traefik/vendor/github.com/xenolf/lego/providers/dns/pdns/pdns.go

391 lines
8.7 KiB
Go
Raw Normal View History

2017-02-07 22:33:23 +01:00
// Package pdns implements a DNS provider for solving the DNS-01
// challenge using PowerDNS nameserver.
package pdns
import (
"bytes"
"encoding/json"
2018-09-17 15:16:03 +02:00
"errors"
2017-02-07 22:33:23 +01:00
"fmt"
"io"
"net/http"
"net/url"
"strconv"
"strings"
"time"
2018-05-31 09:30:04 +02:00
"github.com/xenolf/lego/acme"
2018-07-03 12:44:04 +02:00
"github.com/xenolf/lego/log"
"github.com/xenolf/lego/platform/config/env"
2017-02-07 22:33:23 +01:00
)
2018-09-17 15:16:03 +02:00
// Config is used to configure the creation of the DNSProvider
type Config struct {
APIKey string
Host *url.URL
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
HTTPClient *http.Client
}
// NewDefaultConfig returns a default configuration for the DNSProvider
func NewDefaultConfig() *Config {
return &Config{
TTL: env.GetOrDefaultInt("PDNS_TTL", 120),
PropagationTimeout: env.GetOrDefaultSecond("PDNS_PROPAGATION_TIMEOUT", 120*time.Second),
PollingInterval: env.GetOrDefaultSecond("PDNS_POLLING_INTERVAL", 2*time.Second),
HTTPClient: &http.Client{
Timeout: env.GetOrDefaultSecond("PDNS_HTTP_TIMEOUT", 30*time.Second),
},
}
}
2018-05-31 09:30:04 +02:00
// DNSProvider is an implementation of the acme.ChallengeProvider interface
2017-02-07 22:33:23 +01:00
type DNSProvider struct {
apiVersion int
2018-09-17 15:16:03 +02:00
config *Config
2017-02-07 22:33:23 +01:00
}
// NewDNSProvider returns a DNSProvider instance configured for pdns.
// Credentials must be passed in the environment variable:
// PDNS_API_URL and PDNS_API_KEY.
func NewDNSProvider() (*DNSProvider, error) {
2018-07-03 12:44:04 +02:00
values, err := env.Get("PDNS_API_KEY", "PDNS_API_URL")
2017-02-07 22:33:23 +01:00
if err != nil {
2018-09-17 15:16:03 +02:00
return nil, fmt.Errorf("pdns: %v", err)
2018-07-03 12:44:04 +02:00
}
hostURL, err := url.Parse(values["PDNS_API_URL"])
if err != nil {
2018-09-17 15:16:03 +02:00
return nil, fmt.Errorf("pdns: %v", err)
2017-02-07 22:33:23 +01:00
}
2018-09-17 15:16:03 +02:00
config := NewDefaultConfig()
config.Host = hostURL
config.APIKey = values["PDNS_API_KEY"]
return NewDNSProviderConfig(config)
2017-02-07 22:33:23 +01:00
}
2018-09-17 15:16:03 +02:00
// NewDNSProviderCredentials uses the supplied credentials
// to return a DNSProvider instance configured for pdns.
// Deprecated
2017-02-07 22:33:23 +01:00
func NewDNSProviderCredentials(host *url.URL, key string) (*DNSProvider, error) {
2018-09-17 15:16:03 +02:00
config := NewDefaultConfig()
config.Host = host
config.APIKey = key
return NewDNSProviderConfig(config)
}
// NewDNSProviderConfig return a DNSProvider instance configured for pdns.
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
return nil, errors.New("pdns: the configuration of the DNS provider is nil")
2017-02-07 22:33:23 +01:00
}
2018-09-17 15:16:03 +02:00
if config.APIKey == "" {
return nil, fmt.Errorf("pdns: API key missing")
2017-02-07 22:33:23 +01:00
}
2018-09-17 15:16:03 +02:00
if config.Host == nil || config.Host.Host == "" {
return nil, fmt.Errorf("pdns: API URL missing")
2018-07-03 12:44:04 +02:00
}
2018-09-17 15:16:03 +02:00
d := &DNSProvider{config: config}
2018-07-03 12:44:04 +02:00
apiVersion, err := d.getAPIVersion()
if err != nil {
2018-09-17 15:16:03 +02:00
log.Warnf("pdns: failed to get API version %v", err)
2017-02-07 22:33:23 +01:00
}
2018-07-03 12:44:04 +02:00
d.apiVersion = apiVersion
2017-02-07 22:33:23 +01:00
2018-07-03 12:44:04 +02:00
return d, nil
2017-02-07 22:33:23 +01:00
}
// Timeout returns the timeout and interval to use when checking for DNS
// propagation. Adjusting here to cope with spikes in propagation times.
2018-07-03 12:44:04 +02:00
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
2018-09-17 15:16:03 +02:00
return d.config.PropagationTimeout, d.config.PollingInterval
2017-02-07 22:33:23 +01:00
}
2018-10-10 16:28:04 +02:00
// Present creates a TXT record to fulfill the dns-01 challenge
2018-07-03 12:44:04 +02:00
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
2018-05-31 09:30:04 +02:00
fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
2018-07-03 12:44:04 +02:00
zone, err := d.getHostedZone(fqdn)
2017-02-07 22:33:23 +01:00
if err != nil {
2018-09-17 15:16:03 +02:00
return fmt.Errorf("pdns: %v", err)
2017-02-07 22:33:23 +01:00
}
name := fqdn
// pre-v1 API wants non-fqdn
2018-07-03 12:44:04 +02:00
if d.apiVersion == 0 {
2018-05-31 09:30:04 +02:00
name = acme.UnFqdn(fqdn)
2017-02-07 22:33:23 +01:00
}
rec := pdnsRecord{
Content: "\"" + value + "\"",
Disabled: false,
// pre-v1 API
Type: "TXT",
Name: name,
2018-09-17 15:16:03 +02:00
TTL: d.config.TTL,
2017-02-07 22:33:23 +01:00
}
rrsets := rrSets{
RRSets: []rrSet{
2018-05-31 09:30:04 +02:00
{
2017-02-07 22:33:23 +01:00
Name: name,
ChangeType: "REPLACE",
Type: "TXT",
Kind: "Master",
2018-09-17 15:16:03 +02:00
TTL: d.config.TTL,
2017-02-07 22:33:23 +01:00
Records: []pdnsRecord{rec},
},
},
}
body, err := json.Marshal(rrsets)
if err != nil {
2018-09-17 15:16:03 +02:00
return fmt.Errorf("pdns: %v", err)
2017-02-07 22:33:23 +01:00
}
2018-07-03 12:44:04 +02:00
_, err = d.makeRequest(http.MethodPatch, zone.URL, bytes.NewReader(body))
2018-09-17 15:16:03 +02:00
if err != nil {
return fmt.Errorf("pdns: %v", err)
}
return nil
2017-02-07 22:33:23 +01:00
}
// CleanUp removes the TXT record matching the specified parameters
2018-07-03 12:44:04 +02:00
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
2018-05-31 09:30:04 +02:00
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
2017-02-07 22:33:23 +01:00
2018-07-03 12:44:04 +02:00
zone, err := d.getHostedZone(fqdn)
2017-02-07 22:33:23 +01:00
if err != nil {
2018-09-17 15:16:03 +02:00
return fmt.Errorf("pdns: %v", err)
2017-02-07 22:33:23 +01:00
}
2018-07-03 12:44:04 +02:00
set, err := d.findTxtRecord(fqdn)
2017-02-07 22:33:23 +01:00
if err != nil {
2018-09-17 15:16:03 +02:00
return fmt.Errorf("pdns: %v", err)
2017-02-07 22:33:23 +01:00
}
rrsets := rrSets{
RRSets: []rrSet{
2018-05-31 09:30:04 +02:00
{
2017-02-07 22:33:23 +01:00
Name: set.Name,
Type: set.Type,
ChangeType: "DELETE",
},
},
}
body, err := json.Marshal(rrsets)
if err != nil {
2018-09-17 15:16:03 +02:00
return fmt.Errorf("pdns: %v", err)
2017-02-07 22:33:23 +01:00
}
2018-07-03 12:44:04 +02:00
_, err = d.makeRequest(http.MethodPatch, zone.URL, bytes.NewReader(body))
2018-09-17 15:16:03 +02:00
if err != nil {
return fmt.Errorf("pdns: %v", err)
}
return nil
2017-02-07 22:33:23 +01:00
}
2018-07-03 12:44:04 +02:00
func (d *DNSProvider) getHostedZone(fqdn string) (*hostedZone, error) {
2017-02-07 22:33:23 +01:00
var zone hostedZone
2018-05-31 09:30:04 +02:00
authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
2017-02-07 22:33:23 +01:00
if err != nil {
return nil, err
}
2018-09-17 15:16:03 +02:00
u := "/servers/localhost/zones"
result, err := d.makeRequest(http.MethodGet, u, nil)
2017-02-07 22:33:23 +01:00
if err != nil {
return nil, err
}
2018-07-03 12:44:04 +02:00
var zones []hostedZone
2017-02-07 22:33:23 +01:00
err = json.Unmarshal(result, &zones)
if err != nil {
return nil, err
}
2018-09-17 15:16:03 +02:00
u = ""
2017-02-07 22:33:23 +01:00
for _, zone := range zones {
2018-05-31 09:30:04 +02:00
if acme.UnFqdn(zone.Name) == acme.UnFqdn(authZone) {
2018-09-17 15:16:03 +02:00
u = zone.URL
2017-02-07 22:33:23 +01:00
}
}
2018-09-17 15:16:03 +02:00
result, err = d.makeRequest(http.MethodGet, u, nil)
2017-02-07 22:33:23 +01:00
if err != nil {
return nil, err
}
err = json.Unmarshal(result, &zone)
if err != nil {
return nil, err
}
// convert pre-v1 API result
if len(zone.Records) > 0 {
zone.RRSets = []rrSet{}
for _, record := range zone.Records {
set := rrSet{
Name: record.Name,
Type: record.Type,
Records: []pdnsRecord{record},
}
zone.RRSets = append(zone.RRSets, set)
}
}
return &zone, nil
}
2018-07-03 12:44:04 +02:00
func (d *DNSProvider) findTxtRecord(fqdn string) (*rrSet, error) {
zone, err := d.getHostedZone(fqdn)
2017-02-07 22:33:23 +01:00
if err != nil {
return nil, err
}
2018-07-03 12:44:04 +02:00
_, err = d.makeRequest(http.MethodGet, zone.URL, nil)
2017-02-07 22:33:23 +01:00
if err != nil {
return nil, err
}
for _, set := range zone.RRSets {
2018-05-31 09:30:04 +02:00
if (set.Name == acme.UnFqdn(fqdn) || set.Name == fqdn) && set.Type == "TXT" {
2017-02-07 22:33:23 +01:00
return &set, nil
}
}
2018-05-31 09:30:04 +02:00
return nil, fmt.Errorf("no existing record found for %s", fqdn)
2017-02-07 22:33:23 +01:00
}
2018-07-03 12:44:04 +02:00
func (d *DNSProvider) getAPIVersion() (int, error) {
2017-02-07 22:33:23 +01:00
type APIVersion struct {
URL string `json:"url"`
Version int `json:"version"`
}
2018-07-03 12:44:04 +02:00
result, err := d.makeRequest(http.MethodGet, "/api", nil)
2017-02-07 22:33:23 +01:00
if err != nil {
2018-07-03 12:44:04 +02:00
return 0, err
2017-02-07 22:33:23 +01:00
}
var versions []APIVersion
err = json.Unmarshal(result, &versions)
if err != nil {
2018-07-03 12:44:04 +02:00
return 0, err
2017-02-07 22:33:23 +01:00
}
latestVersion := 0
for _, v := range versions {
if v.Version > latestVersion {
latestVersion = v.Version
}
}
2018-07-03 12:44:04 +02:00
return latestVersion, err
2017-02-07 22:33:23 +01:00
}
2018-07-03 12:44:04 +02:00
func (d *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) {
2017-02-07 22:33:23 +01:00
type APIError struct {
Error string `json:"error"`
}
2018-07-03 12:44:04 +02:00
2017-02-07 22:33:23 +01:00
var path = ""
2018-09-17 15:16:03 +02:00
if d.config.Host.Path != "/" {
path = d.config.Host.Path
2017-02-07 22:33:23 +01:00
}
2018-07-03 12:44:04 +02:00
if !strings.HasPrefix(uri, "/") {
uri = "/" + uri
}
2018-07-03 12:44:04 +02:00
if d.apiVersion > 0 && !strings.HasPrefix(uri, "/api/v") {
uri = "/api/v" + strconv.Itoa(d.apiVersion) + uri
2017-02-07 22:33:23 +01:00
}
2018-07-03 12:44:04 +02:00
2018-09-17 15:16:03 +02:00
u := d.config.Host.Scheme + "://" + d.config.Host.Host + path + uri
req, err := http.NewRequest(method, u, body)
2017-02-07 22:33:23 +01:00
if err != nil {
return nil, err
}
2018-09-17 15:16:03 +02:00
req.Header.Set("X-API-Key", d.config.APIKey)
2017-02-07 22:33:23 +01:00
2018-09-17 15:16:03 +02:00
resp, err := d.config.HTTPClient.Do(req)
2017-02-07 22:33:23 +01:00
if err != nil {
2018-07-03 12:44:04 +02:00
return nil, fmt.Errorf("error talking to PDNS API -> %v", err)
2017-02-07 22:33:23 +01:00
}
defer resp.Body.Close()
2018-07-03 12:44:04 +02:00
if resp.StatusCode != http.StatusUnprocessableEntity && (resp.StatusCode < 200 || resp.StatusCode >= 300) {
2018-09-17 15:16:03 +02:00
return nil, fmt.Errorf("unexpected HTTP status code %d when fetching '%s'", resp.StatusCode, u)
2017-02-07 22:33:23 +01:00
}
var msg json.RawMessage
err = json.NewDecoder(resp.Body).Decode(&msg)
switch {
case err == io.EOF:
// empty body
return nil, nil
case err != nil:
// other error
return nil, err
}
// check for PowerDNS error message
if len(msg) > 0 && msg[0] == '{' {
var apiError APIError
err = json.Unmarshal(msg, &apiError)
if err != nil {
return nil, err
}
if apiError.Error != "" {
2018-07-03 12:44:04 +02:00
return nil, fmt.Errorf("error talking to PDNS API -> %v", apiError.Error)
2017-02-07 22:33:23 +01:00
}
}
return msg, nil
}
type pdnsRecord struct {
Content string `json:"content"`
Disabled bool `json:"disabled"`
// pre-v1 API
Name string `json:"name"`
Type string `json:"type"`
TTL int `json:"ttl,omitempty"`
}
type hostedZone struct {
ID string `json:"id"`
Name string `json:"name"`
URL string `json:"url"`
RRSets []rrSet `json:"rrsets"`
// pre-v1 API
Records []pdnsRecord `json:"records"`
}
type rrSet struct {
Name string `json:"name"`
Type string `json:"type"`
Kind string `json:"kind"`
ChangeType string `json:"changetype"`
Records []pdnsRecord `json:"records"`
TTL int `json:"ttl,omitempty"`
}
type rrSets struct {
RRSets []rrSet `json:"rrsets"`
}