[mirror_acme.sh.git] / dnsapi / dns_huaweicloud.sh

#!/usr/bin/env sh

# HUAWEICLOUD_Username
# HUAWEICLOUD_Password
# HUAWEICLOUD_ProjectID

iam_api="https://iam.myhuaweicloud.com"
dns_api="https://dns.ap-southeast-1.myhuaweicloud.com"

########  Public functions #####################

# Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record
#
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html
#

dns_huaweicloud_add() {
  fulldomain=$1
  txtvalue=$2

  HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
  HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
  HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}"

  if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ]; then
    _err "Not enough info provided to dns_huaweicloud!"
    return 1
  fi

  token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
  _debug2 "${token}"
  zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
  _debug "${zoneid}"

  _debug "Adding Record"
  _add_record "${token}" "${fulldomain}" "${txtvalue}"
  ret="$?"
  if [ "${ret}" != "0" ]; then
    _err "dns_huaweicloud: Error adding record."
    return 1
  fi

  # Do saving work if all succeeded
  _saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}"
  _saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}"
  _saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}"
  return 0
}

# Usage: fulldomain txtvalue
# Used to remove the txt record after validation
#
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html
#

dns_huaweicloud_rm() {
  fulldomain=$1
  txtvalue=$2

  HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
  HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
  HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}"

  if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ]; then
    _err "Please provide enough information"
    return 1
  fi

  token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
  _debug2 "${token}"
  zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
  _debug "${zoneid}"
  record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
  _debug "Record Set ID is: ${record_id}"

  # Remove all records
  while [ "${record_id}" != "0" ]; do
    _debug "Removing Record"
    _rm_record "${token}" "${zoneid}" "${record_id}"
    record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
  done
  return 0
}

###################  Private functions below ##################################

# _get_zoneid
#
# _token=$1
# _domain_string=$2
#
# printf "%s" "${_zoneid}"
_get_zoneid() {
  _token=$1
  _domain_string=$2
  export _H1="X-Auth-Token: ${_token}"

  i=1
  while true; do
    h=$(printf "%s" "${_domain_string}" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    _debug "$h"
    response=$(_get "${dns_api}/v2/zones?name=${h}")

    if _contains "${response}" "id"; then
      _debug "Get Zone ID Success."
      _zoneid=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")
      printf "%s" "${_zoneid}"
      return 0
    fi

    i=$(_math "$i" + 1)
  done
  return 1
}

_get_recordset_id() {
  _token=$1
  _domain=$2
  _zoneid=$3
  export _H1="X-Auth-Token: ${_token}"

  response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}")
  if _contains "${response}" "id"; then
    _id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")"
    printf "%s" "${_id}"
    return 0
  fi
  printf "%s" "0"
  return 1
}

_add_record() {
  _token=$1
  _domain=$2
  _txtvalue=$3

  # Get Existing Records
  export _H1="X-Auth-Token: ${_token}"
  response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}")

  _debug "${response}"
  _exist_record=$(echo "${response}" | sed ':a;N;$!ba;s/\n/ /g' | grep -o '"records":[^]]*' | sed 's/\"records\"\:\[//g')
  _debug "${_exist_record}"

  # Check if record exist
  # Generate body data
  _post_body="{
    \"name\": \"${_domain}.\",
    \"description\": \"ACME Challenge\",
    \"type\": \"TXT\",
    \"ttl\": 1,
    \"records\": [
        ${_exist_record},
        \"\\\"${_txtvalue}\\\"\"
    ]
  }"
  if [ -z "${_exist_record}" ]; then
    _post_body="{
      \"name\": \"${_domain}.\",
      \"description\": \"ACME Challenge\",
      \"type\": \"TXT\",
      \"ttl\": 1,
      \"records\": [
        \"\\\"${_txtvalue}\\\"\"
      ]
    }"
  fi

  _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
  _debug "Record Set ID is: ${_record_id}"

  # Remove all records
  while [ "${_record_id}" != "0" ]; do
    _debug "Removing Record"
    _rm_record "${_token}" "${zoneid}" "${_record_id}"
    _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
    _debug "${_record_id}"
  done

  # Add brand new records with all old and new records
  export _H2="Content-Type: application/json"
  export _H1="X-Auth-Token: ${_token}"

  _debug "${_post_body}"
  sleep 2
  _post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null
  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  if [ "$_code" != "202" ]; then
    _err "dns_huaweicloud: http code ${_code}"
    sleep 60
    return 1
  fi
  return 0
}

# _rm_record $token $zoneid $recordid
# assume ${dns_api} exist
# no output
# return 0
_rm_record() {
  _token=$1
  _zone_id=$2
  _record_id=$3

  export _H2="Content-Type: application/json"
  export _H1="X-Auth-Token: ${_token}"

  _post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null
  return $?
}

_get_token() {
  _username=$1
  _password=$2
  _project=$3

  _debug "Getting Token"
  body="{
    \"auth\": {
      \"identity\": {
        \"methods\": [
          \"password\"
        ],
        \"password\": {
          \"user\": {
            \"name\": \"${_username}\",
            \"password\": \"${_password}\",
            \"domain\": {
              \"name\": \"${_username}\"
            }
          }
        }
      },
      \"scope\": {
        \"project\": {
          \"id\": \"${_project}\"
        }
      }
    }
  }"
  export _H1="Content-Type: application/json;charset=utf8"
  _post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null
  _code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")
  _token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-)
  _debug2 "${_code}"
  printf "%s" "${_token}"
  return 0
}
Commit	Line	Data
b8e5c0d8 EM	1	#!/usr/bin/env sh
	2
	3	# HUAWEICLOUD_Username
	4	# HUAWEICLOUD_Password
	5	# HUAWEICLOUD_ProjectID
	6
	7	iam_api="https://iam.myhuaweicloud.com"
	8	dns_api="https://dns.ap-southeast-1.myhuaweicloud.com"
	9
	10	######## Public functions #####################
	11
	12	# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
	13	# Used to add txt record
	14	#
	15	# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html
	16	#
	17
	18	dns_huaweicloud_add() {
	19	fulldomain=$1
	20	txtvalue=$2
	21
	22	HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
	23	HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
	24	HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}"
	25
f6f6550b EM	26	if [ -z "${HUAWEICLOUD_Username}" ] \|\| [ -z "${HUAWEICLOUD_Username}" ] \|\| [ -z "${HUAWEICLOUD_Username}" ]; then
	27	_err "Not enough info provided to dns_huaweicloud!"
	28	return 1
	29	fi
	30
b8e5c0d8 EM	31	token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
	32	_debug2 "${token}"
	33	zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
	34	_debug "${zoneid}"
	35
	36	_debug "Adding Record"
	37	_add_record "${token}" "${fulldomain}" "${txtvalue}"
	38	ret="$?"
	39	if [ "${ret}" != "0" ]; then
	40	_err "dns_huaweicloud: Error adding record."
	41	return 1
	42	fi
	43
	44	# Do saving work if all succeeded
	45	_saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}"
	46	_saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}"
	47	_saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}"
	48	return 0
	49	}
	50
	51	# Usage: fulldomain txtvalue
	52	# Used to remove the txt record after validation
	53	#
	54	# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html
	55	#
	56
	57	dns_huaweicloud_rm() {
	58	fulldomain=$1
	59	txtvalue=$2
	60
	61	HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
	62	HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
	63	HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}"
	64
e01fb503 EM	65	if [ -z "${HUAWEICLOUD_Username}" ] \|\| [ -z "${HUAWEICLOUD_Username}" ] \|\| [ -z "${HUAWEICLOUD_Username}" ]; then
	66	_err "Please provide enough information"
	67	return 1
	68	fi
	69
b8e5c0d8 EM	70	token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
	71	_debug2 "${token}"
	72	zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
	73	_debug "${zoneid}"
	74	record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
	75	_debug "Record Set ID is: ${record_id}"
7db592d2 EM	76
7db592d2 EM	77	# Remove all records
b8e5c0d8	78	while [ "${record_id}" != "0" ]; do
28ce1c12	79	_debug "Removing Record"
b8e5c0d8 EM	80	_rm_record "${token}" "${zoneid}" "${record_id}"
	81	record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
	82	done
	83	return 0
	84	}
	85
	86	################### Private functions below ##################################
	87
	88	# _get_zoneid
	89	#
	90	# _token=$1
	91	# _domain_string=$2
	92	#
	93	# printf "%s" "${_zoneid}"
	94	_get_zoneid() {
	95	_token=$1
	96	_domain_string=$2
	97	export _H1="X-Auth-Token: ${_token}"
	98
	99	i=1
	100	while true; do
	101	h=$(printf "%s" "${_domain_string}" \| cut -d . -f $i-100)
	102	if [ -z "$h" ]; then
	103	#not valid
	104	return 1
	105	fi
	106	_debug "$h"
	107	response=$(_get "${dns_api}/v2/zones?name=${h}")
	108
	109	if _contains "${response}" "id"; then
	110	_debug "Get Zone ID Success."
	111	_zoneid=$(echo "${response}" \| _egrep_o "\"id\": \"[^\"]\"" \| cut -d : -f 2 \| tr -d \" \| tr -d " ")
	112	printf "%s" "${_zoneid}"
	113	return 0
	114	fi
	115
	116	i=$(_math "$i" + 1)
	117	done
	118	return 1
	119	}
	120
	121	_get_recordset_id() {
	122	_token=$1
	123	_domain=$2
	124	_zoneid=$3
	125	export _H1="X-Auth-Token: ${_token}"
	126
	127	response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}")
	128	if _contains "${response}" "id"; then
	129	_id="$(echo "${response}" \| _egrep_o "\"id\": \"[^\"]\"" \| cut -d : -f 2 \| tr -d \" \| tr -d " ")"
	130	printf "%s" "${_id}"
	131	return 0
	132	fi
	133	printf "%s" "0"
	134	return 1
	135	}
	136
	137	_add_record() {
	138	_token=$1
	139	_domain=$2
	140	_txtvalue=$3
f6f6550b EM	141
	142	# Get Existing Records
	143	export _H1="X-Auth-Token: ${_token}"
5d0657c4 EM	144	response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}")
	145
	146	_debug "${response}"
	147	_exist_record=$(echo "${response}" \| sed ':a;N;$!ba;s/\n/ /g' \| grep -o '"records":[^]]*' \| sed 's/\"records\"\:\[//g')
f6f6550b EM	148	_debug "${_exist_record}"
	149
	150	# Check if record exist
	151	# Generate body data
5d0657c4	152	_post_body="{
b8e5c0d8 EM	153	\"name\": \"${_domain}.\",
	154	\"description\": \"ACME Challenge\",
	155	\"type\": \"TXT\",
	156	\"ttl\": 1,
	157	\"records\": [
f6f6550b	158	${_exist_record},
b8e5c0d8 EM	159	\"\\\"${_txtvalue}\\\"\"
	160	]
	161	}"
f6f6550b	162	if [ -z "${_exist_record}" ]; then
5d0657c4	163	_post_body="{
f6f6550b EM	164	\"name\": \"${_domain}.\",
	165	\"description\": \"ACME Challenge\",
	166	\"type\": \"TXT\",
	167	\"ttl\": 1,
	168	\"records\": [
	169	\"\\\"${_txtvalue}\\\"\"
	170	]
	171	}"
	172	fi
5d0657c4 EM	173
	174	_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
	175	_debug "Record Set ID is: ${_record_id}"
	176
	177	# Remove all records
	178	while [ "${_record_id}" != "0" ]; do
	179	_debug "Removing Record"
	180	_rm_record "${_token}" "${zoneid}" "${_record_id}"
	181	_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
	182	_debug "${_record_id}"
	183	done
	184
	185	# Add brand new records with all old and new records
b8e5c0d8 EM	186	export _H2="Content-Type: application/json"
	187	export _H1="X-Auth-Token: ${_token}"
	188
5d0657c4 EM	189	_debug "${_post_body}"
	190	sleep 2
	191	_post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null
b8e5c0d8 EM	192	_code="$(grep "^HTTP" "$HTTP_HEADER" \| _tail_n 1 \| cut -d " " -f 2 \| tr -d "\\r\\n")"
	193	if [ "$_code" != "202" ]; then
	194	_err "dns_huaweicloud: http code ${_code}"
5d0657c4	195	sleep 60
b8e5c0d8 EM	196	return 1
	197	fi
	198	return 0
	199	}
	200
5d0657c4 EM	201	# _rm_record $token $zoneid $recordid
	202	# assume ${dns_api} exist
	203	# no output
	204	# return 0
b8e5c0d8 EM	205	_rm_record() {
	206	_token=$1
	207	_zone_id=$2
	208	_record_id=$3
	209
	210	export _H2="Content-Type: application/json"
	211	export _H1="X-Auth-Token: ${_token}"
	212
5d0657c4 EM	213	_post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null
5d0657c4 EM	214	return $?
b8e5c0d8 EM	215	}
	216
	217	_get_token() {
	218	_username=$1
	219	_password=$2
	220	_project=$3
	221
	222	_debug "Getting Token"
	223	body="{
	224	\"auth\": {
	225	\"identity\": {
	226	\"methods\": [
	227	\"password\"
	228	],
	229	\"password\": {
	230	\"user\": {
	231	\"name\": \"${_username}\",
	232	\"password\": \"${_password}\",
	233	\"domain\": {
	234	\"name\": \"${_username}\"
	235	}
	236	}
	237	}
	238	},
	239	\"scope\": {
	240	\"project\": {
	241	\"id\": \"${_project}\"
	242	}
	243	}
	244	}
	245	}"
	246	export _H1="Content-Type: application/json;charset=utf8"
	247	_post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null
	248	_code=$(grep "^HTTP" "$HTTP_HEADER" \| _tail_n 1 \| cut -d " " -f 2 \| tr -d "\\r\\n")
	249	_token=$(grep "^X-Subject-Token" "$HTTP_HEADER" \| cut -d " " -f 2-)
	250	_debug2 "${_code}"
	251	printf "%s" "${_token}"
	252	return 0
	253	}