]>
Commit | Line | Data |
---|---|---|
2e74df25 KT |
1 | #!/usr/bin/env sh |
2 | ||
3 | CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\." | |
4 | ||
5 | ######## Public functions ##################### | |
6 | ||
7 | #Usage: dns_conoha_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" | |
8 | dns_conoha_add() { | |
9 | fulldomain=$1 | |
10 | txtvalue=$2 | |
11 | _info "Using conoha" | |
12 | _debug fulldomain "$fulldomain" | |
13 | _debug txtvalue "$txtvalue" | |
14 | ||
15 | _debug "Check uesrname and password" | |
16 | CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}" | |
17 | CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}" | |
18 | CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}" | |
19 | CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}" | |
20 | if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then | |
21 | CONOHA_Username="" | |
22 | CONOHA_Password="" | |
23 | CONOHA_TenantId="" | |
24 | CONOHA_IdentityServiceApi="" | |
25 | _err "You didn't specify a conoha api username and password yet." | |
26 | _err "Please create the user and try again." | |
27 | return 1 | |
28 | fi | |
29 | ||
30 | _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username" | |
31 | _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password" | |
32 | _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId" | |
33 | _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi" | |
34 | ||
73d04b97 KT |
35 | if token="$(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId")"; then |
36 | accesstoken="$(printf "%s" "$token" | sed -n 1p)" | |
37 | CONOHA_Api="$(printf "%s" "$token" | sed -n 2p)" | |
2e74df25 KT |
38 | else |
39 | return 1 | |
40 | fi | |
2e74df25 KT |
41 | |
42 | _debug "First detect the root zone" | |
43 | if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then | |
44 | _err "invalid domain" | |
45 | return 1 | |
46 | fi | |
47 | _debug _domain_id "$_domain_id" | |
48 | _debug _sub_domain "$_sub_domain" | |
49 | _debug _domain "$_domain" | |
2e74df25 KT |
50 | |
51 | _info "Adding record" | |
52 | body="{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"data\":\"$txtvalue\",\"ttl\":60}" | |
53 | if _conoha_rest POST "$CONOHA_Api/v1/domains/$_domain_id/records" "$body" "$accesstoken"; then | |
54 | if _contains "$response" '"data":"'"$txtvalue"'"'; then | |
55 | _info "Added, OK" | |
56 | return 0 | |
57 | else | |
58 | _err "Add txt record error." | |
59 | return 1 | |
60 | fi | |
61 | fi | |
62 | ||
63 | _err "Add txt record error." | |
64 | return 1 | |
65 | } | |
66 | ||
67 | #Usage: fulldomain txtvalue | |
68 | #Remove the txt record after validation. | |
69 | dns_conoha_rm() { | |
70 | fulldomain=$1 | |
71 | txtvalue=$2 | |
72 | _info "Using conoha" | |
73 | _debug fulldomain "$fulldomain" | |
74 | _debug txtvalue "$txtvalue" | |
75 | ||
76 | _debug "Check uesrname and password" | |
77 | CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}" | |
78 | CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}" | |
79 | CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}" | |
80 | CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}" | |
81 | if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then | |
82 | CONOHA_Username="" | |
83 | CONOHA_Password="" | |
84 | CONOHA_TenantId="" | |
85 | CONOHA_IdentityServiceApi="" | |
86 | _err "You didn't specify a conoha api username and password yet." | |
87 | _err "Please create the user and try again." | |
88 | return 1 | |
89 | fi | |
90 | ||
91 | _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username" | |
92 | _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password" | |
93 | _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId" | |
94 | _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi" | |
95 | ||
73d04b97 KT |
96 | if token="$(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId")"; then |
97 | accesstoken="$(printf "%s" "$token" | sed -n 1p)" | |
98 | CONOHA_Api="$(printf "%s" "$token" | sed -n 2p)" | |
2e74df25 KT |
99 | else |
100 | return 1 | |
101 | fi | |
102 | ||
103 | _debug "First detect the root zone" | |
104 | if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then | |
105 | _err "invalid domain" | |
106 | return 1 | |
107 | fi | |
108 | _debug _domain_id "$_domain_id" | |
109 | _debug _sub_domain "$_sub_domain" | |
110 | _debug _domain "$_domain" | |
111 | ||
112 | _debug "Getting txt records" | |
113 | if ! _conoha_rest GET "$CONOHA_Api/v1/domains/$_domain_id/records" "" "$accesstoken"; then | |
114 | _err "Error" | |
115 | return 1 | |
116 | fi | |
117 | ||
19c43451 | 118 | record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' | |
119 | grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" | | |
120 | _head_n 1 | cut -d : -f 2 | tr -d \") | |
2e74df25 KT |
121 | if [ -z "$record_id" ]; then |
122 | _err "Can not get record id to remove." | |
123 | return 1 | |
124 | fi | |
125 | _debug record_id "$record_id" | |
126 | ||
127 | _info "Removing the txt record" | |
128 | if ! _conoha_rest DELETE "$CONOHA_Api/v1/domains/$_domain_id/records/$record_id" "" "$accesstoken"; then | |
129 | _err "Delete record error." | |
130 | return 1 | |
131 | fi | |
132 | ||
133 | return 0 | |
134 | } | |
135 | ||
136 | #################### Private functions below ################################## | |
137 | ||
138 | _conoha_rest() { | |
139 | m="$1" | |
140 | ep="$2" | |
141 | data="$3" | |
142 | accesstoken="$4" | |
143 | ||
144 | export _H1="Accept: application/json" | |
145 | export _H2="Content-Type: application/json" | |
146 | if [ -n "$accesstoken" ]; then | |
147 | export _H3="X-Auth-Token: $accesstoken" | |
72a7f932 | 148 | fi |
2e74df25 KT |
149 | |
150 | _debug "$ep" | |
151 | if [ "$m" != "GET" ]; then | |
152 | _secure_debug2 data "$data" | |
153 | response="$(_post "$data" "$ep" "" "$m")" | |
154 | else | |
155 | response="$(_get "$ep")" | |
156 | fi | |
157 | _ret="$?" | |
158 | _secure_debug2 response "$response" | |
159 | if [ "$_ret" != "0" ]; then | |
160 | _err "error $ep" | |
161 | return 1 | |
162 | fi | |
163 | ||
164 | response="$(printf "%s" "$response" | _normalizeJson)" | |
165 | return 0 | |
166 | } | |
167 | ||
168 | _conoha_get_accesstoken() { | |
169 | ep="$1" | |
170 | username="$2" | |
171 | password="$3" | |
172 | tenantId="$4" | |
173 | ||
174 | accesstoken="$(_readaccountconf_mutable conoha_accesstoken)" | |
175 | expires="$(_readaccountconf_mutable conoha_tokenvalidto)" | |
176 | CONOHA_Api="$(_readaccountconf_mutable conoha_dns_ep)" | |
a35d2716 | 177 | |
2e74df25 KT |
178 | # can we reuse the access token? |
179 | if [ -n "$accesstoken" ] && [ -n "$expires" ] && [ -n "$CONOHA_Api" ]; then | |
180 | utc_date="$(_utc_date | sed "s/ /T/")" | |
181 | if expr "$utc_date" "<" "$expires" >/dev/null; then | |
182 | # access token is still valid - reuse it | |
183 | _debug "reusing access token" | |
73d04b97 | 184 | printf "%s\n%s\n" "$accesstoken" "$CONOHA_Api" |
2e74df25 KT |
185 | return 0 |
186 | else | |
187 | _debug "access token expired" | |
188 | fi | |
189 | fi | |
190 | _debug "getting new access token" | |
191 | ||
192 | body="$(printf '{"auth":{"passwordCredentials":{"username":"%s","password":"%s"},"tenantId":"%s"}}' "$username" "$password" "$tenantId")" | |
193 | if ! _conoha_rest POST "$ep" "$body" ""; then | |
194 | _err error "$response" | |
195 | return 1 | |
196 | fi | |
197 | accesstoken=$(printf "%s" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") | |
198 | expires=$(printf "%s" "$response" | _egrep_o "\"expires\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2-4 | tr -d \" | tr -d Z) #expect UTC | |
199 | if [ -z "$accesstoken" ] || [ -z "$expires" ]; then | |
200 | _err "no acccess token received. Check your Conoha settings see $WIKI" | |
201 | return 1 | |
202 | fi | |
203 | _saveaccountconf_mutable conoha_accesstoken "$accesstoken" | |
204 | _saveaccountconf_mutable conoha_tokenvalidto "$expires" | |
205 | ||
206 | CONOHA_Api=$(printf "%s" "$response" | _egrep_o 'publicURL":"'"$CONOHA_DNS_EP_PREFIX_REGEXP"'[^"]*"' | _head_n 1 | cut -d : -f 2-3 | tr -d \") | |
207 | if [ -z "$CONOHA_Api" ]; then | |
208 | _err "failed to get conoha dns endpoint url" | |
209 | return 1 | |
210 | fi | |
211 | _saveaccountconf_mutable conoha_dns_ep "$CONOHA_Api" | |
212 | ||
73d04b97 | 213 | printf "%s\n%s\n" "$accesstoken" "$CONOHA_Api" |
2e74df25 KT |
214 | return 0 |
215 | } | |
216 | ||
217 | #_acme-challenge.www.domain.com | |
218 | #returns | |
219 | # _sub_domain=_acme-challenge.www | |
220 | # _domain=domain.com | |
221 | # _domain_id=sdjkglgdfewsdfg | |
222 | _get_root() { | |
223 | domain="$1" | |
224 | ep="$2" | |
225 | accesstoken="$3" | |
226 | i=2 | |
227 | p=1 | |
228 | while true; do | |
229 | h=$(printf "%s" "$domain" | cut -d . -f $i-100). | |
230 | _debug h "$h" | |
231 | if [ -z "$h" ]; then | |
232 | #not valid | |
233 | return 1 | |
234 | fi | |
235 | ||
236 | if ! _conoha_rest GET "$ep/v1/domains?name=$h" "" "$accesstoken"; then | |
237 | return 1 | |
238 | fi | |
239 | ||
240 | if _contains "$response" "\"name\":\"$h\"" >/dev/null; then | |
241 | _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") | |
242 | if [ "$_domain_id" ]; then | |
243 | _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) | |
244 | _domain=$h | |
245 | return 0 | |
246 | fi | |
247 | return 1 | |
248 | fi | |
249 | p=$i | |
250 | i=$(_math "$i" + 1) | |
251 | done | |
252 | return 1 | |
253 | } |