From 77aef9deb5e71183266fb98ead74e847eb2d8b16 Mon Sep 17 00:00:00 2001 From: sebastien-baillet <41063863+sebastien-baillet@users.noreply.github.com> Date: Sat, 26 Sep 2020 13:29:42 +0200 Subject: [PATCH] gcloud: adds an option to allow the use of private zones (#1258) --- cmd/zz_gen_cmd_dnshelp.go | 1 + docs/content/dns/zz_gen_gcloud.md | 1 + providers/dns/gcloud/gcloud.toml | 1 + providers/dns/gcloud/googlecloud.go | 15 +++++++++++---- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go index aee8c87e..20c1e704 100644 --- a/cmd/zz_gen_cmd_dnshelp.go +++ b/cmd/zz_gen_cmd_dnshelp.go @@ -791,6 +791,7 @@ func displayDNSHelp(name string) error { ew.writeln() ew.writeln(`Additional Configuration:`) + ew.writeln(` - "GCE_ALLOW_PRIVATE_ZONE": Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false)`) ew.writeln(` - "GCE_POLLING_INTERVAL": Time between DNS propagation check`) ew.writeln(` - "GCE_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`) ew.writeln(` - "GCE_TTL": The TTL of the TXT record used for the DNS challenge`) diff --git a/docs/content/dns/zz_gen_gcloud.md b/docs/content/dns/zz_gen_gcloud.md index 9fce2dc6..0d93f183 100644 --- a/docs/content/dns/zz_gen_gcloud.md +++ b/docs/content/dns/zz_gen_gcloud.md @@ -42,6 +42,7 @@ More information [here](/lego/dns/#configuration-and-credentials). | Environment Variable Name | Description | |--------------------------------|-------------| +| `GCE_ALLOW_PRIVATE_ZONE` | Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false) | | `GCE_POLLING_INTERVAL` | Time between DNS propagation check | | `GCE_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation | | `GCE_TTL` | The TTL of the TXT record used for the DNS challenge | diff --git a/providers/dns/gcloud/gcloud.toml b/providers/dns/gcloud/gcloud.toml index 87480325..29931ba5 100644 --- a/providers/dns/gcloud/gcloud.toml +++ b/providers/dns/gcloud/gcloud.toml @@ -13,6 +13,7 @@ Example = '''''' GCE_SERVICE_ACCOUNT_FILE = "Account file path" GCE_SERVICE_ACCOUNT = "Account" [Configuration.Additional] + GCE_ALLOW_PRIVATE_ZONE = "Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false)" GCE_POLLING_INTERVAL = "Time between DNS propagation check" GCE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation" GCE_TTL = "The TTL of the TXT record used for the DNS challenge" diff --git a/providers/dns/gcloud/googlecloud.go b/providers/dns/gcloud/googlecloud.go index e8940891..6a9bc800 100644 --- a/providers/dns/gcloud/googlecloud.go +++ b/providers/dns/gcloud/googlecloud.go @@ -30,9 +30,10 @@ const ( const ( envNamespace = "GCE_" - EnvServiceAccount = envNamespace + "SERVICE_ACCOUNT" - EnvProject = envNamespace + "PROJECT" - EnvDebug = envNamespace + "DEBUG" + EnvServiceAccount = envNamespace + "SERVICE_ACCOUNT" + EnvProject = envNamespace + "PROJECT" + EnvAllowPrivateZone = envNamespace + "ALLOW_PRIVATE_ZONE" + EnvDebug = envNamespace + "DEBUG" EnvTTL = envNamespace + "TTL" EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT" @@ -43,6 +44,7 @@ const ( type Config struct { Debug bool Project string + AllowPrivateZone bool PropagationTimeout time.Duration PollingInterval time.Duration TTL int @@ -53,6 +55,7 @@ type Config struct { func NewDefaultConfig() *Config { return &Config{ Debug: env.GetOrDefaultBool(EnvDebug, false), + AllowPrivateZone: env.GetOrDefaultBool(EnvAllowPrivateZone, false), TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL), PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 180*time.Second), PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 5*time.Second), @@ -326,11 +329,15 @@ func (d *DNSProvider) getHostedZone(domain string) (string, error) { } for _, z := range zones.ManagedZones { - if z.Visibility == "public" || z.Visibility == "" { + if z.Visibility == "public" || z.Visibility == "" || (z.Visibility == "private" && d.config.AllowPrivateZone) { return z.Name, nil } } + if d.config.AllowPrivateZone { + return "", fmt.Errorf("no public or private zone found for domain %s", authZone) + } + return "", fmt.Errorf("no public zone found for domain %s", authZone) }