[mirror_acme.sh.git] / dnsapi / dns_googledomains.sh

#!/usr/bin/env sh

# Author: Alex Leigh <leigh at alexleigh dot me>
# Created: 2023-03-02

#GOOGLEDOMAINS_ACCESS_TOKEN="xxxx"
#GOOGLEDOMAINS_ZONE="xxxx"
GOOGLEDOMAINS_API="https://acmedns.googleapis.com/v1/acmeChallengeSets"

######## Public functions ########

#Usage: dns_googledomains_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_googledomains_add() {
  fulldomain=$1
  txtvalue=$2

  _info "Invoking Google Domains ACME DNS API."

  if ! _dns_googledomains_setup; then
    return 1
  fi

  zone="$(_dns_googledomains_get_zone "$fulldomain")"
  if [ -z "$zone" ]; then
    _err "Could not find a Google Domains-managed zone containing the requested domain."
    return 1
  fi

  _debug zone "$zone"
  _debug txtvalue "$txtvalue"

  _info "Adding TXT record for $fulldomain."
  if _dns_googledomains_api "$zone" ":rotateChallenges" "{\"accessToken\":\"$GOOGLEDOMAINS_ACCESS_TOKEN\",\"recordsToAdd\":[{\"fqdn\":\"$fulldomain\",\"digest\":\"$txtvalue\"}],\"keepExpiredRecords\":true}"; then
    if _contains "$response" "$txtvalue"; then
      _info "TXT record added."
      return 0
    else
      _err "Error adding TXT record."
      return 1
    fi
  fi

  _err "Error adding TXT record."
  return 1
}

#Usage: dns_googledomains_rm   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_googledomains_rm() {
  fulldomain=$1
  txtvalue=$2

  _info "Invoking Google Domains ACME DNS API."

  if ! _dns_googledomains_setup; then
    return 1
  fi

  zone="$(_dns_googledomains_get_zone "$fulldomain")"
  if [ -z "$zone" ]; then
    _err "Could not find a Google Domains-managed domain based on request."
    return 1
  fi

  _debug zone "$zone"
  _debug txtvalue "$txtvalue"

  _info "Removing TXT record for $fulldomain."
  if _dns_googledomains_api "$zone" ":rotateChallenges" "{\"accessToken\":\"$GOOGLEDOMAINS_ACCESS_TOKEN\",\"recordsToRemove\":[{\"fqdn\":\"$fulldomain\",\"digest\":\"$txtvalue\"}],\"keepExpiredRecords\":true}"; then
    if _contains "$response" "$txtvalue"; then
      _err "Error removing TXT record."
      return 1
    else
      _info "TXT record removed."
      return 0
    fi
  fi

  _err "Error removing TXT record."
  return 1
}

######## Private functions ########

_dns_googledomains_setup() {
  if [ -n "$GOOGLEDOMAINS_SETUP_COMPLETED" ]; then
    return 0
  fi

  GOOGLEDOMAINS_ACCESS_TOKEN="${GOOGLEDOMAINS_ACCESS_TOKEN:-$(_readaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN)}"
  GOOGLEDOMAINS_ZONE="${GOOGLEDOMAINS_ZONE:-$(_readaccountconf_mutable GOOGLEDOMAINS_ZONE)}"

  if [ -z "$GOOGLEDOMAINS_ACCESS_TOKEN" ]; then
    GOOGLEDOMAINS_ACCESS_TOKEN=""
    _err "Google Domains access token was not specified."
    _err "Please visit Google Domains Security settings to provision an ACME DNS API access token."
    return 1
  fi

  if [ "$GOOGLEDOMAINS_ZONE" ]; then
    _savedomainconf GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN"
    _savedomainconf GOOGLEDOMAINS_ZONE "$GOOGLEDOMAINS_ZONE"
  else
    _saveaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN"
    _clearaccountconf_mutable GOOGLEDOMAINS_ZONE
    _clearaccountconf GOOGLEDOMAINS_ZONE
  fi

  _debug GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN"
  _debug GOOGLEDOMAINS_ZONE "$GOOGLEDOMAINS_ZONE"

  GOOGLEDOMAINS_SETUP_COMPLETED=1
  return 0
}

_dns_googledomains_get_zone() {
  domain=$1

  # Use zone directly if provided
  if [ "$GOOGLEDOMAINS_ZONE" ]; then
    if ! _dns_googledomains_api "$GOOGLEDOMAINS_ZONE"; then
      return 1
    fi

    echo "$GOOGLEDOMAINS_ZONE"
    return 0
  fi

  i=2
  while true; do
    curr=$(printf "%s" "$domain" | cut -d . -f $i-100)
    _debug curr "$curr"

    if [ -z "$curr" ]; then
      return 1
    fi

    if _dns_googledomains_api "$curr"; then
      echo "$curr"
      return 0
    fi

    i=$(_math "$i" + 1)
  done

  return 1
}

_dns_googledomains_api() {
  zone=$1
  apimethod=$2
  data="$3"

  if [ -z "$data" ]; then
    response="$(_get "$GOOGLEDOMAINS_API/$zone$apimethod")"
  else
    _debug data "$data"
    export _H1="Content-Type: application/json"
    response="$(_post "$data" "$GOOGLEDOMAINS_API/$zone$apimethod")"
  fi

  _debug response "$response"

  if [ "$?" != "0" ]; then
    _err "Error"
    return 1
  fi

  if _contains "$response" "\"error\": {"; then
    return 1
  fi

  return 0
}
Commit	Line	Data
2d8c0c01 AL	1	#!/usr/bin/env sh
	2
	3	# Author: Alex Leigh <leigh at alexleigh dot me>
	4	# Created: 2023-03-02
	5
	6	#GOOGLEDOMAINS_ACCESS_TOKEN="xxxx"
	7	#GOOGLEDOMAINS_ZONE="xxxx"
	8	GOOGLEDOMAINS_API="https://acmedns.googleapis.com/v1/acmeChallengeSets"
	9
	10	######## Public functions ########
	11
	12	#Usage: dns_googledomains_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
	13	dns_googledomains_add() {
	14	fulldomain=$1
	15	txtvalue=$2
	16
	17	_info "Invoking Google Domains ACME DNS API."
	18
	19	if ! _dns_googledomains_setup; then
	20	return 1
	21	fi
	22
	23	zone="$(_dns_googledomains_get_zone "$fulldomain")"
	24	if [ -z "$zone" ]; then
	25	_err "Could not find a Google Domains-managed zone containing the requested domain."
	26	return 1
	27	fi
	28
	29	_debug zone "$zone"
	30	_debug txtvalue "$txtvalue"
	31
	32	_info "Adding TXT record for $fulldomain."
	33	if _dns_googledomains_api "$zone" ":rotateChallenges" "{\"accessToken\":\"$GOOGLEDOMAINS_ACCESS_TOKEN\",\"recordsToAdd\":[{\"fqdn\":\"$fulldomain\",\"digest\":\"$txtvalue\"}],\"keepExpiredRecords\":true}"; then
	34	if _contains "$response" "$txtvalue"; then
	35	_info "TXT record added."
	36	return 0
	37	else
	38	_err "Error adding TXT record."
	39	return 1
	40	fi
	41	fi
	42
	43	_err "Error adding TXT record."
	44	return 1
	45	}
	46
	47	#Usage: dns_googledomains_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
	48	dns_googledomains_rm() {
	49	fulldomain=$1
	50	txtvalue=$2
	51
	52	_info "Invoking Google Domains ACME DNS API."
	53
	54	if ! _dns_googledomains_setup; then
	55	return 1
	56	fi
	57
	58	zone="$(_dns_googledomains_get_zone "$fulldomain")"
	59	if [ -z "$zone" ]; then
	60	_err "Could not find a Google Domains-managed domain based on request."
	61	return 1
	62	fi
	63
	64	_debug zone "$zone"
65	_debug txtvalue "$txtvalue"
66
67	_info "Removing TXT record for $fulldomain."
68	if _dns_googledomains_api "$zone" ":rotateChallenges" "{\"accessToken\":\"$GOOGLEDOMAINS_ACCESS_TOKEN\",\"recordsToRemove\":[{\"fqdn\":\"$fulldomain\",\"digest\":\"$txtvalue\"}],\"keepExpiredRecords\":true}"; then
69	if _contains "$response" "$txtvalue"; then
70	_err "Error removing TXT record."
71	return 1
72	else
73	_info "TXT record removed."
74	return 0
75	fi
76	fi
77
78	_err "Error removing TXT record."
79	return 1
80	}
81
82	######## Private functions ########
83
84	_dns_googledomains_setup() {
85	if [ -n "$GOOGLEDOMAINS_SETUP_COMPLETED" ]; then
86	return 0
87	fi
88
89	GOOGLEDOMAINS_ACCESS_TOKEN="${GOOGLEDOMAINS_ACCESS_TOKEN:-$(_readaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN)}"
90	GOOGLEDOMAINS_ZONE="${GOOGLEDOMAINS_ZONE:-$(_readaccountconf_mutable GOOGLEDOMAINS_ZONE)}"
91
92	if [ -z "$GOOGLEDOMAINS_ACCESS_TOKEN" ]; then
93	GOOGLEDOMAINS_ACCESS_TOKEN=""
94	_err "Google Domains access token was not specified."
95	_err "Please visit Google Domains Security settings to provision an ACME DNS API access token."
96	return 1
97	fi
98
99	if [ "$GOOGLEDOMAINS_ZONE" ]; then
100	_savedomainconf GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN"
101	_savedomainconf GOOGLEDOMAINS_ZONE "$GOOGLEDOMAINS_ZONE"
102	else
103	_saveaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN"
104	_clearaccountconf_mutable GOOGLEDOMAINS_ZONE
105	_clearaccountconf GOOGLEDOMAINS_ZONE
106	fi
107
108	_debug GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN"
109	_debug GOOGLEDOMAINS_ZONE "$GOOGLEDOMAINS_ZONE"
110
111	GOOGLEDOMAINS_SETUP_COMPLETED=1
112	return 0
113	}
114
115	_dns_googledomains_get_zone() {
116	domain=$1
117
118	# Use zone directly if provided
119	if [ "$GOOGLEDOMAINS_ZONE" ]; then
120	if ! _dns_googledomains_api "$GOOGLEDOMAINS_ZONE"; then
121	return 1
122	fi
123
124	echo "$GOOGLEDOMAINS_ZONE"
125	return 0
126	fi
127
128	i=2
129	while true; do
130	curr=$(printf "%s" "$domain" \| cut -d . -f $i-100)
131	_debug curr "$curr"
132
133	if [ -z "$curr" ]; then
134	return 1
135	fi
136
137	if _dns_googledomains_api "$curr"; then
138	echo "$curr"
139	return 0
140	fi
141
142	i=$(_math "$i" + 1)
143	done
144
145	return 1
146	}
147
148	_dns_googledomains_api() {
149	zone=$1
150	apimethod=$2
151	data="$3"
152
153	if [ -z "$data" ]; then
154	response="$(_get "$GOOGLEDOMAINS_API/$zone$apimethod")"
155	else
156	_debug data "$data"
157	export _H1="Content-Type: application/json"
158	response="$(_post "$data" "$GOOGLEDOMAINS_API/$zone$apimethod")"
159	fi
160
161	_debug response "$response"
162
163	if [ "$?" != "0" ]; then
164	_err "Error"
165	return 1
166	fi
167
168	if _contains "$response" "\"error\": {"; then
169	return 1
170	fi
171
172	return 0
173	}