X-Git-Url: https://git.proxmox.com/?p=proxmox-acme.git;a=blobdiff_plain;f=src%2FPVE%2FACME%2FDNSChallenge.pm;h=402a501dc2a37fda06a13b89786633e5b60d65fb;hp=534922dc55619dff041b4ec6fcaf19723b78931a;hb=1192b595869adcf12eda5dc0cf7db950625a22b6;hpb=6372e8980129df7f817ba875ed4976090f2a34c5 diff --git a/src/PVE/ACME/DNSChallenge.pm b/src/PVE/ACME/DNSChallenge.pm index 534922d..402a501 100644 --- a/src/PVE/ACME/DNSChallenge.pm +++ b/src/PVE/ACME/DNSChallenge.pm @@ -18,17 +18,102 @@ sub type { return 'dns'; } -# describe the data schema of the supported plugins +# describe the data schema of the supported plugins, e.g.: +# 'dnsprovider' => { +# name => 'Full name of Plugin', +# fields => { +# 'FOO_API_KEY' => { +# description => "The API key", +# default => "none", +# optional => 1, +# type => 'string', +# }, +# # ... +# }, +# }, my $plugins = { 'acmedns' => {}, 'acmeproxy' => {}, - 'active24' => {}, - 'ad' => {}, - 'ali' => {}, + 'active24' => { + name => 'Active24', + fields => { + 'ACTIVE24_Token' => { + description => "The API key", + type => 'string', + }, + }, + }, + 'ad' => { + name => 'Alwaysdata', + fields => { + 'AD_API_KEY' => { + description => "The API key", + type => 'string', + }, + }, + }, + 'ali' => { + name => 'Alibaba Cloud DNS', + fields => { + 'Ali_API' => { + description => 'The API endpoint', + default => "https://alidns.aliyuncs.com/", + type => 'string', + optional => 1, + }, + 'Ali_Key' => { + description => 'The API Key', + type => 'string', + }, + 'Ali_Secret' => { + description => 'The API Secret', + type => 'string', + }, + }, + }, 'autodns' => {}, - 'aws' => {}, + 'aws' => { + name => 'Amazon Route53 (AWS)', + fields => { + 'AWS_ACCESS_KEY_ID' => { + name => 'ACCESS_KEY_ID', + description => 'The AWS access-key ID', + type => 'string', + }, + 'AWS_SECRET_ACCESS_KEY' => { + name => 'SECRET_ACCESS_KEY', + description => 'The AWS access-key secret', + type => 'string', + }, + }, + }, 'azure' => {}, - 'cf' => {}, + 'cf' => { + name => 'Cloudflare Managed DNS', + description => 'Either provide global account key and email, or CF API token and Account ID.', + fields => { + 'CF_Key' => { + description => 'The Cloudflare Global API Key', + type => 'string', + }, + 'CF_Email' => { + description => 'The Cloudflare Account EMail-Address', + type => 'string', + }, + 'CF_Token' => { + description => 'The new Cloudflare API Token', + type => 'string', + }, + 'CF_Account_ID' => { + description => 'The new Cloudflare API Account ID', + type => 'string', + }, + 'CF_Zone_ID' => { + description => 'For Zone restricted API Token', + type => 'string', + }, + }, + }, 'clouddns' => {}, 'cloudns' => {}, 'cn' => {}, @@ -39,7 +124,16 @@ my $plugins = { 'da' => {}, 'ddnss' => {}, 'desec' => {}, - 'dgon' => {}, + 'df' => {}, + 'dgon' => { + name => 'DigitalOcean DNS', + fields => { + 'DO_API_KEY' => { + description => 'The DigitalOcean API Key', + type => 'string', + }, + }, + }, 'dnsimple' => {}, 'do' => {}, 'doapi' => {}, @@ -58,14 +152,38 @@ my $plugins = { 'freedns' => {}, 'gandi_livedns' => {}, 'gcloud' => {}, - 'gd' => {}, + 'gd' => { + name => 'GoDaddy', + fields => { + 'GD_Key' => { + description => 'The GoDaddy API Key', + type => 'string', + }, + 'GD_Secret' => { + description => 'The GoDaddy API Secret', + type => 'string', + }, + }, + }, 'gdnsdk' => {}, 'he' => {}, 'hexonet' => {}, 'hostingde' => {}, 'infoblox' => {}, 'internetbs' => {}, - 'inwx' => {}, + 'inwx' => { + name => 'INWX', + fields => { + 'INWX_User' => { + description => 'The INWX username', + type => 'string', + }, + 'INWX_Password' => { + description => 'The INWX password', + type => 'string', + }, + }, + }, 'ispconfig' => {}, 'jd' => {}, 'kas' => {}, @@ -100,32 +218,45 @@ my $plugins = { 'openprovider' => {}, 'opnsense' => {}, 'ovh' => { - 'OVH_END_POINT' => { - description => "The OVH endpoint", - type => 'string', - }, - 'OVH_AK' => { - description => "The application key.", - type => 'string', - }, - 'OVH_AS' => { - description => "The application secret.", - type => 'string', + name => 'OVH', + fields => { + 'OVH_END_POINT' => { + description => "The OVH endpoint", + default => "ovh-eu", + optional => 1, + type => 'string', + }, + 'OVH_AK' => { + description => "The application key.", + type => 'string', + }, + 'OVH_AS' => { + description => "The application secret.", + type => 'string', + }, + 'OVH_CK' => { + description => "The consumer key.", + optional => 1, + type => 'string', + }, }, }, 'pdns' => { - 'PDNS_Url' => { - description => "The PowerDNS API endpoint.", - type => 'string', - }, - 'PDNS_ServerId'=> { - type => 'string', - }, - 'PDNS_Token'=> { - type => 'string', - }, - 'PDNS_Ttl'=> { - type => 'integer', + name => 'PowerDNS server', + fields => { + 'PDNS_Url' => { + description => "The PowerDNS API endpoint.", + type => 'string', + }, + 'PDNS_ServerId'=> { + type => 'string', + }, + 'PDNS_Token'=> { + type => 'string', + }, + 'PDNS_Ttl'=> { + type => 'integer', + }, }, }, 'pleskxml' => {}, @@ -230,10 +361,7 @@ sub setup { my $domain = $proxmox_acme_command->($self, $acme, $auth, $data, 'setup'); print "Add TXT record: _acme-challenge.$domain\n"; - # FIXME: probe ourself for propagation of TXT record, while not 100% - # failsafe it's good enough of a heuristic to do away with fixed sleep - # intervalls - original acme.sh employs that heuristic too. - my $delay = $data->{'validation-delay'} // 30; + my $delay = $data->{plugin}->{'validation-delay'} // 30; if ($delay > 0) { print "Sleeping $delay seconds to wait for TXT record propagation\n"; sleep($delay); # don't care for EINTR