From 54d3d47daf9190275bbdaf8703b84969a4593451 Mon Sep 17 00:00:00 2001 From: Corey Hulen Date: Fri, 24 Mar 2017 23:31:34 -0700 Subject: PLT-6076 Adding viper libs for config file changes (#5871) * Adding viper libs for config file changes * Removing the old fsnotify lib * updating some missing libs --- vendor/github.com/xenolf/lego/acme/client.go | 18 +++- vendor/github.com/xenolf/lego/acme/jws.go | 5 +- .../xenolf/lego/providers/dns/dnsimple/dnsimple.go | 117 ++++++++++++++------- .../lego/providers/dns/dnsimple/dnsimple_test.go | 113 +++++++++++++++----- 4 files changed, 185 insertions(+), 68 deletions(-) (limited to 'vendor/github.com/xenolf') diff --git a/vendor/github.com/xenolf/lego/acme/client.go b/vendor/github.com/xenolf/lego/acme/client.go index ba56e796c..ee519f2e2 100644 --- a/vendor/github.com/xenolf/lego/acme/client.go +++ b/vendor/github.com/xenolf/lego/acme/client.go @@ -23,8 +23,15 @@ var ( Logger *log.Logger ) -// maxBodySize is the maximum size of body that we will read. -const maxBodySize = 1024 * 1024 +const ( + // maxBodySize is the maximum size of body that we will read. + maxBodySize = 1024 * 1024 + + // overallRequestLimit is the overall number of request per second limited on the + // “new-reg”, “new-authz” and “new-cert” endpoints. From the documentation the + // limitation is 20 requests per second, but using 20 as value doesn't work but 18 do + overallRequestLimit = 18 +) // logf writes a log entry. It uses Logger if not // nil, otherwise it uses the default log.Logger. @@ -522,7 +529,14 @@ func (c *Client) chooseSolvers(auth authorization, domain string) map[int]solver func (c *Client) getChallenges(domains []string) ([]authorizationResource, map[string]error) { resc, errc := make(chan authorizationResource), make(chan domainError) + var delay time.Duration + if len(domains) > overallRequestLimit { + delay = time.Second / overallRequestLimit + } + for _, domain := range domains { + time.Sleep(delay) + go func(domain string) { authMsg := authorization{Resource: "new-authz", Identifier: identifier{Type: "dns", Value: domain}} var authz authorization diff --git a/vendor/github.com/xenolf/lego/acme/jws.go b/vendor/github.com/xenolf/lego/acme/jws.go index 1b4d29d53..3b77cd491 100644 --- a/vendor/github.com/xenolf/lego/acme/jws.go +++ b/vendor/github.com/xenolf/lego/acme/jws.go @@ -41,7 +41,10 @@ func (j *jws) post(url string, content []byte) (*http.Response, error) { } resp, err := httpPost(url, "application/jose+json", bytes.NewBuffer([]byte(signedContent.FullSerialize()))) - + if err != nil { + return nil, fmt.Errorf("Failed to HTTP POST to %s -> %s", url, err.Error()) + } + // Even in case of an error, the response should still contain a nonce. nonce, nonceErr := getNonceFromResponse(resp) if nonceErr == nil { diff --git a/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple.go b/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple.go index c903a35ce..155cacd25 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple.go +++ b/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple.go @@ -5,9 +5,10 @@ package dnsimple import ( "fmt" "os" + "strconv" "strings" - "github.com/weppos/dnsimple-go/dnsimple" + "github.com/dnsimple/dnsimple-go/dnsimple" "github.com/xenolf/lego/acme" ) @@ -17,37 +18,50 @@ type DNSProvider struct { } // NewDNSProvider returns a DNSProvider instance configured for dnsimple. -// Credentials must be passed in the environment variables: DNSIMPLE_EMAIL -// and DNSIMPLE_API_KEY. +// Credentials must be passed in the environment variables: DNSIMPLE_OAUTH_TOKEN. +// +// See: https://developer.dnsimple.com/v2/#authentication func NewDNSProvider() (*DNSProvider, error) { - email := os.Getenv("DNSIMPLE_EMAIL") - key := os.Getenv("DNSIMPLE_API_KEY") - return NewDNSProviderCredentials(email, key) + accessToken := os.Getenv("DNSIMPLE_OAUTH_TOKEN") + baseUrl := os.Getenv("DNSIMPLE_BASE_URL") + + return NewDNSProviderCredentials(accessToken, baseUrl) } // NewDNSProviderCredentials uses the supplied credentials to return a // DNSProvider instance configured for dnsimple. -func NewDNSProviderCredentials(email, key string) (*DNSProvider, error) { - if email == "" || key == "" { - return nil, fmt.Errorf("DNSimple credentials missing") +func NewDNSProviderCredentials(accessToken, baseUrl string) (*DNSProvider, error) { + if accessToken == "" { + return nil, fmt.Errorf("DNSimple OAuth token missing") + } + + client := dnsimple.NewClient(dnsimple.NewOauthTokenCredentials(accessToken)) + client.UserAgent = "lego" + + if baseUrl != "" { + client.BaseURL = baseUrl } - return &DNSProvider{ - client: dnsimple.NewClient(key, email), - }, nil + return &DNSProvider{client: client}, nil } // Present creates a TXT record to fulfil the dns-01 challenge. func (c *DNSProvider) Present(domain, token, keyAuth string) error { fqdn, value, ttl := acme.DNS01Record(domain, keyAuth) - zoneID, zoneName, err := c.getHostedZone(domain) + zoneName, err := c.getHostedZone(domain) + + if err != nil { + return err + } + + accountID, err := c.getAccountID() if err != nil { return err } recordAttributes := c.newTxtRecord(zoneName, fqdn, value, ttl) - _, _, err = c.client.Domains.CreateRecord(zoneID, *recordAttributes) + _, err = c.client.Zones.CreateRecord(accountID, zoneName, *recordAttributes) if err != nil { return fmt.Errorf("DNSimple API call failed: %v", err) } @@ -64,67 +78,79 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { return err } + accountID, err := c.getAccountID() + if err != nil { + return err + } + for _, rec := range records { - _, err := c.client.Domains.DeleteRecord(rec.DomainId, rec.Id) + _, err := c.client.Zones.DeleteRecord(accountID, rec.ZoneID, rec.ID) if err != nil { return err } } + return nil } -func (c *DNSProvider) getHostedZone(domain string) (string, string, error) { - zones, _, err := c.client.Domains.List() +func (c *DNSProvider) getHostedZone(domain string) (string, error) { + authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers) if err != nil { - return "", "", fmt.Errorf("DNSimple API call failed: %v", err) + return "", err } - authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers) + accountID, err := c.getAccountID() if err != nil { - return "", "", err + return "", err } - var hostedZone dnsimple.Domain - for _, zone := range zones { - if zone.Name == acme.UnFqdn(authZone) { + zoneName := acme.UnFqdn(authZone) + + zones, err := c.client.Zones.ListZones(accountID, &dnsimple.ZoneListOptions{NameLike: zoneName}) + if err != nil { + return "", fmt.Errorf("DNSimple API call failed: %v", err) + } + + var hostedZone dnsimple.Zone + for _, zone := range zones.Data { + if zone.Name == zoneName { hostedZone = zone } } - if hostedZone.Id == 0 { - return "", "", fmt.Errorf("Zone %s not found in DNSimple for domain %s", authZone, domain) + if hostedZone.ID == 0 { + return "", fmt.Errorf("Zone %s not found in DNSimple for domain %s", authZone, domain) } - return fmt.Sprintf("%v", hostedZone.Id), hostedZone.Name, nil + return hostedZone.Name, nil } -func (c *DNSProvider) findTxtRecords(domain, fqdn string) ([]dnsimple.Record, error) { - zoneID, zoneName, err := c.getHostedZone(domain) +func (c *DNSProvider) findTxtRecords(domain, fqdn string) ([]dnsimple.ZoneRecord, error) { + zoneName, err := c.getHostedZone(domain) if err != nil { return nil, err } - var records []dnsimple.Record - result, _, err := c.client.Domains.ListRecords(zoneID, "", "TXT") + accountID, err := c.getAccountID() if err != nil { - return records, fmt.Errorf("DNSimple API call has failed: %v", err) + return nil, err } recordName := c.extractRecordName(fqdn, zoneName) - for _, record := range result { - if record.Name == recordName { - records = append(records, record) - } + + result, err := c.client.Zones.ListRecords(accountID, zoneName, &dnsimple.ZoneRecordListOptions{Name: recordName, Type: "TXT", ListOptions: dnsimple.ListOptions{}}) + if err != nil { + return []dnsimple.ZoneRecord{}, fmt.Errorf("DNSimple API call has failed: %v", err) } - return records, nil + return result.Data, nil } -func (c *DNSProvider) newTxtRecord(zone, fqdn, value string, ttl int) *dnsimple.Record { - name := c.extractRecordName(fqdn, zone) +func (c *DNSProvider) newTxtRecord(zoneName, fqdn, value string, ttl int) *dnsimple.ZoneRecord { + name := c.extractRecordName(fqdn, zoneName) - return &dnsimple.Record{ + return &dnsimple.ZoneRecord{ Type: "TXT", Name: name, Content: value, @@ -139,3 +165,16 @@ func (c *DNSProvider) extractRecordName(fqdn, domain string) string { } return name } + +func (c *DNSProvider) getAccountID() (string, error) { + whoamiResponse, err := c.client.Identity.Whoami() + if err != nil { + return "", err + } + + if whoamiResponse.Data.Account == nil { + return "", fmt.Errorf("DNSimple API returned empty account ID") + } + + return strconv.Itoa(whoamiResponse.Data.Account.ID), nil +} diff --git a/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple_test.go b/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple_test.go index 4926b3df9..ee65dd42b 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple_test.go +++ b/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple_test.go @@ -9,61 +9,122 @@ import ( ) var ( - dnsimpleLiveTest bool - dnsimpleEmail string - dnsimpleAPIKey string - dnsimpleDomain string + dnsimpleLiveTest bool + dnsimpleOauthToken string + dnsimpleDomain string + dnsimpleBaseUrl string ) func init() { - dnsimpleEmail = os.Getenv("DNSIMPLE_EMAIL") - dnsimpleAPIKey = os.Getenv("DNSIMPLE_API_KEY") + dnsimpleOauthToken = os.Getenv("DNSIMPLE_OAUTH_TOKEN") dnsimpleDomain = os.Getenv("DNSIMPLE_DOMAIN") - if len(dnsimpleEmail) > 0 && len(dnsimpleAPIKey) > 0 && len(dnsimpleDomain) > 0 { + dnsimpleBaseUrl = "https://api.sandbox.dnsimple.com" + + if len(dnsimpleOauthToken) > 0 && len(dnsimpleDomain) > 0 { + baseUrl := os.Getenv("DNSIMPLE_BASE_URL") + + if baseUrl != "" { + dnsimpleBaseUrl = baseUrl + } + dnsimpleLiveTest = true } } func restoreDNSimpleEnv() { - os.Setenv("DNSIMPLE_EMAIL", dnsimpleEmail) - os.Setenv("DNSIMPLE_API_KEY", dnsimpleAPIKey) + os.Setenv("DNSIMPLE_OAUTH_TOKEN", dnsimpleOauthToken) + os.Setenv("DNSIMPLE_BASE_URL", dnsimpleBaseUrl) } +// +// NewDNSProvider +// + func TestNewDNSProviderValid(t *testing.T) { - os.Setenv("DNSIMPLE_EMAIL", "") - os.Setenv("DNSIMPLE_API_KEY", "") - _, err := NewDNSProviderCredentials("example@example.com", "123") + defer restoreDNSimpleEnv() + + os.Setenv("DNSIMPLE_OAUTH_TOKEN", "123") + provider, err := NewDNSProvider() + + assert.NotNil(t, provider) + assert.Equal(t, "lego", provider.client.UserAgent) assert.NoError(t, err) - restoreDNSimpleEnv() } -func TestNewDNSProviderValidEnv(t *testing.T) { - os.Setenv("DNSIMPLE_EMAIL", "example@example.com") - os.Setenv("DNSIMPLE_API_KEY", "123") - _, err := NewDNSProvider() + +func TestNewDNSProviderValidWithBaseUrl(t *testing.T) { + defer restoreDNSimpleEnv() + + os.Setenv("DNSIMPLE_OAUTH_TOKEN", "123") + os.Setenv("DNSIMPLE_BASE_URL", "https://api.dnsimple.test") + provider, err := NewDNSProvider() + + assert.NotNil(t, provider) assert.NoError(t, err) - restoreDNSimpleEnv() + + assert.Equal(t, provider.client.BaseURL, "https://api.dnsimple.test") } -func TestNewDNSProviderMissingCredErr(t *testing.T) { - os.Setenv("DNSIMPLE_EMAIL", "") - os.Setenv("DNSIMPLE_API_KEY", "") - _, err := NewDNSProvider() - assert.EqualError(t, err, "DNSimple credentials missing") - restoreDNSimpleEnv() +func TestNewDNSProviderInvalidWithMissingOauthToken(t *testing.T) { + if dnsimpleLiveTest { + t.Skip("skipping test in live mode") + } + + defer restoreDNSimpleEnv() + + provider, err := NewDNSProvider() + + assert.Nil(t, provider) + assert.EqualError(t, err, "DNSimple OAuth token missing") } +// +// NewDNSProviderCredentials +// + +func TestNewDNSProviderCredentialsValid(t *testing.T) { + provider, err := NewDNSProviderCredentials("123", "") + + assert.NotNil(t, provider) + assert.Equal(t, "lego", provider.client.UserAgent) + assert.NoError(t, err) +} + +func TestNewDNSProviderCredentialsValidWithBaseUrl(t *testing.T) { + provider, err := NewDNSProviderCredentials("123", "https://api.dnsimple.test") + + assert.NotNil(t, provider) + assert.NoError(t, err) + + assert.Equal(t, provider.client.BaseURL, "https://api.dnsimple.test") +} + +func TestNewDNSProviderCredentialsInvalidWithMissingOauthToken(t *testing.T) { + provider, err := NewDNSProviderCredentials("", "") + + assert.Nil(t, provider) + assert.EqualError(t, err, "DNSimple OAuth token missing") +} + +// +// Present +// + func TestLiveDNSimplePresent(t *testing.T) { if !dnsimpleLiveTest { t.Skip("skipping live test") } - provider, err := NewDNSProviderCredentials(dnsimpleEmail, dnsimpleAPIKey) + provider, err := NewDNSProviderCredentials(dnsimpleOauthToken, dnsimpleBaseUrl) assert.NoError(t, err) err = provider.Present(dnsimpleDomain, "", "123d==") assert.NoError(t, err) } +// +// Cleanup +// + func TestLiveDNSimpleCleanUp(t *testing.T) { if !dnsimpleLiveTest { t.Skip("skipping live test") @@ -71,7 +132,7 @@ func TestLiveDNSimpleCleanUp(t *testing.T) { time.Sleep(time.Second * 1) - provider, err := NewDNSProviderCredentials(dnsimpleEmail, dnsimpleAPIKey) + provider, err := NewDNSProviderCredentials(dnsimpleOauthToken, dnsimpleBaseUrl) assert.NoError(t, err) err = provider.CleanUp(dnsimpleDomain, "", "123d==") -- cgit v1.2.3-1-g7c22