You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
333 lines
9.5 KiB
333 lines
9.5 KiB
#!/usr/bin/env sh |
|
# shellcheck disable=SC2034 |
|
dns_huaweicloud_info='HuaweiCloud.com |
|
Site: HuaweiCloud.com |
|
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_huaweicloud |
|
Options: |
|
HUAWEICLOUD_Username Username |
|
HUAWEICLOUD_Password Password |
|
HUAWEICLOUD_DomainName DomainName |
|
Issues: github.com/acmesh-official/acme.sh/issues/3265 |
|
' |
|
|
|
iam_api="https://iam.myhuaweicloud.com" |
|
dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work |
|
|
|
######## Public functions ##################### |
|
|
|
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|
# Used to add txt record |
|
# |
|
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html |
|
# |
|
# About "DomainName" parameters see: https://support.huaweicloud.com/api-iam/iam_01_0006.html |
|
# |
|
|
|
dns_huaweicloud_add() { |
|
fulldomain=$1 |
|
txtvalue=$2 |
|
|
|
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
|
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
|
HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_DomainName)}" |
|
|
|
# Check information |
|
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then |
|
_err "Not enough information provided to dns_huaweicloud!" |
|
return 1 |
|
fi |
|
|
|
unset token # Clear token |
|
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")" |
|
if [ -z "${token}" ]; then # Check token |
|
_err "dns_api(dns_huaweicloud): Error getting token." |
|
return 1 |
|
fi |
|
_secure_debug "Access token is:" "${token}" |
|
|
|
unset zoneid |
|
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
|
if [ -z "${zoneid}" ]; then |
|
_err "dns_api(dns_huaweicloud): Error getting zone id." |
|
return 1 |
|
fi |
|
_debug "Zone ID is:" "${zoneid}" |
|
|
|
_debug "Adding Record" |
|
_add_record "${token}" "${fulldomain}" "${txtvalue}" |
|
ret="$?" |
|
if [ "${ret}" != "0" ]; then |
|
_err "dns_api(dns_huaweicloud): Error adding record." |
|
return 1 |
|
fi |
|
|
|
# Do saving work if all succeeded |
|
_saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}" |
|
_saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}" |
|
_saveaccountconf_mutable HUAWEICLOUD_DomainName "${HUAWEICLOUD_DomainName}" |
|
return 0 |
|
} |
|
|
|
# Usage: fulldomain txtvalue |
|
# Used to remove the txt record after validation |
|
# |
|
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html |
|
# |
|
|
|
dns_huaweicloud_rm() { |
|
fulldomain=$1 |
|
txtvalue=$2 |
|
|
|
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
|
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
|
HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_DomainName)}" |
|
|
|
# Check information |
|
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then |
|
_err "Not enough information provided to dns_huaweicloud!" |
|
return 1 |
|
fi |
|
|
|
unset token # Clear token |
|
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")" |
|
if [ -z "${token}" ]; then # Check token |
|
_err "dns_api(dns_huaweicloud): Error getting token." |
|
return 1 |
|
fi |
|
_secure_debug "Access token is:" "${token}" |
|
|
|
unset zoneid |
|
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
|
if [ -z "${zoneid}" ]; then |
|
_err "dns_api(dns_huaweicloud): Error getting zone id." |
|
return 1 |
|
fi |
|
_debug "Zone ID is:" "${zoneid}" |
|
|
|
record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" |
|
_recursive_rm_record "${token}" "${fulldomain}" "${zoneid}" "${record_id}" |
|
ret="$?" |
|
if [ "${ret}" != "0" ]; then |
|
_err "dns_api(dns_huaweicloud): Error removing record." |
|
return 1 |
|
fi |
|
|
|
return 0 |
|
} |
|
|
|
################### Private functions below ################################## |
|
|
|
# _recursive_rm_record |
|
# remove all records from the record set |
|
# |
|
# _token=$1 |
|
# _domain=$2 |
|
# _zoneid=$3 |
|
# _record_id=$4 |
|
# |
|
# Returns 0 on success |
|
_recursive_rm_record() { |
|
_token=$1 |
|
_domain=$2 |
|
_zoneid=$3 |
|
_record_id=$4 |
|
|
|
# Most likely to have problems will huaweicloud side if more than 50 attempts but still cannot fully remove the record set |
|
# Maybe can be removed manually in the dashboard |
|
_retry_cnt=50 |
|
|
|
# Remove all records |
|
# Therotically HuaweiCloud does not allow more than one record set |
|
# But remove them recurringly to increase robusty |
|
|
|
while [ "${_record_id}" != "0" ] && [ "${_retry_cnt}" != "0" ]; do |
|
_debug "Removing Record" |
|
_retry_cnt=$((_retry_cnt - 1)) |
|
_rm_record "${_token}" "${_zoneid}" "${_record_id}" |
|
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${_zoneid}")" |
|
_debug2 "Checking record exists: record_id=${_record_id}" |
|
done |
|
|
|
# Check if retry count is reached |
|
if [ "${_retry_cnt}" = "0" ]; then |
|
_debug "Failed to remove record after 50 attempts, please try removing it manually in the dashboard" |
|
return 1 |
|
fi |
|
|
|
return 0 |
|
} |
|
|
|
# _get_zoneid |
|
# |
|
# _token=$1 |
|
# _domain_string=$2 |
|
# |
|
# printf "%s" "${_zoneid}" |
|
_get_zoneid() { |
|
_token=$1 |
|
_domain_string=$2 |
|
export _H1="X-Auth-Token: ${_token}" |
|
|
|
i=1 |
|
while true; do |
|
h=$(printf "%s" "${_domain_string}" | cut -d . -f "$i"-100) |
|
if [ -z "$h" ]; then |
|
#not valid |
|
return 1 |
|
fi |
|
_debug "$h" |
|
response=$(_get "${dns_api}/v2/zones?name=${h}") |
|
_debug2 "$response" |
|
if _contains "${response}" '"id"'; then |
|
zoneidlist=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") |
|
zonenamelist=$(echo "${response}" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") |
|
_debug2 "Returned Zone ID(s):" "${zoneidlist}" |
|
_debug2 "Returned Zone Name(s):" "${zonenamelist}" |
|
zoneidnum=0 |
|
zoneidcount=$(echo "${zoneidlist}" | grep -c '^') |
|
_debug "Returned Zone ID(s) Count:" "${zoneidcount}" |
|
while [ "${zoneidnum}" -lt "${zoneidcount}" ]; do |
|
zoneidnum=$(_math "$zoneidnum" + 1) |
|
_zoneid=$(echo "${zoneidlist}" | sed -n "${zoneidnum}p") |
|
zonename=$(echo "${zonenamelist}" | sed -n "${zoneidnum}p") |
|
_debug "Check Zone Name" "${zonename}" |
|
if [ "${zonename}" = "${h}." ]; then |
|
_debug "Get Zone ID Success." |
|
_debug "ZoneID:" "${_zoneid}" |
|
printf "%s" "${_zoneid}" |
|
return 0 |
|
fi |
|
done |
|
fi |
|
i=$(_math "$i" + 1) |
|
done |
|
return 1 |
|
} |
|
|
|
_get_recordset_id() { |
|
_token=$1 |
|
_domain=$2 |
|
_zoneid=$3 |
|
export _H1="X-Auth-Token: ${_token}" |
|
|
|
response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") |
|
if _contains "${response}" '"id"'; then |
|
_id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")" |
|
printf "%s" "${_id}" |
|
return 0 |
|
fi |
|
printf "%s" "0" |
|
return 1 |
|
} |
|
|
|
_add_record() { |
|
_token=$1 |
|
_domain=$2 |
|
_txtvalue=$3 |
|
|
|
# Get Existing Records |
|
export _H1="X-Auth-Token: ${_token}" |
|
response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") |
|
|
|
_debug2 "${response}" |
|
_exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') |
|
_debug "${_exist_record}" |
|
|
|
# Check if record exist |
|
# Generate body data |
|
if [ -z "${_exist_record}" ]; then |
|
_post_body="{ |
|
\"name\": \"${_domain}.\", |
|
\"description\": \"ACME Challenge\", |
|
\"type\": \"TXT\", |
|
\"ttl\": 1, |
|
\"records\": [ |
|
\"\\\"${_txtvalue}\\\"\" |
|
] |
|
}" |
|
else |
|
_post_body="{ |
|
\"name\": \"${_domain}.\", |
|
\"description\": \"ACME Challenge\", |
|
\"type\": \"TXT\", |
|
\"ttl\": 1, |
|
\"records\": [ |
|
${_exist_record},\"\\\"${_txtvalue}\\\"\" |
|
] |
|
}" |
|
fi |
|
|
|
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" |
|
_debug "Record Set ID is:" "${_record_id}" |
|
|
|
# Add brand new records with all old and new records |
|
export _H2="Content-Type: application/json" |
|
export _H1="X-Auth-Token: ${_token}" |
|
|
|
_debug2 "${_post_body}" |
|
if [ -z "${_exist_record}" ]; then |
|
_post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null |
|
else |
|
_post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets/${_record_id}" false "PUT" >/dev/null |
|
fi |
|
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|
if [ "$_code" != "202" ]; then |
|
_err "dns_huaweicloud: http code ${_code}" |
|
return 1 |
|
fi |
|
return 0 |
|
} |
|
|
|
# _rm_record $token $zoneid $recordid |
|
# assume ${dns_api} exist |
|
# no output |
|
# return 0 |
|
_rm_record() { |
|
_token=$1 |
|
_zone_id=$2 |
|
_record_id=$3 |
|
|
|
export _H2="Content-Type: application/json" |
|
export _H1="X-Auth-Token: ${_token}" |
|
|
|
_post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null |
|
return $? |
|
} |
|
|
|
_get_token() { |
|
_username=$1 |
|
_password=$2 |
|
_domain_name=$3 |
|
|
|
_debug "Getting Token" |
|
body="{ |
|
\"auth\": { |
|
\"identity\": { |
|
\"methods\": [ |
|
\"password\" |
|
], |
|
\"password\": { |
|
\"user\": { |
|
\"name\": \"${_username}\", |
|
\"password\": \"${_password}\", |
|
\"domain\": { |
|
\"name\": \"${_domain_name}\" |
|
} |
|
} |
|
} |
|
}, |
|
\"scope\": { |
|
\"project\": { |
|
\"name\": \"ap-southeast-1\" |
|
} |
|
} |
|
} |
|
}" |
|
export _H1="Content-Type: application/json;charset=utf8" |
|
_post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null |
|
_code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n") |
|
_token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-) |
|
_secure_debug "${_code}" |
|
printf "%s" "${_token}" |
|
return 0 |
|
}
|
|
|