[mirror_acme.sh.git] / dnsapi / dns_constellix.sh

#!/usr/bin/env sh

# Author: Wout Decre <wout@canodus.be>

CONSTELLIX_Api="https://api.dns.constellix.com/v1"
#CONSTELLIX_Key="XXX"
#CONSTELLIX_Secret="XXX"

########  Public functions #####################

# Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record
dns_constellix_add() {
  fulldomain=$1
  txtvalue=$2

  CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}"
  CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}"

  if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then
    _err "You did not specify the Contellix API key and secret yet."
    return 1
  fi

  _saveaccountconf_mutable CONSTELLIX_Key "$CONSTELLIX_Key"
  _saveaccountconf_mutable CONSTELLIX_Secret "$CONSTELLIX_Secret"

  if ! _get_root "$fulldomain"; then
    _err "Invalid domain"
    return 1
  fi

  # The TXT record might already exist when working with wildcard certificates. In that case, update the record by adding the new value.
  _debug "Search TXT record"
  if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then
    if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then
      _info "Adding TXT record"
      if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":60,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then
        if printf -- "%s" "$response" | grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then
          _info "Added"
          return 0
        else
          _err "Error adding TXT record"
        fi
      fi
    else
      _record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2)
      if _constellix_rest GET "domains/${_domain_id}/records/TXT/${_record_id}"; then
        _new_rr_values=$(printf "%s\n" "$response" | _egrep_o '"roundRobin":\[[^]]*\]' | sed "s/\]$/,{\"value\":\"${txtvalue}\"}]/")
        _debug _new_rr_values "$_new_rr_values"
        _info "Updating TXT record"
        if _constellix_rest PUT "domains/${_domain_id}/records/TXT/${_record_id}" "{\"name\":\"${_sub_domain}\",\"ttl\":60,${_new_rr_values}}"; then
          if printf -- "%s" "$response" | grep "{\"success\":\"Record.*updated successfully\"}" >/dev/null; then
            _info "Updated"
            return 0
          elif printf -- "%s" "$response" | grep "{\"errors\":\[\"Contents are identical\"\]}" >/dev/null; then
            _info "Already exists, no need to update"
            return 0
          else
            _err "Error updating TXT record"
          fi
        fi
      fi
    fi
  fi

  return 1
}

# Usage: fulldomain txtvalue
# Used to remove the txt record after validation
dns_constellix_rm() {
  fulldomain=$1
  txtvalue=$2

  CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}"
  CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}"

  if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then
    _err "You did not specify the Contellix API key and secret yet."
    return 1
  fi

  if ! _get_root "$fulldomain"; then
    _err "Invalid domain"
    return 1
  fi

  # The TXT record might have been removed already when working with some wildcard certificates.
  _debug "Search TXT record"
  if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then
    if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then
      _info "Removed"
      return 0
    else
      _info "Removing TXT record"
      if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"delete\":true,\"filter\":{\"field\":\"name\",\"op\":\"eq\",\"value\":\"${_sub_domain}\"}}]"; then
        if printf -- "%s" "$response" | grep "{\"success\":\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\"}" >/dev/null; then
          _info "Removed"
          return 0
        else
          _err "Error removing TXT record"
        fi
      fi
    fi
  fi

  return 1
}

####################  Private functions below ##################################

_get_root() {
  domain=$1
  i=2
  p=1
  _debug "Detecting root zone"
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      return 1
    fi

    if ! _constellix_rest GET "domains/search?exact=$h"; then
      return 1
    fi

    if _contains "$response" "\"name\":\"$h\""; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2)
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p)
        _domain="$h"

        _debug _domain_id "$_domain_id"
        _debug _sub_domain "$_sub_domain"
        _debug _domain "$_domain"
        return 0
      fi
      return 1
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
}

_constellix_rest() {
  m=$1
  ep="$2"
  data="$3"
  _debug "$ep"

  rdate=$(date +"%s")"000"
  hmac=$(printf "%s" "$rdate" | _hmac sha1 "$(printf "%s" "$CONSTELLIX_Secret" | _hex_dump | tr -d ' ')" | _base64)

  export _H1="x-cnsdns-apiKey: $CONSTELLIX_Key"
  export _H2="x-cnsdns-requestDate: $rdate"
  export _H3="x-cnsdns-hmac: $hmac"
  export _H4="Accept: application/json"
  export _H5="Content-Type: application/json"

  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "$CONSTELLIX_Api/$ep" "" "$m")"
  else
    response="$(_get "$CONSTELLIX_Api/$ep")"
  fi

  if [ "$?" != "0" ]; then
    _err "Error $ep"
    return 1
  fi

  _debug response "$response"
  return 0
}
Commit	Line	Data
c22705a5 W	1	#!/usr/bin/env sh
c22705a5 W	2
e8e6feeb	3	# Author: Wout Decre <wout@canodus.be>
c22705a5	4
2cc50a2b W	5	CONSTELLIX_Api="https://api.dns.constellix.com/v1"
	6	#CONSTELLIX_Key="XXX"
	7	#CONSTELLIX_Secret="XXX"
c22705a5 W	8
	9	######## Public functions #####################
	10
2cc50a2b W	11	# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
2cc50a2b W	12	# Used to add txt record
c22705a5 W	13	dns_constellix_add() {
	14	fulldomain=$1
	15	txtvalue=$2
	16
2cc50a2b W	17	CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}"
2cc50a2b W	18	CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}"
c22705a5	19
2cc50a2b	20	if [ -z "$CONSTELLIX_Key" ] \|\| [ -z "$CONSTELLIX_Secret" ]; then
c22705a5 W	21	_err "You did not specify the Contellix API key and secret yet."
	22	return 1
	23	fi
	24
2cc50a2b W	25	_saveaccountconf_mutable CONSTELLIX_Key "$CONSTELLIX_Key"
2cc50a2b W	26	_saveaccountconf_mutable CONSTELLIX_Secret "$CONSTELLIX_Secret"
c22705a5 W	27
	28	if ! _get_root "$fulldomain"; then
	29	_err "Invalid domain"
	30	return 1
	31	fi
	32
928aa74e	33	# The TXT record might already exist when working with wildcard certificates. In that case, update the record by adding the new value.
8fdfe673	34	_debug "Search TXT record"
89bb7e6b	35	if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then
	36	if printf -- "%s" "$response" \| grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then
	37	_info "Adding TXT record"
	38	if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":60,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then
	39	if printf -- "%s" "$response" \| grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then
	40	_info "Added"
494a6e60	41	return 0
89bb7e6b	42	else
	43	_err "Error adding TXT record"
	44	fi
	45	fi
c22705a5	46	else
8adb8a69	47	_record_id=$(printf "%s\n" "$response" \| _egrep_o "\"id\":[0-9]*" \| cut -d ':' -f 2)
89bb7e6b	48	if _constellix_rest GET "domains/${_domain_id}/records/TXT/${_record_id}"; then
3bfcd18a	49	_new_rr_values=$(printf "%s\n" "$response" \| _egrep_o '"roundRobin":\[[^]]*\]' \| sed "s/\]$/,{\"value\":\"${txtvalue}\"}]/")
494a6e60	50	_debug _new_rr_values "$_new_rr_values"
89bb7e6b	51	_info "Updating TXT record"
	52	if _constellix_rest PUT "domains/${_domain_id}/records/TXT/${_record_id}" "{\"name\":\"${_sub_domain}\",\"ttl\":60,${_new_rr_values}}"; then
	53	if printf -- "%s" "$response" \| grep "{\"success\":\"Record.*updated successfully\"}" >/dev/null; then
	54	_info "Updated"
	55	return 0
6b7db229	56	elif printf -- "%s" "$response" \| grep "{\"errors\":\[\"Contents are identical\"\]}" >/dev/null; then
	57	_info "Already exists, no need to update"
	58	return 0
89bb7e6b	59	else
	60	_err "Error updating TXT record"
	61	fi
	62	fi
	63	fi
c22705a5 W	64	fi
c22705a5 W	65	fi
89bb7e6b	66
89bb7e6b	67	return 1
c22705a5 W	68	}
c22705a5 W	69
2cc50a2b W	70	# Usage: fulldomain txtvalue
2cc50a2b W	71	# Used to remove the txt record after validation
c22705a5 W	72	dns_constellix_rm() {
	73	fulldomain=$1
	74	txtvalue=$2
	75
2cc50a2b W	76	CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}"
2cc50a2b W	77	CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}"
c22705a5	78
2cc50a2b	79	if [ -z "$CONSTELLIX_Key" ] \|\| [ -z "$CONSTELLIX_Secret" ]; then
c22705a5 W	80	_err "You did not specify the Contellix API key and secret yet."
	81	return 1
	82	fi
	83
	84	if ! _get_root "$fulldomain"; then
	85	_err "Invalid domain"
	86	return 1
	87	fi
	88
8fdfe673	89	# The TXT record might have been removed already when working with some wildcard certificates.
	90	_debug "Search TXT record"
	91	if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then
	92	if printf -- "%s" "$response" \| grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then
c22705a5 W	93	_info "Removed"
	94	return 0
	95	else
8fdfe673	96	_info "Removing TXT record"
	97	if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"delete\":true,\"filter\":{\"field\":\"name\",\"op\":\"eq\",\"value\":\"${_sub_domain}\"}}]"; then
	98	if printf -- "%s" "$response" \| grep "{\"success\":\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\"}" >/dev/null; then
	99	_info "Removed"
	100	return 0
	101	else
	102	_err "Error removing TXT record"
	103	fi
	104	fi
c22705a5 W	105	fi
c22705a5 W	106	fi
89bb7e6b	107
89bb7e6b	108	return 1
c22705a5 W	109	}
	110
	111	#################### Private functions below ##################################
	112
	113	_get_root() {
	114	domain=$1
	115	i=2
	116	p=1
	117	_debug "Detecting root zone"
	118	while true; do
	119	h=$(printf "%s" "$domain" \| cut -d . -f $i-100)
	120	if [ -z "$h" ]; then
	121	return 1
	122	fi
	123
e158b5cc	124	if ! _constellix_rest GET "domains/search?exact=$h"; then
c22705a5 W	125	return 1
	126	fi
	127
	128	if _contains "$response" "\"name\":\"$h\""; then
8adb8a69	129	_domain_id=$(printf "%s\n" "$response" \| _egrep_o "\"id\":[0-9]*" \| cut -d ':' -f 2)
c22705a5 W	130	if [ "$_domain_id" ]; then
	131	_sub_domain=$(printf "%s" "$domain" \| cut -d '.' -f 1-$p)
	132	_domain="$h"
	133
	134	_debug _domain_id "$_domain_id"
	135	_debug _sub_domain "$_sub_domain"
	136	_debug _domain "$_domain"
	137	return 0
	138	fi
	139	return 1
	140	fi
	141	p=$i
	142	i=$(_math "$i" + 1)
	143	done
	144	return 1
	145	}
	146
	147	_constellix_rest() {
	148	m=$1
	149	ep="$2"
	150	data="$3"
	151	_debug "$ep"
	152
	153	rdate=$(date +"%s")"000"
2cc50a2b	154	hmac=$(printf "%s" "$rdate" \| _hmac sha1 "$(printf "%s" "$CONSTELLIX_Secret" \| _hex_dump \| tr -d ' ')" \| _base64)
c22705a5	155
2cc50a2b	156	export _H1="x-cnsdns-apiKey: $CONSTELLIX_Key"
c22705a5 W	157	export _H2="x-cnsdns-requestDate: $rdate"
	158	export _H3="x-cnsdns-hmac: $hmac"
	159	export _H4="Accept: application/json"
	160	export _H5="Content-Type: application/json"
	161
	162	if [ "$m" != "GET" ]; then
	163	_debug data "$data"
2cc50a2b	164	response="$(_post "$data" "$CONSTELLIX_Api/$ep" "" "$m")"
c22705a5	165	else
2cc50a2b	166	response="$(_get "$CONSTELLIX_Api/$ep")"
c22705a5 W	167	fi
	168
	169	if [ "$?" != "0" ]; then
	170	_err "Error $ep"
	171	return 1
	172	fi
	173
	174	_debug response "$response"
	175	return 0
	176	}