digitalocean.go raw
1 // Package digitalocean implements a DNS provider for solving the DNS-01 challenge using digitalocean DNS.
2 package digitalocean
3
4 import (
5 "context"
6 "errors"
7 "fmt"
8 "net/http"
9 "net/url"
10 "sync"
11 "time"
12
13 "github.com/go-acme/lego/v4/challenge"
14 "github.com/go-acme/lego/v4/challenge/dns01"
15 "github.com/go-acme/lego/v4/platform/config/env"
16 "github.com/go-acme/lego/v4/providers/dns/digitalocean/internal"
17 "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
18 )
19
20 // Environment variables names.
21 const (
22 envNamespace = "DO_"
23
24 EnvAuthToken = envNamespace + "AUTH_TOKEN"
25 EnvAPIUrl = envNamespace + "API_URL"
26
27 EnvTTL = envNamespace + "TTL"
28 EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
29 EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
30 EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
31 )
32
33 var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
34
35 // Config is used to configure the creation of the DNSProvider.
36 type Config struct {
37 BaseURL string
38 AuthToken string
39 TTL int
40 PropagationTimeout time.Duration
41 PollingInterval time.Duration
42 HTTPClient *http.Client
43 }
44
45 // NewDefaultConfig returns a default configuration for the DNSProvider.
46 func NewDefaultConfig() *Config {
47 return &Config{
48 BaseURL: env.GetOrDefaultString(EnvAPIUrl, internal.DefaultBaseURL),
49 TTL: env.GetOrDefaultInt(EnvTTL, 30),
50 PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
51 PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 5*time.Second),
52 HTTPClient: &http.Client{
53 Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
54 },
55 }
56 }
57
58 // DNSProvider implements the challenge.Provider interface.
59 type DNSProvider struct {
60 config *Config
61 client *internal.Client
62
63 recordIDs map[string]int
64 recordIDsMu sync.Mutex
65 }
66
67 // NewDNSProvider returns a DNSProvider instance configured for Digital
68 // Ocean. Credentials must be passed in the environment variable:
69 // DO_AUTH_TOKEN.
70 func NewDNSProvider() (*DNSProvider, error) {
71 values, err := env.Get(EnvAuthToken)
72 if err != nil {
73 return nil, fmt.Errorf("digitalocean: %w", err)
74 }
75
76 config := NewDefaultConfig()
77 config.AuthToken = values[EnvAuthToken]
78
79 return NewDNSProviderConfig(config)
80 }
81
82 // NewDNSProviderConfig return a DNSProvider instance configured for Digital Ocean.
83 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
84 if config == nil {
85 return nil, errors.New("digitalocean: the configuration of the DNS provider is nil")
86 }
87
88 if config.AuthToken == "" {
89 return nil, errors.New("digitalocean: credentials missing")
90 }
91
92 client := internal.NewClient(
93 clientdebug.Wrap(
94 internal.OAuthStaticAccessToken(config.HTTPClient, config.AuthToken),
95 ),
96 )
97
98 if config.BaseURL != "" {
99 var err error
100
101 client.BaseURL, err = url.Parse(config.BaseURL)
102 if err != nil {
103 return nil, fmt.Errorf("digitalocean: %w", err)
104 }
105 }
106
107 return &DNSProvider{
108 config: config,
109 client: client,
110 recordIDs: make(map[string]int),
111 }, nil
112 }
113
114 // Timeout returns the timeout and interval to use when checking for DNS propagation.
115 // Adjusting here to cope with spikes in propagation times.
116 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
117 return d.config.PropagationTimeout, d.config.PollingInterval
118 }
119
120 // Present creates a TXT record using the specified parameters.
121 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
122 info := dns01.GetChallengeInfo(domain, keyAuth)
123
124 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
125 if err != nil {
126 return fmt.Errorf("digitalocean: could not find zone for domain %q: %w", domain, err)
127 }
128
129 record := internal.Record{Type: "TXT", Name: info.EffectiveFQDN, Data: info.Value, TTL: d.config.TTL}
130
131 respData, err := d.client.AddTxtRecord(context.Background(), authZone, record)
132 if err != nil {
133 return fmt.Errorf("digitalocean: %w", err)
134 }
135
136 d.recordIDsMu.Lock()
137 d.recordIDs[token] = respData.DomainRecord.ID
138 d.recordIDsMu.Unlock()
139
140 return nil
141 }
142
143 // CleanUp removes the TXT record matching the specified parameters.
144 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
145 info := dns01.GetChallengeInfo(domain, keyAuth)
146
147 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
148 if err != nil {
149 return fmt.Errorf("digitalocean: could not find zone for domain %q: %w", domain, err)
150 }
151
152 // get the record's unique ID from when we created it
153 d.recordIDsMu.Lock()
154 recordID, ok := d.recordIDs[token]
155 d.recordIDsMu.Unlock()
156
157 if !ok {
158 return fmt.Errorf("digitalocean: unknown record ID for '%s'", info.EffectiveFQDN)
159 }
160
161 err = d.client.RemoveTxtRecord(context.Background(), authZone, recordID)
162 if err != nil {
163 return fmt.Errorf("digitalocean: %w", err)
164 }
165
166 // Delete record ID from map
167 d.recordIDsMu.Lock()
168 delete(d.recordIDs, token)
169 d.recordIDsMu.Unlock()
170
171 return nil
172 }
173