linode.go raw

   1  // Package linode implements a DNS provider for solving the DNS-01 challenge using Linode DNS and Linode's APIv4
   2  package linode
   3  
   4  import (
   5  	"context"
   6  	"encoding/json"
   7  	"errors"
   8  	"fmt"
   9  	"net/http"
  10  	"time"
  11  
  12  	"github.com/go-acme/lego/v4/challenge"
  13  	"github.com/go-acme/lego/v4/challenge/dns01"
  14  	"github.com/go-acme/lego/v4/platform/config/env"
  15  	"github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
  16  	"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
  17  	"github.com/linode/linodego"
  18  	"golang.org/x/oauth2"
  19  )
  20  
  21  // Environment variables names.
  22  const (
  23  	envNamespace = "LINODE_"
  24  
  25  	EnvToken = envNamespace + "TOKEN"
  26  
  27  	EnvTTL                = envNamespace + "TTL"
  28  	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
  29  	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
  30  	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
  31  )
  32  
  33  const (
  34  	minTTL             = 300
  35  	dnsUpdateFreqMins  = 15
  36  	dnsUpdateFudgeSecs = 120
  37  )
  38  
  39  var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
  40  
  41  // Config is used to configure the creation of the DNSProvider.
  42  type Config struct {
  43  	Token              string
  44  	PropagationTimeout time.Duration
  45  	PollingInterval    time.Duration
  46  	TTL                int
  47  	HTTPTimeout        time.Duration
  48  }
  49  
  50  // NewDefaultConfig returns a default configuration for the DNSProvider.
  51  func NewDefaultConfig() *Config {
  52  	return &Config{
  53  		TTL:                env.GetOrDefaultInt(EnvTTL, minTTL),
  54  		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second),
  55  		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, 15*time.Second),
  56  		HTTPTimeout:        env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
  57  	}
  58  }
  59  
  60  type hostedZoneInfo struct {
  61  	domainID     int
  62  	resourceName string
  63  }
  64  
  65  // DNSProvider implements the challenge.Provider interface.
  66  type DNSProvider struct {
  67  	config *Config
  68  	client *linodego.Client
  69  }
  70  
  71  // NewDNSProvider returns a DNSProvider instance configured for Linode.
  72  // Credentials must be passed in the environment variable: LINODE_TOKEN.
  73  func NewDNSProvider() (*DNSProvider, error) {
  74  	values, err := env.Get(EnvToken)
  75  	if err != nil {
  76  		return nil, fmt.Errorf("linode: %w", err)
  77  	}
  78  
  79  	config := NewDefaultConfig()
  80  	config.Token = values[EnvToken]
  81  
  82  	return NewDNSProviderConfig(config)
  83  }
  84  
  85  // NewDNSProviderConfig return a DNSProvider instance configured for Linode.
  86  func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
  87  	if config == nil {
  88  		return nil, errors.New("linode: the configuration of the DNS provider is nil")
  89  	}
  90  
  91  	if config.Token == "" {
  92  		return nil, errors.New("linode: Linode Access Token missing")
  93  	}
  94  
  95  	if config.TTL < minTTL {
  96  		return nil, fmt.Errorf("linode: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
  97  	}
  98  
  99  	oauth2Client := &http.Client{
 100  		Timeout: config.HTTPTimeout,
 101  		Transport: &oauth2.Transport{
 102  			Source: oauth2.StaticTokenSource(&oauth2.Token{AccessToken: config.Token}),
 103  		},
 104  	}
 105  
 106  	client := linodego.NewClient(clientdebug.Wrap(oauth2Client))
 107  	client.SetUserAgent(useragent.Get())
 108  
 109  	return &DNSProvider{config: config, client: &client}, nil
 110  }
 111  
 112  // Timeout returns the timeout and interval to use when checking for DNS propagation.
 113  // Adjusting here to cope with spikes in propagation times.
 114  func (d *DNSProvider) Timeout() (time.Duration, time.Duration) {
 115  	timeout := d.config.PropagationTimeout
 116  	if d.config.PropagationTimeout <= 0 {
 117  		// Since Linode only updates their zone files every X minutes, we need
 118  		// to figure out how many minutes we have to wait until we hit the next
 119  		// interval of X.  We then wait another couple of minutes, just to be
 120  		// safe.  Hopefully at some point during all of this, the record will
 121  		// have propagated throughout Linode's network.
 122  		minsRemaining := dnsUpdateFreqMins - (time.Now().Minute() % dnsUpdateFreqMins)
 123  
 124  		timeout = (time.Duration(minsRemaining) * time.Minute) +
 125  			(minTTL * time.Second) +
 126  			(dnsUpdateFudgeSecs * time.Second)
 127  	}
 128  
 129  	return timeout, d.config.PollingInterval
 130  }
 131  
 132  // Present creates a TXT record using the specified parameters.
 133  func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 134  	ctx := context.Background()
 135  
 136  	info := dns01.GetChallengeInfo(domain, keyAuth)
 137  
 138  	zone, err := d.getHostedZoneInfo(ctx, info.EffectiveFQDN)
 139  	if err != nil {
 140  		return err
 141  	}
 142  
 143  	createOpts := linodego.DomainRecordCreateOptions{
 144  		Name:   dns01.UnFqdn(info.EffectiveFQDN),
 145  		Target: info.Value,
 146  		TTLSec: d.config.TTL,
 147  		Type:   linodego.RecordTypeTXT,
 148  	}
 149  
 150  	_, err = d.client.CreateDomainRecord(ctx, zone.domainID, createOpts)
 151  
 152  	return err
 153  }
 154  
 155  // CleanUp removes the TXT record matching the specified parameters.
 156  func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 157  	ctx := context.Background()
 158  
 159  	info := dns01.GetChallengeInfo(domain, keyAuth)
 160  
 161  	zone, err := d.getHostedZoneInfo(ctx, info.EffectiveFQDN)
 162  	if err != nil {
 163  		return err
 164  	}
 165  
 166  	// Get all TXT records for the specified domain.
 167  	listOpts := linodego.NewListOptions(0, `{"type":"TXT"}`)
 168  
 169  	resources, err := d.client.ListDomainRecords(ctx, zone.domainID, listOpts)
 170  	if err != nil {
 171  		return err
 172  	}
 173  
 174  	// Remove the specified resource, if it exists.
 175  	for _, resource := range resources {
 176  		if (resource.Name == dns01.UnFqdn(info.EffectiveFQDN) || resource.Name == zone.resourceName) &&
 177  			resource.Target == info.Value {
 178  			if err := d.client.DeleteDomainRecord(ctx, zone.domainID, resource.ID); err != nil {
 179  				return err
 180  			}
 181  		}
 182  	}
 183  
 184  	return nil
 185  }
 186  
 187  func (d *DNSProvider) getHostedZoneInfo(ctx context.Context, fqdn string) (*hostedZoneInfo, error) {
 188  	// Lookup the zone that handles the specified FQDN.
 189  	authZone, err := dns01.FindZoneByFqdn(fqdn)
 190  	if err != nil {
 191  		return nil, fmt.Errorf("could not find zone: %w", err)
 192  	}
 193  
 194  	// Query the authority zone.
 195  	filter, err := json.Marshal(map[string]string{"domain": dns01.UnFqdn(authZone)})
 196  	if err != nil {
 197  		return nil, fmt.Errorf("failed to create JSON filter: %w", err)
 198  	}
 199  
 200  	listOpts := linodego.NewListOptions(0, string(filter))
 201  
 202  	domains, err := d.client.ListDomains(ctx, listOpts)
 203  	if err != nil {
 204  		return nil, err
 205  	}
 206  
 207  	if len(domains) == 0 {
 208  		return nil, errors.New("domain not found")
 209  	}
 210  
 211  	subDomain, err := dns01.ExtractSubDomain(fqdn, authZone)
 212  	if err != nil {
 213  		return nil, err
 214  	}
 215  
 216  	return &hostedZoneInfo{
 217  		domainID:     domains[0].ID,
 218  		resourceName: subDomain,
 219  	}, nil
 220  }
 221