1
0
mirror of https://github.com/go-acme/lego.git synced 2024-12-23 09:15:11 +02:00
lego/providers/dns/ovh/ovh.go

316 lines
8.7 KiB
Go
Raw Normal View History

// Package ovh implements a DNS provider for solving the DNS-01 challenge using OVH DNS.
2019-03-11 18:56:48 +02:00
package ovh
2016-06-16 21:11:19 +02:00
import (
"errors"
2016-06-16 21:11:19 +02:00
"fmt"
"net/http"
2016-06-24 20:23:28 +02:00
"sync"
"time"
2016-06-16 21:11:19 +02:00
2020-09-02 03:20:01 +02:00
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
2016-06-16 21:11:19 +02:00
"github.com/ovh/go-ovh/ovh"
)
// OVH API reference: https://eu.api.ovh.com/
// Create a Token: https://eu.api.ovh.com/createToken/
// Create a OAuth2 client: https://eu.api.ovh.com/console-preview/?section=%2Fme&branch=v1#post-/me/api/oauth2/client
2016-06-16 21:11:19 +02:00
// Environment variables names.
const (
envNamespace = "OVH_"
EnvEndpoint = envNamespace + "ENDPOINT"
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
// Authenticate using application key.
const (
EnvApplicationKey = envNamespace + "APPLICATION_KEY"
EnvApplicationSecret = envNamespace + "APPLICATION_SECRET"
EnvConsumerKey = envNamespace + "CONSUMER_KEY"
)
// Authenticate using OAuth2 client.
const (
EnvClientID = envNamespace + "CLIENT_ID"
EnvClientSecret = envNamespace + "CLIENT_SECRET"
)
2020-05-08 19:35:25 +02:00
// Record a DNS record.
type Record struct {
2019-09-19 19:07:00 +02:00
ID int64 `json:"id,omitempty"`
FieldType string `json:"fieldType,omitempty"`
SubDomain string `json:"subDomain,omitempty"`
Target string `json:"target,omitempty"`
TTL int `json:"ttl,omitempty"`
Zone string `json:"zone,omitempty"`
}
// OAuth2Config the OAuth2 specific configuration.
type OAuth2Config struct {
ClientID string
ClientSecret string
}
2020-05-08 19:35:25 +02:00
// Config is used to configure the creation of the DNSProvider.
type Config struct {
APIEndpoint string
ApplicationKey string
ApplicationSecret string
ConsumerKey string
OAuth2Config *OAuth2Config
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
HTTPClient *http.Client
}
func (c *Config) hasAppKeyAuth() bool {
return c.ApplicationKey != "" || c.ApplicationSecret != "" || c.ConsumerKey != ""
}
2020-05-08 19:35:25 +02:00
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
HTTPClient: &http.Client{
Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, ovh.DefaultTimeout),
},
}
}
2020-05-08 19:35:25 +02:00
// DNSProvider implements the challenge.Provider interface.
2016-06-16 21:11:19 +02:00
type DNSProvider struct {
config *Config
2016-06-24 20:23:28 +02:00
client *ovh.Client
2019-09-19 19:07:00 +02:00
recordIDs map[string]int64
2016-06-24 20:23:28 +02:00
recordIDsMu sync.Mutex
2016-06-16 21:11:19 +02:00
}
// NewDNSProvider returns a DNSProvider instance configured for OVH
2020-05-08 19:35:25 +02:00
// Credentials must be passed in the environment variables:
// OVH_ENDPOINT (must be either "ovh-eu" or "ovh-ca"), OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY.
2016-06-16 21:11:19 +02:00
func NewDNSProvider() (*DNSProvider, error) {
config, err := createConfigFromEnvVars()
if err != nil {
2020-02-27 20:14:46 +02:00
return nil, fmt.Errorf("ovh: %w", err)
}
return NewDNSProviderConfig(config)
2016-06-16 21:11:19 +02:00
}
// NewDNSProviderConfig return a DNSProvider instance configured for OVH.
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
return nil, errors.New("ovh: the configuration of the DNS provider is nil")
2016-06-16 21:11:19 +02:00
}
if config.OAuth2Config != nil && config.hasAppKeyAuth() {
return nil, errors.New("ovh: can't use both authentication systems (ApplicationKey and OAuth2)")
}
2016-06-16 21:11:19 +02:00
client, err := newClient(config)
if err != nil {
2020-02-27 20:14:46 +02:00
return nil, fmt.Errorf("ovh: %w", err)
}
client.Client = config.HTTPClient
2016-06-16 21:11:19 +02:00
return &DNSProvider{
config: config,
client: client,
2019-09-19 19:07:00 +02:00
recordIDs: make(map[string]int64),
2016-06-16 21:11:19 +02:00
}, nil
}
// Present creates a TXT record to fulfill the dns-01 challenge.
2016-06-16 21:11:19 +02:00
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
2016-06-16 21:11:19 +02:00
// Parse domain name
authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
2016-06-16 21:11:19 +02:00
if err != nil {
return fmt.Errorf("ovh: could not find zone for domain %q: %w", domain, err)
2016-06-16 21:11:19 +02:00
}
authZone = dns01.UnFqdn(authZone)
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
if err != nil {
return fmt.Errorf("ovh: %w", err)
}
2016-06-16 21:11:19 +02:00
reqURL := fmt.Sprintf("/domain/zone/%s/record", authZone)
reqData := Record{FieldType: "TXT", SubDomain: subDomain, Target: info.Value, TTL: d.config.TTL}
2016-06-16 21:11:19 +02:00
// Create TXT record
var respData Record
2016-06-16 21:11:19 +02:00
err = d.client.Post(reqURL, reqData, &respData)
if err != nil {
2020-02-27 20:14:46 +02:00
return fmt.Errorf("ovh: error when call api to add record (%s): %w", reqURL, err)
2016-06-16 21:11:19 +02:00
}
// Apply the change
reqURL = fmt.Sprintf("/domain/zone/%s/refresh", authZone)
err = d.client.Post(reqURL, nil, nil)
if err != nil {
2020-02-27 20:14:46 +02:00
return fmt.Errorf("ovh: error when call api to refresh zone (%s): %w", reqURL, err)
2016-06-16 21:11:19 +02:00
}
d.recordIDsMu.Lock()
2019-11-05 13:58:13 +02:00
d.recordIDs[token] = respData.ID
2016-06-16 21:11:19 +02:00
d.recordIDsMu.Unlock()
return nil
}
2020-05-08 19:35:25 +02:00
// CleanUp removes the TXT record matching the specified parameters.
2016-06-16 21:11:19 +02:00
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
2016-06-16 21:11:19 +02:00
// get the record's unique ID from when we created it
d.recordIDsMu.Lock()
2019-11-05 13:58:13 +02:00
recordID, ok := d.recordIDs[token]
2016-06-16 21:11:19 +02:00
d.recordIDsMu.Unlock()
if !ok {
return fmt.Errorf("ovh: unknown record ID for '%s'", info.EffectiveFQDN)
2016-06-16 21:11:19 +02:00
}
authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
2016-06-16 21:11:19 +02:00
if err != nil {
return fmt.Errorf("ovh: could not find zone for domain %q: %w", domain, err)
2016-06-16 21:11:19 +02:00
}
authZone = dns01.UnFqdn(authZone)
2016-06-16 21:11:19 +02:00
2016-06-24 20:23:28 +02:00
reqURL := fmt.Sprintf("/domain/zone/%s/record/%d", authZone, recordID)
2016-06-16 21:11:19 +02:00
err = d.client.Delete(reqURL, nil)
if err != nil {
2020-02-27 20:14:46 +02:00
return fmt.Errorf("ovh: error when call OVH api to delete challenge record (%s): %w", reqURL, err)
2016-06-16 21:11:19 +02:00
}
// Apply the change
reqURL = fmt.Sprintf("/domain/zone/%s/refresh", authZone)
err = d.client.Post(reqURL, nil, nil)
if err != nil {
2020-02-27 20:14:46 +02:00
return fmt.Errorf("ovh: error when call api to refresh zone (%s): %w", reqURL, err)
}
2016-06-16 21:11:19 +02:00
// Delete record ID from map
d.recordIDsMu.Lock()
2019-11-05 13:58:13 +02:00
delete(d.recordIDs, token)
2016-06-16 21:11:19 +02:00
d.recordIDsMu.Unlock()
return nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval
}
func createConfigFromEnvVars() (*Config, error) {
firstAppKeyEnvVar := findFirstValuedEnvVar(EnvApplicationKey, EnvApplicationSecret, EnvConsumerKey)
firstOAuth2EnvVar := findFirstValuedEnvVar(EnvClientID, EnvClientSecret)
if firstAppKeyEnvVar != "" && firstOAuth2EnvVar != "" {
return nil, fmt.Errorf("can't use both %s and %s at the same time", firstAppKeyEnvVar, firstOAuth2EnvVar)
}
config := NewDefaultConfig()
if firstOAuth2EnvVar != "" {
values, err := env.Get(EnvEndpoint, EnvClientID, EnvClientSecret)
if err != nil {
return nil, err
}
config.APIEndpoint = values[EnvEndpoint]
config.OAuth2Config = &OAuth2Config{
ClientID: values[EnvClientID],
ClientSecret: values[EnvClientSecret],
}
return config, nil
}
values, err := env.Get(EnvEndpoint, EnvApplicationKey, EnvApplicationSecret, EnvConsumerKey)
if err != nil {
return nil, err
}
config.APIEndpoint = values[EnvEndpoint]
config.ApplicationKey = values[EnvApplicationKey]
config.ApplicationSecret = values[EnvApplicationSecret]
config.ConsumerKey = values[EnvConsumerKey]
return config, nil
}
func findFirstValuedEnvVar(envVars ...string) string {
for _, envVar := range envVars {
if env.GetOrFile(envVar) != "" {
return envVar
}
}
return ""
}
func newClient(config *Config) (*ovh.Client, error) {
if config.OAuth2Config == nil {
return newClientApplicationKey(config)
}
return newClientOAuth2(config)
}
func newClientApplicationKey(config *Config) (*ovh.Client, error) {
if config.APIEndpoint == "" || config.ApplicationKey == "" || config.ApplicationSecret == "" || config.ConsumerKey == "" {
return nil, errors.New("credentials are missing")
}
client, err := ovh.NewClient(
config.APIEndpoint,
config.ApplicationKey,
config.ApplicationSecret,
config.ConsumerKey,
)
if err != nil {
return nil, fmt.Errorf("new client: %w", err)
}
return client, nil
}
func newClientOAuth2(config *Config) (*ovh.Client, error) {
if config.APIEndpoint == "" || config.OAuth2Config.ClientID == "" || config.OAuth2Config.ClientSecret == "" {
return nil, errors.New("credentials are missing")
}
client, err := ovh.NewOAuth2Client(
config.APIEndpoint,
config.OAuth2Config.ClientID,
config.OAuth2Config.ClientSecret,
)
if err != nil {
return nil, fmt.Errorf("new OAuth2 client: %w", err)
}
return client, nil
}