Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add ecs ram role support

pull/3439/head
Yang Liu 4 years ago
parent
c33e5bc40f
commit
d3ed8bea26
1 changed files with 74 additions and 18 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 92
      dnsapi/dns_ali.sh

92
dnsapi/dns_ali.sh
View File

@ -1,27 +1,34 @@
#!/usr/bin/env sh
#!/usr/local/bin/bash
Ali_API="https://alidns.aliyuncs.com/" Ali_API="https://alidns.aliyuncs.com/"
#Ali_Key="LTqIA87hOKdjevsf5"
#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2"
#ALICLOUD_ACCESS_KEY="LTqIA87hOKdjevsf5"
#ALICLOUD_SECRET_KEY="0p5EYueFNq501xnCPzKNbx6K51qPH2"
#Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
#Usage: dns_ali_add $(_ali_urlencode "_acme-challenge.www.domain.com") "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_ali_add() { dns_ali_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
Ali_Key=""
Ali_Secret=""
ALICLOUD_ACCESS_KEY="${ALICLOUD_ACCESS_KEY:-$(_readaccountconf_mutable ALICLOUD_ACCESS_KEY)}"
ALICLOUD_SECRET_KEY="${ALICLOUD_SECRET_KEY:-$(_readaccountconf_mutable ALICLOUD_SECRET_KEY)}"
if [ -z "$ALICLOUD_ACCESS_KEY" ] || [ -z "$ALICLOUD_SECRET_KEY" ]; then
_use_instance_role
fi
if [ -z "$ALICLOUD_ACCESS_KEY" ] || [ -z "$ALICLOUD_SECRET_KEY" ]; then
ALICLOUD_ACCESS_KEY=""
ALICLOUD_SECRET_KEY=""
_err "You don't specify aliyun api key and secret yet." _err "You don't specify aliyun api key and secret yet."
return 1 return 1
fi fi
#save the api key and secret to the account conf file. #save the api key and secret to the account conf file.
_saveaccountconf_mutable Ali_Key "$Ali_Key"
_saveaccountconf_mutable Ali_Secret "$Ali_Secret"
if [ -z "$_using_role" ]; then
_saveaccountconf_mutable ALICLOUD_ACCESS_KEY "$ALICLOUD_ACCESS_KEY"
_saveaccountconf_mutable ALICLOUD_SECRET_KEY "$ALICLOUD_SECRET_KEY"
fi
_debug "First detect the root zone" _debug "First detect the root zone"
if ! _get_root "$fulldomain"; then if ! _get_root "$fulldomain"; then
@ -35,8 +42,8 @@ dns_ali_add() {
dns_ali_rm() { dns_ali_rm() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
ALICLOUD_ACCESS_KEY="${ALICLOUD_ACCESS_KEY:-$(_readaccountconf_mutable ALICLOUD_ACCESS_KEY)}"
ALICLOUD_SECRET_KEY="${ALICLOUD_SECRET_KEY:-$(_readaccountconf_mutable ALICLOUD_SECRET_KEY)}"
_debug "First detect the root zone" _debug "First detect the root zone"
if ! _get_root "$fulldomain"; then if ! _get_root "$fulldomain"; then
@ -77,8 +84,45 @@ _get_root() {
return 1 return 1
} }
_use_instance_role() {
_url="http://100.100.100.200/latest/meta-data/ram/security-credentials/"
_debug "_url" "$_url"
if ! _get "$_url" true 1 | _head_n 1 | grep -Fq 200; then
_debug "Unable to fetch IAM role from instance metadata"
return 1
fi
_ali_instance_role=$(_get "$_url" "" 1)
_debug "_ali_instance_role" "_ali_instance_role"
_ali_creds="$(
_get "$_url$_ali_instance_role" "" 1 |
_normalizeJson |
tr '{,}' '\n' |
while read -r _line; do
_key="$(echo "${_line%%:*}" | tr -d '"')"
_value="${_line#*:}"
_debug3 "_key" "$_key"
_secure_debug3 "_value" "$_value"
case "$_key" in
AccessKeyId) echo "ALICLOUD_ACCESS_KEY=$_value" ;;
AccessKeySecret) echo "ALICLOUD_SECRET_KEY=$_value" ;;
SecurityToken) echo "ALICLOUD_SECURITY_TOKEN=$_value" ;;
esac
done |
paste -sd' ' -
)"
_secure_debug "_ali_creds" "$_ali_creds"
if [ -z "$_ali_creds" ]; then
return 1
fi
eval "$_ali_creds"
_using_role=true
}
_ali_rest() { _ali_rest() {
signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$ALICLOUD_SECRET_KEY&" | _hex_dump | tr -d " ")" | _base64)
signature=$(_ali_urlencode "$signature") signature=$(_ali_urlencode "$signature")
url="$Ali_API?$query&Signature=$signature" url="$Ali_API?$query&Signature=$signature"
@ -124,11 +168,14 @@ _check_exist_query() {
_qdomain="$1" _qdomain="$1"
_qsubdomain="$2" _qsubdomain="$2"
query='' query=''
query=$query'AccessKeyId='$Ali_Key
query=$query'AccessKeyId='$ALICLOUD_ACCESS_KEY
query=$query'&Action=DescribeDomainRecords' query=$query'&Action=DescribeDomainRecords'
query=$query'&DomainName='$_qdomain query=$query'&DomainName='$_qdomain
query=$query'&Format=json' query=$query'&Format=json'
query=$query'&RRKeyWord='$_qsubdomain query=$query'&RRKeyWord='$_qsubdomain
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'
@ -139,11 +186,14 @@ _check_exist_query() {
_add_record_query() { _add_record_query() {
query='' query=''
query=$query'AccessKeyId='$Ali_Key
query=$query'AccessKeyId='$ALICLOUD_ACCESS_KEY
query=$query'&Action=AddDomainRecord' query=$query'&Action=AddDomainRecord'
query=$query'&DomainName='$1 query=$query'&DomainName='$1
query=$query'&Format=json' query=$query'&Format=json'
query=$query'&RR='$2 query=$query'&RR='$2
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'
@ -155,10 +205,13 @@ _add_record_query() {
_delete_record_query() { _delete_record_query() {
query='' query=''
query=$query'AccessKeyId='$Ali_Key
query=$query'AccessKeyId='$ALICLOUD_ACCESS_KEY
query=$query'&Action=DeleteDomainRecord' query=$query'&Action=DeleteDomainRecord'
query=$query'&Format=json' query=$query'&Format=json'
query=$query'&RecordId='$1 query=$query'&RecordId='$1
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'
@ -168,10 +221,13 @@ _delete_record_query() {
_describe_records_query() { _describe_records_query() {
query='' query=''
query=$query'AccessKeyId='$Ali_Key
query=$query'AccessKeyId='$ALICLOUD_ACCESS_KEY
query=$query'&Action=DescribeDomainRecords' query=$query'&Action=DescribeDomainRecords'
query=$query'&DomainName='$1 query=$query'&DomainName='$1
query=$query'&Format=json' query=$query'&Format=json'
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'

Write Preview
Loading…
Cancel
Save