transip.go raw
1 // Package transip implements a DNS provider for solving the DNS-01 challenge using TransIP.
2 package transip
3
4 import (
5 "errors"
6 "fmt"
7 "net/http"
8 "time"
9
10 "github.com/go-acme/lego/v4/challenge"
11 "github.com/go-acme/lego/v4/challenge/dns01"
12 "github.com/go-acme/lego/v4/platform/config/env"
13 "github.com/transip/gotransip/v6"
14 transipdomain "github.com/transip/gotransip/v6/domain"
15 )
16
17 // Environment variables names.
18 const (
19 envNamespace = "TRANSIP_"
20
21 EnvAccountName = envNamespace + "ACCOUNT_NAME"
22 EnvPrivateKeyPath = envNamespace + "PRIVATE_KEY_PATH"
23
24 EnvTTL = envNamespace + "TTL"
25 EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
26 EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
27 EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
28 )
29
30 var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
31
32 // Config is used to configure the creation of the DNSProvider.
33 type Config struct {
34 AccountName string
35 PrivateKeyPath string
36 PropagationTimeout time.Duration
37 PollingInterval time.Duration
38 TTL int64
39 HTTPClient *http.Client
40 }
41
42 // NewDefaultConfig returns a default configuration for the DNSProvider.
43 func NewDefaultConfig() *Config {
44 return &Config{
45 TTL: int64(env.GetOrDefaultInt(EnvTTL, 10)),
46 PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 10*time.Minute),
47 PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
48 HTTPClient: &http.Client{
49 Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
50 },
51 }
52 }
53
54 // DNSProvider implements the challenge.Provider interface.
55 type DNSProvider struct {
56 config *Config
57 repository transipdomain.Repository
58 }
59
60 // NewDNSProvider returns a DNSProvider instance configured for TransIP.
61 // Credentials must be passed in the environment variables:
62 // TRANSIP_ACCOUNTNAME, TRANSIP_PRIVATEKEYPATH.
63 func NewDNSProvider() (*DNSProvider, error) {
64 values, err := env.Get(EnvAccountName, EnvPrivateKeyPath)
65 if err != nil {
66 return nil, fmt.Errorf("transip: %w", err)
67 }
68
69 config := NewDefaultConfig()
70 config.AccountName = values[EnvAccountName]
71 config.PrivateKeyPath = values[EnvPrivateKeyPath]
72
73 return NewDNSProviderConfig(config)
74 }
75
76 // NewDNSProviderConfig return a DNSProvider instance configured for TransIP.
77 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
78 if config == nil {
79 return nil, errors.New("transip: the configuration of the DNS provider is nil")
80 }
81
82 cfg := gotransip.ClientConfiguration{
83 AccountName: config.AccountName,
84 PrivateKeyPath: config.PrivateKeyPath,
85 }
86
87 if config.HTTPClient != nil {
88 cfg.HTTPClient = config.HTTPClient
89 } else {
90 // Uses an explicit default HTTP client because the desec.NewDefaultClientOptions uses the http.DefaultClient.
91 cfg.HTTPClient = &http.Client{Timeout: 30 * time.Second}
92 }
93
94 client, err := gotransip.NewClient(cfg)
95 if err != nil {
96 return nil, fmt.Errorf("transip: %w", err)
97 }
98
99 repo := transipdomain.Repository{Client: client}
100
101 return &DNSProvider{repository: repo, config: config}, nil
102 }
103
104 // Timeout returns the timeout and interval to use when checking for DNS propagation.
105 // Adjusting here to cope with spikes in propagation times.
106 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
107 return d.config.PropagationTimeout, d.config.PollingInterval
108 }
109
110 // Present creates a TXT record to fulfill the dns-01 challenge.
111 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
112 info := dns01.GetChallengeInfo(domain, keyAuth)
113
114 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
115 if err != nil {
116 return fmt.Errorf("transip: could not find zone for domain %q: %w", domain, err)
117 }
118
119 // get the subDomain
120 subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
121 if err != nil {
122 return fmt.Errorf("transip: %w", err)
123 }
124
125 domainName := dns01.UnFqdn(authZone)
126
127 entry := transipdomain.DNSEntry{
128 Name: subDomain,
129 Expire: int(d.config.TTL),
130 Type: "TXT",
131 Content: info.Value,
132 }
133
134 err = d.repository.AddDNSEntry(domainName, entry)
135 if err != nil {
136 return fmt.Errorf("transip: %w", err)
137 }
138
139 return nil
140 }
141
142 // CleanUp removes the TXT record matching the specified parameters.
143 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
144 info := dns01.GetChallengeInfo(domain, keyAuth)
145
146 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
147 if err != nil {
148 return fmt.Errorf("transip: could not find zone for domain %q: %w", domain, err)
149 }
150
151 // get the subDomain
152 subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
153 if err != nil {
154 return fmt.Errorf("transip: %w", err)
155 }
156
157 domainName := dns01.UnFqdn(authZone)
158
159 // get all DNS entries
160 dnsEntries, err := d.repository.GetDNSEntries(domainName)
161 if err != nil {
162 return fmt.Errorf("transip: error for %s in CleanUp: %w", info.EffectiveFQDN, err)
163 }
164
165 // loop through the existing entries and remove the specific record
166 for _, entry := range dnsEntries {
167 if entry.Name == subDomain && entry.Content == info.Value {
168 if err = d.repository.RemoveDNSEntry(domainName, entry); err != nil {
169 return fmt.Errorf("transip: couldn't get Record ID in CleanUp: %w", err)
170 }
171
172 return nil
173 }
174 }
175
176 return nil
177 }
178