summaryrefslogtreecommitdiffstats
path: root/vendor/github.com/xenolf/lego/providers/dns/otc/otc.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/xenolf/lego/providers/dns/otc/otc.go')
-rw-r--r--vendor/github.com/xenolf/lego/providers/dns/otc/otc.go388
1 files changed, 0 insertions, 388 deletions
diff --git a/vendor/github.com/xenolf/lego/providers/dns/otc/otc.go b/vendor/github.com/xenolf/lego/providers/dns/otc/otc.go
deleted file mode 100644
index 86bcaa9b7..000000000
--- a/vendor/github.com/xenolf/lego/providers/dns/otc/otc.go
+++ /dev/null
@@ -1,388 +0,0 @@
-// Package otc implements a DNS provider for solving the DNS-01 challenge
-// using Open Telekom Cloud Managed DNS.
-package otc
-
-import (
- "bytes"
- "encoding/json"
- "fmt"
- "io"
- "io/ioutil"
- "net/http"
- "os"
- "time"
-
- "github.com/xenolf/lego/acme"
-)
-
-// DNSProvider is an implementation of the acme.ChallengeProvider interface that uses
-// OTC's Managed DNS API to manage TXT records for a domain.
-type DNSProvider struct {
- identityEndpoint string
- otcBaseURL string
- domainName string
- projectName string
- userName string
- password string
- token string
-}
-
-// NewDNSProvider returns a DNSProvider instance configured for OTC DNS.
-// Credentials must be passed in the environment variables: OTC_USER_NAME,
-// OTC_DOMAIN_NAME, OTC_PASSWORD OTC_PROJECT_NAME and OTC_IDENTITY_ENDPOINT.
-func NewDNSProvider() (*DNSProvider, error) {
- domainName := os.Getenv("OTC_DOMAIN_NAME")
- userName := os.Getenv("OTC_USER_NAME")
- password := os.Getenv("OTC_PASSWORD")
- projectName := os.Getenv("OTC_PROJECT_NAME")
- identityEndpoint := os.Getenv("OTC_IDENTITY_ENDPOINT")
- return NewDNSProviderCredentials(domainName, userName, password, projectName, identityEndpoint)
-}
-
-// NewDNSProviderCredentials uses the supplied credentials to return a
-// DNSProvider instance configured for OTC DNS.
-func NewDNSProviderCredentials(domainName, userName, password, projectName, identityEndpoint string) (*DNSProvider, error) {
- if domainName == "" || userName == "" || password == "" || projectName == "" {
- return nil, fmt.Errorf("OTC credentials missing")
- }
-
- if identityEndpoint == "" {
- identityEndpoint = "https://iam.eu-de.otc.t-systems.com:443/v3/auth/tokens"
- }
-
- return &DNSProvider{
- identityEndpoint: identityEndpoint,
- domainName: domainName,
- userName: userName,
- password: password,
- projectName: projectName,
- }, nil
-}
-
-func (d *DNSProvider) SendRequest(method, resource string, payload interface{}) (io.Reader, error) {
- url := fmt.Sprintf("%s/%s", d.otcBaseURL, resource)
-
- body, err := json.Marshal(payload)
- if err != nil {
- return nil, err
- }
-
- req, err := http.NewRequest(method, url, bytes.NewReader(body))
- if err != nil {
- return nil, err
- }
- req.Header.Set("Content-Type", "application/json")
- if len(d.token) > 0 {
- req.Header.Set("X-Auth-Token", d.token)
- }
-
- // Workaround for keep alive bug in otc api
- tr := http.DefaultTransport.(*http.Transport)
- tr.DisableKeepAlives = true
-
- client := &http.Client{
- Timeout: time.Duration(10 * time.Second),
- Transport: tr,
- }
- resp, err := client.Do(req)
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
-
- if resp.StatusCode >= 400 {
- return nil, fmt.Errorf("OTC API request %s failed with HTTP status code %d", url, resp.StatusCode)
- }
-
- body1, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
-
- return bytes.NewReader(body1), nil
-}
-
-func (d *DNSProvider) loginRequest() error {
- type nameResponse struct {
- Name string `json:"name"`
- }
-
- type userResponse struct {
- Name string `json:"name"`
- Password string `json:"password"`
- Domain nameResponse `json:"domain"`
- }
-
- type passwordResponse struct {
- User userResponse `json:"user"`
- }
- type identityResponse struct {
- Methods []string `json:"methods"`
- Password passwordResponse `json:"password"`
- }
-
- type scopeResponse struct {
- Project nameResponse `json:"project"`
- }
-
- type authResponse struct {
- Identity identityResponse `json:"identity"`
- Scope scopeResponse `json:"scope"`
- }
-
- type loginResponse struct {
- Auth authResponse `json:"auth"`
- }
-
- userResp := userResponse{
- Name: d.userName,
- Password: d.password,
- Domain: nameResponse{
- Name: d.domainName,
- },
- }
-
- loginResp := loginResponse{
- Auth: authResponse{
- Identity: identityResponse{
- Methods: []string{"password"},
- Password: passwordResponse{
- User: userResp,
- },
- },
- Scope: scopeResponse{
- Project: nameResponse{
- Name: d.projectName,
- },
- },
- },
- }
-
- body, err := json.Marshal(loginResp)
- if err != nil {
- return err
- }
- req, err := http.NewRequest("POST", d.identityEndpoint, bytes.NewReader(body))
- if err != nil {
- return err
- }
- req.Header.Set("Content-Type", "application/json")
-
- client := &http.Client{Timeout: time.Duration(10 * time.Second)}
- resp, err := client.Do(req)
- if err != nil {
- return err
- }
- defer resp.Body.Close()
-
- if resp.StatusCode >= 400 {
- return fmt.Errorf("OTC API request failed with HTTP status code %d", resp.StatusCode)
- }
-
- d.token = resp.Header.Get("X-Subject-Token")
-
- if d.token == "" {
- return fmt.Errorf("unable to get auth token")
- }
-
- type endpointResponse struct {
- Token struct {
- Catalog []struct {
- Type string `json:"type"`
- Endpoints []struct {
- URL string `json:"url"`
- } `json:"endpoints"`
- } `json:"catalog"`
- } `json:"token"`
- }
- var endpointResp endpointResponse
-
- err = json.NewDecoder(resp.Body).Decode(&endpointResp)
- if err != nil {
- return err
- }
-
- for _, v := range endpointResp.Token.Catalog {
- if v.Type == "dns" {
- for _, endpoint := range v.Endpoints {
- d.otcBaseURL = fmt.Sprintf("%s/v2", endpoint.URL)
- continue
- }
- }
- }
-
- if d.otcBaseURL == "" {
- return fmt.Errorf("unable to get dns endpoint")
- }
-
- return nil
-}
-
-// Starts a new OTC API Session. Authenticates using userName, password
-// and receives a token to be used in for subsequent requests.
-func (d *DNSProvider) login() error {
- err := d.loginRequest()
- if err != nil {
- return err
- }
-
- return nil
-}
-
-func (d *DNSProvider) getZoneID(zone string) (string, error) {
- type zoneItem struct {
- ID string `json:"id"`
- }
-
- type zonesResponse struct {
- Zones []zoneItem `json:"zones"`
- }
-
- resource := fmt.Sprintf("zones?name=%s", zone)
- resp, err := d.SendRequest("GET", resource, nil)
- if err != nil {
- return "", err
- }
-
- var zonesRes zonesResponse
- err = json.NewDecoder(resp).Decode(&zonesRes)
- if err != nil {
- return "", err
- }
-
- if len(zonesRes.Zones) < 1 {
- return "", fmt.Errorf("zone %s not found", zone)
- }
-
- if len(zonesRes.Zones) > 1 {
- return "", fmt.Errorf("to many zones found")
- }
-
- if zonesRes.Zones[0].ID == "" {
- return "", fmt.Errorf("id not found")
- }
-
- return zonesRes.Zones[0].ID, nil
-}
-
-func (d *DNSProvider) getRecordSetID(zoneID string, fqdn string) (string, error) {
- type recordSet struct {
- ID string `json:"id"`
- }
-
- type recordSetsResponse struct {
- RecordSets []recordSet `json:"recordsets"`
- }
-
- resource := fmt.Sprintf("zones/%s/recordsets?type=TXT&name=%s", zoneID, fqdn)
- resp, err := d.SendRequest("GET", resource, nil)
- if err != nil {
- return "", err
- }
-
- var recordSetsRes recordSetsResponse
- err = json.NewDecoder(resp).Decode(&recordSetsRes)
- if err != nil {
- return "", err
- }
-
- if len(recordSetsRes.RecordSets) < 1 {
- return "", fmt.Errorf("record not found")
- }
-
- if len(recordSetsRes.RecordSets) > 1 {
- return "", fmt.Errorf("to many records found")
- }
-
- if recordSetsRes.RecordSets[0].ID == "" {
- return "", fmt.Errorf("id not found")
- }
-
- return recordSetsRes.RecordSets[0].ID, nil
-}
-
-func (d *DNSProvider) deleteRecordSet(zoneID, recordID string) error {
- resource := fmt.Sprintf("zones/%s/recordsets/%s", zoneID, recordID)
-
- _, err := d.SendRequest("DELETE", resource, nil)
- if err != nil {
- return err
- }
- return nil
-}
-
-// Present creates a TXT record using the specified parameters
-func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
-
- if ttl < 300 {
- ttl = 300 // 300 is otc minimum value for ttl
- }
-
- authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
- if err != nil {
- return err
- }
-
- err = d.login()
- if err != nil {
- return err
- }
-
- zoneID, err := d.getZoneID(authZone)
- if err != nil {
- return fmt.Errorf("unable to get zone: %s", err)
- }
-
- resource := fmt.Sprintf("zones/%s/recordsets", zoneID)
-
- type recordset struct {
- Name string `json:"name"`
- Description string `json:"description"`
- Type string `json:"type"`
- Ttl int `json:"ttl"`
- Records []string `json:"records"`
- }
-
- r1 := &recordset{
- Name: fqdn,
- Description: "Added TXT record for ACME dns-01 challenge using lego client",
- Type: "TXT",
- Ttl: 300,
- Records: []string{fmt.Sprintf("\"%s\"", value)},
- }
- _, err = d.SendRequest("POST", resource, r1)
-
- if err != nil {
- return err
- }
-
- return nil
-}
-
-// CleanUp removes the TXT record matching the specified parameters
-func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
-
- authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
- if err != nil {
- return err
- }
-
- err = d.login()
- if err != nil {
- return err
- }
-
- zoneID, err := d.getZoneID(authZone)
-
- if err != nil {
- return err
- }
-
- recordID, err := d.getRecordSetID(zoneID, fqdn)
- if err != nil {
- return fmt.Errorf("unable go get record %s for zone %s: %s", fqdn, domain, err)
- }
- return d.deleteRecordSet(zoneID, recordID)
-}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-23 17:56:46 +0000