail@example.com --dns alidns --domains my.example.org run
[Configuration.Credentials]
ALICLOUD_ACCESS_KEY = "Access key ID"
ALICLOUD_SECRET_KEY = "Access Key secret"
ALICLOUD_SECURITY_TOKEN = "STS Security Token (optional)"
[Configuration.Additional]
ALICLOUD_POLLING_INTERVAL = "Time between DNS propagation check"
ALICLOUD_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"