acme.sh/dnsapi/dns_huaweicloud.sh

294 lines
8.4 KiB
Bash
Raw Normal View History

2020-11-22 15:34:21 +01:00
#!/usr/bin/env sh
# HUAWEICLOUD_Username
# HUAWEICLOUD_Password
# HUAWEICLOUD_DomainName
2020-11-22 15:34:21 +01:00
iam_api="https://iam.myhuaweicloud.com"
2021-02-15 08:18:49 +01:00
dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work
2020-11-22 15:34:21 +01:00
######## Public functions #####################
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record
#
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html
#
# About "DomainName" parameters see: https://support.huaweicloud.com/api-iam/iam_01_0006.html
#
2020-11-22 15:34:21 +01:00
dns_huaweicloud_add() {
fulldomain=$1
txtvalue=$2
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
2020-11-22 15:34:21 +01:00
# Check information
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then
_err "Not enough information provided to dns_huaweicloud!"
return 1
fi
2021-02-15 08:18:49 +01:00
unset token # Clear token
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")"
2021-02-15 08:18:49 +01:00
if [ -z "${token}" ]; then # Check token
_err "dns_api(dns_huaweicloud): Error getting token."
return 1
fi
_secure_debug "Access token is:" "${token}"
2021-02-15 08:18:49 +01:00
unset zoneid
2020-11-22 15:34:21 +01:00
zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
2021-02-15 08:18:49 +01:00
if [ -z "${zoneid}" ]; then
_err "dns_api(dns_huaweicloud): Error getting zone id."
return 1
fi
_debug "Zone ID is:" "${zoneid}"
2020-11-22 15:34:21 +01:00
_debug "Adding Record"
_add_record "${token}" "${fulldomain}" "${txtvalue}"
ret="$?"
if [ "${ret}" != "0" ]; then
2021-02-15 08:18:49 +01:00
_err "dns_api(dns_huaweicloud): Error adding record."
2020-11-22 15:34:21 +01:00
return 1
fi
# Do saving work if all succeeded
_saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}"
_saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}"
_saveaccountconf_mutable HUAWEICLOUD_DomainName "${HUAWEICLOUD_DomainName}"
2020-11-22 15:34:21 +01:00
return 0
}
# Usage: fulldomain txtvalue
# Used to remove the txt record after validation
#
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html
#
dns_huaweicloud_rm() {
fulldomain=$1
txtvalue=$2
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
2020-11-22 15:34:21 +01:00
# Check information
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then
_err "Not enough information provided to dns_huaweicloud!"
2020-11-22 17:32:50 +01:00
return 1
fi
2021-02-15 08:18:49 +01:00
unset token # Clear token
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")"
2021-02-15 08:18:49 +01:00
if [ -z "${token}" ]; then # Check token
_err "dns_api(dns_huaweicloud): Error getting token."
return 1
fi
_secure_debug "Access token is:" "${token}"
2021-02-15 08:18:49 +01:00
unset zoneid
2020-11-22 15:34:21 +01:00
zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
2021-02-15 08:18:49 +01:00
if [ -z "${zoneid}" ]; then
_err "dns_api(dns_huaweicloud): Error getting zone id."
return 1
fi
_debug "Zone ID is:" "${zoneid}"
2020-11-22 15:56:47 +01:00
# Remove all records
# Therotically HuaweiCloud does not allow more than one record set
# But remove them recurringly to increase robusty
2020-11-22 15:34:21 +01:00
while [ "${record_id}" != "0" ]; do
2020-11-22 17:20:38 +01:00
_debug "Removing Record"
2020-11-22 15:34:21 +01:00
_rm_record "${token}" "${zoneid}" "${record_id}"
record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
done
return 0
}
################### Private functions below ##################################
# _get_zoneid
#
# _token=$1
# _domain_string=$2
#
# printf "%s" "${_zoneid}"
_get_zoneid() {
_token=$1
_domain_string=$2
export _H1="X-Auth-Token: ${_token}"
i=1
while true; do
h=$(printf "%s" "${_domain_string}" | cut -d . -f $i-100)
if [ -z "$h" ]; then
#not valid
return 1
fi
_debug "$h"
response=$(_get "${dns_api}/v2/zones?name=${h}")
_debug2 "$response"
if _contains "${response}" '"id"'; then
zoneidlist=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")
zonenamelist=$(echo "${response}" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")
_debug2 "Return Zone ID(s):" "${zoneidlist}"
_debug2 "Return Zone Name(s):" "${zonenamelist}"
zoneidnum=0
zoneidcount=$(echo "${zoneidlist}" | grep -c '^')
_debug "Retund Zone ID(s) Count:" "${zoneidcount}"
while [ "${zoneidnum}" -lt "${zoneidcount}" ]; do
zoneidnum=$(_math "$zoneidnum" + 1)
_zoneid=$(echo "${zoneidlist}" | sed -n "${zoneidnum}p")
zonename=$(echo "${zonenamelist}" | sed -n "${zoneidnum}p")
_debug "Check Zone Name" "${zonename}"
if [ "${zonename}" = "${h}." ]; then
_debug "Get Zone ID Success."
_debug "ZoneID:" "${_zoneid}"
printf "%s" "${_zoneid}"
return 0
fi
done
2020-11-22 15:34:21 +01:00
fi
i=$(_math "$i" + 1)
done
return 1
}
_get_recordset_id() {
_token=$1
_domain=$2
_zoneid=$3
export _H1="X-Auth-Token: ${_token}"
response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}")
if _contains "${response}" '"id"'; then
2020-11-22 15:34:21 +01:00
_id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")"
printf "%s" "${_id}"
return 0
fi
printf "%s" "0"
return 1
}
_add_record() {
_token=$1
_domain=$2
_txtvalue=$3
# Get Existing Records
export _H1="X-Auth-Token: ${_token}"
2020-11-23 07:57:33 +01:00
response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}")
_debug2 "${response}"
2020-11-24 05:58:16 +01:00
_exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g')
_debug "${_exist_record}"
# Check if record exist
# Generate body data
if [ -z "${_exist_record}" ]; then
2020-11-23 07:57:33 +01:00
_post_body="{
\"name\": \"${_domain}.\",
\"description\": \"ACME Challenge\",
\"type\": \"TXT\",
\"ttl\": 1,
\"records\": [
\"\\\"${_txtvalue}\\\"\"
]
}"
else
_post_body="{
\"name\": \"${_domain}.\",
\"description\": \"ACME Challenge\",
\"type\": \"TXT\",
\"ttl\": 1,
\"records\": [
${_exist_record},
\"\\\"${_txtvalue}\\\"\"
]
}"
fi
2020-11-23 07:57:33 +01:00
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
_debug "Record Set ID is:" "${_record_id}"
2020-11-23 07:57:33 +01:00
# Remove all records
while [ "${_record_id}" != "0" ]; do
_debug "Removing Record"
_rm_record "${_token}" "${zoneid}" "${_record_id}"
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
done
# Add brand new records with all old and new records
2020-11-22 15:34:21 +01:00
export _H2="Content-Type: application/json"
export _H1="X-Auth-Token: ${_token}"
_debug2 "${_post_body}"
2020-11-23 07:57:33 +01:00
_post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null
2020-11-22 15:34:21 +01:00
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
if [ "$_code" != "202" ]; then
_err "dns_huaweicloud: http code ${_code}"
return 1
fi
return 0
}
2020-11-23 07:57:33 +01:00
# _rm_record $token $zoneid $recordid
# assume ${dns_api} exist
# no output
# return 0
2020-11-22 15:34:21 +01:00
_rm_record() {
_token=$1
_zone_id=$2
_record_id=$3
export _H2="Content-Type: application/json"
export _H1="X-Auth-Token: ${_token}"
2020-11-23 07:57:33 +01:00
_post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null
return $?
2020-11-22 15:34:21 +01:00
}
_get_token() {
_username=$1
_password=$2
_domain_name=$3
2020-11-22 15:34:21 +01:00
_debug "Getting Token"
body="{
\"auth\": {
\"identity\": {
\"methods\": [
\"password\"
],
\"password\": {
\"user\": {
\"name\": \"${_username}\",
\"password\": \"${_password}\",
\"domain\": {
\"name\": \"${_domain_name}\"
2020-11-22 15:34:21 +01:00
}
}
}
},
\"scope\": {
\"project\": {
\"name\": \"ap-southeast-1\"
2020-11-22 15:34:21 +01:00
}
}
}
}"
export _H1="Content-Type: application/json;charset=utf8"
_post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null
_code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")
_token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-)
_secure_debug "${_code}"
2020-11-22 15:34:21 +01:00
printf "%s" "${_token}"
return 0
}