feat: initial implementation

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
kaechele · Oct 6, 2023 · ebea239 · ebea239
1 parent 5c2023c
commit ebea239
Show file tree

Hide file tree

Showing 6 changed files with 799 additions and 2 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -38,3 +38,5 @@ repos:
     rev: v1.5.1
     hooks:
       - id: mypy
+        additional_dependencies:
+          - types-requests
diff --git a/README.md b/README.md
@@ -1 +1,35 @@
 # Certbot DNS Authenticator for PowerDNS
+
+PowerDNS DNS Authenticator plugin for [Certbot](https://certbot.eff.org).
+
+# Usage
+
+Create a credentials file to use with this plugin:
+
+`~/pdns-credentials.ini`
+
+```ini
+dns_pdns_endpoint = https://pdns-api.example.com
+dns_pdns_api_key = <Your API Key>
+dns_pdns_server_id = localhost # see https://doc.powerdns.com/authoritative/http-api/server.html
+dns_pdns_disable_notify = false # Disable notification of secondaries after record changes
+```
+
+The available configuration options correspond to the [DNS-Lexicon settings for the PowerDNS provider](https://dns-lexicon.readthedocs.io/en/latest/configuration_reference.html#powerdns).
+
+Run Certbot using the plugin as the authenticator:
+
+```shell
+certbot certonly \
+    --authenticator dns-pdns \
+    --dns-pdns-credentials ~/pdns-credentials.ini \
+    ...
+```
+
+# License
+
+Apache License 2.0
+
+# Maintainer
+
+- Felix Kaechele <felix@kaechele.ca>
diff --git a/certbot_dns_pdns/dns_pdns.py b/certbot_dns_pdns/dns_pdns.py
@@ -0,0 +1,64 @@
+"""DNS Authenticator for PowerDNS."""
+import logging
+from collections.abc import Callable
+from typing import Any
+
+from certbot import errors
+from certbot.plugins import dns_common_lexicon
+from requests import HTTPError
+
+logger = logging.getLogger(__name__)
+
+
+class Authenticator(dns_common_lexicon.LexiconDNSAuthenticator):
+    """DNS Authenticator for PowerDNS
+
+    This Authenticator uses the PowerDNS API to fulfill a dns-01 challenge.
+    """
+
+    description = (
+        "Obtain certificates using a DNS TXT record (if you are using PowerDNS for"
+        " DNS)."
+    )
+
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
+        super().__init__(*args, **kwargs)
+        self._add_provider_option("endpoint", "PowerDNS API endpoint", "pdns_server")
+        self._add_provider_option(
+            "api-key",
+            "API Key used for authentication with the PowerDNS API",
+            "auth_token",
+        )
+        self._add_provider_option("server-id", "PowerDNS Server ID", "pdns_server_id")
+        self._add_provider_option(
+            "disable-notify",
+            "whether to disable notification of secondaries after record changes",
+            "pdns_disable_notify",
+        )
+
+    @classmethod
+    def add_parser_arguments(
+        cls, add: Callable[..., None], default_propagation_seconds: int = 30
+    ) -> None:
+        super().add_parser_arguments(add, default_propagation_seconds)
+        add("credentials", help="PowerDNS API credentials INI file.")
+
+    def more_info(self) -> str:
+        return (
+            "This plugin configures a DNS TXT record to respond to a dns-01 challenge"
+            " using the PowerDNS API."
+        )
+
+    @property
+    def _provider_name(self) -> str:
+        return "powerdns"
+
+    def _handle_http_error(self, e: HTTPError, domain_name: str) -> errors.PluginError:
+        hint = None
+        logger.warning("HTTPError: %s", e)
+
+        hint_disp = f" ({hint})" if hint else ""
+
+        return errors.PluginError(
+            f"Error determining zone identifier for {domain_name}: {e}.{hint_disp}"
+        )
diff --git a/certbot_dns_pdns/py.typed b/certbot_dns_pdns/py.typed