From 8f91c777559748fa6e857d9fc1f4ae079a532813 Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Mon, 3 Oct 2016 16:03:15 -0400 Subject: Adding ability to serve TLS directly from Mattermost server (#4119) --- .../lego/providers/dns/googlecloud/googlecloud.go | 158 +++++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go (limited to 'vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go') diff --git a/vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go b/vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go new file mode 100644 index 000000000..b8d9951c9 --- /dev/null +++ b/vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go @@ -0,0 +1,158 @@ +// Package googlecloud implements a DNS provider for solving the DNS-01 +// challenge using Google Cloud DNS. +package googlecloud + +import ( + "fmt" + "os" + "time" + + "github.com/xenolf/lego/acme" + + "golang.org/x/net/context" + "golang.org/x/oauth2/google" + + "google.golang.org/api/dns/v1" +) + +// DNSProvider is an implementation of the DNSProvider interface. +type DNSProvider struct { + project string + client *dns.Service +} + +// NewDNSProvider returns a DNSProvider instance configured for Google Cloud +// DNS. Credentials must be passed in the environment variable: GCE_PROJECT. +func NewDNSProvider() (*DNSProvider, error) { + project := os.Getenv("GCE_PROJECT") + return NewDNSProviderCredentials(project) +} + +// NewDNSProviderCredentials uses the supplied credentials to return a +// DNSProvider instance configured for Google Cloud DNS. +func NewDNSProviderCredentials(project string) (*DNSProvider, error) { + if project == "" { + return nil, fmt.Errorf("Google Cloud project name missing") + } + + client, err := google.DefaultClient(context.Background(), dns.NdevClouddnsReadwriteScope) + if err != nil { + return nil, fmt.Errorf("Unable to get Google Cloud client: %v", err) + } + svc, err := dns.New(client) + if err != nil { + return nil, fmt.Errorf("Unable to create Google Cloud DNS service: %v", err) + } + return &DNSProvider{ + project: project, + client: svc, + }, nil +} + +// Present creates a TXT record to fulfil the dns-01 challenge. +func (c *DNSProvider) Present(domain, token, keyAuth string) error { + fqdn, value, ttl := acme.DNS01Record(domain, keyAuth) + + zone, err := c.getHostedZone(domain) + if err != nil { + return err + } + + rec := &dns.ResourceRecordSet{ + Name: fqdn, + Rrdatas: []string{value}, + Ttl: int64(ttl), + Type: "TXT", + } + change := &dns.Change{ + Additions: []*dns.ResourceRecordSet{rec}, + } + + chg, err := c.client.Changes.Create(c.project, zone, change).Do() + if err != nil { + return err + } + + // wait for change to be acknowledged + for chg.Status == "pending" { + time.Sleep(time.Second) + + chg, err = c.client.Changes.Get(c.project, zone, chg.Id).Do() + if err != nil { + return err + } + } + + return nil +} + +// CleanUp removes the TXT record matching the specified parameters. +func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { + fqdn, _, _ := acme.DNS01Record(domain, keyAuth) + + zone, err := c.getHostedZone(domain) + if err != nil { + return err + } + + records, err := c.findTxtRecords(zone, fqdn) + if err != nil { + return err + } + + for _, rec := range records { + change := &dns.Change{ + Deletions: []*dns.ResourceRecordSet{rec}, + } + _, err = c.client.Changes.Create(c.project, zone, change).Do() + if err != nil { + return err + } + } + return nil +} + +// Timeout customizes the timeout values used by the ACME package for checking +// DNS record validity. +func (c *DNSProvider) Timeout() (timeout, interval time.Duration) { + return 180 * time.Second, 5 * time.Second +} + +// getHostedZone returns the managed-zone +func (c *DNSProvider) getHostedZone(domain string) (string, error) { + authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers) + if err != nil { + return "", err + } + + zones, err := c.client.ManagedZones. + List(c.project). + DnsName(authZone). + Do() + if err != nil { + return "", fmt.Errorf("GoogleCloud API call failed: %v", err) + } + + if len(zones.ManagedZones) == 0 { + return "", fmt.Errorf("No matching GoogleCloud domain found for domain %s", authZone) + } + + return zones.ManagedZones[0].Name, nil +} + +func (c *DNSProvider) findTxtRecords(zone, fqdn string) ([]*dns.ResourceRecordSet, error) { + + recs, err := c.client.ResourceRecordSets.List(c.project, zone).Do() + if err != nil { + return nil, err + } + + found := []*dns.ResourceRecordSet{} + for _, r := range recs.Rrsets { + if r.Type == "TXT" && r.Name == fqdn { + found = append(found, r) + } + } + + return found, nil +} -- cgit v1.2.3-1-g7c22