From 52e711e04978cd8b20f8da52b370812aa4bf5017 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Fri, 20 Dec 2024 13:49:38 +0100 Subject: [PATCH] Add DNS provider for ManageEngine CloudDNS (#2365) --- README.md | 35 ++- cmd/zz_gen_cmd_dnshelp.go | 22 ++ docs/content/dns/zz_gen_manageengine.md | 69 +++++ docs/data/zz_cli_help.toml | 2 +- providers/dns/manageengine/internal/client.go | 197 +++++++++++++ .../dns/manageengine/internal/client_test.go | 262 ++++++++++++++++++ .../manageengine/internal/fixtures/error.json | 3 + .../internal/fixtures/error_bad_request.json | 3 + .../internal/fixtures/zone_domains_all.json | 146 ++++++++++ .../internal/fixtures/zone_record_create.json | 3 + .../internal/fixtures/zone_record_delete.json | 3 + .../internal/fixtures/zone_record_update.json | 3 + .../internal/fixtures/zone_records_all.json | 40 +++ .../dns/manageengine/internal/identity.go | 20 ++ providers/dns/manageengine/internal/types.go | 63 +++++ providers/dns/manageengine/manageengine.go | 262 ++++++++++++++++++ providers/dns/manageengine/manageengine.toml | 24 ++ .../dns/manageengine/manageengine_test.go | 143 ++++++++++ providers/dns/zz_gen_dns_providers.go | 3 + 19 files changed, 1287 insertions(+), 16 deletions(-) create mode 100644 docs/content/dns/zz_gen_manageengine.md create mode 100644 providers/dns/manageengine/internal/client.go create mode 100644 providers/dns/manageengine/internal/client_test.go create mode 100644 providers/dns/manageengine/internal/fixtures/error.json create mode 100644 providers/dns/manageengine/internal/fixtures/error_bad_request.json create mode 100644 providers/dns/manageengine/internal/fixtures/zone_domains_all.json create mode 100644 providers/dns/manageengine/internal/fixtures/zone_record_create.json create mode 100644 providers/dns/manageengine/internal/fixtures/zone_record_delete.json create mode 100644 providers/dns/manageengine/internal/fixtures/zone_record_update.json create mode 100644 providers/dns/manageengine/internal/fixtures/zone_records_all.json create mode 100644 providers/dns/manageengine/internal/identity.go create mode 100644 providers/dns/manageengine/internal/types.go create mode 100644 providers/dns/manageengine/manageengine.go create mode 100644 providers/dns/manageengine/manageengine.toml create mode 100644 providers/dns/manageengine/manageengine_test.go diff --git a/README.md b/README.md index 53e9e529..cebd033c 100644 --- a/README.md +++ b/README.md @@ -152,85 +152,90 @@ Detailed documentation is available [here](https://go-acme.github.io/lego/dns). LuaDNS Mail-in-a-Box + ManageEngine CloudDNS Manual Metaname mijn.host - Mittwald + Mittwald MyDNS.jp MythicBeasts Name.com - Namecheap + Namecheap Namesilo NearlyFreeSpeech.NET Netcup - Netlify + Netlify Nicmanager NIFCloud Njalla - Nodion + Nodion NS1 Open Telekom Cloud Oracle Cloud - OVH + OVH plesk.com Porkbun PowerDNS - Rackspace + Rackspace Rain Yun/雨云 RcodeZero reg.ru - Regfish + Regfish RFC2136 RimuHosting Sakura Cloud - Scaleway + Scaleway Selectel Selectel v2 SelfHost.(de|eu) - Servercow + Servercow Shellrent Simply.com Sonic - Stackpath + Stackpath Technitium Tencent Cloud DNS Timeweb Cloud - TransIP + TransIP UKFast SafeDNS Ultradns Variomedia - VegaDNS + VegaDNS Vercel Versio.[nl|eu|uk] VinylDNS - VK Cloud + VK Cloud Volcano Engine/火山引擎 Vscale Vultr - Webnames + Webnames Websupport WEDOS West.cn/西部数码 - Yandex 360 + Yandex 360 Yandex Cloud Yandex PDD Zone.ee + Zonomi + + + diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go index b7f6e6c8..e5ae3b46 100644 --- a/cmd/zz_gen_cmd_dnshelp.go +++ b/cmd/zz_gen_cmd_dnshelp.go @@ -92,6 +92,7 @@ func allDNSCodes() string { "loopia", "luadns", "mailinabox", + "manageengine", "metaname", "mijnhost", "mittwald", @@ -1858,6 +1859,27 @@ func displayDNSHelp(w io.Writer, name string) error { ew.writeln() ew.writeln(`More information: https://go-acme.github.io/lego/dns/mailinabox`) + case "manageengine": + // generated from: providers/dns/manageengine/manageengine.toml + ew.writeln(`Configuration for ManageEngine CloudDNS.`) + ew.writeln(`Code: 'manageengine'`) + ew.writeln(`Since: 'v4.21.0'`) + ew.writeln() + + ew.writeln(`Credentials:`) + ew.writeln(` - "MANAGEENGINE_CLIENT_ID": Client ID`) + ew.writeln(` - "MANAGEENGINE_CLIENT_SECRET": Client Secret`) + ew.writeln() + + ew.writeln(`Additional Configuration:`) + ew.writeln(` - "MANAGEENGINE_HTTP_TIMEOUT": API request timeout`) + ew.writeln(` - "MANAGEENGINE_POLLING_INTERVAL": Time between DNS propagation check`) + ew.writeln(` - "MANAGEENGINE_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`) + ew.writeln(` - "MANAGEENGINE_TTL": The TTL of the TXT record used for the DNS challenge`) + + ew.writeln() + ew.writeln(`More information: https://go-acme.github.io/lego/dns/manageengine`) + case "metaname": // generated from: providers/dns/metaname/metaname.toml ew.writeln(`Configuration for Metaname.`) diff --git a/docs/content/dns/zz_gen_manageengine.md b/docs/content/dns/zz_gen_manageengine.md new file mode 100644 index 00000000..32266f2d --- /dev/null +++ b/docs/content/dns/zz_gen_manageengine.md @@ -0,0 +1,69 @@ +--- +title: "ManageEngine CloudDNS" +date: 2019-03-03T16:39:46+01:00 +draft: false +slug: manageengine +dnsprovider: + since: "v4.21.0" + code: "manageengine" + url: "https://clouddns.manageengine.com" +--- + + + + + + +Configuration for [ManageEngine CloudDNS](https://clouddns.manageengine.com). + + + + +- Code: `manageengine` +- Since: v4.21.0 + + +Here is an example bash command using the ManageEngine CloudDNS provider: + +```bash +MANAGEENGINE_CLIENT_ID="xxx" \ +MANAGEENGINE_CLIENT_SECRET="yyy" \ +lego --email you@example.com --dns manageengine -d '*.example.com' -d example.com run +``` + + + + +## Credentials + +| Environment Variable Name | Description | +|-----------------------|-------------| +| `MANAGEENGINE_CLIENT_ID` | Client ID | +| `MANAGEENGINE_CLIENT_SECRET` | Client Secret | + +The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. +More information [here]({{% ref "dns#configuration-and-credentials" %}}). + + +## Additional Configuration + +| Environment Variable Name | Description | +|--------------------------------|-------------| +| `MANAGEENGINE_HTTP_TIMEOUT` | API request timeout | +| `MANAGEENGINE_POLLING_INTERVAL` | Time between DNS propagation check | +| `MANAGEENGINE_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation | +| `MANAGEENGINE_TTL` | The TTL of the TXT record used for the DNS challenge | + +The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. +More information [here]({{% ref "dns#configuration-and-credentials" %}}). + + + + +## More information + +- [API documentation](https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-clouddns-rest-api-documentation) + + + + diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml index 638a596a..84615c54 100644 --- a/docs/data/zz_cli_help.toml +++ b/docs/data/zz_cli_help.toml @@ -143,7 +143,7 @@ To display the documentation for a specific DNS provider, run: $ lego dnshelp -c code Supported DNS providers: - acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, azuredns, bindman, bluecat, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, efficientip, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, googledomains, hetzner, hostingde, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ipv64, iwantmyname, joker, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manual, metaname, mijnhost, mittwald, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, stackpath, technitium, tencentcloud, timewebcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, volcengine, vscale, vultr, webnames, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneee, zonomi + acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, azuredns, bindman, bluecat, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, efficientip, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, googledomains, hetzner, hostingde, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ipv64, iwantmyname, joker, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manageengine, manual, metaname, mijnhost, mittwald, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, stackpath, technitium, tencentcloud, timewebcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, volcengine, vscale, vultr, webnames, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneee, zonomi More information: https://go-acme.github.io/lego/dns """ diff --git a/providers/dns/manageengine/internal/client.go b/providers/dns/manageengine/internal/client.go new file mode 100644 index 00000000..89c426b0 --- /dev/null +++ b/providers/dns/manageengine/internal/client.go @@ -0,0 +1,197 @@ +package internal + +import ( + "bytes" + "context" + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + "net/url" + "strconv" + "strings" + + "github.com/go-acme/lego/v4/providers/dns/internal/errutils" +) + +const defaultBaseURL = "https://clouddns.manageengine.com/v1" + +// Client the ManageEngine CloudDNS API client. +type Client struct { + baseURL *url.URL + httpClient *http.Client +} + +// NewClient creates a new Client. +func NewClient(ctx context.Context, clientID, clientSecret string) *Client { + baseURL, _ := url.Parse(defaultBaseURL) + + return &Client{ + baseURL: baseURL, + httpClient: createOAuthClient(ctx, clientID, clientSecret), + } +} + +// GetAllZones gets all zones. +// https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-clouddns-rest-api-documentation#GET_All +func (c *Client) GetAllZones(ctx context.Context) ([]Zone, error) { + endpoint := c.baseURL.JoinPath("dns", "domain") + + req, err := newRequest(ctx, http.MethodGet, endpoint, nil) + if err != nil { + return nil, err + } + + var results []Zone + + err = c.do(req, &results) + if err != nil { + return nil, err + } + + return results, nil +} + +// GetAllZoneRecords gets all "zone records" for a zone. +// https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-clouddns-rest-api-documentation#GET_All_9 +func (c *Client) GetAllZoneRecords(ctx context.Context, zoneID int) ([]ZoneRecord, error) { + endpoint := c.baseURL.JoinPath("dns", "domain", strconv.Itoa(zoneID), "records", "SPF_TXT") + + req, err := newRequest(ctx, http.MethodGet, endpoint, nil) + if err != nil { + return nil, err + } + + var results []ZoneRecord + + err = c.do(req, &results) + if err != nil { + return nil, err + } + + return results, nil +} + +// DeleteZoneRecord deletes a "zone record". +// https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-clouddns-rest-api-documentation#DEL_Delete_10 +func (c *Client) DeleteZoneRecord(ctx context.Context, zoneID int, domainID int) error { + endpoint := c.baseURL.JoinPath("dns", "domain", strconv.Itoa(zoneID), "records", "SPF_TXT", strconv.Itoa(domainID)) + + req, err := newRequest(ctx, http.MethodDelete, endpoint, nil) + if err != nil { + return err + } + + var results APIResponse + + return c.do(req, &results) +} + +// CreateZoneRecord creates a "zone record". +// https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-clouddns-rest-api-documentation#POST_Create_10 +func (c *Client) CreateZoneRecord(ctx context.Context, zoneID int, record ZoneRecord) error { + endpoint := c.baseURL.JoinPath("dns", "domain", strconv.Itoa(zoneID), "records", "SPF_TXT", "/") + + req, err := newRequest(ctx, http.MethodPost, endpoint, []ZoneRecord{record}) + if err != nil { + return err + } + + var results APIResponse + + return c.do(req, &results) +} + +// UpdateZoneRecord update an existing "zone record". +// https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-clouddns-rest-api-documentation#PUT_Update_10 +func (c *Client) UpdateZoneRecord(ctx context.Context, record ZoneRecord) error { + if record.SpfTxtDomainID == 0 { + return errors.New("SpfTxtDomainID is empty") + } + if record.ZoneID == 0 { + return errors.New("ZoneID is empty") + } + + endpoint := c.baseURL.JoinPath("dns", "domain", strconv.Itoa(record.ZoneID), "records", "SPF_TXT", strconv.Itoa(record.SpfTxtDomainID), "/") + + req, err := newRequest(ctx, http.MethodPut, endpoint, []ZoneRecord{record}) + if err != nil { + return err + } + + var results APIResponse + + return c.do(req, &results) +} + +func (c *Client) do(req *http.Request, result any) error { + resp, err := c.httpClient.Do(req) + if err != nil { + return errutils.NewHTTPDoError(req, err) + } + + defer func() { _ = resp.Body.Close() }() + + if resp.StatusCode/100 != 2 { + return parseError(req, resp) + } + + if result == nil { + return nil + } + + raw, err := io.ReadAll(resp.Body) + if err != nil { + return errutils.NewReadResponseError(req, resp.StatusCode, err) + } + + err = json.Unmarshal(raw, result) + if err != nil { + return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err) + } + + return nil +} + +func newRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) { + var body io.Reader = http.NoBody + + if payload != nil { + buf := new(bytes.Buffer) + + err := json.NewEncoder(buf).Encode(payload) + if err != nil { + return nil, fmt.Errorf("failed to create request JSON body: %w", err) + } + + values := url.Values{} + values.Set("config", buf.String()) + body = strings.NewReader(values.Encode()) + } + + req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), body) + if err != nil { + return nil, fmt.Errorf("unable to create request: %w", err) + } + + req.Header.Set("Accept", "application/json") + + if payload != nil { + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") + } + + return req, nil +} + +func parseError(req *http.Request, resp *http.Response) error { + raw, _ := io.ReadAll(resp.Body) + + var errAPI APIError + err := json.Unmarshal(raw, &errAPI) + if err != nil { + return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw) + } + + return fmt.Errorf("[status code: %d] %w", resp.StatusCode, &errAPI) +} diff --git a/providers/dns/manageengine/internal/client_test.go b/providers/dns/manageengine/internal/client_test.go new file mode 100644 index 00000000..edf04622 --- /dev/null +++ b/providers/dns/manageengine/internal/client_test.go @@ -0,0 +1,262 @@ +package internal + +import ( + "context" + "io" + "net/http" + "net/http/httptest" + "net/url" + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func setupTest(t *testing.T, pattern string, status int, filename string) *Client { + t.Helper() + + mux := http.NewServeMux() + server := httptest.NewServer(mux) + t.Cleanup(server.Close) + + mux.HandleFunc(pattern, func(rw http.ResponseWriter, req *http.Request) { + if filename == "" { + rw.WriteHeader(status) + return + } + + file, err := os.Open(filepath.Join("fixtures", filename)) + if err != nil { + http.Error(rw, err.Error(), http.StatusInternalServerError) + return + } + + defer func() { _ = file.Close() }() + + rw.WriteHeader(status) + _, err = io.Copy(rw, file) + if err != nil { + http.Error(rw, err.Error(), http.StatusInternalServerError) + return + } + }) + + client := NewClient(context.Background(), "abc", "secret") + + client.httpClient = server.Client() + client.baseURL, _ = url.Parse(server.URL) + + return client +} + +func TestClient_GetAllZones(t *testing.T) { + client := setupTest(t, "GET /dns/domain", http.StatusOK, "zone_domains_all.json") + + groups, err := client.GetAllZones(context.Background()) + require.NoError(t, err) + + expected := []Zone{ + { + ZoneID: 1, + ZoneName: "test.com.", + ZoneTTL: 500, + ZoneTargeting: true, + Refresh: 43200, + Retry: 3600, + Expiry: 1209600, + Minimum: 180, + Org: 2, + NsID: 1, + Serial: 2022042206, + Nss: []string{"ns11.zns-53.com.", "ns21.zns-53.net.", "ns31.zns-53.com.", "ns41.zns-53.net."}, + }, + { + ZoneID: 2, + ZoneName: "yourdomain.com.", + ZoneTTL: 1000, + Refresh: 43200, + Retry: 3600, + Expiry: 1209600, + Minimum: 180, + Org: 2, + Vanity: true, + NsID: 1, + Serial: 2022040608, + Nss: []string{"ns11.yourdomain.com.", "ns21.yourdomain.net.", "ns31.yourdomain.com.", "ns41.yourdomain.net."}, + }, + { + ZoneID: 20, + ZoneName: "hello45.com.", + ZoneTTL: 3000, + Refresh: 43200, + Retry: 3600, + Expiry: 1209600, + Minimum: 180, + Org: 2, + NsID: 1, + Serial: 2022040711, + Nss: []string{"ns11.zns-53.com.", "ns21.zns-53.net.", "ns31.zns-53.com.", "ns41.zns-53.net."}, + }, + { + ZoneID: 22, + ZoneName: "zohoaccl.com.", + ZoneTTL: 300, + ZoneTargeting: true, + Refresh: 43200, + Retry: 3600, + Expiry: 1209600, + Minimum: 180, + Org: 2, + NsID: 1, + Serial: 2022042206, + Nss: []string{"ns11.zns-53.com.", "ns21.zns-53.net.", "ns31.zns-53.com.", "ns41.zns-53.net."}, + }, + { + ZoneID: 23, + ZoneName: "zohocal.com.", + ZoneTTL: 300, + ZoneTargeting: true, + Refresh: 43200, + Retry: 3600, + Expiry: 1209600, + Minimum: 180, + Org: 2, + NsID: 1, + Serial: 2022041310, + Nss: []string{"ns11.zns-53.com.", "ns21.zns-53.net.", "ns31.zns-53.com.", "ns41.zns-53.net."}, + }, + } + + assert.Equal(t, expected, groups) +} + +func TestClient_GetAllZones_error(t *testing.T) { + client := setupTest(t, "GET /dns/domain", http.StatusUnauthorized, "error.json") + + _, err := client.GetAllZones(context.Background()) + require.Error(t, err) + + require.EqualError(t, err, "[status code: 401] Authentication credentials were not provided.") +} + +func TestClient_GetAllZoneRecords(t *testing.T) { + client := setupTest(t, "GET /dns/domain/4/records/SPF_TXT", http.StatusOK, "zone_records_all.json") + + groups, err := client.GetAllZoneRecords(context.Background(), 4) + require.NoError(t, err) + + expected := []ZoneRecord{ + { + ZoneID: 4, + SpfTxtDomainID: 6, + DomainName: "spftest.example.com.", + DomainTTL: 300, + DomainLocationID: 1, + RecordType: "SPF", + Records: []Record{{ + ID: 1, + Values: []string{"necwcltpwxbz-noelget3jush-vop2xxvapot3eyq_0"}, + DomainID: 6, + }}, + }, + { + ZoneID: 4, + SpfTxtDomainID: 13, + DomainName: "txt.example.com.", + DomainTTL: 300, + DomainLocationID: 1, + RecordType: "TXT", + Records: []Record{{ + ID: 1, + Values: []string{"v=spf1include:transmail.netinclude:example.com~all", "c-68e3oc4trm8w7piplscg7vgojmtkjrnrabr4king8"}, + DomainID: 13, + }}, + }, + } + + assert.Equal(t, expected, groups) +} + +func TestClient_GetAllZoneRecords_error(t *testing.T) { + client := setupTest(t, "GET /dns/domain/4/records/SPF_TXT", http.StatusUnauthorized, "error.json") + + _, err := client.GetAllZoneRecords(context.Background(), 4) + require.Error(t, err) + + require.EqualError(t, err, "[status code: 401] Authentication credentials were not provided.") +} + +func TestClient_DeleteZoneRecord(t *testing.T) { + client := setupTest(t, "DELETE /dns/domain/4/records/SPF_TXT/6", http.StatusOK, "zone_record_delete.json") + + err := client.DeleteZoneRecord(context.Background(), 4, 6) + require.NoError(t, err) +} + +func TestClient_DeleteZoneRecord_error(t *testing.T) { + client := setupTest(t, "DELETE /dns/domain/4/records/SPF_TXT/6", http.StatusUnauthorized, "error.json") + + err := client.DeleteZoneRecord(context.Background(), 4, 6) + require.Error(t, err) + + require.EqualError(t, err, "[status code: 401] Authentication credentials were not provided.") +} + +func TestClient_CreateZoneRecord(t *testing.T) { + client := setupTest(t, "POST /dns/domain/4/records/SPF_TXT/", http.StatusOK, "zone_record_create.json") + + record := ZoneRecord{} + + err := client.CreateZoneRecord(context.Background(), 4, record) + require.NoError(t, err) +} + +func TestClient_CreateZoneRecord_error(t *testing.T) { + client := setupTest(t, "POST /dns/domain/4/records/SPF_TXT/", http.StatusUnauthorized, "error.json") + + record := ZoneRecord{} + + err := client.CreateZoneRecord(context.Background(), 4, record) + require.Error(t, err) + + require.EqualError(t, err, "[status code: 401] Authentication credentials were not provided.") +} + +func TestClient_CreateZoneRecord_error_bad_request(t *testing.T) { + client := setupTest(t, "POST /dns/domain/4/records/SPF_TXT/", http.StatusBadRequest, "error_bad_request.json") + + record := ZoneRecord{} + + err := client.CreateZoneRecord(context.Background(), 4, record) + require.Error(t, err) + + require.EqualError(t, err, "[status code: 400] Invalid record format, Record should be in list.") +} + +func TestClient_UpdateZoneRecord(t *testing.T) { + client := setupTest(t, "PUT /dns/domain/4/records/SPF_TXT/6/", http.StatusOK, "zone_record_update.json") + + record := ZoneRecord{ + SpfTxtDomainID: 6, + ZoneID: 4, + } + + err := client.UpdateZoneRecord(context.Background(), record) + require.NoError(t, err) +} + +func TestClient_UpdateZoneRecord_error(t *testing.T) { + client := setupTest(t, "PUT /dns/domain/4/records/SPF_TXT/6/", http.StatusUnauthorized, "error.json") + + record := ZoneRecord{ + SpfTxtDomainID: 6, + ZoneID: 4, + } + + err := client.UpdateZoneRecord(context.Background(), record) + require.Error(t, err) + + require.EqualError(t, err, "[status code: 401] Authentication credentials were not provided.") +} diff --git a/providers/dns/manageengine/internal/fixtures/error.json b/providers/dns/manageengine/internal/fixtures/error.json new file mode 100644 index 00000000..5cd19867 --- /dev/null +++ b/providers/dns/manageengine/internal/fixtures/error.json @@ -0,0 +1,3 @@ +{ + "detail": "Authentication credentials were not provided." +} diff --git a/providers/dns/manageengine/internal/fixtures/error_bad_request.json b/providers/dns/manageengine/internal/fixtures/error_bad_request.json new file mode 100644 index 00000000..944cef6c --- /dev/null +++ b/providers/dns/manageengine/internal/fixtures/error_bad_request.json @@ -0,0 +1,3 @@ +{ + "error": "Invalid record format, Record should be in list." +} diff --git a/providers/dns/manageengine/internal/fixtures/zone_domains_all.json b/providers/dns/manageengine/internal/fixtures/zone_domains_all.json new file mode 100644 index 00000000..3e37f52a --- /dev/null +++ b/providers/dns/manageengine/internal/fixtures/zone_domains_all.json @@ -0,0 +1,146 @@ +[ + { + "zone_id": 1, + "zone_name": "test.com.", + "zone_ttl": 500, + "zone_type": 0, + "zone_targeting": true, + "zone_logging": "{}", + "zone_contact": "mathes.zoho.com", + "refresh": 43200, + "retry": 3600, + "expiry": 1209600, + "minimum": 180, + "org": 2, + "any_query": false, + "dnssec": true, + "vanity": false, + "ns_id": 1, + "serial": 2022042206, + "ns": [ + "ns11.zns-53.com.", + "ns21.zns-53.net.", + "ns31.zns-53.com.", + "ns41.zns-53.net." + ], + "contact_group": [ + "test_contact1", + "test_contact2" + ], + "ds": [ + { + "record_id": 59, + "keyTag": 36938, + "algorithm": 13, + "digestType": 1, + "digest": "e9f03d176455d5d16f826b69f9ecb11f59be35e7", + "domain_id": 30 + }, + { + "record_id": 60, + "keyTag": 36938, + "algorithm": 13, + "digestType": 2, + "digest": "7ea640a8668eafd9d89a9b2e9994f5fcfb1dee0668d1e93ba556aa57ac047f96", + "domain_id": 30 + } + ] + }, + { + "zone_id": 2, + "zone_name": "yourdomain.com.", + "zone_ttl": 1000, + "zone_type": 0, + "zone_targeting": false, + "zone_logging": "{}", + "zone_contact": "contact.yourdomain.com", + "refresh": 43200, + "retry": 3600, + "expiry": 1209600, + "minimum": 180, + "org": 2, + "any_query": false, + "dnssec": false, + "vanity": true, + "vanity_grp": "yourdomain", + "ns_id": 1, + "serial": 2022040608, + "ns": [ + "ns11.yourdomain.com.", + "ns21.yourdomain.net.", + "ns31.yourdomain.com.", + "ns41.yourdomain.net." + ] + }, + { + "zone_id": 20, + "zone_name": "hello45.com.", + "zone_ttl": 3000, + "zone_targeting": false, + "zone_logging": "{}", + "zone_contact": "mathes.zoho.com", + "refresh": 43200, + "retry": 3600, + "expiry": 1209600, + "minimum": 180, + "org": 2, + "any_query": false, + "dnssec": false, + "ns_id": 1, + "serial": 2022040711, + "ns": [ + "ns11.zns-53.com.", + "ns21.zns-53.net.", + "ns31.zns-53.com.", + "ns41.zns-53.net." + ] + }, + { + "zone_id": 22, + "zone_name": "zohoaccl.com.", + "zone_ttl": 300, + "zone_type": 0, + "zone_targeting": true, + "zone_logging": "{}", + "zone_contact": "networkone.zohocorp.com", + "refresh": 43200, + "retry": 3600, + "expiry": 1209600, + "minimum": 180, + "org": 2, + "any_query": false, + "dnssec": false, + "ns_id": 1, + "serial": 2022042206, + "ns": [ + "ns11.zns-53.com.", + "ns21.zns-53.net.", + "ns31.zns-53.com.", + "ns41.zns-53.net." + ] + }, + { + "zone_id": 23, + "zone_name": "zohocal.com.", + "zone_ttl": 300, + "zone_type": 0, + "zone_targeting": true, + "zone_logging": "{}", + "zone_contact": "mathes.zoho.com", + "refresh": 43200, + "retry": 3600, + "expiry": 1209600, + "minimum": 180, + "org": 2, + "any_query": false, + "dnssec": false, + "ns_id": 1, + "serial": 2022041310, + "ns": [ + "ns11.zns-53.com.", + "ns21.zns-53.net.", + "ns31.zns-53.com.", + "ns41.zns-53.net." + ] + } +] diff --git a/providers/dns/manageengine/internal/fixtures/zone_record_create.json b/providers/dns/manageengine/internal/fixtures/zone_record_create.json new file mode 100644 index 00000000..3fd216f2 --- /dev/null +++ b/providers/dns/manageengine/internal/fixtures/zone_record_create.json @@ -0,0 +1,3 @@ +{ + "message": "Record created successfully" +} diff --git a/providers/dns/manageengine/internal/fixtures/zone_record_delete.json b/providers/dns/manageengine/internal/fixtures/zone_record_delete.json new file mode 100644 index 00000000..c657d84e --- /dev/null +++ b/providers/dns/manageengine/internal/fixtures/zone_record_delete.json @@ -0,0 +1,3 @@ +{ + "message": "Record deleted successfully" +} diff --git a/providers/dns/manageengine/internal/fixtures/zone_record_update.json b/providers/dns/manageengine/internal/fixtures/zone_record_update.json new file mode 100644 index 00000000..178c1fb0 --- /dev/null +++ b/providers/dns/manageengine/internal/fixtures/zone_record_update.json @@ -0,0 +1,3 @@ +{ + "message": "Record updated successfully" +} diff --git a/providers/dns/manageengine/internal/fixtures/zone_records_all.json b/providers/dns/manageengine/internal/fixtures/zone_records_all.json new file mode 100644 index 00000000..ae08a4c7 --- /dev/null +++ b/providers/dns/manageengine/internal/fixtures/zone_records_all.json @@ -0,0 +1,40 @@ +[ + { + "spf_txt_domain_id": 6, + "zone_id": 4, + "domain_name": "spftest.example.com.", + "domain_ttl": 300, + "domain_location_id": 1, + "record_type": "SPF", + "records": [ + { + "record_id": 1, + "value": [ + "necwcltpwxbz-noelget3jush-vop2xxvapot3eyq_0" + ], + "disabled": false, + "domain_id": 6 + } + ] + }, + { + "spf_txt_domain_id": 13, + "zone_id": 4, + "domain_name": "txt.example.com.", + "domain_ttl": 300, + "domain_maxhost": 1, + "domain_location_id": 1, + "record_type": "TXT", + "records": [ + { + "record_id": 1, + "value": [ + "v=spf1include:transmail.netinclude:example.com~all", + "c-68e3oc4trm8w7piplscg7vgojmtkjrnrabr4king8" + ], + "disabled": false, + "domain_id": 13 + } + ] + } +] diff --git a/providers/dns/manageengine/internal/identity.go b/providers/dns/manageengine/internal/identity.go new file mode 100644 index 00000000..66a65918 --- /dev/null +++ b/providers/dns/manageengine/internal/identity.go @@ -0,0 +1,20 @@ +package internal + +import ( + "context" + "net/http" + + "golang.org/x/oauth2/clientcredentials" +) + +const defaultAuthURL = "https://clouddns.manageengine.com/oauth2/token/" + +func createOAuthClient(ctx context.Context, clientID, clientSecret string) *http.Client { + config := &clientcredentials.Config{ + TokenURL: defaultAuthURL, + ClientID: clientID, + ClientSecret: clientSecret, + } + + return config.Client(ctx) +} diff --git a/providers/dns/manageengine/internal/types.go b/providers/dns/manageengine/internal/types.go new file mode 100644 index 00000000..7a039f67 --- /dev/null +++ b/providers/dns/manageengine/internal/types.go @@ -0,0 +1,63 @@ +package internal + +import ( + "strings" +) + +type APIError struct { + Message string `json:"error"` + Detail string `json:"detail"` +} + +func (a *APIError) Error() string { + var msg []string + + if a.Message != "" { + msg = append(msg, a.Message) + } + + if a.Detail != "" { + msg = append(msg, a.Detail) + } + + return strings.Join(msg, " ") +} + +type APIResponse struct { + Message string `json:"message,omitempty"` +} + +type ZoneRecord struct { + ZoneID int `json:"zone_id,omitempty"` + SpfTxtDomainID int `json:"spf_txt_domain_id,omitempty"` + DomainName string `json:"domain_name,omitempty"` + DomainTTL int `json:"domain_ttl,omitempty"` + DomainLocationID int `json:"domain_location_id,omitempty"` + RecordType string `json:"record_type,omitempty"` + Records []Record `json:"records"` +} + +type Record struct { + ID int `json:"record_id,omitempty"` + Values []string `json:"value,omitempty"` + Disabled bool `json:"disabled,omitempty"` + DomainID int `json:"domain_id,omitempty"` +} + +type Zone struct { + ZoneID int `json:"zone_id"` + ZoneName string `json:"zone_name"` + ZoneTTL int `json:"zone_ttl"` + ZoneType int `json:"zone_type,omitempty"` + ZoneTargeting bool `json:"zone_targeting"` + Refresh int `json:"refresh"` + Retry int `json:"retry"` + Expiry int `json:"expiry"` + Minimum int `json:"minimum"` + Org int `json:"org"` + AnyQuery bool `json:"any_query"` + Vanity bool `json:"vanity,omitempty"` + NsID int `json:"ns_id"` + Serial int `json:"serial"` + Nss []string `json:"ns"` +} diff --git a/providers/dns/manageengine/manageengine.go b/providers/dns/manageengine/manageengine.go new file mode 100644 index 00000000..f26ae33b --- /dev/null +++ b/providers/dns/manageengine/manageengine.go @@ -0,0 +1,262 @@ +// Package manageengine implements a DNS provider for solving the DNS-01 challenge using ManageEngine CloudDNS. +package manageengine + +import ( + "context" + "errors" + "fmt" + "slices" + "strings" + "time" + + "github.com/go-acme/lego/v4/challenge/dns01" + "github.com/go-acme/lego/v4/platform/config/env" + "github.com/go-acme/lego/v4/providers/dns/manageengine/internal" +) + +// Environment variables names. +const ( + envNamespace = "MANAGEENGINE_" + + EnvClientID = envNamespace + "CLIENT_ID" + EnvClientSecret = envNamespace + "CLIENT_SECRET" + + EnvTTL = envNamespace + "TTL" + EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT" + EnvPollingInterval = envNamespace + "POLLING_INTERVAL" +) + +// Config is used to configure the creation of the DNSProvider. +type Config struct { + ClientID string + ClientSecret string + + PropagationTimeout time.Duration + PollingInterval time.Duration + TTL int +} + +// NewDefaultConfig returns a default configuration for the DNSProvider. +func NewDefaultConfig() *Config { + return &Config{ + TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL), + PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout), + PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval), + } +} + +// DNSProvider implements the challenge.Provider interface. +type DNSProvider struct { + config *Config + client *internal.Client +} + +// NewDNSProvider returns a DNSProvider instance configured for ManageEngine CloudDNS. +func NewDNSProvider() (*DNSProvider, error) { + values, err := env.Get(EnvClientID, EnvClientSecret) + if err != nil { + return nil, fmt.Errorf("manageengine: %w", err) + } + + config := NewDefaultConfig() + config.ClientID = values[EnvClientID] + config.ClientSecret = values[EnvClientSecret] + + return NewDNSProviderConfig(config) +} + +// NewDNSProviderConfig return a DNSProvider instance configured for ManageEngine CloudDNS. +func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { + if config == nil { + return nil, errors.New("manageengine: the configuration of the DNS provider is nil") + } + + if config.ClientID == "" || config.ClientSecret == "" { + return nil, errors.New("manageengine: credentials missing") + } + + client := internal.NewClient(context.Background(), config.ClientID, config.ClientSecret) + + return &DNSProvider{ + config: config, + client: client, + }, nil +} + +// Present creates a TXT record using the specified parameters. +func (d *DNSProvider) Present(domain, token, keyAuth string) error { + ctx := context.Background() + + info := dns01.GetChallengeInfo(domain, keyAuth) + + authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN) + if err != nil { + return fmt.Errorf("manageengine: could not find zone for domain %q: %w", domain, err) + } + + zoneID, err := d.findZoneID(ctx, authZone) + if err != nil { + return fmt.Errorf("manageengine: find zone ID: %w", err) + } + + zoneRecord, err := d.findZoneRecord(ctx, zoneID, info.EffectiveFQDN) + if err != nil { + return fmt.Errorf("manageengine: find zone record: %w", err) + } + + // Update the existing zone record. + if zoneRecord != nil { + for _, record := range zoneRecord.Records { + if slices.Contains(record.Values, info.Value) { + continue + } + + zr := internal.ZoneRecord{ + ZoneID: zoneID, + SpfTxtDomainID: zoneRecord.SpfTxtDomainID, + DomainName: info.EffectiveFQDN, + DomainTTL: d.config.TTL, + RecordType: "TXT", + Records: []internal.Record{{ + Values: append(record.Values, info.Value), + DomainID: zoneRecord.SpfTxtDomainID, + }}, + } + + // Update the zone record. + err = d.client.UpdateZoneRecord(ctx, zr) + if err != nil { + return fmt.Errorf("manageengine: update zone record: %w", err) + } + + return nil + } + + return errors.New("manageengine: zone already contains the TXT record value") + } + + // Create a new zone record. + record := internal.ZoneRecord{ + ZoneID: zoneID, + DomainName: info.EffectiveFQDN, + DomainTTL: d.config.TTL, + RecordType: "TXT", + Records: []internal.Record{{ + Values: []string{info.Value}, + }}, + } + + err = d.client.CreateZoneRecord(ctx, zoneID, record) + if err != nil { + return fmt.Errorf("manageengine: create zone record: %w", err) + } + + return nil +} + +// CleanUp removes the TXT record matching the specified parameters. +func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { + ctx := context.Background() + + info := dns01.GetChallengeInfo(domain, keyAuth) + + authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN) + if err != nil { + return fmt.Errorf("manageengine: could not find zone for domain %q: %w", domain, err) + } + + zoneID, err := d.findZoneID(ctx, authZone) + if err != nil { + return fmt.Errorf("manageengine: find zone ID: %w", err) + } + + zoneRecord, err := d.findZoneRecord(ctx, zoneID, info.EffectiveFQDN) + if err != nil { + return fmt.Errorf("manageengine: find zone record: %w", err) + } + + for _, record := range zoneRecord.Records { + if !slices.Contains(record.Values, info.Value) { + continue + } + + // Delete the zone record. + if len(record.Values) <= 1 { + err = d.client.DeleteZoneRecord(ctx, zoneID, zoneRecord.SpfTxtDomainID) + if err != nil { + return fmt.Errorf("manageengine: delete zone record: %w", err) + } + + return nil + } + + // Update the zone record. + var values []string + for _, value := range record.Values { + if value != info.Value { + values = append(values, value) + } + } + + zr := internal.ZoneRecord{ + ZoneID: zoneID, + SpfTxtDomainID: zoneRecord.SpfTxtDomainID, + DomainName: info.EffectiveFQDN, + DomainTTL: d.config.TTL, + RecordType: "TXT", + Records: []internal.Record{{ + Values: values, + DomainID: zoneRecord.SpfTxtDomainID, + }}, + } + + err = d.client.UpdateZoneRecord(ctx, zr) + if err != nil { + return fmt.Errorf("manageengine: create zone record: %w", err) + } + + return nil + } + + return nil +} + +// Timeout returns the timeout and interval to use when checking for DNS propagation. +// Adjusting here to cope with spikes in propagation times. +func (d *DNSProvider) Timeout() (timeout, interval time.Duration) { + return d.config.PropagationTimeout, d.config.PollingInterval +} + +func (d *DNSProvider) findZoneID(ctx context.Context, authZone string) (int, error) { + zones, err := d.client.GetAllZones(ctx) + if err != nil { + return 0, fmt.Errorf("get all zone groups: %w", err) + } + + for _, zone := range zones { + if strings.EqualFold(zone.ZoneName, authZone) { + return zone.ZoneID, nil + } + } + + return 0, fmt.Errorf("zone not found %s", authZone) +} + +func (d *DNSProvider) findZoneRecord(ctx context.Context, zoneID int, fqdn string) (*internal.ZoneRecord, error) { + zoneRecords, err := d.client.GetAllZoneRecords(ctx, zoneID) + if err != nil { + return nil, fmt.Errorf("get all zone records: %w", err) + } + + for _, zoneRecord := range zoneRecords { + if !strings.EqualFold(zoneRecord.DomainName, fqdn) { + continue + } + + if strings.EqualFold(zoneRecord.RecordType, "TXT") { + return &zoneRecord, nil + } + } + + return nil, nil +} diff --git a/providers/dns/manageengine/manageengine.toml b/providers/dns/manageengine/manageengine.toml new file mode 100644 index 00000000..dea92b3e --- /dev/null +++ b/providers/dns/manageengine/manageengine.toml @@ -0,0 +1,24 @@ +Name = "ManageEngine CloudDNS" +Description = '''''' +URL = "https://clouddns.manageengine.com" +Code = "manageengine" +Since = "v4.21.0" + +Example = ''' +MANAGEENGINE_CLIENT_ID="xxx" \ +MANAGEENGINE_CLIENT_SECRET="yyy" \ +lego --email you@example.com --dns manageengine -d '*.example.com' -d example.com run +''' + +[Configuration] + [Configuration.Credentials] + MANAGEENGINE_CLIENT_ID = "Client ID" + MANAGEENGINE_CLIENT_SECRET = "Client Secret" + [Configuration.Additional] + MANAGEENGINE_POLLING_INTERVAL = "Time between DNS propagation check" + MANAGEENGINE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation" + MANAGEENGINE_TTL = "The TTL of the TXT record used for the DNS challenge" + MANAGEENGINE_HTTP_TIMEOUT = "API request timeout" + +[Links] + API = "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-clouddns-rest-api-documentation" diff --git a/providers/dns/manageengine/manageengine_test.go b/providers/dns/manageengine/manageengine_test.go new file mode 100644 index 00000000..624459be --- /dev/null +++ b/providers/dns/manageengine/manageengine_test.go @@ -0,0 +1,143 @@ +package manageengine + +import ( + "testing" + + "github.com/go-acme/lego/v4/platform/tester" + "github.com/stretchr/testify/require" +) + +const envDomain = envNamespace + "DOMAIN" + +var envTest = tester.NewEnvTest(EnvClientID, EnvClientSecret).WithDomain(envDomain) + +func TestNewDNSProvider(t *testing.T) { + testCases := []struct { + desc string + envVars map[string]string + expected string + }{ + { + desc: "success", + envVars: map[string]string{ + EnvClientID: "abc", + EnvClientSecret: "secret", + }, + }, + { + desc: "missing client ID", + envVars: map[string]string{ + EnvClientID: "", + EnvClientSecret: "secret", + }, + expected: "manageengine: some credentials information are missing: MANAGEENGINE_CLIENT_ID", + }, + { + desc: "missing client secret", + envVars: map[string]string{ + EnvClientID: "abc", + EnvClientSecret: "", + }, + expected: "manageengine: some credentials information are missing: MANAGEENGINE_CLIENT_SECRET", + }, + { + desc: "missing credentials", + envVars: map[string]string{}, + expected: "manageengine: some credentials information are missing: MANAGEENGINE_CLIENT_ID,MANAGEENGINE_CLIENT_SECRET", + }, + } + + for _, test := range testCases { + t.Run(test.desc, func(t *testing.T) { + defer envTest.RestoreEnv() + envTest.ClearEnv() + + envTest.Apply(test.envVars) + + p, err := NewDNSProvider() + + if test.expected == "" { + require.NoError(t, err) + require.NotNil(t, p) + require.NotNil(t, p.config) + require.NotNil(t, p.client) + } else { + require.EqualError(t, err, test.expected) + } + }) + } +} + +func TestNewDNSProviderConfig(t *testing.T) { + testCases := []struct { + desc string + clientID string + clientSecret string + expected string + }{ + { + desc: "success", + clientID: "abc", + clientSecret: "secret", + }, + { + desc: "missing client ID", + clientSecret: "secret", + expected: "manageengine: credentials missing", + }, + { + desc: "missing client secret", + clientID: "abc", + expected: "manageengine: credentials missing", + }, + { + desc: "missing credentials", + expected: "manageengine: credentials missing", + }, + } + + for _, test := range testCases { + t.Run(test.desc, func(t *testing.T) { + config := NewDefaultConfig() + config.ClientID = test.clientID + config.ClientSecret = test.clientSecret + + p, err := NewDNSProviderConfig(config) + + if test.expected == "" { + require.NoError(t, err) + require.NotNil(t, p) + require.NotNil(t, p.config) + require.NotNil(t, p.client) + } else { + require.EqualError(t, err, test.expected) + } + }) + } +} + +func TestLivePresent(t *testing.T) { + if !envTest.IsLiveTest() { + t.Skip("skipping live test") + } + + envTest.RestoreEnv() + provider, err := NewDNSProvider() + require.NoError(t, err) + + err = provider.Present(envTest.GetDomain(), "", "123d==") + require.NoError(t, err) +} + +func TestLiveCleanUp(t *testing.T) { + if !envTest.IsLiveTest() { + t.Skip("skipping live test") + } + + envTest.RestoreEnv() + provider, err := NewDNSProvider() + require.NoError(t, err) + + err = provider.CleanUp(envTest.GetDomain(), "", "123d==") + require.NoError(t, err) +} diff --git a/providers/dns/zz_gen_dns_providers.go b/providers/dns/zz_gen_dns_providers.go index a60b48b7..053c3c4e 100644 --- a/providers/dns/zz_gen_dns_providers.go +++ b/providers/dns/zz_gen_dns_providers.go @@ -86,6 +86,7 @@ import ( "github.com/go-acme/lego/v4/providers/dns/loopia" "github.com/go-acme/lego/v4/providers/dns/luadns" "github.com/go-acme/lego/v4/providers/dns/mailinabox" + "github.com/go-acme/lego/v4/providers/dns/manageengine" "github.com/go-acme/lego/v4/providers/dns/metaname" "github.com/go-acme/lego/v4/providers/dns/mijnhost" "github.com/go-acme/lego/v4/providers/dns/mittwald" @@ -315,6 +316,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) { return luadns.NewDNSProvider() case "mailinabox": return mailinabox.NewDNSProvider() + case "manageengine": + return manageengine.NewDNSProvider() case "metaname": return metaname.NewDNSProvider() case "mijnhost":