civo.go raw
1 // Package civo implements a DNS provider for solving the DNS-01 challenge using CIVO.
2 package civo
3
4 import (
5 "context"
6 "errors"
7 "fmt"
8 "net/http"
9 "time"
10
11 "github.com/go-acme/lego/v4/challenge"
12 "github.com/go-acme/lego/v4/challenge/dns01"
13 "github.com/go-acme/lego/v4/platform/config/env"
14 "github.com/go-acme/lego/v4/providers/dns/civo/internal"
15 "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
16 )
17
18 // Environment variables names.
19 const (
20 envNamespace = "CIVO_"
21
22 EnvAPIToken = envNamespace + "TOKEN"
23
24 EnvTTL = envNamespace + "TTL"
25 EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
26 EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
27 EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
28 )
29
30 const (
31 minTTL = 600
32 defaultPollingInterval = 30 * time.Second
33 defaultPropagationTimeout = 300 * time.Second
34 )
35
36 var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
37
38 // Config is used to configure the creation of the DNSProvider.
39 type Config struct {
40 Token string
41
42 PropagationTimeout time.Duration
43 PollingInterval time.Duration
44 TTL int
45 HTTPClient *http.Client
46 }
47
48 // NewDefaultConfig returns a default configuration for the DNSProvider.
49 func NewDefaultConfig() *Config {
50 return &Config{
51 TTL: env.GetOrDefaultInt(EnvTTL, minTTL),
52 PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, defaultPropagationTimeout),
53 PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, defaultPollingInterval),
54 HTTPClient: &http.Client{
55 Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
56 },
57 }
58 }
59
60 // DNSProvider implements the challenge.Provider interface.
61 type DNSProvider struct {
62 config *Config
63 client *internal.Client
64 }
65
66 // NewDNSProvider returns a DNSProvider instance configured for CIVO.
67 // Credentials must be passed in the environment variables: API_TOKEN.
68 func NewDNSProvider() (*DNSProvider, error) {
69 values, err := env.Get(EnvAPIToken)
70 if err != nil {
71 return nil, fmt.Errorf("civo: %w", err)
72 }
73
74 config := NewDefaultConfig()
75 config.Token = values[EnvAPIToken]
76
77 return NewDNSProviderConfig(config)
78 }
79
80 // NewDNSProviderConfig return a DNSProvider instance configured for CIVO.
81 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
82 if config == nil {
83 return nil, errors.New("civo: the configuration of the DNS provider is nil")
84 }
85
86 if config.Token == "" {
87 return nil, errors.New("civo: credentials missing")
88 }
89
90 if config.TTL < minTTL {
91 config.TTL = minTTL
92 }
93
94 // Create a Civo client - DNS is region independent, we can use any region
95 client, err := internal.NewClient(
96 clientdebug.Wrap(
97 internal.OAuthStaticAccessToken(config.HTTPClient, config.Token),
98 ),
99 "LON1")
100 if err != nil {
101 return nil, fmt.Errorf("civo: %w", err)
102 }
103
104 return &DNSProvider{config: config, client: client}, nil
105 }
106
107 // Present creates a TXT record to fulfill the dns-01 challenge.
108 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
109 info := dns01.GetChallengeInfo(domain, keyAuth)
110
111 ctx := context.Background()
112
113 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
114 if err != nil {
115 return fmt.Errorf("civo: could not find zone for domain %q: %w", domain, err)
116 }
117
118 zone := dns01.UnFqdn(authZone)
119
120 domainID, err := d.getDomainIDByName(ctx, zone)
121 if err != nil {
122 return fmt.Errorf("civo: %w", err)
123 }
124
125 subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone)
126 if err != nil {
127 return fmt.Errorf("civo: %w", err)
128 }
129
130 _, err = d.client.CreateDNSRecord(ctx, domainID, internal.Record{
131 Name: subDomain,
132 Value: info.Value,
133 Type: "TXT",
134 TTL: d.config.TTL,
135 })
136 if err != nil {
137 return fmt.Errorf("civo: %w", err)
138 }
139
140 return nil
141 }
142
143 // CleanUp removes the TXT record matching the specified parameters.
144 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
145 info := dns01.GetChallengeInfo(domain, keyAuth)
146
147 ctx := context.Background()
148
149 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
150 if err != nil {
151 return fmt.Errorf("civo: could not find zone for domain %q: %w", domain, err)
152 }
153
154 zone := dns01.UnFqdn(authZone)
155
156 domainID, err := d.getDomainIDByName(ctx, zone)
157 if err != nil {
158 return fmt.Errorf("civo: %w", err)
159 }
160
161 dnsRecords, err := d.client.ListDNSRecords(ctx, domainID)
162 if err != nil {
163 return fmt.Errorf("civo: %w", err)
164 }
165
166 subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone)
167 if err != nil {
168 return fmt.Errorf("civo: %w", err)
169 }
170
171 var dnsRecord internal.Record
172
173 for _, entry := range dnsRecords {
174 if entry.Name == subDomain && entry.Value == info.Value {
175 dnsRecord = entry
176 break
177 }
178 }
179
180 err = d.client.DeleteDNSRecord(ctx, dnsRecord)
181 if err != nil {
182 return fmt.Errorf("civo: %w", err)
183 }
184
185 return nil
186 }
187
188 // Timeout returns the timeout and interval to use when checking for DNS propagation.
189 // Adjusting here to cope with spikes in propagation times.
190 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
191 return d.config.PropagationTimeout, d.config.PollingInterval
192 }
193
194 func (d *DNSProvider) getDomainIDByName(ctx context.Context, domain string) (string, error) {
195 domains, err := d.client.ListDomains(ctx)
196 if err != nil {
197 return "", fmt.Errorf("list domains: %w", err)
198 }
199
200 for _, d := range domains {
201 if d.Name == domain {
202 return d.ID, nil
203 }
204 }
205
206 return "", fmt.Errorf("domain %q not found", domain)
207 }
208