liara.go raw
1 // Package liara implements a DNS provider for solving the DNS-01 challenge using Liara DNS.
2 package liara
3
4 import (
5 "context"
6 "errors"
7 "fmt"
8 "net/http"
9 "sync"
10 "time"
11
12 "github.com/go-acme/lego/v4/challenge"
13 "github.com/go-acme/lego/v4/challenge/dns01"
14 "github.com/go-acme/lego/v4/log"
15 "github.com/go-acme/lego/v4/platform/config/env"
16 "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
17 "github.com/go-acme/lego/v4/providers/dns/liara/internal"
18 "github.com/hashicorp/go-retryablehttp"
19 )
20
21 // Environment variables names.
22 const (
23 envNamespace = "LIARA_"
24
25 EnvAPIKey = envNamespace + "API_KEY"
26
27 EnvTTL = envNamespace + "TTL"
28 EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
29 EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
30 EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
31 )
32
33 const (
34 minTTL = 120
35 maxTTL = 432000
36 )
37
38 var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
39
40 // Config is used to configure the creation of the DNSProvider.
41 type Config struct {
42 APIKey string
43 TTL int
44 PropagationTimeout time.Duration
45 PollingInterval time.Duration
46 HTTPClient *http.Client
47 }
48
49 // NewDefaultConfig returns a default configuration for the DNSProvider.
50 func NewDefaultConfig() *Config {
51 return &Config{
52 TTL: env.GetOrDefaultInt(EnvTTL, 3600),
53 PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
54 PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
55 HTTPClient: &http.Client{
56 Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
57 },
58 }
59 }
60
61 // DNSProvider implements the challenge.Provider interface.
62 type DNSProvider struct {
63 config *Config
64 client *internal.Client
65
66 recordIDs map[string]string
67 recordIDsMu sync.Mutex
68 }
69
70 // NewDNSProvider returns a DNSProvider instance configured for Liara DNS.
71 // Liara_API_KEY must be passed in the environment variables.
72 func NewDNSProvider() (*DNSProvider, error) {
73 values, err := env.Get(EnvAPIKey)
74 if err != nil {
75 return nil, fmt.Errorf("liara: %w", err)
76 }
77
78 config := NewDefaultConfig()
79 config.APIKey = values[EnvAPIKey]
80
81 return NewDNSProviderConfig(config)
82 }
83
84 // NewDNSProviderConfig return a DNSProvider instance configured for Liara DNS.
85 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
86 if config == nil {
87 return nil, errors.New("liara: the configuration of the DNS provider is nil")
88 }
89
90 if config.APIKey == "" {
91 return nil, errors.New("liara: APIKey is missing")
92 }
93
94 if config.TTL < minTTL {
95 return nil, fmt.Errorf("liara: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
96 }
97
98 if config.TTL > maxTTL {
99 return nil, fmt.Errorf("liara: invalid TTL, TTL (%d) must be lower than %d", config.TTL, maxTTL)
100 }
101
102 retryClient := retryablehttp.NewClient()
103
104 retryClient.RetryMax = 5
105 if config.HTTPClient != nil {
106 retryClient.HTTPClient = config.HTTPClient
107 }
108
109 retryClient.Logger = log.Logger
110
111 client := internal.NewClient(
112 clientdebug.Wrap(
113 internal.OAuthStaticAccessToken(retryClient.StandardClient(), config.APIKey),
114 ),
115 )
116
117 return &DNSProvider{
118 config: config,
119 client: client,
120 recordIDs: make(map[string]string),
121 }, nil
122 }
123
124 // Timeout returns the timeout and interval to use when checking for DNS propagation.
125 // Adjusting here to cope with spikes in propagation times.
126 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
127 return d.config.PropagationTimeout, d.config.PollingInterval
128 }
129
130 // Present creates a TXT record to fulfill the dns-01 challenge.
131 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
132 info := dns01.GetChallengeInfo(domain, keyAuth)
133
134 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
135 if err != nil {
136 return fmt.Errorf("liara: could not find zone for domain %q: %w", domain, err)
137 }
138
139 subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
140 if err != nil {
141 return fmt.Errorf("liara: %w", err)
142 }
143
144 record := internal.Record{
145 Type: "TXT",
146 Name: subDomain,
147 Contents: []internal.Content{{Text: info.Value}},
148 TTL: d.config.TTL,
149 }
150
151 newRecord, err := d.client.CreateRecord(context.Background(), dns01.UnFqdn(authZone), record)
152 if err != nil {
153 return fmt.Errorf("liara: failed to create TXT record, fqdn=%s: %w", info.EffectiveFQDN, err)
154 }
155
156 d.recordIDsMu.Lock()
157 d.recordIDs[token] = newRecord.ID
158 d.recordIDsMu.Unlock()
159
160 return nil
161 }
162
163 // CleanUp removes the TXT record.
164 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
165 info := dns01.GetChallengeInfo(domain, keyAuth)
166
167 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
168 if err != nil {
169 return fmt.Errorf("liara: could not find zone for domain %q: %w", domain, err)
170 }
171
172 // gets the record's unique ID
173 d.recordIDsMu.Lock()
174 recordID, ok := d.recordIDs[token]
175 d.recordIDsMu.Unlock()
176
177 if !ok {
178 return fmt.Errorf("liara: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
179 }
180
181 err = d.client.DeleteRecord(context.Background(), dns01.UnFqdn(authZone), recordID)
182 if err != nil {
183 return fmt.Errorf("liara: failed to delete TXT record, id=%s: %w", recordID, err)
184 }
185
186 // deletes record ID from map
187 d.recordIDsMu.Lock()
188 delete(d.recordIDs, token)
189 d.recordIDsMu.Unlock()
190
191 return nil
192 }
193