1
0
mirror of https://github.com/go-acme/lego.git synced 2024-12-23 01:07:23 +02:00

fix: use token as unique ID. (#1003)

This commit is contained in:
Ludovic Fernandez 2019-11-05 12:58:13 +01:00 committed by GitHub
parent 46680f6524
commit 738e40f446
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 42 additions and 24 deletions

View File

@ -32,6 +32,7 @@ var load = loader.EnvLoader{
}
func TestMain(m *testing.M) {
os.Setenv("LEGO_E2E_TESTS", "LEGO_E2E_TESTS")
os.Exit(load.MainTest(m))
}
@ -258,10 +259,14 @@ func TestChallengeTLS_Client_Obtain(t *testing.T) {
require.NoError(t, err)
user.registration = reg
// https://github.com/letsencrypt/pebble/issues/285
privateKeyCSR, err := rsa.GenerateKey(rand.Reader, 2048)
require.NoError(t, err, "Could not generate test key")
request := certificate.ObtainRequest{
Domains: []string{"acme.wtf"},
Bundle: true,
PrivateKey: privateKey,
PrivateKey: privateKeyCSR,
}
resource, err := client.Certificate.Obtain(request)
require.NoError(t, err)

View File

@ -103,10 +103,14 @@ func TestChallengeDNS_Client_Obtain(t *testing.T) {
domains := []string{"*.légo.acme", "légo.acme"}
// https://github.com/letsencrypt/pebble/issues/285
privateKeyCSR, err := rsa.GenerateKey(rand.Reader, 2048)
require.NoError(t, err, "Could not generate test key")
request := certificate.ObtainRequest{
Domains: domains,
Bundle: true,
PrivateKey: privateKey,
PrivateKey: privateKeyCSR,
}
resource, err := client.Certificate.Obtain(request)
require.NoError(t, err)

View File

@ -127,7 +127,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
}
d.recordIDsMu.Lock()
d.recordIDs[fqdn] = newRecord.ID
d.recordIDs[token] = newRecord.ID
d.recordIDsMu.Unlock()
return nil
@ -138,7 +138,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _ := dns01.GetRecord(domain, keyAuth)
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[fqdn]
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
if !ok {
@ -163,7 +163,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
d.recordIDsMu.Lock()
delete(d.recordIDs, fqdn)
delete(d.recordIDs, token)
d.recordIDsMu.Unlock()
return nil

View File

@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"net/http"
"sync"
"time"
cloudflare "github.com/cloudflare/cloudflare-go"
@ -47,6 +48,9 @@ func NewDefaultConfig() *Config {
type DNSProvider struct {
client *metaClient
config *Config
recordIDs map[string]string
recordIDsMu sync.Mutex
}
// NewDNSProvider returns a DNSProvider instance configured for Cloudflare.
@ -140,6 +144,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("cloudflare: failed to create TXT record: %+v %+v", response.Errors, response.Messages)
}
d.recordIDsMu.Lock()
d.recordIDs[token] = response.Result.ID
d.recordIDsMu.Unlock()
log.Infof("cloudflare: new record for %s, ID %s", domain, response.Result.ID)
return nil
@ -159,22 +167,23 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("cloudflare: failed to find zone %s: %v", authZone, err)
}
dnsRecord := cloudflare.DNSRecord{
Type: "TXT",
Name: dns01.UnFqdn(fqdn),
// get the record's unique ID from when we created it
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
if !ok {
return fmt.Errorf("cloudflare: unknown record ID for '%s'", fqdn)
}
records, err := d.client.DNSRecords(zoneID, dnsRecord)
err = d.client.DeleteDNSRecord(zoneID, recordID)
if err != nil {
return fmt.Errorf("cloudflare: failed to find TXT records: %v", err)
log.Printf("cloudflare: failed to delete TXT record: %v", err)
}
for _, record := range records {
err = d.client.DeleteDNSRecord(zoneID, record.ID)
if err != nil {
log.Printf("cloudflare: failed to delete TXT record: %v", err)
}
}
// Delete record ID from map
d.recordIDsMu.Lock()
delete(d.recordIDs, token)
d.recordIDsMu.Unlock()
return nil
}

View File

@ -94,7 +94,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
}
d.recordIDsMu.Lock()
d.recordIDs[fqdn] = respData.DomainRecord.ID
d.recordIDs[token] = respData.DomainRecord.ID
d.recordIDsMu.Unlock()
return nil
@ -111,7 +111,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// get the record's unique ID from when we created it
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[fqdn]
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
if !ok {
return fmt.Errorf("digitalocean: unknown record ID for '%s'", fqdn)
@ -124,7 +124,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// Delete record ID from map
d.recordIDsMu.Lock()
delete(d.recordIDs, fqdn)
delete(d.recordIDs, token)
d.recordIDsMu.Unlock()
return nil

View File

@ -163,9 +163,9 @@ func TestDNSProvider_CleanUp(t *testing.T) {
})
provider.recordIDsMu.Lock()
provider.recordIDs["_acme-challenge.example.com."] = 1234567
provider.recordIDs["token"] = 1234567
provider.recordIDsMu.Unlock()
err := provider.CleanUp("example.com", "", "")
err := provider.CleanUp("example.com", "token", "")
require.NoError(t, err, "fail to remove TXT record")
}

View File

@ -141,7 +141,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
}
d.recordIDsMu.Lock()
d.recordIDs[fqdn] = respData.ID
d.recordIDs[token] = respData.ID
d.recordIDsMu.Unlock()
return nil
@ -153,7 +153,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// get the record's unique ID from when we created it
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[fqdn]
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
if !ok {
return fmt.Errorf("ovh: unknown record ID for '%s'", fqdn)
@ -182,7 +182,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// Delete record ID from map
d.recordIDsMu.Lock()
delete(d.recordIDs, fqdn)
delete(d.recordIDs, token)
d.recordIDsMu.Unlock()
return nil