You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

291 lines
8.4 KiB

  1. #!/usr/bin/env sh
  2. # HUAWEICLOUD_Username
  3. # HUAWEICLOUD_Password
  4. # HUAWEICLOUD_DomainName
  5. iam_api="https://iam.myhuaweicloud.com"
  6. dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work
  7. ######## Public functions #####################
  8. # Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  9. # Used to add txt record
  10. #
  11. # Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html
  12. #
  13. # About "DomainName" parameters see: https://support.huaweicloud.com/api-iam/iam_01_0006.html
  14. #
  15. dns_huaweicloud_add() {
  16. fulldomain=$1
  17. txtvalue=$2
  18. HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
  19. HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
  20. HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
  21. # Check information
  22. if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then
  23. _err "Not enough information provided to dns_huaweicloud!"
  24. return 1
  25. fi
  26. unset token # Clear token
  27. token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")"
  28. if [ -z "${token}" ]; then # Check token
  29. _err "dns_api(dns_huaweicloud): Error getting token."
  30. return 1
  31. fi
  32. _secure_debug "Access token is:" "${token}"
  33. unset zoneid
  34. zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
  35. if [ -z "${zoneid}" ]; then
  36. _err "dns_api(dns_huaweicloud): Error getting zone id."
  37. return 1
  38. fi
  39. _debug "Zone ID is:" "${zoneid}"
  40. _debug "Adding Record"
  41. _add_record "${token}" "${fulldomain}" "${txtvalue}"
  42. ret="$?"
  43. if [ "${ret}" != "0" ]; then
  44. _err "dns_api(dns_huaweicloud): Error adding record."
  45. return 1
  46. fi
  47. # Do saving work if all succeeded
  48. _saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}"
  49. _saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}"
  50. _saveaccountconf_mutable HUAWEICLOUD_DomainName "${HUAWEICLOUD_DomainName}"
  51. return 0
  52. }
  53. # Usage: fulldomain txtvalue
  54. # Used to remove the txt record after validation
  55. #
  56. # Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html
  57. #
  58. dns_huaweicloud_rm() {
  59. fulldomain=$1
  60. txtvalue=$2
  61. HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
  62. HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
  63. HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
  64. # Check information
  65. if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then
  66. _err "Not enough information provided to dns_huaweicloud!"
  67. return 1
  68. fi
  69. unset token # Clear token
  70. token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")"
  71. if [ -z "${token}" ]; then # Check token
  72. _err "dns_api(dns_huaweicloud): Error getting token."
  73. return 1
  74. fi
  75. _secure_debug "Access token is:" "${token}"
  76. unset zoneid
  77. zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
  78. if [ -z "${zoneid}" ]; then
  79. _err "dns_api(dns_huaweicloud): Error getting zone id."
  80. return 1
  81. fi
  82. _debug "Zone ID is:" "${zoneid}"
  83. # Remove all records
  84. # Therotically HuaweiCloud does not allow more than one record set
  85. # But remove them recurringly to increase robusty
  86. while [ "${record_id}" != "0" ]; do
  87. _debug "Removing Record"
  88. _rm_record "${token}" "${zoneid}" "${record_id}"
  89. record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
  90. done
  91. return 0
  92. }
  93. ################### Private functions below ##################################
  94. # _get_zoneid
  95. #
  96. # _token=$1
  97. # _domain_string=$2
  98. #
  99. # printf "%s" "${_zoneid}"
  100. _get_zoneid() {
  101. _token=$1
  102. _domain_string=$2
  103. export _H1="X-Auth-Token: ${_token}"
  104. i=1
  105. while true; do
  106. h=$(printf "%s" "${_domain_string}" | cut -d . -f $i-100)
  107. if [ -z "$h" ]; then
  108. #not valid
  109. return 1
  110. fi
  111. _debug "$h"
  112. response=$(_get "${dns_api}/v2/zones?name=${h}")
  113. _debug2 "$response"
  114. if _contains "${response}" '"id"'; then
  115. zoneidlist=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")
  116. zonenamelist=$(echo "${response}" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")
  117. _debug2 "Return Zone ID(s):" "${zoneidlist}"
  118. _debug2 "Return Zone Name(s):" "${zonenamelist}"
  119. zoneidnum=0
  120. zoneidcount=$(echo "${zoneidlist}" | grep -c '^')
  121. _debug "Retund Zone ID(s) Count:" "${zoneidcount}"
  122. while [ "${zoneidnum}" -lt "${zoneidcount}" ]; do
  123. zoneidnum=$(_math "$zoneidnum" + 1)
  124. _zoneid=$(echo "${zoneidlist}" | sed -n "${zoneidnum}p")
  125. zonename=$(echo "${zonenamelist}" | sed -n "${zoneidnum}p")
  126. _debug "Check Zone Name" "${zonename}"
  127. if [ "${zonename}" = "${h}." ]; then
  128. _debug "Get Zone ID Success."
  129. _debug "ZoneID:" "${_zoneid}"
  130. printf "%s" "${_zoneid}"
  131. return 0
  132. fi
  133. done
  134. fi
  135. i=$(_math "$i" + 1)
  136. done
  137. return 1
  138. }
  139. _get_recordset_id() {
  140. _token=$1
  141. _domain=$2
  142. _zoneid=$3
  143. export _H1="X-Auth-Token: ${_token}"
  144. response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}")
  145. if _contains "${response}" '"id"'; then
  146. _id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")"
  147. printf "%s" "${_id}"
  148. return 0
  149. fi
  150. printf "%s" "0"
  151. return 1
  152. }
  153. _add_record() {
  154. _token=$1
  155. _domain=$2
  156. _txtvalue=$3
  157. # Get Existing Records
  158. export _H1="X-Auth-Token: ${_token}"
  159. response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}")
  160. _debug2 "${response}"
  161. _exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g')
  162. _debug "${_exist_record}"
  163. # Check if record exist
  164. # Generate body data
  165. if [ -z "${_exist_record}" ]; then
  166. _post_body="{
  167. \"name\": \"${_domain}.\",
  168. \"description\": \"ACME Challenge\",
  169. \"type\": \"TXT\",
  170. \"ttl\": 1,
  171. \"records\": [
  172. \"\\\"${_txtvalue}\\\"\"
  173. ]
  174. }"
  175. else
  176. _post_body="{
  177. \"name\": \"${_domain}.\",
  178. \"description\": \"ACME Challenge\",
  179. \"type\": \"TXT\",
  180. \"ttl\": 1,
  181. \"records\": [
  182. ${_exist_record},
  183. \"\\\"${_txtvalue}\\\"\"
  184. ]
  185. }"
  186. fi
  187. _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
  188. _debug "Record Set ID is:" "${_record_id}"
  189. # Remove all records
  190. while [ "${_record_id}" != "0" ]; do
  191. _debug "Removing Record"
  192. _rm_record "${_token}" "${zoneid}" "${_record_id}"
  193. _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
  194. done
  195. # Add brand new records with all old and new records
  196. export _H2="Content-Type: application/json"
  197. export _H1="X-Auth-Token: ${_token}"
  198. _debug2 "${_post_body}"
  199. _post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null
  200. _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  201. if [ "$_code" != "202" ]; then
  202. _err "dns_huaweicloud: http code ${_code}"
  203. return 1
  204. fi
  205. return 0
  206. }
  207. # _rm_record $token $zoneid $recordid
  208. # assume ${dns_api} exist
  209. # no output
  210. # return 0
  211. _rm_record() {
  212. _token=$1
  213. _zone_id=$2
  214. _record_id=$3
  215. export _H2="Content-Type: application/json"
  216. export _H1="X-Auth-Token: ${_token}"
  217. _post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null
  218. return $?
  219. }
  220. _get_token() {
  221. _username=$1
  222. _password=$2
  223. _domain_name=$3
  224. _debug "Getting Token"
  225. body="{
  226. \"auth\": {
  227. \"identity\": {
  228. \"methods\": [
  229. \"password\"
  230. ],
  231. \"password\": {
  232. \"user\": {
  233. \"name\": \"${_username}\",
  234. \"password\": \"${_password}\",
  235. \"domain\": {
  236. \"name\": \"${_domain_name}\"
  237. }
  238. }
  239. }
  240. },
  241. \"scope\": {
  242. \"project\": {
  243. \"name\": \"ap-southeast-1\"
  244. }
  245. }
  246. }
  247. }"
  248. export _H1="Content-Type: application/json;charset=utf8"
  249. _post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null
  250. _code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")
  251. _token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-)
  252. _secure_debug "${_code}"
  253. printf "%s" "${_token}"
  254. return 0
  255. }