ACME TLS ALPN
This commit is contained in:
Ludovic Fernandez
Traefiker Bot
parent
17ad5153b8
commit
139f280f35
258 changed files with 25528 additions and 1516 deletions
47
vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go
generated
vendored
47
vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go
generated
vendored
|
|
@ -31,6 +31,7 @@ func NewDNSProvider() (*DNSProvider, error) {
|
|||
if saFile, ok := os.LookupEnv("GCE_SERVICE_ACCOUNT_FILE"); ok {
|
||||
return NewDNSProviderServiceAccount(saFile)
|
||||
}
|
||||
|
||||
project := os.Getenv("GCE_PROJECT")
|
||||
return NewDNSProviderCredentials(project)
|
||||
}
|
||||
|
|
@ -44,11 +45,11 @@ func NewDNSProviderCredentials(project string) (*DNSProvider, error) {
|
|||
|
||||
client, err := google.DefaultClient(context.Background(), dns.NdevClouddnsReadwriteScope)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to get Google Cloud client: %v", err)
|
||||
return nil, fmt.Errorf("unable to get Google Cloud client: %v", err)
|
||||
}
|
||||
svc, err := dns.New(client)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to create Google Cloud DNS service: %v", err)
|
||||
return nil, fmt.Errorf("unable to create Google Cloud DNS service: %v", err)
|
||||
}
|
||||
return &DNSProvider{
|
||||
project: project,
|
||||
|
|
@ -65,7 +66,7 @@ func NewDNSProviderServiceAccount(saFile string) (*DNSProvider, error) {
|
|||
|
||||
dat, err := ioutil.ReadFile(saFile)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to read Service Account file: %v", err)
|
||||
return nil, fmt.Errorf("unable to read Service Account file: %v", err)
|
||||
}
|
||||
|
||||
// read project id from service account file
|
||||
|
|
@ -74,19 +75,19 @@ func NewDNSProviderServiceAccount(saFile string) (*DNSProvider, error) {
|
|||
}
|
||||
err = json.Unmarshal(dat, &datJSON)
|
||||
if err != nil || datJSON.ProjectID == "" {
|
||||
return nil, fmt.Errorf("Project ID not found in Google Cloud Service Account file")
|
||||
return nil, fmt.Errorf("project ID not found in Google Cloud Service Account file")
|
||||
}
|
||||
project := datJSON.ProjectID
|
||||
|
||||
conf, err := google.JWTConfigFromJSON(dat, dns.NdevClouddnsReadwriteScope)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to acquire config: %v", err)
|
||||
return nil, fmt.Errorf("unable to acquire config: %v", err)
|
||||
}
|
||||
client := conf.Client(context.Background())
|
||||
|
||||
svc, err := dns.New(client)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to create Google Cloud DNS service: %v", err)
|
||||
return nil, fmt.Errorf("unable to create Google Cloud DNS service: %v", err)
|
||||
}
|
||||
return &DNSProvider{
|
||||
project: project,
|
||||
|
|
@ -95,10 +96,10 @@ func NewDNSProviderServiceAccount(saFile string) (*DNSProvider, error) {
|
|||
}
|
||||
|
||||
// Present creates a TXT record to fulfil the dns-01 challenge.
|
||||
func (c *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||
fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
|
||||
|
||||
zone, err := c.getHostedZone(domain)
|
||||
zone, err := d.getHostedZone(domain)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -114,7 +115,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||
}
|
||||
|
||||
// Look for existing records.
|
||||
list, err := c.client.ResourceRecordSets.List(c.project, zone).Name(fqdn).Type("TXT").Do()
|
||||
list, err := d.client.ResourceRecordSets.List(d.project, zone).Name(fqdn).Type("TXT").Do()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -123,7 +124,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||
change.Deletions = list.Rrsets
|
||||
}
|
||||
|
||||
chg, err := c.client.Changes.Create(c.project, zone, change).Do()
|
||||
chg, err := d.client.Changes.Create(d.project, zone, change).Do()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -132,7 +133,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||
for chg.Status == "pending" {
|
||||
time.Sleep(time.Second)
|
||||
|
||||
chg, err = c.client.Changes.Get(c.project, zone, chg.Id).Do()
|
||||
chg, err = d.client.Changes.Get(d.project, zone, chg.Id).Do()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -142,15 +143,15 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||
}
|
||||
|
||||
// CleanUp removes the TXT record matching the specified parameters.
|
||||
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
|
||||
|
||||
zone, err := c.getHostedZone(domain)
|
||||
zone, err := d.getHostedZone(domain)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
records, err := c.findTxtRecords(zone, fqdn)
|
||||
records, err := d.findTxtRecords(zone, fqdn)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -159,7 +160,7 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
change := &dns.Change{
|
||||
Deletions: []*dns.ResourceRecordSet{rec},
|
||||
}
|
||||
_, err = c.client.Changes.Create(c.project, zone, change).Do()
|
||||
_, err = d.client.Changes.Create(d.project, zone, change).Do()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -169,19 +170,19 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
|
||||
// Timeout customizes the timeout values used by the ACME package for checking
|
||||
// DNS record validity.
|
||||
func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {
|
||||
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
|
||||
return 180 * time.Second, 5 * time.Second
|
||||
}
|
||||
|
||||
// getHostedZone returns the managed-zone
|
||||
func (c *DNSProvider) getHostedZone(domain string) (string, error) {
|
||||
func (d *DNSProvider) getHostedZone(domain string) (string, error) {
|
||||
authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
zones, err := c.client.ManagedZones.
|
||||
List(c.project).
|
||||
zones, err := d.client.ManagedZones.
|
||||
List(d.project).
|
||||
DnsName(authZone).
|
||||
Do()
|
||||
if err != nil {
|
||||
|
|
@ -189,20 +190,20 @@ func (c *DNSProvider) getHostedZone(domain string) (string, error) {
|
|||
}
|
||||
|
||||
if len(zones.ManagedZones) == 0 {
|
||||
return "", fmt.Errorf("No matching GoogleCloud domain found for domain %s", authZone)
|
||||
return "", fmt.Errorf("no matching GoogleCloud domain found for domain %s", authZone)
|
||||
}
|
||||
|
||||
return zones.ManagedZones[0].Name, nil
|
||||
}
|
||||
|
||||
func (c *DNSProvider) findTxtRecords(zone, fqdn string) ([]*dns.ResourceRecordSet, error) {
|
||||
func (d *DNSProvider) findTxtRecords(zone, fqdn string) ([]*dns.ResourceRecordSet, error) {
|
||||
|
||||
recs, err := c.client.ResourceRecordSets.List(c.project, zone).Do()
|
||||
recs, err := d.client.ResourceRecordSets.List(d.project, zone).Do()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
found := []*dns.ResourceRecordSet{}
|
||||
var found []*dns.ResourceRecordSet
|
||||
for _, r := range recs.Rrsets {
|
||||
if r.Type == "TXT" && r.Name == fqdn {
|
||||
found = append(found, r)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue