RubyGems - acmesmith-google-cloud-dns - Versions diffs - 0.1.1 → 0.2.0 - Mend

acmesmith-google-cloud-dns 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +1 -1
data/acmesmith-google-cloud-dns.gemspec +1 -1
data/lib/acmesmith-google-cloud-dns/version.rb +1 -1
data/lib/acmesmith/challenge_responders/google_cloud_dns.rb +110 -38
metadata +7 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 610078ba72b04e675580cd85ca616d4be0de3097
-  data.tar.gz: 73845b42a9a51dc1f39ce62d3c23b8a2754650fa
+  metadata.gz: c7d3669d3a965183f22b88bfaf0237dd96bdddb7
+  data.tar.gz: d792b2845d8f1f4865141e609d17e389974db7d1
 SHA512:
-  metadata.gz: b72db3c4ba993de12218c9cc185e6402c4704b93333663fd3d25b12a9f27f3c477ed5fa15d2d49babaf113046484e6d56eeacddfbfe51d2d8aa73a382584270b
-  data.tar.gz: 5ae01f49eae13b09d159e9ac940ae67a18c71d75a3daa42976f448ff595e062e1f8ffa4075cb2730cdebb601abe7b9f925539c5591e0bb68cd966a5c83839616
+  metadata.gz: b56650c70ad3329026efeccaaebe9713878806ae3096170792afc1c11ef0f9eec1f78a1c527516b4625685c04a651f31116550d5a428d5f9af220fdec22641dc
+  data.tar.gz: e13876bccf6c72ac5f6d84b7ef528ac382c1ff8be210e96da039e8cc20fe64d728e078207f3707a36442dc2f64f961101b0aeaf2fc05df007c24dcd428ab4a23

data/README.md CHANGED Viewed

@@ -22,7 +22,7 @@ Use `google-cloud-dns` challenge responder in your `acmesmith.yml`. General inst
 Write your `tenant_name`, `username`, `password` and `auth_url` in `acmesmith.yml`, or if you don't want to write them down into the file, export these values as the corresponding environment variables `OS_TENANT_NAME`, `OS_USERNAME`, `OS_PASSWORD` and `OS_AUTH_URL`.
 ```yaml
-endpoint: https://acme-v01.api.letsencrypt.org/
+directory: https://acme-v02.api.letsencrypt.org/directory
 storage:
   type: filesystem

data/acmesmith-google-cloud-dns.gemspec CHANGED Viewed

@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-  spec.add_dependency "acmesmith"
+  spec.add_dependency "acmesmith", "~> 2.0"
   spec.add_dependency "google-api-client"
   spec.add_development_dependency "bundler", "~> 1.10"

data/lib/acmesmith-google-cloud-dns/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AcmesmithGoogleCloudDns
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/acmesmith/challenge_responders/google_cloud_dns.rb CHANGED Viewed

@@ -3,6 +3,7 @@ require "acmesmith/challenge_responders/base"
 require "json"
 require "google/apis/dns_v1"
 require "resolv"
+require "set"
 module Acmesmith
   module ChallengeResponders
@@ -11,6 +12,10 @@ module Acmesmith
         type == 'dns-01'
       end
+      def cap_respond_all?
+        true
+      end
       def initialize(config)
         @config = config
         @scope = "https://www.googleapis.com/auth/ndev.clouddns.readwrite"
@@ -32,21 +37,44 @@ module Acmesmith
         @project_id = @config[:project_id]
       end
-      def respond(domain, challenge)
-        puts "=> Responding challenge dns-01 for #{domain} in #{self.class.name}"
+      def respond_all(*domain_and_challenges)
+        challenges_by_zone_names = domain_and_challenges.group_by{ |domain, challenge|
+          domain = canonicalize(domain)
+          find_managed_zone(domain).name
+        }
-        domain = canonicalize(domain)
-        zone_name = find_managed_zone(domain).name
+        challenges_by_zone_names.each do |zone_name, dcs|
+          change = change_for_challenges(zone_name, dcs)
-        puts " * create_change: #{challenge.record_type} #{[challenge.record_name, domain].join('.').inspect}, #{challenge.record_content.inspect}"
-        change = Google::Apis::DnsV1::Change.new
-        change.additions = [
-          resource_record_set(domain, challenge)
-        ]
-        resp = @api.create_change(@project_id, zone_name, change)
+          resp = @api.create_change(@project_id, zone_name, change)
+          change_id = resp.id
-        change_id = resp.id
+          wait_for_sync_by_api(zone_name, change_id)
+          wait_for_sync_by_dns(zone_name, change)
+        end
+      end
+      def cleanup_all(*domain_and_challenges)
+        challenges_by_zone_names = domain_and_challenges.group_by{ |domain, challenge|
+          domain = canonicalize(domain)
+          find_managed_zone(domain).name
+        }
+        challenges_by_zone_names.each do |zone_name, dcs|
+          change = change_for_challenges(zone_name, dcs, for_cleanup: true)
+          resp = @api.create_change(@project_id, zone_name, change)
+          change_id = resp.id
+          wait_for_sync_by_api(zone_name, change_id)
+        end
+      end
+      private
+      def wait_for_sync_by_api(zone_name, change_id)
         puts " * requested change: #{change_id}"
+        resp = @api.get_change(@project_id, zone_name, change_id)
         while resp.status != 'done'
           puts " * change #{change_id.inspect} is still #{resp.status.inspect}"
@@ -55,38 +83,40 @@ module Acmesmith
         end
         puts " * synced!"
+      end
+      def wait_for_sync_by_dns(zone_name, change)
         puts "=> Checking DNS resource record"
         nameservers =  @api.get_managed_zone(@project_id, zone_name).name_servers
         puts " * nameservers: #{nameservers.inspect}"
         nameservers.each do |ns|
           Resolv::DNS.open(:nameserver => Resolv.getaddresses(ns)) do |dns|
             dns.timeouts = 5
-            begin
-              ret = dns.getresource([challenge.record_name, domain].join('.'), Resolv::DNS::Resource::IN::TXT)
-            rescue Resolv::ResolvError => e
-              puts " * [#{ns}] failed: #{e.to_s}"
-              sleep 5
-              retry
+            change.additions.each do |rrset|
+              required_rrdatas = Set.new(rrset.rrdatas.map{|rrdata| rrdata.gsub(/(\A"|"\z)/, '') })
+              deletion = change.deletions.find{|_deletion| _deletion.name == rrset.name && _deletion.type == rrset.type }
+              if deletion
+                required_rrdatas -= Set.new(deletion.rrdatas)
+              end
+              loop do
+                resources = dns.getresources(rrset.name, Resolv::DNS::Resource::IN::TXT)
+                actual_rrdatas = resources.map(&:data)
+                if required_rrdatas.subset?(Set.new(actual_rrdatas))
+                  puts " * [#{ns} -> #{rrset.name}] success. (actual=#{actual_rrdatas.inspect})"
+                  sleep 1
+                  break
+                else
+                  puts " * [#{ns} -> #{rrset.name}] failed. (required=#{required_rrdatas.to_a.inspect}, but actual=#{actual_rrdatas.inspect})"
+                  sleep 5
+                end
+              end
             end
-            puts " * [#{ns}] success: ttl=#{ret.ttl.inspect}, data=#{ret.data.inspect}"
-            sleep 1
           end
         end
       end
-      def cleanup(domain, challenge)
-        domain = canonicalize(domain)
-        zone_name = find_managed_zone(domain).name
-        change = Google::Apis::DnsV1::Change.new
-        change.deletions = [
-          resource_record_set(domain, challenge)
-        ]
-        @api.create_change(@project_id, zone_name, change)
-      end
-      private
       def load_json_key(filepath)
         obj = JSON.parse(File.read(filepath))
         {
@@ -109,13 +139,55 @@ module Acmesmith
         managed_zone
       end
-      def resource_record_set(domain, challenge)
-        Google::Apis::DnsV1::ResourceRecordSet.new(
-          name: [challenge.record_name, domain].join("."),
-          type: challenge.record_type,
-          rrdatas: [challenge.record_content],
-          ttl: @config[:ttl] || 5
-        )
+      def change_for_challenges(zone_name, domain_and_challenges, for_cleanup: false)
+        current_rrsets = @api.fetch_all(items: :rrsets) do |token|
+          @api.list_resource_record_sets(@project_id, zone_name, page_token: token)
+        end
+        change = Google::Apis::DnsV1::Change.new
+        change.deletions = domain_and_challenges.map{ |domain, challenge|
+          domain = canonicalize(domain)
+          name = [challenge.record_name, domain].join('.')
+          type = challenge.record_type
+          current_rrsets.find{ |rrset| rrset.type == type && rrset.name == name }
+        }.uniq.compact
+        change.additions = domain_and_challenges.map{ |domain, challenge|
+          domain = canonicalize(domain)
+          name = [challenge.record_name, domain].join('.')
+          type = challenge.record_type
+          data = "\"#{challenge.record_content}\""
+          {
+            name: name,
+            type: type,
+            rrdatas: [data],
+          }
+        }.group_by{ |rrset_param|
+          [ rrset_param[:name], rrset_param[:type] ]
+        }.map{ |(name, type), rrset_params|
+          current_rrset = current_rrsets.find{ |rrset| rrset.type == type && rrset.name == name }
+          new_rrset = Google::Apis::DnsV1::ResourceRecordSet.new(
+            name: name,
+            type: type,
+            rrdatas: current_rrset ? current_rrset.rrdatas : [],
+            ttl: @config[:ttl] || 5,
+          )
+          if for_cleanup
+            new_rrset.rrdatas -= rrset_params.map{|rrset| rrset[:rrdatas] }.flatten
+          else
+            new_rrset.rrdatas += rrset_params.map{|rrset| rrset[:rrdatas] }.flatten
+          end
+          new_rrset
+        }.select{ |rrset|
+          rrset.rrdatas != []
+        }
+        change
       end
     end
   end

metadata CHANGED Viewed

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: acmesmith-google-cloud-dns
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Chikanaga Tomoyuki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-03-20 00:00:00.000000000 Z
+date: 2018-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acmesmith
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: google-api-client
   requirement: !ruby/object:Gem::Requirement
@@ -119,7 +119,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 2.6.14.1
 signing_key:
 specification_version: 4
 summary: acmesmith plugin implementing dns-01 using Google Cloud DNS