-
Notifications
You must be signed in to change notification settings - Fork 57
/
dns_aliyun.py
68 lines (53 loc) · 2.32 KB
/
dns_aliyun.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
"""DNS Authenticator for Aliyun DNS."""
import logging
import zope.interface
from certbot import errors
from certbot import interfaces
from certbot.plugins import dns_common
from certbot.plugins import dns_common_lexicon
try:
# Python 3.x
from .alidns import AliDNSClient
except:
# Python 2.x
from alidns import AliDNSClient
logger = logging.getLogger(__name__)
@zope.interface.implementer(interfaces.IAuthenticator)
@zope.interface.provider(interfaces.IPluginFactory)
class Authenticator(dns_common.DNSAuthenticator):
"""DNS Authenticator for Aliyun DNS
This Authenticator uses the Aliyun DNS API to fulfill a dns-01 challenge.
"""
description = 'Obtain certificates using a DNS TXT record (if you are using Aliyun DNS).'
ttl = 600
_alidns_client = None
def __init__(self, *args, **kwargs):
super(Authenticator, self).__init__(*args, **kwargs)
self.credentials = None
@classmethod
def add_parser_arguments(cls, add): # pylint: disable=arguments-differ
super(Authenticator, cls).add_parser_arguments(add, default_propagation_seconds=30)
add('credentials', help='Aliyun DNS credentials INI file.')
def more_info(self): # pylint: disable=missing-docstring,no-self-use
return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \
'the Aliyun DNS API.'
def _setup_credentials(self):
self.credentials = self._configure_credentials(
'credentials',
'Aliyun DNS credentials INI file',
{
'access-key': 'AccessKey for Aliyun DNS, obtained from Aliyun RAM',
'access-key-secret': 'AccessKeySecret for Aliyun DNS, obtained from Aliyun RAM'
}
)
def _perform(self, domain, validation_name, validation):
self._get_alidns_client().add_txt_record(domain, validation_name, validation)
def _cleanup(self, domain, validation_name, validation):
self._get_alidns_client().del_txt_record(domain, validation_name, validation)
def _get_alidns_client(self):
if not self._alidns_client:
self._alidns_client = AliDNSClient(
self.credentials.conf('access-key'),
self.credentials.conf('access-key-secret'),
self.ttl)
return self._alidns_client