diff options
Diffstat (limited to 'vendor/github.com/xenolf')
13 files changed, 200 insertions, 44 deletions
diff --git a/vendor/github.com/xenolf/lego/CHANGELOG.md b/vendor/github.com/xenolf/lego/CHANGELOG.md index c43c4a936..7dc1c1163 100644 --- a/vendor/github.com/xenolf/lego/CHANGELOG.md +++ b/vendor/github.com/xenolf/lego/CHANGELOG.md @@ -1,5 +1,54 @@ # Changelog +## [0.4.0] - 2017-07-13 + +### Added: +- CLI: The `--http-timeout` switch. This allows for an override of the default client HTTP timeout. +- lib: The `HTTPClient` field. This allows for an override of the default HTTP timeout for library HTTP requests. +- CLI: The `--dns-timeout` switch. This allows for an override of the default DNS timeout for library DNS requests. +- lib: The `DNSTimeout` switch. This allows for an override of the default client DNS timeout. +- lib: The `QueryRegistration` function on `acme.Client`. This performs a POST on the client registration's URI and gets the updated registration info. +- lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client. +- lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR. +- CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line. +- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together. +- CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup. +- lib: Added a memcached provider for the HTTP challenge. +- CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage. +- CLI: The `--must-staple` flag. This enables OCSP must staple in the generated CSR. +- lib: The library will now honor entries in your resolv.conf. +- lib: Added a field `IssuerCertificate` to the `CertificateResource` struct. +- lib: A new DNS provider for OVH. +- lib: A new DNS provider for DNSMadeEasy. +- lib: A new DNS provider for Linode. +- lib: A new DNS provider for AuroraDNS. +- lib: A new DNS provider for NS1. +- lib: A new DNS provider for Azure DNS. +- lib: A new DNS provider for Rackspace DNS. +- lib: A new DNS provider for Exoscale DNS. +- lib: A new DNS provider for DNSPod. + +### Changed: +- lib: Exported the `PreCheckDNS` field so library users can manage the DNS check in tests. +- lib: The library will now skip challenge solving if a valid Authz already exists. + +### Removed: +- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder. + +### Fixed: +- lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone. +- lib: Loading an account from file should fail if a integral part is nil +- lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone. +- lib: If a registration encounteres a conflict, the old registration is now recovered. +- CLI: The account.json file no longer has the executable flag set. +- lib: Made the client registration more robust in case of a 403 HTTP response. +- lib: Fixed an issue with zone lookups when they have a CNAME in another zone. +- lib: Fixed the lookup for the authoritative zone for Google Cloud. +- lib: Fixed a race condition in the nonce store. +- lib: The Google Cloud provider now removes old entries before trying to add new ones. +- lib: Fixed a condition where we could stall due to an early error condition. +- lib: Fixed an issue where Authz object could end up in an active state after an error condition. + ## [0.3.1] - 2016-04-19 ### Added: diff --git a/vendor/github.com/xenolf/lego/LICENSE b/vendor/github.com/xenolf/lego/LICENSE index 17460b716..270cba089 100644 --- a/vendor/github.com/xenolf/lego/LICENSE +++ b/vendor/github.com/xenolf/lego/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2015 Sebastian Erhart +Copyright (c) 2015-2017 Sebastian Erhart Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/github.com/xenolf/lego/README.md b/vendor/github.com/xenolf/lego/README.md index 5dc9d550d..27b346b22 100644 --- a/vendor/github.com/xenolf/lego/README.md +++ b/vendor/github.com/xenolf/lego/README.md @@ -4,6 +4,7 @@ Let's Encrypt client and ACME library written in Go [](https://godoc.org/github.com/xenolf/lego/acme) [](https://travis-ci.org/xenolf/lego) [](https://gitter.im/xenolf/lego) +[](https://beerpay.io/xenolf/lego) #### General This is a work in progress. Please do *NOT* run this on a production server and please report any bugs you find! @@ -80,32 +81,37 @@ NAME: USAGE: lego [global options] command [command options] [arguments...] - + VERSION: - 0.3.1 - + 0.4.0 + COMMANDS: - run Register an account, then create and install a certificate - revoke Revoke a certificate - renew Renew a certificate - dnshelp Shows additional help for the --dns global option - help, h Shows a list of commands or help for one command - + run Register an account, then create and install a certificate + revoke Revoke a certificate + renew Renew a certificate + dnshelp Shows additional help for the --dns global option + help, h Shows a list of commands or help for one command + GLOBAL OPTIONS: - --domains, -d [--domains option --domains option] Add domains to the process - --csr, -c Certificate signing request filename, if an external CSR is to be used - --server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. - --email, -m Email used for registration and recovery contact. - --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. - --key-type, -k "rsa2048" Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 - --path "${CWD}/.lego" Directory to use for storing the data - --exclude, -x [--exclude option --exclude option] Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01". - --webroot Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge - --http Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port - --tls Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port - --dns Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage. - --help, -h show help - --version, -v print the version + --domains value, -d value Add domains to the process + --csr value, -c value Certificate signing request filename, if an external CSR is to be used + --server value, -s value CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v01.api.letsencrypt.org/directory") + --email value, -m value Email used for registration and recovery contact. + --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. + --key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 (default: "rsa2048") + --path value Directory to use for storing the data (default: "/.lego") + --exclude value, -x value Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01". + --webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge + --memcached-host value Set the memcached host(s) to use for HTTP based challenges. Challenges will be written to all specified hosts. + --http value Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port + --tls value Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port + --dns value Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage. + --http-timeout value Set the HTTP timeout value to a specific value in seconds. The default is 10 seconds. (default: 0) + --dns-timeout value Set the DNS timeout value to a specific value in seconds. The default is 10 seconds. (default: 0) + --dns-resolvers value Set the resolvers to use for performing recursive DNS queries. Supported: host:port. The default is to use Google's DNS resolvers. + --pem Generate a .pem file by concatanating the .key and .crt files together. + --help, -h show help + --version, -v print the version ``` ##### CLI Example diff --git a/vendor/github.com/xenolf/lego/acme/http.go b/vendor/github.com/xenolf/lego/acme/http.go index a858b5a75..fd6018a10 100644 --- a/vendor/github.com/xenolf/lego/acme/http.go +++ b/vendor/github.com/xenolf/lego/acme/http.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "io" + "net" "net/http" "runtime" "strings" @@ -15,7 +16,17 @@ import ( var UserAgent string // HTTPClient is an HTTP client with a reasonable timeout value. -var HTTPClient = http.Client{Timeout: 10 * time.Second} +var HTTPClient = http.Client{ + Transport: &http.Transport{ + Dial: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + }).Dial, + TLSHandshakeTimeout: 15 * time.Second, + ResponseHeaderTimeout: 15 * time.Second, + ExpectContinueTimeout: 1 * time.Second, + }, +} const ( // defaultGoUserAgent is the Go HTTP package user agent string. Too diff --git a/vendor/github.com/xenolf/lego/cli.go b/vendor/github.com/xenolf/lego/cli.go index 03589a233..ae8354b50 100644 --- a/vendor/github.com/xenolf/lego/cli.go +++ b/vendor/github.com/xenolf/lego/cli.go @@ -32,7 +32,7 @@ func main() { app.Name = "lego" app.Usage = "Let's Encrypt client written in Go" - version := "0.3.1" + version := "0.4.0" if strings.HasPrefix(gittag, "v") { version = gittag } @@ -209,13 +209,13 @@ Here is an example bash command using the CloudFlare DNS provider: fmt.Fprintln(w, "\tdnsmadeeasy:\tDNSMADEEASY_API_KEY, DNSMADEEASY_API_SECRET") fmt.Fprintln(w, "\texoscale:\tEXOSCALE_API_KEY, EXOSCALE_API_SECRET, EXOSCALE_ENDPOINT") fmt.Fprintln(w, "\tgandi:\tGANDI_API_KEY") - fmt.Fprintln(w, "\tgcloud:\tGCE_PROJECT") + fmt.Fprintln(w, "\tgcloud:\tGCE_PROJECT, GCE_SERVICE_ACCOUNT_FILE") fmt.Fprintln(w, "\tlinode:\tLINODE_API_KEY") fmt.Fprintln(w, "\tmanual:\tnone") fmt.Fprintln(w, "\tnamecheap:\tNAMECHEAP_API_USER, NAMECHEAP_API_KEY") fmt.Fprintln(w, "\trackspace:\tRACKSPACE_USER, RACKSPACE_API_KEY") fmt.Fprintln(w, "\trfc2136:\tRFC2136_TSIG_KEY, RFC2136_TSIG_SECRET,\n\t\tRFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER") - fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION") + fmt.Fprintln(w, "\troute53:\tAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, AWS_HOSTED_ZONE_ID") fmt.Fprintln(w, "\tdyn:\tDYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD") fmt.Fprintln(w, "\tvultr:\tVULTR_API_KEY") fmt.Fprintln(w, "\tovh:\tOVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY") diff --git a/vendor/github.com/xenolf/lego/cli_handlers.go b/vendor/github.com/xenolf/lego/cli_handlers.go index dad19a144..79bbb37e5 100644 --- a/vendor/github.com/xenolf/lego/cli_handlers.go +++ b/vendor/github.com/xenolf/lego/cli_handlers.go @@ -114,7 +114,7 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) { } if c.GlobalIsSet("dns") { - provider, err := dns.NewDNSChallengeProviderByName(c.GlobalString("dns")) + provider, err := dns.NewDNSChallengeProviderByName(c.GlobalString("dns")) if err != nil { logger().Fatal(err) } diff --git a/vendor/github.com/xenolf/lego/providers/dns/dns_providers.go b/vendor/github.com/xenolf/lego/providers/dns/dns_providers.go index 33fca0fad..af6c02cca 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/dns_providers.go +++ b/vendor/github.com/xenolf/lego/providers/dns/dns_providers.go @@ -48,7 +48,7 @@ func NewDNSChallengeProviderByName(name string) (acme.ChallengeProvider, error) case "dyn": provider, err = dyn.NewDNSProvider() case "exoscale": - provider, err = exoscale.NewDNSProvider() + provider, err = exoscale.NewDNSProvider() case "gandi": provider, err = gandi.NewDNSProvider() case "gcloud": diff --git a/vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go b/vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go index ea6c0875c..ba753f6dc 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go +++ b/vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go @@ -4,12 +4,14 @@ package googlecloud import ( "fmt" + "io/ioutil" "os" "time" "github.com/xenolf/lego/acme" "golang.org/x/net/context" + "golang.org/x/oauth2" "golang.org/x/oauth2/google" "google.golang.org/api/dns/v1" @@ -22,9 +24,14 @@ type DNSProvider struct { } // NewDNSProvider returns a DNSProvider instance configured for Google Cloud -// DNS. Credentials must be passed in the environment variable: GCE_PROJECT. +// DNS. Project name must be passed in the environment variable: GCE_PROJECT. +// A Service Account file can be passed in the environment variable: +// GCE_SERVICE_ACCOUNT_FILE func NewDNSProvider() (*DNSProvider, error) { project := os.Getenv("GCE_PROJECT") + if saFile, ok := os.LookupEnv("GCE_SERVICE_ACCOUNT_FILE"); ok { + return NewDNSProviderServiceAccount(project, saFile) + } return NewDNSProviderCredentials(project) } @@ -49,6 +56,36 @@ func NewDNSProviderCredentials(project string) (*DNSProvider, error) { }, nil } +// NewDNSProviderServiceAccount uses the supplied service account JSON file to +// return a DNSProvider instance configured for Google Cloud DNS. +func NewDNSProviderServiceAccount(project string, saFile string) (*DNSProvider, error) { + if project == "" { + return nil, fmt.Errorf("Google Cloud project name missing") + } + if saFile == "" { + return nil, fmt.Errorf("Google Cloud Service Account file missing") + } + + dat, err := ioutil.ReadFile(saFile) + if err != nil { + return nil, fmt.Errorf("Unable to read Service Account file: %v", err) + } + conf, err := google.JWTConfigFromJSON(dat, dns.NdevClouddnsReadwriteScope) + if err != nil { + return nil, fmt.Errorf("Unable to acquire config: %v", err) + } + client := conf.Client(oauth2.NoContext) + + svc, err := dns.New(client) + if err != nil { + return nil, fmt.Errorf("Unable to create Google Cloud DNS service: %v", err) + } + return &DNSProvider{ + project: project, + client: svc, + }, nil +} + // Present creates a TXT record to fulfil the dns-01 challenge. func (c *DNSProvider) Present(domain, token, keyAuth string) error { fqdn, value, ttl := acme.DNS01Record(domain, keyAuth) diff --git a/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go b/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go index 1f1af790f..dde42ddf1 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go +++ b/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go @@ -20,29 +20,32 @@ type DNSProvider struct { tsigAlgorithm string tsigKey string tsigSecret string + timeout time.Duration } // NewDNSProvider returns a DNSProvider instance configured for rfc2136 -// dynamic update. Credentials must be passed in environment variables: +// dynamic update. Configured with environment variables: // RFC2136_NAMESERVER: Network address in the form "host" or "host:port". // RFC2136_TSIG_ALGORITHM: Defaults to hmac-md5.sig-alg.reg.int. (HMAC-MD5). // See https://github.com/miekg/dns/blob/master/tsig.go for supported values. // RFC2136_TSIG_KEY: Name of the secret key as defined in DNS server configuration. // RFC2136_TSIG_SECRET: Secret key payload. +// RFC2136_TIMEOUT: DNS propagation timeout in time.ParseDuration format. (60s) // To disable TSIG authentication, leave the RFC2136_TSIG* variables unset. func NewDNSProvider() (*DNSProvider, error) { nameserver := os.Getenv("RFC2136_NAMESERVER") tsigAlgorithm := os.Getenv("RFC2136_TSIG_ALGORITHM") tsigKey := os.Getenv("RFC2136_TSIG_KEY") tsigSecret := os.Getenv("RFC2136_TSIG_SECRET") - return NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret) + timeout := os.Getenv("RFC2136_TIMEOUT") + return NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret, timeout) } // NewDNSProviderCredentials uses the supplied credentials to return a // DNSProvider instance configured for rfc2136 dynamic update. To disable TSIG // authentication, leave the TSIG parameters as empty strings. // nameserver must be a network address in the form "host" or "host:port". -func NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret string) (*DNSProvider, error) { +func NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret, timeout string) (*DNSProvider, error) { if nameserver == "" { return nil, fmt.Errorf("RFC2136 nameserver missing") } @@ -67,9 +70,27 @@ func NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret st d.tsigSecret = tsigSecret } + if timeout == "" { + d.timeout = 60 * time.Second + } else { + t, err := time.ParseDuration(timeout) + if err != nil { + return nil, err + } else if t < 0 { + return nil, fmt.Errorf("Invalid/negative RFC2136_TIMEOUT: %v", timeout) + } else { + d.timeout = t + } + } + return d, nil } +// Returns the timeout configured with RFC2136_TIMEOUT, or 60s. +func (d *DNSProvider) Timeout() (timeout, interval time.Duration) { + return d.timeout, 2 * time.Second +} + // Present creates a TXT record using the specified parameters func (r *DNSProvider) Present(domain, token, keyAuth string) error { fqdn, value, ttl := acme.DNS01Record(domain, keyAuth) diff --git a/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136_test.go b/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136_test.go index a2515e995..f3ca65b31 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136_test.go +++ b/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136_test.go @@ -61,7 +61,7 @@ func TestRFC2136ServerSuccess(t *testing.T) { } defer server.Shutdown() - provider, err := NewDNSProviderCredentials(addrstr, "", "", "") + provider, err := NewDNSProviderCredentials(addrstr, "", "", "", "") if err != nil { t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err) } @@ -81,7 +81,7 @@ func TestRFC2136ServerError(t *testing.T) { } defer server.Shutdown() - provider, err := NewDNSProviderCredentials(addrstr, "", "", "") + provider, err := NewDNSProviderCredentials(addrstr, "", "", "", "") if err != nil { t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err) } @@ -103,7 +103,7 @@ func TestRFC2136TsigClient(t *testing.T) { } defer server.Shutdown() - provider, err := NewDNSProviderCredentials(addrstr, "", rfc2136TestTsigKey, rfc2136TestTsigSecret) + provider, err := NewDNSProviderCredentials(addrstr, "", rfc2136TestTsigKey, rfc2136TestTsigSecret, "") if err != nil { t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err) } @@ -135,7 +135,7 @@ func TestRFC2136ValidUpdatePacket(t *testing.T) { t.Fatalf("Error packing expect msg: %v", err) } - provider, err := NewDNSProviderCredentials(addrstr, "", "", "") + provider, err := NewDNSProviderCredentials(addrstr, "", "", "", "") if err != nil { t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err) } diff --git a/vendor/github.com/xenolf/lego/providers/dns/route53/route53.go b/vendor/github.com/xenolf/lego/providers/dns/route53/route53.go index f3e53a8e5..934f0a2d4 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/route53/route53.go +++ b/vendor/github.com/xenolf/lego/providers/dns/route53/route53.go @@ -5,6 +5,7 @@ package route53 import ( "fmt" "math/rand" + "os" "strings" "time" @@ -23,7 +24,8 @@ const ( // DNSProvider implements the acme.ChallengeProvider interface type DNSProvider struct { - client *route53.Route53 + client *route53.Route53 + hostedZoneID string } // customRetryer implements the client.Retryer interface by composing the @@ -58,14 +60,22 @@ func (d customRetryer) RetryRules(r *request.Request) time.Duration { // 2. Shared credentials file (defaults to ~/.aws/credentials) // 3. Amazon EC2 IAM role // +// If AWS_HOSTED_ZONE_ID is not set, Lego tries to determine the correct +// public hosted zone via the FQDN. +// // See also: https://github.com/aws/aws-sdk-go/wiki/configuring-sdk func NewDNSProvider() (*DNSProvider, error) { + hostedZoneID := os.Getenv("AWS_HOSTED_ZONE_ID") + r := customRetryer{} r.NumMaxRetries = maxRetries config := request.WithRetryer(aws.NewConfig(), r) client := route53.New(session.New(config)) - return &DNSProvider{client: client}, nil + return &DNSProvider{ + client: client, + hostedZoneID: hostedZoneID, + }, nil } // Present creates a TXT record using the specified parameters @@ -83,7 +93,7 @@ func (r *DNSProvider) CleanUp(domain, token, keyAuth string) error { } func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error { - hostedZoneID, err := getHostedZoneID(fqdn, r.client) + hostedZoneID, err := r.getHostedZoneID(fqdn) if err != nil { return fmt.Errorf("Failed to determine Route 53 hosted zone ID: %v", err) } @@ -124,7 +134,11 @@ func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error { }) } -func getHostedZoneID(fqdn string, client *route53.Route53) (string, error) { +func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) { + if r.hostedZoneID != "" { + return r.hostedZoneID, nil + } + authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers) if err != nil { return "", err @@ -134,7 +148,7 @@ func getHostedZoneID(fqdn string, client *route53.Route53) (string, error) { reqParams := &route53.ListHostedZonesByNameInput{ DNSName: aws.String(acme.UnFqdn(authZone)), } - resp, err := client.ListHostedZonesByName(reqParams) + resp, err := r.client.ListHostedZonesByName(reqParams) if err != nil { return "", err } diff --git a/vendor/github.com/xenolf/lego/providers/dns/route53/route53_integration_test.go b/vendor/github.com/xenolf/lego/providers/dns/route53/route53_integration_test.go index 64678906a..17ba4a08a 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/route53/route53_integration_test.go +++ b/vendor/github.com/xenolf/lego/providers/dns/route53/route53_integration_test.go @@ -30,7 +30,7 @@ func TestRoute53TTL(t *testing.T) { // unexported. fqdn := "_acme-challenge." + m["route53Domain"] + "." svc := route53.New(session.New()) - zoneID, err := getHostedZoneID(fqdn, svc) + zoneID, err := provider.getHostedZoneID(fqdn) if err != nil { provider.CleanUp(m["route53Domain"], "foo", "bar") t.Fatalf("Fatal: %s", err.Error()) diff --git a/vendor/github.com/xenolf/lego/providers/dns/route53/route53_test.go b/vendor/github.com/xenolf/lego/providers/dns/route53/route53_test.go index ab8739a58..de4e28f3d 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/route53/route53_test.go +++ b/vendor/github.com/xenolf/lego/providers/dns/route53/route53_test.go @@ -16,18 +16,21 @@ var ( route53Secret string route53Key string route53Region string + route53Zone string ) func init() { route53Key = os.Getenv("AWS_ACCESS_KEY_ID") route53Secret = os.Getenv("AWS_SECRET_ACCESS_KEY") route53Region = os.Getenv("AWS_REGION") + route53Zone = os.Getenv("AWS_HOSTED_ZONE_ID") } func restoreRoute53Env() { os.Setenv("AWS_ACCESS_KEY_ID", route53Key) os.Setenv("AWS_SECRET_ACCESS_KEY", route53Secret) os.Setenv("AWS_REGION", route53Region) + os.Setenv("AWS_HOSTED_ZONE_ID", route53Zone) } func makeRoute53Provider(ts *httptest.Server) *DNSProvider { @@ -67,6 +70,21 @@ func TestRegionFromEnv(t *testing.T) { restoreRoute53Env() } +func TestHostedZoneIDFromEnv(t *testing.T) { + const testZoneID = "testzoneid" + + defer restoreRoute53Env() + os.Setenv("AWS_HOSTED_ZONE_ID", testZoneID) + + provider, err := NewDNSProvider() + assert.NoError(t, err, "Expected no error constructing DNSProvider") + + fqdn, err := provider.getHostedZoneID("whatever") + assert.NoError(t, err, "Expected FQDN to be resolved to environment variable value") + + assert.Equal(t, testZoneID, fqdn) +} + func TestRoute53Present(t *testing.T) { mockResponses := MockResponseMap{ "/2013-04-01/hostedzonesbyname": MockResponse{StatusCode: 200, Body: ListHostedZonesByNameResponse}, |