[mirror_acme.sh.git] / dnsapi / dns_conoha.sh

#!/usr/bin/env sh

CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\."

########  Public functions #####################

#Usage: dns_conoha_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_conoha_add() {
  fulldomain=$1
  txtvalue=$2
  _info "Using conoha"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"

  _debug "Check uesrname and password"
  CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
  CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
  CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
  CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
  if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then
    CONOHA_Username=""
    CONOHA_Password=""
    CONOHA_TenantId=""
    CONOHA_IdentityServiceApi=""
    _err "You didn't specify a conoha api username and password yet."
    _err "Please create the user and try again."
    return 1
  fi

  _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
  _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
  _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
  _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"

  if token="$(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId")"; then
    accesstoken="$(printf "%s" "$token" | sed -n 1p)"
    CONOHA_Api="$(printf "%s" "$token" | sed -n 2p)"
  else
    return 1
  fi

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"

  _info "Adding record"
  body="{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"data\":\"$txtvalue\",\"ttl\":60}"
  if _conoha_rest POST "$CONOHA_Api/v1/domains/$_domain_id/records" "$body" "$accesstoken"; then
    if _contains "$response" '"data":"'"$txtvalue"'"'; then
      _info "Added, OK"
      return 0
    else
      _err "Add txt record error."
      return 1
    fi
  fi

  _err "Add txt record error."
  return 1
}

#Usage: fulldomain txtvalue
#Remove the txt record after validation.
dns_conoha_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "Using conoha"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"

  _debug "Check uesrname and password"
  CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
  CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
  CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
  CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
  if [ -z "$CONOHA_Username" ] || [ -z "$CONOHA_Password" ] || [ -z "$CONOHA_TenantId" ] || [ -z "$CONOHA_IdentityServiceApi" ]; then
    CONOHA_Username=""
    CONOHA_Password=""
    CONOHA_TenantId=""
    CONOHA_IdentityServiceApi=""
    _err "You didn't specify a conoha api username and password yet."
    _err "Please create the user and try again."
    return 1
  fi

  _saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
  _saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
  _saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
  _saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"

  if token="$(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId")"; then
    accesstoken="$(printf "%s" "$token" | sed -n 1p)"
    CONOHA_Api="$(printf "%s" "$token" | sed -n 2p)"
  else
    return 1
  fi

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"

  _debug "Getting txt records"
  if ! _conoha_rest GET "$CONOHA_Api/v1/domains/$_domain_id/records" "" "$accesstoken"; then
    _err "Error"
    return 1
  fi

  record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' |
    grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" |
    _head_n 1 | cut -d : -f 2 | tr -d \")
  if [ -z "$record_id" ]; then
    _err "Can not get record id to remove."
    return 1
  fi
  _debug record_id "$record_id"

  _info "Removing the txt record"
  if ! _conoha_rest DELETE "$CONOHA_Api/v1/domains/$_domain_id/records/$record_id" "" "$accesstoken"; then
    _err "Delete record error."
    return 1
  fi

  return 0
}

####################  Private functions below ##################################

_conoha_rest() {
  m="$1"
  ep="$2"
  data="$3"
  accesstoken="$4"

  export _H1="Accept: application/json"
  export _H2="Content-Type: application/json"
  if [ -n "$accesstoken" ]; then
    export _H3="X-Auth-Token: $accesstoken"
  fi

  _debug "$ep"
  if [ "$m" != "GET" ]; then
    _secure_debug2 data "$data"
    response="$(_post "$data" "$ep" "" "$m")"
  else
    response="$(_get "$ep")"
  fi
  _ret="$?"
  _secure_debug2 response "$response"
  if [ "$_ret" != "0" ]; then
    _err "error $ep"
    return 1
  fi

  response="$(printf "%s" "$response" | _normalizeJson)"
  return 0
}

_conoha_get_accesstoken() {
  ep="$1"
  username="$2"
  password="$3"
  tenantId="$4"

  accesstoken="$(_readaccountconf_mutable conoha_accesstoken)"
  expires="$(_readaccountconf_mutable conoha_tokenvalidto)"
  CONOHA_Api="$(_readaccountconf_mutable conoha_dns_ep)"

  # can we reuse the access token?
  if [ -n "$accesstoken" ] && [ -n "$expires" ] && [ -n "$CONOHA_Api" ]; then
    utc_date="$(_utc_date | sed "s/ /T/")"
    if expr "$utc_date" "<" "$expires" >/dev/null; then
      # access token is still valid - reuse it
      _debug "reusing access token"
      printf "%s\n%s\n" "$accesstoken" "$CONOHA_Api"
      return 0
    else
      _debug "access token expired"
    fi
  fi
  _debug "getting new access token"

  body="$(printf '{"auth":{"passwordCredentials":{"username":"%s","password":"%s"},"tenantId":"%s"}}' "$username" "$password" "$tenantId")"
  if ! _conoha_rest POST "$ep" "$body" ""; then
    _err error "$response"
    return 1
  fi
  accesstoken=$(printf "%s" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
  expires=$(printf "%s" "$response" | _egrep_o "\"expires\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2-4 | tr -d \" | tr -d Z) #expect UTC
  if [ -z "$accesstoken" ] || [ -z "$expires" ]; then
    _err "no acccess token received. Check your Conoha settings see $WIKI"
    return 1
  fi
  _saveaccountconf_mutable conoha_accesstoken "$accesstoken"
  _saveaccountconf_mutable conoha_tokenvalidto "$expires"

  CONOHA_Api=$(printf "%s" "$response" | _egrep_o 'publicURL":"'"$CONOHA_DNS_EP_PREFIX_REGEXP"'[^"]*"' | _head_n 1 | cut -d : -f 2-3 | tr -d \")
  if [ -z "$CONOHA_Api" ]; then
    _err "failed to get conoha dns endpoint url"
    return 1
  fi
  _saveaccountconf_mutable conoha_dns_ep "$CONOHA_Api"

  printf "%s\n%s\n" "$accesstoken" "$CONOHA_Api"
  return 0
}

#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
_get_root() {
  domain="$1"
  ep="$2"
  accesstoken="$3"
  i=2
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100).
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi

    if ! _conoha_rest GET "$ep/v1/domains?name=$h" "" "$accesstoken"; then
      return 1
    fi

    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
        _domain=$h
        return 0
      fi
      return 1
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
}
Commit	Line	Data
2e74df25 KT	1	#!/usr/bin/env sh
	2
	3	CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\."
	4
	5	######## Public functions #####################
	6
	7	#Usage: dns_conoha_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
	8	dns_conoha_add() {
	9	fulldomain=$1
	10	txtvalue=$2
	11	_info "Using conoha"
	12	_debug fulldomain "$fulldomain"
	13	_debug txtvalue "$txtvalue"
	14
	15	_debug "Check uesrname and password"
	16	CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
	17	CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
	18	CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
	19	CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
	20	if [ -z "$CONOHA_Username" ] \|\| [ -z "$CONOHA_Password" ] \|\| [ -z "$CONOHA_TenantId" ] \|\| [ -z "$CONOHA_IdentityServiceApi" ]; then
	21	CONOHA_Username=""
	22	CONOHA_Password=""
	23	CONOHA_TenantId=""
	24	CONOHA_IdentityServiceApi=""
	25	_err "You didn't specify a conoha api username and password yet."
	26	_err "Please create the user and try again."
	27	return 1
	28	fi
	29
	30	_saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
	31	_saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
	32	_saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
	33	_saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"
	34
73d04b97 KT	35	if token="$(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId")"; then
	36	accesstoken="$(printf "%s" "$token" \| sed -n 1p)"
	37	CONOHA_Api="$(printf "%s" "$token" \| sed -n 2p)"
2e74df25 KT	38	else
	39	return 1
	40	fi
2e74df25 KT	41
	42	_debug "First detect the root zone"
	43	if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
	44	_err "invalid domain"
	45	return 1
	46	fi
	47	_debug _domain_id "$_domain_id"
	48	_debug _sub_domain "$_sub_domain"
	49	_debug _domain "$_domain"
2e74df25 KT	50
	51	_info "Adding record"
	52	body="{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"data\":\"$txtvalue\",\"ttl\":60}"
	53	if _conoha_rest POST "$CONOHA_Api/v1/domains/$_domain_id/records" "$body" "$accesstoken"; then
	54	if _contains "$response" '"data":"'"$txtvalue"'"'; then
	55	_info "Added, OK"
	56	return 0
	57	else
	58	_err "Add txt record error."
	59	return 1
	60	fi
	61	fi
	62
	63	_err "Add txt record error."
	64	return 1
	65	}
	66
	67	#Usage: fulldomain txtvalue
	68	#Remove the txt record after validation.
	69	dns_conoha_rm() {
	70	fulldomain=$1
	71	txtvalue=$2
	72	_info "Using conoha"
	73	_debug fulldomain "$fulldomain"
	74	_debug txtvalue "$txtvalue"
	75
	76	_debug "Check uesrname and password"
	77	CONOHA_Username="${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}"
	78	CONOHA_Password="${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}"
	79	CONOHA_TenantId="${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}"
	80	CONOHA_IdentityServiceApi="${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}"
	81	if [ -z "$CONOHA_Username" ] \|\| [ -z "$CONOHA_Password" ] \|\| [ -z "$CONOHA_TenantId" ] \|\| [ -z "$CONOHA_IdentityServiceApi" ]; then
	82	CONOHA_Username=""
	83	CONOHA_Password=""
	84	CONOHA_TenantId=""
	85	CONOHA_IdentityServiceApi=""
	86	_err "You didn't specify a conoha api username and password yet."
	87	_err "Please create the user and try again."
	88	return 1
	89	fi
	90
	91	_saveaccountconf_mutable CONOHA_Username "$CONOHA_Username"
	92	_saveaccountconf_mutable CONOHA_Password "$CONOHA_Password"
	93	_saveaccountconf_mutable CONOHA_TenantId "$CONOHA_TenantId"
	94	_saveaccountconf_mutable CONOHA_IdentityServiceApi "$CONOHA_IdentityServiceApi"
	95
73d04b97 KT	96	if token="$(_conoha_get_accesstoken "$CONOHA_IdentityServiceApi/tokens" "$CONOHA_Username" "$CONOHA_Password" "$CONOHA_TenantId")"; then
	97	accesstoken="$(printf "%s" "$token" \| sed -n 1p)"
	98	CONOHA_Api="$(printf "%s" "$token" \| sed -n 2p)"
2e74df25 KT	99	else
	100	return 1
	101	fi
	102
	103	_debug "First detect the root zone"
	104	if ! _get_root "$fulldomain" "$CONOHA_Api" "$accesstoken"; then
	105	_err "invalid domain"
	106	return 1
	107	fi
	108	_debug _domain_id "$_domain_id"
	109	_debug _sub_domain "$_sub_domain"
	110	_debug _domain "$_domain"
	111
	112	_debug "Getting txt records"
	113	if ! _conoha_rest GET "$CONOHA_Api/v1/domains/$_domain_id/records" "" "$accesstoken"; then
	114	_err "Error"
	115	return 1
	116	fi
	117
19c43451	118	record_id=$(printf "%s" "$response" \| _egrep_o '{[^}]*}' \|
	119	grep '"type":"TXT"' \| grep "\"data\":\"$txtvalue\"" \| _egrep_o "\"id\":\"[^\"]*\"" \|
	120	_head_n 1 \| cut -d : -f 2 \| tr -d \")
2e74df25 KT	121	if [ -z "$record_id" ]; then
	122	_err "Can not get record id to remove."
	123	return 1
	124	fi
	125	_debug record_id "$record_id"
	126
	127	_info "Removing the txt record"
	128	if ! _conoha_rest DELETE "$CONOHA_Api/v1/domains/$_domain_id/records/$record_id" "" "$accesstoken"; then
	129	_err "Delete record error."
	130	return 1
	131	fi
	132
	133	return 0
	134	}
	135
	136	#################### Private functions below ##################################
	137
	138	_conoha_rest() {
	139	m="$1"
	140	ep="$2"
	141	data="$3"
	142	accesstoken="$4"
	143
	144	export _H1="Accept: application/json"
	145	export _H2="Content-Type: application/json"
	146	if [ -n "$accesstoken" ]; then
	147	export _H3="X-Auth-Token: $accesstoken"
72a7f932	148	fi
2e74df25 KT	149
	150	_debug "$ep"
	151	if [ "$m" != "GET" ]; then
	152	_secure_debug2 data "$data"
	153	response="$(_post "$data" "$ep" "" "$m")"
	154	else
	155	response="$(_get "$ep")"
	156	fi
	157	_ret="$?"
	158	_secure_debug2 response "$response"
	159	if [ "$_ret" != "0" ]; then
	160	_err "error $ep"
	161	return 1
	162	fi
	163
	164	response="$(printf "%s" "$response" \| _normalizeJson)"
	165	return 0
	166	}
	167
	168	_conoha_get_accesstoken() {
	169	ep="$1"
	170	username="$2"
	171	password="$3"
	172	tenantId="$4"
	173
	174	accesstoken="$(_readaccountconf_mutable conoha_accesstoken)"
	175	expires="$(_readaccountconf_mutable conoha_tokenvalidto)"
	176	CONOHA_Api="$(_readaccountconf_mutable conoha_dns_ep)"
a35d2716	177
2e74df25 KT	178	# can we reuse the access token?
	179	if [ -n "$accesstoken" ] && [ -n "$expires" ] && [ -n "$CONOHA_Api" ]; then
	180	utc_date="$(_utc_date \| sed "s/ /T/")"
	181	if expr "$utc_date" "<" "$expires" >/dev/null; then
	182	# access token is still valid - reuse it
	183	_debug "reusing access token"
73d04b97	184	printf "%s\n%s\n" "$accesstoken" "$CONOHA_Api"
2e74df25 KT	185	return 0
	186	else
	187	_debug "access token expired"
	188	fi
	189	fi
	190	_debug "getting new access token"
	191
	192	body="$(printf '{"auth":{"passwordCredentials":{"username":"%s","password":"%s"},"tenantId":"%s"}}' "$username" "$password" "$tenantId")"
	193	if ! _conoha_rest POST "$ep" "$body" ""; then
	194	_err error "$response"
	195	return 1
	196	fi
	197	accesstoken=$(printf "%s" "$response" \| _egrep_o "\"id\":\"[^\"]*\"" \| _head_n 1 \| cut -d : -f 2 \| tr -d \")
	198	expires=$(printf "%s" "$response" \| _egrep_o "\"expires\":\"[^\"]*\"" \| _head_n 1 \| cut -d : -f 2-4 \| tr -d \" \| tr -d Z) #expect UTC
	199	if [ -z "$accesstoken" ] \|\| [ -z "$expires" ]; then
	200	_err "no acccess token received. Check your Conoha settings see $WIKI"
	201	return 1
	202	fi
	203	_saveaccountconf_mutable conoha_accesstoken "$accesstoken"
	204	_saveaccountconf_mutable conoha_tokenvalidto "$expires"
	205
	206	CONOHA_Api=$(printf "%s" "$response" \| _egrep_o 'publicURL":"'"$CONOHA_DNS_EP_PREFIX_REGEXP"'[^"]*"' \| _head_n 1 \| cut -d : -f 2-3 \| tr -d \")
	207	if [ -z "$CONOHA_Api" ]; then
	208	_err "failed to get conoha dns endpoint url"
	209	return 1
	210	fi
	211	_saveaccountconf_mutable conoha_dns_ep "$CONOHA_Api"
	212
73d04b97	213	printf "%s\n%s\n" "$accesstoken" "$CONOHA_Api"
2e74df25 KT	214	return 0
	215	}
	216
	217	#_acme-challenge.www.domain.com
	218	#returns
	219	# _sub_domain=_acme-challenge.www
	220	# _domain=domain.com
	221	# _domain_id=sdjkglgdfewsdfg
	222	_get_root() {
	223	domain="$1"
	224	ep="$2"
	225	accesstoken="$3"
	226	i=2
	227	p=1
	228	while true; do
	229	h=$(printf "%s" "$domain" \| cut -d . -f $i-100).
	230	_debug h "$h"
	231	if [ -z "$h" ]; then
	232	#not valid
	233	return 1
	234	fi
	235
	236	if ! _conoha_rest GET "$ep/v1/domains?name=$h" "" "$accesstoken"; then
	237	return 1
	238	fi
	239
	240	if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
	241	_domain_id=$(printf "%s\n" "$response" \| _egrep_o "\"id\":\"[^\"]*\"" \| head -n 1 \| cut -d : -f 2 \| tr -d \")
	242	if [ "$_domain_id" ]; then
	243	_sub_domain=$(printf "%s" "$domain" \| cut -d . -f 1-$p)
	244	_domain=$h
	245	return 0
	246	fi
	247	return 1
	248	fi
	249	p=$i
	250	i=$(_math "$i" + 1)
	251	done
	252	return 1
	253	}