gcloud: adds an option to allow the use of private zones (#1258)

2020-09-26 13:29:42 +02:00 · 2020-09-26 13:29:42 +02:00 · 77aef9deb5
commit 77aef9deb5
parent ba6eb9729c
4 changed files with 14 additions and 4 deletions
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@ -791,6 +791,7 @@ func displayDNSHelp(name string) error {
 		ew.writeln()

 		ew.writeln(`Additional Configuration:`)
+		ew.writeln(`	- "GCE_ALLOW_PRIVATE_ZONE":	Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false)`)
 		ew.writeln(`	- "GCE_POLLING_INTERVAL":	Time between DNS propagation check`)
 		ew.writeln(`	- "GCE_PROPAGATION_TIMEOUT":	Maximum waiting time for DNS propagation`)
 		ew.writeln(`	- "GCE_TTL":	The TTL of the TXT record used for the DNS challenge`)
--- a/docs/content/dns/zz_gen_gcloud.md
+++ b/docs/content/dns/zz_gen_gcloud.md
@ -42,6 +42,7 @@ More information [here](/lego/dns/#configuration-and-credentials).

 | Environment Variable Name | Description |
 |--------------------------------|-------------|
+| `GCE_ALLOW_PRIVATE_ZONE` | Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false) |
 | `GCE_POLLING_INTERVAL` | Time between DNS propagation check |
 | `GCE_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
 | `GCE_TTL` | The TTL of the TXT record used for the DNS challenge |
--- a/providers/dns/gcloud/gcloud.toml
+++ b/providers/dns/gcloud/gcloud.toml
@ -13,6 +13,7 @@ Example = ''''''
    GCE_SERVICE_ACCOUNT_FILE = "Account file path"
    GCE_SERVICE_ACCOUNT = "Account"
  [Configuration.Additional]
+    GCE_ALLOW_PRIVATE_ZONE = "Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false)"
    GCE_POLLING_INTERVAL = "Time between DNS propagation check"
    GCE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
    GCE_TTL = "The TTL of the TXT record used for the DNS challenge"
--- a/providers/dns/gcloud/googlecloud.go
+++ b/providers/dns/gcloud/googlecloud.go
@ -30,9 +30,10 @@ const (
 const (
 	envNamespace = "GCE_"

-	EnvServiceAccount = envNamespace + "SERVICE_ACCOUNT"
-	EnvProject        = envNamespace + "PROJECT"
-	EnvDebug          = envNamespace + "DEBUG"
+	EnvServiceAccount   = envNamespace + "SERVICE_ACCOUNT"
+	EnvProject          = envNamespace + "PROJECT"
+	EnvAllowPrivateZone = envNamespace + "ALLOW_PRIVATE_ZONE"
+	EnvDebug            = envNamespace + "DEBUG"

 	EnvTTL                = envNamespace + "TTL"
 	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@ -43,6 +44,7 @@ const (
 type Config struct {
 	Debug              bool
 	Project            string
+	AllowPrivateZone   bool
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
 	TTL                int
@ -53,6 +55,7 @@ type Config struct {
 func NewDefaultConfig() *Config {
 	return &Config{
 		Debug:              env.GetOrDefaultBool(EnvDebug, false),
+		AllowPrivateZone:   env.GetOrDefaultBool(EnvAllowPrivateZone, false),
 		TTL:                env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
 		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 180*time.Second),
 		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, 5*time.Second),
@ -326,11 +329,15 @@ func (d *DNSProvider) getHostedZone(domain string) (string, error) {
 	}

 	for _, z := range zones.ManagedZones {
-		if z.Visibility == "public" || z.Visibility == "" {
+		if z.Visibility == "public" || z.Visibility == "" || (z.Visibility == "private" && d.config.AllowPrivateZone) {
 			return z.Name, nil
 		}
 	}

+	if d.config.AllowPrivateZone {
+		return "", fmt.Errorf("no public or private zone found for domain %s", authZone)
+	}
+
 	return "", fmt.Errorf("no public zone found for domain %s", authZone)
 }