275 lines
7.5 KiB

  1. #!/usr/bin/env sh
  2. # HUAWEICLOUD_Username
  3. # HUAWEICLOUD_Password
  4. # HUAWEICLOUD_ProjectID
  5. iam_api="https://iam.myhuaweicloud.com"
  6. dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work
  7. ######## Public functions #####################
  8. # Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  9. # Used to add txt record
  10. #
  11. # Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html
  12. #
  13. dns_huaweicloud_add() {
  14. fulldomain=$1
  15. txtvalue=$2
  16. HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
  17. HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
  18. HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}"
  19. # Check information
  20. if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then
  21. _err "Not enough information provided to dns_huaweicloud!"
  22. return 1
  23. fi
  24. unset token # Clear token
  25. token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
  26. if [ -z "${token}" ]; then # Check token
  27. _err "dns_api(dns_huaweicloud): Error getting token."
  28. return 1
  29. fi
  30. _debug "Access token is: ${token}"
  31. unset zoneid
  32. zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
  33. if [ -z "${zoneid}" ]; then
  34. _err "dns_api(dns_huaweicloud): Error getting zone id."
  35. return 1
  36. fi
  37. _debug "Zone ID is: ${zoneid}"
  38. _debug "Adding Record"
  39. _add_record "${token}" "${fulldomain}" "${txtvalue}"
  40. ret="$?"
  41. if [ "${ret}" != "0" ]; then
  42. _err "dns_api(dns_huaweicloud): Error adding record."
  43. return 1
  44. fi
  45. # Do saving work if all succeeded
  46. _saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}"
  47. _saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}"
  48. _saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}"
  49. return 0
  50. }
  51. # Usage: fulldomain txtvalue
  52. # Used to remove the txt record after validation
  53. #
  54. # Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html
  55. #
  56. dns_huaweicloud_rm() {
  57. fulldomain=$1
  58. txtvalue=$2
  59. HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
  60. HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
  61. HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}"
  62. # Check information
  63. if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then
  64. _err "Not enough information provided to dns_huaweicloud!"
  65. return 1
  66. fi
  67. unset token # Clear token
  68. token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
  69. if [ -z "${token}" ]; then # Check token
  70. _err "dns_api(dns_huaweicloud): Error getting token."
  71. return 1
  72. fi
  73. _debug "Access token is: ${token}"
  74. unset zoneid
  75. zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
  76. if [ -z "${zoneid}" ]; then
  77. _err "dns_api(dns_huaweicloud): Error getting zone id."
  78. return 1
  79. fi
  80. _debug "Zone ID is: ${zoneid}"
  81. # Remove all records
  82. # Therotically HuaweiCloud does not allow more than one record set
  83. # But remove them recurringly to increase robusty
  84. while [ "${record_id}" != "0" ]; do
  85. _debug "Removing Record"
  86. _rm_record "${token}" "${zoneid}" "${record_id}"
  87. record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
  88. done
  89. return 0
  90. }
  91. ################### Private functions below ##################################
  92. # _get_zoneid
  93. #
  94. # _token=$1
  95. # _domain_string=$2
  96. #
  97. # printf "%s" "${_zoneid}"
  98. _get_zoneid() {
  99. _token=$1
  100. _domain_string=$2
  101. export _H1="X-Auth-Token: ${_token}"
  102. i=1
  103. while true; do
  104. h=$(printf "%s" "${_domain_string}" | cut -d . -f $i-100)
  105. if [ -z "$h" ]; then
  106. #not valid
  107. return 1
  108. fi
  109. _debug "$h"
  110. response=$(_get "${dns_api}/v2/zones?name=${h}")
  111. if _contains "${response}" "id"; then
  112. _debug "Get Zone ID Success."
  113. _zoneid=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")
  114. printf "%s" "${_zoneid}"
  115. return 0
  116. fi
  117. i=$(_math "$i" + 1)
  118. done
  119. return 1
  120. }
  121. _get_recordset_id() {
  122. _token=$1
  123. _domain=$2
  124. _zoneid=$3
  125. export _H1="X-Auth-Token: ${_token}"
  126. response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}")
  127. if _contains "${response}" "id"; then
  128. _id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")"
  129. printf "%s" "${_id}"
  130. return 0
  131. fi
  132. printf "%s" "0"
  133. return 1
  134. }
  135. _add_record() {
  136. _token=$1
  137. _domain=$2
  138. _txtvalue=$3
  139. # Get Existing Records
  140. export _H1="X-Auth-Token: ${_token}"
  141. response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}")
  142. _debug2 "${response}"
  143. _exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g')
  144. _debug "${_exist_record}"
  145. # Check if record exist
  146. # Generate body data
  147. if [ -z "${_exist_record}" ]; then
  148. _post_body="{
  149. \"name\": \"${_domain}.\",
  150. \"description\": \"ACME Challenge\",
  151. \"type\": \"TXT\",
  152. \"ttl\": 1,
  153. \"records\": [
  154. \"\\\"${_txtvalue}\\\"\"
  155. ]
  156. }"
  157. else
  158. _post_body="{
  159. \"name\": \"${_domain}.\",
  160. \"description\": \"ACME Challenge\",
  161. \"type\": \"TXT\",
  162. \"ttl\": 1,
  163. \"records\": [
  164. ${_exist_record},
  165. \"\\\"${_txtvalue}\\\"\"
  166. ]
  167. }"
  168. fi
  169. _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
  170. _debug "Record Set ID is: ${_record_id}"
  171. # Remove all records
  172. while [ "${_record_id}" != "0" ]; do
  173. _debug "Removing Record"
  174. _rm_record "${_token}" "${zoneid}" "${_record_id}"
  175. _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
  176. done
  177. # Add brand new records with all old and new records
  178. export _H2="Content-Type: application/json"
  179. export _H1="X-Auth-Token: ${_token}"
  180. _debug2 "${_post_body}"
  181. _post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null
  182. _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  183. if [ "$_code" != "202" ]; then
  184. _err "dns_huaweicloud: http code ${_code}"
  185. return 1
  186. fi
  187. return 0
  188. }
  189. # _rm_record $token $zoneid $recordid
  190. # assume ${dns_api} exist
  191. # no output
  192. # return 0
  193. _rm_record() {
  194. _token=$1
  195. _zone_id=$2
  196. _record_id=$3
  197. export _H2="Content-Type: application/json"
  198. export _H1="X-Auth-Token: ${_token}"
  199. _post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null
  200. return $?
  201. }
  202. _get_token() {
  203. _username=$1
  204. _password=$2
  205. _project=$3
  206. _debug "Getting Token"
  207. body="{
  208. \"auth\": {
  209. \"identity\": {
  210. \"methods\": [
  211. \"password\"
  212. ],
  213. \"password\": {
  214. \"user\": {
  215. \"name\": \"${_username}\",
  216. \"password\": \"${_password}\",
  217. \"domain\": {
  218. \"name\": \"${_username}\"
  219. }
  220. }
  221. }
  222. },
  223. \"scope\": {
  224. \"project\": {
  225. \"id\": \"${_project}\"
  226. }
  227. }
  228. }
  229. }"
  230. export _H1="Content-Type: application/json;charset=utf8"
  231. _post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null
  232. _code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")
  233. _token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-)
  234. _debug2 "${_code}"
  235. printf "%s" "${_token}"
  236. return 0
  237. }