1
0
mirror of https://github.com/go-acme/lego.git synced 2025-01-08 17:15:29 +02:00

designate: allow manually overwriting DNS zone (#2204)

Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
This commit is contained in:
Jan Dittrich 2024-07-18 17:27:04 +02:00 committed by GitHub
parent 321cea51e4
commit 04864ff13b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 25 additions and 6 deletions

View File

@ -704,6 +704,7 @@ func displayDNSHelp(w io.Writer, name string) error {
ew.writeln(` - "DESIGNATE_POLLING_INTERVAL": Time between DNS propagation check`) ew.writeln(` - "DESIGNATE_POLLING_INTERVAL": Time between DNS propagation check`)
ew.writeln(` - "DESIGNATE_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`) ew.writeln(` - "DESIGNATE_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`)
ew.writeln(` - "DESIGNATE_TTL": The TTL of the TXT record used for the DNS challenge`) ew.writeln(` - "DESIGNATE_TTL": The TTL of the TXT record used for the DNS challenge`)
ew.writeln(` - "DESIGNATE_ZONE_NAME": The zone name to use in the OpenStack Project to manage TXT records.`)
ew.writeln(` - "OS_PROJECT_ID": Project ID`) ew.writeln(` - "OS_PROJECT_ID": Project ID`)
ew.writeln(` - "OS_TENANT_NAME": Tenant name (deprecated see OS_PROJECT_NAME and OS_PROJECT_ID)`) ew.writeln(` - "OS_TENANT_NAME": Tenant name (deprecated see OS_PROJECT_NAME and OS_PROJECT_ID)`)

View File

@ -77,6 +77,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
| `DESIGNATE_POLLING_INTERVAL` | Time between DNS propagation check | | `DESIGNATE_POLLING_INTERVAL` | Time between DNS propagation check |
| `DESIGNATE_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation | | `DESIGNATE_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
| `DESIGNATE_TTL` | The TTL of the TXT record used for the DNS challenge | | `DESIGNATE_TTL` | The TTL of the TXT record used for the DNS challenge |
| `DESIGNATE_ZONE_NAME` | The zone name to use in the OpenStack Project to manage TXT records. |
| `OS_PROJECT_ID` | Project ID | | `OS_PROJECT_ID` | Project ID |
| `OS_TENANT_NAME` | Tenant name (deprecated see OS_PROJECT_NAME and OS_PROJECT_ID) | | `OS_TENANT_NAME` | Tenant name (deprecated see OS_PROJECT_NAME and OS_PROJECT_ID) |

View File

@ -27,6 +27,8 @@ const (
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT" EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL" EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
EnvZoneName = envNamespace + "ZONE_NAME"
envNamespaceClient = "OS_" envNamespaceClient = "OS_"
EnvAuthURL = envNamespaceClient + "AUTH_URL" EnvAuthURL = envNamespaceClient + "AUTH_URL"
@ -127,12 +129,12 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth) info := dns01.GetChallengeInfo(domain, keyAuth)
authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN) zone, err := getAuthZone(info.EffectiveFQDN)
if err != nil { if err != nil {
return fmt.Errorf("designate: could not find zone for domain %q: %w", domain, err) return fmt.Errorf("designate: %w", err)
} }
zoneID, err := d.getZoneID(authZone) zoneID, err := d.getZoneID(zone)
if err != nil { if err != nil {
return fmt.Errorf("designate: couldn't get zone ID in Present: %w", err) return fmt.Errorf("designate: couldn't get zone ID in Present: %w", err)
} }
@ -167,12 +169,12 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth) info := dns01.GetChallengeInfo(domain, keyAuth)
authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN) zone, err := getAuthZone(info.EffectiveFQDN)
if err != nil { if err != nil {
return fmt.Errorf("designate: could not find zone for domain %q: %w", domain, err) return fmt.Errorf("designate: %w", err)
} }
zoneID, err := d.getZoneID(authZone) zoneID, err := d.getZoneID(zone)
if err != nil { if err != nil {
return fmt.Errorf("designate: couldn't get zone ID in CleanUp: %w", err) return fmt.Errorf("designate: couldn't get zone ID in CleanUp: %w", err)
} }
@ -273,3 +275,17 @@ func (d *DNSProvider) getRecord(zoneID, wanted string) (*recordsets.RecordSet, e
return nil, nil return nil, nil
} }
func getAuthZone(fqdn string) (string, error) {
authZone := env.GetOrFile(EnvZoneName)
if authZone != "" {
return authZone, nil
}
authZone, err := dns01.FindZoneByFqdn(fqdn)
if err != nil {
return "", fmt.Errorf("could not find zone: %w", err)
}
return authZone, nil
}

View File

@ -63,6 +63,7 @@ Public cloud providers with support for Designate:
[Configuration.Additional] [Configuration.Additional]
OS_PROJECT_ID = "Project ID" OS_PROJECT_ID = "Project ID"
OS_TENANT_NAME = "Tenant name (deprecated see OS_PROJECT_NAME and OS_PROJECT_ID)" OS_TENANT_NAME = "Tenant name (deprecated see OS_PROJECT_NAME and OS_PROJECT_ID)"
DESIGNATE_ZONE_NAME = "The zone name to use in the OpenStack Project to manage TXT records."
DESIGNATE_POLLING_INTERVAL = "Time between DNS propagation check" DESIGNATE_POLLING_INTERVAL = "Time between DNS propagation check"
DESIGNATE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation" DESIGNATE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
DESIGNATE_TTL = "The TTL of the TXT record used for the DNS challenge" DESIGNATE_TTL = "The TTL of the TXT record used for the DNS challenge"