forked from silkeh/pdns_api.sh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pdns_api.sh
executable file
·321 lines (267 loc) · 7.09 KB
/
pdns_api.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
#!/usr/bin/env bash
# Copyright 2016 - Silke Hofstra
#
# Licensed under the EUPL, Version 1.1 or -- as soon they will be approved by
# the European Commission -- subsequent versions of the EUPL (the "Licence");
# You may not use this work except in compliance with the Licence.
# You may obtain a copy of the Licence at:
#
# https://joinup.ec.europa.eu/software/page/eupl
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the Licence is distributed on an "AS IS" basis,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied.
# See the Licence for the specific language governing
# permissions and limitations under the Licence.
#
set -e
set -u
set -o pipefail
# Local directory
DIR="$(dirname "$0")"
# Show an error/warning
error() { echo "Error: $@" >&2; }
warn() { echo "Warning: $@" >&2; }
fatalerror() { error "$@"; exit 1; }
# Debug message
debug() { [[ -z "${DEBUG:-}" ]] || echo "$@"; }
# Join an array with a character
join() { local IFS="$1"; shift; echo "$*"; }
# Reverse a string
rev() {
local str rev
str="$(cat)"
rev=""
for (( i=${#str}-1; i>=0; i-- )); do rev="${rev}${str:$i:1}"; done
echo "${rev}"
}
# Different sed version for different os types...
# From letsencrypt.sh
_sed() {
if [[ "${OSTYPE}" = "Linux" ]]; then
sed -r "${@}"
else
sed -E "${@}"
fi
}
# Get string value from json dictionary
# From letsencrypt.sh
get_json_string_value() {
local filter
filter="$(printf 's/.*"%s": *"([^"]*)".*/\\1/p' "$1")"
_sed -n "${filter}"
}
# Get integer value from json dictionary
get_json_int_value() {
local filter
filter="$(printf 's/.*"%s": *([^,}]*),*.*/\\1/p' "$1")"
_sed -n "${filter}"
}
# Load the configuration and set default values
load_config() {
# Check for config in various locations
# From letsencrypt.sh
if [[ -z "${CONFIG:-}" ]]; then
for check_config in "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${DIR}"; do
if [[ -f "${check_config}/config" ]]; then
CONFIG="${check_config}/config"
break
fi
done
fi
# Default values
PORT=8081
# Check if config was set
if [[ -z "${CONFIG:-}" ]]; then
# Warn about missing config
warn "No config file found, using default config!"
elif [[ -f "${CONFIG}" ]]; then
# Load configuration
. "${CONFIG}"
fi
# Check required settings
[[ -n "${HOST:-}" ]] || fatalerror "HOST setting is required."
[[ -n "${KEY:-}" ]] || fatalerror "KEY setting is required."
}
# Load the zones from file
load_zones() {
# Check for zones.txt in various locations
if [[ -z "${ZONES_TXT:-}" ]]; then
for check_zones in "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${DIR}"; do
if [[ -f "${check_zones}/zones.txt" ]]; then
ZONES_TXT="${check_zones}/zones.txt"
break
fi
done
fi
# Load zones
all_zones=""
if [[ -n "${ZONES_TXT:-}" ]] && [[ -f "${ZONES_TXT}" ]]; then
all_zones="$(cat "${ZONES_TXT}")"
fi
}
# API request
request() {
# Request parameters
local method url data
method="$1"
url="$2"
data="$3"
# Do the request
res="$(curl -sS --request "${method}" --header "${headers}" --data "${data}" "${url}")"
# Debug output
debug "Method: ${method}"
debug "URL: ${url}"
debug "Data: ${data}"
debug "Response: ${res}"
# Abort on failed request
if [[ "${res}" = *"error"* ]] || [[ "${res}" = "Not Found" ]]; then
error "API error: ${res}"
exit 1
fi
}
# Setup of connection settings
setup() {
# Header with the api key
headers="X-API-Key: ${KEY}"
# Default port
if [[ -z "${PORT:-}" ]]; then
PORT=8081
fi
# Add the host and port to the url
url="http://${HOST}:${PORT}"
# Detect the version
if [[ -z "${VERSION:-}" ]]; then
request "GET" "${url}/api" ""
VERSION="$(<<< "${res}" get_json_int_value version)"
fi
# Fallback to version 0
if [[ -z "${VERSION}" ]]; then
VERSION=0
fi
# Some version incompatibilities
if [[ "${VERSION}" -ge 1 ]]; then
url="${url}/api/v${VERSION}"
fi
# Detect the server
if [[ -z "${SERVER:-}" ]]; then
request "GET" "${url}/servers" ""
SERVER="$(<<< "${res}" get_json_string_value id)"
fi
# Fallback to localhost
if [[ -z "${SERVER}" ]]; then
SERVER="localhost"
fi
# Zone endpoint on the API
url="${url}/servers/${SERVER}/zones"
# Get a zone list from the API is none was set
if [[ -z "${all_zones}" ]]; then
request "GET" "${url}" ""
all_zones="$(<<< "${res//, /$',\n'}" get_json_string_value name)"
fi
# Strip trailing dots from zones
all_zones="${all_zones//$'.\n'/ }"
all_zones="${all_zones%.}"
# Sort zones to list most specific first
all_zones="$(<<< "${all_zones}" rev | sort | rev)"
}
setup_domain() {
# Domain and token from arguments
domain="$1"
token="$2"
zone=""
# Record name
name="_acme-challenge.${domain}"
# Read name parts into array
IFS='.' read -a name_array <<< "${name}"
# Find zone name, cut off subdomains until match
for check_zone in ${all_zones}; do
for (( j=${#name_array[@]}-1; j>=0; j-- )); do
if [[ "${check_zone}" = "$(join . ${name_array[@]:j})" ]]; then
zone="${check_zone}"
break 2
fi
done
done
# Fallback to creating zone from arguments
if [[ -z "${zone}" ]]; then
zone="${name_array[*]: -2:1}.${name_array[*]: -1:1}"
warn "zone not found, using '${zone}'"
fi
# Some version incompatibilities
if [[ "${VERSION}" -ge 1 ]]; then
name="${name}."
zone="${zone}."
extra_data=""
else
extra_data=",\"name\": \"${name}\", \"type\": \"TXT\", \"ttl\": 1"
fi
}
deploy() {
# Create the JSON string
data='{
"rrsets": [{
"name": "'${name}'",
"type": "TXT",
"ttl": 1,
"records": [{
"content": "\"'${token}'\"",
"disabled": false,
"set-ptr": false
'"${extra_data}"'
}],
"changetype": "REPLACE"
}]
}'
# Do the request
request "PATCH" "${url}/${zone}" "${data}"
}
clean() {
# Create the JSON string
data='{"rrsets":[{"name":"'${name}'","type":"TXT","changetype":"DELETE"}]}'
# Do the request
request PATCH "${url}/${zone}" "${data}"
}
main() {
# Main setup
load_config
load_zones
setup
# Set hook
hook="$1"
# Deployment of a certificate
if [[ "${hook}" = "deploy_cert" ]]; then
exit 0
fi
# Unchanged certificate
if [[ "${hook}" = "unchanged_cert" ]]; then
exit 0
fi
# Loop through arguments per 3
for ((i=2; i<=$#; i=i+3)); do
# Setup for this domain
t=$(($i + 2))
setup_domain "${!i}" "${!t}"
# Debug output
debug "Hook: ${hook}"
debug "Name: ${name}"
debug "Token: ${token}"
debug "Zone: ${zone}"
# Deploy a token
if [[ "${hook}" = "deploy_challenge" ]]; then
deploy
fi
# Remove a token
if [[ "${hook}" = "clean_challenge" ]]; then
clean
fi
# Other actions are not implemented but will not cause an error
done
# Wait the requested amount of seconds when deployed
if [[ "${hook}" = "deploy_challenge" ]] && [[ -n "${WAIT:-}" ]]; then
debug "Waiting for ${WAIT} seconds"
sleep "${WAIT}"
fi
}
main "$@"