Update lego

2018-09-17 15:16:03 +02:00 · 2018-09-17 15:16:03 +02:00 · a80cca95a2
commit a80cca95a2
parent c52f4b043d
57 changed files with 4479 additions and 2319 deletions
--- a/vendor/github.com/xenolf/lego/providers/dns/ovh/ovh.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/ovh/ovh.go
@ -3,9 +3,12 @@
 package ovh

 import (
+	"errors"
 	"fmt"
+	"net/http"
 	"strings"
 	"sync"
+	"time"

 	"github.com/ovh/go-ovh/ovh"
 	"github.com/xenolf/lego/acme"
@ -15,9 +18,34 @@ import (
 // OVH API reference:       https://eu.api.ovh.com/
 // Create a Token:					https://eu.api.ovh.com/createToken/

+// Config is used to configure the creation of the DNSProvider
+type Config struct {
+	APIEndpoint        string
+	ApplicationKey     string
+	ApplicationSecret  string
+	ConsumerKey        string
+	PropagationTimeout time.Duration
+	PollingInterval    time.Duration
+	TTL                int
+	HTTPClient         *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider
+func NewDefaultConfig() *Config {
+	return &Config{
+		TTL:                env.GetOrDefaultInt("OVH_TTL", 120),
+		PropagationTimeout: env.GetOrDefaultSecond("OVH_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("OVH_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		HTTPClient: &http.Client{
+			Timeout: env.GetOrDefaultSecond("OVH_HTTP_TIMEOUT", ovh.DefaultTimeout),
+		},
+	}
+}
+
 // DNSProvider is an implementation of the acme.ChallengeProvider interface
 // that uses OVH's REST API to manage TXT records for a domain.
 type DNSProvider struct {
+	config      *Config
 	client      *ovh.Client
 	recordIDs   map[string]int
 	recordIDsMu sync.Mutex
@ -32,69 +60,88 @@ type DNSProvider struct {
 func NewDNSProvider() (*DNSProvider, error) {
 	values, err := env.Get("OVH_ENDPOINT", "OVH_APPLICATION_KEY", "OVH_APPLICATION_SECRET", "OVH_CONSUMER_KEY")
 	if err != nil {
-		return nil, fmt.Errorf("OVH: %v", err)
+		return nil, fmt.Errorf("ovh: %v", err)
 	}

-	return NewDNSProviderCredentials(
-		values["OVH_ENDPOINT"],
-		values["OVH_APPLICATION_KEY"],
-		values["OVH_APPLICATION_SECRET"],
-		values["OVH_CONSUMER_KEY"],
-	)
+	config := NewDefaultConfig()
+	config.APIEndpoint = values["OVH_ENDPOINT"]
+	config.ApplicationKey = values["OVH_APPLICATION_KEY"]
+	config.ApplicationSecret = values["OVH_APPLICATION_SECRET"]
+	config.ConsumerKey = values["OVH_CONSUMER_KEY"]
+
+	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials to return a
-// DNSProvider instance configured for OVH.
+// NewDNSProviderCredentials uses the supplied credentials
+// to return a DNSProvider instance configured for OVH.
+// Deprecated
 func NewDNSProviderCredentials(apiEndpoint, applicationKey, applicationSecret, consumerKey string) (*DNSProvider, error) {
-	if apiEndpoint == "" || applicationKey == "" || applicationSecret == "" || consumerKey == "" {
-		return nil, fmt.Errorf("OVH credentials missing")
+	config := NewDefaultConfig()
+	config.APIEndpoint = apiEndpoint
+	config.ApplicationKey = applicationKey
+	config.ApplicationSecret = applicationSecret
+	config.ConsumerKey = consumerKey
+
+	return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for OVH.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+	if config == nil {
+		return nil, errors.New("ovh: the configuration of the DNS provider is nil")
 	}

-	ovhClient, err := ovh.NewClient(
-		apiEndpoint,
-		applicationKey,
-		applicationSecret,
-		consumerKey,
+	if config.APIEndpoint == "" || config.ApplicationKey == "" || config.ApplicationSecret == "" || config.ConsumerKey == "" {
+		return nil, fmt.Errorf("ovh: credentials missing")
+	}
+
+	client, err := ovh.NewClient(
+		config.APIEndpoint,
+		config.ApplicationKey,
+		config.ApplicationSecret,
+		config.ConsumerKey,
 	)
-
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("ovh: %v", err)
 	}

+	client.Client = config.HTTPClient
+
 	return &DNSProvider{
-		client:    ovhClient,
+		config:    config,
+		client:    client,
 		recordIDs: make(map[string]int),
 	}, nil
 }

 // Present creates a TXT record to fulfil the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)

 	// Parse domain name
 	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
 	if err != nil {
-		return fmt.Errorf("could not determine zone for domain: '%s'. %s", domain, err)
+		return fmt.Errorf("ovh: could not determine zone for domain: '%s'. %s", domain, err)
 	}

 	authZone = acme.UnFqdn(authZone)
 	subDomain := d.extractRecordName(fqdn, authZone)

 	reqURL := fmt.Sprintf("/domain/zone/%s/record", authZone)
-	reqData := txtRecordRequest{FieldType: "TXT", SubDomain: subDomain, Target: value, TTL: ttl}
+	reqData := txtRecordRequest{FieldType: "TXT", SubDomain: subDomain, Target: value, TTL: d.config.TTL}
 	var respData txtRecordResponse

 	// Create TXT record
 	err = d.client.Post(reqURL, reqData, &respData)
 	if err != nil {
-		return fmt.Errorf("error when call OVH api to add record: %v", err)
+		return fmt.Errorf("ovh: error when call api to add record: %v", err)
 	}

 	// Apply the change
 	reqURL = fmt.Sprintf("/domain/zone/%s/refresh", authZone)
 	err = d.client.Post(reqURL, nil, nil)
 	if err != nil {
-		return fmt.Errorf("error when call OVH api to refresh zone: %v", err)
+		return fmt.Errorf("ovh: error when call api to refresh zone: %v", err)
 	}

 	d.recordIDsMu.Lock()
@ -113,12 +160,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	recordID, ok := d.recordIDs[fqdn]
 	d.recordIDsMu.Unlock()
 	if !ok {
-		return fmt.Errorf("unknown record ID for '%s'", fqdn)
+		return fmt.Errorf("ovh: unknown record ID for '%s'", fqdn)
 	}

 	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
 	if err != nil {
-		return fmt.Errorf("could not determine zone for domain: '%s'. %s", domain, err)
+		return fmt.Errorf("ovh: could not determine zone for domain: '%s'. %s", domain, err)
 	}

 	authZone = acme.UnFqdn(authZone)
@ -127,7 +174,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 	err = d.client.Delete(reqURL, nil)
 	if err != nil {
-		return fmt.Errorf("error when call OVH api to delete challenge record: %v", err)
+		return fmt.Errorf("ovh: error when call OVH api to delete challenge record: %v", err)
 	}

 	// Delete record ID from map
@ -138,6 +185,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	return nil
 }

+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
 func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
 	name := acme.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {