-
-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4dde48a
commit ca2ef17
Showing
3 changed files
with
216 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,153 @@ | ||
// Package godaddy implements a DNS provider for solving the DNS-01 challenge using godaddy DNS. | ||
package godaddy | ||
|
||
import ( | ||
"fmt" | ||
"io" | ||
"net/http" | ||
"os" | ||
"time" | ||
|
||
"bytes" | ||
"encoding/json" | ||
"github.com/xenolf/lego/acme" | ||
"io/ioutil" | ||
"strings" | ||
) | ||
|
||
// GoDaddyAPIURL represents the API endpoint to call. | ||
const apiURL = "https://api.godaddy.com" | ||
|
||
// DNSProvider is an implementation of the acme.ChallengeProvider interface | ||
type DNSProvider struct { | ||
apiKey string | ||
apiSecret string | ||
} | ||
|
||
// NewDNSProvider returns a DNSProvider instance configured for godaddy. | ||
// Credentials must be passed in the environment variables: GODADDY_API_KEY | ||
// and GODADDY_API_SECRET. | ||
func NewDNSProvider() (*DNSProvider, error) { | ||
apikey := os.Getenv("GODADDY_API_KEY") | ||
secret := os.Getenv("GODADDY_API_SECRET") | ||
return NewDNSProviderCredentials(apikey, secret) | ||
} | ||
|
||
// NewDNSProviderCredentials uses the supplied credentials to return a | ||
// DNSProvider instance configured for godaddy. | ||
func NewDNSProviderCredentials(apiKey, apiSecret string) (*DNSProvider, error) { | ||
if apiKey == "" || apiSecret == "" { | ||
return nil, fmt.Errorf("GoDaddy credentials missing") | ||
} | ||
|
||
return &DNSProvider{apiKey, apiSecret}, nil | ||
} | ||
|
||
// Timeout returns the timeout and interval to use when checking for DNS | ||
// propagation. Adjusting here to cope with spikes in propagation times. | ||
func (c *DNSProvider) Timeout() (timeout, interval time.Duration) { | ||
return 120 * time.Second, 2 * time.Second | ||
} | ||
|
||
func (c *DNSProvider) extractRecordName(fqdn, domain string) string { | ||
name := acme.UnFqdn(fqdn) | ||
if idx := strings.Index(name, "."+domain); idx != -1 { | ||
return name[:idx] | ||
} | ||
return name | ||
} | ||
|
||
// Present creates a TXT record to fulfil the dns-01 challenge | ||
func (c *DNSProvider) Present(domain, token, keyAuth string) error { | ||
fqdn, value, ttl := acme.DNS01Record(domain, keyAuth) | ||
domainZone, err := c.getZone(fqdn) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
if ttl < 600 { | ||
ttl = 600 | ||
} | ||
|
||
rec := []DNSRecord{ | ||
{ | ||
Type: "TXT", | ||
Name: c.extractRecordName(fqdn, domainZone), | ||
Data: value, | ||
Ttl: ttl, | ||
}, | ||
} | ||
|
||
return c.updateRecords(rec, domainZone) | ||
} | ||
|
||
func (c *DNSProvider) updateRecords(records []DNSRecord, domainZone string) error { | ||
body, err := json.Marshal(records) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
var resp *http.Response | ||
resp, err = c.makeRequest("PATCH", fmt.Sprintf("/v1/domains/%s/records", domainZone), bytes.NewReader(body)) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
defer resp.Body.Close() | ||
|
||
if resp.StatusCode != http.StatusOK { | ||
bodyBytes, _ := ioutil.ReadAll(resp.Body) | ||
return fmt.Errorf("Could not create record %v; Status: %v; Body: %s\n", string(body), resp.StatusCode, string(bodyBytes)) | ||
} | ||
return nil | ||
} | ||
|
||
// CleanUp sets null value in the TXT DNS record as GoDaddy has no proper DELETE record method | ||
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { | ||
fqdn, _, _ := acme.DNS01Record(domain, keyAuth) | ||
domainZone, err := c.getZone(fqdn) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
rec := []DNSRecord{ | ||
{ | ||
Type: "TXT", | ||
Name: c.extractRecordName(fqdn, domainZone), | ||
Data: "null", | ||
}, | ||
} | ||
|
||
return c.updateRecords(rec, domainZone) | ||
} | ||
|
||
func (c *DNSProvider) getZone(fqdn string) (string, error) { | ||
authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
return acme.UnFqdn(authZone), nil | ||
} | ||
|
||
func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (*http.Response, error) { | ||
req, err := http.NewRequest(method, fmt.Sprintf("%s%s", apiURL, uri), body) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
req.Header.Set("Accept", "application/json") | ||
req.Header.Set("Content-Type", "application/json") | ||
req.Header.Set("Authorization", fmt.Sprintf("sso-key %s:%s", c.apiKey, c.apiSecret)) | ||
|
||
client := http.Client{Timeout: 30 * time.Second} | ||
return client.Do(req) | ||
} | ||
|
||
type DNSRecord struct { | ||
Type string `json:"type"` | ||
Name string `json:"name"` | ||
Data string `json:"data"` | ||
Priority int `json:"priority,omitempty"` | ||
Ttl int `json:"ttl,omitempty"` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
package godaddy | ||
|
||
import ( | ||
"os" | ||
"testing" | ||
|
||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
var ( | ||
godaddyAPIKey string | ||
godaddyAPISecret string | ||
godaddyDomain string | ||
godaddyLiveTest bool | ||
) | ||
|
||
func init() { | ||
godaddyAPIKey = os.Getenv("GODADDY_API_KEY") | ||
godaddyAPISecret = os.Getenv("GODADDY_API_SECRET") | ||
godaddyDomain = os.Getenv("GODADDY_DOMAIN") | ||
|
||
if len(godaddyAPIKey) > 0 && len(godaddyAPISecret) > 0 && len(godaddyDomain) > 0 { | ||
godaddyLiveTest = true | ||
} | ||
} | ||
|
||
func TestNewDNSProvider(t *testing.T) { | ||
provider, err := NewDNSProvider() | ||
|
||
if !godaddyLiveTest { | ||
assert.Error(t, err) | ||
} else { | ||
assert.NotNil(t, provider) | ||
assert.NoError(t, err) | ||
} | ||
} | ||
|
||
func TestDNSProvider_Present(t *testing.T) { | ||
if !godaddyLiveTest { | ||
t.Skip("skipping live test") | ||
} | ||
|
||
provider, err := NewDNSProvider() | ||
assert.NoError(t, err) | ||
|
||
err = provider.Present(godaddyDomain, "", "123d==") | ||
assert.NoError(t, err) | ||
} | ||
|
||
func TestDNSProvider_CleanUp(t *testing.T) { | ||
if !godaddyLiveTest { | ||
t.Skip("skipping live test") | ||
} | ||
|
||
provider, err := NewDNSProvider() | ||
assert.NoError(t, err) | ||
|
||
err = provider.CleanUp(godaddyDomain, "", "123d==") | ||
assert.NoError(t, err) | ||
} |