baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge tag 'v1.6.3' into master

Browse source
This commit is contained in:
Fernandez Ludovic 2018-06-05 22:55:19 +02:00
commit a5beeb4f04
142 changed files with 5276 additions and 1868 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
CHANGELOG.md
View file

@ -1,5 +1,31 @@
# Change Log # Change Log
## [v1.6.3](https://github.com/containous/traefik/tree/v1.6.3) (2018-06-05)
[All Commits](https://github.com/containous/traefik/compare/v1.6.2...v1.6.3)
**Enhancements:**
- **[acme]** Add user agent for ACME ([#3431](https://github.com/containous/traefik/pull/3431) by [ldez](https://github.com/ldez))
- **[acme]** Use to the stable version of Lego ([#3418](https://github.com/containous/traefik/pull/3418) by [ldez](https://github.com/ldez))
**Bug fixes:**
- **[acme,cluster]** Improve ACME account registration URI management ([#3398](https://github.com/containous/traefik/pull/3398) by [nmengin](https://github.com/nmengin))
- **[acme,cluster]** Remove ACME empty certificates from KV store ([#3389](https://github.com/containous/traefik/pull/3389) by [nmengin](https://github.com/nmengin))
- **[consulcatalog]** Reflect changes in catalog healthy nodes in healthCheck watch ([#3390](https://github.com/containous/traefik/pull/3390) by [thebinary](https://github.com/thebinary))
- **[consulcatalog]** Detect change when service or node are in maintenance mode ([#3434](https://github.com/containous/traefik/pull/3434) by [mmatur](https://github.com/mmatur))
- **[k8s]** Update Kubernetes provider to support IPv6 Backends ([#3432](https://github.com/containous/traefik/pull/3432) by [dtomcej](https://github.com/dtomcej))
- **[logs,middleware]** Add URL and Host for some access logs. ([#3430](https://github.com/containous/traefik/pull/3430) by [ldez](https://github.com/ldez))
- **[metrics]** Improve Prometheus metrics removal ([#3287](https://github.com/containous/traefik/pull/3287) by [marco-jantke](https://github.com/marco-jantke))
- **[middleware]** Whitelist and XFF. ([#3411](https://github.com/containous/traefik/pull/3411) by [ldez](https://github.com/ldez))
- **[middleware]** Error pages and header merge ([#3394](https://github.com/containous/traefik/pull/3394) by [ldez](https://github.com/ldez))
- **[websocket]** Includes the headers in the HTTP response of a websocket request ([#3425](https://github.com/containous/traefik/pull/3425) by [geraldcroes](https://github.com/geraldcroes))
- **[webui]** Webui Whitelist overflow. ([#3412](https://github.com/containous/traefik/pull/3412) by [ldez](https://github.com/ldez))
**Documentation:**
- **[acme]** Docs: ACME Overhaul ([#3421](https://github.com/containous/traefik/pull/3421) by [Dargmuesli](https://github.com/Dargmuesli))
- **[acme]** Minor documentation changes ([#3405](https://github.com/containous/traefik/pull/3405) by [amincheloh](https://github.com/amincheloh))
- **[k8s]** Helm installation using values ([#3392](https://github.com/containous/traefik/pull/3392) by [erikaulin](https://github.com/erikaulin))
- **[k8s]** Update Kubernetes Port Documentation ([#3368](https://github.com/containous/traefik/pull/3368) by [dtomcej](https://github.com/dtomcej))
## [v1.6.2](https://github.com/containous/traefik/tree/v1.6.2) (2018-05-22) ## [v1.6.2](https://github.com/containous/traefik/tree/v1.6.2) (2018-05-22)
[All Commits](https://github.com/containous/traefik/compare/v1.6.1...v1.6.2) [All Commits](https://github.com/containous/traefik/compare/v1.6.1...v1.6.2)

30
Gopkg.lock generated
View file

@ -318,9 +318,10 @@
version = "v3.2.0" version = "v3.2.0"
[[projects]] [[projects]]
branch = "master"
name = "github.com/dnsimple/dnsimple-go" name = "github.com/dnsimple/dnsimple-go"
packages = ["dnsimple"] packages = ["dnsimple"]
revision = "f2d9b723cc9547d182e24ac2e527ae25d25fc93f" revision = "bbe1a2c87affea187478e24d3aea3cac25f870b3"
[[projects]] [[projects]]
name = "github.com/docker/cli" name = "github.com/docker/cli"
@ -757,6 +758,7 @@
version = "v1.3.7" version = "v1.3.7"
[[projects]] [[projects]]
branch = "master"
name = "github.com/jjcollinge/servicefabric" name = "github.com/jjcollinge/servicefabric"
packages = ["."] packages = ["."]
revision = "8eebe170fa1ba25d3dfb928b3f86a7313b13b9fe" revision = "8eebe170fa1ba25d3dfb928b3f86a7313b13b9fe"
@ -987,9 +989,10 @@
revision = "1f5c07e90700ae93ddcba0c7af7d9c7201646ccc" revision = "1f5c07e90700ae93ddcba0c7af7d9c7201646ccc"
[[projects]] [[projects]]
branch = "master"
name = "github.com/ovh/go-ovh" name = "github.com/ovh/go-ovh"
packages = ["ovh"] packages = ["ovh"]
revision = "4b1fea467323b74c5f462f0947f402b428ca0626" revision = "91b7eb631d2eced3e706932a0b36ee8b5ee22e92"
[[projects]] [[projects]]
branch = "master" branch = "master"
@ -1212,7 +1215,7 @@
"roundrobin", "roundrobin",
"utils" "utils"
] ]
revision = "6956548a7fa4272adeadf828455109c53933ea86" revision = "7a2284ad8d6f4d362a6b38f3cdcc812291dce293"
[[projects]] [[projects]]
name = "github.com/vulcand/predicate" name = "github.com/vulcand/predicate"
@ -1238,10 +1241,11 @@
revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70" revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70"
[[projects]] [[projects]]
branch = "containous-fork" branch = "master"
name = "github.com/xenolf/lego" name = "github.com/xenolf/lego"
packages = [ packages = [
"acmev2", "acme",
"log",
"providers/dns", "providers/dns",
"providers/dns/auroradns", "providers/dns/auroradns",
"providers/dns/azure", "providers/dns/azure",
@ -1259,9 +1263,9 @@
"providers/dns/fastdns", "providers/dns/fastdns",
"providers/dns/gandi", "providers/dns/gandi",
"providers/dns/gandiv5", "providers/dns/gandiv5",
"providers/dns/gcloud",
"providers/dns/glesys", "providers/dns/glesys",
"providers/dns/godaddy", "providers/dns/godaddy",
"providers/dns/googlecloud",
"providers/dns/lightsail", "providers/dns/lightsail",
"providers/dns/linode", "providers/dns/linode",
"providers/dns/namecheap", "providers/dns/namecheap",
@ -1275,8 +1279,7 @@
"providers/dns/route53", "providers/dns/route53",
"providers/dns/vultr" "providers/dns/vultr"
] ]
revision = "3d653ee2ee38f1d71beb5f09b37b23344eff0ab3" revision = "7fedfd1388f016c7ca7ed92a7f2024d06a7e20d8"
source = "github.com/containous/lego"
[[projects]] [[projects]]
branch = "master" branch = "master"
@ -1316,6 +1319,7 @@
revision = "22ae77b79946ea320088417e4d50825671d82d57" revision = "22ae77b79946ea320088417e4d50825671d82d57"
[[projects]] [[projects]]
branch = "master"
name = "golang.org/x/oauth2" name = "golang.org/x/oauth2"
packages = [ packages = [
".", ".",
@ -1324,7 +1328,7 @@
"jws", "jws",
"jwt" "jwt"
] ]
revision = "7fdf09982454086d5570c7db3e11f360194830ca" revision = "ec22f46f877b4505e0117eeaab541714644fdd28"
[[projects]] [[projects]]
branch = "master" branch = "master"
@ -1363,6 +1367,7 @@
revision = "8be79e1e0910c292df4e79c241bb7e8f7e725959" revision = "8be79e1e0910c292df4e79c241bb7e8f7e725959"
[[projects]] [[projects]]
branch = "master"
name = "google.golang.org/api" name = "google.golang.org/api"
packages = [ packages = [
"dns/v1", "dns/v1",
@ -1370,7 +1375,7 @@
"googleapi", "googleapi",
"googleapi/internal/uritemplates" "googleapi/internal/uritemplates"
] ]
revision = "1575df15c1bb8b18ad4d9bc5ca495cc85b0764fe" revision = "de943baf05a022a8f921b544b7827bacaba1aed5"
[[projects]] [[projects]]
name = "google.golang.org/appengine" name = "google.golang.org/appengine"
@ -1451,6 +1456,7 @@
revision = "cb884138e64c9a8bf5c7d6106d74b0fca082df0c" revision = "cb884138e64c9a8bf5c7d6106d74b0fca082df0c"
[[projects]] [[projects]]
branch = "v2"
name = "gopkg.in/ns1/ns1-go.v2" name = "gopkg.in/ns1/ns1-go.v2"
packages = [ packages = [
"rest", "rest",
@ -1460,7 +1466,7 @@
"rest/model/filter", "rest/model/filter",
"rest/model/monitor" "rest/model/monitor"
] ]
revision = "c563826f4cbef9c11bebeb9f20a3f7afe9c1e2f4" revision = "a5bcac82d3f637d3928d30476610891935b2d691"
[[projects]] [[projects]]
name = "gopkg.in/square/go-jose.v2" name = "gopkg.in/square/go-jose.v2"
@ -1681,6 +1687,6 @@
[solve-meta] [solve-meta]
analyzer-name = "dep" analyzer-name = "dep"
analyzer-version = 1 analyzer-version = 1
inputs-digest = "4d18e76b6d54a2698d3f1acd9f43110c609e3f61e72d480b9acd2327720dcc5c" inputs-digest = "f9bdfe14aca106f6bfc75da6f7282791c12c503b65581797bbb484566858a2f3"
solver-name = "gps-cdcl" solver-name = "gps-cdcl"
solver-version = 1 solver-version = 1

4
Gopkg.toml
View file

@ -181,9 +181,9 @@
name = "github.com/vulcand/oxy" name = "github.com/vulcand/oxy"
[[constraint]] [[constraint]]
branch = "containous-fork" branch = "master"
name = "github.com/xenolf/lego" name = "github.com/xenolf/lego"
source = "github.com/containous/lego" # version = "1.0.0"
[[constraint]] [[constraint]]
name = "google.golang.org/grpc" name = "google.golang.org/grpc"

43
acme/account.go
View file

@ -8,6 +8,7 @@ import (
"crypto/x509" "crypto/x509"
"fmt" "fmt"
"reflect" "reflect"
"regexp"
"sort" "sort"
"strings" "strings"
"sync" "sync"
@ -16,7 +17,7 @@ import (
"github.com/containous/traefik/log" "github.com/containous/traefik/log"
acmeprovider "github.com/containous/traefik/provider/acme" acmeprovider "github.com/containous/traefik/provider/acme"
"github.com/containous/traefik/types" "github.com/containous/traefik/types"
acme "github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// Account is used to store lets encrypt registration info // Account is used to store lets encrypt registration info
@ -44,6 +45,11 @@ func (a *Account) Init() error {
return err return err
} }
err = a.RemoveAccountV1Values()
if err != nil {
log.Errorf("Unable to remove ACME Account V1 values during account initialization: %v", err)
}
for _, cert := range a.ChallengeCerts { for _, cert := range a.ChallengeCerts {
if cert.certificate == nil { if cert.certificate == nil {
certificate, err := tls.X509KeyPair(cert.Certificate, cert.PrivateKey) certificate, err := tls.X509KeyPair(cert.Certificate, cert.PrivateKey)
@ -108,6 +114,29 @@ func (a *Account) GetPrivateKey() crypto.PrivateKey {
return nil return nil
} }
// RemoveAccountV1Values removes ACME account V1 values
func (a *Account) RemoveAccountV1Values() error {
// Check if ACME Account is in ACME V1 format
if a.Registration != nil {
isOldRegistration, err := regexp.MatchString(acmeprovider.RegistrationURLPathV1Regexp, a.Registration.URI)
if err != nil {
return err
}
if isOldRegistration {
a.reset()
}
}
return nil
}
func (a *Account) reset() {
log.Debug("Reset ACME account object.")
a.Email = ""
a.Registration = nil
a.PrivateKey = nil
}
// Certificate is used to store certificate info // Certificate is used to store certificate info
type Certificate struct { type Certificate struct {
Domain string Domain string
@ -157,11 +186,23 @@ func (dc *DomainsCertificates) removeDuplicates() {
} }
} }
func (dc *DomainsCertificates) removeEmpty() {
certs := []*DomainsCertificate{}
for _, cert := range dc.Certs {
if cert.Certificate != nil && len(cert.Certificate.Certificate) > 0 && len(cert.Certificate.PrivateKey) > 0 {
certs = append(certs, cert)
}
}
dc.Certs = certs
}
// Init DomainsCertificates // Init DomainsCertificates
func (dc *DomainsCertificates) Init() error { func (dc *DomainsCertificates) Init() error {
dc.lock.Lock() dc.lock.Lock()
defer dc.lock.Unlock() defer dc.lock.Unlock()
dc.removeEmpty()
for _, domainsCertificate := range dc.Certs { for _, domainsCertificate := range dc.Certs {
tlsCert, err := tls.X509KeyPair(domainsCertificate.Certificate.Certificate, domainsCertificate.Certificate.PrivateKey) tlsCert, err := tls.X509KeyPair(domainsCertificate.Certificate.Certificate, domainsCertificate.Certificate.PrivateKey)
if err != nil { if err != nil {

15
acme/acme.go
View file

@ -25,8 +25,10 @@ import (
"github.com/containous/traefik/safe" "github.com/containous/traefik/safe"
"github.com/containous/traefik/tls/generate" "github.com/containous/traefik/tls/generate"
"github.com/containous/traefik/types" "github.com/containous/traefik/types"
"github.com/containous/traefik/version"
"github.com/eapache/channels" "github.com/eapache/channels"
acme "github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
legolog "github.com/xenolf/lego/log"
"github.com/xenolf/lego/providers/dns" "github.com/xenolf/lego/providers/dns"
) )
@ -42,7 +44,7 @@ type ACME struct {
Domains []types.Domain `description:"SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='main.net,san1.net,san2.net'"` Domains []types.Domain `description:"SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='main.net,san1.net,san2.net'"`
Storage string `description:"File or key used for certificates storage."` Storage string `description:"File or key used for certificates storage."`
StorageFile string // Deprecated StorageFile string // Deprecated
OnDemand bool `description:"(Deprecated) Enable on demand certificate generation. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate."` //deprecated OnDemand bool `description:"(Deprecated) Enable on demand certificate generation. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate."` // Deprecated
OnHostRule bool `description:"Enable certificate generation on frontends Host rules."` OnHostRule bool `description:"Enable certificate generation on frontends Host rules."`
CAServer string `description:"CA server to use."` CAServer string `description:"CA server to use."`
EntryPoint string `description:"Entrypoint to proxy acme challenge to."` EntryPoint string `description:"Entrypoint to proxy acme challenge to."`
@ -64,10 +66,11 @@ type ACME struct {
} }
func (a *ACME) init() error { func (a *ACME) init() error {
acme.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version)
if a.ACMELogging { if a.ACMELogging {
acme.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags) legolog.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags)
} else { } else {
acme.Logger = fmtlog.New(ioutil.Discard, "", 0) legolog.Logger = fmtlog.New(ioutil.Discard, "", 0)
} }
// no certificates in TLS config, so we add a default one // no certificates in TLS config, so we add a default one
cert, err := generate.DefaultCertificate() cert, err := generate.DefaultCertificate()
@ -180,6 +183,10 @@ func (a *ACME) leadershipListener(elected bool) error {
account := object.(*Account) account := object.(*Account)
account.Init() account.Init()
// Reset Account values if caServer changed, thus registration URI can be updated
if account != nil && account.Registration != nil && !strings.HasPrefix(account.Registration.URI, a.CAServer) {
account.reset()
}
var needRegister bool var needRegister bool
if account == nil || len(account.Email) == 0 { if account == nil || len(account.Email) == 0 {

268
acme/acme_test.go
View file

@ -6,6 +6,7 @@ import (
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"reflect" "reflect"
"sort"
"sync" "sync"
"testing" "testing"
"time" "time"
@ -14,7 +15,7 @@ import (
"github.com/containous/traefik/tls/generate" "github.com/containous/traefik/tls/generate"
"github.com/containous/traefik/types" "github.com/containous/traefik/types"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
acme "github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
func TestDomainsSet(t *testing.T) { func TestDomainsSet(t *testing.T) {
@ -550,3 +551,268 @@ func TestAcme_getCertificateForDomain(t *testing.T) {
}) })
} }
} }
func TestRemoveEmptyCertificates(t *testing.T) {
now := time.Now()
fooCert, fooKey, _ := generate.KeyPair("foo.com", now)
acmeCert, acmeKey, _ := generate.KeyPair("acme.wtf", now.Add(24*time.Hour))
barCert, barKey, _ := generate.KeyPair("bar.com", now)
testCases := []struct {
desc string
dc *DomainsCertificates
expectedDc *DomainsCertificates
}{
{
desc: "No empty certificate",
dc: &DomainsCertificates{
Certs: []*DomainsCertificate{
{
Certificate: &Certificate{
Certificate: fooCert,
PrivateKey: fooKey,
},
Domains: types.Domain{
Main: "foo.com",
},
},
{
Certificate: &Certificate{
Certificate: acmeCert,
PrivateKey: acmeKey,
},
Domains: types.Domain{
Main: "acme.wtf",
},
},
{
Certificate: &Certificate{
Certificate: barCert,
PrivateKey: barKey,
},
Domains: types.Domain{
Main: "bar.com",
},
},
},
},
expectedDc: &DomainsCertificates{
Certs: []*DomainsCertificate{
{
Certificate: &Certificate{
Certificate: fooCert,
PrivateKey: fooKey,
},
Domains: types.Domain{
Main: "foo.com",
},
},
{
Certificate: &Certificate{
Certificate: acmeCert,
PrivateKey: acmeKey,
},
Domains: types.Domain{
Main: "acme.wtf",
},
},
{
Certificate: &Certificate{
Certificate: barCert,
PrivateKey: barKey,
},
Domains: types.Domain{
Main: "bar.com",
},
},
},
},
},
{
desc: "First certificate is nil",
dc: &DomainsCertificates{
Certs: []*DomainsCertificate{
{
Domains: types.Domain{
Main: "foo.com",
},
},
{
Certificate: &Certificate{
Certificate: acmeCert,
PrivateKey: acmeKey,
},
Domains: types.Domain{
Main: "acme.wtf",
},
},
{
Certificate: &Certificate{
Certificate: barCert,
PrivateKey: barKey,
},
Domains: types.Domain{
Main: "bar.com",
},
},
},
},
expectedDc: &DomainsCertificates{
Certs: []*DomainsCertificate{
{
Certificate: &Certificate{
Certificate: acmeCert,
PrivateKey: acmeKey,
},
Domains: types.Domain{
Main: "acme.wtf",
},
},
{
Certificate: &Certificate{
Certificate: nil,
PrivateKey: barKey,
},
Domains: types.Domain{
Main: "bar.com",
},
},
},
},
},
{
desc: "Last certificate is empty",
dc: &DomainsCertificates{
Certs: []*DomainsCertificate{
{
Certificate: &Certificate{
Certificate: fooCert,
PrivateKey: fooKey,
},
Domains: types.Domain{
Main: "foo.com",
},
},
{
Certificate: &Certificate{
Certificate: acmeCert,
PrivateKey: acmeKey,
},
Domains: types.Domain{
Main: "acme.wtf",
},
},
{
Certificate: &Certificate{},
Domains: types.Domain{
Main: "bar.com",
},
},
},
},
expectedDc: &DomainsCertificates{
Certs: []*DomainsCertificate{
{
Certificate: &Certificate{
Certificate: fooCert,
PrivateKey: fooKey,
},
Domains: types.Domain{
Main: "foo.com",
},
},
{
Certificate: &Certificate{
Certificate: acmeCert,
PrivateKey: acmeKey,
},
Domains: types.Domain{
Main: "acme.wtf",
},
},
},
},
},
{
desc: "First and last certificates are nil or empty",
dc: &DomainsCertificates{
Certs: []*DomainsCertificate{
{
Domains: types.Domain{
Main: "foo.com",
},
},
{
Certificate: &Certificate{
Certificate: acmeCert,
PrivateKey: acmeKey,
},
Domains: types.Domain{
Main: "acme.wtf",
},
},
{
Certificate: &Certificate{},
Domains: types.Domain{
Main: "bar.com",
},
},
},
},
expectedDc: &DomainsCertificates{
Certs: []*DomainsCertificate{
{
Certificate: &Certificate{
Certificate: acmeCert,
PrivateKey: acmeKey,
},
Domains: types.Domain{
Main: "acme.wtf",
},
},
},
},
},
{
desc: "All certificates are nil or empty",
dc: &DomainsCertificates{
Certs: []*DomainsCertificate{
{
Domains: types.Domain{
Main: "foo.com",
},
},
{
Domains: types.Domain{
Main: "foo24.com",
},
},
{
Certificate: &Certificate{},
Domains: types.Domain{
Main: "bar.com",
},
},
},
},
expectedDc: &DomainsCertificates{
Certs: []*DomainsCertificate{},
},
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
a := &Account{DomainsCertificate: *test.dc}
a.Init()
assert.Equal(t, len(test.expectedDc.Certs), len(a.DomainsCertificate.Certs))
sort.Sort(&a.DomainsCertificate)
sort.Sort(test.expectedDc)
for key, value := range test.expectedDc.Certs {
assert.Equal(t, value.Domains.Main, a.DomainsCertificate.Certs[key].Domains.Main)
}
})
}
}

2
acme/challenge_http_provider.go
View file

@ -9,7 +9,7 @@ import (
"github.com/containous/traefik/cluster" "github.com/containous/traefik/cluster"
"github.com/containous/traefik/log" "github.com/containous/traefik/log"
"github.com/containous/traefik/safe" "github.com/containous/traefik/safe"
acme "github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
var _ acme.ChallengeProviderTimeout = (*challengeHTTPProvider)(nil) var _ acme.ChallengeProviderTimeout = (*challengeHTTPProvider)(nil)

26
acme/localStore.go
View file

@ -4,7 +4,6 @@ import (
"encoding/json" "encoding/json"
"io/ioutil" "io/ioutil"
"os" "os"
"regexp"
"github.com/containous/traefik/log" "github.com/containous/traefik/log"
"github.com/containous/traefik/provider/acme" "github.com/containous/traefik/provider/acme"
@ -51,25 +50,6 @@ func (s *LocalStore) Get() (*Account, error) {
return account, nil return account, nil
} }
// RemoveAccountV1Values removes ACME account V1 values
func RemoveAccountV1Values(account *Account) error {
// Check if ACME Account is in ACME V1 format
if account != nil && account.Registration != nil {
isOldRegistration, err := regexp.MatchString(acme.RegistrationURLPathV1Regexp, account.Registration.URI)
if err != nil {
return err
}
if isOldRegistration {
account.Email = ""
account.Registration = nil
account.PrivateKey = nil
account.KeyType = "RSA4096"
}
}
return nil
}
// ConvertToNewFormat converts old acme.json format to the new one and store the result into the file (used for the backward compatibility) // ConvertToNewFormat converts old acme.json format to the new one and store the result into the file (used for the backward compatibility)
func ConvertToNewFormat(fileName string) { func ConvertToNewFormat(fileName string) {
localStore := acme.NewLocalStore(fileName) localStore := acme.NewLocalStore(fileName)
@ -100,13 +80,13 @@ func ConvertToNewFormat(fileName string) {
if account != nil && len(account.Email) > 0 { if account != nil && len(account.Email) > 0 {
err = backupACMEFile(fileName, account) err = backupACMEFile(fileName, account)
if err != nil { if err != nil {
log.Errorf("Unable to create a backup for the V1 formatted ACME file: %s", err.Error()) log.Errorf("Unable to create a backup for the V1 formatted ACME file: %v", err)
return return
} }
err = RemoveAccountV1Values(account) err = account.RemoveAccountV1Values()
if err != nil { if err != nil {
log.Errorf("Unable to remove ACME Account V1 values: %s", err.Error()) log.Errorf("Unable to remove ACME Account V1 values during format conversion: %v", err)
return return
} }

2
cmd/storeconfig/storeconfig.go
View file

@ -145,7 +145,7 @@ func migrateACMEData(fileName string) (*acme.Account, error) {
return nil, err return nil, err
} }
err = acme.RemoveAccountV1Values(account) err = account.RemoveAccountV1Values()
if err != nil { if err != nil {
return nil, err return nil, err
} }

485
docs/configuration/acme.md
View file

@ -1,6 +1,6 @@
# ACME (Let's Encrypt) configuration # ACME (Let's Encrypt) Configuration
See also [Let's Encrypt examples](/user-guide/examples/#lets-encrypt-support) and [Docker & Let's Encrypt user guide](/user-guide/docker-and-lets-encrypt). See [Let's Encrypt examples](/user-guide/examples/#lets-encrypt-support) and [Docker & Let's Encrypt user guide](/user-guide/docker-and-lets-encrypt) as well.
## Configuration ## Configuration
@ -70,14 +70,14 @@ entryPoint = "https"
# #
# overrideCertificates = true # overrideCertificates = true
# Enable on demand certificate generation. # Deprecated. Enable on demand certificate generation.
# #
# Optional (Deprecated) # Optional
# Default: false # Default: false
# #
# onDemand = true # onDemand = true
# Enable certificate generation on frontends Host rules. # Enable certificate generation on frontends host rules.
# #
# Optional # Optional
# Default: false # Default: false
@ -85,8 +85,8 @@ entryPoint = "https"
# onHostRule = true # onHostRule = true
# CA server to use. # CA server to use.
# - Uncomment the line to run on the staging let's encrypt server. # Uncomment the line to use Let's Encrypt's staging server,
# - Leave comment to go to prod. # leave commented to go to prod.
# #
# Optional # Optional
# Default: "https://acme-v02.api.letsencrypt.org/directory" # Default: "https://acme-v02.api.letsencrypt.org/directory"
@ -110,15 +110,13 @@ entryPoint = "https"
# sans = ["test1.local1.com", "test2.local1.com"] # sans = ["test1.local1.com", "test2.local1.com"]
# [[acme.domains]] # [[acme.domains]]
# main = "local2.com" # main = "local2.com"
# sans = ["test1.local2.com", "test2.local2.com"]
# [[acme.domains]] # [[acme.domains]]
# main = "local3.com" # main = "*.local3.com"
# [[acme.domains]] # sans = ["local3.com", "test1.test1.local3.com"]
# main = "local4.com"
# Use a HTTP-01 acme challenge. # Use a HTTP-01 ACME challenge.
# #
# Optional but recommend # Optional (but recommended)
# #
[acme.httpChallenge] [acme.httpChallenge]
@ -128,21 +126,21 @@ entryPoint = "https"
# #
entryPoint = "http" entryPoint = "http"
# Use a DNS-01/DNS-01 acme challenge rather than HTTP-01 challenge. # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
# Note : Mandatory for wildcard certificates generation. # Note: mandatory for wildcard certificate generation.
# #
# Optional # Optional
# #
# [acme.dnsChallenge] # [acme.dnsChallenge]
# Provider used. # DNS provider used.
# #
# Required # Required
# #
# provider = "digitalocean" # provider = "digitalocean"
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify. # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
# If delayBeforeCheck is greater than zero, avoid this & instead just wait so many seconds. # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
# Useful if internal networks block external DNS queries. # Useful if internal networks block external DNS queries.
# #
# Optional # Optional
@ -151,98 +149,134 @@ entryPoint = "https"
# delayBeforeCheck = 0 # delayBeforeCheck = 0
``` ```
!!! note ### `caServer`
If `HTTP-01` challenge is used, `acme.httpChallenge.entryPoint` has to be defined and reachable by Let's Encrypt through the port 80.
These are Let's Encrypt limitations as described on the [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72).
!!! note The CA server to use.
Wildcard certificates can be generated only if `acme.dnsChallenge`
option is enable.
### Let's Encrypt downtime This example shows the usage of Let's Encrypt's staging server:
Let's Encrypt functionality will be limited until Træfik is restarted.
If Let's Encrypt is not reachable, these certificates will be used :
- ACME certificates already generated before downtime
- Expired ACME certificates
- Provided certificates
!!! note
Default Træfik certificate will be used instead of ACME certificates for new (sub)domains (which need Let's Encrypt challenge).
### `storage`
```toml ```toml
[acme] [acme]
# ... # ...
storage = "acme.json" caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ... # ...
``` ```
The `storage` option sets where are stored your ACME certificates. ### `dnsChallenge`
There are two kind of `storage` : Use the `DNS-01` challenge to generate and renew ACME certificates by provisioning a DNS record.
- a JSON file, ```toml
- a KV store entry. [acme]
# ...
[acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
!!! danger "DEPRECATED" #### `delayBeforeCheck`
`storage` replaces `storageFile` which is deprecated.
By default, the `provider` will verify the TXT DNS challenge record before letting ACME verify.
If `delayBeforeCheck` is greater than zero, this check is delayed for the configured duration in seconds.
Useful if internal networks block external DNS queries.
!!! note !!! note
During Træfik configuration migration from a configuration file to a KV store (thanks to `storeconfig` subcommand as described [here](/user-guide/kv-config/#store-configuration-in-key-value-store)), if ACME certificates have to be migrated too, use both `storageFile` and `storage`. A `provider` is mandatory.
- `storageFile` will contain the path to the `acme.json` file to migrate. #### `provider`
- `storage` will contain the key where the certificates will be stored.
#### Store data in a file Here is a list of supported `provider`s, that can automate the DNS verification, along with the required environment variables and their [wildcard & root domain support](/configuration/acme/#wildcard-domains) for each. Do not hesitate to complete it.
ACME certificates can be stored in a JSON file which with the `600` right mode. | Provider Name | Provider Code | Environment Variables | Wildcard & Root Domain Support |
|--------------------------------------------------------|----------------|-----------------------------------------------------------------------------------------------------------------------------|--------------------------------|
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | Not tested yet |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP` | Not tested yet |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | Not tested yet |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CLOUDFLARE_EMAIL`, `CLOUDFLARE_API_KEY` - The `Global API Key` needs to be used, not the `Origin CA Key` | YES |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | Not tested yet |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | YES |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | Not tested yet |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | Not tested yet |
| [DNSPod](http://www.dnspod.net/) | `dnspod` | `DNSPOD_API_KEY` | Not tested yet |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | Not tested yet |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | Not tested yet |
| External Program | `exec` | `EXEC_PATH` | Not tested yet |
| [Exoscale](https://www.exoscale.ch) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | Not tested yet |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | Not tested yet |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | Not tested yet |
| [Gandi V5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | Not tested yet |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | Not tested yet |
| [GoDaddy](https://godaddy.com/domains) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | Not tested yet |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, `GCE_SERVICE_ACCOUNT_FILE` | YES |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | Not tested yet |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | Not tested yet |
| manual | - | none, but you need to run Træfik interactively, turn on `acmeLogging` to see instructions and press <kbd>Enter</kbd>. | YES |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | Not tested yet |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | Not tested yet |
| [Ns1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | Not tested yet |
| [Open Telekom Cloud](https://cloud.telekom.de/en/) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | Not tested yet |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | YES |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | Not tested yet |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | Not tested yet |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | Not tested yet |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`, `AWS_HOSTED_ZONE_ID` or a configured user/instance IAM profile. | YES |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | Not tested yet |
There are two ways to store ACME certificates in a file from Docker: ### `domains`
You can provide SANs (alternative domains) to each main domain.
All domains must have A/AAAA records pointing to Træfik.
Each domain & SAN will lead to a certificate request.
- create a file on your host and mount it as a volume:
```toml ```toml
storage = "acme.json" [acme]
``` # ...
```bash [[acme.domains]]
docker run -v "/my/host/acme.json:acme.json" traefik main = "local1.com"
``` sans = ["test1.local1.com", "test2.local1.com"]
- mount the folder containing the file as a volume [[acme.domains]]
```toml main = "local2.com"
storage = "/etc/traefik/acme/acme.json" [[acme.domains]]
``` main = "*.local3.com"
```bash sans = ["local3.com", "test1.test1.local3.com"]
docker run -v "/my/host/acme:/etc/traefik/acme" traefik # ...
``` ```
!!! warning !!! warning
This file cannot be shared per many instances of Træfik at the same time. Take note that Let's Encrypt applies [rate limiting](https://letsencrypt.org/docs/rate-limits).
If you have to use Træfik cluster mode, please use [a KV Store entry](/configuration/acme/#storage-kv-entry).
#### Store data in a KV store entry
ACME certificates can be stored in a KV Store entry.
```toml
storage = "traefik/acme/account"
```
**This kind of storage is mandatory in cluster mode.**
Because KV stores (like Consul) have limited entries size, the certificates list is compressed before to be set in a KV store entry.
!!! note !!! note
It's possible to store up to approximately 100 ACME certificates in Consul. Wildcard certificates can only be verified through a `DNS-01` challenge.
#### Wildcard Domains
[ACME V2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) allows wildcard certificate support.
As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605) wildcard certificates can only be generated through a [`DNS-01` challenge](/configuration/acme/#dnschallenge).
```toml
[acme]
# ...
[[acme.domains]]
main = "*.local1.com"
sans = ["local1.com"]
# ...
```
It is not possible to request a double wildcard certificate for a domain (for example `*.*.local.com`).
Due to ACME limitation it is not possible to define wildcards in SANs (alternative domains). Thus, the wildcard domain has to be defined as a main domain.
Most likely the root domain should receive a certificate too, so it needs to be specified as SAN and 2 `DNS-01` challenges are executed.
In this case the generated DNS TXT record for both domains is the same.
Eventhough this behaviour is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant, it can lead to problems as all DNS providers keep DNS records cached for a certain time (TTL) and this TTL can be superior to the challenge timeout making the `DNS-01` challenge fail.
The Træfik ACME client library [LEGO](https://github.com/xenolf/lego) supports some but not all DNS providers to work around this issue.
The [`provider` table](/configuration/acme/#provider) indicates if they allow generating certificates for a wildcard domain and its root domain.
### `httpChallenge` ### `httpChallenge`
Use `HTTP-01` challenge to generate/renew ACME certificates. Use the `HTTP-01` challenge to generate and renew ACME certificates by provisioning a HTTP resource under a well-known URI.
The redirection is fully compatible with the HTTP-01 challenge. Redirection is fully compatible with the `HTTP-01` challenge.
You can use redirection with HTTP-01 challenge without problem.
```toml ```toml
[acme] [acme]
@ -252,6 +286,10 @@ entryPoint = "https"
entryPoint = "http" entryPoint = "http"
``` ```
!!! note
If the `HTTP-01` challenge is used, `acme.httpChallenge.entryPoint` has to be defined and reachable by Let's Encrypt through port 80.
This is a Let's Encrypt limitation as described on the [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72).
#### `entryPoint` #### `entryPoint`
Specify the entryPoint to use during the challenges. Specify the entryPoint to use during the challenges.
@ -275,73 +313,7 @@ defaultEntryPoints = ["http", "https"]
``` ```
!!! note !!! note
`acme.httpChallenge.entryPoint` has to be reachable by Let's Encrypt through the port 80. `acme.httpChallenge.entryPoint` has to be reachable through port 80. It's a Let's Encrypt limitation as described on the [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72).
It's a Let's Encrypt limitation as described on the [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72).
### `dnsChallenge`
Use `DNS-01/DNS-01` challenge to generate/renew ACME certificates.
```toml
[acme]
# ...
[acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
!!! note
ACME wildcard certificates can only be generated thanks to a `DNS-01` challenge.
#### `provider`
Select the provider that matches the DNS domain that will host the challenge TXT record, and provide environment variables to enable setting it:
| Provider Name | Provider code | Configuration |
|--------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------|
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP` |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CLOUDFLARE_EMAIL`, `CLOUDFLARE_API_KEY` - The Cloudflare `Global API Key` needs to be used and not the `Origin CA Key` |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` |
| [DNSPod](http://www.dnspod.net/) | `dnspod` | `DNSPOD_API_KEY` |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` |
| External Program | `exec` | `EXEC_PATH` |
| [Exoscale](https://www.exoscale.ch) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` |
| [Gandi V5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` |
| [GoDaddy](https://godaddy.com/domains) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, `GCE_SERVICE_ACCOUNT_FILE` |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` |
| manual | - | none, but run Træfik interactively & turn on `acmeLogging` to see instructions & press <kbd>Enter</kbd>. |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` |
| [Ns1](https://ns1.com/) | `ns1` | `NS1_API_KEY` |
| [Open Telekom Cloud](https://cloud.telekom.de/en/) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`, `AWS_HOSTED_ZONE_ID` or configured user/instance IAM profile. |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` |
#### `delayBeforeCheck`
By default, the `provider` will verify the TXT DNS challenge record before letting ACME verify.
If `delayBeforeCheck` is greater than zero, avoid this & instead just wait so many seconds.
Useful if internal networks block external DNS queries.
!!! note
This field has no sense if a `provider` is not defined.
### `onDemand` (Deprecated) ### `onDemand` (Deprecated)
@ -355,15 +327,15 @@ onDemand = true
# ... # ...
``` ```
Enable on demand certificate. Enable on demand certificate generation.
This will request a certificate from Let's Encrypt during the first TLS handshake for a host name that does not yet have a certificate. This will request certificates from Let's Encrypt during the first TLS handshake for host names that do not yet have certificates.
!!! warning !!! warning
TLS handshakes will be slow when requesting a host name certificate for the first time, this can lead to DoS attacks. TLS handshakes are slow when requesting a host name certificate for the first time. This can lead to DoS attacks!
!!! warning !!! warning
Take note that Let's Encrypt have [rate limiting](https://letsencrypt.org/docs/rate-limits). Take note that Let's Encrypt applies [rate limiting](https://letsencrypt.org/docs/rate-limits).
### `onHostRule` ### `onHostRule`
@ -374,199 +346,94 @@ onHostRule = true
# ... # ...
``` ```
Enable certificate generation on frontends `Host` rules (for frontends wired on the `acme.entryPoint`). Enable certificate generation on frontend `Host` rules (for frontends wired to the `acme.entryPoint`).
This will request a certificate from Let's Encrypt for each frontend with a Host rule. This will request a certificate from Let's Encrypt for each frontend with a Host rule.
For example, a rule `Host:test1.traefik.io,test2.traefik.io` will request a certificate with main domain `test1.traefik.io` and SAN `test2.traefik.io`. For example, the rule `Host:test1.traefik.io,test2.traefik.io` will request a certificate with main domain `test1.traefik.io` and SAN `test2.traefik.io`.
!!! warning !!! warning
`onHostRule` option can not be used to generate wildcard certificates. `onHostRule` option can not be used to generate wildcard certificates.
Refer to [the wildcard generation section](/configuration/acme/#wildcard-domain) for more information. Refer to [wildcard generation](/configuration/acme/#wildcard-domain) for further information.
### `caServer` ### `storage`
The `storage` option sets the location where your ACME certificates are saved to.
```toml ```toml
[acme] [acme]
# ... # ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" storage = "acme.json"
# ... # ...
``` ```
CA server to use. The value can refer to two kinds of storage:
- Uncomment the line to run on the staging Let's Encrypt server. - a JSON file
- Leave comment to go to prod. - a KV store entry
### `domains` !!! danger "DEPRECATED"
`storage` replaces `storageFile` which is deprecated.
!!! note
During migration to a KV store use both `storageFile` and `storage` to migrate ACME certificates too. See [`storeconfig` subcommand](/user-guide/kv-config/#store-configuration-in-key-value-store) for further information.
#### As a File
ACME certificates can be stored in a JSON file that needs to have file mode `600`.
In Docker you can either mount the JSON file or the folder containing it:
```bash
docker run -v "/my/host/acme.json:acme.json" traefik
```
```bash
docker run -v "/my/host/acme:/etc/traefik/acme" traefik
```
!!! warning
This file cannot be shared across multiple instances of Træfik at the same time. Please use a [KV Store entry](/configuration/acme/#as-a-key-value-store-entry) instead.
#### As a Key Value Store Entry
ACME certificates can be stored in a KV Store entry. This kind of storage is **mandatory in cluster mode**.
```toml ```toml
[acme] storage = "traefik/acme/account"
# ...
[[acme.domains]]
main = "local1.com"
sans = ["test1.local1.com", "test2.local1.com"]
[[acme.domains]]
main = "local2.com"
sans = ["test1.local2.com", "test2.local2.com"]
[[acme.domains]]
main = "local3.com"
[[acme.domains]]
main = "*.local4.com"
sans = ["local4.com", "test1.test1.local4.com"]
# ...
``` ```
#### Wildcard domains Because KV stores (like Consul) have limited entry size the certificates list is compressed before it is saved as KV store entry.
Wildcard domain has to be defined as a main domain. !!! note
All domains must have A/AAAA records pointing to Træfik. It is possible to store up to approximately 100 ACME certificates in Consul.
Due to ACME limitation, it's not possible to define a wildcard as a SAN (alternative domains). #### ACME v2 Migration
It's neither possible to define a wildcard on a wildcard domain (for example `*.*.local.com`).
!!! warning During migration from ACME v1 to ACME v2, using a storage file, a backup of the original file is created in the same place as the latter (with a `.bak` extension).
Note that Let's Encrypt has [rate limiting](https://letsencrypt.org/docs/rate-limits).
Each domain & SANs will lead to a certificate request. For example: if `acme.storage`'s value is `/etc/traefik/acme/acme.json`, the backup file will be `/etc/traefik/acme/acme.json.bak`.
#### Others domains !!! note
When Træfik is launched in a container, the storage file's parent directory needs to be mounted to be able to access the backup file on the host.
You can provide SANs (alternative domains) to each main domain. Otherwise the backup file will be deleted when the container is stopped. Træfik will only generate it once!
All domains must have A/AAAA records pointing to Træfik.
!!! warning
Take note that Let's Encrypt have [rate limiting](https://letsencrypt.org/docs/rate-limits).
Each domain & SANs will lead to a certificate request.
### `dnsProvider` (Deprecated) ### `dnsProvider` (Deprecated)
!!! danger "DEPRECATED" !!! danger "DEPRECATED"
This option is deprecated, use [dnsChallenge.provider](/configuration/acme/#dnschallenge) instead. This option is deprecated. Please use [dnsChallenge.provider](/configuration/acme/#provider) instead.
### `delayDontCheckDNS` (Deprecated) ### `delayDontCheckDNS` (Deprecated)
!!! danger "DEPRECATED" !!! danger "DEPRECATED"
This option is deprecated, use [dnsChallenge.delayBeforeCheck](/configuration/acme/#dnschallenge) instead. This option is deprecated. Please use [dnsChallenge.delayBeforeCheck](/configuration/acme/#dnschallenge) instead.
## Wildcard certificates ## Fallbacks
[ACME V2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) allows wildcard certificate support. If Let's Encrypt is not reachable, these certificates will be used:
However, this feature needs a specific configuration.
### DNS-01 Challenge 1. ACME certificates already generated before downtime
1. Expired ACME certificates
As described in [Let's Encrypt post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605), wildcard certificates can only be generated through a `DNS-01` Challenge. 1. Provided certificates
This challenge is linked to the Træfik option `acme.dnsChallenge`.
```toml
[acme]
# ...
[acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
For more information about this option, please refer to the [dnsChallenge section](/configuration/acme/#dnschallenge).
### Wildcard domain
Wildcard domains can currently be provided only by to the `acme.domains` option.
```toml
[acme]
# ...
[[acme.domains]]
main = "*.local1.com"
sans = ["local1.com"]
[[acme.domains]]
main = "*.local2.com"
# ...
```
For more information about this option, please refer to the [domains section](/configuration/acme/#domains).
### Limitations
Let's Encrypt wildcard support have some limitations to take into account :
- Wildcard domain can not be a SAN (alternative domain),
- Wildcard domain on a wildcard domain is forbidden (for example `*.*.local.com`),
- A DNS-01 Challenge is executed for each domain (CN and SANs), DNS provider can not manage correctly this behavior as explained in the [DNS provider support section](/configuration/acme/#dns-provider-support)
### DNS provider support
All DNS providers allow creating ACME wildcard certificates.
However, many troubles can appear for wildcard domains with SANs.
If a wildcard domain is defined with it root domain as SAN, as described below, 2 DNS-01 Challenges will be executed.
```toml
[acme]
# ...
[[acme.domains]]
main = "*.local1.com"
sans = ["local1.com"]
# ...
```
When a DNS-01 Challenge is done, Let's Encrypt checks if a TXT record is created with a given name and a given value.
When a certificate is generated for a wildcard domain is defined with it root domain as SAN, the requested TXT record name for both the wildcard domain and the root domain is the same.
The [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) allows this behavior.
But all DNS providers keep TXT records values in a cache with a TTL.
In function of the parameters given by the Træfik ACME client library ([LEGO](https://github.com/xenolf/lego)), the TXT record TTL can be superior to challenge Timeout.
In that event, the DNS-01 Challenge will not work correctly.
[LEGO](https://github.com/xenolf/lego) will involve in the way to be adapted to all of DNS providers.
Meanwhile, the table described below contains all the DNS providers supported by Træfik and indicates if they allow generating certificates for a wildcard domain and its root domain.
Do not hesitate to complete it.
| Provider Name | Provider code | Wildcard and Root Domain Support |
|--------------------------------------------------------|----------------|----------------------------------|
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | Not tested yet |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | Not tested yet |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | Not tested yet |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | YES |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | Not tested yet |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | YES |
| [DNSimple](https://dnsimple.com) | `dnsimple` | Not tested yet |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | Not tested yet |
| [DNSPod](http://www.dnspod.net/) | `dnspod` | Not tested yet |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | Not tested yet |
| [Dyn](https://dyn.com) | `dyn` | Not tested yet |
| External Program | `exec` | Not tested yet |
| [Exoscale](https://www.exoscale.ch) | `exoscale` | Not tested yet |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | Not tested yet |
| [Gandi](https://www.gandi.net) | `gandi` | Not tested yet |
| [Gandi V5](http://doc.livedns.gandi.net) | `gandiv5` | Not tested yet |
| [Glesys](https://glesys.com/) | `glesys` | Not tested yet |
| [GoDaddy](https://godaddy.com/domains) | `godaddy` | Not tested yet |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | YES |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | Not tested yet |
| [Linode](https://www.linode.com) | `linode` | Not tested yet |
| manual | - | YES |
| [Namecheap](https://www.namecheap.com) | `namecheap` | Not tested yet |
| [name.com](https://www.name.com/) | `namedotcom` | Not tested yet |
| [Ns1](https://ns1.com/) | `ns1` | Not tested yet |
| [Open Telekom Cloud](https://cloud.telekom.de/en/) | `otc` | Not tested yet |
| [OVH](https://www.ovh.com) | `ovh` | YES |
| [PowerDNS](https://www.powerdns.com) | `pdns` | Not tested yet |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | Not tested yet |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | Not tested yet |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | YES |
| [VULTR](https://www.vultr.com) | `vultr` | Not tested yet |
## ACME V2 migration
During migration from ACME V1 to ACME V2 with a storage file, a backup is created with the content of the ACME V1 file.
To obtain the name of the backup file, Træfik concatenates the option `acme.storage` and the suffix `.bak`.
For example : if `acme.storage` value is `/etc/traefik/acme/acme.json`, the backup file will be named `/etc/traefik/acme/acme.json.bak`.
!!! note !!! note
When Træfik is launched in a container, do not forget to create a volume of the parent folder to get the backup file on the host. For new (sub)domains which need Let's Encrypt authentification, the default Træfik certificate will be used until Træfik is restarted.
Otherwise, the backup file will be deleted when the container will be stopped and Træfik will not generate it again.

32
docs/user-guide/kubernetes.md
View file

@ -81,9 +81,11 @@ For namespaced restrictions, one RoleBinding is required per watched namespace a
It is possible to use Træfik with a [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) or a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) object, It is possible to use Træfik with a [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) or a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) object,
whereas both options have their own pros and cons: whereas both options have their own pros and cons:
- The scalability is much better when using a Deployment, because you will have a Single-Pod-per-Node model when using the DaemonSet. - The scalability can be much better when using a Deployment, because you will have a Single-Pod-per-Node model when using a DaemonSet, whereas you may need less replicas based on your environment when using a Deployment.
- It is possible to exclusively run a Service on a dedicated set of machines using taints and tolerations with a DaemonSet. - DaemonSets automatically scale to new nodes, when the nodes join the cluster, whereas Deployment pods are only scheduled on new nodes if required.
- On the other hand the DaemonSet allows you to access any Node directly on Port 80 and 443, where you have to setup a [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with a Deployment. - DaemonSets ensure that only one replica of pods run on any single node. Deployments require affinity settings if you want to ensure that two pods don't end up on the same node.
- DaemonSets can be run with the `NET_BIND_SERVICE` capability, which will allow it to bind to port 80/443/etc on each host. This will allow bypassing the kube-proxy, and reduce traffic hops. Note that this is against the Kubernetes Best Practices [Guidelines](https://kubernetes.io/docs/concepts/configuration/overview/#services), and raises the potential for scheduling/scaling issues. Despite potential issues, this remains the choice for most ingress controllers.
- If you are unsure which to choose, start with the Daemonset.
The Deployment objects looks like this: The Deployment objects looks like this:
@ -118,6 +120,11 @@ spec:
containers: containers:
- image: traefik - image: traefik
name: traefik-ingress-lb name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
- name: admin
containerPort: 8080
args: args:
- --api - --api
- --kubernetes - --kubernetes
@ -172,7 +179,6 @@ spec:
spec: spec:
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
hostNetwork: true
containers: containers:
- image: traefik - image: traefik
name: traefik-ingress-lb name: traefik-ingress-lb
@ -208,11 +214,13 @@ spec:
- protocol: TCP - protocol: TCP
port: 8080 port: 8080
name: admin name: admin
type: NodePort
``` ```
[examples/k8s/traefik-ds.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/traefik-ds.yaml) [examples/k8s/traefik-ds.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/traefik-ds.yaml)
!!! note
This will create a Daemonset that uses privileged ports 80/8080 on the host. This may not work on all providers, but illustrates the static (non-NodePort) hostPort binding. The `traefik-ingress-service` can still be used inside the cluster to access the DaemonSet pods.
To deploy Træfik to your cluster start by submitting one of the YAML files to the cluster with `kubectl`: To deploy Træfik to your cluster start by submitting one of the YAML files to the cluster with `kubectl`:
```shell ```shell
@ -293,7 +301,21 @@ Install the Træfik chart by:
```shell ```shell
helm install stable/traefik helm install stable/traefik
``` ```
Install the Træfik chart using a values.yaml file.
```shell
helm install --values values.yaml stable/traefik
```
```yaml
dashboard:
enabled: true
domain: traefik-ui.minikube
kubernetes:
namespaces:
- default
- kube-system
```
For more information, check out [the documentation](https://github.com/kubernetes/charts/tree/master/stable/traefik). For more information, check out [the documentation](https://github.com/kubernetes/charts/tree/master/stable/traefik).
## Submitting an Ingress to the Cluster ## Submitting an Ingress to the Cluster

5
examples/k8s/traefik-deployment.yaml
View file

@ -28,6 +28,11 @@ spec:
containers: containers:
- image: traefik - image: traefik
name: traefik-ingress-lb name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
- name: admin
containerPort: 8080
args: args:
- --api - --api
- --kubernetes - --kubernetes

3
examples/k8s/traefik-ds.yaml
View file

@ -21,7 +21,6 @@ spec:
spec: spec:
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
hostNetwork: true
containers: containers:
- image: traefik - image: traefik
name: traefik-ingress-lb name: traefik-ingress-lb
@ -31,6 +30,7 @@ spec:
hostPort: 80 hostPort: 80
- name: admin - name: admin
containerPort: 8080 containerPort: 8080
hostport: 8080
securityContext: securityContext:
capabilities: capabilities:
drop: drop:
@ -57,4 +57,3 @@ spec:
- protocol: TCP - protocol: TCP
port: 8080 port: 8080
name: admin name: admin
type: NodePort

26
integration/access_log_test.go
View file

@ -30,7 +30,7 @@ type accessLogValue struct {
code string code string
user string user string
frontendName string frontendName string
backendName string backendURL string
} }
func (s *AccessLogSuite) SetUpSuite(c *check.C) { func (s *AccessLogSuite) SetUpSuite(c *check.C) {
@ -103,7 +103,7 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontend(c *check.C) {
code: "401", code: "401",
user: "-", user: "-",
frontendName: "Auth for frontend-Host-frontend-auth-docker-local", frontendName: "Auth for frontend-Host-frontend-auth-docker-local",
backendName: "-", backendURL: "/",
}, },
} }
@ -151,7 +151,7 @@ func (s *AccessLogSuite) TestAccessLogAuthEntrypoint(c *check.C) {
code: "401", code: "401",
user: "-", user: "-",
frontendName: "Auth for entrypoint", frontendName: "Auth for entrypoint",
backendName: "-", backendURL: "/",
}, },
} }
@ -199,7 +199,7 @@ func (s *AccessLogSuite) TestAccessLogAuthEntrypointSuccess(c *check.C) {
code: "200", code: "200",
user: "test", user: "test",
frontendName: "Host-entrypoint-auth-docker", frontendName: "Host-entrypoint-auth-docker",
backendName: "http://172.17.0", backendURL: "http://172.17.0",
}, },
} }
@ -247,14 +247,14 @@ func (s *AccessLogSuite) TestAccessLogDigestAuthEntrypoint(c *check.C) {
code: "401", code: "401",
user: "-", user: "-",
frontendName: "Auth for entrypoint", frontendName: "Auth for entrypoint",
backendName: "-", backendURL: "/",
}, },
{ {
formatOnly: false, formatOnly: false,
code: "200", code: "200",
user: "test", user: "test",
frontendName: "Host-entrypoint-digest-auth-docker", frontendName: "Host-entrypoint-digest-auth-docker",
backendName: "http://172.17.0", backendURL: "http://172.17.0",
}, },
} }
@ -355,7 +355,7 @@ func (s *AccessLogSuite) TestAccessLogEntrypointRedirect(c *check.C) {
code: "302", code: "302",
user: "-", user: "-",
frontendName: "entrypoint redirect for frontend-", frontendName: "entrypoint redirect for frontend-",
backendName: "-", backendURL: "/",
}, },
{ {
formatOnly: true, formatOnly: true,
@ -405,7 +405,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendRedirect(c *check.C) {
code: "302", code: "302",
user: "-", user: "-",
frontendName: "frontend redirect for frontend-Path-", frontendName: "frontend redirect for frontend-Path-",
backendName: "-", backendURL: "/",
}, },
{ {
formatOnly: true, formatOnly: true,
@ -461,7 +461,7 @@ func (s *AccessLogSuite) TestAccessLogRateLimit(c *check.C) {
code: "429", code: "429",
user: "-", user: "-",
frontendName: "rate limit for frontend-Host-ratelimit", frontendName: "rate limit for frontend-Host-ratelimit",
backendName: "/", backendURL: "/",
}, },
} }
@ -512,7 +512,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound(c *check.C) {
code: "404", code: "404",
user: "-", user: "-",
frontendName: "backend not found", frontendName: "backend not found",
backendName: "/", backendURL: "/",
}, },
} }
@ -557,7 +557,7 @@ func (s *AccessLogSuite) TestAccessLogEntrypointWhitelist(c *check.C) {
code: "403", code: "403",
user: "-", user: "-",
frontendName: "ipwhitelister for entrypoint httpWhitelistReject", frontendName: "ipwhitelister for entrypoint httpWhitelistReject",
backendName: "-", backendURL: "/",
}, },
} }
@ -604,7 +604,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
code: "403", code: "403",
user: "-", user: "-",
frontendName: "ipwhitelister for frontend-Host-frontend-whitelist", frontendName: "ipwhitelister for frontend-Host-frontend-whitelist",
backendName: "-", backendURL: "/",
}, },
} }
@ -734,7 +734,7 @@ func checkAccessLogExactValues(c *check.C, line string, i int, v accessLogValue)
c.Assert(results[accesslog.OriginStatus], checker.Equals, v.code) c.Assert(results[accesslog.OriginStatus], checker.Equals, v.code)
c.Assert(results[accesslog.RequestCount], checker.Equals, fmt.Sprintf("%d", i+1)) c.Assert(results[accesslog.RequestCount], checker.Equals, fmt.Sprintf("%d", i+1))
c.Assert(results[accesslog.FrontendName], checker.Matches, `^"?`+v.frontendName+`.*$`) c.Assert(results[accesslog.FrontendName], checker.Matches, `^"?`+v.frontendName+`.*$`)
c.Assert(results[accesslog.BackendURL], checker.Matches, `^"?`+v.backendName+`.*$`) c.Assert(results[accesslog.BackendURL], checker.Matches, `^"?`+v.backendURL+`.*$`)
c.Assert(results[accesslog.Duration], checker.Matches, `^\d+ms$`) c.Assert(results[accesslog.Duration], checker.Matches, `^\d+ms$`)
} }

188
integration/consul_catalog_test.go
View file

@ -1,6 +1,7 @@
package integration package integration
import ( import (
"bytes"
"fmt" "fmt"
"net/http" "net/http"
"time" "time"
@ -41,7 +42,7 @@ func (s *ConsulCatalogSuite) waitToElectConsulLeader() error {
leader, err := s.consulClient.Status().Leader() leader, err := s.consulClient.Status().Leader()
if err != nil || len(leader) == 0 { if err != nil || len(leader) == 0 {
return fmt.Errorf("Leader not found. %v", err) return fmt.Errorf("leader not found. %v", err)
} }
return nil return nil
@ -55,9 +56,6 @@ func (s *ConsulCatalogSuite) createConsulClient(config *api.Config, c *check.C)
s.consulClient = consulClient s.consulClient = consulClient
return consulClient return consulClient
} }
func (s *ConsulCatalogSuite) startConsulService(c *check.C) {
}
func (s *ConsulCatalogSuite) registerService(name string, address string, port int, tags []string) error { func (s *ConsulCatalogSuite) registerService(name string, address string, port int, tags []string) error {
catalog := s.consulClient.Catalog() catalog := s.consulClient.Catalog()
@ -78,28 +76,45 @@ func (s *ConsulCatalogSuite) registerService(name string, address string, port i
return err return err
} }
func (s *ConsulCatalogSuite) registerAgentService(name string, address string, port int, tags []string) error { func (s *ConsulCatalogSuite) registerAgentService(name string, address string, port int, tags []string, withHealthCheck bool) error {
agent := s.consulClient.Agent() agent := s.consulClient.Agent()
err := agent.ServiceRegister( var healthCheck *api.AgentServiceCheck
if withHealthCheck {
healthCheck = &api.AgentServiceCheck{
HTTP: "http://" + address,
Interval: "10s",
}
} else {
healthCheck = nil
}
return agent.ServiceRegister(
&api.AgentServiceRegistration{ &api.AgentServiceRegistration{
ID: address, ID: address,
Tags: tags, Tags: tags,
Name: name, Name: name,
Address: address, Address: address,
Port: port, Port: port,
Check: &api.AgentServiceCheck{ Check: healthCheck,
HTTP: "http://" + address,
Interval: "10s",
},
}, },
) )
return err }
func (s *ConsulCatalogSuite) registerCheck(name string, address string, port int) error {
agent := s.consulClient.Agent()
checkRegistration := &api.AgentCheckRegistration{
ID: fmt.Sprintf("%s-%s", name, address),
Name: name,
ServiceID: address,
}
checkRegistration.HTTP = fmt.Sprintf("http://%s:%d/health", address, port)
checkRegistration.Interval = "2s"
checkRegistration.CheckID = address
return agent.CheckRegister(checkRegistration)
} }
func (s *ConsulCatalogSuite) deregisterAgentService(address string) error { func (s *ConsulCatalogSuite) deregisterAgentService(address string) error {
agent := s.consulClient.Agent() agent := s.consulClient.Agent()
err := agent.ServiceDeregister(address) return agent.ServiceDeregister(address)
return err
} }
func (s *ConsulCatalogSuite) deregisterService(name string, address string) error { func (s *ConsulCatalogSuite) deregisterService(name string, address string) error {
@ -115,6 +130,22 @@ func (s *ConsulCatalogSuite) deregisterService(name string, address string) erro
return err return err
} }
func (s *ConsulCatalogSuite) consulEnableServiceMaintenance(name string) error {
return s.consulClient.Agent().EnableServiceMaintenance(name, fmt.Sprintf("Maintenance mode for service %s", name))
}
func (s *ConsulCatalogSuite) consulDisableServiceMaintenance(name string) error {
return s.consulClient.Agent().DisableServiceMaintenance(name)
}
func (s *ConsulCatalogSuite) consulEnableNodeMaintenance() error {
return s.consulClient.Agent().EnableNodeMaintenance("Maintenance mode for node")
}
func (s *ConsulCatalogSuite) consulDisableNodeMaintenance() error {
return s.consulClient.Agent().DisableNodeMaintenance()
}
func (s *ConsulCatalogSuite) TestSimpleConfiguration(c *check.C) { func (s *ConsulCatalogSuite) TestSimpleConfiguration(c *check.C) {
cmd, display := s.traefikCmd( cmd, display := s.traefikCmd(
withConfigFile("fixtures/consul_catalog/simple.toml"), withConfigFile("fixtures/consul_catalog/simple.toml"),
@ -273,7 +304,7 @@ func (s *ConsulCatalogSuite) TestRefreshConfigWithMultipleNodeWithoutHealthCheck
c.Assert(err, checker.IsNil, check.Commentf("Error registering service")) c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
defer s.deregisterService("test", whoami.NetworkSettings.IPAddress) defer s.deregisterService("test", whoami.NetworkSettings.IPAddress)
err = s.registerAgentService("test", whoami.NetworkSettings.IPAddress, 80, []string{"name=whoami1"}) err = s.registerAgentService("test", whoami.NetworkSettings.IPAddress, 80, []string{"name=whoami1"}, true)
c.Assert(err, checker.IsNil, check.Commentf("Error registering agent service")) c.Assert(err, checker.IsNil, check.Commentf("Error registering agent service"))
defer s.deregisterAgentService(whoami.NetworkSettings.IPAddress) defer s.deregisterAgentService(whoami.NetworkSettings.IPAddress)
@ -514,3 +545,132 @@ func (s *ConsulCatalogSuite) TestRetryWithConsulServer(c *check.C) {
err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusOK), try.HasBody()) err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusOK), try.HasBody())
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
} }
func (s *ConsulCatalogSuite) TestServiceWithMultipleHealthCheck(c *check.C) {
//Scale consul to 0 to be able to start traefik before and test retry
s.composeProject.Scale(c, "consul", 0)
cmd, display := s.traefikCmd(
withConfigFile("fixtures/consul_catalog/simple.toml"),
"--consulCatalog",
"--consulCatalog.watch=false",
"--consulCatalog.exposedByDefault=true",
"--consulCatalog.endpoint="+s.consulIP+":8500",
"--consulCatalog.domain=consul.localhost")
defer display(c)
err := cmd.Start()
c.Assert(err, checker.IsNil)
defer cmd.Process.Kill()
// Wait for Traefik to turn ready.
err = try.GetRequest("http://127.0.0.1:8000/", 2*time.Second, try.StatusCodeIs(http.StatusNotFound))
c.Assert(err, checker.IsNil)
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
c.Assert(err, checker.IsNil)
req.Host = "test.consul.localhost"
// Request should fail
err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusNotFound), try.HasBody())
c.Assert(err, checker.IsNil)
// Scale consul to 1
s.composeProject.Scale(c, "consul", 1)
s.waitToElectConsulLeader()
whoami := s.composeProject.Container(c, "whoami1")
// Register service
err = s.registerAgentService("test", whoami.NetworkSettings.IPAddress, 80, []string{"name=whoami1"}, true)
c.Assert(err, checker.IsNil, check.Commentf("Error registering agent service"))
defer s.deregisterAgentService(whoami.NetworkSettings.IPAddress)
// Register one healthcheck
err = s.registerCheck("test", whoami.NetworkSettings.IPAddress, 80)
c.Assert(err, checker.IsNil, check.Commentf("Error registering check"))
// Provider consul catalog should be present
err = try.GetRequest("http://127.0.0.1:8080/api/providers", 10*time.Second, try.BodyContains("consul_catalog"))
c.Assert(err, checker.IsNil)
// Should be ok
err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusOK), try.HasBody())
c.Assert(err, checker.IsNil)
// Change health value of service to critical
reqHealth, err := http.NewRequest(http.MethodPost, fmt.Sprintf("http://%s:80/health", whoami.NetworkSettings.IPAddress), bytes.NewBuffer([]byte("500")))
c.Assert(err, checker.IsNil)
reqHealth.Host = "test.consul.localhost"
err = try.Request(reqHealth, 10*time.Second, try.StatusCodeIs(http.StatusOK))
c.Assert(err, checker.IsNil)
// Should be a 404
err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusNotFound), try.HasBody())
c.Assert(err, checker.IsNil)
// Change health value of service to passing
reqHealth, err = http.NewRequest(http.MethodPost, fmt.Sprintf("http://%s:80/health", whoami.NetworkSettings.IPAddress), bytes.NewBuffer([]byte("200")))
c.Assert(err, checker.IsNil)
err = try.Request(reqHealth, 10*time.Second, try.StatusCodeIs(http.StatusOK))
c.Assert(err, checker.IsNil)
// Should be a 200
err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusOK), try.HasBody())
c.Assert(err, checker.IsNil)
}
func (s *ConsulCatalogSuite) TestMaintenanceMode(c *check.C) {
cmd, display := s.traefikCmd(
withConfigFile("fixtures/consul_catalog/simple.toml"),
"--consulCatalog",
"--consulCatalog.endpoint="+s.consulIP+":8500",
"--consulCatalog.domain=consul.localhost")
defer display(c)
err := cmd.Start()
c.Assert(err, checker.IsNil)
defer cmd.Process.Kill()
// Wait for Traefik to turn ready.
err = try.GetRequest("http://127.0.0.1:8000/", 2*time.Second, try.StatusCodeIs(http.StatusNotFound))
c.Assert(err, checker.IsNil)
whoami := s.composeProject.Container(c, "whoami1")
err = s.registerAgentService("test", whoami.NetworkSettings.IPAddress, 80, []string{}, false)
c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
c.Assert(err, checker.IsNil)
req.Host = "test.consul.localhost"
err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusOK), try.HasBody())
c.Assert(err, checker.IsNil)
// Enable service maintenance mode
err = s.consulEnableServiceMaintenance(whoami.NetworkSettings.IPAddress)
c.Assert(err, checker.IsNil)
err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusNotFound), try.HasBody())
c.Assert(err, checker.IsNil)
// Disable service maintenance mode
err = s.consulDisableServiceMaintenance(whoami.NetworkSettings.IPAddress)
c.Assert(err, checker.IsNil)
err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusOK), try.HasBody())
c.Assert(err, checker.IsNil)
// Enable node maintenance mode
err = s.consulEnableNodeMaintenance()
c.Assert(err, checker.IsNil)
err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusNotFound), try.HasBody())
c.Assert(err, checker.IsNil)
// Disable node maintenance mode
err = s.consulDisableNodeMaintenance()
c.Assert(err, checker.IsNil)
err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusOK), try.HasBody())
c.Assert(err, checker.IsNil)
}

199
metrics/prometheus.go
View file

@ -36,25 +36,18 @@ const (
backendServerUpName = metricNamePrefix + "backend_server_up" backendServerUpName = metricNamePrefix + "backend_server_up"
) )
const (
// generationAgeForever indicates that a metric never gets outdated.
generationAgeForever = 0
// generationAgeDefault is the default age of three generations.
generationAgeDefault = 3
)
// promState holds all metric state internally and acts as the only Collector we register for Prometheus. // promState holds all metric state internally and acts as the only Collector we register for Prometheus.
// //
// This enables control to remove metrics that belong to outdated configuration. // This enables control to remove metrics that belong to outdated configuration.
// As an example why this is required, consider Traefik learns about a new service. // As an example why this is required, consider Traefik learns about a new service.
// It populates the 'traefik_server_backend_up' metric for it with a value of 1 (alive). // It populates the 'traefik_server_backend_up' metric for it with a value of 1 (alive).
// When the backend is undeployed now the metric is still there in the client library // When the backend is undeployed now the metric is still there in the client library
// and will be until Traefik would be restarted. // and will be returned on the metrics endpoint until Traefik would be restarted.
// //
// To solve this problem promState keeps track of configuration generations. // To solve this problem promState keeps track of Traefik's dynamic configuration.
// Every time a new configuration is loaded, the generation is increased by one. // Metrics that "belong" to a dynamic configuration part like backends or entrypoints
// Metrics that "belong" to a dynamic configuration part of Traefik (e.g. backend, entrypoint) // are removed after they were scraped at least once when the corresponding object
// are removed, given they were tracked more than 3 generations ago. // doesn't exist anymore.
var promState = newPrometheusState() var promState = newPrometheusState()
// PrometheusHandler exposes Prometheus routes. // PrometheusHandler exposes Prometheus routes.
@ -163,40 +156,66 @@ func RegisterPrometheus(config *types.Prometheus) Registry {
} }
} }
// OnConfigurationUpdate increases the current generation of the prometheus state. // OnConfigurationUpdate receives the current configuration from Traefik.
func OnConfigurationUpdate() { // It then converts the configuration to the optimized package internal format
promState.IncGeneration() // and sets it to the promState.
func OnConfigurationUpdate(configurations types.Configurations) {
dynamicConfig := newDynamicConfig()
for _, config := range configurations {
for _, frontend := range config.Frontends {
for _, entrypointName := range frontend.EntryPoints {
dynamicConfig.entrypoints[entrypointName] = true
}
}
for backendName, backend := range config.Backends {
dynamicConfig.backends[backendName] = make(map[string]bool)
for _, server := range backend.Servers {
dynamicConfig.backends[backendName][server.URL] = true
}
}
}
promState.SetDynamicConfig(dynamicConfig)
} }
func newPrometheusState() *prometheusState { func newPrometheusState() *prometheusState {
collectors := make(chan *collector)
state := make(map[string]*collector)
return &prometheusState{ return &prometheusState{
collectors: collectors, collectors: make(chan *collector),
state: state, dynamicConfig: newDynamicConfig(),
state: make(map[string]*collector),
} }
} }
type prometheusState struct { type prometheusState struct {
currentGeneration int collectors chan *collector
collectors chan *collector describers []func(ch chan<- *stdprometheus.Desc)
describers []func(ch chan<- *stdprometheus.Desc)
mtx sync.Mutex mtx sync.Mutex
state map[string]*collector dynamicConfig *dynamicConfig
state map[string]*collector
} }
func (ps *prometheusState) IncGeneration() { // reset is a utility method for unit testing. It should be called after each
// test run that changes promState internally in order to avoid dependencies
// between unit tests.
func (ps *prometheusState) reset() {
ps.collectors = make(chan *collector)
ps.describers = []func(ch chan<- *stdprometheus.Desc){}
ps.dynamicConfig = newDynamicConfig()
ps.state = make(map[string]*collector)
}
func (ps *prometheusState) SetDynamicConfig(dynamicConfig *dynamicConfig) {
ps.mtx.Lock() ps.mtx.Lock()
defer ps.mtx.Unlock() defer ps.mtx.Unlock()
ps.currentGeneration++ ps.dynamicConfig = dynamicConfig
} }
func (ps *prometheusState) ListenValueUpdates() { func (ps *prometheusState) ListenValueUpdates() {
for collector := range ps.collectors { for collector := range ps.collectors {
ps.mtx.Lock() ps.mtx.Lock()
collector.lastTrackedGeneration = ps.currentGeneration
ps.state[collector.id] = collector ps.state[collector.id] = collector
ps.mtx.Unlock() ps.mtx.Unlock()
} }
@ -212,42 +231,89 @@ func (ps *prometheusState) Describe(ch chan<- *stdprometheus.Desc) {
// Collect implements prometheus.Collector. It calls the Collect // Collect implements prometheus.Collector. It calls the Collect
// method of all metrics it received on the collectors channel. // method of all metrics it received on the collectors channel.
// It's also responsible to remove metrics that were tracked // It's also responsible to remove metrics that belong to an outdated configuration.
// at least three generations ago. Those metrics are cleaned up // The removal happens only after their Collect method was called to ensure that
// after the Collect of them were called. // also those metrics will be exported on the current scrape.
func (ps *prometheusState) Collect(ch chan<- stdprometheus.Metric) { func (ps *prometheusState) Collect(ch chan<- stdprometheus.Metric) {
ps.mtx.Lock() ps.mtx.Lock()
defer ps.mtx.Unlock() defer ps.mtx.Unlock()
outdatedKeys := []string{} var outdatedKeys []string
for key, cs := range ps.state { for key, cs := range ps.state {
cs.collector.Collect(ch) cs.collector.Collect(ch)
if cs.maxAge == generationAgeForever { if ps.isOutdated(cs) {
continue
}
if ps.currentGeneration-cs.lastTrackedGeneration >= cs.maxAge {
outdatedKeys = append(outdatedKeys, key) outdatedKeys = append(outdatedKeys, key)
} }
} }
for _, key := range outdatedKeys { for _, key := range outdatedKeys {
ps.state[key].delete()
delete(ps.state, key) delete(ps.state, key)
} }
} }
func newCollector(metricName string, lnvs labelNamesValues, c stdprometheus.Collector) *collector { // isOutdated checks whether the passed collector has labels that mark
maxAge := generationAgeDefault // it as belonging to an outdated configuration of Traefik.
func (ps *prometheusState) isOutdated(collector *collector) bool {
labels := collector.labels
// metrics without labels should never become outdated if entrypointName, ok := labels["entrypoint"]; ok && !ps.dynamicConfig.hasEntrypoint(entrypointName) {
if len(lnvs) == 0 { return true
maxAge = generationAgeForever
} }
if backendName, ok := labels["backend"]; ok {
if !ps.dynamicConfig.hasBackend(backendName) {
return true
}
if url, ok := labels["url"]; ok && !ps.dynamicConfig.hasServerURL(backendName, url) {
return true
}
}
return false
}
func newDynamicConfig() *dynamicConfig {
return &dynamicConfig{
entrypoints: make(map[string]bool),
backends: make(map[string]map[string]bool),
}
}
// dynamicConfig holds the current configuration for entrypoints, backends,
// and server URLs in an optimized way to check for existence. This provides
// a performant way to check whether the collected metrics belong to the
// current configuration or to an outdated one.
type dynamicConfig struct {
entrypoints map[string]bool
backends map[string]map[string]bool
}
func (d *dynamicConfig) hasEntrypoint(entrypointName string) bool {
_, ok := d.entrypoints[entrypointName]
return ok
}
func (d *dynamicConfig) hasBackend(backendName string) bool {
_, ok := d.backends[backendName]
return ok
}
func (d *dynamicConfig) hasServerURL(backendName, serverURL string) bool {
if backend, hasBackend := d.backends[backendName]; hasBackend {
_, ok := backend[serverURL]
return ok
}
return false
}
func newCollector(metricName string, labels stdprometheus.Labels, c stdprometheus.Collector, delete func()) *collector {
return &collector{ return &collector{
id: buildMetricID(metricName, lnvs), id: buildMetricID(metricName, labels),
maxAge: maxAge, labels: labels,
collector: c, collector: c,
delete: delete,
} }
} }
@ -255,16 +321,19 @@ func newCollector(metricName string, lnvs labelNamesValues, c stdprometheus.Coll
// It adds information on how many generations this metric should be present // It adds information on how many generations this metric should be present
// in the /metrics output, relatived to the time it was last tracked. // in the /metrics output, relatived to the time it was last tracked.
type collector struct { type collector struct {
id string id string
collector stdprometheus.Collector labels stdprometheus.Labels
lastTrackedGeneration int collector stdprometheus.Collector
maxAge int delete func()
} }
func buildMetricID(metricName string, lnvs labelNamesValues) string { func buildMetricID(metricName string, labels stdprometheus.Labels) string {
newLnvs := append([]string{}, lnvs...) var labelNamesValues []string
sort.Strings(newLnvs) for name, value := range labels {
return metricName + ":" + strings.Join(newLnvs, "|") labelNamesValues = append(labelNamesValues, name, value)
}
sort.Strings(labelNamesValues)
return metricName + ":" + strings.Join(labelNamesValues, "|")
} }
func newCounterFrom(collectors chan<- *collector, opts stdprometheus.CounterOpts, labelNames []string) *counter { func newCounterFrom(collectors chan<- *collector, opts stdprometheus.CounterOpts, labelNames []string) *counter {
@ -297,9 +366,12 @@ func (c *counter) With(labelValues ...string) metrics.Counter {
} }
func (c *counter) Add(delta float64) { func (c *counter) Add(delta float64) {
collector := c.cv.With(c.labelNamesValues.ToLabels()) labels := c.labelNamesValues.ToLabels()
collector := c.cv.With(labels)
collector.Add(delta) collector.Add(delta)
c.collectors <- newCollector(c.name, c.labelNamesValues, collector) c.collectors <- newCollector(c.name, labels, collector, func() {
c.cv.Delete(labels)
})
} }
func (c *counter) Describe(ch chan<- *stdprometheus.Desc) { func (c *counter) Describe(ch chan<- *stdprometheus.Desc) {
@ -336,15 +408,21 @@ func (g *gauge) With(labelValues ...string) metrics.Gauge {
} }
func (g *gauge) Add(delta float64) { func (g *gauge) Add(delta float64) {
collector := g.gv.With(g.labelNamesValues.ToLabels()) labels := g.labelNamesValues.ToLabels()
collector := g.gv.With(labels)
collector.Add(delta) collector.Add(delta)
g.collectors <- newCollector(g.name, g.labelNamesValues, collector) g.collectors <- newCollector(g.name, labels, collector, func() {
g.gv.Delete(labels)
})
} }
func (g *gauge) Set(value float64) { func (g *gauge) Set(value float64) {
collector := g.gv.With(g.labelNamesValues.ToLabels()) labels := g.labelNamesValues.ToLabels()
collector := g.gv.With(labels)
collector.Set(value) collector.Set(value)
g.collectors <- newCollector(g.name, g.labelNamesValues, collector) g.collectors <- newCollector(g.name, labels, collector, func() {
g.gv.Delete(labels)
})
} }
func (g *gauge) Describe(ch chan<- *stdprometheus.Desc) { func (g *gauge) Describe(ch chan<- *stdprometheus.Desc) {
@ -377,9 +455,12 @@ func (h *histogram) With(labelValues ...string) metrics.Histogram {
} }
func (h *histogram) Observe(value float64) { func (h *histogram) Observe(value float64) {
collector := h.hv.With(h.labelNamesValues.ToLabels()) labels := h.labelNamesValues.ToLabels()
collector := h.hv.With(labels)
collector.Observe(value) collector.Observe(value)
h.collectors <- newCollector(h.name, h.labelNamesValues, collector) h.collectors <- newCollector(h.name, labels, collector, func() {
h.hv.Delete(labels)
})
} }
func (h *histogram) Describe(ch chan<- *stdprometheus.Desc) { func (h *histogram) Describe(ch chan<- *stdprometheus.Desc) {

174
metrics/prometheus_test.go
View file

@ -7,12 +7,16 @@ import (
"testing" "testing"
"time" "time"
th "github.com/containous/traefik/testhelpers"
"github.com/containous/traefik/types" "github.com/containous/traefik/types"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
dto "github.com/prometheus/client_model/go" dto "github.com/prometheus/client_model/go"
) )
func TestPrometheus(t *testing.T) { func TestPrometheus(t *testing.T) {
// Reset state of global promState.
defer promState.reset()
prometheusRegistry := RegisterPrometheus(&types.Prometheus{}) prometheusRegistry := RegisterPrometheus(&types.Prometheus{})
defer prometheus.Unregister(promState) defer prometheus.Unregister(promState)
@ -177,56 +181,94 @@ func TestPrometheus(t *testing.T) {
} }
} }
func TestPrometheusGenerationLogicForMetricWithLabel(t *testing.T) { func TestPrometheusMetricRemoval(t *testing.T) {
// Reset state of global promState.
defer promState.reset()
prometheusRegistry := RegisterPrometheus(&types.Prometheus{}) prometheusRegistry := RegisterPrometheus(&types.Prometheus{})
defer prometheus.Unregister(promState) defer prometheus.Unregister(promState)
// Metrics with labels belonging to a specific configuration in Traefik configurations := make(types.Configurations)
// should be removed when the generationMaxAge is exceeded. As example configurations["providerName"] = th.BuildConfiguration(
// we use the traefik_backend_requests_total metric. th.WithFrontends(
th.WithFrontend("backend1", th.WithEntryPoints("entrypoint1")),
),
th.WithBackends(
th.WithBackendNew("backend1", th.WithServersNew(th.WithServerNew("http://localhost:9000"))),
),
)
OnConfigurationUpdate(configurations)
// Register some metrics manually that are not part of the active configuration.
// Those metrics should be part of the /metrics output on the first scrape but
// should be removed after that scrape.
prometheusRegistry.
EntrypointReqsCounter().
With("entrypoint", "entrypoint2", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
Add(1)
prometheusRegistry. prometheusRegistry.
BackendReqsCounter(). BackendReqsCounter().
With("backend", "backend1", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http"). With("backend", "backend2", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
Add(1)
prometheusRegistry.
BackendServerUpGauge().
With("backend", "backend1", "url", "http://localhost:9999").
Set(1)
delayForTrackingCompletion()
assertMetricsExist(t, mustScrape(), entrypointReqsTotalName, backendReqsTotalName, backendServerUpName)
assertMetricsAbsent(t, mustScrape(), entrypointReqsTotalName, backendReqsTotalName, backendServerUpName)
// To verify that metrics belonging to active configurations are not removed
// here the counter examples.
prometheusRegistry.
EntrypointReqsCounter().
With("entrypoint", "entrypoint1", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
Add(1) Add(1)
delayForTrackingCompletion() delayForTrackingCompletion()
assertMetricExists(t, backendReqsTotalName, mustScrape()) assertMetricsExist(t, mustScrape(), entrypointReqsTotalName)
assertMetricsExist(t, mustScrape(), entrypointReqsTotalName)
// Increase the config generation one more than the max age of a metric.
for i := 0; i < generationAgeDefault+1; i++ {
OnConfigurationUpdate()
}
// On the next scrape the metric still exists and will be removed
// after the scrape completed.
assertMetricExists(t, backendReqsTotalName, mustScrape())
// Now the metric should be absent.
assertMetricAbsent(t, backendReqsTotalName, mustScrape())
} }
func TestPrometheusGenerationLogicForMetricWithoutLabel(t *testing.T) { func TestPrometheusRemovedMetricsReset(t *testing.T) {
// Reset state of global promState.
defer promState.reset()
prometheusRegistry := RegisterPrometheus(&types.Prometheus{}) prometheusRegistry := RegisterPrometheus(&types.Prometheus{})
defer prometheus.Unregister(promState) defer prometheus.Unregister(promState)
// Metrics without labels like traefik_config_reloads_total should live forever labelNamesValues := []string{
// and never get removed. "backend", "backend",
prometheusRegistry.ConfigReloadsCounter().Add(1) "code", strconv.Itoa(http.StatusOK),
"method", http.MethodGet,
"protocol", "http",
}
prometheusRegistry.
BackendReqsCounter().
With(labelNamesValues...).
Add(3)
delayForTrackingCompletion() delayForTrackingCompletion()
assertMetricExists(t, configReloadsTotalName, mustScrape()) metricsFamilies := mustScrape()
assertCounterValue(t, 3, findMetricFamily(backendReqsTotalName, metricsFamilies), labelNamesValues...)
// Increase the config generation one more than the max age of a metric. // There is no dynamic configuration and so this metric will be deleted
for i := 0; i < generationAgeDefault+100; i++ { // after the first scrape.
OnConfigurationUpdate() assertMetricsAbsent(t, mustScrape(), backendReqsTotalName)
}
// Scrape two times in order to verify, that it is not removed after the prometheusRegistry.
// first scrape completed. BackendReqsCounter().
assertMetricExists(t, configReloadsTotalName, mustScrape()) With(labelNamesValues...).
assertMetricExists(t, configReloadsTotalName, mustScrape()) Add(1)
delayForTrackingCompletion()
metricsFamilies = mustScrape()
assertCounterValue(t, 1, findMetricFamily(backendReqsTotalName, metricsFamilies), labelNamesValues...)
} }
// Tracking and gathering the metrics happens concurrently. // Tracking and gathering the metrics happens concurrently.
@ -247,17 +289,23 @@ func mustScrape() []*dto.MetricFamily {
return families return families
} }
func assertMetricExists(t *testing.T, name string, families []*dto.MetricFamily) { func assertMetricsExist(t *testing.T, families []*dto.MetricFamily, metricNames ...string) {
t.Helper() t.Helper()
if findMetricFamily(name, families) == nil {
t.Errorf("gathered metrics do not contain %q", name) for _, metricName := range metricNames {
if findMetricFamily(metricName, families) == nil {
t.Errorf("gathered metrics should contain %q", metricName)
}
} }
} }
func assertMetricAbsent(t *testing.T, name string, families []*dto.MetricFamily) { func assertMetricsAbsent(t *testing.T, families []*dto.MetricFamily, metricNames ...string) {
t.Helper() t.Helper()
if findMetricFamily(name, families) != nil {
t.Errorf("gathered metrics contain %q, but should not", name) for _, metricName := range metricNames {
if findMetricFamily(metricName, families) != nil {
t.Errorf("gathered metrics should not contain %q", metricName)
}
} }
} }
@ -270,6 +318,58 @@ func findMetricFamily(name string, families []*dto.MetricFamily) *dto.MetricFami
return nil return nil
} }
func findMetricByLabelNamesValues(family *dto.MetricFamily, labelNamesValues ...string) *dto.Metric {
if family == nil {
return nil
}
for _, metric := range family.Metric {
if hasMetricAllLabelPairs(metric, labelNamesValues...) {
return metric
}
}
return nil
}
func hasMetricAllLabelPairs(metric *dto.Metric, labelNamesValues ...string) bool {
for i := 0; i < len(labelNamesValues); i += 2 {
name, val := labelNamesValues[i], labelNamesValues[i+1]
if !hasMetricLabelPair(metric, name, val) {
return false
}
}
return true
}
func hasMetricLabelPair(metric *dto.Metric, labelName, labelValue string) bool {
for _, labelPair := range metric.Label {
if labelPair.GetName() == labelName && labelPair.GetValue() == labelValue {
return true
}
}
return false
}
func assertCounterValue(t *testing.T, want float64, family *dto.MetricFamily, labelNamesValues ...string) {
t.Helper()
metric := findMetricByLabelNamesValues(family, labelNamesValues...)
if metric == nil {
t.Error("metric must not be nil")
return
}
if metric.Counter == nil {
t.Errorf("metric %s must be a counter", family.GetName())
return
}
if cv := metric.Counter.GetValue(); cv != want {
t.Errorf("metric %s has value %v, want %v", family.GetName(), cv, want)
}
}
func buildCounterAssert(t *testing.T, metricName string, expectedValue int) func(family *dto.MetricFamily) { func buildCounterAssert(t *testing.T, metricName string, expectedValue int) func(family *dto.MetricFamily) {
return func(family *dto.MetricFamily) { return func(family *dto.MetricFamily) {
if cv := int(family.Metric[0].Counter.GetValue()); cv != expectedValue { if cv := int(family.Metric[0].Counter.GetValue()); cv != expectedValue {

75
middlewares/accesslog/save_backend.go
View file

@ -3,15 +3,14 @@ package accesslog
import ( import (
"fmt" "fmt"
"net/http" "net/http"
"strings"
"time" "time"
"github.com/urfave/negroni" "github.com/urfave/negroni"
"github.com/vulcand/oxy/utils" "github.com/vulcand/oxy/utils"
) )
// SaveBackend sends the backend name to the logger. These are always used with a corresponding // SaveBackend sends the backend name to the logger.
// SaveFrontend handler. // These are always used with a corresponding SaveFrontend handler.
type SaveBackend struct { type SaveBackend struct {
next http.Handler next http.Handler
backendName string backendName string
@ -23,61 +22,9 @@ func NewSaveBackend(next http.Handler, backendName string) http.Handler {
} }
func (sb *SaveBackend) ServeHTTP(rw http.ResponseWriter, r *http.Request) { func (sb *SaveBackend) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
table := GetLogDataTable(r) serveSaveBackend(rw, r, sb.backendName, func(crw *captureResponseWriter) {
table.Core[BackendName] = sb.backendName sb.next.ServeHTTP(crw, r)
table.Core[BackendURL] = r.URL // note that this is *not* the original incoming URL })
table.Core[BackendAddr] = r.URL.Host
crw := &captureResponseWriter{rw: rw}
start := time.Now().UTC()
sb.next.ServeHTTP(crw, r)
// use UTC to handle switchover of daylight saving correctly
table.Core[OriginDuration] = time.Now().UTC().Sub(start)
table.Core[OriginStatus] = crw.Status()
table.Core[OriginStatusLine] = fmt.Sprintf("%03d %s", crw.Status(), http.StatusText(crw.Status()))
// make copy of headers so we can ensure there is no subsequent mutation during response processing
table.OriginResponse = make(http.Header)
utils.CopyHeaders(table.OriginResponse, crw.Header())
table.Core[OriginContentSize] = crw.Size()
}
// SaveFrontend sends the frontend name to the logger. These are sometimes used with a corresponding
// SaveBackend handler, but not always. For example, redirected requests don't reach a backend.
type SaveFrontend struct {
next http.Handler
frontendName string
}
// NewSaveFrontend creates a SaveFrontend handler.
func NewSaveFrontend(next http.Handler, frontendName string) http.Handler {
return &SaveFrontend{next, frontendName}
}
func (sb *SaveFrontend) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
table := GetLogDataTable(r)
table.Core[FrontendName] = strings.TrimPrefix(sb.frontendName, "frontend-")
sb.next.ServeHTTP(rw, r)
}
// SaveNegroniFrontend sends the frontend name to the logger.
type SaveNegroniFrontend struct {
next negroni.Handler
frontendName string
}
// NewSaveNegroniFrontend creates a SaveNegroniFrontend handler.
func NewSaveNegroniFrontend(next negroni.Handler, frontendName string) negroni.Handler {
return &SaveNegroniFrontend{next, frontendName}
}
func (sb *SaveNegroniFrontend) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
table := GetLogDataTable(r)
table.Core[FrontendName] = strings.TrimPrefix(sb.frontendName, "frontend-")
sb.next.ServeHTTP(rw, r, next)
} }
// SaveNegroniBackend sends the backend name to the logger. // SaveNegroniBackend sends the backend name to the logger.
@ -92,13 +39,21 @@ func NewSaveNegroniBackend(next negroni.Handler, backendName string) negroni.Han
} }
func (sb *SaveNegroniBackend) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) { func (sb *SaveNegroniBackend) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
serveSaveBackend(rw, r, sb.backendName, func(crw *captureResponseWriter) {
sb.next.ServeHTTP(crw, r, next)
})
}
func serveSaveBackend(rw http.ResponseWriter, r *http.Request, backendName string, apply func(*captureResponseWriter)) {
table := GetLogDataTable(r) table := GetLogDataTable(r)
table.Core[BackendName] = sb.backendName table.Core[BackendName] = backendName
table.Core[BackendURL] = r.URL // note that this is *not* the original incoming URL
table.Core[BackendAddr] = r.URL.Host
crw := &captureResponseWriter{rw: rw} crw := &captureResponseWriter{rw: rw}
start := time.Now().UTC() start := time.Now().UTC()
sb.next.ServeHTTP(crw, r, next) apply(crw)
// use UTC to handle switchover of daylight saving correctly // use UTC to handle switchover of daylight saving correctly
table.Core[OriginDuration] = time.Now().UTC().Sub(start) table.Core[OriginDuration] = time.Now().UTC().Sub(start)

51
middlewares/accesslog/save_frontend.go Normal file
View file

@ -0,0 +1,51 @@
package accesslog
import (
"net/http"
"strings"
"github.com/urfave/negroni"
)
// SaveFrontend sends the frontend name to the logger.
// These are sometimes used with a corresponding SaveBackend handler, but not always.
// For example, redirected requests don't reach a backend.
type SaveFrontend struct {
next http.Handler
frontendName string
}
// NewSaveFrontend creates a SaveFrontend handler.
func NewSaveFrontend(next http.Handler, frontendName string) http.Handler {
return &SaveFrontend{next, frontendName}
}
func (sf *SaveFrontend) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
serveSaveFrontend(r, sf.frontendName, func() {
sf.next.ServeHTTP(rw, r)
})
}
// SaveNegroniFrontend sends the frontend name to the logger.
type SaveNegroniFrontend struct {
next negroni.Handler
frontendName string
}
// NewSaveNegroniFrontend creates a SaveNegroniFrontend handler.
func NewSaveNegroniFrontend(next negroni.Handler, frontendName string) negroni.Handler {
return &SaveNegroniFrontend{next, frontendName}
}
func (sf *SaveNegroniFrontend) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
serveSaveFrontend(r, sf.frontendName, func() {
sf.next.ServeHTTP(rw, r, next)
})
}
func serveSaveFrontend(r *http.Request, frontendName string, apply func()) {
table := GetLogDataTable(r)
table.Core[FrontendName] = strings.TrimPrefix(frontendName, "frontend-")
apply()
}

66
middlewares/errorpages/error_pages.go
View file

@ -101,12 +101,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request, next http.
h.backendHandler.ServeHTTP(recorderErrorPage, pageReq.WithContext(req.Context())) h.backendHandler.ServeHTTP(recorderErrorPage, pageReq.WithContext(req.Context()))
utils.CopyHeaders(w.Header(), recorder.Header())
for key := range recorderErrorPage.Header() {
w.Header().Del(key)
}
utils.CopyHeaders(w.Header(), recorderErrorPage.Header()) utils.CopyHeaders(w.Header(), recorderErrorPage.Header())
w.WriteHeader(recorder.GetCode()) w.WriteHeader(recorder.GetCode())
w.Write(recorderErrorPage.GetBody().Bytes()) w.Write(recorderErrorPage.GetBody().Bytes())
return return
@ -174,64 +169,65 @@ type responseRecorderWithCloseNotify struct {
// CloseNotify returns a channel that receives at most a // CloseNotify returns a channel that receives at most a
// single value (true) when the client connection has gone away. // single value (true) when the client connection has gone away.
func (rw *responseRecorderWithCloseNotify) CloseNotify() <-chan bool { func (r *responseRecorderWithCloseNotify) CloseNotify() <-chan bool {
return rw.responseWriter.(http.CloseNotifier).CloseNotify() return r.responseWriter.(http.CloseNotifier).CloseNotify()
} }
// Header returns the response headers. // Header returns the response headers.
func (rw *responseRecorderWithoutCloseNotify) Header() http.Header { func (r *responseRecorderWithoutCloseNotify) Header() http.Header {
if rw.HeaderMap == nil { if r.HeaderMap == nil {
rw.HeaderMap = make(http.Header) r.HeaderMap = make(http.Header)
} }
return rw.HeaderMap
return r.HeaderMap
} }
func (rw *responseRecorderWithoutCloseNotify) GetCode() int { func (r *responseRecorderWithoutCloseNotify) GetCode() int {
return rw.Code return r.Code
} }
func (rw *responseRecorderWithoutCloseNotify) GetBody() *bytes.Buffer { func (r *responseRecorderWithoutCloseNotify) GetBody() *bytes.Buffer {
return rw.Body return r.Body
} }
func (rw *responseRecorderWithoutCloseNotify) IsStreamingResponseStarted() bool { func (r *responseRecorderWithoutCloseNotify) IsStreamingResponseStarted() bool {
return rw.streamingResponseStarted return r.streamingResponseStarted
} }
// Write always succeeds and writes to rw.Body, if not nil. // Write always succeeds and writes to rw.Body, if not nil.
func (rw *responseRecorderWithoutCloseNotify) Write(buf []byte) (int, error) { func (r *responseRecorderWithoutCloseNotify) Write(buf []byte) (int, error) {
if rw.err != nil { if r.err != nil {
return 0, rw.err return 0, r.err
} }
return rw.Body.Write(buf) return r.Body.Write(buf)
} }
// WriteHeader sets rw.Code. // WriteHeader sets rw.Code.
func (rw *responseRecorderWithoutCloseNotify) WriteHeader(code int) { func (r *responseRecorderWithoutCloseNotify) WriteHeader(code int) {
rw.Code = code r.Code = code
} }
// Hijack hijacks the connection // Hijack hijacks the connection
func (rw *responseRecorderWithoutCloseNotify) Hijack() (net.Conn, *bufio.ReadWriter, error) { func (r *responseRecorderWithoutCloseNotify) Hijack() (net.Conn, *bufio.ReadWriter, error) {
return rw.responseWriter.(http.Hijacker).Hijack() return r.responseWriter.(http.Hijacker).Hijack()
} }
// Flush sends any buffered data to the client. // Flush sends any buffered data to the client.
func (rw *responseRecorderWithoutCloseNotify) Flush() { func (r *responseRecorderWithoutCloseNotify) Flush() {
if !rw.streamingResponseStarted { if !r.streamingResponseStarted {
utils.CopyHeaders(rw.responseWriter.Header(), rw.Header()) utils.CopyHeaders(r.responseWriter.Header(), r.Header())
rw.responseWriter.WriteHeader(rw.Code) r.responseWriter.WriteHeader(r.Code)
rw.streamingResponseStarted = true r.streamingResponseStarted = true
} }
_, err := rw.responseWriter.Write(rw.Body.Bytes()) _, err := r.responseWriter.Write(r.Body.Bytes())
if err != nil { if err != nil {
log.Errorf("Error writing response in responseRecorder: %s", err) log.Errorf("Error writing response in responseRecorder: %v", err)
rw.err = err r.err = err
} }
rw.Body.Reset() r.Body.Reset()
if flusher, ok := rw.responseWriter.(http.Flusher); ok { if flusher, ok := r.responseWriter.(http.Flusher); ok {
flusher.Flush() flusher.Flush()
} }
} }

2
middlewares/errorpages/error_pages_test.go
View file

@ -318,7 +318,6 @@ func TestHandlerOldWayIntegration(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Foo", "bar")
w.WriteHeader(test.backendCode) w.WriteHeader(test.backendCode)
fmt.Fprintln(w, http.StatusText(test.backendCode)) fmt.Fprintln(w, http.StatusText(test.backendCode))
}) })
@ -331,7 +330,6 @@ func TestHandlerOldWayIntegration(t *testing.T) {
n.ServeHTTP(recorder, req) n.ServeHTTP(recorder, req)
test.validate(t, recorder) test.validate(t, recorder)
assert.Equal(t, "bar", recorder.Header().Get("X-Foo"), "missing header")
}) })
} }
} }

2
provider/acme/account.go
View file

@ -7,7 +7,7 @@ import (
"crypto/x509" "crypto/x509"
"github.com/containous/traefik/log" "github.com/containous/traefik/log"
acme "github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// Account is used to store lets encrypt registration info // Account is used to store lets encrypt registration info

2
provider/acme/challenge.go
View file

@ -8,7 +8,7 @@ import (
"github.com/containous/flaeg" "github.com/containous/flaeg"
"github.com/containous/traefik/log" "github.com/containous/traefik/log"
"github.com/containous/traefik/safe" "github.com/containous/traefik/safe"
acme "github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
func dnsOverrideDelay(delay flaeg.Duration) error { func dnsOverrideDelay(delay flaeg.Duration) error {

1
provider/acme/local_store.go
View file

@ -60,6 +60,7 @@ func (s *LocalStore) get() (*StoredData, error) {
return nil, err return nil, err
} }
if isOldRegistration { if isOldRegistration {
log.Debug("Reset ACME account.")
s.storedData.Account = nil s.storedData.Account = nil
s.SaveDataChan <- s.storedData s.SaveDataChan <- s.storedData
} }

17
provider/acme/provider.go
View file

@ -22,8 +22,10 @@ import (
"github.com/containous/traefik/safe" "github.com/containous/traefik/safe"
traefiktls "github.com/containous/traefik/tls" traefiktls "github.com/containous/traefik/tls"
"github.com/containous/traefik/types" "github.com/containous/traefik/types"
"github.com/containous/traefik/version"
"github.com/pkg/errors" "github.com/pkg/errors"
acme "github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
legolog "github.com/xenolf/lego/log"
"github.com/xenolf/lego/providers/dns" "github.com/xenolf/lego/providers/dns"
) )
@ -86,10 +88,11 @@ func (p *Provider) SetConfigListenerChan(configFromListenerChan chan types.Confi
} }
func (p *Provider) init() error { func (p *Provider) init() error {
acme.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version)
if p.ACMELogging { if p.ACMELogging {
acme.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags) legolog.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags)
} else { } else {
acme.Logger = fmtlog.New(ioutil.Discard, "", 0) legolog.Logger = fmtlog.New(ioutil.Discard, "", 0)
} }
var err error var err error
@ -103,6 +106,11 @@ func (p *Provider) init() error {
return fmt.Errorf("unable to get ACME account : %v", err) return fmt.Errorf("unable to get ACME account : %v", err)
} }
// Reset Account if caServer changed, thus registration URI can be updated
if p.account != nil && p.account.Registration != nil && !strings.HasPrefix(p.account.Registration.URI, p.CAServer) {
p.account = nil
}
p.certificates, err = p.Store.GetCertificates() p.certificates, err = p.Store.GetCertificates()
if err != nil { if err != nil {
return fmt.Errorf("unable to get ACME certificates : %v", err) return fmt.Errorf("unable to get ACME certificates : %v", err)
@ -227,7 +235,7 @@ func (p *Provider) resolveCertificate(domain types.Domain, domainFromConfigurati
} }
p.addCertificateForDomain(domain, certificate.Certificate, certificate.PrivateKey) p.addCertificateForDomain(domain, certificate.Certificate, certificate.PrivateKey)
return &certificate, nil return certificate, nil
} }
func (p *Provider) getClient() (*acme.Client, error) { func (p *Provider) getClient() (*acme.Client, error) {
@ -299,7 +307,6 @@ func (p *Provider) getClient() (*acme.Client, error) {
} }
p.client = client p.client = client
} }
return p.client, nil return p.client, nil
} }

69
provider/consulcatalog/consul_catalog.go
View file

@ -2,6 +2,7 @@ package consulcatalog
import ( import (
"errors" "errors"
"fmt"
"strconv" "strconv"
"strings" "strings"
"sync" "sync"
@ -255,7 +256,8 @@ func (p *Provider) watchHealthState(stopCh <-chan struct{}, watchCh chan<- map[s
safe.Go(func() { safe.Go(func() {
// variable to hold previous state // variable to hold previous state
var flashback []string var flashback map[string][]string
var flashbackMaintenance []string
options := &api.QueryOptions{WaitTime: DefaultWatchWaitTime} options := &api.QueryOptions{WaitTime: DefaultWatchWaitTime}
@ -267,19 +269,31 @@ func (p *Provider) watchHealthState(stopCh <-chan struct{}, watchCh chan<- map[s
} }
// Listening to changes that leads to `passing` state or degrades from it. // Listening to changes that leads to `passing` state or degrades from it.
healthyState, meta, err := health.State("passing", options) healthyState, meta, err := health.State("any", options)
if err != nil { if err != nil {
log.WithError(err).Error("Failed to retrieve health checks") log.WithError(err).Error("Failed to retrieve health checks")
notifyError(err) notifyError(err)
return return
} }
var current []string var current = make(map[string][]string)
var currentFailing = make(map[string]*api.HealthCheck)
var maintenance []string
if healthyState != nil { if healthyState != nil {
for _, healthy := range healthyState { for _, healthy := range healthyState {
current = append(current, healthy.ServiceID) key := fmt.Sprintf("%s-%s", healthy.Node, healthy.ServiceID)
_, failing := currentFailing[key]
if healthy.Status == "passing" && !failing {
current[key] = append(current[key], healthy.Node)
} else if strings.HasPrefix(healthy.CheckID, "_service_maintenance") || strings.HasPrefix(healthy.CheckID, "_node_maintenance") {
maintenance = append(maintenance, healthy.CheckID)
} else {
currentFailing[key] = healthy
if _, ok := current[key]; ok {
delete(current, key)
}
}
} }
} }
// If LastIndex didn't change then it means `Get` returned // If LastIndex didn't change then it means `Get` returned
@ -302,18 +316,26 @@ func (p *Provider) watchHealthState(stopCh <-chan struct{}, watchCh chan<- map[s
// A critical note is that the return of a blocking request is no guarantee of a change. // A critical note is that the return of a blocking request is no guarantee of a change.
// It is possible that there was an idempotent write that does not affect the result of the query. // It is possible that there was an idempotent write that does not affect the result of the query.
// Thus it is required to do extra check for changes... // Thus it is required to do extra check for changes...
addedKeys, removedKeys := getChangedStringKeys(current, flashback) addedKeys, removedKeys, changedKeys := getChangedHealth(current, flashback)
if len(addedKeys) > 0 || len(removedKeys) > 0 || len(changedKeys) > 0 {
log.WithField("DiscoveredServices", addedKeys).
WithField("MissingServices", removedKeys).
WithField("ChangedServices", changedKeys).
Debug("Health State change detected.")
if len(addedKeys) > 0 {
log.WithField("DiscoveredServices", addedKeys).Debug("Health State change detected.")
watchCh <- data watchCh <- data
flashback = current flashback = current
} flashbackMaintenance = maintenance
} else {
addedKeysMaintenance, removedMaintenance := getChangedStringKeys(maintenance, flashbackMaintenance)
if len(removedKeys) > 0 { if len(addedKeysMaintenance) > 0 || len(removedMaintenance) > 0 {
log.WithField("MissingServices", removedKeys).Debug("Health State change detected.") log.WithField("MaintenanceMode", maintenance).Debug("Maintenance change detected.")
watchCh <- data watchCh <- data
flashback = current flashback = current
flashbackMaintenance = maintenance
}
} }
} }
} }
@ -394,6 +416,27 @@ func getChangedStringKeys(currState []string, prevState []string) ([]string, []s
return fun.Keys(addedKeys).([]string), fun.Keys(removedKeys).([]string) return fun.Keys(addedKeys).([]string), fun.Keys(removedKeys).([]string)
} }
func getChangedHealth(current map[string][]string, previous map[string][]string) ([]string, []string, []string) {
currKeySet := fun.Set(fun.Keys(current).([]string)).(map[string]bool)
prevKeySet := fun.Set(fun.Keys(previous).([]string)).(map[string]bool)
addedKeys := fun.Difference(currKeySet, prevKeySet).(map[string]bool)
removedKeys := fun.Difference(prevKeySet, currKeySet).(map[string]bool)
var changedKeys []string
for key, value := range current {
if prevValue, ok := previous[key]; ok {
addedNodesKeys, removedNodesKeys := getChangedStringKeys(value, prevValue)
if len(addedNodesKeys) > 0 || len(removedNodesKeys) > 0 {
changedKeys = append(changedKeys, key)
}
}
}
return fun.Keys(addedKeys).([]string), fun.Keys(removedKeys).([]string), changedKeys
}
func getChangedIntKeys(currState []int, prevState []int) ([]int, []int) { func getChangedIntKeys(currState []int, prevState []int) ([]int, []int) {
currKeySet := fun.Set(currState).(map[int]bool) currKeySet := fun.Set(currState).(map[int]bool)
prevKeySet := fun.Set(prevState).(map[int]bool) prevKeySet := fun.Set(prevState).(map[int]bool)

4
provider/kubernetes/kubernetes.go
View file

@ -6,8 +6,10 @@ import (
"errors" "errors"
"flag" "flag"
"fmt" "fmt"
"net"
"os" "os"
"reflect" "reflect"
"strconv"
"strings" "strings"
"text/template" "text/template"
"time" "time"
@ -319,7 +321,7 @@ func (p *Provider) loadIngresses(k8sClient Client) (*types.Configuration, error)
continue continue
} }
for _, address := range subset.Addresses { for _, address := range subset.Addresses {
url := fmt.Sprintf("%s://%s:%d", protocol, address.IP, endpointPort) url := protocol + "://" + net.JoinHostPort(address.IP, strconv.FormatInt(int64(endpointPort), 10))
name := url name := url
if address.TargetRef != nil && address.TargetRef.Name != "" { if address.TargetRef != nil && address.TargetRef.Name != "" {
name = address.TargetRef.Name name = address.TargetRef.Name

2
server/header_rewriter.go
View file

@ -44,7 +44,7 @@ func (h *headerRewriter) Rewrite(req *http.Request) {
err := h.ips.IsAuthorized(req) err := h.ips.IsAuthorized(req)
if err != nil { if err != nil {
log.Error(err) log.Debug(err)
h.secureRewriter.Rewrite(req) h.secureRewriter.Rewrite(req)
return return
} }

5
server/server.go
View file

@ -557,7 +557,10 @@ func (s *serverEntryPoint) getCertificate(clientHello *tls.ClientHelloInfo) (*tl
} }
func (s *Server) postLoadConfiguration() { func (s *Server) postLoadConfiguration() {
metrics.OnConfigurationUpdate() if s.metricsRegistry.IsEnabled() {
activeConfig := s.currentConfigurations.Get().(types.Configurations)
metrics.OnConfigurationUpdate(activeConfig)
}
if s.globalConfiguration.ACME == nil || s.leadership == nil || !s.leadership.IsLeader() { if s.globalConfiguration.ACME == nil || s.leadership == nil || !s.leadership.IsLeader() {
return return

163
server/server_test.go
View file

@ -16,9 +16,8 @@ import (
"github.com/containous/traefik/healthcheck" "github.com/containous/traefik/healthcheck"
"github.com/containous/traefik/metrics" "github.com/containous/traefik/metrics"
"github.com/containous/traefik/middlewares" "github.com/containous/traefik/middlewares"
"github.com/containous/traefik/provider/label"
"github.com/containous/traefik/rules" "github.com/containous/traefik/rules"
"github.com/containous/traefik/testhelpers" th "github.com/containous/traefik/testhelpers"
"github.com/containous/traefik/tls" "github.com/containous/traefik/tls"
"github.com/containous/traefik/types" "github.com/containous/traefik/types"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -202,9 +201,9 @@ func TestListenProvidersSkipsSameConfigurationForProvider(t *testing.T) {
} }
}() }()
config := buildDynamicConfig( config := th.BuildConfiguration(
withFrontend("frontend", buildFrontend()), th.WithFrontends(th.WithFrontend("backend")),
withBackend("backend", buildBackend()), th.WithBackends(th.WithBackendNew("backend")),
) )
// provide a configuration // provide a configuration
@ -243,9 +242,9 @@ func TestListenProvidersPublishesConfigForEachProvider(t *testing.T) {
} }
}() }()
config := buildDynamicConfig( config := th.BuildConfiguration(
withFrontend("frontend", buildFrontend()), th.WithFrontends(th.WithFrontend("backend")),
withBackend("backend", buildBackend()), th.WithBackends(th.WithBackendNew("backend")),
) )
server.configurationChan <- types.ConfigMessage{ProviderName: "kubernetes", Configuration: config} server.configurationChan <- types.ConfigMessage{ProviderName: "kubernetes", Configuration: config}
server.configurationChan <- types.ConfigMessage{ProviderName: "marathon", Configuration: config} server.configurationChan <- types.ConfigMessage{ProviderName: "marathon", Configuration: config}
@ -398,7 +397,7 @@ func TestServerMultipleFrontendRules(t *testing.T) {
t.Fatalf("Error while building route for %s: %+v", expression, err) t.Fatalf("Error while building route for %s: %+v", expression, err)
} }
request := testhelpers.MustNewRequest(http.MethodGet, test.requestURL, nil) request := th.MustNewRequest(http.MethodGet, test.requestURL, nil)
routeMatch := routeResult.Match(request, &mux.RouteMatch{Route: routeResult}) routeMatch := routeResult.Match(request, &mux.RouteMatch{Route: routeResult})
if !routeMatch { if !routeMatch {
@ -479,7 +478,7 @@ func TestServerLoadConfigHealthCheckOptions(t *testing.T) {
if healthCheck != nil { if healthCheck != nil {
expectedNumHealthCheckBackends = 1 expectedNumHealthCheckBackends = 1
} }
assert.Len(t, healthcheck.GetHealthCheck(testhelpers.NewCollectingHealthCheckMetrics()).Backends, expectedNumHealthCheckBackends, "health check backends") assert.Len(t, healthcheck.GetHealthCheck(th.NewCollectingHealthCheckMetrics()).Backends, expectedNumHealthCheckBackends, "health check backends")
}) })
} }
} }
@ -842,62 +841,88 @@ func TestServerResponseEmptyBackend(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
dynamicConfig func(testServerURL string) *types.Configuration config func(testServerURL string) *types.Configuration
expectedStatusCode int expectedStatusCode int
}{ }{
{ {
desc: "Ok", desc: "Ok",
dynamicConfig: func(testServerURL string) *types.Configuration { config: func(testServerURL string) *types.Configuration {
return buildDynamicConfig( return th.BuildConfiguration(
withFrontend("frontend", buildFrontend(withRoute(requestPath, routeRule))), th.WithFrontends(th.WithFrontend("backend",
withBackend("backend", buildBackend(withServer("testServer", testServerURL))), th.WithEntryPoints("http"),
th.WithRoutes(th.WithRoute(requestPath, routeRule))),
),
th.WithBackends(th.WithBackendNew("backend",
th.WithLBMethod("wrr"),
th.WithServersNew(th.WithServerNew(testServerURL))),
),
) )
}, },
expectedStatusCode: http.StatusOK, expectedStatusCode: http.StatusOK,
}, },
{ {
desc: "No Frontend", desc: "No Frontend",
dynamicConfig: func(testServerURL string) *types.Configuration { config: func(testServerURL string) *types.Configuration {
return buildDynamicConfig() return th.BuildConfiguration()
}, },
expectedStatusCode: http.StatusNotFound, expectedStatusCode: http.StatusNotFound,
}, },
{ {
desc: "Empty Backend LB-Drr", desc: "Empty Backend LB-Drr",
dynamicConfig: func(testServerURL string) *types.Configuration { config: func(testServerURL string) *types.Configuration {
return buildDynamicConfig( return th.BuildConfiguration(
withFrontend("frontend", buildFrontend(withRoute(requestPath, routeRule))), th.WithFrontends(th.WithFrontend("backend",
withBackend("backend", buildBackend(withLoadBalancer("Drr", false))), th.WithEntryPoints("http"),
th.WithRoutes(th.WithRoute(requestPath, routeRule))),
),
th.WithBackends(th.WithBackendNew("backend",
th.WithLBMethod("drr")),
),
) )
}, },
expectedStatusCode: http.StatusServiceUnavailable, expectedStatusCode: http.StatusServiceUnavailable,
}, },
{ {
desc: "Empty Backend LB-Drr Sticky", desc: "Empty Backend LB-Drr Sticky",
dynamicConfig: func(testServerURL string) *types.Configuration { config: func(testServerURL string) *types.Configuration {
return buildDynamicConfig( return th.BuildConfiguration(
withFrontend("frontend", buildFrontend(withRoute(requestPath, routeRule))), th.WithFrontends(th.WithFrontend("backend",
withBackend("backend", buildBackend(withLoadBalancer("Drr", true))), th.WithEntryPoints("http"),
th.WithRoutes(th.WithRoute(requestPath, routeRule))),
),
th.WithBackends(th.WithBackendNew("backend",
th.WithLBMethod("drr"), th.WithLBSticky("test")),
),
) )
}, },
expectedStatusCode: http.StatusServiceUnavailable, expectedStatusCode: http.StatusServiceUnavailable,
}, },
{ {
desc: "Empty Backend LB-Wrr", desc: "Empty Backend LB-Wrr",
dynamicConfig: func(testServerURL string) *types.Configuration { config: func(testServerURL string) *types.Configuration {
return buildDynamicConfig( return th.BuildConfiguration(
withFrontend("frontend", buildFrontend(withRoute(requestPath, routeRule))), th.WithFrontends(th.WithFrontend("backend",
withBackend("backend", buildBackend(withLoadBalancer("Wrr", false))), th.WithEntryPoints("http"),
th.WithRoutes(th.WithRoute(requestPath, routeRule))),
),
th.WithBackends(th.WithBackendNew("backend",
th.WithLBMethod("wrr")),
),
) )
}, },
expectedStatusCode: http.StatusServiceUnavailable, expectedStatusCode: http.StatusServiceUnavailable,
}, },
{ {
desc: "Empty Backend LB-Wrr Sticky", desc: "Empty Backend LB-Wrr Sticky",
dynamicConfig: func(testServerURL string) *types.Configuration { config: func(testServerURL string) *types.Configuration {
return buildDynamicConfig( return th.BuildConfiguration(
withFrontend("frontend", buildFrontend(withRoute(requestPath, routeRule))), th.WithFrontends(th.WithFrontend("backend",
withBackend("backend", buildBackend(withLoadBalancer("Wrr", true))), th.WithEntryPoints("http"),
th.WithRoutes(th.WithRoute(requestPath, routeRule))),
),
th.WithBackends(th.WithBackendNew("backend",
th.WithLBMethod("wrr"), th.WithLBSticky("test")),
),
) )
}, },
expectedStatusCode: http.StatusServiceUnavailable, expectedStatusCode: http.StatusServiceUnavailable,
@ -919,7 +944,7 @@ func TestServerResponseEmptyBackend(t *testing.T) {
entryPointsConfig := map[string]EntryPoint{ entryPointsConfig := map[string]EntryPoint{
"http": {Configuration: &configuration.EntryPoint{ForwardedHeaders: &configuration.ForwardedHeaders{Insecure: true}}}, "http": {Configuration: &configuration.EntryPoint{ForwardedHeaders: &configuration.ForwardedHeaders{Insecure: true}}},
} }
dynamicConfigs := types.Configurations{"config": test.dynamicConfig(testServer.URL)} dynamicConfigs := types.Configurations{"config": test.config(testServer.URL)}
srv := NewServer(globalConfig, nil, entryPointsConfig) srv := NewServer(globalConfig, nil, entryPointsConfig)
entryPoints, err := srv.loadConfig(dynamicConfigs, globalConfig) entryPoints, err := srv.loadConfig(dynamicConfigs, globalConfig)
@ -1015,7 +1040,7 @@ func TestBuildRedirectHandler(t *testing.T) {
rewrite, err := srv.buildRedirectHandler(test.srcEntryPointName, test.redirect) rewrite, err := srv.buildRedirectHandler(test.srcEntryPointName, test.redirect)
require.NoError(t, err) require.NoError(t, err)
req := testhelpers.MustNewRequest(http.MethodGet, test.url, nil) req := th.MustNewRequest(http.MethodGet, test.url, nil)
recorder := httptest.NewRecorder() recorder := httptest.NewRecorder()
rewrite.ServeHTTP(recorder, req, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { rewrite.ServeHTTP(recorder, req, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -1145,71 +1170,3 @@ func TestNewServerWithResponseModifiers(t *testing.T) {
}) })
} }
} }
func buildDynamicConfig(dynamicConfigBuilders ...func(*types.Configuration)) *types.Configuration {
config := &types.Configuration{
Frontends: make(map[string]*types.Frontend),
Backends: make(map[string]*types.Backend),
}
for _, build := range dynamicConfigBuilders {
build(config)
}
return config
}
func withFrontend(frontendName string, frontend *types.Frontend) func(*types.Configuration) {
return func(config *types.Configuration) {
config.Frontends[frontendName] = frontend
}
}
func withBackend(backendName string, backend *types.Backend) func(*types.Configuration) {
return func(config *types.Configuration) {
config.Backends[backendName] = backend
}
}
func buildFrontend(frontendBuilders ...func(*types.Frontend)) *types.Frontend {
fe := &types.Frontend{
EntryPoints: []string{"http"},
Backend: "backend",
Routes: make(map[string]types.Route),
}
for _, build := range frontendBuilders {
build(fe)
}
return fe
}
func withRoute(routeName, rule string) func(*types.Frontend) {
return func(fe *types.Frontend) {
fe.Routes[routeName] = types.Route{Rule: rule}
}
}
func buildBackend(backendBuilders ...func(*types.Backend)) *types.Backend {
be := &types.Backend{
Servers: make(map[string]types.Server),
LoadBalancer: &types.LoadBalancer{Method: "Wrr"},
}
for _, build := range backendBuilders {
build(be)
}
return be
}
func withServer(name, url string) func(backend *types.Backend) {
return func(be *types.Backend) {
be.Servers[name] = types.Server{URL: url, Weight: label.DefaultWeight}
}
}
func withLoadBalancer(method string, sticky bool) func(*types.Backend) {
return func(be *types.Backend) {
if sticky {
be.LoadBalancer = &types.LoadBalancer{Method: method, Stickiness: &types.Stickiness{CookieName: "test"}}
} else {
be.LoadBalancer = &types.LoadBalancer{Method: method}
}
}
}

134
testhelpers/config.go Normal file
View file

@ -0,0 +1,134 @@
package testhelpers
import (
"github.com/containous/traefik/provider"
"github.com/containous/traefik/types"
)
// BuildConfiguration is a helper to create a configuration.
func BuildConfiguration(dynamicConfigBuilders ...func(*types.Configuration)) *types.Configuration {
config := &types.Configuration{}
for _, build := range dynamicConfigBuilders {
build(config)
}
return config
}
// -- Backend
// WithBackends is a helper to create a configuration
func WithBackends(opts ...func(*types.Backend) string) func(*types.Configuration) {
return func(c *types.Configuration) {
c.Backends = make(map[string]*types.Backend)
for _, opt := range opts {
b := &types.Backend{}
name := opt(b)
c.Backends[name] = b
}
}
}
// WithBackendNew is a helper to create a configuration
func WithBackendNew(name string, opts ...func(*types.Backend)) func(*types.Backend) string {
return func(b *types.Backend) string {
for _, opt := range opts {
opt(b)
}
return name
}
}
// WithServersNew is a helper to create a configuration
func WithServersNew(opts ...func(*types.Server) string) func(*types.Backend) {
return func(b *types.Backend) {
b.Servers = make(map[string]types.Server)
for _, opt := range opts {
s := &types.Server{Weight: 1}
name := opt(s)
b.Servers[name] = *s
}
}
}
// WithServerNew is a helper to create a configuration
func WithServerNew(url string, opts ...func(*types.Server)) func(*types.Server) string {
return func(s *types.Server) string {
for _, opt := range opts {
opt(s)
}
s.URL = url
return provider.Normalize(url)
}
}
// WithLBMethod is a helper to create a configuration
func WithLBMethod(method string) func(*types.Backend) {
return func(b *types.Backend) {
if b.LoadBalancer == nil {
b.LoadBalancer = &types.LoadBalancer{}
}
b.LoadBalancer.Method = method
}
}
// -- Frontend
// WithFrontends is a helper to create a configuration
func WithFrontends(opts ...func(*types.Frontend) string) func(*types.Configuration) {
return func(c *types.Configuration) {
c.Frontends = make(map[string]*types.Frontend)
for _, opt := range opts {
f := &types.Frontend{}
name := opt(f)
c.Frontends[name] = f
}
}
}
// WithFrontend is a helper to create a configuration
func WithFrontend(backend string, opts ...func(*types.Frontend)) func(*types.Frontend) string {
return func(f *types.Frontend) string {
for _, opt := range opts {
opt(f)
}
f.Backend = backend
return backend
}
}
// WithEntryPoints is a helper to create a configuration
func WithEntryPoints(eps ...string) func(*types.Frontend) {
return func(f *types.Frontend) {
f.EntryPoints = eps
}
}
// WithRoutes is a helper to create a configuration
func WithRoutes(opts ...func(*types.Route) string) func(*types.Frontend) {
return func(f *types.Frontend) {
f.Routes = make(map[string]types.Route)
for _, opt := range opts {
s := &types.Route{}
name := opt(s)
f.Routes[name] = *s
}
}
}
// WithRoute is a helper to create a configuration
func WithRoute(name string, rule string) func(*types.Route) string {
return func(r *types.Route) string {
r.Rule = rule
return name
}
}
// WithLBSticky is a helper to create a configuration
func WithLBSticky(cookieName string) func(*types.Backend) {
return func(b *types.Backend) {
if b.LoadBalancer == nil {
b.LoadBalancer = &types.LoadBalancer{}
}
b.LoadBalancer.Stickiness = &types.Stickiness{CookieName: cookieName}
}
}

10
testhelpers/helpers.go
View file

@ -7,16 +7,6 @@ import (
"net/url" "net/url"
) )
// Intp returns a pointer to the given integer value.
func Intp(i int) *int {
return &i
}
// Stringp returns a pointer to the given string value.
func Stringp(s string) *string {
return &s
}
// MustNewRequest creates a new http get request or panics if it can't // MustNewRequest creates a new http get request or panics if it can't
func MustNewRequest(method, urlStr string, body io.Reader) *http.Request { func MustNewRequest(method, urlStr string, body io.Reader) *http.Request {
request, err := http.NewRequest(method, urlStr, body) request, err := http.NewRequest(method, urlStr, body)

10
testhelpers/metrics.go
View file

@ -46,12 +46,12 @@ type CollectingHealthCheckMetrics struct {
Gauge *CollectingGauge Gauge *CollectingGauge
} }
// NewCollectingHealthCheckMetrics creates a new CollectingHealthCheckMetrics instance.
func NewCollectingHealthCheckMetrics() *CollectingHealthCheckMetrics {
return &CollectingHealthCheckMetrics{&CollectingGauge{}}
}
// BackendServerUpGauge is there to satisfy the healthcheck.metricsRegistry interface. // BackendServerUpGauge is there to satisfy the healthcheck.metricsRegistry interface.
func (m *CollectingHealthCheckMetrics) BackendServerUpGauge() metrics.Gauge { func (m *CollectingHealthCheckMetrics) BackendServerUpGauge() metrics.Gauge {
return m.Gauge return m.Gauge
} }
// NewCollectingHealthCheckMetrics creates a new CollectingHealthCheckMetrics instance.
func NewCollectingHealthCheckMetrics() *CollectingHealthCheckMetrics {
return &CollectingHealthCheckMetrics{&CollectingGauge{}}
}

2
vendor/github.com/dnsimple/dnsimple-go/LICENSE.txt generated vendored
View file

@ -1,6 +1,6 @@
The MIT License (MIT) The MIT License (MIT)
Copyright (c) 2014-2017 Aetrion LLC dba DNSimple Copyright (c) 2014-2018 Aetrion LLC dba DNSimple
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

5
vendor/github.com/dnsimple/dnsimple-go/dnsimple/accounts.go generated vendored
View file

@ -1,15 +1,12 @@
package dnsimple package dnsimple
import (
)
type AccountsService struct { type AccountsService struct {
client *Client client *Client
} }
// Account represents a DNSimple account. // Account represents a DNSimple account.
type Account struct { type Account struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
Email string `json:"email,omitempty"` Email string `json:"email,omitempty"`
PlanIdentifier string `json:"plan_identifier,omitempty"` PlanIdentifier string `json:"plan_identifier,omitempty"`
CreatedAt string `json:"created_at,omitempty"` CreatedAt string `json:"created_at,omitempty"`

175
vendor/github.com/dnsimple/dnsimple-go/dnsimple/certificates.go generated vendored
View file

@ -2,29 +2,31 @@ package dnsimple
import ( import (
"fmt" "fmt"
"strconv"
) )
// CertificatesService handles communication with the certificate related // CertificatesService handles communication with the certificate related
// methods of the DNSimple API. // methods of the DNSimple API.
// //
// See https://developer.dnsimple.com/v2/domains/certificates // See https://developer.dnsimple.com/v2/certificates
type CertificatesService struct { type CertificatesService struct {
client *Client client *Client
} }
// Certificate represents a Certificate in DNSimple. // Certificate represents a Certificate in DNSimple.
type Certificate struct { type Certificate struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
DomainID int `json:"domain_id,omitempty"` DomainID int64 `json:"domain_id,omitempty"`
CommonName string `json:"common_name,omitempty"` ContactID int64 `json:"contact_id,omitempty"`
Years int `json:"years,omitempty"` CommonName string `json:"common_name,omitempty"`
State string `json:"state,omitempty"` AlternateNames []string `json:"alternate_names,omitempty"`
AuthorityIdentifier string `json:"authority_identifier,omitempty"` Years int `json:"years,omitempty"`
CreatedAt string `json:"created_at,omitempty"` State string `json:"state,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"` AuthorityIdentifier string `json:"authority_identifier,omitempty"`
ExpiresOn string `json:"expires_on,omitempty"` AutoRenew bool `json:"auto_renew"`
CertificateRequest string `json:"csr,omitempty"` CreatedAt string `json:"created_at,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
ExpiresOn string `json:"expires_on,omitempty"`
CertificateRequest string `json:"csr,omitempty"`
} }
// CertificateBundle represents a container for all the PEM-encoded X509 certificate entities, // CertificateBundle represents a container for all the PEM-encoded X509 certificate entities,
@ -37,9 +39,46 @@ type CertificateBundle struct {
IntermediateCertificates []string `json:"chain,omitempty"` IntermediateCertificates []string `json:"chain,omitempty"`
} }
func certificatePath(accountID, domainIdentifier, certificateID string) (path string) { // CertificatePurchase represents a Certificate Purchase in DNSimple.
type CertificatePurchase struct {
ID int64 `json:"id,omitempty"`
CertificateID int64 `json:"new_certificate_id,omitempty"`
State string `json:"state,omitempty"`
AutoRenew bool `json:"auto_renew,omitempty"`
CreatedAt string `json:"created_at,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
}
// CertificateRenewal represents a Certificate Renewal in DNSimple.
type CertificateRenewal struct {
ID int64 `json:"id,omitempty"`
OldCertificateID int64 `json:"old_certificate_id,omitempty"`
NewCertificateID int64 `json:"new_certificate_id,omitempty"`
State string `json:"state,omitempty"`
AutoRenew bool `json:"auto_renew,omitempty"`
CreatedAt string `json:"created_at,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
}
// LetsencryptCertificateAttributes is a set of attributes to purchase a Let's Encrypt certificate.
type LetsencryptCertificateAttributes struct {
ContactID int64 `json:"contact_id,omitempty"`
Name string `json:"name,omitempty"`
AutoRenew bool `json:"auto_renew,omitempty"`
AlternateNames []string `json:"alternate_names,omitempty"`
}
func certificatePath(accountID, domainIdentifier string, certificateID int64) (path string) {
path = fmt.Sprintf("%v/certificates", domainPath(accountID, domainIdentifier)) path = fmt.Sprintf("%v/certificates", domainPath(accountID, domainIdentifier))
if certificateID != "" { if certificateID != 0 {
path += fmt.Sprintf("/%v", certificateID)
}
return
}
func letsencryptCertificatePath(accountID, domainIdentifier string, certificateID int64) (path string) {
path = fmt.Sprintf("%v/certificates/letsencrypt", domainPath(accountID, domainIdentifier))
if certificateID != 0 {
path += fmt.Sprintf("/%v", certificateID) path += fmt.Sprintf("/%v", certificateID)
} }
return return
@ -63,11 +102,23 @@ type certificatesResponse struct {
Data []Certificate `json:"data"` Data []Certificate `json:"data"`
} }
// ListCertificates list the certificates for a domain. // certificatePurchaseResponse represents a response from an API method that returns a CertificatePurchase struct.
type certificatePurchaseResponse struct {
Response
Data *CertificatePurchase `json:"data"`
}
// certificateRenewalResponse represents a response from an API method that returns a CertificateRenewal struct.
type certificateRenewalResponse struct {
Response
Data *CertificateRenewal `json:"data"`
}
// ListCertificates lists the certificates for a domain in the account.
// //
// See https://developer.dnsimple.com/v2/domains/certificates#list // See https://developer.dnsimple.com/v2/certificates#listCertificates
func (s *CertificatesService) ListCertificates(accountID, domainIdentifier string, options *ListOptions) (*certificatesResponse, error) { func (s *CertificatesService) ListCertificates(accountID, domainIdentifier string, options *ListOptions) (*certificatesResponse, error) {
path := versioned(certificatePath(accountID, domainIdentifier, "")) path := versioned(certificatePath(accountID, domainIdentifier, 0))
certificatesResponse := &certificatesResponse{} certificatesResponse := &certificatesResponse{}
path, err := addURLQueryOptions(path, options) path, err := addURLQueryOptions(path, options)
@ -84,11 +135,11 @@ func (s *CertificatesService) ListCertificates(accountID, domainIdentifier strin
return certificatesResponse, nil return certificatesResponse, nil
} }
// GetCertificate fetches the certificate. // GetCertificate gets the details of a certificate.
// //
// See https://developer.dnsimple.com/v2/domains/certificates#get // See https://developer.dnsimple.com/v2/certificates#getCertificate
func (s *CertificatesService) GetCertificate(accountID, domainIdentifier string, certificateID int) (*certificateResponse, error) { func (s *CertificatesService) GetCertificate(accountID, domainIdentifier string, certificateID int64) (*certificateResponse, error) {
path := versioned(certificatePath(accountID, domainIdentifier, strconv.Itoa(certificateID))) path := versioned(certificatePath(accountID, domainIdentifier, certificateID))
certificateResponse := &certificateResponse{} certificateResponse := &certificateResponse{}
resp, err := s.client.get(path, certificateResponse) resp, err := s.client.get(path, certificateResponse)
@ -100,12 +151,12 @@ func (s *CertificatesService) GetCertificate(accountID, domainIdentifier string,
return certificateResponse, nil return certificateResponse, nil
} }
// DownloadCertificate download the issued server certificate, // DownloadCertificate gets the PEM-encoded certificate,
// as well the root certificate and the intermediate chain. // along with the root certificate and intermediate chain.
// //
// See https://developer.dnsimple.com/v2/domains/certificates#download // See https://developer.dnsimple.com/v2/certificates#downloadCertificate
func (s *CertificatesService) DownloadCertificate(accountID, domainIdentifier string, certificateID int) (*certificateBundleResponse, error) { func (s *CertificatesService) DownloadCertificate(accountID, domainIdentifier string, certificateID int64) (*certificateBundleResponse, error) {
path := versioned(certificatePath(accountID, domainIdentifier, strconv.Itoa(certificateID)) + "/download") path := versioned(certificatePath(accountID, domainIdentifier, certificateID) + "/download")
certificateBundleResponse := &certificateBundleResponse{} certificateBundleResponse := &certificateBundleResponse{}
resp, err := s.client.get(path, certificateBundleResponse) resp, err := s.client.get(path, certificateBundleResponse)
@ -117,11 +168,11 @@ func (s *CertificatesService) DownloadCertificate(accountID, domainIdentifier st
return certificateBundleResponse, nil return certificateBundleResponse, nil
} }
// GetCertificatePrivateKey fetches the certificate private key. // GetCertificatePrivateKey gets the PEM-encoded certificate private key.
// //
// See https://developer.dnsimple.com/v2/domains/certificates#get-private-key // See https://developer.dnsimple.com/v2/certificates#getCertificatePrivateKey
func (s *CertificatesService) GetCertificatePrivateKey(accountID, domainIdentifier string, certificateID int) (*certificateBundleResponse, error) { func (s *CertificatesService) GetCertificatePrivateKey(accountID, domainIdentifier string, certificateID int64) (*certificateBundleResponse, error) {
path := versioned(certificatePath(accountID, domainIdentifier, strconv.Itoa(certificateID)) + "/private_key") path := versioned(certificatePath(accountID, domainIdentifier, certificateID) + "/private_key")
certificateBundleResponse := &certificateBundleResponse{} certificateBundleResponse := &certificateBundleResponse{}
resp, err := s.client.get(path, certificateBundleResponse) resp, err := s.client.get(path, certificateBundleResponse)
@ -132,3 +183,67 @@ func (s *CertificatesService) GetCertificatePrivateKey(accountID, domainIdentifi
certificateBundleResponse.HttpResponse = resp certificateBundleResponse.HttpResponse = resp
return certificateBundleResponse, nil return certificateBundleResponse, nil
} }
// PurchaseLetsencryptCertificate purchases a Let's Encrypt certificate.
//
// See https://developer.dnsimple.com/v2/certificates/#purchaseLetsencryptCertificate
func (s *CertificatesService) PurchaseLetsencryptCertificate(accountID, domainIdentifier string, certificateAttributes LetsencryptCertificateAttributes) (*certificatePurchaseResponse, error) {
path := versioned(letsencryptCertificatePath(accountID, domainIdentifier, 0))
certificatePurchaseResponse := &certificatePurchaseResponse{}
resp, err := s.client.post(path, certificateAttributes, certificatePurchaseResponse)
if err != nil {
return nil, err
}
certificatePurchaseResponse.HttpResponse = resp
return certificatePurchaseResponse, nil
}
// IssueLetsencryptCertificate issues a pending Let's Encrypt certificate purchase order.
//
// See https://developer.dnsimple.com/v2/certificates/#issueLetsencryptCertificate
func (s *CertificatesService) IssueLetsencryptCertificate(accountID, domainIdentifier string, certificateID int64) (*certificateResponse, error) {
path := versioned(letsencryptCertificatePath(accountID, domainIdentifier, certificateID) + "/issue")
certificateResponse := &certificateResponse{}
resp, err := s.client.post(path, nil, certificateResponse)
if err != nil {
return nil, err
}
certificateResponse.HttpResponse = resp
return certificateResponse, nil
}
// PurchaseLetsencryptCertificateRenewal purchases a Let's Encrypt certificate renewal.
//
// See https://developer.dnsimple.com/v2/certificates/#purchaseRenewalLetsencryptCertificate
func (s *CertificatesService) PurchaseLetsencryptCertificateRenewal(accountID, domainIdentifier string, certificateID int64, certificateAttributes LetsencryptCertificateAttributes) (*certificateRenewalResponse, error) {
path := versioned(letsencryptCertificatePath(accountID, domainIdentifier, certificateID) + "/renewals")
certificateRenewalResponse := &certificateRenewalResponse{}
resp, err := s.client.post(path, certificateAttributes, certificateRenewalResponse)
if err != nil {
return nil, err
}
certificateRenewalResponse.HttpResponse = resp
return certificateRenewalResponse, nil
}
// IssueLetsencryptCertificateRenewal issues a pending Let's Encrypt certificate renewal order.
//
// See https://developer.dnsimple.com/v2/certificates/#issueRenewalLetsencryptCertificate
func (s *CertificatesService) IssueLetsencryptCertificateRenewal(accountID, domainIdentifier string, certificateID, certificateRenewalID int64) (*certificateResponse, error) {
path := versioned(letsencryptCertificatePath(accountID, domainIdentifier, certificateID) + fmt.Sprintf("/renewals/%d/issue", certificateRenewalID))
certificateResponse := &certificateResponse{}
resp, err := s.client.post(path, nil, certificateResponse)
if err != nil {
return nil, err
}
certificateResponse.HttpResponse = resp
return certificateResponse, nil
}

12
vendor/github.com/dnsimple/dnsimple-go/dnsimple/contacts.go generated vendored
View file

@ -14,8 +14,8 @@ type ContactsService struct {
// Contact represents a Contact in DNSimple. // Contact represents a Contact in DNSimple.
type Contact struct { type Contact struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
AccountID int `json:"account_id,omitempty"` AccountID int64 `json:"account_id,omitempty"`
Label string `json:"label,omitempty"` Label string `json:"label,omitempty"`
FirstName string `json:"first_name,omitempty"` FirstName string `json:"first_name,omitempty"`
LastName string `json:"last_name,omitempty"` LastName string `json:"last_name,omitempty"`
@ -34,7 +34,7 @@ type Contact struct {
UpdatedAt string `json:"updated_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
} }
func contactPath(accountID string, contactID int) (path string) { func contactPath(accountID string, contactID int64) (path string) {
path = fmt.Sprintf("/%v/contacts", accountID) path = fmt.Sprintf("/%v/contacts", accountID)
if contactID != 0 { if contactID != 0 {
path += fmt.Sprintf("/%v", contactID) path += fmt.Sprintf("/%v", contactID)
@ -94,7 +94,7 @@ func (s *ContactsService) CreateContact(accountID string, contactAttributes Cont
// GetContact fetches a contact. // GetContact fetches a contact.
// //
// See https://developer.dnsimple.com/v2/contacts/#get // See https://developer.dnsimple.com/v2/contacts/#get
func (s *ContactsService) GetContact(accountID string, contactID int) (*contactResponse, error) { func (s *ContactsService) GetContact(accountID string, contactID int64) (*contactResponse, error) {
path := versioned(contactPath(accountID, contactID)) path := versioned(contactPath(accountID, contactID))
contactResponse := &contactResponse{} contactResponse := &contactResponse{}
@ -110,7 +110,7 @@ func (s *ContactsService) GetContact(accountID string, contactID int) (*contactR
// UpdateContact updates a contact. // UpdateContact updates a contact.
// //
// See https://developer.dnsimple.com/v2/contacts/#update // See https://developer.dnsimple.com/v2/contacts/#update
func (s *ContactsService) UpdateContact(accountID string, contactID int, contactAttributes Contact) (*contactResponse, error) { func (s *ContactsService) UpdateContact(accountID string, contactID int64, contactAttributes Contact) (*contactResponse, error) {
path := versioned(contactPath(accountID, contactID)) path := versioned(contactPath(accountID, contactID))
contactResponse := &contactResponse{} contactResponse := &contactResponse{}
@ -126,7 +126,7 @@ func (s *ContactsService) UpdateContact(accountID string, contactID int, contact
// DeleteContact PERMANENTLY deletes a contact from the account. // DeleteContact PERMANENTLY deletes a contact from the account.
// //
// See https://developer.dnsimple.com/v2/contacts/#delete // See https://developer.dnsimple.com/v2/contacts/#delete
func (s *ContactsService) DeleteContact(accountID string, contactID int) (*contactResponse, error) { func (s *ContactsService) DeleteContact(accountID string, contactID int64) (*contactResponse, error) {
path := versioned(contactPath(accountID, contactID)) path := versioned(contactPath(accountID, contactID))
contactResponse := &contactResponse{} contactResponse := &contactResponse{}

2
vendor/github.com/dnsimple/dnsimple-go/dnsimple/dnsimple.go generated vendored
View file

@ -23,7 +23,7 @@ const (
// This is a pro-forma convention given that Go dependencies // This is a pro-forma convention given that Go dependencies
// tends to be fetched directly from the repo. // tends to be fetched directly from the repo.
// It is also used in the user-agent identify the client. // It is also used in the user-agent identify the client.
Version = "0.14.0" Version = "0.16.0"
// defaultBaseURL to the DNSimple production API. // defaultBaseURL to the DNSimple production API.
defaultBaseURL = "https://api.dnsimple.com" defaultBaseURL = "https://api.dnsimple.com"

6
vendor/github.com/dnsimple/dnsimple-go/dnsimple/domains.go generated vendored
View file

@ -14,9 +14,9 @@ type DomainsService struct {
// Domain represents a domain in DNSimple. // Domain represents a domain in DNSimple.
type Domain struct { type Domain struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
AccountID int `json:"account_id,omitempty"` AccountID int64 `json:"account_id,omitempty"`
RegistrantID int `json:"registrant_id,omitempty"` RegistrantID int64 `json:"registrant_id,omitempty"`
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
UnicodeName string `json:"unicode_name,omitempty"` UnicodeName string `json:"unicode_name,omitempty"`
Token string `json:"token,omitempty"` Token string `json:"token,omitempty"`

18
vendor/github.com/dnsimple/dnsimple-go/dnsimple/domains_collaborators.go generated vendored
View file

@ -6,10 +6,10 @@ import (
// Collaborator represents a Collaborator in DNSimple. // Collaborator represents a Collaborator in DNSimple.
type Collaborator struct { type Collaborator struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
DomainID int `json:"domain_id,omitempty"` DomainID int64 `json:"domain_id,omitempty"`
DomainName string `json:"domain_name,omitempty"` DomainName string `json:"domain_name,omitempty"`
UserID int `json:"user_id,omitempty"` UserID int64 `json:"user_id,omitempty"`
UserEmail string `json:"user_email,omitempty"` UserEmail string `json:"user_email,omitempty"`
Invitation bool `json:"invitation,omitempty"` Invitation bool `json:"invitation,omitempty"`
CreatedAt string `json:"created_at,omitempty"` CreatedAt string `json:"created_at,omitempty"`
@ -17,9 +17,9 @@ type Collaborator struct {
AcceptedAt string `json:"accepted_at,omitempty"` AcceptedAt string `json:"accepted_at,omitempty"`
} }
func collaboratorPath(accountID, domainIdentifier, collaboratorID string) (path string) { func collaboratorPath(accountID, domainIdentifier string, collaboratorID int64) (path string) {
path = fmt.Sprintf("%v/collaborators", domainPath(accountID, domainIdentifier)) path = fmt.Sprintf("%v/collaborators", domainPath(accountID, domainIdentifier))
if collaboratorID != "" { if collaboratorID != 0 {
path += fmt.Sprintf("/%v", collaboratorID) path += fmt.Sprintf("/%v", collaboratorID)
} }
return return
@ -46,7 +46,7 @@ type collaboratorsResponse struct {
// //
// See https://developer.dnsimple.com/v2/domains/collaborators#list // See https://developer.dnsimple.com/v2/domains/collaborators#list
func (s *DomainsService) ListCollaborators(accountID, domainIdentifier string, options *ListOptions) (*collaboratorsResponse, error) { func (s *DomainsService) ListCollaborators(accountID, domainIdentifier string, options *ListOptions) (*collaboratorsResponse, error) {
path := versioned(collaboratorPath(accountID, domainIdentifier, "")) path := versioned(collaboratorPath(accountID, domainIdentifier, 0))
collaboratorsResponse := &collaboratorsResponse{} collaboratorsResponse := &collaboratorsResponse{}
path, err := addURLQueryOptions(path, options) path, err := addURLQueryOptions(path, options)
@ -67,7 +67,7 @@ func (s *DomainsService) ListCollaborators(accountID, domainIdentifier string, o
// //
// See https://developer.dnsimple.com/v2/domains/collaborators#add // See https://developer.dnsimple.com/v2/domains/collaborators#add
func (s *DomainsService) AddCollaborator(accountID string, domainIdentifier string, attributes CollaboratorAttributes) (*collaboratorResponse, error) { func (s *DomainsService) AddCollaborator(accountID string, domainIdentifier string, attributes CollaboratorAttributes) (*collaboratorResponse, error) {
path := versioned(collaboratorPath(accountID, domainIdentifier, "")) path := versioned(collaboratorPath(accountID, domainIdentifier, 0))
collaboratorResponse := &collaboratorResponse{} collaboratorResponse := &collaboratorResponse{}
resp, err := s.client.post(path, attributes, collaboratorResponse) resp, err := s.client.post(path, attributes, collaboratorResponse)
@ -81,8 +81,8 @@ func (s *DomainsService) AddCollaborator(accountID string, domainIdentifier stri
// RemoveCollaborator PERMANENTLY deletes a domain from the account. // RemoveCollaborator PERMANENTLY deletes a domain from the account.
// //
// See https://developer.dnsimple.com/v2/domains/collaborators#add // See https://developer.dnsimple.com/v2/domains/collaborators#remove
func (s *DomainsService) RemoveCollaborator(accountID string, domainIdentifier string, collaboratorID string) (*collaboratorResponse, error) { func (s *DomainsService) RemoveCollaborator(accountID string, domainIdentifier string, collaboratorID int64) (*collaboratorResponse, error) {
path := versioned(collaboratorPath(accountID, domainIdentifier, collaboratorID)) path := versioned(collaboratorPath(accountID, domainIdentifier, collaboratorID))
collaboratorResponse := &collaboratorResponse{} collaboratorResponse := &collaboratorResponse{}

12
vendor/github.com/dnsimple/dnsimple-go/dnsimple/domains_delegation_signer_records.go generated vendored
View file

@ -4,8 +4,8 @@ import "fmt"
// DelegationSignerRecord represents a delegation signer record for a domain in DNSimple. // DelegationSignerRecord represents a delegation signer record for a domain in DNSimple.
type DelegationSignerRecord struct { type DelegationSignerRecord struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
DomainID int `json:"domain_id,omitempty"` DomainID int64 `json:"domain_id,omitempty"`
Algorithm string `json:"algorithm"` Algorithm string `json:"algorithm"`
Digest string `json:"digest"` Digest string `json:"digest"`
DigestType string `json:"digest_type"` DigestType string `json:"digest_type"`
@ -14,10 +14,10 @@ type DelegationSignerRecord struct {
UpdatedAt string `json:"updated_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
} }
func delegationSignerRecordPath(accountID string, domainIdentifier string, dsRecordID int) (path string) { func delegationSignerRecordPath(accountID string, domainIdentifier string, dsRecordID int64) (path string) {
path = fmt.Sprintf("%v/ds_records", domainPath(accountID, domainIdentifier)) path = fmt.Sprintf("%v/ds_records", domainPath(accountID, domainIdentifier))
if dsRecordID != 0 { if dsRecordID != 0 {
path += fmt.Sprintf("/%d", dsRecordID) path += fmt.Sprintf("/%v", dsRecordID)
} }
return return
} }
@ -74,7 +74,7 @@ func (s *DomainsService) CreateDelegationSignerRecord(accountID string, domainId
// GetDelegationSignerRecord fetches a delegation signer record. // GetDelegationSignerRecord fetches a delegation signer record.
// //
// See https://developer.dnsimple.com/v2/domains/dnssec/#ds-record-get // See https://developer.dnsimple.com/v2/domains/dnssec/#ds-record-get
func (s *DomainsService) GetDelegationSignerRecord(accountID string, domainIdentifier string, dsRecordID int) (*delegationSignerRecordResponse, error) { func (s *DomainsService) GetDelegationSignerRecord(accountID string, domainIdentifier string, dsRecordID int64) (*delegationSignerRecordResponse, error) {
path := versioned(delegationSignerRecordPath(accountID, domainIdentifier, dsRecordID)) path := versioned(delegationSignerRecordPath(accountID, domainIdentifier, dsRecordID))
dsRecordResponse := &delegationSignerRecordResponse{} dsRecordResponse := &delegationSignerRecordResponse{}
@ -91,7 +91,7 @@ func (s *DomainsService) GetDelegationSignerRecord(accountID string, domainIdent
// from the domain. // from the domain.
// //
// See https://developer.dnsimple.com/v2/domains/dnssec/#ds-record-delete // See https://developer.dnsimple.com/v2/domains/dnssec/#ds-record-delete
func (s *DomainsService) DeleteDelegationSignerRecord(accountID string, domainIdentifier string, dsRecordID int) (*delegationSignerRecordResponse, error) { func (s *DomainsService) DeleteDelegationSignerRecord(accountID string, domainIdentifier string, dsRecordID int64) (*delegationSignerRecordResponse, error) {
path := versioned(delegationSignerRecordPath(accountID, domainIdentifier, dsRecordID)) path := versioned(delegationSignerRecordPath(accountID, domainIdentifier, dsRecordID))
dsRecordResponse := &delegationSignerRecordResponse{} dsRecordResponse := &delegationSignerRecordResponse{}

4
vendor/github.com/dnsimple/dnsimple-go/dnsimple/domains_dnssec.go generated vendored
View file

@ -1,6 +1,8 @@
package dnsimple package dnsimple
import "fmt" import (
"fmt"
)
// Dnssec represents the current DNSSEC settings for a domain in DNSimple. // Dnssec represents the current DNSSEC settings for a domain in DNSimple.
type Dnssec struct { type Dnssec struct {

14
vendor/github.com/dnsimple/dnsimple-go/dnsimple/domains_email_forwards.go generated vendored
View file

@ -6,18 +6,18 @@ import (
// EmailForward represents an email forward in DNSimple. // EmailForward represents an email forward in DNSimple.
type EmailForward struct { type EmailForward struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
DomainID int `json:"domain_id,omitempty"` DomainID int64 `json:"domain_id,omitempty"`
From string `json:"from,omitempty"` From string `json:"from,omitempty"`
To string `json:"to,omitempty"` To string `json:"to,omitempty"`
CreatedAt string `json:"created_at,omitempty"` CreatedAt string `json:"created_at,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
} }
func emailForwardPath(accountID string, domainIdentifier string, forwardID int) (path string) { func emailForwardPath(accountID string, domainIdentifier string, forwardID int64) (path string) {
path = fmt.Sprintf("%v/email_forwards", domainPath(accountID, domainIdentifier)) path = fmt.Sprintf("%v/email_forwards", domainPath(accountID, domainIdentifier))
if forwardID != 0 { if forwardID != 0 {
path += fmt.Sprintf("/%d", forwardID) path += fmt.Sprintf("/%v", forwardID)
} }
return return
} }
@ -38,7 +38,7 @@ type emailForwardsResponse struct {
// //
// See https://developer.dnsimple.com/v2/domains/email-forwards/#list // See https://developer.dnsimple.com/v2/domains/email-forwards/#list
func (s *DomainsService) ListEmailForwards(accountID string, domainIdentifier string, options *ListOptions) (*emailForwardsResponse, error) { func (s *DomainsService) ListEmailForwards(accountID string, domainIdentifier string, options *ListOptions) (*emailForwardsResponse, error) {
path := versioned(emailForwardPath(accountID, domainIdentifier , 0)) path := versioned(emailForwardPath(accountID, domainIdentifier, 0))
forwardsResponse := &emailForwardsResponse{} forwardsResponse := &emailForwardsResponse{}
path, err := addURLQueryOptions(path, options) path, err := addURLQueryOptions(path, options)
@ -74,7 +74,7 @@ func (s *DomainsService) CreateEmailForward(accountID string, domainIdentifier s
// GetEmailForward fetches an email forward. // GetEmailForward fetches an email forward.
// //
// See https://developer.dnsimple.com/v2/domains/email-forwards/#get // See https://developer.dnsimple.com/v2/domains/email-forwards/#get
func (s *DomainsService) GetEmailForward(accountID string, domainIdentifier string, forwardID int) (*emailForwardResponse, error) { func (s *DomainsService) GetEmailForward(accountID string, domainIdentifier string, forwardID int64) (*emailForwardResponse, error) {
path := versioned(emailForwardPath(accountID, domainIdentifier, forwardID)) path := versioned(emailForwardPath(accountID, domainIdentifier, forwardID))
forwardResponse := &emailForwardResponse{} forwardResponse := &emailForwardResponse{}
@ -90,7 +90,7 @@ func (s *DomainsService) GetEmailForward(accountID string, domainIdentifier stri
// DeleteEmailForward PERMANENTLY deletes an email forward from the domain. // DeleteEmailForward PERMANENTLY deletes an email forward from the domain.
// //
// See https://developer.dnsimple.com/v2/domains/email-forwards/#delete // See https://developer.dnsimple.com/v2/domains/email-forwards/#delete
func (s *DomainsService) DeleteEmailForward(accountID string, domainIdentifier string, forwardID int) (*emailForwardResponse, error) { func (s *DomainsService) DeleteEmailForward(accountID string, domainIdentifier string, forwardID int64) (*emailForwardResponse, error) {
path := versioned(emailForwardPath(accountID, domainIdentifier, forwardID)) path := versioned(emailForwardPath(accountID, domainIdentifier, forwardID))
forwardResponse := &emailForwardResponse{} forwardResponse := &emailForwardResponse{}

20
vendor/github.com/dnsimple/dnsimple-go/dnsimple/domains_pushes.go generated vendored
View file

@ -6,19 +6,19 @@ import (
// DomainPush represents a domain push in DNSimple. // DomainPush represents a domain push in DNSimple.
type DomainPush struct { type DomainPush struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
DomainID int `json:"domain_id,omitempty"` DomainID int64 `json:"domain_id,omitempty"`
ContactID int `json:"contact_id,omitempty"` ContactID int64 `json:"contact_id,omitempty"`
AccountID int `json:"account_id,omitempty"` AccountID int64 `json:"account_id,omitempty"`
CreatedAt string `json:"created_at,omitempty"` CreatedAt string `json:"created_at,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
AcceptedAt string `json:"accepted_at,omitempty"` AcceptedAt string `json:"accepted_at,omitempty"`
} }
func domainPushPath(accountID string, pushID int) (path string) { func domainPushPath(accountID string, pushID int64) (path string) {
path = fmt.Sprintf("/%v/pushes", accountID) path = fmt.Sprintf("/%v/pushes", accountID)
if pushID != 0 { if pushID != 0 {
path += fmt.Sprintf("/%d", pushID) path += fmt.Sprintf("/%v", pushID)
} }
return return
} }
@ -38,13 +38,13 @@ type domainPushesResponse struct {
// DomainPushAttributes represent a domain push payload (see initiate). // DomainPushAttributes represent a domain push payload (see initiate).
type DomainPushAttributes struct { type DomainPushAttributes struct {
NewAccountEmail string `json:"new_account_email,omitempty"` NewAccountEmail string `json:"new_account_email,omitempty"`
ContactID string `json:"contact_id,omitempty"` ContactID int64 `json:"contact_id,omitempty"`
} }
// InitiatePush initiate a new domain push. // InitiatePush initiate a new domain push.
// //
// See https://developer.dnsimple.com/v2/domains/pushes/#initiate // See https://developer.dnsimple.com/v2/domains/pushes/#initiate
func (s *DomainsService) InitiatePush(accountID string, domainID string, pushAttributes DomainPushAttributes) (*domainPushResponse, error) { func (s *DomainsService) InitiatePush(accountID, domainID string, pushAttributes DomainPushAttributes) (*domainPushResponse, error) {
path := versioned(fmt.Sprintf("/%v/pushes", domainPath(accountID, domainID))) path := versioned(fmt.Sprintf("/%v/pushes", domainPath(accountID, domainID)))
pushResponse := &domainPushResponse{} pushResponse := &domainPushResponse{}
@ -81,7 +81,7 @@ func (s *DomainsService) ListPushes(accountID string, options *ListOptions) (*do
// AcceptPush accept a push for a domain. // AcceptPush accept a push for a domain.
// //
// See https://developer.dnsimple.com/v2/domains/pushes/#accept // See https://developer.dnsimple.com/v2/domains/pushes/#accept
func (s *DomainsService) AcceptPush(accountID string, pushID int, pushAttributes DomainPushAttributes) (*domainPushResponse, error) { func (s *DomainsService) AcceptPush(accountID string, pushID int64, pushAttributes DomainPushAttributes) (*domainPushResponse, error) {
path := versioned(domainPushPath(accountID, pushID)) path := versioned(domainPushPath(accountID, pushID))
pushResponse := &domainPushResponse{} pushResponse := &domainPushResponse{}
@ -97,7 +97,7 @@ func (s *DomainsService) AcceptPush(accountID string, pushID int, pushAttributes
// RejectPush reject a push for a domain. // RejectPush reject a push for a domain.
// //
// See https://developer.dnsimple.com/v2/domains/pushes/#reject // See https://developer.dnsimple.com/v2/domains/pushes/#reject
func (s *DomainsService) RejectPush(accountID string, pushID int) (*domainPushResponse, error) { func (s *DomainsService) RejectPush(accountID string, pushID int64) (*domainPushResponse, error) {
path := versioned(domainPushPath(accountID, pushID)) path := versioned(domainPushPath(accountID, pushID))
pushResponse := &domainPushResponse{} pushResponse := &domainPushResponse{}

25
vendor/github.com/dnsimple/dnsimple-go/dnsimple/registrar.go generated vendored
View file

@ -28,7 +28,7 @@ type domainCheckResponse struct {
// CheckDomain checks a domain name. // CheckDomain checks a domain name.
// //
// See https://developer.dnsimple.com/v2/registrar/#check // See https://developer.dnsimple.com/v2/registrar/#check
func (s *RegistrarService) CheckDomain(accountID, domainName string) (*domainCheckResponse, error) { func (s *RegistrarService) CheckDomain(accountID string, domainName string) (*domainCheckResponse, error) {
path := versioned(fmt.Sprintf("/%v/registrar/domains/%v/check", accountID, domainName)) path := versioned(fmt.Sprintf("/%v/registrar/domains/%v/check", accountID, domainName))
checkResponse := &domainCheckResponse{} checkResponse := &domainCheckResponse{}
@ -70,7 +70,7 @@ type DomainPremiumPriceOptions struct {
// - renewal // - renewal
// //
// See https://developer.dnsimple.com/v2/registrar/#premium-price // See https://developer.dnsimple.com/v2/registrar/#premium-price
func (s *RegistrarService) GetDomainPremiumPrice(accountID, domainName string, options *DomainPremiumPriceOptions) (*domainPremiumPriceResponse, error) { func (s *RegistrarService) GetDomainPremiumPrice(accountID string, domainName string, options *DomainPremiumPriceOptions) (*domainPremiumPriceResponse, error) {
var err error var err error
path := versioned(fmt.Sprintf("/%v/registrar/domains/%v/premium_price", accountID, domainName)) path := versioned(fmt.Sprintf("/%v/registrar/domains/%v/premium_price", accountID, domainName))
priceResponse := &domainPremiumPriceResponse{} priceResponse := &domainPremiumPriceResponse{}
@ -100,7 +100,6 @@ type DomainRegistration struct {
State string `json:"state"` State string `json:"state"`
AutoRenew bool `json:"auto_renew"` AutoRenew bool `json:"auto_renew"`
WhoisPrivacy bool `json:"whois_privacy"` WhoisPrivacy bool `json:"whois_privacy"`
PremiumPrice string `json:"premium_price"`
CreatedAt string `json:"created_at,omitempty"` CreatedAt string `json:"created_at,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
} }
@ -122,6 +121,8 @@ type DomainRegisterRequest struct {
// Set to true to enable the auto-renewal of the domain. // Set to true to enable the auto-renewal of the domain.
// Default to true. // Default to true.
EnableAutoRenewal bool `json:"auto_renew,omitempty"` EnableAutoRenewal bool `json:"auto_renew,omitempty"`
// Required as confirmation of the price, only if the domain is premium.
PremiumPrice string `json:"premium_price,omitempty"`
} }
// RegisterDomain registers a domain name. // RegisterDomain registers a domain name.
@ -150,7 +151,6 @@ type DomainTransfer struct {
State string `json:"state"` State string `json:"state"`
AutoRenew bool `json:"auto_renew"` AutoRenew bool `json:"auto_renew"`
WhoisPrivacy bool `json:"whois_privacy"` WhoisPrivacy bool `json:"whois_privacy"`
PremiumPrice string `json:"premium_price"`
CreatedAt string `json:"created_at,omitempty"` CreatedAt string `json:"created_at,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
} }
@ -175,6 +175,8 @@ type DomainTransferRequest struct {
// Set to true to enable the auto-renewal of the domain. // Set to true to enable the auto-renewal of the domain.
// Default to true. // Default to true.
EnableAutoRenewal bool `json:"auto_renew,omitempty"` EnableAutoRenewal bool `json:"auto_renew,omitempty"`
// Required as confirmation of the price, only if the domain is premium.
PremiumPrice string `json:"premium_price,omitempty"`
} }
// TransferDomain transfers a domain name. // TransferDomain transfers a domain name.
@ -219,13 +221,12 @@ func (s *RegistrarService) TransferDomainOut(accountID string, domainName string
// DomainRenewal represents the result of a domain renewal call. // DomainRenewal represents the result of a domain renewal call.
type DomainRenewal struct { type DomainRenewal struct {
ID int `json:"id"` ID int `json:"id"`
DomainID int `json:"domain_id"` DomainID int `json:"domain_id"`
Period int `json:"period"` Period int `json:"period"`
State string `json:"state"` State string `json:"state"`
PremiumPrice string `json:"premium_price"` CreatedAt string `json:"created_at,omitempty"`
CreatedAt string `json:"created_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
} }
// domainRenewalResponse represents a response from an API method that returns a domain renewal. // domainRenewalResponse represents a response from an API method that returns a domain renewal.
@ -239,6 +240,8 @@ type domainRenewalResponse struct {
type DomainRenewRequest struct { type DomainRenewRequest struct {
// The number of years // The number of years
Period int `json:"period"` Period int `json:"period"`
// Required as confirmation of the price, only if the domain is premium.
PremiumPrice string `json:"premium_price,omitempty"`
} }
// RenewDomain renews a domain name. // RenewDomain renews a domain name.

4
vendor/github.com/dnsimple/dnsimple-go/dnsimple/registrar_whois_privacy.go generated vendored
View file

@ -6,8 +6,8 @@ import (
// WhoisPrivacy represents a whois privacy in DNSimple. // WhoisPrivacy represents a whois privacy in DNSimple.
type WhoisPrivacy struct { type WhoisPrivacy struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
DomainID int `json:"domain_id,omitempty"` DomainID int64 `json:"domain_id,omitempty"`
Enabled bool `json:"enabled,omitempty"` Enabled bool `json:"enabled,omitempty"`
ExpiresOn string `json:"expires_on,omitempty"` ExpiresOn string `json:"expires_on,omitempty"`
CreatedAt string `json:"created_at,omitempty"` CreatedAt string `json:"created_at,omitempty"`

8
vendor/github.com/dnsimple/dnsimple-go/dnsimple/services.go generated vendored
View file

@ -14,7 +14,7 @@ type ServicesService struct {
// Service represents a Service in DNSimple. // Service represents a Service in DNSimple.
type Service struct { type Service struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
SID string `json:"sid,omitempty"` SID string `json:"sid,omitempty"`
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Description string `json:"description,omitempty"` Description string `json:"description,omitempty"`
@ -36,10 +36,10 @@ type ServiceSetting struct {
Password bool `json:"password,omitempty"` Password bool `json:"password,omitempty"`
} }
func servicePath(serviceID string) (path string) { func servicePath(serviceIdentifier string) (path string) {
path = "/services" path = "/services"
if serviceID != "" { if serviceIdentifier != "" {
path += fmt.Sprintf("/%v", serviceID) path += fmt.Sprintf("/%v", serviceIdentifier)
} }
return return
} }

18
vendor/github.com/dnsimple/dnsimple-go/dnsimple/services_domains.go generated vendored
View file

@ -4,11 +4,11 @@ import (
"fmt" "fmt"
) )
func domainServicesPath(accountID string, domainID string, serviceIdentifier string) string { func domainServicesPath(accountID string, domainIdentifier string, serviceIdentifier string) string {
if serviceIdentifier != "" { if serviceIdentifier != "" {
return fmt.Sprintf("/%v/domains/%v/services/%v", accountID, domainID, serviceIdentifier) return fmt.Sprintf("/%v/domains/%v/services/%v", accountID, domainIdentifier, serviceIdentifier)
} }
return fmt.Sprintf("/%v/domains/%v/services", accountID, domainID) return fmt.Sprintf("/%v/domains/%v/services", accountID, domainIdentifier)
} }
// DomainServiceSettings represents optional settings when applying a DNSimple one-click service to a domain. // DomainServiceSettings represents optional settings when applying a DNSimple one-click service to a domain.
@ -19,8 +19,8 @@ type DomainServiceSettings struct {
// AppliedServices lists the applied one-click services for a domain. // AppliedServices lists the applied one-click services for a domain.
// //
// See https://developer.dnsimple.com/v2/services/domains/#applied // See https://developer.dnsimple.com/v2/services/domains/#applied
func (s *ServicesService) AppliedServices(accountID string, domainID string, options *ListOptions) (*servicesResponse, error) { func (s *ServicesService) AppliedServices(accountID string, domainIdentifier string, options *ListOptions) (*servicesResponse, error) {
path := versioned(domainServicesPath(accountID, domainID, "")) path := versioned(domainServicesPath(accountID, domainIdentifier, ""))
servicesResponse := &servicesResponse{} servicesResponse := &servicesResponse{}
path, err := addURLQueryOptions(path, options) path, err := addURLQueryOptions(path, options)
@ -40,8 +40,8 @@ func (s *ServicesService) AppliedServices(accountID string, domainID string, opt
// ApplyService applies a one-click services to a domain. // ApplyService applies a one-click services to a domain.
// //
// See https://developer.dnsimple.com/v2/services/domains/#apply // See https://developer.dnsimple.com/v2/services/domains/#apply
func (s *ServicesService) ApplyService(accountID string, serviceIdentifier string, domainID string, settings DomainServiceSettings) (*serviceResponse, error) { func (s *ServicesService) ApplyService(accountID string, serviceIdentifier string, domainIdentifier string, settings DomainServiceSettings) (*serviceResponse, error) {
path := versioned(domainServicesPath(accountID, domainID, serviceIdentifier)) path := versioned(domainServicesPath(accountID, domainIdentifier, serviceIdentifier))
serviceResponse := &serviceResponse{} serviceResponse := &serviceResponse{}
resp, err := s.client.post(path, settings, nil) resp, err := s.client.post(path, settings, nil)
@ -56,8 +56,8 @@ func (s *ServicesService) ApplyService(accountID string, serviceIdentifier strin
// UnapplyService unapplies a one-click services from a domain. // UnapplyService unapplies a one-click services from a domain.
// //
// See https://developer.dnsimple.com/v2/services/domains/#unapply // See https://developer.dnsimple.com/v2/services/domains/#unapply
func (s *ServicesService) UnapplyService(accountID string, serviceIdentifier string, domainID string) (*serviceResponse, error) { func (s *ServicesService) UnapplyService(accountID string, serviceIdentifier string, domainIdentifier string) (*serviceResponse, error) {
path := versioned(domainServicesPath(accountID, domainID, serviceIdentifier)) path := versioned(domainServicesPath(accountID, domainIdentifier, serviceIdentifier))
serviceResponse := &serviceResponse{} serviceResponse := &serviceResponse{}
resp, err := s.client.delete(path, nil, nil) resp, err := s.client.delete(path, nil, nil)

4
vendor/github.com/dnsimple/dnsimple-go/dnsimple/templates.go generated vendored
View file

@ -14,9 +14,9 @@ type TemplatesService struct {
// Template represents a Template in DNSimple. // Template represents a Template in DNSimple.
type Template struct { type Template struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
SID string `json:"sid,omitempty"` SID string `json:"sid,omitempty"`
AccountID int `json:"account_id,omitempty"` AccountID int64 `json:"account_id,omitempty"`
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Description string `json:"description,omitempty"` Description string `json:"description,omitempty"`
CreatedAt string `json:"created_at,omitempty"` CreatedAt string `json:"created_at,omitempty"`

4
vendor/github.com/dnsimple/dnsimple-go/dnsimple/templates_domains.go generated vendored
View file

@ -7,8 +7,8 @@ import (
// ApplyTemplate applies a template to the given domain. // ApplyTemplate applies a template to the given domain.
// //
// See https://developer.dnsimple.com/v2/templates/domains/#apply // See https://developer.dnsimple.com/v2/templates/domains/#apply
func (s *TemplatesService) ApplyTemplate(accountID string, templateIdentifier string, domainID string) (*templateResponse, error) { func (s *TemplatesService) ApplyTemplate(accountID string, templateIdentifier string, domainIdentifier string) (*templateResponse, error) {
path := versioned(fmt.Sprintf("%v/templates/%v", domainPath(accountID, domainID), templateIdentifier)) path := versioned(fmt.Sprintf("%v/templates/%v", domainPath(accountID, domainIdentifier), templateIdentifier))
templateResponse := &templateResponse{} templateResponse := &templateResponse{}
resp, err := s.client.post(path, nil, nil) resp, err := s.client.post(path, nil, nil)

16
vendor/github.com/dnsimple/dnsimple-go/dnsimple/templates_records.go generated vendored
View file

@ -6,8 +6,8 @@ import (
// TemplateRecord represents a DNS record for a template in DNSimple. // TemplateRecord represents a DNS record for a template in DNSimple.
type TemplateRecord struct { type TemplateRecord struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
TemplateID int `json:"template_id,omitempty"` TemplateID int64 `json:"template_id,omitempty"`
Name string `json:"name"` Name string `json:"name"`
Content string `json:"content,omitempty"` Content string `json:"content,omitempty"`
TTL int `json:"ttl,omitempty"` TTL int `json:"ttl,omitempty"`
@ -17,8 +17,8 @@ type TemplateRecord struct {
UpdatedAt string `json:"updated_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
} }
func templateRecordPath(accountID string, templateIdentifier string, templateRecordID string) string { func templateRecordPath(accountID string, templateIdentifier string, templateRecordID int64) string {
if templateRecordID != "" { if templateRecordID != 0 {
return fmt.Sprintf("%v/records/%v", templatePath(accountID, templateIdentifier), templateRecordID) return fmt.Sprintf("%v/records/%v", templatePath(accountID, templateIdentifier), templateRecordID)
} }
@ -41,7 +41,7 @@ type templateRecordsResponse struct {
// //
// See https://developer.dnsimple.com/v2/templates/records/#list // See https://developer.dnsimple.com/v2/templates/records/#list
func (s *TemplatesService) ListTemplateRecords(accountID string, templateIdentifier string, options *ListOptions) (*templateRecordsResponse, error) { func (s *TemplatesService) ListTemplateRecords(accountID string, templateIdentifier string, options *ListOptions) (*templateRecordsResponse, error) {
path := versioned(templateRecordPath(accountID, templateIdentifier, "")) path := versioned(templateRecordPath(accountID, templateIdentifier, 0))
templateRecordsResponse := &templateRecordsResponse{} templateRecordsResponse := &templateRecordsResponse{}
path, err := addURLQueryOptions(path, options) path, err := addURLQueryOptions(path, options)
@ -62,7 +62,7 @@ func (s *TemplatesService) ListTemplateRecords(accountID string, templateIdentif
// //
// See https://developer.dnsimple.com/v2/templates/records/#create // See https://developer.dnsimple.com/v2/templates/records/#create
func (s *TemplatesService) CreateTemplateRecord(accountID string, templateIdentifier string, templateRecordAttributes TemplateRecord) (*templateRecordResponse, error) { func (s *TemplatesService) CreateTemplateRecord(accountID string, templateIdentifier string, templateRecordAttributes TemplateRecord) (*templateRecordResponse, error) {
path := versioned(templateRecordPath(accountID, templateIdentifier, "")) path := versioned(templateRecordPath(accountID, templateIdentifier, 0))
templateRecordResponse := &templateRecordResponse{} templateRecordResponse := &templateRecordResponse{}
resp, err := s.client.post(path, templateRecordAttributes, templateRecordResponse) resp, err := s.client.post(path, templateRecordAttributes, templateRecordResponse)
@ -77,7 +77,7 @@ func (s *TemplatesService) CreateTemplateRecord(accountID string, templateIdenti
// GetTemplateRecord fetches a template record. // GetTemplateRecord fetches a template record.
// //
// See https://developer.dnsimple.com/v2/templates/records/#get // See https://developer.dnsimple.com/v2/templates/records/#get
func (s *TemplatesService) GetTemplateRecord(accountID string, templateIdentifier string, templateRecordID string) (*templateRecordResponse, error) { func (s *TemplatesService) GetTemplateRecord(accountID string, templateIdentifier string, templateRecordID int64) (*templateRecordResponse, error) {
path := versioned(templateRecordPath(accountID, templateIdentifier, templateRecordID)) path := versioned(templateRecordPath(accountID, templateIdentifier, templateRecordID))
templateRecordResponse := &templateRecordResponse{} templateRecordResponse := &templateRecordResponse{}
@ -93,7 +93,7 @@ func (s *TemplatesService) GetTemplateRecord(accountID string, templateIdentifie
// DeleteTemplateRecord deletes a template record. // DeleteTemplateRecord deletes a template record.
// //
// See https://developer.dnsimple.com/v2/templates/records/#delete // See https://developer.dnsimple.com/v2/templates/records/#delete
func (s *TemplatesService) DeleteTemplateRecord(accountID string, templateIdentifier string, templateRecordID string) (*templateRecordResponse, error) { func (s *TemplatesService) DeleteTemplateRecord(accountID string, templateIdentifier string, templateRecordID int64) (*templateRecordResponse, error) {
path := versioned(templateRecordPath(accountID, templateIdentifier, templateRecordID)) path := versioned(templateRecordPath(accountID, templateIdentifier, templateRecordID))
templateRecordResponse := &templateRecordResponse{} templateRecordResponse := &templateRecordResponse{}

2
vendor/github.com/dnsimple/dnsimple-go/dnsimple/users.go generated vendored
View file

@ -2,6 +2,6 @@ package dnsimple
// User represents a DNSimple user. // User represents a DNSimple user.
type User struct { type User struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
Email string `json:"email,omitempty"` Email string `json:"email,omitempty"`
} }

14
vendor/github.com/dnsimple/dnsimple-go/dnsimple/vanity_name_server.go generated vendored
View file

@ -14,7 +14,7 @@ type VanityNameServersService struct {
// VanityNameServer represents data for a single vanity name server // VanityNameServer represents data for a single vanity name server
type VanityNameServer struct { type VanityNameServer struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
IPv4 string `json:"ipv4,omitempty"` IPv4 string `json:"ipv4,omitempty"`
IPv6 string `json:"ipv6,omitempty"` IPv6 string `json:"ipv6,omitempty"`
@ -22,8 +22,8 @@ type VanityNameServer struct {
UpdatedAt string `json:"updated_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
} }
func vanityNameServerPath(accountID string, domainID string) string { func vanityNameServerPath(accountID string, domainIdentifier string) string {
return fmt.Sprintf("/%v/vanity/%v", accountID, domainID) return fmt.Sprintf("/%v/vanity/%v", accountID, domainIdentifier)
} }
// vanityNameServerResponse represents a response for vanity name server enable and disable operations. // vanityNameServerResponse represents a response for vanity name server enable and disable operations.
@ -35,8 +35,8 @@ type vanityNameServerResponse struct {
// EnableVanityNameServers Vanity Name Servers for the given domain // EnableVanityNameServers Vanity Name Servers for the given domain
// //
// See https://developer.dnsimple.com/v2/vanity/#enable // See https://developer.dnsimple.com/v2/vanity/#enable
func (s *VanityNameServersService) EnableVanityNameServers(accountID string, domainID string) (*vanityNameServerResponse, error) { func (s *VanityNameServersService) EnableVanityNameServers(accountID string, domainIdentifier string) (*vanityNameServerResponse, error) {
path := versioned(vanityNameServerPath(accountID, domainID)) path := versioned(vanityNameServerPath(accountID, domainIdentifier))
vanityNameServerResponse := &vanityNameServerResponse{} vanityNameServerResponse := &vanityNameServerResponse{}
resp, err := s.client.put(path, nil, vanityNameServerResponse) resp, err := s.client.put(path, nil, vanityNameServerResponse)
@ -51,8 +51,8 @@ func (s *VanityNameServersService) EnableVanityNameServers(accountID string, dom
// DisableVanityNameServers Vanity Name Servers for the given domain // DisableVanityNameServers Vanity Name Servers for the given domain
// //
// See https://developer.dnsimple.com/v2/vanity/#disable // See https://developer.dnsimple.com/v2/vanity/#disable
func (s *VanityNameServersService) DisableVanityNameServers(accountID string, domainID string) (*vanityNameServerResponse, error) { func (s *VanityNameServersService) DisableVanityNameServers(accountID string, domainIdentifier string) (*vanityNameServerResponse, error) {
path := versioned(vanityNameServerPath(accountID, domainID)) path := versioned(vanityNameServerPath(accountID, domainIdentifier))
vanityNameServerResponse := &vanityNameServerResponse{} vanityNameServerResponse := &vanityNameServerResponse{}
resp, err := s.client.delete(path, nil, nil) resp, err := s.client.delete(path, nil, nil)

8
vendor/github.com/dnsimple/dnsimple-go/dnsimple/webhooks.go generated vendored
View file

@ -14,11 +14,11 @@ type WebhooksService struct {
// Webhook represents a DNSimple webhook. // Webhook represents a DNSimple webhook.
type Webhook struct { type Webhook struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
URL string `json:"url,omitempty"` URL string `json:"url,omitempty"`
} }
func webhookPath(accountID string, webhookID int) (path string) { func webhookPath(accountID string, webhookID int64) (path string) {
path = fmt.Sprintf("/%v/webhooks", accountID) path = fmt.Sprintf("/%v/webhooks", accountID)
if webhookID != 0 { if webhookID != 0 {
path = fmt.Sprintf("%v/%v", path, webhookID) path = fmt.Sprintf("%v/%v", path, webhookID)
@ -73,7 +73,7 @@ func (s *WebhooksService) CreateWebhook(accountID string, webhookAttributes Webh
// GetWebhook fetches a webhook. // GetWebhook fetches a webhook.
// //
// See https://developer.dnsimple.com/v2/webhooks#get // See https://developer.dnsimple.com/v2/webhooks#get
func (s *WebhooksService) GetWebhook(accountID string, webhookID int) (*webhookResponse, error) { func (s *WebhooksService) GetWebhook(accountID string, webhookID int64) (*webhookResponse, error) {
path := versioned(webhookPath(accountID, webhookID)) path := versioned(webhookPath(accountID, webhookID))
webhookResponse := &webhookResponse{} webhookResponse := &webhookResponse{}
@ -89,7 +89,7 @@ func (s *WebhooksService) GetWebhook(accountID string, webhookID int) (*webhookR
// DeleteWebhook PERMANENTLY deletes a webhook from the account. // DeleteWebhook PERMANENTLY deletes a webhook from the account.
// //
// See https://developer.dnsimple.com/v2/webhooks#delete // See https://developer.dnsimple.com/v2/webhooks#delete
func (s *WebhooksService) DeleteWebhook(accountID string, webhookID int) (*webhookResponse, error) { func (s *WebhooksService) DeleteWebhook(accountID string, webhookID int64) (*webhookResponse, error) {
path := versioned(webhookPath(accountID, webhookID)) path := versioned(webhookPath(accountID, webhookID))
webhookResponse := &webhookResponse{} webhookResponse := &webhookResponse{}

4
vendor/github.com/dnsimple/dnsimple-go/dnsimple/zones.go generated vendored
View file

@ -14,8 +14,8 @@ type ZonesService struct {
// Zone represents a Zone in DNSimple. // Zone represents a Zone in DNSimple.
type Zone struct { type Zone struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
AccountID int `json:"account_id,omitempty"` AccountID int64 `json:"account_id,omitempty"`
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Reverse bool `json:"reverse,omitempty"` Reverse bool `json:"reverse,omitempty"`
CreatedAt string `json:"created_at,omitempty"` CreatedAt string `json:"created_at,omitempty"`

42
vendor/github.com/dnsimple/dnsimple-go/dnsimple/zones_records.go generated vendored
View file

@ -6,9 +6,9 @@ import (
// ZoneRecord represents a DNS record in DNSimple. // ZoneRecord represents a DNS record in DNSimple.
type ZoneRecord struct { type ZoneRecord struct {
ID int `json:"id,omitempty"` ID int64 `json:"id,omitempty"`
ZoneID string `json:"zone_id,omitempty"` ZoneID string `json:"zone_id,omitempty"`
ParentID int `json:"parent_id,omitempty"` ParentID int64 `json:"parent_id,omitempty"`
Type string `json:"type,omitempty"` Type string `json:"type,omitempty"`
Name string `json:"name"` Name string `json:"name"`
Content string `json:"content,omitempty"` Content string `json:"content,omitempty"`
@ -20,10 +20,10 @@ type ZoneRecord struct {
UpdatedAt string `json:"updated_at,omitempty"` UpdatedAt string `json:"updated_at,omitempty"`
} }
func zoneRecordPath(accountID string, zoneID string, recordID int) (path string) { func zoneRecordPath(accountID string, zoneName string, recordID int64) (path string) {
path = fmt.Sprintf("/%v/zones/%v/records", accountID, zoneID) path = fmt.Sprintf("/%v/zones/%v/records", accountID, zoneName)
if recordID != 0 { if recordID != 0 {
path += fmt.Sprintf("/%d", recordID) path += fmt.Sprintf("/%v", recordID)
} }
return return
} }
@ -51,16 +51,16 @@ type ZoneRecordListOptions struct {
// Select records of given type. // Select records of given type.
// Eg. TXT, A, NS. // Eg. TXT, A, NS.
Type string `url:"record_type,omitempty"` Type string `url:"type,omitempty"`
ListOptions ListOptions
} }
// ListRecords lists the zone records for a zone. // ListRecords lists the zone records for a zone.
// //
// See https://developer.dnsimple.com/v2/zones/#list // See https://developer.dnsimple.com/v2/zones/records/#listZoneRecords
func (s *ZonesService) ListRecords(accountID string, zoneID string, options *ZoneRecordListOptions) (*zoneRecordsResponse, error) { func (s *ZonesService) ListRecords(accountID string, zoneName string, options *ZoneRecordListOptions) (*zoneRecordsResponse, error) {
path := versioned(zoneRecordPath(accountID, zoneID, 0)) path := versioned(zoneRecordPath(accountID, zoneName, 0))
recordsResponse := &zoneRecordsResponse{} recordsResponse := &zoneRecordsResponse{}
path, err := addURLQueryOptions(path, options) path, err := addURLQueryOptions(path, options)
@ -79,9 +79,9 @@ func (s *ZonesService) ListRecords(accountID string, zoneID string, options *Zon
// CreateRecord creates a zone record. // CreateRecord creates a zone record.
// //
// See https://developer.dnsimple.com/v2/zones/#create // See https://developer.dnsimple.com/v2/zones/records/#createZoneRecord
func (s *ZonesService) CreateRecord(accountID string, zoneID string, recordAttributes ZoneRecord) (*zoneRecordResponse, error) { func (s *ZonesService) CreateRecord(accountID string, zoneName string, recordAttributes ZoneRecord) (*zoneRecordResponse, error) {
path := versioned(zoneRecordPath(accountID, zoneID, 0)) path := versioned(zoneRecordPath(accountID, zoneName, 0))
recordResponse := &zoneRecordResponse{} recordResponse := &zoneRecordResponse{}
resp, err := s.client.post(path, recordAttributes, recordResponse) resp, err := s.client.post(path, recordAttributes, recordResponse)
@ -95,9 +95,9 @@ func (s *ZonesService) CreateRecord(accountID string, zoneID string, recordAttri
// GetRecord fetches a zone record. // GetRecord fetches a zone record.
// //
// See https://developer.dnsimple.com/v2/zones/#get // See https://developer.dnsimple.com/v2/zones/records/#getZoneRecord
func (s *ZonesService) GetRecord(accountID string, zoneID string, recordID int) (*zoneRecordResponse, error) { func (s *ZonesService) GetRecord(accountID string, zoneName string, recordID int64) (*zoneRecordResponse, error) {
path := versioned(zoneRecordPath(accountID, zoneID, recordID)) path := versioned(zoneRecordPath(accountID, zoneName, recordID))
recordResponse := &zoneRecordResponse{} recordResponse := &zoneRecordResponse{}
resp, err := s.client.get(path, recordResponse) resp, err := s.client.get(path, recordResponse)
@ -111,9 +111,9 @@ func (s *ZonesService) GetRecord(accountID string, zoneID string, recordID int)
// UpdateRecord updates a zone record. // UpdateRecord updates a zone record.
// //
// See https://developer.dnsimple.com/v2/zones/#update // See https://developer.dnsimple.com/v2/zones/records/#updateZoneRecord
func (s *ZonesService) UpdateRecord(accountID string, zoneID string, recordID int, recordAttributes ZoneRecord) (*zoneRecordResponse, error) { func (s *ZonesService) UpdateRecord(accountID string, zoneName string, recordID int64, recordAttributes ZoneRecord) (*zoneRecordResponse, error) {
path := versioned(zoneRecordPath(accountID, zoneID, recordID)) path := versioned(zoneRecordPath(accountID, zoneName, recordID))
recordResponse := &zoneRecordResponse{} recordResponse := &zoneRecordResponse{}
resp, err := s.client.patch(path, recordAttributes, recordResponse) resp, err := s.client.patch(path, recordAttributes, recordResponse)
@ -127,9 +127,9 @@ func (s *ZonesService) UpdateRecord(accountID string, zoneID string, recordID in
// DeleteRecord PERMANENTLY deletes a zone record from the zone. // DeleteRecord PERMANENTLY deletes a zone record from the zone.
// //
// See https://developer.dnsimple.com/v2/zones/#delete // See https://developer.dnsimple.com/v2/zones/records/#deleteZoneRecord
func (s *ZonesService) DeleteRecord(accountID string, zoneID string, recordID int) (*zoneRecordResponse, error) { func (s *ZonesService) DeleteRecord(accountID string, zoneName string, recordID int64) (*zoneRecordResponse, error) {
path := versioned(zoneRecordPath(accountID, zoneID, recordID)) path := versioned(zoneRecordPath(accountID, zoneName, recordID))
recordResponse := &zoneRecordResponse{} recordResponse := &zoneRecordResponse{}
resp, err := s.client.delete(path, nil, nil) resp, err := s.client.delete(path, nil, nil)

17
vendor/github.com/ovh/go-ovh/ovh/configuration.go generated vendored
View file

@ -19,11 +19,18 @@ var (
// currentUserHome attempts to get current user's home directory // currentUserHome attempts to get current user's home directory
func currentUserHome() (string, error) { func currentUserHome() (string, error) {
userHome := ""
usr, err := user.Current() usr, err := user.Current()
if err != nil { if err != nil {
return "", err // Fallback by trying to read $HOME
userHome = os.Getenv("HOME")
if userHome != "" {
err = nil
}
} else {
userHome = usr.HomeDir
} }
return usr.HomeDir, nil return userHome, nil
} }
// appendConfigurationFile only if it exists. We need to do this because // appendConfigurationFile only if it exists. We need to do this because
@ -88,13 +95,13 @@ func (c *Client) loadConfig(endpointName string) error {
// If we still have no valid endpoint, AppKey or AppSecret, return an error // If we still have no valid endpoint, AppKey or AppSecret, return an error
if c.endpoint == "" { if c.endpoint == "" {
return fmt.Errorf("Unknown endpoint '%s'. Consider checking 'Endpoints' list of using an URL.", endpointName) return fmt.Errorf("unknown endpoint '%s', consider checking 'Endpoints' list of using an URL", endpointName)
} }
if c.AppKey == "" { if c.AppKey == "" {
return fmt.Errorf("Missing application key. Please check your configuration or consult the documentation to create one.") return fmt.Errorf("missing application key, please check your configuration or consult the documentation to create one")
} }
if c.AppSecret == "" { if c.AppSecret == "" {
return fmt.Errorf("Missing application secret. Please check your configuration or consult the documentation to create one.") return fmt.Errorf("missing application secret, please check your configuration or consult the documentation to create one")
} }
return nil return nil

131
vendor/github.com/ovh/go-ovh/ovh/ovh.go generated vendored
View file

@ -21,6 +21,7 @@ const DefaultTimeout = 180 * time.Second
const ( const (
OvhEU = "https://eu.api.ovh.com/1.0" OvhEU = "https://eu.api.ovh.com/1.0"
OvhCA = "https://ca.api.ovh.com/1.0" OvhCA = "https://ca.api.ovh.com/1.0"
OvhUS = "https://api.ovh.us/1.0"
KimsufiEU = "https://eu.api.kimsufi.com/1.0" KimsufiEU = "https://eu.api.kimsufi.com/1.0"
KimsufiCA = "https://ca.api.kimsufi.com/1.0" KimsufiCA = "https://ca.api.kimsufi.com/1.0"
SoyoustartEU = "https://eu.api.soyoustart.com/1.0" SoyoustartEU = "https://eu.api.soyoustart.com/1.0"
@ -32,6 +33,7 @@ const (
var Endpoints = map[string]string{ var Endpoints = map[string]string{
"ovh-eu": OvhEU, "ovh-eu": OvhEU,
"ovh-ca": OvhCA, "ovh-ca": OvhCA,
"ovh-us": OvhUS,
"kimsufi-eu": KimsufiEU, "kimsufi-eu": KimsufiEU,
"kimsufi-ca": KimsufiCA, "kimsufi-ca": KimsufiCA,
"soyoustart-eu": SoyoustartEU, "soyoustart-eu": SoyoustartEU,
@ -170,39 +172,6 @@ func (c *Client) DeleteUnAuth(url string, resType interface{}) error {
return c.CallAPI("DELETE", url, nil, resType, false) return c.CallAPI("DELETE", url, nil, resType, false)
} }
//
// Low level API access
//
// getResult check the response and unmarshals it into the response type if needed.
// Helper function, called from CallAPI.
func (c *Client) getResponse(response *http.Response, resType interface{}) error {
// Read all the response body
defer response.Body.Close()
body, err := ioutil.ReadAll(response.Body)
if err != nil {
return err
}
// < 200 && >= 300 : API error
if response.StatusCode < http.StatusOK || response.StatusCode >= http.StatusMultipleChoices {
apiError := &APIError{Code: response.StatusCode}
if err = json.Unmarshal(body, apiError); err != nil {
apiError.Message = string(body)
}
apiError.QueryID = response.Header.Get("X-Ovh-QueryID")
return apiError
}
// Nothing to unmarshal
if len(body) == 0 || resType == nil {
return nil
}
return json.Unmarshal(body, &resType)
}
// timeDelta returns the time delta between the host and the remote API // timeDelta returns the time delta between the host and the remote API
func (c *Client) getTimeDelta() (time.Duration, error) { func (c *Client) getTimeDelta() (time.Duration, error) {
@ -210,6 +179,9 @@ func (c *Client) getTimeDelta() (time.Duration, error) {
// Ensure only one thread is updating // Ensure only one thread is updating
c.timeDeltaMutex.Lock() c.timeDeltaMutex.Lock()
// Ensure that the mutex will be released on return
defer c.timeDeltaMutex.Unlock()
// Did we wait ? Maybe no more needed // Did we wait ? Maybe no more needed
if !c.timeDeltaDone { if !c.timeDeltaDone {
ovhTime, err := c.getTime() ovhTime, err := c.getTime()
@ -220,7 +192,6 @@ func (c *Client) getTimeDelta() (time.Duration, error) {
c.timeDelta = time.Since(*ovhTime) c.timeDelta = time.Since(*ovhTime)
c.timeDeltaDone = true c.timeDeltaDone = true
} }
c.timeDeltaMutex.Unlock()
} }
return c.timeDelta, nil return c.timeDelta, nil
@ -251,39 +222,22 @@ var getEndpointForSignature = func(c *Client) string {
return c.endpoint return c.endpoint
} }
// CallAPI is the lowest level call helper. If needAuth is true, // NewRequest returns a new HTTP request
// inject authentication headers and sign the request. func (c *Client) NewRequest(method, path string, reqBody interface{}, needAuth bool) (*http.Request, error) {
//
// Request signature is a sha1 hash on following fields, joined by '+':
// - applicationSecret (from Client instance)
// - consumerKey (from Client instance)
// - capitalized method (from arguments)
// - full request url, including any query string argument
// - full serialized request body
// - server current time (takes time delta into account)
//
// Call will automatically assemble the target url from the endpoint
// configured in the client instance and the path argument. If the reqBody
// argument is not nil, it will also serialize it as json and inject
// the required Content-Type header.
//
// If everyrthing went fine, unmarshall response into resType and return nil
// otherwise, return the error
func (c *Client) CallAPI(method, path string, reqBody, resType interface{}, needAuth bool) error {
var body []byte var body []byte
var err error var err error
if reqBody != nil { if reqBody != nil {
body, err = json.Marshal(reqBody) body, err = json.Marshal(reqBody)
if err != nil { if err != nil {
return err return nil, err
} }
} }
target := fmt.Sprintf("%s%s", c.endpoint, path) target := fmt.Sprintf("%s%s", c.endpoint, path)
req, err := http.NewRequest(method, target, bytes.NewReader(body)) req, err := http.NewRequest(method, target, bytes.NewReader(body))
if err != nil { if err != nil {
return err return nil, err
} }
// Inject headers // Inject headers
@ -298,7 +252,7 @@ func (c *Client) CallAPI(method, path string, reqBody, resType interface{}, need
if needAuth { if needAuth {
timeDelta, err := c.TimeDelta() timeDelta, err := c.TimeDelta()
if err != nil { if err != nil {
return err return nil, err
} }
timestamp := getLocalTime().Add(-timeDelta).Unix() timestamp := getLocalTime().Add(-timeDelta).Unix()
@ -321,12 +275,71 @@ func (c *Client) CallAPI(method, path string, reqBody, resType interface{}, need
// Send the request with requested timeout // Send the request with requested timeout
c.Client.Timeout = c.Timeout c.Client.Timeout = c.Timeout
response, err := c.Client.Do(req)
return req, nil
}
// Do sends an HTTP request and returns an HTTP response
func (c *Client) Do(req *http.Request) (*http.Response, error) {
return c.Client.Do(req)
}
// CallAPI is the lowest level call helper. If needAuth is true,
// inject authentication headers and sign the request.
//
// Request signature is a sha1 hash on following fields, joined by '+':
// - applicationSecret (from Client instance)
// - consumerKey (from Client instance)
// - capitalized method (from arguments)
// - full request url, including any query string argument
// - full serialized request body
// - server current time (takes time delta into account)
//
// Call will automatically assemble the target url from the endpoint
// configured in the client instance and the path argument. If the reqBody
// argument is not nil, it will also serialize it as json and inject
// the required Content-Type header.
//
// If everything went fine, unmarshall response into resType and return nil
// otherwise, return the error
func (c *Client) CallAPI(method, path string, reqBody, resType interface{}, needAuth bool) error {
req, err := c.NewRequest(method, path, reqBody, needAuth)
if err != nil {
return err
}
response, err := c.Do(req)
if err != nil {
return err
}
return c.UnmarshalResponse(response, resType)
}
// UnmarshalResponse checks the response and unmarshals it into the response
// type if needed Helper function, called from CallAPI
func (c *Client) UnmarshalResponse(response *http.Response, resType interface{}) error {
// Read all the response body
defer response.Body.Close()
body, err := ioutil.ReadAll(response.Body)
if err != nil { if err != nil {
return err return err
} }
// Unmarshal the result into the resType if possible // < 200 && >= 300 : API error
return c.getResponse(response, resType) if response.StatusCode < http.StatusOK || response.StatusCode >= http.StatusMultipleChoices {
apiError := &APIError{Code: response.StatusCode}
if err = json.Unmarshal(body, apiError); err != nil {
apiError.Message = string(body)
}
apiError.QueryID = response.Header.Get("X-Ovh-QueryID")
return apiError
}
// Nothing to unmarshal
if len(body) == 0 || resType == nil {
return nil
}
return json.Unmarshal(body, &resType)
} }

2
vendor/github.com/vulcand/oxy/buffer/buffer.go generated vendored
View file

@ -199,7 +199,7 @@ func (b *Buffer) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if log.GetLevel() >= log.DebugLevel { if log.GetLevel() >= log.DebugLevel {
logEntry := log.WithField("Request", utils.DumpHttpRequest(req)) logEntry := log.WithField("Request", utils.DumpHttpRequest(req))
logEntry.Debug("vulcand/oxy/buffer: begin ServeHttp on request") logEntry.Debug("vulcand/oxy/buffer: begin ServeHttp on request")
defer logEntry.Debug("vulcand/oxy/buffer: competed ServeHttp on request") defer logEntry.Debug("vulcand/oxy/buffer: completed ServeHttp on request")
} }
if err := b.checkLimit(req); err != nil { if err := b.checkLimit(req); err != nil {

2
vendor/github.com/vulcand/oxy/cbreaker/cbreaker.go generated vendored
View file

@ -103,7 +103,7 @@ func (c *CircuitBreaker) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if log.GetLevel() >= log.DebugLevel { if log.GetLevel() >= log.DebugLevel {
logEntry := log.WithField("Request", utils.DumpHttpRequest(req)) logEntry := log.WithField("Request", utils.DumpHttpRequest(req))
logEntry.Debug("vulcand/oxy/circuitbreaker: begin ServeHttp on request") logEntry.Debug("vulcand/oxy/circuitbreaker: begin ServeHttp on request")
defer logEntry.Debug("vulcand/oxy/circuitbreaker: competed ServeHttp on request") defer logEntry.Debug("vulcand/oxy/circuitbreaker: completed ServeHttp on request")
} }
if c.activateFallback(w, req) { if c.activateFallback(w, req) {
c.fallback.ServeHTTP(w, req) c.fallback.ServeHTTP(w, req)

4
vendor/github.com/vulcand/oxy/cbreaker/fallback.go generated vendored
View file

@ -31,7 +31,7 @@ func (f *ResponseFallback) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if log.GetLevel() >= log.DebugLevel { if log.GetLevel() >= log.DebugLevel {
logEntry := log.WithField("Request", utils.DumpHttpRequest(req)) logEntry := log.WithField("Request", utils.DumpHttpRequest(req))
logEntry.Debug("vulcand/oxy/fallback/response: begin ServeHttp on request") logEntry.Debug("vulcand/oxy/fallback/response: begin ServeHttp on request")
defer logEntry.Debug("vulcand/oxy/fallback/response: competed ServeHttp on request") defer logEntry.Debug("vulcand/oxy/fallback/response: completed ServeHttp on request")
} }
if f.r.ContentType != "" { if f.r.ContentType != "" {
@ -67,7 +67,7 @@ func (f *RedirectFallback) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if log.GetLevel() >= log.DebugLevel { if log.GetLevel() >= log.DebugLevel {
logEntry := log.WithField("Request", utils.DumpHttpRequest(req)) logEntry := log.WithField("Request", utils.DumpHttpRequest(req))
logEntry.Debug("vulcand/oxy/fallback/redirect: begin ServeHttp on request") logEntry.Debug("vulcand/oxy/fallback/redirect: begin ServeHttp on request")
defer logEntry.Debug("vulcand/oxy/fallback/redirect: competed ServeHttp on request") defer logEntry.Debug("vulcand/oxy/fallback/redirect: completed ServeHttp on request")
} }
location := f.u.String() location := f.u.String()

2
vendor/github.com/vulcand/oxy/connlimit/connlimit.go generated vendored
View file

@ -110,7 +110,7 @@ func (e *ConnErrHandler) ServeHTTP(w http.ResponseWriter, req *http.Request, err
if log.GetLevel() >= log.DebugLevel { if log.GetLevel() >= log.DebugLevel {
logEntry := log.WithField("Request", utils.DumpHttpRequest(req)) logEntry := log.WithField("Request", utils.DumpHttpRequest(req))
logEntry.Debug("vulcand/oxy/connlimit: begin ServeHttp on request") logEntry.Debug("vulcand/oxy/connlimit: begin ServeHttp on request")
defer logEntry.Debug("vulcand/oxy/connlimit: competed ServeHttp on request") defer logEntry.Debug("vulcand/oxy/connlimit: completed ServeHttp on request")
} }
if _, ok := err.(*MaxConnError); ok { if _, ok := err.(*MaxConnError); ok {

16
vendor/github.com/vulcand/oxy/forward/fwd.go generated vendored
View file

@ -302,7 +302,7 @@ func (f *httpForwarder) serveWebSocket(w http.ResponseWriter, req *http.Request,
if f.log.GetLevel() >= log.DebugLevel { if f.log.GetLevel() >= log.DebugLevel {
logEntry := f.log.WithField("Request", utils.DumpHttpRequest(req)) logEntry := f.log.WithField("Request", utils.DumpHttpRequest(req))
logEntry.Debug("vulcand/oxy/forward/websocket: begin ServeHttp on request") logEntry.Debug("vulcand/oxy/forward/websocket: begin ServeHttp on request")
defer logEntry.Debug("vulcand/oxy/forward/websocket: competed ServeHttp on request") defer logEntry.Debug("vulcand/oxy/forward/websocket: completed ServeHttp on request")
} }
outReq := f.copyWebSocketRequest(req) outReq := f.copyWebSocketRequest(req)
@ -351,6 +351,7 @@ func (f *httpForwarder) serveWebSocket(w http.ResponseWriter, req *http.Request,
}} }}
utils.RemoveHeaders(resp.Header, WebsocketUpgradeHeaders...) utils.RemoveHeaders(resp.Header, WebsocketUpgradeHeaders...)
utils.CopyHeaders(resp.Header, w.Header())
underlyingConn, err := upgrader.Upgrade(w, req, resp.Header) underlyingConn, err := upgrader.Upgrade(w, req, resp.Header)
if err != nil { if err != nil {
@ -370,11 +371,20 @@ func (f *httpForwarder) serveWebSocket(w http.ResponseWriter, req *http.Request,
m := websocket.FormatCloseMessage(websocket.CloseNormalClosure, fmt.Sprintf("%v", err)) m := websocket.FormatCloseMessage(websocket.CloseNormalClosure, fmt.Sprintf("%v", err))
if e, ok := err.(*websocket.CloseError); ok { if e, ok := err.(*websocket.CloseError); ok {
if e.Code != websocket.CloseNoStatusReceived { if e.Code != websocket.CloseNoStatusReceived {
m = websocket.FormatCloseMessage(e.Code, e.Text) m = nil
// Following codes are not valid on the wire so just close the
// underlying TCP connection without sending a close frame.
if e.Code != websocket.CloseAbnormalClosure &&
e.Code != websocket.CloseTLSHandshake {
m = websocket.FormatCloseMessage(e.Code, e.Text)
}
} }
} }
errc <- err errc <- err
dst.WriteMessage(websocket.CloseMessage, m) if m != nil {
dst.WriteMessage(websocket.CloseMessage, m)
}
break break
} }
err = dst.WriteMessage(msgType, msg) err = dst.WriteMessage(msgType, msg)

2
vendor/github.com/vulcand/oxy/roundrobin/rebalancer.go generated vendored
View file

@ -145,7 +145,7 @@ func (rb *Rebalancer) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if log.GetLevel() >= log.DebugLevel { if log.GetLevel() >= log.DebugLevel {
logEntry := log.WithField("Request", utils.DumpHttpRequest(req)) logEntry := log.WithField("Request", utils.DumpHttpRequest(req))
logEntry.Debug("vulcand/oxy/roundrobin/rebalancer: begin ServeHttp on request") logEntry.Debug("vulcand/oxy/roundrobin/rebalancer: begin ServeHttp on request")
defer logEntry.Debug("vulcand/oxy/roundrobin/rebalancer: competed ServeHttp on request") defer logEntry.Debug("vulcand/oxy/roundrobin/rebalancer: completed ServeHttp on request")
} }
pw := utils.NewSimpleProxyWriter(w) pw := utils.NewSimpleProxyWriter(w)

2
vendor/github.com/vulcand/oxy/roundrobin/rr.go generated vendored
View file

@ -84,7 +84,7 @@ func (r *RoundRobin) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if log.GetLevel() >= log.DebugLevel { if log.GetLevel() >= log.DebugLevel {
logEntry := log.WithField("Request", utils.DumpHttpRequest(req)) logEntry := log.WithField("Request", utils.DumpHttpRequest(req))
logEntry.Debug("vulcand/oxy/roundrobin/rr: begin ServeHttp on request") logEntry.Debug("vulcand/oxy/roundrobin/rr: begin ServeHttp on request")
defer logEntry.Debug("vulcand/oxy/roundrobin/rr: competed ServeHttp on request") defer logEntry.Debug("vulcand/oxy/roundrobin/rr: completed ServeHttp on request")
} }
// make shallow copy of request before chaning anything to avoid side effects // make shallow copy of request before chaning anything to avoid side effects

6
vendor/github.com/xenolf/lego/acmev2/challenges.go → vendor/github.com/xenolf/lego/acme/challenges.go generated vendored
View file

@ -1,13 +1,13 @@
package acmev2 package acme
// Challenge is a string that identifies a particular type and version of ACME challenge. // Challenge is a string that identifies a particular type and version of ACME challenge.
type Challenge string type Challenge string
const ( const (
// HTTP01 is the "http-01" ACME challenge https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acmev2.md#http // HTTP01 is the "http-01" ACME challenge https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md#http
// Note: HTTP01ChallengePath returns the URL path to fulfill this challenge // Note: HTTP01ChallengePath returns the URL path to fulfill this challenge
HTTP01 = Challenge("http-01") HTTP01 = Challenge("http-01")
// DNS01 is the "dns-01" ACME challenge https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acmev2.md#dns // DNS01 is the "dns-01" ACME challenge https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md#dns
// Note: DNS01Record returns a DNS record which will fulfill this challenge // Note: DNS01Record returns a DNS record which will fulfill this challenge
DNS01 = Challenge("dns-01") DNS01 = Challenge("dns-01")
) )

176
vendor/github.com/xenolf/lego/acmev2/client.go → vendor/github.com/xenolf/lego/acme/client.go generated vendored
View file

@ -1,5 +1,5 @@
// package acmev2 implements the ACME protocol for Let's Encrypt and other conforming providers. // Package acme implements the ACME protocol for Let's Encrypt and other conforming providers.
package acmev2 package acme
import ( import (
"crypto" "crypto"
@ -8,17 +8,13 @@ import (
"errors" "errors"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log"
"net" "net"
"regexp" "regexp"
"strconv" "strconv"
"strings" "strings"
"time" "time"
)
var ( "github.com/xenolf/lego/log"
// Logger is an optional custom logger.
Logger *log.Logger
) )
const ( const (
@ -31,16 +27,6 @@ const (
overallRequestLimit = 18 overallRequestLimit = 18
) )
// logf writes a log entry. It uses Logger if not
// nil, otherwise it uses the default log.Logger.
func logf(format string, args ...interface{}) {
if Logger != nil {
Logger.Printf(format, args...)
} else {
log.Printf(format, args...)
}
}
// User interface is to be implemented by users of this library. // User interface is to be implemented by users of this library.
// It is used by the client type to get user specific information. // It is used by the client type to get user specific information.
type User interface { type User interface {
@ -86,9 +72,6 @@ func NewClient(caDirURL string, user User, keyType KeyType) (*Client, error) {
if dir.NewOrderURL == "" { if dir.NewOrderURL == "" {
return nil, errors.New("directory missing new order URL") return nil, errors.New("directory missing new order URL")
} }
/*if dir.RevokeCertURL == "" {
return nil, errors.New("directory missing revoke certificate URL")
}*/
jws := &jws{privKey: privKey, getNonceURL: dir.NewNonceURL} jws := &jws{privKey: privKey, getNonceURL: dir.NewNonceURL}
if reg := user.GetRegistration(); reg != nil { if reg := user.GetRegistration(); reg != nil {
@ -149,12 +132,17 @@ func (c *Client) GetToSURL() string {
return c.directory.Meta.TermsOfService return c.directory.Meta.TermsOfService
} }
// GetExternalAccountRequired returns the External Account Binding requirement of the Directory
func (c *Client) GetExternalAccountRequired() bool {
return c.directory.Meta.ExternalAccountRequired
}
// Register the current account to the ACME server. // Register the current account to the ACME server.
func (c *Client) Register(tosAgreed bool) (*RegistrationResource, error) { func (c *Client) Register(tosAgreed bool) (*RegistrationResource, error) {
if c == nil || c.user == nil { if c == nil || c.user == nil {
return nil, errors.New("acme: cannot register a nil client or user") return nil, errors.New("acme: cannot register a nil client or user")
} }
logf("[INFO] acme: Registering account for %s", c.user.GetEmail()) log.Printf("[INFO] acme: Registering account for %s", c.user.GetEmail())
accMsg := accountMessage{} accMsg := accountMessage{}
if c.user.GetEmail() != "" { if c.user.GetEmail() != "" {
@ -183,10 +171,58 @@ func (c *Client) Register(tosAgreed bool) (*RegistrationResource, error) {
return reg, nil return reg, nil
} }
// RegisterWithExternalAccountBinding Register the current account to the ACME server.
func (c *Client) RegisterWithExternalAccountBinding(tosAgreed bool, kid string, hmacEncoded string) (*RegistrationResource, error) {
if c == nil || c.user == nil {
return nil, errors.New("acme: cannot register a nil client or user")
}
log.Printf("[INFO] acme: Registering account (EAB) for %s", c.user.GetEmail())
accMsg := accountMessage{}
if c.user.GetEmail() != "" {
accMsg.Contact = []string{"mailto:" + c.user.GetEmail()}
} else {
accMsg.Contact = []string{}
}
accMsg.TermsOfServiceAgreed = tosAgreed
hmac, err := base64.RawURLEncoding.DecodeString(hmacEncoded)
if err != nil {
return nil, fmt.Errorf("acme: could not decode hmac key: %s", err.Error())
}
eabJWS, err := c.jws.signEABContent(c.directory.NewAccountURL, kid, hmac)
if err != nil {
return nil, fmt.Errorf("acme: error signing eab content: %s", err.Error())
}
eabPayload := eabJWS.FullSerialize()
accMsg.ExternalAccountBinding = []byte(eabPayload)
var serverReg accountMessage
hdr, err := postJSON(c.jws, c.directory.NewAccountURL, accMsg, &serverReg)
if err != nil {
remoteErr, ok := err.(RemoteError)
if ok && remoteErr.StatusCode == 409 {
} else {
return nil, err
}
}
reg := &RegistrationResource{
URI: hdr.Get("Location"),
Body: serverReg,
}
c.jws.kid = reg.URI
return reg, nil
}
// ResolveAccountByKey will attempt to look up an account using the given account key // ResolveAccountByKey will attempt to look up an account using the given account key
// and return its registration resource. // and return its registration resource.
func (c *Client) ResolveAccountByKey() (*RegistrationResource, error) { func (c *Client) ResolveAccountByKey() (*RegistrationResource, error) {
logf("[INFO] acme: Trying to resolve account by key") log.Printf("[INFO] acme: Trying to resolve account by key")
acc := accountMessage{OnlyReturnExisting: true} acc := accountMessage{OnlyReturnExisting: true}
hdr, err := postJSON(c.jws, c.directory.NewAccountURL, acc, nil) hdr, err := postJSON(c.jws, c.directory.NewAccountURL, acc, nil)
@ -201,7 +237,7 @@ func (c *Client) ResolveAccountByKey() (*RegistrationResource, error) {
var retAccount accountMessage var retAccount accountMessage
c.jws.kid = accountLink c.jws.kid = accountLink
hdr, err = postJSON(c.jws, accountLink, accountMessage{}, &retAccount) _, err = postJSON(c.jws, accountLink, accountMessage{}, &retAccount)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -215,18 +251,14 @@ func (c *Client) DeleteRegistration() error {
if c == nil || c.user == nil { if c == nil || c.user == nil {
return errors.New("acme: cannot unregister a nil client or user") return errors.New("acme: cannot unregister a nil client or user")
} }
logf("[INFO] acme: Deleting account for %s", c.user.GetEmail()) log.Printf("[INFO] acme: Deleting account for %s", c.user.GetEmail())
accMsg := accountMessage{ accMsg := accountMessage{
Status: "deactivated", Status: "deactivated",
} }
_, err := postJSON(c.jws, c.user.GetRegistration().URI, accMsg, nil) _, err := postJSON(c.jws, c.user.GetRegistration().URI, accMsg, nil)
if err != nil { return err
return err
}
return nil
} }
// QueryRegistration runs a POST request on the client's registration and // QueryRegistration runs a POST request on the client's registration and
@ -239,7 +271,7 @@ func (c *Client) QueryRegistration() (*RegistrationResource, error) {
return nil, errors.New("acme: cannot query the registration of a nil client or user") return nil, errors.New("acme: cannot query the registration of a nil client or user")
} }
// Log the URL here instead of the email as the email may not be set // Log the URL here instead of the email as the email may not be set
logf("[INFO] acme: Querying account for %s", c.user.GetRegistration().URI) log.Printf("[INFO] acme: Querying account for %s", c.user.GetRegistration().URI)
accMsg := accountMessage{} accMsg := accountMessage{}
@ -265,7 +297,7 @@ func (c *Client) QueryRegistration() (*RegistrationResource, error) {
// your issued certificate as a bundle. // your issued certificate as a bundle.
// This function will never return a partial certificate. If one domain in the list fails, // This function will never return a partial certificate. If one domain in the list fails,
// the whole certificate will fail. // the whole certificate will fail.
func (c *Client) ObtainCertificateForCSR(csr x509.CertificateRequest, bundle bool) (CertificateResource, error) { func (c *Client) ObtainCertificateForCSR(csr x509.CertificateRequest, bundle bool) (*CertificateResource, error) {
// figure out what domains it concerns // figure out what domains it concerns
// start with the common name // start with the common name
domains := []string{csr.Subject.CommonName} domains := []string{csr.Subject.CommonName}
@ -285,14 +317,14 @@ DNSNames:
} }
if bundle { if bundle {
logf("[INFO][%s] acme: Obtaining bundled SAN certificate given a CSR", strings.Join(domains, ", ")) log.Printf("[INFO][%s] acme: Obtaining bundled SAN certificate given a CSR", strings.Join(domains, ", "))
} else { } else {
logf("[INFO][%s] acme: Obtaining SAN certificate given a CSR", strings.Join(domains, ", ")) log.Printf("[INFO][%s] acme: Obtaining SAN certificate given a CSR", strings.Join(domains, ", "))
} }
order, err := c.createOrderForIdentifiers(domains) order, err := c.createOrderForIdentifiers(domains)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
authz, err := c.getAuthzForOrder(order) authz, err := c.getAuthzForOrder(order)
if err != nil { if err != nil {
@ -300,16 +332,16 @@ DNSNames:
/*for _, auth := range authz { /*for _, auth := range authz {
c.disableAuthz(auth) c.disableAuthz(auth)
}*/ }*/
return CertificateResource{}, err return nil, err
} }
err = c.solveChallengeForAuthz(authz) err = c.solveChallengeForAuthz(authz)
if err != nil { if err != nil {
// If any challenge fails, return. Do not generate partial SAN certificates. // If any challenge fails, return. Do not generate partial SAN certificates.
return CertificateResource{}, err return nil, err
} }
logf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", ")) log.Printf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", "))
failures := make(ObtainError) failures := make(ObtainError)
cert, err := c.requestCertificateForCsr(order, bundle, csr.Raw, nil) cert, err := c.requestCertificateForCsr(order, bundle, csr.Raw, nil)
@ -339,20 +371,20 @@ DNSNames:
// your issued certificate as a bundle. // your issued certificate as a bundle.
// This function will never return a partial certificate. If one domain in the list fails, // This function will never return a partial certificate. If one domain in the list fails,
// the whole certificate will fail. // the whole certificate will fail.
func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (CertificateResource, error) { func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (*CertificateResource, error) {
if len(domains) == 0 { if len(domains) == 0 {
return CertificateResource{}, errors.New("No domains to obtain a certificate for") return nil, errors.New("No domains to obtain a certificate for")
} }
if bundle { if bundle {
logf("[INFO][%s] acme: Obtaining bundled SAN certificate", strings.Join(domains, ", ")) log.Printf("[INFO][%s] acme: Obtaining bundled SAN certificate", strings.Join(domains, ", "))
} else { } else {
logf("[INFO][%s] acme: Obtaining SAN certificate", strings.Join(domains, ", ")) log.Printf("[INFO][%s] acme: Obtaining SAN certificate", strings.Join(domains, ", "))
} }
order, err := c.createOrderForIdentifiers(domains) order, err := c.createOrderForIdentifiers(domains)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
authz, err := c.getAuthzForOrder(order) authz, err := c.getAuthzForOrder(order)
if err != nil { if err != nil {
@ -360,16 +392,16 @@ func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto
/*for _, auth := range authz { /*for _, auth := range authz {
c.disableAuthz(auth) c.disableAuthz(auth)
}*/ }*/
return CertificateResource{}, err return nil, err
} }
err = c.solveChallengeForAuthz(authz) err = c.solveChallengeForAuthz(authz)
if err != nil { if err != nil {
// If any challenge fails, return. Do not generate partial SAN certificates. // If any challenge fails, return. Do not generate partial SAN certificates.
return CertificateResource{}, err return nil, err
} }
logf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", ")) log.Printf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", "))
failures := make(ObtainError) failures := make(ObtainError)
cert, err := c.requestCertificateForOrder(order, bundle, privKey, mustStaple) cert, err := c.requestCertificateForOrder(order, bundle, privKey, mustStaple)
@ -413,22 +445,22 @@ func (c *Client) RevokeCertificate(certificate []byte) error {
// If bundle is true, the []byte contains both the issuer certificate and // If bundle is true, the []byte contains both the issuer certificate and
// your issued certificate as a bundle. // your issued certificate as a bundle.
// For private key reuse the PrivateKey property of the passed in CertificateResource should be non-nil. // For private key reuse the PrivateKey property of the passed in CertificateResource should be non-nil.
func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple bool) (CertificateResource, error) { func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple bool) (*CertificateResource, error) {
// Input certificate is PEM encoded. Decode it here as we may need the decoded // Input certificate is PEM encoded. Decode it here as we may need the decoded
// cert later on in the renewal process. The input may be a bundle or a single certificate. // cert later on in the renewal process. The input may be a bundle or a single certificate.
certificates, err := parsePEMBundle(cert.Certificate) certificates, err := parsePEMBundle(cert.Certificate)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
x509Cert := certificates[0] x509Cert := certificates[0]
if x509Cert.IsCA { if x509Cert.IsCA {
return CertificateResource{}, fmt.Errorf("[%s] Certificate bundle starts with a CA certificate", cert.Domain) return nil, fmt.Errorf("[%s] Certificate bundle starts with a CA certificate", cert.Domain)
} }
// This is just meant to be informal for the user. // This is just meant to be informal for the user.
timeLeft := x509Cert.NotAfter.Sub(time.Now().UTC()) timeLeft := x509Cert.NotAfter.Sub(time.Now().UTC())
logf("[INFO][%s] acme: Trying renewal with %d hours remaining", cert.Domain, int(timeLeft.Hours())) log.Printf("[INFO][%s] acme: Trying renewal with %d hours remaining", cert.Domain, int(timeLeft.Hours()))
// We always need to request a new certificate to renew. // We always need to request a new certificate to renew.
// Start by checking to see if the certificate was based off a CSR, and // Start by checking to see if the certificate was based off a CSR, and
@ -436,7 +468,7 @@ func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple b
if len(cert.CSR) > 0 { if len(cert.CSR) > 0 {
csr, err := pemDecodeTox509CSR(cert.CSR) csr, err := pemDecodeTox509CSR(cert.CSR)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
newCert, failures := c.ObtainCertificateForCSR(*csr, bundle) newCert, failures := c.ObtainCertificateForCSR(*csr, bundle)
return newCert, failures return newCert, failures
@ -446,7 +478,7 @@ func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple b
if cert.PrivateKey != nil { if cert.PrivateKey != nil {
privKey, err = parsePEMPrivateKey(cert.PrivateKey) privKey, err = parsePEMPrivateKey(cert.PrivateKey)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
} }
@ -502,7 +534,7 @@ func (c *Client) solveChallengeForAuthz(authorizations []authorization) error {
for _, authz := range authorizations { for _, authz := range authorizations {
if authz.Status == "valid" { if authz.Status == "valid" {
// Boulder might recycle recent validated authz (see issue #267) // Boulder might recycle recent validated authz (see issue #267)
logf("[INFO][%s] acme: Authorization already valid; skipping challenge", authz.Identifier.Value) log.Printf("[INFO][%s] acme: Authorization already valid; skipping challenge", authz.Identifier.Value)
continue continue
} }
@ -533,7 +565,7 @@ func (c *Client) chooseSolver(auth authorization, domain string) (int, solver) {
if solver, ok := c.solvers[Challenge(challenge.Type)]; ok { if solver, ok := c.solvers[Challenge(challenge.Type)]; ok {
return i, solver return i, solver
} }
logf("[INFO][%s] acme: Could not find solver for: %s", domain, challenge.Type) log.Printf("[INFO][%s] acme: Could not find solver for: %s", domain, challenge.Type)
} }
return 0, nil return 0, nil
} }
@ -585,7 +617,7 @@ func (c *Client) getAuthzForOrder(order orderResource) ([]authorization, error)
func logAuthz(order orderResource) { func logAuthz(order orderResource) {
for i, auth := range order.Authorizations { for i, auth := range order.Authorizations {
logf("[INFO][%s] AuthURL: %s", order.Identifiers[i].Value, auth) log.Printf("[INFO][%s] AuthURL: %s", order.Identifiers[i].Value, auth)
} }
} }
@ -596,13 +628,13 @@ func (c *Client) disableAuthz(authURL string) error {
return err return err
} }
func (c *Client) requestCertificateForOrder(order orderResource, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (CertificateResource, error) { func (c *Client) requestCertificateForOrder(order orderResource, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (*CertificateResource, error) {
var err error var err error
if privKey == nil { if privKey == nil {
privKey, err = generatePrivateKey(c.keyType) privKey, err = generatePrivateKey(c.keyType)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
} }
@ -616,24 +648,24 @@ func (c *Client) requestCertificateForOrder(order orderResource, bundle bool, pr
// TODO: should the CSR be customizable? // TODO: should the CSR be customizable?
csr, err := generateCsr(privKey, commonName, san, mustStaple) csr, err := generateCsr(privKey, commonName, san, mustStaple)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
return c.requestCertificateForCsr(order, bundle, csr, pemEncode(privKey)) return c.requestCertificateForCsr(order, bundle, csr, pemEncode(privKey))
} }
func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr []byte, privateKeyPem []byte) (CertificateResource, error) { func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr []byte, privateKeyPem []byte) (*CertificateResource, error) {
commonName := order.Domains[0] commonName := order.Domains[0]
csrString := base64.RawURLEncoding.EncodeToString(csr) csrString := base64.RawURLEncoding.EncodeToString(csr)
var retOrder orderMessage var retOrder orderMessage
_, error := postJSON(c.jws, order.Finalize, csrMessage{Csr: csrString}, &retOrder) _, error := postJSON(c.jws, order.Finalize, csrMessage{Csr: csrString}, &retOrder)
if error != nil { if error != nil {
return CertificateResource{}, error return nil, error
} }
if retOrder.Status == "invalid" { if retOrder.Status == "invalid" {
return CertificateResource{}, error return nil, error
} }
certRes := CertificateResource{ certRes := CertificateResource{
@ -646,11 +678,11 @@ func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr
// if the certificate is available right away, short cut! // if the certificate is available right away, short cut!
ok, err := c.checkCertResponse(retOrder, &certRes, bundle) ok, err := c.checkCertResponse(retOrder, &certRes, bundle)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
if ok { if ok {
return certRes, nil return &certRes, nil
} }
} }
@ -658,21 +690,21 @@ func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr
for i := 0; i < maxChecks; i++ { for i := 0; i < maxChecks; i++ {
_, err := getJSON(order.URL, &retOrder) _, err := getJSON(order.URL, &retOrder)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
done, err := c.checkCertResponse(retOrder, &certRes, bundle) done, err := c.checkCertResponse(retOrder, &certRes, bundle)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
if done { if done {
break break
} }
if i == maxChecks-1 { if i == maxChecks-1 {
return CertificateResource{}, fmt.Errorf("polled for certificate %d times; giving up", i) return nil, fmt.Errorf("polled for certificate %d times; giving up", i)
} }
} }
return certRes, nil return &certRes, nil
} }
// checkCertResponse checks to see if the certificate is ready and a link is contained in the // checkCertResponse checks to see if the certificate is ready and a link is contained in the
@ -702,7 +734,7 @@ func (c *Client) checkCertResponse(order orderMessage, certRes *CertificateResou
if err != nil { if err != nil {
// If we fail to acquire the issuer cert, return the issued certificate - do not fail. // If we fail to acquire the issuer cert, return the issued certificate - do not fail.
logf("[WARNING][%s] acme: Could not bundle issuer certificate: %v", certRes.Domain, err) log.Printf("[WARNING][%s] acme: Could not bundle issuer certificate: %v", certRes.Domain, err)
} else { } else {
issuerCert = pemEncode(derCertificateBytes(issuerCert)) issuerCert = pemEncode(derCertificateBytes(issuerCert))
@ -719,7 +751,7 @@ func (c *Client) checkCertResponse(order orderMessage, certRes *CertificateResou
certRes.Certificate = cert certRes.Certificate = cert
certRes.CertURL = order.Certificate certRes.CertURL = order.Certificate
certRes.CertStableURL = order.Certificate certRes.CertStableURL = order.Certificate
logf("[INFO][%s] Server responded with a certificate.", certRes.Domain) log.Printf("[INFO][%s] Server responded with a certificate.", certRes.Domain)
return true, nil return true, nil
case "processing": case "processing":
@ -733,7 +765,7 @@ func (c *Client) checkCertResponse(order orderMessage, certRes *CertificateResou
// getIssuerCertificate requests the issuer certificate // getIssuerCertificate requests the issuer certificate
func (c *Client) getIssuerCertificate(url string) ([]byte, error) { func (c *Client) getIssuerCertificate(url string) ([]byte, error) {
logf("[INFO] acme: Requesting issuer cert from %s", url) log.Printf("[INFO] acme: Requesting issuer cert from %s", url)
resp, err := httpGet(url) resp, err := httpGet(url)
if err != nil { if err != nil {
return nil, err return nil, err
@ -787,14 +819,14 @@ func validate(j *jws, domain, uri string, c challenge) error {
for { for {
switch chlng.Status { switch chlng.Status {
case "valid": case "valid":
logf("[INFO][%s] The server validated our request", domain) log.Printf("[INFO][%s] The server validated our request", domain)
return nil return nil
case "pending": case "pending":
break case "processing":
case "invalid": case "invalid":
return handleChallengeError(chlng) return handleChallengeError(chlng)
default: default:
return errors.New("The server returned an unexpected state") return errors.New("the server returned an unexpected state")
} }
ra, err := strconv.Atoi(hdr.Get("Retry-After")) ra, err := strconv.Atoi(hdr.Get("Retry-After"))

19
vendor/github.com/xenolf/lego/acmev2/crypto.go → vendor/github.com/xenolf/lego/acme/crypto.go generated vendored
View file

@ -1,4 +1,4 @@
package acmev2 package acme
import ( import (
"bytes" "bytes"
@ -9,6 +9,7 @@ import (
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"encoding/asn1"
"encoding/base64" "encoding/base64"
"encoding/pem" "encoding/pem"
"errors" "errors"
@ -19,8 +20,6 @@ import (
"net/http" "net/http"
"time" "time"
"encoding/asn1"
"golang.org/x/crypto/ocsp" "golang.org/x/crypto/ocsp"
jose "gopkg.in/square/go-jose.v2" jose "gopkg.in/square/go-jose.v2"
) )
@ -118,6 +117,10 @@ func GetOCSPForCert(bundle []byte) ([]byte, *ocsp.Response, error) {
defer req.Body.Close() defer req.Body.Close()
ocspResBytes, err := ioutil.ReadAll(limitReader(req.Body, 1024*1024)) ocspResBytes, err := ioutil.ReadAll(limitReader(req.Body, 1024*1024))
if err != nil {
return nil, nil, err
}
ocspRes, err := ocsp.ParseResponse(ocspResBytes, issuerCert) ocspRes, err := ocsp.ParseResponse(ocspResBytes, issuerCert)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@ -138,7 +141,7 @@ func getKeyAuthorization(token string, key interface{}) (string, error) {
// Generate the Key Authorization for the challenge // Generate the Key Authorization for the challenge
jwk := &jose.JSONWebKey{Key: publicKey} jwk := &jose.JSONWebKey{Key: publicKey}
if jwk == nil { if jwk == nil {
return "", errors.New("Could not generate JWK from key") return "", errors.New("could not generate JWK from key")
} }
thumbBytes, err := jwk.Thumbprint(crypto.SHA256) thumbBytes, err := jwk.Thumbprint(crypto.SHA256)
if err != nil { if err != nil {
@ -173,7 +176,7 @@ func parsePEMBundle(bundle []byte) ([]*x509.Certificate, error) {
} }
if len(certificates) == 0 { if len(certificates) == 0 {
return nil, errors.New("No certificates were found while parsing the bundle") return nil, errors.New("no certificates were found while parsing the bundle")
} }
return certificates, nil return certificates, nil
@ -188,7 +191,7 @@ func parsePEMPrivateKey(key []byte) (crypto.PrivateKey, error) {
case "EC PRIVATE KEY": case "EC PRIVATE KEY":
return x509.ParseECPrivateKey(keyBlock.Bytes) return x509.ParseECPrivateKey(keyBlock.Bytes)
default: default:
return nil, errors.New("Unknown PEM header value") return nil, errors.New("unknown PEM header value")
} }
} }
@ -207,7 +210,7 @@ func generatePrivateKey(keyType KeyType) (crypto.PrivateKey, error) {
return rsa.GenerateKey(rand.Reader, 8192) return rsa.GenerateKey(rand.Reader, 8192)
} }
return nil, fmt.Errorf("Invalid KeyType: %s", keyType) return nil, fmt.Errorf("invalid KeyType: %s", keyType)
} }
func generateCsr(privateKey crypto.PrivateKey, domain string, san []string, mustStaple bool) ([]byte, error) { func generateCsr(privateKey crypto.PrivateKey, domain string, san []string, mustStaple bool) ([]byte, error) {
@ -239,10 +242,8 @@ func pemEncode(data interface{}) []byte {
pemBlock = &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes} pemBlock = &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes}
case *rsa.PrivateKey: case *rsa.PrivateKey:
pemBlock = &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)} pemBlock = &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}
break
case *x509.CertificateRequest: case *x509.CertificateRequest:
pemBlock = &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: key.Raw} pemBlock = &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: key.Raw}
break
case derCertificateBytes: case derCertificateBytes:
pemBlock = &pem.Block{Type: "CERTIFICATE", Bytes: []byte(data.(derCertificateBytes))} pemBlock = &pem.Block{Type: "CERTIFICATE", Bytes: []byte(data.(derCertificateBytes))}
} }

8
vendor/github.com/xenolf/lego/acmev2/dns_challenge.go → vendor/github.com/xenolf/lego/acme/dns_challenge.go generated vendored
View file

@ -1,16 +1,16 @@
package acmev2 package acme
import ( import (
"crypto/sha256" "crypto/sha256"
"encoding/base64" "encoding/base64"
"errors" "errors"
"fmt" "fmt"
"log"
"net" "net"
"strings" "strings"
"time" "time"
"github.com/miekg/dns" "github.com/miekg/dns"
"github.com/xenolf/lego/log"
) )
type preCheckDNSFunc func(fqdn, value string) (bool, error) type preCheckDNSFunc func(fqdn, value string) (bool, error)
@ -72,7 +72,7 @@ type dnsChallenge struct {
} }
func (s *dnsChallenge) Solve(chlng challenge, domain string) error { func (s *dnsChallenge) Solve(chlng challenge, domain string) error {
logf("[INFO][%s] acme: Trying to solve DNS-01", domain) log.Printf("[INFO][%s] acme: Trying to solve DNS-01", domain)
if s.provider == nil { if s.provider == nil {
return errors.New("No DNS Provider configured") return errors.New("No DNS Provider configured")
@ -97,7 +97,7 @@ func (s *dnsChallenge) Solve(chlng challenge, domain string) error {
fqdn, value, _ := DNS01Record(domain, keyAuth) fqdn, value, _ := DNS01Record(domain, keyAuth)
logf("[INFO][%s] Checking DNS record propagation using %+v", domain, RecursiveNameservers) log.Printf("[INFO][%s] Checking DNS record propagation using %+v", domain, RecursiveNameservers)
var timeout, interval time.Duration var timeout, interval time.Duration
switch provider := s.provider.(type) { switch provider := s.provider.(type) {

14
vendor/github.com/xenolf/lego/acmev2/dns_challenge_manual.go → vendor/github.com/xenolf/lego/acme/dns_challenge_manual.go generated vendored
View file

@ -1,9 +1,11 @@
package acmev2 package acme
import ( import (
"bufio" "bufio"
"fmt" "fmt"
"os" "os"
"github.com/xenolf/lego/log"
) )
const ( const (
@ -28,9 +30,9 @@ func (*DNSProviderManual) Present(domain, token, keyAuth string) error {
return err return err
} }
logf("[INFO] acme: Please create the following TXT record in your %s zone:", authZone) log.Printf("[INFO] acme: Please create the following TXT record in your %s zone:", authZone)
logf("[INFO] acme: %s", dnsRecord) log.Printf("[INFO] acme: %s", dnsRecord)
logf("[INFO] acme: Press 'Enter' when you are done") log.Printf("[INFO] acme: Press 'Enter' when you are done")
reader := bufio.NewReader(os.Stdin) reader := bufio.NewReader(os.Stdin)
_, _ = reader.ReadString('\n') _, _ = reader.ReadString('\n')
@ -47,7 +49,7 @@ func (*DNSProviderManual) CleanUp(domain, token, keyAuth string) error {
return err return err
} }
logf("[INFO] acme: You can now remove this TXT record from your %s zone:", authZone) log.Printf("[INFO] acme: You can now remove this TXT record from your %s zone:", authZone)
logf("[INFO] acme: %s", dnsRecord) log.Printf("[INFO] acme: %s", dnsRecord)
return nil return nil
} }

26
vendor/github.com/xenolf/lego/acmev2/error.go → vendor/github.com/xenolf/lego/acme/error.go generated vendored
View file

@ -1,4 +1,4 @@
package acmev2 package acme
import ( import (
"bytes" "bytes"
@ -14,18 +14,6 @@ const (
invalidNonceError = "urn:ietf:params:acme:error:badNonce" invalidNonceError = "urn:ietf:params:acme:error:badNonce"
) )
// ObtainError is returned when there are specific errors available
// per domain. For example in ObtainCertificate
type ObtainError map[string]error
func (e ObtainError) Error() string {
buffer := bytes.NewBufferString("acme: Error -> One or more domains had a problem:\n")
for dom, err := range e {
buffer.WriteString(fmt.Sprintf("[%s] %s\n", dom, err))
}
return buffer.String()
}
// RemoteError is the base type for all errors specific to the ACME protocol. // RemoteError is the base type for all errors specific to the ACME protocol.
type RemoteError struct { type RemoteError struct {
StatusCode int `json:"status,omitempty"` StatusCode int `json:"status,omitempty"`
@ -55,6 +43,18 @@ type domainError struct {
Error error Error error
} }
// ObtainError is returned when there are specific errors available
// per domain. For example in ObtainCertificate
type ObtainError map[string]error
func (e ObtainError) Error() string {
buffer := bytes.NewBufferString("acme: Error -> One or more domains had a problem:\n")
for dom, err := range e {
buffer.WriteString(fmt.Sprintf("[%s] %s\n", dom, err))
}
return buffer.String()
}
func handleHTTPError(resp *http.Response) error { func handleHTTPError(resp *http.Response) error {
var errorDetail RemoteError var errorDetail RemoteError

4
vendor/github.com/xenolf/lego/acmev2/http.go → vendor/github.com/xenolf/lego/acme/http.go generated vendored
View file

@ -1,4 +1,4 @@
package acmev2 package acme
import ( import (
"encoding/json" "encoding/json"
@ -155,6 +155,6 @@ func postJSON(j *jws, uri string, reqBody, respBody interface{}) (http.Header, e
// userAgent builds and returns the User-Agent string to use in requests. // userAgent builds and returns the User-Agent string to use in requests.
func userAgent() string { func userAgent() string {
ua := fmt.Sprintf("%s (%s; %s) %s %s", defaultGoUserAgent, runtime.GOOS, runtime.GOARCH, ourUserAgent, UserAgent) ua := fmt.Sprintf("%s %s (%s; %s) %s", UserAgent, ourUserAgent, runtime.GOOS, runtime.GOARCH, defaultGoUserAgent)
return strings.TrimSpace(ua) return strings.TrimSpace(ua)
} }

7
vendor/github.com/xenolf/lego/acmev2/http_challenge.go → vendor/github.com/xenolf/lego/acme/http_challenge.go generated vendored
View file

@ -1,8 +1,9 @@
package acmev2 package acme
import ( import (
"fmt" "fmt"
"log"
"github.com/xenolf/lego/log"
) )
type httpChallenge struct { type httpChallenge struct {
@ -18,7 +19,7 @@ func HTTP01ChallengePath(token string) string {
func (s *httpChallenge) Solve(chlng challenge, domain string) error { func (s *httpChallenge) Solve(chlng challenge, domain string) error {
logf("[INFO][%s] acme: Trying to solve HTTP-01", domain) log.Printf("[INFO][%s] acme: Trying to solve HTTP-01", domain)
// Generate the Key Authorization for the challenge // Generate the Key Authorization for the challenge
keyAuth, err := getKeyAuthorization(chlng.Token, s.jws.privKey) keyAuth, err := getKeyAuthorization(chlng.Token, s.jws.privKey)

8
vendor/github.com/xenolf/lego/acmev2/http_challenge_server.go → vendor/github.com/xenolf/lego/acme/http_challenge_server.go generated vendored
View file

@ -1,10 +1,12 @@
package acmev2 package acme
import ( import (
"fmt" "fmt"
"net" "net"
"net/http" "net/http"
"strings" "strings"
"github.com/xenolf/lego/log"
) )
// HTTPProviderServer implements ChallengeProvider for `http-01` challenge // HTTPProviderServer implements ChallengeProvider for `http-01` challenge
@ -61,9 +63,9 @@ func (s *HTTPProviderServer) serve(domain, token, keyAuth string) {
if strings.HasPrefix(r.Host, domain) && r.Method == "GET" { if strings.HasPrefix(r.Host, domain) && r.Method == "GET" {
w.Header().Add("Content-Type", "text/plain") w.Header().Add("Content-Type", "text/plain")
w.Write([]byte(keyAuth)) w.Write([]byte(keyAuth))
logf("[INFO][%s] Served key authentication", domain) log.Printf("[INFO][%s] Served key authentication", domain)
} else { } else {
logf("[WARN] Received request for domain %s with method %s but the domain did not match any challenge. Please ensure your are passing the HOST header properly.", r.Host, r.Method) log.Printf("[WARN] Received request for domain %s with method %s but the domain did not match any challenge. Please ensure your are passing the HOST header properly.", r.Host, r.Method)
w.Write([]byte("TEST")) w.Write([]byte("TEST"))
} }
}) })

43
vendor/github.com/xenolf/lego/acmev2/jws.go → vendor/github.com/xenolf/lego/acme/jws.go generated vendored
View file

@ -1,4 +1,4 @@
package acmev2 package acme
import ( import (
"bytes" "bytes"
@ -26,13 +26,13 @@ type jws struct {
func (j *jws) post(url string, content []byte) (*http.Response, error) { func (j *jws) post(url string, content []byte) (*http.Response, error) {
signedContent, err := j.signContent(url, content) signedContent, err := j.signContent(url, content)
if err != nil { if err != nil {
return nil, fmt.Errorf("Failed to sign content -> %s", err.Error()) return nil, fmt.Errorf("failed to sign content -> %s", err.Error())
} }
data := bytes.NewBuffer([]byte(signedContent.FullSerialize())) data := bytes.NewBuffer([]byte(signedContent.FullSerialize()))
resp, err := httpPost(url, "application/jose+json", data) resp, err := httpPost(url, "application/jose+json", data)
if err != nil { if err != nil {
return nil, fmt.Errorf("Failed to HTTP POST to %s -> %s", url, err.Error()) return nil, fmt.Errorf("failed to HTTP POST to %s -> %s", url, err.Error())
} }
nonce, nonceErr := getNonceFromResponse(resp) nonce, nonceErr := getNonceFromResponse(resp)
@ -77,16 +77,45 @@ func (j *jws) signContent(url string, content []byte) (*jose.JSONWebSignature, e
signer, err := jose.NewSigner(signKey, &options) signer, err := jose.NewSigner(signKey, &options)
if err != nil { if err != nil {
return nil, fmt.Errorf("Failed to create jose signer -> %s", err.Error()) return nil, fmt.Errorf("failed to create jose signer -> %s", err.Error())
} }
signed, err := signer.Sign(content) signed, err := signer.Sign(content)
if err != nil { if err != nil {
return nil, fmt.Errorf("Failed to sign content -> %s", err.Error()) return nil, fmt.Errorf("failed to sign content -> %s", err.Error())
} }
return signed, nil return signed, nil
} }
func (j *jws) signEABContent(url, kid string, hmac []byte) (*jose.JSONWebSignature, error) {
jwk := jose.JSONWebKey{Key: j.privKey}
jwkJSON, err := jwk.Public().MarshalJSON()
if err != nil {
return nil, fmt.Errorf("acme: error encoding eab jwk key: %s", err.Error())
}
signer, err := jose.NewSigner(
jose.SigningKey{Algorithm: jose.HS256, Key: hmac},
&jose.SignerOptions{
EmbedJWK: false,
ExtraHeaders: map[jose.HeaderKey]interface{}{
"kid": kid,
"url": url,
},
},
)
if err != nil {
return nil, fmt.Errorf("failed to create External Account Binding jose signer -> %s", err.Error())
}
signed, err := signer.Sign(jwkJSON)
if err != nil {
return nil, fmt.Errorf("failed to External Account Binding sign content -> %s", err.Error())
}
return signed, nil
}
func (j *jws) Nonce() (string, error) { func (j *jws) Nonce() (string, error) {
if nonce, ok := j.nonces.Pop(); ok { if nonce, ok := j.nonces.Pop(); ok {
return nonce, nil return nonce, nil
@ -122,7 +151,7 @@ func (n *nonceManager) Push(nonce string) {
func getNonce(url string) (string, error) { func getNonce(url string) (string, error) {
resp, err := httpHead(url) resp, err := httpHead(url)
if err != nil { if err != nil {
return "", fmt.Errorf("Failed to get nonce from HTTP HEAD -> %s", err.Error()) return "", fmt.Errorf("failed to get nonce from HTTP HEAD -> %s", err.Error())
} }
return getNonceFromResponse(resp) return getNonceFromResponse(resp)
@ -131,7 +160,7 @@ func getNonce(url string) (string, error) {
func getNonceFromResponse(resp *http.Response) (string, error) { func getNonceFromResponse(resp *http.Response) (string, error) {
nonce := resp.Header.Get("Replay-Nonce") nonce := resp.Header.Get("Replay-Nonce")
if nonce == "" { if nonce == "" {
return "", fmt.Errorf("Server did not respond with a proper nonce header") return "", fmt.Errorf("server did not respond with a proper nonce header")
} }
return nonce, nil return nonce, nil

17
vendor/github.com/xenolf/lego/acmev2/messages.go → vendor/github.com/xenolf/lego/acme/messages.go generated vendored
View file

@ -1,6 +1,7 @@
package acmev2 package acme
import ( import (
"encoding/json"
"time" "time"
) )
@ -26,11 +27,12 @@ type directory struct {
} }
type accountMessage struct { type accountMessage struct {
Status string `json:"status,omitempty"` Status string `json:"status,omitempty"`
Contact []string `json:"contact,omitempty"` Contact []string `json:"contact,omitempty"`
TermsOfServiceAgreed bool `json:"termsOfServiceAgreed,omitempty"` TermsOfServiceAgreed bool `json:"termsOfServiceAgreed,omitempty"`
Orders string `json:"orders,omitempty"` Orders string `json:"orders,omitempty"`
OnlyReturnExisting bool `json:"onlyReturnExisting,omitempty"` OnlyReturnExisting bool `json:"onlyReturnExisting,omitempty"`
ExternalAccountBinding json.RawMessage `json:"externalAccountBinding,omitempty"`
} }
type orderResource struct { type orderResource struct {
@ -76,9 +78,6 @@ type csrMessage struct {
Csr string `json:"csr"` Csr string `json:"csr"`
} }
type emptyObjectMessage struct {
}
type revokeCertMessage struct { type revokeCertMessage struct {
Certificate string `json:"certificate"` Certificate string `json:"certificate"`
} }

2
vendor/github.com/xenolf/lego/acmev2/provider.go → vendor/github.com/xenolf/lego/acme/provider.go generated vendored
View file

@ -1,4 +1,4 @@
package acmev2 package acme
import "time" import "time"

2
vendor/github.com/xenolf/lego/acmev2/utils.go → vendor/github.com/xenolf/lego/acme/utils.go generated vendored
View file

@ -1,4 +1,4 @@
package acmev2 package acme
import ( import (
"fmt" "fmt"

1
vendor/github.com/xenolf/lego/acmev2/pop_challenge.go generated vendored
View file

@ -1 +0,0 @@
package acmev2

59
vendor/github.com/xenolf/lego/log/logger.go generated vendored Normal file
View file

@ -0,0 +1,59 @@
package log
import (
"log"
"os"
)
// Logger is an optional custom logger.
var Logger *log.Logger
// Fatal writes a log entry.
// It uses Logger if not nil, otherwise it uses the default log.Logger.
func Fatal(args ...interface{}) {
if Logger == nil {
Logger = log.New(os.Stderr, "", log.LstdFlags)
}
Logger.Fatal(args...)
}
// Fatalf writes a log entry.
// It uses Logger if not nil, otherwise it uses the default log.Logger.
func Fatalf(format string, args ...interface{}) {
if Logger == nil {
Logger = log.New(os.Stderr, "", log.LstdFlags)
}
Logger.Fatalf(format, args...)
}
// Print writes a log entry.
// It uses Logger if not nil, otherwise it uses the default log.Logger.
func Print(args ...interface{}) {
if Logger == nil {
Logger = log.New(os.Stdout, "", log.LstdFlags)
}
Logger.Print(args...)
}
// Println writes a log entry.
// It uses Logger if not nil, otherwise it uses the default log.Logger.
func Println(args ...interface{}) {
if Logger == nil {
Logger = log.New(os.Stdout, "", log.LstdFlags)
}
Logger.Println(args...)
}
// Printf writes a log entry.
// It uses Logger if not nil, otherwise it uses the default log.Logger.
func Printf(format string, args ...interface{}) {
if Logger == nil {
Logger = log.New(os.Stdout, "", log.LstdFlags)
}
Logger.Printf(format, args...)
}

25
vendor/github.com/xenolf/lego/providers/dns/auroradns/auroradns.go generated vendored
View file

@ -8,7 +8,7 @@ import (
"github.com/edeckers/auroradnsclient" "github.com/edeckers/auroradnsclient"
"github.com/edeckers/auroradnsclient/records" "github.com/edeckers/auroradnsclient/records"
"github.com/edeckers/auroradnsclient/zones" "github.com/edeckers/auroradnsclient/zones"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider describes a provider for AuroraDNS // DNSProvider describes a provider for AuroraDNS
@ -60,14 +60,14 @@ func (provider *DNSProvider) getZoneInformationByName(name string) (zones.ZoneRe
} }
} }
return zones.ZoneRecord{}, fmt.Errorf("Could not find Zone record") return zones.ZoneRecord{}, fmt.Errorf("could not find Zone record")
} }
// Present creates a record with a secret // Present creates a record with a secret
func (provider *DNSProvider) Present(domain, token, keyAuth string) error { func (provider *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil { if err != nil {
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err) return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
} }
@ -81,9 +81,12 @@ func (provider *DNSProvider) Present(domain, token, keyAuth string) error {
subdomain := fqdn[0 : len(fqdn)-len(authZone)-1] subdomain := fqdn[0 : len(fqdn)-len(authZone)-1]
authZone = acmev2.UnFqdn(authZone) authZone = acme.UnFqdn(authZone)
zoneRecord, err := provider.getZoneInformationByName(authZone) zoneRecord, err := provider.getZoneInformationByName(authZone)
if err != nil {
return fmt.Errorf("could not create record: %v", err)
}
reqData := reqData :=
records.CreateRecordRequest{ records.CreateRecordRequest{
@ -95,7 +98,7 @@ func (provider *DNSProvider) Present(domain, token, keyAuth string) error {
respData, err := provider.client.CreateRecord(zoneRecord.ID, reqData) respData, err := provider.client.CreateRecord(zoneRecord.ID, reqData)
if err != nil { if err != nil {
return fmt.Errorf("Could not create record: '%s'.", err) return fmt.Errorf("could not create record: %v", err)
} }
provider.recordIDsMu.Lock() provider.recordIDsMu.Lock()
@ -107,22 +110,22 @@ func (provider *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes a given record that was generated by Present // CleanUp removes a given record that was generated by Present
func (provider *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (provider *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
provider.recordIDsMu.Lock() provider.recordIDsMu.Lock()
recordID, ok := provider.recordIDs[fqdn] recordID, ok := provider.recordIDs[fqdn]
provider.recordIDsMu.Unlock() provider.recordIDsMu.Unlock()
if !ok { if !ok {
return fmt.Errorf("Unknown recordID for '%s'", fqdn) return fmt.Errorf("unknown recordID for %q", fqdn)
} }
authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil { if err != nil {
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err) return fmt.Errorf("could not determine zone for domain: %q. %v", domain, err)
} }
authZone = acmev2.UnFqdn(authZone) authZone = acme.UnFqdn(authZone)
zoneRecord, err := provider.getZoneInformationByName(authZone) zoneRecord, err := provider.getZoneInformationByName(authZone)
if err != nil { if err != nil {

90
vendor/github.com/xenolf/lego/providers/dns/azure/azure.go generated vendored
View file

@ -15,44 +15,49 @@ import (
"github.com/Azure/go-autorest/autorest/adal" "github.com/Azure/go-autorest/autorest/adal"
"github.com/Azure/go-autorest/autorest/azure" "github.com/Azure/go-autorest/autorest/azure"
"github.com/Azure/go-autorest/autorest/to" "github.com/Azure/go-autorest/autorest/to"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface // DNSProvider is an implementation of the acme.ChallengeProvider interface
type DNSProvider struct { type DNSProvider struct {
clientId string clientID string
clientSecret string clientSecret string
subscriptionId string subscriptionID string
tenantId string tenantID string
resourceGroup string resourceGroup string
context context.Context
context context.Context
} }
// NewDNSProvider returns a DNSProvider instance configured for azure. // NewDNSProvider returns a DNSProvider instance configured for azure.
// Credentials must be passed in the environment variables: AZURE_CLIENT_ID, // Credentials must be passed in the environment variables: AZURE_CLIENT_ID,
// AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_RESOURCE_GROUP // AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_RESOURCE_GROUP
func NewDNSProvider() (*DNSProvider, error) { func NewDNSProvider() (*DNSProvider, error) {
clientId := os.Getenv("AZURE_CLIENT_ID") clientID := os.Getenv("AZURE_CLIENT_ID")
clientSecret := os.Getenv("AZURE_CLIENT_SECRET") clientSecret := os.Getenv("AZURE_CLIENT_SECRET")
subscriptionId := os.Getenv("AZURE_SUBSCRIPTION_ID") subscriptionID := os.Getenv("AZURE_SUBSCRIPTION_ID")
tenantId := os.Getenv("AZURE_TENANT_ID") tenantID := os.Getenv("AZURE_TENANT_ID")
resourceGroup := os.Getenv("AZURE_RESOURCE_GROUP") resourceGroup := os.Getenv("AZURE_RESOURCE_GROUP")
return NewDNSProviderCredentials(clientId, clientSecret, subscriptionId, tenantId, resourceGroup) return NewDNSProviderCredentials(clientID, clientSecret, subscriptionID, tenantID, resourceGroup)
} }
// NewDNSProviderCredentials uses the supplied credentials to return a // NewDNSProviderCredentials uses the supplied credentials to return a
// DNSProvider instance configured for azure. // DNSProvider instance configured for azure.
func NewDNSProviderCredentials(clientId, clientSecret, subscriptionId, tenantId, resourceGroup string) (*DNSProvider, error) { func NewDNSProviderCredentials(clientID, clientSecret, subscriptionID, tenantID, resourceGroup string) (*DNSProvider, error) {
if clientId == "" || clientSecret == "" || subscriptionId == "" || tenantId == "" || resourceGroup == "" { if clientID == "" || clientSecret == "" || subscriptionID == "" || tenantID == "" || resourceGroup == "" {
return nil, fmt.Errorf("Azure configuration missing") var missingEnvVars []string
for _, envVar := range []string{"AZURE_CLIENT_ID", "AZURE_CLIENT_SECRET", "AZURE_SUBSCRIPTION_ID", "AZURE_TENANT_ID", "AZURE_RESOURCE_GROUP"} {
if os.Getenv(envVar) == "" {
missingEnvVars = append(missingEnvVars, envVar)
}
}
return nil, fmt.Errorf("Azure configuration missing: %s", strings.Join(missingEnvVars, ","))
} }
return &DNSProvider{ return &DNSProvider{
clientId: clientId, clientID: clientID,
clientSecret: clientSecret, clientSecret: clientSecret,
subscriptionId: subscriptionId, subscriptionID: subscriptionID,
tenantId: tenantId, tenantID: tenantID,
resourceGroup: resourceGroup, resourceGroup: resourceGroup,
// TODO: A timeout can be added here for cancellation purposes. // TODO: A timeout can be added here for cancellation purposes.
context: context.Background(), context: context.Background(),
@ -67,74 +72,77 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {
// Present creates a TXT record to fulfil the dns-01 challenge // Present creates a TXT record to fulfil the dns-01 challenge
func (c *DNSProvider) Present(domain, token, keyAuth string) error { func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
zone, err := c.getHostedZoneID(fqdn) zone, err := c.getHostedZoneID(fqdn)
if err != nil { if err != nil {
return err return err
} }
rsc := dns.NewRecordSetsClient(c.subscriptionId) rsc := dns.NewRecordSetsClient(c.subscriptionID)
spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint) spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)
if err != nil {
return err
}
rsc.Authorizer = autorest.NewBearerAuthorizer(spt) rsc.Authorizer = autorest.NewBearerAuthorizer(spt)
relative := toRelativeRecord(fqdn, acmev2.ToFqdn(zone)) relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))
rec := dns.RecordSet{ rec := dns.RecordSet{
Name: &relative, Name: &relative,
RecordSetProperties: &dns.RecordSetProperties{ RecordSetProperties: &dns.RecordSetProperties{
TTL: to.Int64Ptr(60), TTL: to.Int64Ptr(60),
TxtRecords: &[]dns.TxtRecord{dns.TxtRecord{Value: &[]string{value}}}, TxtRecords: &[]dns.TxtRecord{{Value: &[]string{value}}},
}, },
} }
_, err = rsc.CreateOrUpdate(c.context, c.resourceGroup, zone, relative, dns.TXT, rec, "", "") _, err = rsc.CreateOrUpdate(c.context, c.resourceGroup, zone, relative, dns.TXT, rec, "", "")
return err
if err != nil {
return err
}
return nil
} }
// Returns the relative record to the domain // Returns the relative record to the domain
func toRelativeRecord(domain, zone string) string { func toRelativeRecord(domain, zone string) string {
return acmev2.UnFqdn(strings.TrimSuffix(domain, zone)) return acme.UnFqdn(strings.TrimSuffix(domain, zone))
} }
// CleanUp removes the TXT record matching the specified parameters // CleanUp removes the TXT record matching the specified parameters
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
zone, err := c.getHostedZoneID(fqdn) zone, err := c.getHostedZoneID(fqdn)
if err != nil { if err != nil {
return err return err
} }
relative := toRelativeRecord(fqdn, acmev2.ToFqdn(zone)) relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))
rsc := dns.NewRecordSetsClient(c.subscriptionId) rsc := dns.NewRecordSetsClient(c.subscriptionID)
spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint) spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)
rsc.Authorizer = autorest.NewBearerAuthorizer(spt)
_, err = rsc.Delete(c.context, c.resourceGroup, zone, relative, dns.TXT, "")
if err != nil { if err != nil {
return err return err
} }
return nil rsc.Authorizer = autorest.NewBearerAuthorizer(spt)
_, err = rsc.Delete(c.context, c.resourceGroup, zone, relative, dns.TXT, "")
return err
} }
// Checks that azure has a zone for this domain name. // Checks that azure has a zone for this domain name.
func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) { func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return "", err return "", err
} }
// Now we want to to Azure and get the zone. // Now we want to to Azure and get the zone.
spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint) spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)
if err != nil {
return "", err
}
dc := dns.NewZonesClient(c.subscriptionId) dc := dns.NewZonesClient(c.subscriptionID)
dc.Authorizer = autorest.NewBearerAuthorizer(spt) dc.Authorizer = autorest.NewBearerAuthorizer(spt)
zone, err := dc.Get(c.context, c.resourceGroup, acmev2.UnFqdn(authZone)) zone, err := dc.Get(c.context, c.resourceGroup, acme.UnFqdn(authZone))
if err != nil { if err != nil {
return "", err return "", err
} }
@ -146,9 +154,9 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
// NewServicePrincipalTokenFromCredentials creates a new ServicePrincipalToken using values of the // NewServicePrincipalTokenFromCredentials creates a new ServicePrincipalToken using values of the
// passed credentials map. // passed credentials map.
func (c *DNSProvider) newServicePrincipalTokenFromCredentials(scope string) (*adal.ServicePrincipalToken, error) { func (c *DNSProvider) newServicePrincipalTokenFromCredentials(scope string) (*adal.ServicePrincipalToken, error) {
oauthConfig, err := adal.NewOAuthConfig(azure.PublicCloud.ActiveDirectoryEndpoint, c.tenantId) oauthConfig, err := adal.NewOAuthConfig(azure.PublicCloud.ActiveDirectoryEndpoint, c.tenantID)
if err != nil { if err != nil {
panic(err) return nil, err
} }
return adal.NewServicePrincipalToken(*oauthConfig, c.clientId, c.clientSecret, scope) return adal.NewServicePrincipalToken(*oauthConfig, c.clientID, c.clientSecret, scope)
} }

108
vendor/github.com/xenolf/lego/providers/dns/bluecat/bluecat.go generated vendored
View file

@ -15,26 +15,26 @@ import (
"io/ioutil" "io/ioutil"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
const bluecatUrlTemplate = "%s/Services/REST/v1" const bluecatURLTemplate = "%s/Services/REST/v1"
const configType = "Configuration" const configType = "Configuration"
const viewType = "View" const viewType = "View"
const txtType = "TXTRecord" const txtType = "TXTRecord"
const zoneType = "Zone" const zoneType = "Zone"
type entityResponse struct { type entityResponse struct {
Id uint `json:"id"` ID uint `json:"id"`
Name string `json:"name"` Name string `json:"name"`
Type string `json:"type"` Type string `json:"type"`
Properties string `json:"properties"` Properties string `json:"properties"`
} }
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface that uses // DNSProvider is an implementation of the acme.ChallengeProvider interface that uses
// Bluecat's Address Manager REST API to manage TXT records for a domain. // Bluecat's Address Manager REST API to manage TXT records for a domain.
type DNSProvider struct { type DNSProvider struct {
baseUrl string baseURL string
userName string userName string
password string password string
configName string configName string
@ -56,7 +56,7 @@ func NewDNSProvider() (*DNSProvider, error) {
password := os.Getenv("BLUECAT_PASSWORD") password := os.Getenv("BLUECAT_PASSWORD")
configName := os.Getenv("BLUECAT_CONFIG_NAME") configName := os.Getenv("BLUECAT_CONFIG_NAME")
dnsView := os.Getenv("BLUECAT_DNS_VIEW") dnsView := os.Getenv("BLUECAT_DNS_VIEW")
httpClient := http.Client{Timeout: time.Duration(30 * time.Second)} httpClient := http.Client{Timeout: 30 * time.Second}
return NewDNSProviderCredentials(server, userName, password, configName, dnsView, httpClient) return NewDNSProviderCredentials(server, userName, password, configName, dnsView, httpClient)
} }
@ -68,7 +68,7 @@ func NewDNSProviderCredentials(server, userName, password, configName, dnsView s
} }
return &DNSProvider{ return &DNSProvider{
baseUrl: fmt.Sprintf(bluecatUrlTemplate, server), baseURL: fmt.Sprintf(bluecatURLTemplate, server),
userName: userName, userName: userName,
password: password, password: password,
configName: configName, configName: configName,
@ -80,7 +80,7 @@ func NewDNSProviderCredentials(server, userName, password, configName, dnsView s
// Send a REST request, using query parameters specified. The Authorization // Send a REST request, using query parameters specified. The Authorization
// header will be set if we have an active auth token // header will be set if we have an active auth token
func (d *DNSProvider) sendRequest(method, resource string, payload interface{}, queryArgs map[string]string) (*http.Response, error) { func (d *DNSProvider) sendRequest(method, resource string, payload interface{}, queryArgs map[string]string) (*http.Response, error) {
url := fmt.Sprintf("%s/%s", d.baseUrl, resource) url := fmt.Sprintf("%s/%s", d.baseURL, resource)
body, err := json.Marshal(payload) body, err := json.Marshal(payload)
if err != nil { if err != nil {
@ -160,14 +160,14 @@ func (d *DNSProvider) logout() error {
if resp.StatusCode != 200 { if resp.StatusCode != 200 {
return fmt.Errorf("Bluecat API request failed to delete session with HTTP status code %d", resp.StatusCode) return fmt.Errorf("Bluecat API request failed to delete session with HTTP status code %d", resp.StatusCode)
} else { }
authBytes, _ := ioutil.ReadAll(resp.Body)
authResp := string(authBytes)
if !strings.Contains(authResp, "successfully") { authBytes, _ := ioutil.ReadAll(resp.Body)
msg := strings.Trim(authResp, "\"") authResp := string(authBytes)
return fmt.Errorf("Bluecat API request failed to delete session: %s", msg)
} if !strings.Contains(authResp, "successfully") {
msg := strings.Trim(authResp, "\"")
return fmt.Errorf("Bluecat API request failed to delete session: %s", msg)
} }
d.token = "" d.token = ""
@ -176,7 +176,7 @@ func (d *DNSProvider) logout() error {
} }
// Lookup the entity ID of the configuration named in our properties // Lookup the entity ID of the configuration named in our properties
func (d *DNSProvider) lookupConfId() (uint, error) { func (d *DNSProvider) lookupConfID() (uint, error) {
queryArgs := map[string]string{ queryArgs := map[string]string{
"parentId": strconv.Itoa(0), "parentId": strconv.Itoa(0),
"name": d.configName, "name": d.configName,
@ -194,18 +194,18 @@ func (d *DNSProvider) lookupConfId() (uint, error) {
if err != nil { if err != nil {
return 0, err return 0, err
} }
return conf.Id, nil return conf.ID, nil
} }
// Find the DNS view with the given name within // Find the DNS view with the given name within
func (d *DNSProvider) lookupViewId(viewName string) (uint, error) { func (d *DNSProvider) lookupViewID(viewName string) (uint, error) {
confId, err := d.lookupConfId() confID, err := d.lookupConfID()
if err != nil { if err != nil {
return 0, err return 0, err
} }
queryArgs := map[string]string{ queryArgs := map[string]string{
"parentId": strconv.FormatUint(uint64(confId), 10), "parentId": strconv.FormatUint(uint64(confID), 10),
"name": d.dnsView, "name": d.dnsView,
"type": viewType, "type": viewType,
} }
@ -222,13 +222,13 @@ func (d *DNSProvider) lookupViewId(viewName string) (uint, error) {
return 0, err return 0, err
} }
return view.Id, nil return view.ID, nil
} }
// Return the entityId of the parent zone by recursing from the root view // Return the entityId of the parent zone by recursing from the root view
// Also return the simple name of the host // Also return the simple name of the host
func (d *DNSProvider) lookupParentZoneId(viewId uint, fqdn string) (uint, string, error) { func (d *DNSProvider) lookupParentZoneID(viewID uint, fqdn string) (uint, string, error) {
parentViewId := viewId parentViewID := viewID
name := "" name := ""
if fqdn != "" { if fqdn != "" {
@ -237,25 +237,24 @@ func (d *DNSProvider) lookupParentZoneId(viewId uint, fqdn string) (uint, string
name = zones[0] name = zones[0]
for i := last; i > -1; i-- { for i := last; i > -1; i-- {
zoneId, err := d.getZone(parentViewId, zones[i]) zoneID, err := d.getZone(parentViewID, zones[i])
if err != nil || zoneId == 0 { if err != nil || zoneID == 0 {
return parentViewId, name, err return parentViewID, name, err
} }
if i > 0 { if i > 0 {
name = strings.Join(zones[0:i], ".") name = strings.Join(zones[0:i], ".")
} }
parentViewId = zoneId parentViewID = zoneID
} }
} }
return parentViewId, name, nil return parentViewID, name, nil
} }
// Get the DNS zone with the specified name under the parentId // Get the DNS zone with the specified name under the parentId
func (d *DNSProvider) getZone(parentId uint, name string) (uint, error) { func (d *DNSProvider) getZone(parentID uint, name string) (uint, error) {
queryArgs := map[string]string{ queryArgs := map[string]string{
"parentId": strconv.FormatUint(uint64(parentId), 10), "parentId": strconv.FormatUint(uint64(parentID), 10),
"name": name, "name": name,
"type": zoneType, "type": zoneType,
} }
@ -276,29 +275,32 @@ func (d *DNSProvider) getZone(parentId uint, name string) (uint, error) {
return 0, err return 0, err
} }
return zone.Id, nil return zone.ID, nil
} }
// Present creates a TXT record using the specified parameters // Present creates a TXT record using the specified parameters
// This will *not* create a subzone to contain the TXT record, // This will *not* create a subzone to contain the TXT record,
// so make sure the FQDN specified is within an extant zone. // so make sure the FQDN specified is within an extant zone.
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
err := d.login() err := d.login()
if err != nil { if err != nil {
return err return err
} }
viewId, err := d.lookupViewId(d.dnsView) viewID, err := d.lookupViewID(d.dnsView)
if err != nil { if err != nil {
return err return err
} }
parentZoneId, name, err := d.lookupParentZoneId(viewId, fqdn) parentZoneID, name, err := d.lookupParentZoneID(viewID, fqdn)
if err != nil {
return err
}
queryArgs := map[string]string{ queryArgs := map[string]string{
"parentId": strconv.FormatUint(uint64(parentZoneId), 10), "parentId": strconv.FormatUint(uint64(parentZoneID), 10),
} }
body := bluecatEntity{ body := bluecatEntity{
@ -322,23 +324,18 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("Bluecat API addEntity request failed: %s", addTxtResp) return fmt.Errorf("Bluecat API addEntity request failed: %s", addTxtResp)
} }
err = d.deploy(uint(parentZoneId)) err = d.deploy(parentZoneID)
if err != nil { if err != nil {
return err return err
} }
err = d.logout() return d.logout()
if err != nil {
return err
}
return nil
} }
// Deploy the DNS config for the specified entity to the authoritative servers // Deploy the DNS config for the specified entity to the authoritative servers
func (d *DNSProvider) deploy(entityId uint) error { func (d *DNSProvider) deploy(entityID uint) error {
queryArgs := map[string]string{ queryArgs := map[string]string{
"entityId": strconv.FormatUint(uint64(entityId), 10), "entityId": strconv.FormatUint(uint64(entityID), 10),
} }
resp, err := d.sendRequest("POST", "quickDeploy", nil, queryArgs) resp, err := d.sendRequest("POST", "quickDeploy", nil, queryArgs)
@ -353,25 +350,25 @@ func (d *DNSProvider) deploy(entityId uint) error {
// CleanUp removes the TXT record matching the specified parameters // CleanUp removes the TXT record matching the specified parameters
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
err := d.login() err := d.login()
if err != nil { if err != nil {
return err return err
} }
viewId, err := d.lookupViewId(d.dnsView) viewID, err := d.lookupViewID(d.dnsView)
if err != nil { if err != nil {
return err return err
} }
parentId, name, err := d.lookupParentZoneId(viewId, fqdn) parentID, name, err := d.lookupParentZoneID(viewID, fqdn)
if err != nil { if err != nil {
return err return err
} }
queryArgs := map[string]string{ queryArgs := map[string]string{
"parentId": strconv.FormatUint(uint64(parentId), 10), "parentId": strconv.FormatUint(uint64(parentID), 10),
"name": name, "name": name,
"type": txtType, "type": txtType,
} }
@ -388,7 +385,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return err return err
} }
queryArgs = map[string]string{ queryArgs = map[string]string{
"objectId": strconv.FormatUint(uint64(txtRec.Id), 10), "objectId": strconv.FormatUint(uint64(txtRec.ID), 10),
} }
resp, err = d.sendRequest("DELETE", "delete", nil, queryArgs) resp, err = d.sendRequest("DELETE", "delete", nil, queryArgs)
@ -397,20 +394,15 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
} }
defer resp.Body.Close() defer resp.Body.Close()
err = d.deploy(parentId) err = d.deploy(parentID)
if err != nil { if err != nil {
return err return err
} }
err = d.logout() return d.logout()
if err != nil {
return err
}
return nil
} }
//JSON body for Bluecat entity requests and responses // JSON body for Bluecat entity requests and responses
type bluecatEntity struct { type bluecatEntity struct {
ID string `json:"id,omitempty"` ID string `json:"id,omitempty"`
Name string `json:"name"` Name string `json:"name"`

50
vendor/github.com/xenolf/lego/providers/dns/cloudflare/cloudflare.go generated vendored
View file

@ -7,18 +7,20 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
"io/ioutil"
"net/http" "net/http"
"os" "os"
"strings"
"time" "time"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// CloudFlareAPIURL represents the API endpoint to call. // CloudFlareAPIURL represents the API endpoint to call.
// TODO: Unexport? // TODO: Unexport?
const CloudFlareAPIURL = "https://api.cloudflare.com/client/v4" const CloudFlareAPIURL = "https://api.cloudflare.com/client/v4"
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface // DNSProvider is an implementation of the acme.ChallengeProvider interface
type DNSProvider struct { type DNSProvider struct {
authEmail string authEmail string
authKey string authKey string
@ -37,7 +39,14 @@ func NewDNSProvider() (*DNSProvider, error) {
// DNSProvider instance configured for cloudflare. // DNSProvider instance configured for cloudflare.
func NewDNSProviderCredentials(email, key string) (*DNSProvider, error) { func NewDNSProviderCredentials(email, key string) (*DNSProvider, error) {
if email == "" || key == "" { if email == "" || key == "" {
return nil, fmt.Errorf("CloudFlare credentials missing") missingEnvVars := []string{}
if email == "" {
missingEnvVars = append(missingEnvVars, "CLOUDFLARE_EMAIL")
}
if key == "" {
missingEnvVars = append(missingEnvVars, "CLOUDFLARE_API_KEY")
}
return nil, fmt.Errorf("CloudFlare credentials missing: %s", strings.Join(missingEnvVars, ","))
} }
return &DNSProvider{ return &DNSProvider{
@ -54,7 +63,7 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {
// Present creates a TXT record to fulfil the dns-01 challenge // Present creates a TXT record to fulfil the dns-01 challenge
func (c *DNSProvider) Present(domain, token, keyAuth string) error { func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
zoneID, err := c.getHostedZoneID(fqdn) zoneID, err := c.getHostedZoneID(fqdn)
if err != nil { if err != nil {
return err return err
@ -62,7 +71,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
rec := cloudFlareRecord{ rec := cloudFlareRecord{
Type: "TXT", Type: "TXT",
Name: acmev2.UnFqdn(fqdn), Name: acme.UnFqdn(fqdn),
Content: value, Content: value,
TTL: 120, TTL: 120,
} }
@ -73,16 +82,12 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
} }
_, err = c.makeRequest("POST", fmt.Sprintf("/zones/%s/dns_records", zoneID), bytes.NewReader(body)) _, err = c.makeRequest("POST", fmt.Sprintf("/zones/%s/dns_records", zoneID), bytes.NewReader(body))
if err != nil { return err
return err
}
return nil
} }
// CleanUp removes the TXT record matching the specified parameters // CleanUp removes the TXT record matching the specified parameters
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
record, err := c.findTxtRecord(fqdn) record, err := c.findTxtRecord(fqdn)
if err != nil { if err != nil {
@ -90,11 +95,7 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
} }
_, err = c.makeRequest("DELETE", fmt.Sprintf("/zones/%s/dns_records/%s", record.ZoneID, record.ID), nil) _, err = c.makeRequest("DELETE", fmt.Sprintf("/zones/%s/dns_records/%s", record.ZoneID, record.ID), nil)
if err != nil { return err
return err
}
return nil
} }
func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) { func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
@ -104,12 +105,12 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
Name string `json:"name"` Name string `json:"name"`
} }
authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return "", err return "", err
} }
result, err := c.makeRequest("GET", "/zones?name="+acmev2.UnFqdn(authZone), nil) result, err := c.makeRequest("GET", "/zones?name="+acme.UnFqdn(authZone), nil)
if err != nil { if err != nil {
return "", err return "", err
} }
@ -135,7 +136,7 @@ func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {
result, err := c.makeRequest( result, err := c.makeRequest(
"GET", "GET",
fmt.Sprintf("/zones/%s/dns_records?per_page=1000&type=TXT&name=%s", zoneID, acmev2.UnFqdn(fqdn)), fmt.Sprintf("/zones/%s/dns_records?per_page=1000&type=TXT&name=%s", zoneID, acme.UnFqdn(fqdn)),
nil, nil,
) )
if err != nil { if err != nil {
@ -149,12 +150,12 @@ func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {
} }
for _, rec := range records { for _, rec := range records {
if rec.Name == acmev2.UnFqdn(fqdn) { if rec.Name == acme.UnFqdn(fqdn) {
return &rec, nil return &rec, nil
} }
} }
return nil, fmt.Errorf("No existing record found for %s", fqdn) return nil, fmt.Errorf("no existing record found for %s", fqdn)
} }
func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) { func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) {
@ -179,7 +180,6 @@ func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawM
req.Header.Set("X-Auth-Email", c.authEmail) req.Header.Set("X-Auth-Email", c.authEmail)
req.Header.Set("X-Auth-Key", c.authKey) req.Header.Set("X-Auth-Key", c.authKey)
//req.Header.Set("User-Agent", userAgent())
client := http.Client{Timeout: 30 * time.Second} client := http.Client{Timeout: 30 * time.Second}
resp, err := client.Do(req) resp, err := client.Do(req)
@ -206,7 +206,11 @@ func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawM
} }
return nil, fmt.Errorf("Cloudflare API Error \n%s", errStr) return nil, fmt.Errorf("Cloudflare API Error \n%s", errStr)
} }
return nil, fmt.Errorf("Cloudflare API error") strBody := "Unreadable body"
if body, err := ioutil.ReadAll(resp.Body); err == nil {
strBody = string(body)
}
return nil, fmt.Errorf("Cloudflare API error: the request %s sent a response with a body which is not in JSON format: %s", req.URL.String(), strBody)
} }
return r.Result, nil return r.Result, nil

26
vendor/github.com/xenolf/lego/providers/dns/cloudxns/cloudxns.go generated vendored
View file

@ -13,12 +13,12 @@ import (
"strconv" "strconv"
"time" "time"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
const cloudXNSBaseURL = "https://www.cloudxns.net/api2/" const cloudXNSBaseURL = "https://www.cloudxns.net/api2/"
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface // DNSProvider is an implementation of the acme.ChallengeProvider interface
type DNSProvider struct { type DNSProvider struct {
apiKey string apiKey string
secretKey string secretKey string
@ -48,7 +48,7 @@ func NewDNSProviderCredentials(apiKey, secretKey string) (*DNSProvider, error) {
// Present creates a TXT record to fulfil the dns-01 challenge. // Present creates a TXT record to fulfil the dns-01 challenge.
func (c *DNSProvider) Present(domain, token, keyAuth string) error { func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
zoneID, err := c.getHostedZoneID(fqdn) zoneID, err := c.getHostedZoneID(fqdn)
if err != nil { if err != nil {
return err return err
@ -59,7 +59,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters. // CleanUp removes the TXT record matching the specified parameters.
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
zoneID, err := c.getHostedZoneID(fqdn) zoneID, err := c.getHostedZoneID(fqdn)
if err != nil { if err != nil {
return err return err
@ -79,7 +79,7 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
Domain string `json:"domain"` Domain string `json:"domain"`
} }
authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return "", err return "", err
} }
@ -101,7 +101,7 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
} }
} }
return "", fmt.Errorf("Zone %s not found in cloudxns for domain %s", authZone, fqdn) return "", fmt.Errorf("zone %s not found in cloudxns for domain %s", authZone, fqdn)
} }
func (c *DNSProvider) findTxtRecord(zoneID, fqdn string) (string, error) { func (c *DNSProvider) findTxtRecord(zoneID, fqdn string) (string, error) {
@ -117,12 +117,12 @@ func (c *DNSProvider) findTxtRecord(zoneID, fqdn string) (string, error) {
} }
for _, record := range records { for _, record := range records {
if record.Host == acmev2.UnFqdn(fqdn) && record.Type == "TXT" { if record.Host == acme.UnFqdn(fqdn) && record.Type == "TXT" {
return record.RecordID, nil return record.RecordID, nil
} }
} }
return "", fmt.Errorf("No existing record found for %s", fqdn) return "", fmt.Errorf("no existing record found for %s", fqdn)
} }
func (c *DNSProvider) addTxtRecord(zoneID, fqdn, value string, ttl int) error { func (c *DNSProvider) addTxtRecord(zoneID, fqdn, value string, ttl int) error {
@ -133,7 +133,7 @@ func (c *DNSProvider) addTxtRecord(zoneID, fqdn, value string, ttl int) error {
payload := cloudXNSRecord{ payload := cloudXNSRecord{
ID: id, ID: id,
Host: acmev2.UnFqdn(fqdn), Host: acme.UnFqdn(fqdn),
Value: value, Value: value,
Type: "TXT", Type: "TXT",
LineID: 1, LineID: 1,
@ -146,11 +146,7 @@ func (c *DNSProvider) addTxtRecord(zoneID, fqdn, value string, ttl int) error {
} }
_, err = c.makeRequest("POST", "record", body) _, err = c.makeRequest("POST", "record", body)
if err != nil { return err
return err
}
return nil
} }
func (c *DNSProvider) delTxtRecord(recordID, zoneID string) error { func (c *DNSProvider) delTxtRecord(recordID, zoneID string) error {
@ -183,7 +179,7 @@ func (c *DNSProvider) makeRequest(method, uri string, body []byte) (json.RawMess
req.Header.Set("API-HMAC", c.hmac(url, requestDate, string(body))) req.Header.Set("API-HMAC", c.hmac(url, requestDate, string(body)))
req.Header.Set("API-FORMAT", "json") req.Header.Set("API-FORMAT", "json")
resp, err := acmev2.HTTPClient.Do(req) resp, err := acme.HTTPClient.Do(req)
if err != nil { if err != nil {
return nil, err return nil, err
} }

64
vendor/github.com/xenolf/lego/providers/dns/digitalocean/digitalocean.go generated vendored
View file

@ -11,10 +11,10 @@ import (
"sync" "sync"
"time" "time"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface // DNSProvider is an implementation of the acme.ChallengeProvider interface
// that uses DigitalOcean's REST API to manage TXT records for a domain. // that uses DigitalOcean's REST API to manage TXT records for a domain.
type DNSProvider struct { type DNSProvider struct {
apiAuthToken string apiAuthToken string
@ -22,6 +22,12 @@ type DNSProvider struct {
recordIDsMu sync.Mutex recordIDsMu sync.Mutex
} }
// Timeout returns the timeout and interval to use when checking for DNS
// propagation. Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return 60 * time.Second, 5 * time.Second
}
// NewDNSProvider returns a DNSProvider instance configured for Digital // NewDNSProvider returns a DNSProvider instance configured for Digital
// Ocean. Credentials must be passed in the environment variable: // Ocean. Credentials must be passed in the environment variable:
// DO_AUTH_TOKEN. // DO_AUTH_TOKEN.
@ -44,32 +50,14 @@ func NewDNSProviderCredentials(apiAuthToken string) (*DNSProvider, error) {
// Present creates a TXT record using the specified parameters // Present creates a TXT record using the specified parameters
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// txtRecordRequest represents the request body to DO's API to make a TXT record fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
type txtRecordRequest struct {
RecordType string `json:"type"`
Name string `json:"name"`
Data string `json:"data"`
TTL int `json:"ttl"`
}
// txtRecordResponse represents a response from DO's API after making a TXT record authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
type txtRecordResponse struct {
DomainRecord struct {
ID int `json:"id"`
Type string `json:"type"`
Name string `json:"name"`
Data string `json:"data"`
} `json:"domain_record"`
}
fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
if err != nil { if err != nil {
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err) return fmt.Errorf("could not determine zone for domain: '%s'. %s", domain, err)
} }
authZone = acmev2.UnFqdn(authZone) authZone = acme.UnFqdn(authZone)
reqURL := fmt.Sprintf("%s/v2/domains/%s/records", digitalOceanBaseURL, authZone) reqURL := fmt.Sprintf("%s/v2/domains/%s/records", digitalOceanBaseURL, authZone)
reqData := txtRecordRequest{RecordType: "TXT", Name: fqdn, Data: value, TTL: 30} reqData := txtRecordRequest{RecordType: "TXT", Name: fqdn, Data: value, TTL: 30}
@ -113,7 +101,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters // CleanUp removes the TXT record matching the specified parameters
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
// get the record's unique ID from when we created it // get the record's unique ID from when we created it
d.recordIDsMu.Lock() d.recordIDsMu.Lock()
@ -123,12 +111,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("unknown record ID for '%s'", fqdn) return fmt.Errorf("unknown record ID for '%s'", fqdn)
} }
authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil { if err != nil {
return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err) return fmt.Errorf("could not determine zone for domain: '%s'. %s", domain, err)
} }
authZone = acmev2.UnFqdn(authZone) authZone = acme.UnFqdn(authZone)
reqURL := fmt.Sprintf("%s/v2/domains/%s/records/%d", digitalOceanBaseURL, authZone, recordID) reqURL := fmt.Sprintf("%s/v2/domains/%s/records/%d", digitalOceanBaseURL, authZone, recordID)
req, err := http.NewRequest("DELETE", reqURL, nil) req, err := http.NewRequest("DELETE", reqURL, nil)
@ -166,8 +154,20 @@ type digitalOceanAPIError struct {
var digitalOceanBaseURL = "https://api.digitalocean.com" var digitalOceanBaseURL = "https://api.digitalocean.com"
// Timeout returns the timeout and interval to use when checking for DNS // txtRecordRequest represents the request body to DO's API to make a TXT record
// propagation. Adjusting here to cope with spikes in propagation times. type txtRecordRequest struct {
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) { RecordType string `json:"type"`
return 60 * time.Second, 5 * time.Second Name string `json:"name"`
Data string `json:"data"`
TTL int `json:"ttl"`
}
// txtRecordResponse represents a response from DO's API after making a TXT record
type txtRecordResponse struct {
DomainRecord struct {
ID int `json:"id"`
Type string `json:"type"`
Name string `json:"name"`
Data string `json:"data"`
} `json:"domain_record"`
} }

16
vendor/github.com/xenolf/lego/providers/dns/dns_providers.go generated vendored
View file

@ -1,10 +1,9 @@
// Factory for DNS providers
package dns package dns
import ( import (
"fmt" "fmt"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
"github.com/xenolf/lego/providers/dns/auroradns" "github.com/xenolf/lego/providers/dns/auroradns"
"github.com/xenolf/lego/providers/dns/azure" "github.com/xenolf/lego/providers/dns/azure"
"github.com/xenolf/lego/providers/dns/bluecat" "github.com/xenolf/lego/providers/dns/bluecat"
@ -21,9 +20,9 @@ import (
"github.com/xenolf/lego/providers/dns/fastdns" "github.com/xenolf/lego/providers/dns/fastdns"
"github.com/xenolf/lego/providers/dns/gandi" "github.com/xenolf/lego/providers/dns/gandi"
"github.com/xenolf/lego/providers/dns/gandiv5" "github.com/xenolf/lego/providers/dns/gandiv5"
"github.com/xenolf/lego/providers/dns/gcloud"
"github.com/xenolf/lego/providers/dns/glesys" "github.com/xenolf/lego/providers/dns/glesys"
"github.com/xenolf/lego/providers/dns/godaddy" "github.com/xenolf/lego/providers/dns/godaddy"
"github.com/xenolf/lego/providers/dns/googlecloud"
"github.com/xenolf/lego/providers/dns/lightsail" "github.com/xenolf/lego/providers/dns/lightsail"
"github.com/xenolf/lego/providers/dns/linode" "github.com/xenolf/lego/providers/dns/linode"
"github.com/xenolf/lego/providers/dns/namecheap" "github.com/xenolf/lego/providers/dns/namecheap"
@ -38,9 +37,10 @@ import (
"github.com/xenolf/lego/providers/dns/vultr" "github.com/xenolf/lego/providers/dns/vultr"
) )
func NewDNSChallengeProviderByName(name string) (acmev2.ChallengeProvider, error) { // NewDNSChallengeProviderByName Factory for DNS providers
func NewDNSChallengeProviderByName(name string) (acme.ChallengeProvider, error) {
var err error var err error
var provider acmev2.ChallengeProvider var provider acme.ChallengeProvider
switch name { switch name {
case "azure": case "azure":
provider, err = azure.NewDNSProvider() provider, err = azure.NewDNSProvider()
@ -75,7 +75,7 @@ func NewDNSChallengeProviderByName(name string) (acmev2.ChallengeProvider, error
case "glesys": case "glesys":
provider, err = glesys.NewDNSProvider() provider, err = glesys.NewDNSProvider()
case "gcloud": case "gcloud":
provider, err = googlecloud.NewDNSProvider() provider, err = gcloud.NewDNSProvider()
case "godaddy": case "godaddy":
provider, err = godaddy.NewDNSProvider() provider, err = godaddy.NewDNSProvider()
case "lightsail": case "lightsail":
@ -83,7 +83,7 @@ func NewDNSChallengeProviderByName(name string) (acmev2.ChallengeProvider, error
case "linode": case "linode":
provider, err = linode.NewDNSProvider() provider, err = linode.NewDNSProvider()
case "manual": case "manual":
provider, err = acmev2.NewDNSProviderManual() provider, err = acme.NewDNSProviderManual()
case "namecheap": case "namecheap":
provider, err = namecheap.NewDNSProvider() provider, err = namecheap.NewDNSProvider()
case "namedotcom": case "namedotcom":
@ -107,7 +107,7 @@ func NewDNSChallengeProviderByName(name string) (acmev2.ChallengeProvider, error
case "exec": case "exec":
provider, err = exec.NewDNSProvider() provider, err = exec.NewDNSProvider()
default: default:
err = fmt.Errorf("Unrecognised DNS provider: %s", name) err = fmt.Errorf("unrecognised DNS provider: %s", name)
} }
return provider, err return provider, err
} }

31
vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple.go generated vendored
View file

@ -9,10 +9,10 @@ import (
"strings" "strings"
"github.com/dnsimple/dnsimple-go/dnsimple" "github.com/dnsimple/dnsimple-go/dnsimple"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface. // DNSProvider is an implementation of the acme.ChallengeProvider interface.
type DNSProvider struct { type DNSProvider struct {
client *dnsimple.Client client *dnsimple.Client
} }
@ -23,14 +23,14 @@ type DNSProvider struct {
// See: https://developer.dnsimple.com/v2/#authentication // See: https://developer.dnsimple.com/v2/#authentication
func NewDNSProvider() (*DNSProvider, error) { func NewDNSProvider() (*DNSProvider, error) {
accessToken := os.Getenv("DNSIMPLE_OAUTH_TOKEN") accessToken := os.Getenv("DNSIMPLE_OAUTH_TOKEN")
baseUrl := os.Getenv("DNSIMPLE_BASE_URL") baseURL := os.Getenv("DNSIMPLE_BASE_URL")
return NewDNSProviderCredentials(accessToken, baseUrl) return NewDNSProviderCredentials(accessToken, baseURL)
} }
// NewDNSProviderCredentials uses the supplied credentials to return a // NewDNSProviderCredentials uses the supplied credentials to return a
// DNSProvider instance configured for dnsimple. // DNSProvider instance configured for dnsimple.
func NewDNSProviderCredentials(accessToken, baseUrl string) (*DNSProvider, error) { func NewDNSProviderCredentials(accessToken, baseURL string) (*DNSProvider, error) {
if accessToken == "" { if accessToken == "" {
return nil, fmt.Errorf("DNSimple OAuth token is missing") return nil, fmt.Errorf("DNSimple OAuth token is missing")
} }
@ -38,8 +38,8 @@ func NewDNSProviderCredentials(accessToken, baseUrl string) (*DNSProvider, error
client := dnsimple.NewClient(dnsimple.NewOauthTokenCredentials(accessToken)) client := dnsimple.NewClient(dnsimple.NewOauthTokenCredentials(accessToken))
client.UserAgent = "lego" client.UserAgent = "lego"
if baseUrl != "" { if baseURL != "" {
client.BaseURL = baseUrl client.BaseURL = baseURL
} }
return &DNSProvider{client: client}, nil return &DNSProvider{client: client}, nil
@ -47,7 +47,7 @@ func NewDNSProviderCredentials(accessToken, baseUrl string) (*DNSProvider, error
// Present creates a TXT record to fulfil the dns-01 challenge. // Present creates a TXT record to fulfil the dns-01 challenge.
func (c *DNSProvider) Present(domain, token, keyAuth string) error { func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
zoneName, err := c.getHostedZone(domain) zoneName, err := c.getHostedZone(domain)
@ -71,7 +71,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters. // CleanUp removes the TXT record matching the specified parameters.
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
records, err := c.findTxtRecords(domain, fqdn) records, err := c.findTxtRecords(domain, fqdn)
if err != nil { if err != nil {
@ -94,7 +94,7 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
} }
func (c *DNSProvider) getHostedZone(domain string) (string, error) { func (c *DNSProvider) getHostedZone(domain string) (string, error) {
authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil { if err != nil {
return "", err return "", err
} }
@ -104,7 +104,7 @@ func (c *DNSProvider) getHostedZone(domain string) (string, error) {
return "", err return "", err
} }
zoneName := acmev2.UnFqdn(authZone) zoneName := acme.UnFqdn(authZone)
zones, err := c.client.Zones.ListZones(accountID, &dnsimple.ZoneListOptions{NameLike: zoneName}) zones, err := c.client.Zones.ListZones(accountID, &dnsimple.ZoneListOptions{NameLike: zoneName})
if err != nil { if err != nil {
@ -119,8 +119,7 @@ func (c *DNSProvider) getHostedZone(domain string) (string, error) {
} }
if hostedZone.ID == 0 { if hostedZone.ID == 0 {
return "", fmt.Errorf("Zone %s not found in DNSimple for domain %s", authZone, domain) return "", fmt.Errorf("zone %s not found in DNSimple for domain %s", authZone, domain)
} }
return hostedZone.Name, nil return hostedZone.Name, nil
@ -159,7 +158,7 @@ func (c *DNSProvider) newTxtRecord(zoneName, fqdn, value string, ttl int) *dnsim
} }
func (c *DNSProvider) extractRecordName(fqdn, domain string) string { func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
name := acmev2.UnFqdn(fqdn) name := acme.UnFqdn(fqdn)
if idx := strings.Index(name, "."+domain); idx != -1 { if idx := strings.Index(name, "."+domain); idx != -1 {
return name[:idx] return name[:idx]
} }
@ -173,8 +172,8 @@ func (c *DNSProvider) getAccountID() (string, error) {
} }
if whoamiResponse.Data.Account == nil { if whoamiResponse.Data.Account == nil {
return "", fmt.Errorf("DNSimple user tokens are not supported, please use an account token.") return "", fmt.Errorf("DNSimple user tokens are not supported, please use an account token")
} }
return strconv.Itoa(whoamiResponse.Data.Account.ID), nil return strconv.FormatInt(whoamiResponse.Data.Account.ID, 10), nil
} }

20
vendor/github.com/xenolf/lego/providers/dns/dnsmadeeasy/dnsmadeeasy.go generated vendored
View file

@ -14,10 +14,10 @@ import (
"strings" "strings"
"time" "time"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface that uses // DNSProvider is an implementation of the acme.ChallengeProvider interface that uses
// DNSMadeEasy's DNS API to manage TXT records for a domain. // DNSMadeEasy's DNS API to manage TXT records for a domain.
type DNSProvider struct { type DNSProvider struct {
baseURL string baseURL string
@ -77,9 +77,9 @@ func NewDNSProviderCredentials(baseURL, apiKey, apiSecret string) (*DNSProvider,
// Present creates a TXT record using the specified parameters // Present creates a TXT record using the specified parameters
func (d *DNSProvider) Present(domainName, token, keyAuth string) error { func (d *DNSProvider) Present(domainName, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domainName, keyAuth) fqdn, value, ttl := acme.DNS01Record(domainName, keyAuth)
authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return err return err
} }
@ -95,18 +95,14 @@ func (d *DNSProvider) Present(domainName, token, keyAuth string) error {
record := &Record{Type: "TXT", Name: name, Value: value, TTL: ttl} record := &Record{Type: "TXT", Name: name, Value: value, TTL: ttl}
err = d.createRecord(domain, record) err = d.createRecord(domain, record)
if err != nil { return err
return err
}
return nil
} }
// CleanUp removes the TXT records matching the specified parameters // CleanUp removes the TXT records matching the specified parameters
func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domainName, keyAuth) fqdn, _, _ := acme.DNS01Record(domainName, keyAuth)
authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return err return err
} }
@ -226,7 +222,7 @@ func (d *DNSProvider) sendRequest(method, resource string, payload interface{})
} }
client := &http.Client{ client := &http.Client{
Transport: transport, Transport: transport,
Timeout: time.Duration(10 * time.Second), Timeout: 10 * time.Second,
} }
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {

14
vendor/github.com/xenolf/lego/providers/dns/dnspod/dnspod.go generated vendored
View file

@ -8,10 +8,10 @@ import (
"strings" "strings"
"github.com/decker502/dnspod-go" "github.com/decker502/dnspod-go"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface. // DNSProvider is an implementation of the acme.ChallengeProvider interface.
type DNSProvider struct { type DNSProvider struct {
client *dnspod.Client client *dnspod.Client
} }
@ -38,7 +38,7 @@ func NewDNSProviderCredentials(key string) (*DNSProvider, error) {
// Present creates a TXT record to fulfil the dns-01 challenge. // Present creates a TXT record to fulfil the dns-01 challenge.
func (c *DNSProvider) Present(domain, token, keyAuth string) error { func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
zoneID, zoneName, err := c.getHostedZone(domain) zoneID, zoneName, err := c.getHostedZone(domain)
if err != nil { if err != nil {
return err return err
@ -55,7 +55,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters. // CleanUp removes the TXT record matching the specified parameters.
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
records, err := c.findTxtRecords(domain, fqdn) records, err := c.findTxtRecords(domain, fqdn)
if err != nil { if err != nil {
@ -82,14 +82,14 @@ func (c *DNSProvider) getHostedZone(domain string) (string, string, error) {
return "", "", fmt.Errorf("dnspod API call failed: %v", err) return "", "", fmt.Errorf("dnspod API call failed: %v", err)
} }
authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil { if err != nil {
return "", "", err return "", "", err
} }
var hostedZone dnspod.Domain var hostedZone dnspod.Domain
for _, zone := range zones { for _, zone := range zones {
if zone.Name == acmev2.UnFqdn(authZone) { if zone.Name == acme.UnFqdn(authZone) {
hostedZone = zone hostedZone = zone
} }
} }
@ -138,7 +138,7 @@ func (c *DNSProvider) findTxtRecords(domain, fqdn string) ([]dnspod.Record, erro
} }
func (c *DNSProvider) extractRecordName(fqdn, domain string) string { func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
name := acmev2.UnFqdn(fqdn) name := acme.UnFqdn(fqdn)
if idx := strings.Index(name, "."+domain); idx != -1 { if idx := strings.Index(name, "."+domain); idx != -1 {
return name[:idx] return name[:idx]
} }

9
vendor/github.com/xenolf/lego/providers/dns/duckdns/duckdns.go generated vendored
View file

@ -1,5 +1,4 @@
// Adds lego support for http://duckdns.org . // Package duckdns Adds lego support for http://duckdns.org .
//
// See http://www.duckdns.org/spec.jsp for more info on updating TXT records. // See http://www.duckdns.org/spec.jsp for more info on updating TXT records.
package duckdns package duckdns
@ -9,7 +8,7 @@ import (
"io/ioutil" "io/ioutil"
"os" "os"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider adds and removes the record for the DNS challenge // DNSProvider adds and removes the record for the DNS challenge
@ -47,7 +46,7 @@ func makeDuckdnsURL(domain, token, txt string) string {
} }
func issueDuckdnsRequest(url string) error { func issueDuckdnsRequest(url string) error {
response, err := acmev2.HTTPClient.Get(url) response, err := acme.HTTPClient.Get(url)
if err != nil { if err != nil {
return err return err
} }
@ -70,7 +69,7 @@ func issueDuckdnsRequest(url string) error {
// //
// To update the TXT record we just need to make one simple get request. // To update the TXT record we just need to make one simple get request.
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
_, txtRecord, _ := acmev2.DNS01Record(domain, keyAuth) _, txtRecord, _ := acme.DNS01Record(domain, keyAuth)
url := makeDuckdnsURL(domain, d.token, txtRecord) url := makeDuckdnsURL(domain, d.token, txtRecord)
return issueDuckdnsRequest(url) return issueDuckdnsRequest(url)
} }

39
vendor/github.com/xenolf/lego/providers/dns/dyn/dyn.go generated vendored
View file

@ -11,7 +11,7 @@ import (
"strconv" "strconv"
"time" "time"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
var dynBaseURL = "https://api.dynect.net/REST" var dynBaseURL = "https://api.dynect.net/REST"
@ -30,7 +30,7 @@ type dynResponse struct {
Messages json.RawMessage `json:"msgs"` Messages json.RawMessage `json:"msgs"`
} }
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface that uses // DNSProvider is an implementation of the acme.ChallengeProvider interface that uses
// Dyn's Managed DNS API to manage TXT records for a domain. // Dyn's Managed DNS API to manage TXT records for a domain.
type DNSProvider struct { type DNSProvider struct {
customerName string customerName string
@ -80,7 +80,7 @@ func (d *DNSProvider) sendRequest(method, resource string, payload interface{})
req.Header.Set("Auth-Token", d.token) req.Header.Set("Auth-Token", d.token)
} }
client := &http.Client{Timeout: time.Duration(10 * time.Second)} client := &http.Client{Timeout: 10 * time.Second}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
return nil, err return nil, err
@ -158,7 +158,7 @@ func (d *DNSProvider) logout() error {
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Auth-Token", d.token) req.Header.Set("Auth-Token", d.token)
client := &http.Client{Timeout: time.Duration(10 * time.Second)} client := &http.Client{Timeout: 10 * time.Second}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
return err return err
@ -176,9 +176,9 @@ func (d *DNSProvider) logout() error {
// Present creates a TXT record using the specified parameters // Present creates a TXT record using the specified parameters
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return err return err
} }
@ -206,12 +206,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return err return err
} }
err = d.logout() return d.logout()
if err != nil {
return err
}
return nil
} }
func (d *DNSProvider) publish(zone, notes string) error { func (d *DNSProvider) publish(zone, notes string) error {
@ -222,19 +217,16 @@ func (d *DNSProvider) publish(zone, notes string) error {
pub := &publish{Publish: true, Notes: notes} pub := &publish{Publish: true, Notes: notes}
resource := fmt.Sprintf("Zone/%s/", zone) resource := fmt.Sprintf("Zone/%s/", zone)
_, err := d.sendRequest("PUT", resource, pub)
if err != nil {
return err
}
return nil _, err := d.sendRequest("PUT", resource, pub)
return err
} }
// CleanUp removes the TXT record matching the specified parameters // CleanUp removes the TXT record matching the specified parameters
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return err return err
} }
@ -253,7 +245,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Auth-Token", d.token) req.Header.Set("Auth-Token", d.token)
client := &http.Client{Timeout: time.Duration(10 * time.Second)} client := &http.Client{Timeout: 10 * time.Second}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
return err return err
@ -269,10 +261,5 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return err return err
} }
err = d.logout() return d.logout()
if err != nil {
return err
}
return nil
} }

6
vendor/github.com/xenolf/lego/providers/dns/exec/exec.go generated vendored
View file

@ -31,7 +31,7 @@ import (
"os/exec" "os/exec"
"strconv" "strconv"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider adds and removes the record for the DNS challenge by calling a // DNSProvider adds and removes the record for the DNS challenge by calling a
@ -53,7 +53,7 @@ func NewDNSProvider() (*DNSProvider, error) {
// Present creates a TXT record to fulfil the dns-01 challenge. // Present creates a TXT record to fulfil the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
cmd := exec.Command(d.program, "present", fqdn, value, strconv.Itoa(ttl)) cmd := exec.Command(d.program, "present", fqdn, value, strconv.Itoa(ttl))
cmd.Stdout = os.Stdout cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr cmd.Stderr = os.Stderr
@ -63,7 +63,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters // CleanUp removes the TXT record matching the specified parameters
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
cmd := exec.Command(d.program, "cleanup", fqdn, value, strconv.Itoa(ttl)) cmd := exec.Command(d.program, "cleanup", fqdn, value, strconv.Itoa(ttl))
cmd.Stdout = os.Stdout cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr cmd.Stderr = os.Stderr

28
vendor/github.com/xenolf/lego/providers/dns/exoscale/exoscale.go generated vendored
View file

@ -8,15 +8,15 @@ import (
"os" "os"
"github.com/exoscale/egoscale" "github.com/exoscale/egoscale"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface. // DNSProvider is an implementation of the acme.ChallengeProvider interface.
type DNSProvider struct { type DNSProvider struct {
client *egoscale.Client client *egoscale.Client
} }
// Credentials must be passed in the environment variables: // NewDNSProvider Credentials must be passed in the environment variables:
// EXOSCALE_API_KEY, EXOSCALE_API_SECRET, EXOSCALE_ENDPOINT. // EXOSCALE_API_KEY, EXOSCALE_API_SECRET, EXOSCALE_ENDPOINT.
func NewDNSProvider() (*DNSProvider, error) { func NewDNSProvider() (*DNSProvider, error) {
key := os.Getenv("EXOSCALE_API_KEY") key := os.Getenv("EXOSCALE_API_KEY")
@ -25,7 +25,7 @@ func NewDNSProvider() (*DNSProvider, error) {
return NewDNSProviderClient(key, secret, endpoint) return NewDNSProviderClient(key, secret, endpoint)
} }
// Uses the supplied parameters to return a DNSProvider instance // NewDNSProviderClient Uses the supplied parameters to return a DNSProvider instance
// configured for Exoscale. // configured for Exoscale.
func NewDNSProviderClient(key, secret, endpoint string) (*DNSProvider, error) { func NewDNSProviderClient(key, secret, endpoint string) (*DNSProvider, error) {
if key == "" || secret == "" { if key == "" || secret == "" {
@ -42,13 +42,13 @@ func NewDNSProviderClient(key, secret, endpoint string) (*DNSProvider, error) {
// Present creates a TXT record to fulfil the dns-01 challenge. // Present creates a TXT record to fulfil the dns-01 challenge.
func (c *DNSProvider) Present(domain, token, keyAuth string) error { func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
zone, recordName, err := c.FindZoneAndRecordName(fqdn, domain) zone, recordName, err := c.FindZoneAndRecordName(fqdn, domain)
if err != nil { if err != nil {
return err return err
} }
recordID, err := c.FindExistingRecordId(zone, recordName) recordID, err := c.FindExistingRecordID(zone, recordName)
if err != nil { if err != nil {
return err return err
} }
@ -78,13 +78,13 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the record matching the specified parameters. // CleanUp removes the record matching the specified parameters.
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
zone, recordName, err := c.FindZoneAndRecordName(fqdn, domain) zone, recordName, err := c.FindZoneAndRecordName(fqdn, domain)
if err != nil { if err != nil {
return err return err
} }
recordID, err := c.FindExistingRecordId(zone, recordName) recordID, err := c.FindExistingRecordID(zone, recordName)
if err != nil { if err != nil {
return err return err
} }
@ -99,9 +99,9 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return nil return nil
} }
// Query Exoscale to find an existing record for this name. // FindExistingRecordID Query Exoscale to find an existing record for this name.
// Returns nil if no record could be found // Returns nil if no record could be found
func (c *DNSProvider) FindExistingRecordId(zone, recordName string) (int64, error) { func (c *DNSProvider) FindExistingRecordID(zone, recordName string) (int64, error) {
records, err := c.client.GetRecords(zone) records, err := c.client.GetRecords(zone)
if err != nil { if err != nil {
return -1, errors.New("Error while retrievening DNS records: " + err.Error()) return -1, errors.New("Error while retrievening DNS records: " + err.Error())
@ -114,14 +114,14 @@ func (c *DNSProvider) FindExistingRecordId(zone, recordName string) (int64, erro
return 0, nil return 0, nil
} }
// Extract DNS zone and DNS entry name // FindZoneAndRecordName Extract DNS zone and DNS entry name
func (c *DNSProvider) FindZoneAndRecordName(fqdn, domain string) (string, string, error) { func (c *DNSProvider) FindZoneAndRecordName(fqdn, domain string) (string, string, error) {
zone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers) zone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil { if err != nil {
return "", "", err return "", "", err
} }
zone = acmev2.UnFqdn(zone) zone = acme.UnFqdn(zone)
name := acmev2.UnFqdn(fqdn) name := acme.UnFqdn(fqdn)
name = name[:len(name)-len("."+zone)] name = name[:len(name)-len("."+zone)]
return zone, name, nil return zone, name, nil

14
vendor/github.com/xenolf/lego/providers/dns/fastdns/fastdns.go generated vendored
View file

@ -7,10 +7,10 @@ import (
configdns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v1" configdns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v1"
"github.com/akamai/AkamaiOPEN-edgegrid-golang/edgegrid" "github.com/akamai/AkamaiOPEN-edgegrid-golang/edgegrid"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface. // DNSProvider is an implementation of the acme.ChallengeProvider interface.
type DNSProvider struct { type DNSProvider struct {
config edgegrid.Config config edgegrid.Config
} }
@ -47,7 +47,7 @@ func NewDNSProviderClient(host, clientToken, clientSecret, accessToken string) (
// Present creates a TXT record to fullfil the dns-01 challenge. // Present creates a TXT record to fullfil the dns-01 challenge.
func (c *DNSProvider) Present(domain, token, keyAuth string) error { func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
zoneName, recordName, err := c.findZoneAndRecordName(fqdn, domain) zoneName, recordName, err := c.findZoneAndRecordName(fqdn, domain)
if err != nil { if err != nil {
return err return err
@ -81,7 +81,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the record matching the specified parameters. // CleanUp removes the record matching the specified parameters.
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
zoneName, recordName, err := c.findZoneAndRecordName(fqdn, domain) zoneName, recordName, err := c.findZoneAndRecordName(fqdn, domain)
if err != nil { if err != nil {
return err return err
@ -108,12 +108,12 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
} }
func (c *DNSProvider) findZoneAndRecordName(fqdn, domain string) (string, string, error) { func (c *DNSProvider) findZoneAndRecordName(fqdn, domain string) (string, string, error) {
zone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers) zone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil { if err != nil {
return "", "", err return "", "", err
} }
zone = acmev2.UnFqdn(zone) zone = acme.UnFqdn(zone)
name := acmev2.UnFqdn(fqdn) name := acme.UnFqdn(fqdn)
name = name[:len(name)-len("."+zone)] name = name[:len(name)-len("."+zone)]
return zone, name, nil return zone, name, nil

55
vendor/github.com/xenolf/lego/providers/dns/gandi/gandi.go generated vendored
View file

@ -14,7 +14,7 @@ import (
"sync" "sync"
"time" "time"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// Gandi API reference: http://doc.rpc.gandi.net/index.html // Gandi API reference: http://doc.rpc.gandi.net/index.html
@ -26,7 +26,7 @@ var (
endpoint = "https://rpc.gandi.net/xmlrpc/" endpoint = "https://rpc.gandi.net/xmlrpc/"
// findZoneByFqdn determines the DNS zone of an fqdn. It is overridden // findZoneByFqdn determines the DNS zone of an fqdn. It is overridden
// during tests. // during tests.
findZoneByFqdn = acmev2.FindZoneByFqdn findZoneByFqdn = acme.FindZoneByFqdn
) )
// inProgressInfo contains information about an in-progress challenge // inProgressInfo contains information about an in-progress challenge
@ -37,7 +37,7 @@ type inProgressInfo struct {
} }
// DNSProvider is an implementation of the // DNSProvider is an implementation of the
// acmev2.ChallengeProviderTimeout interface that uses Gandi's XML-RPC // acme.ChallengeProviderTimeout interface that uses Gandi's XML-RPC
// API to manage TXT records for a domain. // API to manage TXT records for a domain.
type DNSProvider struct { type DNSProvider struct {
apiKey string apiKey string
@ -70,19 +70,22 @@ func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {
// does this by creating and activating a new temporary Gandi DNS // does this by creating and activating a new temporary Gandi DNS
// zone. This new zone contains the TXT record. // zone. This new zone contains the TXT record.
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
if ttl < 300 { if ttl < 300 {
ttl = 300 // 300 is gandi minimum value for ttl ttl = 300 // 300 is gandi minimum value for ttl
} }
// find authZone and Gandi zone_id for fqdn // find authZone and Gandi zone_id for fqdn
authZone, err := findZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := findZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return fmt.Errorf("Gandi DNS: findZoneByFqdn failure: %v", err) return fmt.Errorf("Gandi DNS: findZoneByFqdn failure: %v", err)
} }
zoneID, err := d.getZoneID(authZone) zoneID, err := d.getZoneID(authZone)
if err != nil { if err != nil {
return err return err
} }
// determine name of TXT record // determine name of TXT record
if !strings.HasSuffix( if !strings.HasSuffix(
strings.ToLower(fqdn), strings.ToLower("."+authZone)) { strings.ToLower(fqdn), strings.ToLower("."+authZone)) {
@ -90,40 +93,49 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
"Gandi DNS: unexpected authZone %s for fqdn %s", authZone, fqdn) "Gandi DNS: unexpected authZone %s for fqdn %s", authZone, fqdn)
} }
name := fqdn[:len(fqdn)-len("."+authZone)] name := fqdn[:len(fqdn)-len("."+authZone)]
// acquire lock and check there is not a challenge already in // acquire lock and check there is not a challenge already in
// progress for this value of authZone // progress for this value of authZone
d.inProgressMu.Lock() d.inProgressMu.Lock()
defer d.inProgressMu.Unlock() defer d.inProgressMu.Unlock()
if _, ok := d.inProgressAuthZones[authZone]; ok { if _, ok := d.inProgressAuthZones[authZone]; ok {
return fmt.Errorf( return fmt.Errorf(
"Gandi DNS: challenge already in progress for authZone %s", "Gandi DNS: challenge already in progress for authZone %s",
authZone) authZone)
} }
// perform API actions to create and activate new gandi zone // perform API actions to create and activate new gandi zone
// containing the required TXT record // containing the required TXT record
newZoneName := fmt.Sprintf( newZoneName := fmt.Sprintf(
"%s [ACME Challenge %s]", "%s [ACME Challenge %s]",
acmev2.UnFqdn(authZone), time.Now().Format(time.RFC822Z)) acme.UnFqdn(authZone), time.Now().Format(time.RFC822Z))
newZoneID, err := d.cloneZone(zoneID, newZoneName) newZoneID, err := d.cloneZone(zoneID, newZoneName)
if err != nil { if err != nil {
return err return err
} }
newZoneVersion, err := d.newZoneVersion(newZoneID) newZoneVersion, err := d.newZoneVersion(newZoneID)
if err != nil { if err != nil {
return err return err
} }
err = d.addTXTRecord(newZoneID, newZoneVersion, name, value, ttl) err = d.addTXTRecord(newZoneID, newZoneVersion, name, value, ttl)
if err != nil { if err != nil {
return err return err
} }
err = d.setZoneVersion(newZoneID, newZoneVersion) err = d.setZoneVersion(newZoneID, newZoneVersion)
if err != nil { if err != nil {
return err return err
} }
err = d.setZone(authZone, newZoneID) err = d.setZone(authZone, newZoneID)
if err != nil { if err != nil {
return err return err
} }
// save data necessary for CleanUp // save data necessary for CleanUp
d.inProgressFQDNs[fqdn] = inProgressInfo{ d.inProgressFQDNs[fqdn] = inProgressInfo{
zoneID: zoneID, zoneID: zoneID,
@ -138,29 +150,29 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// parameters. It does this by restoring the old Gandi DNS zone and // parameters. It does this by restoring the old Gandi DNS zone and
// removing the temporary one created by Present. // removing the temporary one created by Present.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
// acquire lock and retrieve zoneID, newZoneID and authZone // acquire lock and retrieve zoneID, newZoneID and authZone
d.inProgressMu.Lock() d.inProgressMu.Lock()
defer d.inProgressMu.Unlock() defer d.inProgressMu.Unlock()
if _, ok := d.inProgressFQDNs[fqdn]; !ok { if _, ok := d.inProgressFQDNs[fqdn]; !ok {
// if there is no cleanup information then just return // if there is no cleanup information then just return
return nil return nil
} }
zoneID := d.inProgressFQDNs[fqdn].zoneID zoneID := d.inProgressFQDNs[fqdn].zoneID
newZoneID := d.inProgressFQDNs[fqdn].newZoneID newZoneID := d.inProgressFQDNs[fqdn].newZoneID
authZone := d.inProgressFQDNs[fqdn].authZone authZone := d.inProgressFQDNs[fqdn].authZone
delete(d.inProgressFQDNs, fqdn) delete(d.inProgressFQDNs, fqdn)
delete(d.inProgressAuthZones, authZone) delete(d.inProgressAuthZones, authZone)
// perform API actions to restore old gandi zone for authZone // perform API actions to restore old gandi zone for authZone
err := d.setZone(authZone, zoneID) err := d.setZone(authZone, zoneID)
if err != nil { if err != nil {
return err return err
} }
err = d.deleteZone(newZoneID)
if err != nil { return d.deleteZone(newZoneID)
return err
}
return nil
} }
// Timeout returns the values (40*time.Minute, 60*time.Second) which // Timeout returns the values (40*time.Minute, 60*time.Second) which
@ -259,15 +271,18 @@ func (e rpcError) Error() string {
func httpPost(url string, bodyType string, body io.Reader) ([]byte, error) { func httpPost(url string, bodyType string, body io.Reader) ([]byte, error) {
client := http.Client{Timeout: 60 * time.Second} client := http.Client{Timeout: 60 * time.Second}
resp, err := client.Post(url, bodyType, body) resp, err := client.Post(url, bodyType, body)
if err != nil { if err != nil {
return nil, fmt.Errorf("Gandi DNS: HTTP Post Error: %v", err) return nil, fmt.Errorf("Gandi DNS: HTTP Post Error: %v", err)
} }
defer resp.Body.Close() defer resp.Body.Close()
b, err := ioutil.ReadAll(resp.Body) b, err := ioutil.ReadAll(resp.Body)
if err != nil { if err != nil {
return nil, fmt.Errorf("Gandi DNS: HTTP Post Error: %v", err) return nil, fmt.Errorf("Gandi DNS: HTTP Post Error: %v", err)
} }
return b, nil return b, nil
} }
@ -281,12 +296,14 @@ func rpcCall(call *methodCall, resp response) error {
if err != nil { if err != nil {
return fmt.Errorf("Gandi DNS: Marshal Error: %v", err) return fmt.Errorf("Gandi DNS: Marshal Error: %v", err)
} }
// post // post
b = append([]byte(`<?xml version="1.0"?>`+"\n"), b...) b = append([]byte(`<?xml version="1.0"?>`+"\n"), b...)
respBody, err := httpPost(endpoint, "text/xml", bytes.NewReader(b)) respBody, err := httpPost(endpoint, "text/xml", bytes.NewReader(b))
if err != nil { if err != nil {
return err return err
} }
// unmarshal // unmarshal
err = xml.Unmarshal(respBody, resp) err = xml.Unmarshal(respBody, resp)
if err != nil { if err != nil {
@ -313,12 +330,14 @@ func (d *DNSProvider) getZoneID(domain string) (int, error) {
if err != nil { if err != nil {
return 0, err return 0, err
} }
var zoneID int var zoneID int
for _, member := range resp.StructMembers { for _, member := range resp.StructMembers {
if member.Name == "zone_id" { if member.Name == "zone_id" {
zoneID = member.ValueInt zoneID = member.ValueInt
} }
} }
if zoneID == 0 { if zoneID == 0 {
return 0, fmt.Errorf( return 0, fmt.Errorf(
"Gandi DNS: Could not determine zone_id for %s", domain) "Gandi DNS: Could not determine zone_id for %s", domain)
@ -346,12 +365,14 @@ func (d *DNSProvider) cloneZone(zoneID int, name string) (int, error) {
if err != nil { if err != nil {
return 0, err return 0, err
} }
var newZoneID int var newZoneID int
for _, member := range resp.StructMembers { for _, member := range resp.StructMembers {
if member.Name == "id" { if member.Name == "id" {
newZoneID = member.ValueInt newZoneID = member.ValueInt
} }
} }
if newZoneID == 0 { if newZoneID == 0 {
return 0, fmt.Errorf("Gandi DNS: Could not determine cloned zone_id") return 0, fmt.Errorf("Gandi DNS: Could not determine cloned zone_id")
} }
@ -370,6 +391,7 @@ func (d *DNSProvider) newZoneVersion(zoneID int) (int, error) {
if err != nil { if err != nil {
return 0, err return 0, err
} }
if resp.Value == 0 { if resp.Value == 0 {
return 0, fmt.Errorf("Gandi DNS: Could not create new zone version") return 0, fmt.Errorf("Gandi DNS: Could not create new zone version")
} }
@ -402,10 +424,7 @@ func (d *DNSProvider) addTXTRecord(zoneID int, version int, name string, value s
}, },
}, },
}, resp) }, resp)
if err != nil { return err
return err
}
return nil
} }
func (d *DNSProvider) setZoneVersion(zoneID int, version int) error { func (d *DNSProvider) setZoneVersion(zoneID int, version int) error {
@ -421,6 +440,7 @@ func (d *DNSProvider) setZoneVersion(zoneID int, version int) error {
if err != nil { if err != nil {
return err return err
} }
if !resp.Value { if !resp.Value {
return fmt.Errorf("Gandi DNS: could not set zone version") return fmt.Errorf("Gandi DNS: could not set zone version")
} }
@ -440,12 +460,14 @@ func (d *DNSProvider) setZone(domain string, zoneID int) error {
if err != nil { if err != nil {
return err return err
} }
var respZoneID int var respZoneID int
for _, member := range resp.StructMembers { for _, member := range resp.StructMembers {
if member.Name == "zone_id" { if member.Name == "zone_id" {
respZoneID = member.ValueInt respZoneID = member.ValueInt
} }
} }
if respZoneID != zoneID { if respZoneID != zoneID {
return fmt.Errorf( return fmt.Errorf(
"Gandi DNS: Could not set new zone_id for %s", domain) "Gandi DNS: Could not set new zone_id for %s", domain)
@ -465,6 +487,7 @@ func (d *DNSProvider) deleteZone(zoneID int) error {
if err != nil { if err != nil {
return err return err
} }
if !resp.Value { if !resp.Value {
return fmt.Errorf("Gandi DNS: could not delete zone_id") return fmt.Errorf("Gandi DNS: could not delete zone_id")
} }

33
vendor/github.com/xenolf/lego/providers/dns/gandiv5/gandiv5.go generated vendored
View file

@ -12,7 +12,7 @@ import (
"sync" "sync"
"time" "time"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// Gandi API reference: http://doc.livedns.gandi.net/ // Gandi API reference: http://doc.livedns.gandi.net/
@ -21,9 +21,10 @@ var (
// endpoint is the Gandi API endpoint used by Present and // endpoint is the Gandi API endpoint used by Present and
// CleanUp. It is overridden during tests. // CleanUp. It is overridden during tests.
endpoint = "https://dns.api.gandi.net/api/v5" endpoint = "https://dns.api.gandi.net/api/v5"
// findZoneByFqdn determines the DNS zone of an fqdn. It is overridden // findZoneByFqdn determines the DNS zone of an fqdn. It is overridden
// during tests. // during tests.
findZoneByFqdn = acmev2.FindZoneByFqdn findZoneByFqdn = acme.FindZoneByFqdn
) )
// inProgressInfo contains information about an in-progress challenge // inProgressInfo contains information about an in-progress challenge
@ -33,7 +34,7 @@ type inProgressInfo struct {
} }
// DNSProvider is an implementation of the // DNSProvider is an implementation of the
// acmev2.ChallengeProviderTimeout interface that uses Gandi's LiveDNS // acme.ChallengeProviderTimeout interface that uses Gandi's LiveDNS
// API to manage TXT records for a domain. // API to manage TXT records for a domain.
type DNSProvider struct { type DNSProvider struct {
apiKey string apiKey string
@ -62,15 +63,17 @@ func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {
// Present creates a TXT record using the specified parameters. // Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
if ttl < 300 { if ttl < 300 {
ttl = 300 // 300 is gandi minimum value for ttl ttl = 300 // 300 is gandi minimum value for ttl
} }
// find authZone // find authZone
authZone, err := findZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := findZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return fmt.Errorf("Gandi DNS: findZoneByFqdn failure: %v", err) return fmt.Errorf("Gandi DNS: findZoneByFqdn failure: %v", err)
} }
// determine name of TXT record // determine name of TXT record
if !strings.HasSuffix( if !strings.HasSuffix(
strings.ToLower(fqdn), strings.ToLower("."+authZone)) { strings.ToLower(fqdn), strings.ToLower("."+authZone)) {
@ -78,15 +81,18 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
"Gandi DNS: unexpected authZone %s for fqdn %s", authZone, fqdn) "Gandi DNS: unexpected authZone %s for fqdn %s", authZone, fqdn)
} }
name := fqdn[:len(fqdn)-len("."+authZone)] name := fqdn[:len(fqdn)-len("."+authZone)]
// acquire lock and check there is not a challenge already in // acquire lock and check there is not a challenge already in
// progress for this value of authZone // progress for this value of authZone
d.inProgressMu.Lock() d.inProgressMu.Lock()
defer d.inProgressMu.Unlock() defer d.inProgressMu.Unlock()
// add TXT record into authZone // add TXT record into authZone
err = d.addTXTRecord(acmev2.UnFqdn(authZone), name, value, ttl) err = d.addTXTRecord(acme.UnFqdn(authZone), name, value, ttl)
if err != nil { if err != nil {
return err return err
} }
// save data necessary for CleanUp // save data necessary for CleanUp
d.inProgressFQDNs[fqdn] = inProgressInfo{ d.inProgressFQDNs[fqdn] = inProgressInfo{
authZone: authZone, authZone: authZone,
@ -97,7 +103,8 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters. // CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
// acquire lock and retrieve authZone // acquire lock and retrieve authZone
d.inProgressMu.Lock() d.inProgressMu.Lock()
defer d.inProgressMu.Unlock() defer d.inProgressMu.Unlock()
@ -105,15 +112,13 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// if there is no cleanup information then just return // if there is no cleanup information then just return
return nil return nil
} }
fieldName := d.inProgressFQDNs[fqdn].fieldName fieldName := d.inProgressFQDNs[fqdn].fieldName
authZone := d.inProgressFQDNs[fqdn].authZone authZone := d.inProgressFQDNs[fqdn].authZone
delete(d.inProgressFQDNs, fqdn) delete(d.inProgressFQDNs, fqdn)
// delete TXT record from authZone // delete TXT record from authZone
err := d.deleteTXTRecord(acmev2.UnFqdn(authZone), fieldName) return d.deleteTXTRecord(acme.UnFqdn(authZone), fieldName)
if err != nil {
return err
}
return nil
} }
// Timeout returns the values (20*time.Minute, 20*time.Second) which // Timeout returns the values (20*time.Minute, 20*time.Second) which
@ -149,16 +154,18 @@ func (d *DNSProvider) sendRequest(method string, resource string, payload interf
if err != nil { if err != nil {
return nil, err return nil, err
} }
req, err := http.NewRequest(method, url, bytes.NewReader(body)) req, err := http.NewRequest(method, url, bytes.NewReader(body))
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
if len(d.apiKey) > 0 { if len(d.apiKey) > 0 {
req.Header.Set("X-Api-Key", d.apiKey) req.Header.Set("X-Api-Key", d.apiKey)
} }
client := &http.Client{Timeout: time.Duration(10 * time.Second)} client := &http.Client{Timeout: 10 * time.Second}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
return nil, err return nil, err

36
vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go → vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go generated vendored
View file

@ -1,17 +1,17 @@
// Package googlecloud implements a DNS provider for solving the DNS-01 // Package gcloud implements a DNS provider for solving the DNS-01
// challenge using Google Cloud DNS. // challenge using Google Cloud DNS.
package googlecloud package gcloud
import ( import (
"encoding/json"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os" "os"
"time" "time"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
"golang.org/x/net/context" "golang.org/x/net/context"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google" "golang.org/x/oauth2/google"
"google.golang.org/api/dns/v1" "google.golang.org/api/dns/v1"
@ -28,10 +28,10 @@ type DNSProvider struct {
// A Service Account file can be passed in the environment variable: // A Service Account file can be passed in the environment variable:
// GCE_SERVICE_ACCOUNT_FILE // GCE_SERVICE_ACCOUNT_FILE
func NewDNSProvider() (*DNSProvider, error) { func NewDNSProvider() (*DNSProvider, error) {
project := os.Getenv("GCE_PROJECT")
if saFile, ok := os.LookupEnv("GCE_SERVICE_ACCOUNT_FILE"); ok { if saFile, ok := os.LookupEnv("GCE_SERVICE_ACCOUNT_FILE"); ok {
return NewDNSProviderServiceAccount(project, saFile) return NewDNSProviderServiceAccount(saFile)
} }
project := os.Getenv("GCE_PROJECT")
return NewDNSProviderCredentials(project) return NewDNSProviderCredentials(project)
} }
@ -58,10 +58,7 @@ func NewDNSProviderCredentials(project string) (*DNSProvider, error) {
// NewDNSProviderServiceAccount uses the supplied service account JSON file to // NewDNSProviderServiceAccount uses the supplied service account JSON file to
// return a DNSProvider instance configured for Google Cloud DNS. // return a DNSProvider instance configured for Google Cloud DNS.
func NewDNSProviderServiceAccount(project string, saFile string) (*DNSProvider, error) { func NewDNSProviderServiceAccount(saFile string) (*DNSProvider, error) {
if project == "" {
return nil, fmt.Errorf("Google Cloud project name missing")
}
if saFile == "" { if saFile == "" {
return nil, fmt.Errorf("Google Cloud Service Account file missing") return nil, fmt.Errorf("Google Cloud Service Account file missing")
} }
@ -70,11 +67,22 @@ func NewDNSProviderServiceAccount(project string, saFile string) (*DNSProvider,
if err != nil { if err != nil {
return nil, fmt.Errorf("Unable to read Service Account file: %v", err) return nil, fmt.Errorf("Unable to read Service Account file: %v", err)
} }
// read project id from service account file
var datJSON struct {
ProjectID string `json:"project_id"`
}
err = json.Unmarshal(dat, &datJSON)
if err != nil || datJSON.ProjectID == "" {
return nil, fmt.Errorf("Project ID not found in Google Cloud Service Account file")
}
project := datJSON.ProjectID
conf, err := google.JWTConfigFromJSON(dat, dns.NdevClouddnsReadwriteScope) conf, err := google.JWTConfigFromJSON(dat, dns.NdevClouddnsReadwriteScope)
if err != nil { if err != nil {
return nil, fmt.Errorf("Unable to acquire config: %v", err) return nil, fmt.Errorf("Unable to acquire config: %v", err)
} }
client := conf.Client(oauth2.NoContext) client := conf.Client(context.Background())
svc, err := dns.New(client) svc, err := dns.New(client)
if err != nil { if err != nil {
@ -88,7 +96,7 @@ func NewDNSProviderServiceAccount(project string, saFile string) (*DNSProvider,
// Present creates a TXT record to fulfil the dns-01 challenge. // Present creates a TXT record to fulfil the dns-01 challenge.
func (c *DNSProvider) Present(domain, token, keyAuth string) error { func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
zone, err := c.getHostedZone(domain) zone, err := c.getHostedZone(domain)
if err != nil { if err != nil {
@ -135,7 +143,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters. // CleanUp removes the TXT record matching the specified parameters.
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
zone, err := c.getHostedZone(domain) zone, err := c.getHostedZone(domain)
if err != nil { if err != nil {
@ -167,7 +175,7 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {
// getHostedZone returns the managed-zone // getHostedZone returns the managed-zone
func (c *DNSProvider) getHostedZone(domain string) (string, error) { func (c *DNSProvider) getHostedZone(domain string) (string, error) {
authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
if err != nil { if err != nil {
return "", err return "", err
} }

60
vendor/github.com/xenolf/lego/providers/dns/glesys/glesys.go generated vendored
View file

@ -6,14 +6,14 @@ import (
"bytes" "bytes"
"encoding/json" "encoding/json"
"fmt" "fmt"
"log"
"net/http" "net/http"
"os" "os"
"strings" "strings"
"sync" "sync"
"time" "time"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
"github.com/xenolf/lego/log"
) )
// GleSYS API reference: https://github.com/GleSYS/API/wiki/API-Documentation // GleSYS API reference: https://github.com/GleSYS/API/wiki/API-Documentation
@ -21,24 +21,8 @@ import (
// domainAPI is the GleSYS API endpoint used by Present and CleanUp. // domainAPI is the GleSYS API endpoint used by Present and CleanUp.
const domainAPI = "https://api.glesys.com/domain" const domainAPI = "https://api.glesys.com/domain"
var (
// Logger is used to log API communication results;
// if nil, the default log.Logger is used.
Logger *log.Logger
)
// logf writes a log entry. It uses Logger if not
// nil, otherwise it uses the default log.Logger.
func logf(format string, args ...interface{}) {
if Logger != nil {
Logger.Printf(format, args...)
} else {
log.Printf(format, args...)
}
}
// DNSProvider is an implementation of the // DNSProvider is an implementation of the
// acmev2.ChallengeProviderTimeout interface that uses GleSYS // acme.ChallengeProviderTimeout interface that uses GleSYS
// API to manage TXT records for a domain. // API to manage TXT records for a domain.
type DNSProvider struct { type DNSProvider struct {
apiUser string apiUser string
@ -71,15 +55,16 @@ func NewDNSProviderCredentials(apiUser string, apiKey string) (*DNSProvider, err
// Present creates a TXT record using the specified parameters. // Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
if ttl < 60 { if ttl < 60 {
ttl = 60 // 60 is GleSYS minimum value for ttl ttl = 60 // 60 is GleSYS minimum value for ttl
} }
// find authZone // find authZone
authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return fmt.Errorf("GleSYS DNS: findZoneByFqdn failure: %v", err) return fmt.Errorf("GleSYS DNS: findZoneByFqdn failure: %v", err)
} }
// determine name of TXT record // determine name of TXT record
if !strings.HasSuffix( if !strings.HasSuffix(
strings.ToLower(fqdn), strings.ToLower("."+authZone)) { strings.ToLower(fqdn), strings.ToLower("."+authZone)) {
@ -87,23 +72,27 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
"GleSYS DNS: unexpected authZone %s for fqdn %s", authZone, fqdn) "GleSYS DNS: unexpected authZone %s for fqdn %s", authZone, fqdn)
} }
name := fqdn[:len(fqdn)-len("."+authZone)] name := fqdn[:len(fqdn)-len("."+authZone)]
// acquire lock and check there is not a challenge already in // acquire lock and check there is not a challenge already in
// progress for this value of authZone // progress for this value of authZone
d.inProgressMu.Lock() d.inProgressMu.Lock()
defer d.inProgressMu.Unlock() defer d.inProgressMu.Unlock()
// add TXT record into authZone // add TXT record into authZone
recordId, err := d.addTXTRecord(domain, acmev2.UnFqdn(authZone), name, value, ttl) recordID, err := d.addTXTRecord(domain, acme.UnFqdn(authZone), name, value, ttl)
if err != nil { if err != nil {
return err return err
} }
// save data necessary for CleanUp // save data necessary for CleanUp
d.activeRecords[fqdn] = recordId d.activeRecords[fqdn] = recordID
return nil return nil
} }
// CleanUp removes the TXT record matching the specified parameters. // CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
// acquire lock and retrieve authZone // acquire lock and retrieve authZone
d.inProgressMu.Lock() d.inProgressMu.Lock()
defer d.inProgressMu.Unlock() defer d.inProgressMu.Unlock()
@ -111,14 +100,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// if there is no cleanup information then just return // if there is no cleanup information then just return
return nil return nil
} }
recordId := d.activeRecords[fqdn]
recordID := d.activeRecords[fqdn]
delete(d.activeRecords, fqdn) delete(d.activeRecords, fqdn)
// delete TXT record from authZone // delete TXT record from authZone
err := d.deleteTXTRecord(domain, recordId) return d.deleteTXTRecord(domain, recordID)
if err != nil {
return err
}
return nil
} }
// Timeout returns the values (20*time.Minute, 20*time.Second) which // Timeout returns the values (20*time.Minute, 20*time.Second) which
@ -135,7 +122,7 @@ type addRecordRequest struct {
Host string `json:"host"` Host string `json:"host"`
Type string `json:"type"` Type string `json:"type"`
Data string `json:"data"` Data string `json:"data"`
Ttl int `json:"ttl,omitempty"` TTL int `json:"ttl,omitempty"`
} }
type deleteRecordRequest struct { type deleteRecordRequest struct {
@ -160,14 +147,16 @@ func (d *DNSProvider) sendRequest(method string, resource string, payload interf
if err != nil { if err != nil {
return nil, err return nil, err
} }
req, err := http.NewRequest(method, url, bytes.NewReader(body)) req, err := http.NewRequest(method, url, bytes.NewReader(body))
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.SetBasicAuth(d.apiUser, d.apiKey) req.SetBasicAuth(d.apiUser, d.apiKey)
client := &http.Client{Timeout: time.Duration(10 * time.Second)} client := &http.Client{Timeout: 10 * time.Second}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
return nil, err return nil, err
@ -177,6 +166,7 @@ func (d *DNSProvider) sendRequest(method string, resource string, payload interf
if resp.StatusCode >= 400 { if resp.StatusCode >= 400 {
return nil, fmt.Errorf("GleSYS DNS: request failed with HTTP status code %d", resp.StatusCode) return nil, fmt.Errorf("GleSYS DNS: request failed with HTTP status code %d", resp.StatusCode)
} }
var response responseStruct var response responseStruct
err = json.NewDecoder(resp.Body).Decode(&response) err = json.NewDecoder(resp.Body).Decode(&response)
@ -191,10 +181,10 @@ func (d *DNSProvider) addTXTRecord(fqdn string, domain string, name string, valu
Host: name, Host: name,
Type: "TXT", Type: "TXT",
Data: value, Data: value,
Ttl: ttl, TTL: ttl,
}) })
if response != nil && response.Response.Status.Code == 200 { if response != nil && response.Response.Status.Code == 200 {
logf("[INFO][%s] GleSYS DNS: Successfully created recordid %d", fqdn, response.Response.Record.Recordid) log.Printf("[INFO][%s] GleSYS DNS: Successfully created recordid %d", fqdn, response.Response.Record.Recordid)
return response.Response.Record.Recordid, nil return response.Response.Record.Recordid, nil
} }
return 0, err return 0, err
@ -205,7 +195,7 @@ func (d *DNSProvider) deleteTXTRecord(fqdn string, recordid int) error {
Recordid: recordid, Recordid: recordid,
}) })
if response != nil && response.Response.Status.Code == 200 { if response != nil && response.Response.Status.Code == 200 {
logf("[INFO][%s] GleSYS DNS: Successfully deleted recordid %d", fqdn, recordid) log.Printf("[INFO][%s] GleSYS DNS: Successfully deleted recordid %d", fqdn, recordid)
} }
return err return err
} }

21
vendor/github.com/xenolf/lego/providers/dns/godaddy/godaddy.go generated vendored
View file

@ -13,13 +13,13 @@ import (
"io/ioutil" "io/ioutil"
"strings" "strings"
"github.com/xenolf/lego/acmev2" "github.com/xenolf/lego/acme"
) )
// GoDaddyAPIURL represents the API endpoint to call. // GoDaddyAPIURL represents the API endpoint to call.
const apiURL = "https://api.godaddy.com" const apiURL = "https://api.godaddy.com"
// DNSProvider is an implementation of the acmev2.ChallengeProvider interface // DNSProvider is an implementation of the acme.ChallengeProvider interface
type DNSProvider struct { type DNSProvider struct {
apiKey string apiKey string
apiSecret string apiSecret string
@ -51,7 +51,7 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {
} }
func (c *DNSProvider) extractRecordName(fqdn, domain string) string { func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
name := acmev2.UnFqdn(fqdn) name := acme.UnFqdn(fqdn)
if idx := strings.Index(name, "."+domain); idx != -1 { if idx := strings.Index(name, "."+domain); idx != -1 {
return name[:idx] return name[:idx]
} }
@ -60,7 +60,7 @@ func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
// Present creates a TXT record to fulfil the dns-01 challenge // Present creates a TXT record to fulfil the dns-01 challenge
func (c *DNSProvider) Present(domain, token, keyAuth string) error { func (c *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
domainZone, err := c.getZone(fqdn) domainZone, err := c.getZone(fqdn)
if err != nil { if err != nil {
return err return err
@ -76,7 +76,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
Type: "TXT", Type: "TXT",
Name: recordName, Name: recordName,
Data: value, Data: value,
Ttl: ttl, TTL: ttl,
}, },
} }
@ -99,14 +99,14 @@ func (c *DNSProvider) updateRecords(records []DNSRecord, domainZone string, reco
if resp.StatusCode != http.StatusOK { if resp.StatusCode != http.StatusOK {
bodyBytes, _ := ioutil.ReadAll(resp.Body) bodyBytes, _ := ioutil.ReadAll(resp.Body)
return fmt.Errorf("Could not create record %v; Status: %v; Body: %s\n", string(body), resp.StatusCode, string(bodyBytes)) return fmt.Errorf("could not create record %v; Status: %v; Body: %s", string(body), resp.StatusCode, string(bodyBytes))
} }
return nil return nil
} }
// CleanUp sets null value in the TXT DNS record as GoDaddy has no proper DELETE record method // CleanUp sets null value in the TXT DNS record as GoDaddy has no proper DELETE record method
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth) fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
domainZone, err := c.getZone(fqdn) domainZone, err := c.getZone(fqdn)
if err != nil { if err != nil {
return err return err
@ -125,12 +125,12 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
} }
func (c *DNSProvider) getZone(fqdn string) (string, error) { func (c *DNSProvider) getZone(fqdn string) (string, error) {
authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
if err != nil { if err != nil {
return "", err return "", err
} }
return acmev2.UnFqdn(authZone), nil return acme.UnFqdn(authZone), nil
} }
func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (*http.Response, error) { func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (*http.Response, error) {
@ -147,10 +147,11 @@ func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (*http.Res
return client.Do(req) return client.Do(req)
} }
// DNSRecord a DNS record
type DNSRecord struct { type DNSRecord struct {
Type string `json:"type"` Type string `json:"type"`
Name string `json:"name"` Name string `json:"name"`
Data string `json:"data"` Data string `json:"data"`
Priority int `json:"priority,omitempty"` Priority int `json:"priority,omitempty"`
Ttl int `json:"ttl,omitempty"` TTL int `json:"ttl,omitempty"`
} }

Some files were not shown because too many files have changed in this diff Show more