Add DNS provider for VK Cloud #1706

kluevandrew · 2022-08-30T17:05:53Z

DNS Provider for VK Cloud. Closes #1705

Stdout of example

$ export VK_CLOUD_PROJECT_ID=<sensetive_information_truncated>
$ export VK_CLOUD_USERNAME=andrey.klyuev@vk.team
$ export VK_CLOUD_PASSWORD=<sensetive_information_truncated>
$ rm -rf .lego && ./lego --email andrey.klyuev@vk.team --dns vkcloud --domains "bet-statistic.ru" --domains "*.bet-statistic.ru"  -s https://acme-staging-v02.api.letsencrypt.org/directory run
2022/08/30 20:09:17 No key found for account andrey.klyuev@vk.team. Generating a P256 key.
2022/08/30 20:09:17 Saved key to /Users/andrey.klyuev/Projects/go-acme/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/andrey.klyuev@vk.team/keys/andrey.klyuev@vk.team.key
2022/08/30 20:09:18 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf
Do you accept the TOS? Y/n
Y
2022/08/30 20:09:22 [INFO] acme: Registering account for andrey.klyuev@vk.team
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/Users/andrey.klyuev/Projects/go-acme/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2022/08/30 20:09:22 [INFO] [bet-statistic.ru, *.bet-statistic.ru] acme: Obtaining bundled SAN certificate
2022/08/30 20:09:23 [INFO] [*.bet-statistic.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3485466163
2022/08/30 20:09:23 [INFO] [bet-statistic.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3485466173
2022/08/30 20:09:23 [INFO] [*.bet-statistic.ru] acme: use dns-01 solver
2022/08/30 20:09:23 [INFO] [bet-statistic.ru] acme: Could not find solver for: tls-alpn-01
2022/08/30 20:09:23 [INFO] [bet-statistic.ru] acme: Could not find solver for: http-01
2022/08/30 20:09:23 [INFO] [bet-statistic.ru] acme: use dns-01 solver
2022/08/30 20:09:23 [INFO] [*.bet-statistic.ru] acme: Preparing to solve DNS-01
2022/08/30 20:09:24 [INFO] [bet-statistic.ru] acme: Preparing to solve DNS-01
2022/08/30 20:09:24 [INFO] [*.bet-statistic.ru] acme: Trying to solve DNS-01
2022/08/30 20:09:24 [INFO] [*.bet-statistic.ru] acme: Checking DNS record propagation using [100.99.0.231:53 100.99.0.230:53]
2022/08/30 20:09:26 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2022/08/30 20:09:26 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:28 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:30 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:32 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:34 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:36 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:38 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:40 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:42 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:45 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:47 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:49 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:09:51 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/08/30 20:10:00 [INFO] [*.bet-statistic.ru] The server validated our request
2022/08/30 20:10:00 [INFO] [bet-statistic.ru] acme: Trying to solve DNS-01
2022/08/30 20:10:00 [INFO] [bet-statistic.ru] acme: Checking DNS record propagation using [100.99.0.231:53 100.99.0.230:53]
2022/08/30 20:10:02 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2022/08/30 20:10:09 [INFO] [bet-statistic.ru] The server validated our request
2022/08/30 20:10:09 [INFO] [*.bet-statistic.ru] acme: Cleaning DNS-01 challenge
2022/08/30 20:10:11 [INFO] [bet-statistic.ru] acme: Cleaning DNS-01 challenge
2022/08/30 20:10:14 [INFO] [bet-statistic.ru, *.bet-statistic.ru] acme: Validations succeeded; requesting certificates
2022/08/30 20:10:15 [INFO] [bet-statistic.ru] Server responded with a certificate.
Exiting.

ldez · 2022-08-30T17:25:36Z

Hello, in order for a PR adding a DNS provider to be accepted, you have to:

add a description to your PR
be able to maintain this provider
have a homogeneous design with the other providers
add tests (units)

make test

add tests ("live")

lego/providers/dns/cloudflare/cloudflare_test.go

Lines 125 to 151 in c938de6

    
           func TestLivePresent(t *testing.T) { 
        
           	if !envTest.IsLiveTest() { 
        
           		t.Skip("skipping live test") 
        
           	} 
        
           	envTest.RestoreEnv() 
        
           	provider, err := NewDNSProvider() 
        
           	require.NoError(t, err) 
        
           	err = provider.Present(envTest.GetDomain(), "", "123d==") 
        
           	require.NoError(t, err) 
        
           } 
        
           func TestLiveCleanUp(t *testing.T) { 
        
           	if !envTest.IsLiveTest() { 
        
           		t.Skip("skipping live test") 
        
           	} 
        
           	envTest.RestoreEnv() 
        
           	provider, err := NewDNSProvider() 
        
           	require.NoError(t, err) 
        
           	time.Sleep(2 * time.Second) 
        
           	err = provider.CleanUp(envTest.GetDomain(), "", "123d==") 
        
           	require.NoError(t, err) 
        
           }

make test

add a provider descriptor
generate CLI help, documentation, and readme.

make generate-dns

be able to do: (and put the output of this command to a comment in your PR)

rm -rf .lego

./lego -m your@email.com --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

Note the wildcard domain is important.

pass the linter (golangci-lint must be installed):

make checks

do go mod tidy

ldez · 2022-09-01T22:42:11Z

As I changed the code, I will ask you to run again the command:

rm -rf .lego

./lego -m your@email.com --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

kluevandrew · 2022-09-02T08:21:20Z

As I changed the code, I will ask you to run again the command:

ok, i will make it today

kluevandrew · 2022-09-02T08:52:00Z

Unfortunately it stopped working, VK Cloud has not good API which works strange with trailing slash in URL, it required for each request except txt record deletion, i will fix it soon.

Unfortunately i must replace path.Join call with fmt.Sprintf because path.Join clears trailing slash

kluevandrew · 2022-09-02T09:04:32Z

I fixed a bug with trailing slash, merged actual changes from master and now it works

2022/09/02 11:58:57 No key found for account andrey.klyuev@vk.team. Generating a P256 key.
2022/09/02 11:58:57 Saved key to /Users/andrey.klyuev/Projects/go-acme/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/andrey.klyuev@vk.team/keys/andrey.klyuev@vk.team.key
2022/09/02 11:58:57 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf
Do you accept the TOS? Y/n
Y
2022/09/02 11:59:00 [INFO] acme: Registering account for andrey.klyuev@vk.team
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/Users/andrey.klyuev/Projects/go-acme/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2022/09/02 11:59:00 [INFO] [bet-statistic.ru, *.bet-statistic.ru] acme: Obtaining bundled SAN certificate
2022/09/02 11:59:01 [INFO] [*.bet-statistic.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3512654573
2022/09/02 11:59:01 [INFO] [bet-statistic.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3512654583
2022/09/02 11:59:01 [INFO] [*.bet-statistic.ru] acme: use dns-01 solver
2022/09/02 11:59:01 [INFO] [bet-statistic.ru] acme: Could not find solver for: tls-alpn-01
2022/09/02 11:59:01 [INFO] [bet-statistic.ru] acme: Could not find solver for: http-01
2022/09/02 11:59:01 [INFO] [bet-statistic.ru] acme: use dns-01 solver
2022/09/02 11:59:01 [INFO] [*.bet-statistic.ru] acme: Preparing to solve DNS-01
2022/09/02 11:59:05 [INFO] [bet-statistic.ru] acme: Preparing to solve DNS-01
2022/09/02 11:59:05 [INFO] [*.bet-statistic.ru] acme: Trying to solve DNS-01
2022/09/02 11:59:05 [INFO] [*.bet-statistic.ru] acme: Checking DNS record propagation using [10.73.0.1:53 77.37.251.33:53 77.37.255.30:53]
2022/09/02 11:59:07 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2022/09/02 11:59:07 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:09 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:11 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:14 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:16 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:18 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:20 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:22 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:24 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:26 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 11:59:31 [INFO] [*.bet-statistic.ru] The server validated our request
2022/09/02 11:59:31 [INFO] [bet-statistic.ru] acme: Trying to solve DNS-01
2022/09/02 11:59:31 [INFO] [bet-statistic.ru] acme: Checking DNS record propagation using [10.73.0.1:53 77.37.251.33:53 77.37.255.30:53]
2022/09/02 11:59:33 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2022/09/02 11:59:40 [INFO] [bet-statistic.ru] The server validated our request
2022/09/02 11:59:40 [INFO] [*.bet-statistic.ru] acme: Cleaning DNS-01 challenge
2022/09/02 11:59:40 [INFO] [bet-statistic.ru] acme: Cleaning DNS-01 challenge
2022/09/02 11:59:41 [INFO] [bet-statistic.ru, *.bet-statistic.ru] acme: Validations succeeded; requesting certificates
2022/09/02 11:59:42 [INFO] [bet-statistic.ru] Server responded with a certificate.
Exiting.

This reverts commit 6015678.

ldez · 2022-09-02T09:42:34Z

I implemented a simpler solution.

the only case that can be a problem is on the delete.

Note: your solution had a problem:

package internal

import (
	"fmt"
	"strings"
	"testing"
)

func TestName(t *testing.T) {
	fmt.Println(joinURL("v2", "dns", "uri", "/")) // => "v2/dns/uri//" (double trailing slash)
}

func joinURL(parts ...string) string {
	return strings.Join(parts, "/")
}

ldez · 2022-09-02T10:45:43Z

I rethought the problem again and mimicked the go1.19 API.

kluevandrew · 2022-09-02T19:26:19Z

I rethought the problem again and mimicked the go1.19 API.

Great solution, shall i test it again?

PS. I going to push trailing slash problem into DNS API team, hope they can fix it fast

ldez · 2022-09-02T19:39:39Z

Great solution, shall i test it again?

It's the same code as previously so I think you don't need to test it again.
I was just waiting for your feedback.

I going to push trailing slash problem into DNS API team, hope they can fix it fast

I will merge now unless you think that we have to wait for your DNS API team.

kluevandrew · 2022-09-02T19:47:42Z

It's the same code as previously so I think you don't need to test it again. I was just waiting for your feedback.

It's not, something went wrong) I will check and fix it

[*.bet-statistic.ru] [*.bet-statistic.ru] acme: error presenting token: vkcloud: unable to fetch dns zones: request: Get "/public-dns/v2/dns/": unsupported protocol scheme ""

I will merge now unless you think that we have to wait for your DNS API team.

I think you can merge it after fix and not wait for DNS API team, when they fix api i will open new pull request with updates

kluevandrew · 2022-09-02T19:58:46Z

Now it works, problem was in BaseURL parsing, the scheme and domain were lost during the second Parse call

2022/09/02 22:55:08 [INFO] [bet-statistic.ru, *.bet-statistic.ru] acme: Obtaining bundled SAN certificate
2022/09/02 22:55:09 [INFO] [*.bet-statistic.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3517180543
2022/09/02 22:55:09 [INFO] [bet-statistic.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3517180553
2022/09/02 22:55:09 [INFO] [*.bet-statistic.ru] acme: use dns-01 solver
2022/09/02 22:55:09 [INFO] [bet-statistic.ru] acme: Could not find solver for: tls-alpn-01
2022/09/02 22:55:09 [INFO] [bet-statistic.ru] acme: Could not find solver for: http-01
2022/09/02 22:55:09 [INFO] [bet-statistic.ru] acme: use dns-01 solver
2022/09/02 22:55:09 [INFO] [*.bet-statistic.ru] acme: Preparing to solve DNS-01
2022/09/02 22:55:25 [INFO] [bet-statistic.ru] acme: Preparing to solve DNS-01
2022/09/02 22:55:27 [INFO] [*.bet-statistic.ru] acme: Trying to solve DNS-01
2022/09/02 22:55:27 [INFO] [*.bet-statistic.ru] acme: Checking DNS record propagation using [10.73.0.1:53 77.37.251.33:53 77.37.255.30:53]
2022/09/02 22:55:29 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2022/09/02 22:55:29 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:31 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:33 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:35 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:37 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:39 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:41 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:43 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:45 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:47 [INFO] [*.bet-statistic.ru] acme: Waiting for DNS record propagation.
2022/09/02 22:55:53 [INFO] [*.bet-statistic.ru] The server validated our request
2022/09/02 22:55:53 [INFO] [bet-statistic.ru] acme: Trying to solve DNS-01
2022/09/02 22:55:53 [INFO] [bet-statistic.ru] acme: Checking DNS record propagation using [10.73.0.1:53 77.37.251.33:53 77.37.255.30:53]
2022/09/02 22:55:55 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2022/09/02 22:55:55 [INFO] [bet-statistic.ru] The server validated our request
2022/09/02 22:55:55 [INFO] [*.bet-statistic.ru] acme: Cleaning DNS-01 challenge
2022/09/02 22:57:20 [INFO] [bet-statistic.ru] acme: Cleaning DNS-01 challenge
2022/09/02 22:57:23 [INFO] [bet-statistic.ru, *.bet-statistic.ru] acme: Validations succeeded; requesting certificates
2022/09/02 22:57:23 [INFO] [bet-statistic.ru] Server responded with a certificate.
Exiting.

ldez

LGTM 👍

ldez self-requested a review August 30, 2022 17:25

ldez added area/dnsprovider enhancement labels Aug 30, 2022

kluevandrew mentioned this pull request Aug 30, 2022

Support for provider: VK Cloud #1705

Closed

5 tasks

ldez changed the title ~~VK Cloud DNS provider~~ Add DNS provider for VK Cloud Sep 1, 2022

kluevandrew and others added 4 commits September 2, 2022 00:40

VK Cloud DNS provider

9a602b5

Fix some copy-paste errors

2819ee9

Fix docs

cf7c228

review

496de7f

ldez force-pushed the vkcloud branch from a9bdc2d to 496de7f Compare September 1, 2022 22:41

ldez added the contrib/waiting-for-feedback label Sep 1, 2022

ldez added this to the v4.9 milestone Sep 1, 2022

Merge remote-tracking branch 'origin/master' into vkcloud

d4f14f0

Fix trailing slash

6015678

ldez added 2 commits September 2, 2022 11:05

Revert "Fix trailing slash"

3cea70b

This reverts commit 6015678.

review

8ee3031

ldez added 2 commits September 2, 2022 11:47

review

4e1e0c6

review

d0a4641

increase linter timeout

5f5aea6

Fix BaseURL parsing in vkcloud client

5292db3

ldez approved these changes Sep 2, 2022

View reviewed changes

ldez merged commit 8fe27e0 into go-acme:master Sep 2, 2022

ldez removed the contrib/waiting-for-feedback label Sep 2, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add DNS provider for VK Cloud #1706

Add DNS provider for VK Cloud #1706

kluevandrew commented Aug 30, 2022 •

edited

ldez commented Aug 30, 2022 •

edited

ldez commented Sep 1, 2022

kluevandrew commented Sep 2, 2022

kluevandrew commented Sep 2, 2022 •

edited

kluevandrew commented Sep 2, 2022

ldez commented Sep 2, 2022 •

edited

ldez commented Sep 2, 2022

kluevandrew commented Sep 2, 2022

ldez commented Sep 2, 2022

kluevandrew commented Sep 2, 2022

kluevandrew commented Sep 2, 2022 •

edited

ldez left a comment

Add DNS provider for VK Cloud #1706

Add DNS provider for VK Cloud #1706

Conversation

kluevandrew commented Aug 30, 2022 • edited

ldez commented Aug 30, 2022 • edited

ldez commented Sep 1, 2022

kluevandrew commented Sep 2, 2022

kluevandrew commented Sep 2, 2022 • edited

kluevandrew commented Sep 2, 2022

ldez commented Sep 2, 2022 • edited

ldez commented Sep 2, 2022

kluevandrew commented Sep 2, 2022

ldez commented Sep 2, 2022

kluevandrew commented Sep 2, 2022

kluevandrew commented Sep 2, 2022 • edited

ldez left a comment

Choose a reason for hiding this comment

kluevandrew commented Aug 30, 2022 •

edited

ldez commented Aug 30, 2022 •

edited

kluevandrew commented Sep 2, 2022 •

edited

ldez commented Sep 2, 2022 •

edited

kluevandrew commented Sep 2, 2022 •

edited