From 38d655636dc1ee2473447e3ffd563bec6b25476a Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Fri, 21 Sep 2018 18:38:02 +0200 Subject: [PATCH] Fix some DNS providers issues --- Gopkg.lock | 2 +- vendor/github.com/xenolf/lego/acme/client.go | 2 +- .../xenolf/lego/acme/dns_challenge.go | 6 +++- vendor/github.com/xenolf/lego/log/logger.go | 12 +++++++- .../xenolf/lego/providers/dns/azure/azure.go | 10 +++++-- .../lego/providers/dns/gcloud/googlecloud.go | 28 +++++++++++++------ .../xenolf/lego/providers/dns/iij/iij.go | 10 +++++-- .../xenolf/lego/providers/dns/ns1/ns1.go | 22 ++++++--------- 8 files changed, 62 insertions(+), 30 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 111a16957..10f86227c 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -1371,7 +1371,7 @@ "providers/dns/vegadns", "providers/dns/vultr" ] - revision = "83e2300e01226dcb006946873ca5434291fb16ef" + revision = "621237d07213aa6dead90bdf6fd46251220fa669" [[projects]] branch = "master" diff --git a/vendor/github.com/xenolf/lego/acme/client.go b/vendor/github.com/xenolf/lego/acme/client.go index 72e5f63f4..12fd5b37a 100644 --- a/vendor/github.com/xenolf/lego/acme/client.go +++ b/vendor/github.com/xenolf/lego/acme/client.go @@ -593,7 +593,7 @@ func (c *Client) solveChallengeForAuthz(authorizations []authorization) error { } } - // for all valid presolvers, first submit the challenges so they have max time to propigate + // for all valid presolvers, first submit the challenges so they have max time to propagate for _, item := range authSolvers { authz := item.authz i := item.challengeIndex diff --git a/vendor/github.com/xenolf/lego/acme/dns_challenge.go b/vendor/github.com/xenolf/lego/acme/dns_challenge.go index 739566251..630940647 100644 --- a/vendor/github.com/xenolf/lego/acme/dns_challenge.go +++ b/vendor/github.com/xenolf/lego/acme/dns_challenge.go @@ -30,6 +30,9 @@ const ( // DefaultPollingInterval default polling interval DefaultPollingInterval = 2 * time.Second + + // DefaultTTL default TTL + DefaultTTL = 120 ) var defaultNameservers = []string{ @@ -67,7 +70,7 @@ func DNS01Record(domain, keyAuth string) (fqdn string, value string, ttl int) { keyAuthShaBytes := sha256.Sum256([]byte(keyAuth)) // base64URL encoding without padding value = base64.RawURLEncoding.EncodeToString(keyAuthShaBytes[:sha256.Size]) - ttl = 120 + ttl = DefaultTTL fqdn = fmt.Sprintf("_acme-challenge.%s.", domain) return } @@ -149,6 +152,7 @@ func checkDNSPropagation(fqdn, value string) (bool, error) { if err != nil { return false, err } + if r.Rcode == dns.RcodeSuccess { // If we see a CNAME here then use the alias for _, rr := range r.Answer { diff --git a/vendor/github.com/xenolf/lego/log/logger.go b/vendor/github.com/xenolf/lego/log/logger.go index 101a2c993..22ec98f0a 100644 --- a/vendor/github.com/xenolf/lego/log/logger.go +++ b/vendor/github.com/xenolf/lego/log/logger.go @@ -6,7 +6,17 @@ import ( ) // Logger is an optional custom logger. -var Logger = log.New(os.Stdout, "", log.LstdFlags) +var Logger StdLogger = log.New(os.Stdout, "", log.LstdFlags) + +// StdLogger interface for Standard Logger. +type StdLogger interface { + Fatal(args ...interface{}) + Fatalln(args ...interface{}) + Fatalf(format string, args ...interface{}) + Print(args ...interface{}) + Println(args ...interface{}) + Printf(format string, args ...interface{}) +} // Fatal writes a log entry. // It uses Logger if not nil, otherwise it uses the default log.Logger. diff --git a/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go b/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go index 7f1569930..8012aa659 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go +++ b/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go @@ -127,7 +127,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { } _, err = rsc.CreateOrUpdate(ctx, d.config.ResourceGroup, zone, relative, dns.TXT, rec, "", "") - return fmt.Errorf("azure: %v", err) + if err != nil { + return fmt.Errorf("azure: %v", err) + } + return nil } // CleanUp removes the TXT record matching the specified parameters @@ -150,7 +153,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { rsc.Authorizer = autorest.NewBearerAuthorizer(spt) _, err = rsc.Delete(ctx, d.config.ResourceGroup, zone, relative, dns.TXT, "") - return fmt.Errorf("azure: %v", err) + if err != nil { + return fmt.Errorf("azure: %v", err) + } + return nil } // Checks that azure has a zone for this domain name. diff --git a/vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go b/vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go index 36e067a59..d8df7071d 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go +++ b/vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go @@ -131,26 +131,33 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { return fmt.Errorf("googlecloud: %v", err) } + // Look for existing records. + existing, err := d.findTxtRecords(zone, fqdn) + if err != nil { + return fmt.Errorf("googlecloud: %v", err) + } + rec := &dns.ResourceRecordSet{ Name: fqdn, Rrdatas: []string{value}, Ttl: int64(d.config.TTL), Type: "TXT", } - change := &dns.Change{ - Additions: []*dns.ResourceRecordSet{rec}, - } - // Look for existing records. - existing, err := d.findTxtRecords(zone, fqdn) - if err != nil { - return fmt.Errorf("googlecloud: %v", err) - } + change := &dns.Change{} + if len(existing) > 0 { // Attempt to delete the existing records when adding our new one. change.Deletions = existing + + // Append existing TXT record data to the new TXT record data + for _, value := range existing { + rec.Rrdatas = append(rec.Rrdatas, value.Rrdatas...) + } } + change.Additions = []*dns.ResourceRecordSet{rec} + chg, err := d.client.Changes.Create(d.config.Project, zone, change).Do() if err != nil { return fmt.Errorf("googlecloud: %v", err) @@ -188,7 +195,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { } _, err = d.client.Changes.Create(d.config.Project, zone, &dns.Change{Deletions: records}).Do() - return fmt.Errorf("googlecloud: %v", err) + if err != nil { + return fmt.Errorf("googlecloud: %v", err) + } + return nil } // Timeout customizes the timeout values used by the ACME package for checking diff --git a/vendor/github.com/xenolf/lego/providers/dns/iij/iij.go b/vendor/github.com/xenolf/lego/providers/dns/iij/iij.go index 028e335d4..fc09f8638 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/iij/iij.go +++ b/vendor/github.com/xenolf/lego/providers/dns/iij/iij.go @@ -76,7 +76,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { _, value, _ := acme.DNS01Record(domain, keyAuth) err := d.addTxtRecord(domain, value) - return fmt.Errorf("iij: %v", err) + if err != nil { + return fmt.Errorf("iij: %v", err) + } + return nil } // CleanUp removes the TXT record matching the specified parameters @@ -84,7 +87,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { _, value, _ := acme.DNS01Record(domain, keyAuth) err := d.deleteTxtRecord(domain, value) - return fmt.Errorf("iij: %v", err) + if err != nil { + return fmt.Errorf("iij: %v", err) + } + return nil } func (d *DNSProvider) addTxtRecord(domain, value string) error { diff --git a/vendor/github.com/xenolf/lego/providers/dns/ns1/ns1.go b/vendor/github.com/xenolf/lego/providers/dns/ns1/ns1.go index 40dff6c60..05397f27e 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/ns1/ns1.go +++ b/vendor/github.com/xenolf/lego/providers/dns/ns1/ns1.go @@ -85,7 +85,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { func (d *DNSProvider) Present(domain, token, keyAuth string) error { fqdn, value, _ := acme.DNS01Record(domain, keyAuth) - zone, err := d.getHostedZone(domain) + zone, err := d.getHostedZone(fqdn) if err != nil { return fmt.Errorf("ns1: %v", err) } @@ -93,7 +93,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { record := d.newTxtRecord(zone, fqdn, value, d.config.TTL) _, err = d.client.Records.Create(record) if err != nil && err != rest.ErrRecordExists { - return fmt.Errorf("ns1: %v", err) + return fmt.Errorf("ns1: failed to create record [zone: %q, fqdn: %q]: %v", zone.Zone, fqdn, err) } return nil @@ -103,14 +103,14 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { fqdn, _, _ := acme.DNS01Record(domain, keyAuth) - zone, err := d.getHostedZone(domain) + zone, err := d.getHostedZone(fqdn) if err != nil { return fmt.Errorf("ns1: %v", err) } name := acme.UnFqdn(fqdn) _, err = d.client.Records.Delete(zone.Zone, name, "TXT") - return fmt.Errorf("ns1: %v", err) + return fmt.Errorf("ns1: failed to delete record [zone: %q, domain: %q]: %v", zone.Zone, name, err) } // Timeout returns the timeout and interval to use when checking for DNS propagation. @@ -119,15 +119,15 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) { return d.config.PropagationTimeout, d.config.PollingInterval } -func (d *DNSProvider) getHostedZone(domain string) (*dns.Zone, error) { - authZone, err := getAuthZone(domain) +func (d *DNSProvider) getHostedZone(fqdn string) (*dns.Zone, error) { + authZone, err := getAuthZone(fqdn) if err != nil { - return nil, fmt.Errorf("ns1: %v", err) + return nil, fmt.Errorf("failed to extract auth zone from fqdn %q: %v", fqdn, err) } zone, _, err := d.client.Zones.Get(authZone) if err != nil { - return nil, fmt.Errorf("ns1: %v", err) + return nil, fmt.Errorf("failed to get zone [authZone: %q, fqdn: %q]: %v", authZone, fqdn, err) } return zone, nil @@ -139,11 +139,7 @@ func getAuthZone(fqdn string) (string, error) { return "", err } - if strings.HasSuffix(authZone, ".") { - authZone = authZone[:len(authZone)-len(".")] - } - - return authZone, err + return strings.TrimSuffix(authZone, "."), nil } func (d *DNSProvider) newTxtRecord(zone *dns.Zone, fqdn, value string, ttl int) *dns.Record {