mirror of
https://github.com/go-acme/lego.git
synced 2024-12-25 11:02:56 +02:00
309 lines
8.2 KiB
Go
309 lines
8.2 KiB
Go
package internal
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"time"
|
|
|
|
"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
|
|
)
|
|
|
|
const defaultBaseURL = "https://api.hyperone.com/v2"
|
|
|
|
const defaultLocationID = "pl-waw-1"
|
|
|
|
type signer interface {
|
|
GetJWT() (string, error)
|
|
}
|
|
|
|
// Client the HyperOne client.
|
|
type Client struct {
|
|
passport *Passport
|
|
signer signer
|
|
|
|
baseURL *url.URL
|
|
HTTPClient *http.Client
|
|
}
|
|
|
|
// NewClient Creates a new HyperOne client.
|
|
func NewClient(apiEndpoint, locationID string, passport *Passport) (*Client, error) {
|
|
if passport == nil {
|
|
return nil, errors.New("the passport is missing")
|
|
}
|
|
|
|
projectID, err := passport.ExtractProjectID()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if apiEndpoint == "" {
|
|
apiEndpoint = defaultBaseURL
|
|
}
|
|
|
|
baseURL, err := url.Parse(apiEndpoint)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tokenSigner := &TokenSigner{
|
|
PrivateKey: passport.PrivateKey,
|
|
KeyID: passport.CertificateID,
|
|
Audience: apiEndpoint,
|
|
Issuer: passport.Issuer,
|
|
Subject: passport.SubjectID,
|
|
}
|
|
|
|
if locationID == "" {
|
|
locationID = defaultLocationID
|
|
}
|
|
|
|
client := &Client{
|
|
HTTPClient: &http.Client{Timeout: 5 * time.Second},
|
|
baseURL: baseURL.JoinPath("dns", locationID, "project", projectID),
|
|
passport: passport,
|
|
signer: tokenSigner,
|
|
}
|
|
|
|
return client, nil
|
|
}
|
|
|
|
// FindRecordset looks for recordset with given recordType and name and returns it.
|
|
// In case if recordset is not found returns nil.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_list
|
|
func (c *Client) FindRecordset(ctx context.Context, zoneID, recordType, name string) (*Recordset, error) {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset
|
|
endpoint := c.baseURL.JoinPath("zone", zoneID, "recordset")
|
|
|
|
req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var recordSets []Recordset
|
|
|
|
err = c.do(req, &recordSets)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to get recordsets from server: %w", err)
|
|
}
|
|
|
|
for _, v := range recordSets {
|
|
if v.RecordType == recordType && v.Name == name {
|
|
return &v, nil
|
|
}
|
|
}
|
|
|
|
// when recordset is not present returns nil, but error is not thrown
|
|
return nil, nil
|
|
}
|
|
|
|
// CreateRecordset creates recordset and record with given value within one request.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_create
|
|
func (c *Client) CreateRecordset(ctx context.Context, zoneID, recordType, name, recordValue string, ttl int) (*Recordset, error) {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset
|
|
endpoint := c.baseURL.JoinPath("zone", zoneID, "recordset")
|
|
|
|
recordsetInput := Recordset{
|
|
RecordType: recordType,
|
|
Name: name,
|
|
TTL: ttl,
|
|
Record: &Record{Content: recordValue},
|
|
}
|
|
|
|
req, err := newJSONRequest(ctx, http.MethodPost, endpoint, recordsetInput)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var recordsetResponse Recordset
|
|
|
|
err = c.do(req, &recordsetResponse)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to create recordset: %w", err)
|
|
}
|
|
|
|
return &recordsetResponse, nil
|
|
}
|
|
|
|
// DeleteRecordset deletes a recordset.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_delete
|
|
func (c *Client) DeleteRecordset(ctx context.Context, zoneID string, recordsetID string) error {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset/{recordsetId}
|
|
endpoint := c.baseURL.JoinPath("zone", zoneID, "recordset", recordsetID)
|
|
|
|
req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.do(req, nil)
|
|
}
|
|
|
|
// GetRecords gets all records within specified recordset.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_record_list
|
|
func (c *Client) GetRecords(ctx context.Context, zoneID string, recordsetID string) ([]Record, error) {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset/{recordsetId}/record
|
|
endpoint := c.baseURL.JoinPath("zone", zoneID, "recordset", recordsetID, "record")
|
|
|
|
req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var records []Record
|
|
|
|
err = c.do(req, &records)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to get records from server: %w", err)
|
|
}
|
|
|
|
return records, err
|
|
}
|
|
|
|
// CreateRecord creates a record.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_record_create
|
|
func (c *Client) CreateRecord(ctx context.Context, zoneID, recordsetID, recordContent string) (*Record, error) {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset/{recordsetId}/record
|
|
endpoint := c.baseURL.JoinPath("zone", zoneID, "recordset", recordsetID, "record")
|
|
|
|
req, err := newJSONRequest(ctx, http.MethodPost, endpoint, Record{Content: recordContent})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var recordResponse Record
|
|
|
|
err = c.do(req, &recordResponse)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to set record: %w", err)
|
|
}
|
|
|
|
return &recordResponse, nil
|
|
}
|
|
|
|
// DeleteRecord deletes a record.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_record_delete
|
|
func (c *Client) DeleteRecord(ctx context.Context, zoneID, recordsetID, recordID string) error {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset/{recordsetId}/record/{recordId}
|
|
endpoint := c.baseURL.JoinPath("zone", zoneID, "recordset", recordsetID, "record", recordID)
|
|
|
|
req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.do(req, nil)
|
|
}
|
|
|
|
// FindZone looks for DNS Zone and returns nil if it does not exist.
|
|
func (c *Client) FindZone(ctx context.Context, name string) (*Zone, error) {
|
|
zones, err := c.GetZones(ctx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
for _, zone := range zones {
|
|
if zone.DNSName == name {
|
|
return &zone, nil
|
|
}
|
|
}
|
|
|
|
return nil, fmt.Errorf("failed to find zone for %s", name)
|
|
}
|
|
|
|
// GetZones gets all user's zones.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_list
|
|
func (c *Client) GetZones(ctx context.Context) ([]Zone, error) {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone
|
|
endpoint := c.baseURL.JoinPath("zone")
|
|
|
|
req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var zones []Zone
|
|
|
|
err = c.do(req, &zones)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to fetch available zones: %w", err)
|
|
}
|
|
|
|
return zones, nil
|
|
}
|
|
|
|
func (c *Client) do(req *http.Request, result any) error {
|
|
jwt, err := c.signer.GetJWT()
|
|
if err != nil {
|
|
return fmt.Errorf("failed to sign the request: %w", err)
|
|
}
|
|
|
|
req.Header.Set("Authorization", "Bearer "+jwt)
|
|
|
|
resp, err := c.HTTPClient.Do(req)
|
|
if err != nil {
|
|
return errutils.NewHTTPDoError(req, err)
|
|
}
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
if resp.StatusCode/100 != 2 {
|
|
return parseError(req, resp)
|
|
}
|
|
|
|
if result == nil {
|
|
return nil
|
|
}
|
|
|
|
raw, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return errutils.NewReadResponseError(req, resp.StatusCode, err)
|
|
}
|
|
|
|
if err = json.Unmarshal(raw, result); err != nil {
|
|
return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
|
|
buf := new(bytes.Buffer)
|
|
|
|
if payload != nil {
|
|
err := json.NewEncoder(buf).Encode(payload)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to create request JSON body: %w", err)
|
|
}
|
|
}
|
|
|
|
req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to create request: %w", err)
|
|
}
|
|
|
|
req.Header.Set("Accept", "application/json")
|
|
|
|
if payload != nil {
|
|
req.Header.Set("Content-Type", "application/json")
|
|
}
|
|
|
|
return req, nil
|
|
}
|
|
|
|
func parseError(req *http.Request, resp *http.Response) error {
|
|
var msg string
|
|
if resp.StatusCode == http.StatusForbidden {
|
|
msg = "forbidden: check if service account you are trying to use has permissions required for managing DNS"
|
|
} else {
|
|
msg = "unknown error"
|
|
}
|
|
|
|
return fmt.Errorf("%s: %w", msg, errutils.NewUnexpectedResponseStatusCodeError(req, resp))
|
|
}
|