lego/providers/dns/linode/linode.go
2024-02-11 14:37:09 +01:00

208 lines
5.9 KiB
Go

// Package linode implements a DNS provider for solving the DNS-01 challenge using Linode DNS and Linode's APIv4
package linode
import (
"context"
"encoding/json"
"errors"
"fmt"
"net/http"
"time"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/linode/linodego"
"golang.org/x/oauth2"
)
const (
minTTL = 300
dnsUpdateFreqMins = 15
dnsUpdateFudgeSecs = 120
)
// Environment variables names.
const (
envNamespace = "LINODE_"
EnvToken = envNamespace + "TOKEN"
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
Token string
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
HTTPTimeout time.Duration
}
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
TTL: env.GetOrDefaultInt(EnvTTL, minTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 0),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 15*time.Second),
HTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 0),
}
}
type hostedZoneInfo struct {
domainID int
resourceName string
}
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
config *Config
client *linodego.Client
}
// NewDNSProvider returns a DNSProvider instance configured for Linode.
// Credentials must be passed in the environment variable: LINODE_TOKEN.
func NewDNSProvider() (*DNSProvider, error) {
values, err := env.Get(EnvToken)
if err != nil {
return nil, fmt.Errorf("linode: %w", err)
}
config := NewDefaultConfig()
config.Token = values[EnvToken]
return NewDNSProviderConfig(config)
}
// NewDNSProviderConfig return a DNSProvider instance configured for Linode.
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
return nil, errors.New("linode: the configuration of the DNS provider is nil")
}
if config.Token == "" {
return nil, errors.New("linode: Linode Access Token missing")
}
if config.TTL < minTTL {
return nil, fmt.Errorf("linode: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
}
oauth2Client := &http.Client{
Timeout: config.HTTPTimeout,
Transport: &oauth2.Transport{
Source: oauth2.StaticTokenSource(&oauth2.Token{AccessToken: config.Token}),
},
}
client := linodego.NewClient(oauth2Client)
client.SetUserAgent("go-acme/lego https://github.com/linode/linodego")
return &DNSProvider{config: config, client: &client}, nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (time.Duration, time.Duration) {
timeout := d.config.PropagationTimeout
if d.config.PropagationTimeout <= 0 {
// Since Linode only updates their zone files every X minutes, we need
// to figure out how many minutes we have to wait until we hit the next
// interval of X. We then wait another couple of minutes, just to be
// safe. Hopefully at some point during all of this, the record will
// have propagated throughout Linode's network.
minsRemaining := dnsUpdateFreqMins - (time.Now().Minute() % dnsUpdateFreqMins)
timeout = (time.Duration(minsRemaining) * time.Minute) +
(minTTL * time.Second) +
(dnsUpdateFudgeSecs * time.Second)
}
return timeout, d.config.PollingInterval
}
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
zone, err := d.getHostedZoneInfo(info.EffectiveFQDN)
if err != nil {
return err
}
createOpts := linodego.DomainRecordCreateOptions{
Name: dns01.UnFqdn(info.EffectiveFQDN),
Target: info.Value,
TTLSec: d.config.TTL,
Type: linodego.RecordTypeTXT,
}
_, err = d.client.CreateDomainRecord(context.Background(), zone.domainID, createOpts)
return err
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
zone, err := d.getHostedZoneInfo(info.EffectiveFQDN)
if err != nil {
return err
}
// Get all TXT records for the specified domain.
listOpts := linodego.NewListOptions(0, `{"type":"TXT"}`)
resources, err := d.client.ListDomainRecords(context.Background(), zone.domainID, listOpts)
if err != nil {
return err
}
// Remove the specified resource, if it exists.
for _, resource := range resources {
if (resource.Name == dns01.UnFqdn(info.EffectiveFQDN) || resource.Name == zone.resourceName) &&
resource.Target == info.Value {
if err := d.client.DeleteDomainRecord(context.Background(), zone.domainID, resource.ID); err != nil {
return err
}
}
}
return nil
}
func (d *DNSProvider) getHostedZoneInfo(fqdn string) (*hostedZoneInfo, error) {
// Lookup the zone that handles the specified FQDN.
authZone, err := dns01.FindZoneByFqdn(fqdn)
if err != nil {
return nil, fmt.Errorf("could not find zone: %w", err)
}
// Query the authority zone.
filter, err := json.Marshal(map[string]string{"domain": dns01.UnFqdn(authZone)})
if err != nil {
return nil, fmt.Errorf("failed to create JSON filter: %w", err)
}
listOpts := linodego.NewListOptions(0, string(filter))
domains, err := d.client.ListDomains(context.Background(), listOpts)
if err != nil {
return nil, err
}
if len(domains) == 0 {
return nil, errors.New("domain not found")
}
subDomain, err := dns01.ExtractSubDomain(fqdn, authZone)
if err != nil {
return nil, err
}
return &hostedZoneInfo{
domainID: domains[0].ID,
resourceName: subDomain,
}, nil
}