]>
Commit | Line | Data |
---|---|---|
c22705a5 W |
1 | #!/usr/bin/env sh |
2 | ||
e8e6feeb | 3 | # Author: Wout Decre <wout@canodus.be> |
c22705a5 | 4 | |
2cc50a2b W |
5 | CONSTELLIX_Api="https://api.dns.constellix.com/v1" |
6 | #CONSTELLIX_Key="XXX" | |
7 | #CONSTELLIX_Secret="XXX" | |
c22705a5 W |
8 | |
9 | ######## Public functions ##################### | |
10 | ||
2cc50a2b W |
11 | # Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
12 | # Used to add txt record | |
c22705a5 W |
13 | dns_constellix_add() { |
14 | fulldomain=$1 | |
15 | txtvalue=$2 | |
16 | ||
2cc50a2b W |
17 | CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}" |
18 | CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}" | |
c22705a5 | 19 | |
2cc50a2b | 20 | if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then |
c22705a5 W |
21 | _err "You did not specify the Contellix API key and secret yet." |
22 | return 1 | |
23 | fi | |
24 | ||
2cc50a2b W |
25 | _saveaccountconf_mutable CONSTELLIX_Key "$CONSTELLIX_Key" |
26 | _saveaccountconf_mutable CONSTELLIX_Secret "$CONSTELLIX_Secret" | |
c22705a5 W |
27 | |
28 | if ! _get_root "$fulldomain"; then | |
29 | _err "Invalid domain" | |
30 | return 1 | |
31 | fi | |
32 | ||
928aa74e | 33 | # The TXT record might already exist when working with wildcard certificates. In that case, update the record by adding the new value. |
8fdfe673 | 34 | _debug "Search TXT record" |
89bb7e6b | 35 | if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then |
36 | if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then | |
37 | _info "Adding TXT record" | |
38 | if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":60,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then | |
39 | if printf -- "%s" "$response" | grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then | |
40 | _info "Added" | |
494a6e60 | 41 | return 0 |
89bb7e6b | 42 | else |
43 | _err "Error adding TXT record" | |
44 | fi | |
45 | fi | |
c22705a5 | 46 | else |
8adb8a69 | 47 | _record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2) |
89bb7e6b | 48 | if _constellix_rest GET "domains/${_domain_id}/records/TXT/${_record_id}"; then |
3bfcd18a | 49 | _new_rr_values=$(printf "%s\n" "$response" | _egrep_o '"roundRobin":\[[^]]*\]' | sed "s/\]$/,{\"value\":\"${txtvalue}\"}]/") |
494a6e60 | 50 | _debug _new_rr_values "$_new_rr_values" |
89bb7e6b | 51 | _info "Updating TXT record" |
52 | if _constellix_rest PUT "domains/${_domain_id}/records/TXT/${_record_id}" "{\"name\":\"${_sub_domain}\",\"ttl\":60,${_new_rr_values}}"; then | |
53 | if printf -- "%s" "$response" | grep "{\"success\":\"Record.*updated successfully\"}" >/dev/null; then | |
54 | _info "Updated" | |
55 | return 0 | |
6b7db229 | 56 | elif printf -- "%s" "$response" | grep "{\"errors\":\[\"Contents are identical\"\]}" >/dev/null; then |
57 | _info "Already exists, no need to update" | |
58 | return 0 | |
89bb7e6b | 59 | else |
60 | _err "Error updating TXT record" | |
61 | fi | |
62 | fi | |
63 | fi | |
c22705a5 W |
64 | fi |
65 | fi | |
89bb7e6b | 66 | |
67 | return 1 | |
c22705a5 W |
68 | } |
69 | ||
2cc50a2b W |
70 | # Usage: fulldomain txtvalue |
71 | # Used to remove the txt record after validation | |
c22705a5 W |
72 | dns_constellix_rm() { |
73 | fulldomain=$1 | |
74 | txtvalue=$2 | |
75 | ||
2cc50a2b W |
76 | CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}" |
77 | CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}" | |
c22705a5 | 78 | |
2cc50a2b | 79 | if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then |
c22705a5 W |
80 | _err "You did not specify the Contellix API key and secret yet." |
81 | return 1 | |
82 | fi | |
83 | ||
84 | if ! _get_root "$fulldomain"; then | |
85 | _err "Invalid domain" | |
86 | return 1 | |
87 | fi | |
88 | ||
8fdfe673 | 89 | # The TXT record might have been removed already when working with some wildcard certificates. |
90 | _debug "Search TXT record" | |
91 | if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then | |
92 | if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then | |
c22705a5 W |
93 | _info "Removed" |
94 | return 0 | |
95 | else | |
8fdfe673 | 96 | _info "Removing TXT record" |
97 | if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"delete\":true,\"filter\":{\"field\":\"name\",\"op\":\"eq\",\"value\":\"${_sub_domain}\"}}]"; then | |
98 | if printf -- "%s" "$response" | grep "{\"success\":\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\"}" >/dev/null; then | |
99 | _info "Removed" | |
100 | return 0 | |
101 | else | |
102 | _err "Error removing TXT record" | |
103 | fi | |
104 | fi | |
c22705a5 W |
105 | fi |
106 | fi | |
89bb7e6b | 107 | |
108 | return 1 | |
c22705a5 W |
109 | } |
110 | ||
111 | #################### Private functions below ################################## | |
112 | ||
113 | _get_root() { | |
114 | domain=$1 | |
115 | i=2 | |
116 | p=1 | |
117 | _debug "Detecting root zone" | |
118 | while true; do | |
119 | h=$(printf "%s" "$domain" | cut -d . -f $i-100) | |
120 | if [ -z "$h" ]; then | |
121 | return 1 | |
122 | fi | |
123 | ||
e158b5cc | 124 | if ! _constellix_rest GET "domains/search?exact=$h"; then |
c22705a5 W |
125 | return 1 |
126 | fi | |
127 | ||
128 | if _contains "$response" "\"name\":\"$h\""; then | |
8adb8a69 | 129 | _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2) |
c22705a5 W |
130 | if [ "$_domain_id" ]; then |
131 | _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p) | |
132 | _domain="$h" | |
133 | ||
134 | _debug _domain_id "$_domain_id" | |
135 | _debug _sub_domain "$_sub_domain" | |
136 | _debug _domain "$_domain" | |
137 | return 0 | |
138 | fi | |
139 | return 1 | |
140 | fi | |
141 | p=$i | |
142 | i=$(_math "$i" + 1) | |
143 | done | |
144 | return 1 | |
145 | } | |
146 | ||
147 | _constellix_rest() { | |
148 | m=$1 | |
149 | ep="$2" | |
150 | data="$3" | |
151 | _debug "$ep" | |
152 | ||
153 | rdate=$(date +"%s")"000" | |
2cc50a2b | 154 | hmac=$(printf "%s" "$rdate" | _hmac sha1 "$(printf "%s" "$CONSTELLIX_Secret" | _hex_dump | tr -d ' ')" | _base64) |
c22705a5 | 155 | |
2cc50a2b | 156 | export _H1="x-cnsdns-apiKey: $CONSTELLIX_Key" |
c22705a5 W |
157 | export _H2="x-cnsdns-requestDate: $rdate" |
158 | export _H3="x-cnsdns-hmac: $hmac" | |
159 | export _H4="Accept: application/json" | |
160 | export _H5="Content-Type: application/json" | |
161 | ||
162 | if [ "$m" != "GET" ]; then | |
163 | _debug data "$data" | |
2cc50a2b | 164 | response="$(_post "$data" "$CONSTELLIX_Api/$ep" "" "$m")" |
c22705a5 | 165 | else |
2cc50a2b | 166 | response="$(_get "$CONSTELLIX_Api/$ep")" |
c22705a5 W |
167 | fi |
168 | ||
169 | if [ "$?" != "0" ]; then | |
170 | _err "Error $ep" | |
171 | return 1 | |
172 | fi | |
173 | ||
174 | _debug response "$response" | |
175 | return 0 | |
176 | } |