traefik/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go

// Package azure implements a DNS provider for solving the DNS-01
// challenge using azure DNS.
// Azure doesn't like trailing dots on domain names, most of the acme code does.
package azure

import (
	"fmt"
	"os"
	"time"

	"github.com/Azure/azure-sdk-for-go/arm/dns"

	"strings"

	"github.com/Azure/go-autorest/autorest"
	"github.com/Azure/go-autorest/autorest/adal"
	"github.com/Azure/go-autorest/autorest/azure"
	"github.com/Azure/go-autorest/autorest/to"
	"github.com/xenolf/lego/acme"
)

// DNSProvider is an implementation of the acme.ChallengeProvider interface
type DNSProvider struct {
	clientId       string
	clientSecret   string
	subscriptionId string
	tenantId       string
	resourceGroup  string
}

// NewDNSProvider returns a DNSProvider instance configured for azure.
// Credentials must be passed in the environment variables: AZURE_CLIENT_ID,
// AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_RESOURCE_GROUP
func NewDNSProvider() (*DNSProvider, error) {
	clientId := os.Getenv("AZURE_CLIENT_ID")
	clientSecret := os.Getenv("AZURE_CLIENT_SECRET")
	subscriptionId := os.Getenv("AZURE_SUBSCRIPTION_ID")
	tenantId := os.Getenv("AZURE_TENANT_ID")
	resourceGroup := os.Getenv("AZURE_RESOURCE_GROUP")
	return NewDNSProviderCredentials(clientId, clientSecret, subscriptionId, tenantId, resourceGroup)
}

// NewDNSProviderCredentials uses the supplied credentials to return a
// DNSProvider instance configured for azure.
func NewDNSProviderCredentials(clientId, clientSecret, subscriptionId, tenantId, resourceGroup string) (*DNSProvider, error) {
	if clientId == "" || clientSecret == "" || subscriptionId == "" || tenantId == "" || resourceGroup == "" {
		return nil, fmt.Errorf("Azure configuration missing")
	}

	return &DNSProvider{
		clientId:       clientId,
		clientSecret:   clientSecret,
		subscriptionId: subscriptionId,
		tenantId:       tenantId,
		resourceGroup:  resourceGroup,
	}, nil
}

// Timeout returns the timeout and interval to use when checking for DNS
// propagation. Adjusting here to cope with spikes in propagation times.
func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {
	return 120 * time.Second, 2 * time.Second
}

// Present creates a TXT record to fulfil the dns-01 challenge
func (c *DNSProvider) Present(domain, token, keyAuth string) error {
	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
	zone, err := c.getHostedZoneID(fqdn)
	if err != nil {
		return err
	}

	rsc := dns.NewRecordSetsClient(c.subscriptionId)
	spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)
	rsc.Authorizer = autorest.NewBearerAuthorizer(spt)

	relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))
	rec := dns.RecordSet{
		Name: &relative,
		RecordSetProperties: &dns.RecordSetProperties{
			TTL:        to.Int64Ptr(60),
			TxtRecords: &[]dns.TxtRecord{dns.TxtRecord{Value: &[]string{value}}},
		},
	}
	_, err = rsc.CreateOrUpdate(c.resourceGroup, zone, relative, dns.TXT, rec, "", "")

	if err != nil {
		return err
	}

	return nil
}

// Returns the relative record to the domain
func toRelativeRecord(domain, zone string) string {
	return acme.UnFqdn(strings.TrimSuffix(domain, zone))
}

// CleanUp removes the TXT record matching the specified parameters
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)

	zone, err := c.getHostedZoneID(fqdn)
	if err != nil {
		return err
	}

	relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))
	rsc := dns.NewRecordSetsClient(c.subscriptionId)
	spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)
	rsc.Authorizer = autorest.NewBearerAuthorizer(spt)
	_, err = rsc.Delete(c.resourceGroup, zone, relative, dns.TXT, "")
	if err != nil {
		return err
	}

	return nil
}

// Checks that azure has a zone for this domain name.
func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
	if err != nil {
		return "", err
	}

	// Now we want to to Azure and get the zone.
	spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)

	dc := dns.NewZonesClient(c.subscriptionId)
	dc.Authorizer = autorest.NewBearerAuthorizer(spt)

	zone, err := dc.Get(c.resourceGroup, acme.UnFqdn(authZone))

	if err != nil {
		return "", err
	}

	// zone.Name shouldn't have a trailing dot(.)
	return to.String(zone.Name), nil
}

// NewServicePrincipalTokenFromCredentials creates a new ServicePrincipalToken using values of the
// passed credentials map.
func (c *DNSProvider) newServicePrincipalTokenFromCredentials(scope string) (*adal.ServicePrincipalToken, error) {
	oauthConfig, err := adal.NewOAuthConfig(azure.PublicCloud.ActiveDirectoryEndpoint, c.tenantId)
	if err != nil {
		panic(err)
	}
	return adal.NewServicePrincipalToken(*oauthConfig, c.clientId, c.clientSecret, scope)
}
Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`// Package azure implements a DNS provider for solving the DNS-01`
			`// challenge using azure DNS.`
			`// Azure doesn't like trailing dots on domain names, most of the acme code does.`
			`package azure`

			`import (`
			`"fmt"`
			`"os"`
			`"time"`

			`"github.com/Azure/azure-sdk-for-go/arm/dns"`

Update lego 2017-04-07 09:53:39 +00:00			`"strings"`

Update github.com/xenolf/lego to 0.4.1 2017-10-31 09:42:03 +00:00			`"github.com/Azure/go-autorest/autorest"`
			`"github.com/Azure/go-autorest/autorest/adal"`
Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`"github.com/Azure/go-autorest/autorest/azure"`
			`"github.com/Azure/go-autorest/autorest/to"`
			`"github.com/xenolf/lego/acme"`
			`)`

			`// DNSProvider is an implementation of the acme.ChallengeProvider interface`
			`type DNSProvider struct {`
			`clientId string`
			`clientSecret string`
			`subscriptionId string`
			`tenantId string`
			`resourceGroup string`
			`}`

			`// NewDNSProvider returns a DNSProvider instance configured for azure.`
			`// Credentials must be passed in the environment variables: AZURE_CLIENT_ID,`
Bump Lego Version for GoDaddy DNS Provider 2017-11-30 09:44:03 +00:00			`// AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_RESOURCE_GROUP`
Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`func NewDNSProvider() (*DNSProvider, error) {`
			`clientId := os.Getenv("AZURE_CLIENT_ID")`
			`clientSecret := os.Getenv("AZURE_CLIENT_SECRET")`
			`subscriptionId := os.Getenv("AZURE_SUBSCRIPTION_ID")`
			`tenantId := os.Getenv("AZURE_TENANT_ID")`
			`resourceGroup := os.Getenv("AZURE_RESOURCE_GROUP")`
			`return NewDNSProviderCredentials(clientId, clientSecret, subscriptionId, tenantId, resourceGroup)`
			`}`

			`// NewDNSProviderCredentials uses the supplied credentials to return a`
			`// DNSProvider instance configured for azure.`
			`func NewDNSProviderCredentials(clientId, clientSecret, subscriptionId, tenantId, resourceGroup string) (*DNSProvider, error) {`
			`if clientId == "" \|\| clientSecret == "" \|\| subscriptionId == "" \|\| tenantId == "" \|\| resourceGroup == "" {`
			`return nil, fmt.Errorf("Azure configuration missing")`
			`}`

			`return &DNSProvider{`
			`clientId: clientId,`
			`clientSecret: clientSecret,`
			`subscriptionId: subscriptionId,`
			`tenantId: tenantId,`
			`resourceGroup: resourceGroup,`
			`}, nil`
			`}`

			`// Timeout returns the timeout and interval to use when checking for DNS`
			`// propagation. Adjusting here to cope with spikes in propagation times.`
			`func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {`
			`return 120 * time.Second, 2 * time.Second`
			`}`

			`// Present creates a TXT record to fulfil the dns-01 challenge`
			`func (c *DNSProvider) Present(domain, token, keyAuth string) error {`
			`fqdn, value, _ := acme.DNS01Record(domain, keyAuth)`
			`zone, err := c.getHostedZoneID(fqdn)`
			`if err != nil {`
			`return err`
			`}`

			`rsc := dns.NewRecordSetsClient(c.subscriptionId)`
Update github.com/xenolf/lego to 0.4.1 2017-10-31 09:42:03 +00:00			`spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)`
			`rsc.Authorizer = autorest.NewBearerAuthorizer(spt)`

Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))`
			`rec := dns.RecordSet{`
			`Name: &relative,`
			`RecordSetProperties: &dns.RecordSetProperties{`
			`TTL: to.Int64Ptr(60),`
Update lego 2017-04-07 09:53:39 +00:00			`TxtRecords: &[]dns.TxtRecord{dns.TxtRecord{Value: &[]string{value}}},`
Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`},`
			`}`
			`_, err = rsc.CreateOrUpdate(c.resourceGroup, zone, relative, dns.TXT, rec, "", "")`

			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`

			`// Returns the relative record to the domain`
			`func toRelativeRecord(domain, zone string) string {`
			`return acme.UnFqdn(strings.TrimSuffix(domain, zone))`
			`}`

			`// CleanUp removes the TXT record matching the specified parameters`
			`func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {`
			`fqdn, _, _ := acme.DNS01Record(domain, keyAuth)`

			`zone, err := c.getHostedZoneID(fqdn)`
			`if err != nil {`
			`return err`
			`}`

			`relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))`
			`rsc := dns.NewRecordSetsClient(c.subscriptionId)`
Update github.com/xenolf/lego to 0.4.1 2017-10-31 09:42:03 +00:00			`spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)`
			`rsc.Authorizer = autorest.NewBearerAuthorizer(spt)`
Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`_, err = rsc.Delete(c.resourceGroup, zone, relative, dns.TXT, "")`
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`

			`// Checks that azure has a zone for this domain name.`
			`func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {`
			`authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)`
			`if err != nil {`
			`return "", err`
			`}`

			`// Now we want to to Azure and get the zone.`
Update github.com/xenolf/lego to 0.4.1 2017-10-31 09:42:03 +00:00			`spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)`

Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`dc := dns.NewZonesClient(c.subscriptionId)`
Update github.com/xenolf/lego to 0.4.1 2017-10-31 09:42:03 +00:00			`dc.Authorizer = autorest.NewBearerAuthorizer(spt)`

Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`zone, err := dc.Get(c.resourceGroup, acme.UnFqdn(authZone))`

			`if err != nil {`
			`return "", err`
			`}`

			`// zone.Name shouldn't have a trailing dot(.)`
			`return to.String(zone.Name), nil`
			`}`

			`// NewServicePrincipalTokenFromCredentials creates a new ServicePrincipalToken using values of the`
			`// passed credentials map.`
Update github.com/xenolf/lego to 0.4.1 2017-10-31 09:42:03 +00:00			`func (c DNSProvider) newServicePrincipalTokenFromCredentials(scope string) (adal.ServicePrincipalToken, error) {`
			`oauthConfig, err := adal.NewOAuthConfig(azure.PublicCloud.ActiveDirectoryEndpoint, c.tenantId)`
Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`if err != nil {`
			`panic(err)`
			`}`
Update github.com/xenolf/lego to 0.4.1 2017-10-31 09:42:03 +00:00			`return adal.NewServicePrincipalToken(*oauthConfig, c.clientId, c.clientSecret, scope)`
Vendor main dependencies. 2017-02-07 21:33:23 +00:00			`}`