From 4f6c1d470ffaeb45e7a3327acdb41e732da4b996 Mon Sep 17 00:00:00 2001 From: disaster Date: Thu, 16 Jun 2016 21:11:19 +0200 Subject: [PATCH] Add OVH DNS provider --- .gitignore | 1 + cli.go | 1 + cli_handlers.go | 3 + providers/dns/ovh/ovh.go | 169 ++++++++++++++++++++++++++++++++++ providers/dns/ovh/ovh_test.go | 105 +++++++++++++++++++++ 5 files changed, 279 insertions(+) create mode 100644 providers/dns/ovh/ovh.go create mode 100644 providers/dns/ovh/ovh_test.go diff --git a/.gitignore b/.gitignore index e7e52772..74d32f0a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ lego.exe lego .lego +.idea diff --git a/cli.go b/cli.go index 947ed345..2451d41a 100644 --- a/cli.go +++ b/cli.go @@ -188,6 +188,7 @@ Here is an example bash command using the CloudFlare DNS provider: fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION") fmt.Fprintln(w, "\tdyn:\tDYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD") fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY") + fmt.Fprintln(w, "\tovh:\tOVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY") w.Flush() fmt.Println(` diff --git a/cli_handlers.go b/cli_handlers.go index 06d534c4..4e17f7ba 100644 --- a/cli_handlers.go +++ b/cli_handlers.go @@ -21,6 +21,7 @@ import ( "github.com/xenolf/lego/providers/dns/rfc2136" "github.com/xenolf/lego/providers/dns/route53" "github.com/xenolf/lego/providers/dns/vultr" + "github.com/xenolf/lego/providers/dns/ovh" "github.com/xenolf/lego/providers/http/webroot" ) @@ -120,6 +121,8 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) { provider, err = rfc2136.NewDNSProvider() case "vultr": provider, err = vultr.NewDNSProvider() + case "ovh": + provider, err = ovh.NewDNSProvider() } if err != nil { diff --git a/providers/dns/ovh/ovh.go b/providers/dns/ovh/ovh.go new file mode 100644 index 00000000..4e4c7403 --- /dev/null +++ b/providers/dns/ovh/ovh.go @@ -0,0 +1,169 @@ +// Package OVH implements a DNS provider for solving the DNS-01 +// challenge using OVH DNS. +package ovh + +import ( + "fmt" + "os" + "sync" + "strings" + + "github.com/xenolf/lego/acme" + "github.com/ovh/go-ovh/ovh" +) + +// OVH API reference: https://eu.api.ovh.com/ +// Create a Token: https://eu.api.ovh.com/createToken/ + + +// DNSProvider is an implementation of the acme.ChallengeProvider interface +// that uses OVH's REST API to manage TXT records for a domain. +type DNSProvider struct { + client *ovh.Client + recordIDs map[string]int + recordIDsMu sync.Mutex +} + + +// NewDNSProvider returns a DNSProvider instance configured for OVH +// Credentials must be passed in the environment variable: +// OVH_ENDPOINT : it must be ovh-eu or ovh-ca +// OVH_APPLICATION_KEY +// OVH_APPLICATION_SECRET +// OVH_CONSUMER_KEY +func NewDNSProvider() (*DNSProvider, error) { + apiEndpoint := os.Getenv("OVH_ENDPOINT") + applicationKey := os.Getenv("OVH_APPLICATION_KEY") + applicationSecret := os.Getenv("OVH_APPLICATION_SECRET") + consumerKey := os.Getenv("OVH_CONSUMER_KEY") + return NewDNSProviderCredentials(apiEndpoint, applicationKey, applicationSecret, consumerKey) +} + + +// NewDNSProviderCredentials uses the supplied credentials to return a +// DNSProvider instance configured for OVH. +func NewDNSProviderCredentials(apiEndpoint, applicationKey, applicationSecret, consumerKey string) (*DNSProvider, error) { + if apiEndpoint == "" || applicationKey == "" || applicationSecret == "" || consumerKey == "" { + return nil, fmt.Errorf("OVH credentials missing") + } + + ovhClient, _ := ovh.NewClient( + apiEndpoint, + applicationKey, + applicationSecret, + consumerKey, + ) + + return &DNSProvider{ + client: ovhClient, + recordIDs: make(map[string]int), + }, nil +} + + +// Present creates a TXT record to fulfil the dns-01 challenge. +func (d *DNSProvider) Present(domain, token, keyAuth string) error { + + // txtRecordRequest represents the request body to DO's API to make a TXT record + type txtRecordRequest struct { + FieldType string `json:"fieldType"` + SubDomain string `json:"subDomain"` + Target string `json:"target"` + TTL int `json:"ttl"` + } + + // txtRecordResponse represents a response from DO's API after making a TXT record + type txtRecordResponse struct { + ID int `json:"id"` + FieldType string `json:"fieldType"` + SubDomain string `json:"subDomain"` + Target string `json:"target"` + TTL int `json:"ttl"` + Zone string `json:"zone"` + } + + fqdn, value, ttl := acme.DNS01Record(domain, keyAuth) + + // Parse domain name + authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers) + if err != nil { + return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err) + } + + authZone = acme.UnFqdn(authZone) + subDomain := d.extractRecordName(fqdn, authZone) + + + reqURL := fmt.Sprintf("/domain/zone/%s/record", authZone) + reqData := txtRecordRequest{FieldType: "TXT", SubDomain: subDomain, Target: value, TTL: ttl} + var respData txtRecordResponse + + // Create TXT record + err = d.client.Post(reqURL, reqData, &respData) + if err != nil { + fmt.Printf("Error when call OVH api to add record : %q \n", err) + return err + } + + // Apply the change + reqURL = fmt.Sprintf("/domain/zone/%s/refresh", authZone) + err = d.client.Post(reqURL, nil, nil) + if err != nil { + fmt.Printf("Error when call OVH api to refresh zone : %q \n", err) + return err + } + + d.recordIDsMu.Lock() + d.recordIDs[fqdn] = respData.ID + d.recordIDsMu.Unlock() + + + + return nil +} + + +// CleanUp removes the TXT record matching the specified parameters +func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { + fqdn, _, _ := acme.DNS01Record(domain, keyAuth) + + // get the record's unique ID from when we created it + d.recordIDsMu.Lock() + recordID, ok := d.recordIDs[fqdn] + d.recordIDsMu.Unlock() + if !ok { + return fmt.Errorf("unknown record ID for '%s'", fqdn) + } + + + authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers) + if err != nil { + return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err) + } + + authZone = acme.UnFqdn(authZone) + + reqURL := fmt.Sprintf("/domain/zone/%s/record/%d",authZone, recordID) + + err = d.client.Delete(reqURL, nil) + if err != nil { + fmt.Printf("Error when call OVH api to delete challenge record : %q \n", err) + return err + } + + + // Delete record ID from map + d.recordIDsMu.Lock() + delete(d.recordIDs, fqdn) + d.recordIDsMu.Unlock() + + return nil +} + +func (d *DNSProvider) extractRecordName(fqdn, domain string) string { + name := acme.UnFqdn(fqdn) + if idx := strings.Index(name, "."+domain); idx != -1 { + return name[:idx] + } + return name +} diff --git a/providers/dns/ovh/ovh_test.go b/providers/dns/ovh/ovh_test.go new file mode 100644 index 00000000..0d2d8933 --- /dev/null +++ b/providers/dns/ovh/ovh_test.go @@ -0,0 +1,105 @@ +package ovh + +import ( + "os" + "testing" + "time" + + "github.com/stretchr/testify/assert" +) + +var ( + liveTest bool + apiEndpoint string + applicationKey string + applicationSecret string + consumerKey string + domain string +) + +func init() { + apiEndpoint = os.Getenv("OVH_ENDPOINT") + applicationKey = os.Getenv("OVH_APPLICATION_KEY") + applicationSecret = os.Getenv("OVH_APPLICATION_SECRET") + consumerKey = os.Getenv("OVH_CONSUMER_KEY") + liveTest = len(apiEndpoint) > 0 && len(applicationKey) > 0 && len(applicationSecret) > 0 && len(consumerKey) > 0 +} + +func restoreEnv() { + os.Setenv("OVH_ENDPOINT", apiEndpoint) + os.Setenv("OVH_APPLICATION_KEY", applicationKey) + os.Setenv("OVH_APPLICATION_SECRET", applicationSecret) + os.Setenv("OVH_CONSUMER_KEY", consumerKey) +} + +func TestNewDNSProviderValidEnv(t *testing.T) { + os.Setenv("OVH_ENDPOINT", "ovh-eu") + os.Setenv("OVH_APPLICATION_KEY", "1234") + os.Setenv("OVH_APPLICATION_SECRET", "5678") + os.Setenv("OVH_CONSUMER_KEY", "abcde") + defer restoreEnv() + _, err := NewDNSProvider() + assert.NoError(t, err) +} + +func TestNewDNSProviderMissingCredErr(t *testing.T) { + os.Setenv("OVH_ENDPOINT", "") + os.Setenv("OVH_APPLICATION_KEY", "1234") + os.Setenv("OVH_APPLICATION_SECRET", "5678") + os.Setenv("OVH_CONSUMER_KEY", "abcde") + defer restoreEnv() + _, err := NewDNSProvider() + assert.EqualError(t, err, "OVH credentials missing") + + + os.Setenv("OVH_ENDPOINT", "ovh-eu") + os.Setenv("OVH_APPLICATION_KEY", "") + os.Setenv("OVH_APPLICATION_SECRET", "5678") + os.Setenv("OVH_CONSUMER_KEY", "abcde") + defer restoreEnv() + _, err = NewDNSProvider() + assert.EqualError(t, err, "OVH credentials missing") + + + os.Setenv("OVH_ENDPOINT", "ovh-eu") + os.Setenv("OVH_APPLICATION_KEY", "1234") + os.Setenv("OVH_APPLICATION_SECRET", "") + os.Setenv("OVH_CONSUMER_KEY", "abcde") + defer restoreEnv() + _, err = NewDNSProvider() + assert.EqualError(t, err, "OVH credentials missing") + + os.Setenv("OVH_ENDPOINT", "ovh-eu") + os.Setenv("OVH_APPLICATION_KEY", "1234") + os.Setenv("OVH_APPLICATION_SECRET", "5678") + os.Setenv("OVH_CONSUMER_KEY", "") + defer restoreEnv() + _, err = NewDNSProvider() + assert.EqualError(t, err, "OVH credentials missing") +} + +func TestLivePresent(t *testing.T) { + if !liveTest { + t.Skip("skipping live test") + } + + provider, err := NewDNSProvider() + assert.NoError(t, err) + + err = provider.Present(domain, "", "123d==") + assert.NoError(t, err) +} + +func TestLiveCleanUp(t *testing.T) { + if !liveTest { + t.Skip("skipping live test") + } + + time.Sleep(time.Second * 1) + + provider, err := NewDNSProvider() + assert.NoError(t, err) + + err = provider.CleanUp(domain, "", "123d==") + assert.NoError(t, err) +}