RubyGems - ovh_dnsup - Versions diffs - 0.1.0 - Mend

ovh_dnsup 0.1.0

Files changed (15) hide show

checksums.yaml +7 -0
data/.gitignore +12 -0
data/Gemfile +2 -0
data/LICENSE +202 -0
data/README.md +127 -0
data/bin/console +14 -0
data/bin/setup +8 -0
data/exe/ovh_dnsup +4 -0
data/lib/ovh_dnsup.rb +22 -0
data/lib/ovh_dnsup/cli.rb +378 -0
data/lib/ovh_dnsup/domain_manager.rb +199 -0
data/lib/ovh_dnsup/ovh_api.rb +170 -0
data/lib/ovh_dnsup/version.rb +17 -0
data/ovh_dnsup.gemspec +24 -0
metadata +78 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e1ac8b726a44dd4004ac71fc04ce7933329500d8b506647cb8c6d51758853b08
+  data.tar.gz: 4957373f5151ad11041ccc39e9308d1c699e0e04cc76fb92e36f25fce28ba086
+SHA512:
+  metadata.gz: 0a70d7dcbb1aed2ae47e6300e525851a5d30402e8d0bbef24ef6dbecf7c03296bb8c232e1dd8e30db45df044be1d1367a85da1eb80f448ea8ea64df7cccfc8d2
+  data.tar.gz: 00b6ec721be8a9e0319e605fb8d6be7c10fa778231cc36705eef6f636d55279b943ae660e52386f1ad7b511ad6c324c400b581b8c221735bc31965860ab9baf0

data/.gitignore ADDED

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/vendor
+# Vim Swap
+*.swp

data/Gemfile ADDED

	@@ -0,0 +1,2 @@
1	+ source "https://rubygems.org"
2	+ gemspec

data/LICENSE ADDED

@@ -0,0 +1,202 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+   1. Definitions.
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+   END OF TERMS AND CONDITIONS
+   APPENDIX: How to apply the Apache License to your work.
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+   Copyright [yyyy] [name of copyright owner]
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md ADDED

@@ -0,0 +1,127 @@
+# OvhDnsup - Dynamic DNS for IPv6
+This software enables you to safely update DNS zone entries hosted by OVH. As of January 2021, OVH does not allow dynamic DNS (DynDNS) updates for IPv6 addresses when using their DynHost protocol. This software provides a work-around for this limitation by using the OVH API to perform this task. Security is ensured by generating a DNS-entry-specific access token, which can only be used to update the corresponding entry. Hence, if this token is stolen the possible damage is limited.
+This client also supports IPv4, however, in this case you probably want to use OVH's DynHost feature.
+## Installation
+Either clone or download this repository and execute (after installing [Bundler](https://bundler.io/)):
+    $ bundle install
+Or install it yourself by running:
+    $ gem install ovh_dnsup
+You might want to add the `--user-install` flag to install into your home directory.
+## Quick Start
+This section describes how to setup OvhDnsup to dynamically update a domain. We shall use `dynamic.example.com` as an example. You have to replace the domain `example.com` and the hostname `dynamic` according to your needs.
+First, you need to register the application with the OVH API. Enter
+    $ ovh_dnsup register
+(without the dollar sign) into a console, which will start the registration process. Follow the instructions on the screen.
+Next, you need to login:
+    $ ovh_dnsup login
+Again, follow the instructions. This login will request access to a few API functions, which are needed for the management of the dynamic hosts. We can, however, later drop these privileges to ensure security.
+Now, you have to request the an authorization token for the domain update. Note, *the A and/or AAAA record need to be created first in the OVH customer center!*  When the subdomain is created, execute:
+    $ ovh_dnsup authorize example.com dynamic dynamic_example_com.token
+After following the instructions on the screen, you have created a file `dynamic_example_com.token` which contains the authorization information to update the hostname. The file is restricted to updating only the hostname you have authorized. Note, you can inspect and manage all authorizations using the `ovh_dnsup sessions` command. Furthermore, make sure to grant access for the time period that you want to perform updates in.
+Updating the IP address can be done essentially in two ways. You can set the IP address manually by executing:
+    $ ovh_dnsup update --ip 2001:db8::abcd dynamic_example_com.token
+You can also use an interface name to update the IP address:
+    $ ovh_dnsup update --if eth0 --daemon dynamic_example_com.token
+The `--daemon` option instructs OvhDnsup to periodically check if the IP of the interface has changed and in this case to update the hostname.
+When you have convinced yourself that your setup is working, you can run the command
+    $ ovh_dnsup logout
+to log out from the management interface. From now on, only DNS updates are possible using the corresponding token files. (You can, of course, re-login at any time.)
+## Usage
+In general, you use OvhDnsup by executing:
+    $ ovh_dnsup command [arguments...]
+The following commands are possible
+| Command    | Description |
+| :---       | :--- |
+| register   | Register application with the API. |
+| unregister | Unregister (the) application(s). |
+| login      | Login to manage the DNS updaters. |
+| logout     | Logout. |
+| list       | List a DNS zone. |
+| authorize  | Authorize a DNS updater. |
+| update     | Perform DNS updates. |
+| sessions   | List all authorized updaters. |
+| interfaces | List the local network interfaces. |
+For more information on the individual commands run:
+    $ ovh_dnsup command --help
+## Running as a Service
+### Linux with Systemd
+The following commands need to be executed as root. First, create a service user.
+    useradd --system ovh_dnsup
+Then, save the token file as `/etc/ovh_dnsup.token` and execute
+    $ chown ovh_dnsup /etc/ovh_dnsup.token
+    $ chmod 700 /etc/ovh_dnsup.token
+to set the right permissions. Afterwards, create a service file:
+	$ cat > /etc/systemd/system/ovh_dnsup.service << EOF
+    [Unit]
+    Description=Update OVH DNS
+    [Service]
+    User=ovh_dnsup
+    Group=nogroup
+    ExecStart=sh -c '/usr/local/bin/ovh_dnsup update \$(cat /etc/ovh_dnsup.conf) --daemon /etc/ovh_dnsup.token'
+    [Install]
+    WantedBy=multi-user.target
+    EOF
+Set you configuration by executing
+    $ echo "--if=eth0" > /etc/ovh_dnsup.conf
+where you replace the `eth0` by the interface of your choice.
+You can now start and enable the service by
+    systemctl start ovh_dnsup.service
+    systemctl enable ovh_dnsup.service
+## Development
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/hrittich/ovh_dnsup.

data/bin/console ADDED

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "ovh_dnsup"
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require "irb"
+IRB.start(__FILE__)

data/bin/setup ADDED

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+bundle install
+# Do any other automated setup that you need to do here

data/exe/ovh_dnsup ADDED

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require 'ovh_dnsup'
+OvhDnsup::Cli.run()

data/lib/ovh_dnsup.rb ADDED

@@ -0,0 +1,22 @@
+# Copyright 2021 Hannah Rittich
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require_relative 'ovh_dnsup/version'
+require_relative 'ovh_dnsup/domain_manager'
+require_relative 'ovh_dnsup/cli'
+module OvhDnsup
+  class Error < StandardError; end
+end

data/lib/ovh_dnsup/cli.rb ADDED

@@ -0,0 +1,378 @@
+# Copyright 2021 Hannah Rittich
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require 'optparse'
+require 'socket'
+require_relative 'domain_manager'
+module OvhDnsup
+  module Cli
+    def self.run
+      @conf_fn = File.join(Dir.home, '.ovh_dnsup.conf')
+      command = ARGV.shift
+      if %w{register unregister login logout list authorize update interfaces sessions}.include? command
+        self.send command.to_sym()
+      else
+        usage
+        puts "Invalid command #{command}"
+      end
+    end
+    def self.usage
+      puts <<~EOS
+      Usage: ovh_dnsup command [arguments...]
+      OVH DNS updater
+      Commands:
+        register      Register application with the API.
+        unregister    Unregister (the) application(s).
+        login         Login to manage the DNS updaters.
+        logout        Logout.
+        list          List a DNS zone.
+        authorize     Authorize a DNS updater.
+        update        Perform DNS updates.
+        sessions      List all authorized updaters.
+        interfaces    List the local network interfaces.
+      EOS
+    end
+    def self.load_config
+      begin
+        conf = File.open(@conf_fn, 'r') { |fp| JSON.parse(fp.read) }
+      rescue
+        puts "Could not load configuration"
+        conf = {}
+      end
+      @api = DomainManager.new(state: conf)
+    end
+    def self.save_config
+      File.open(@conf_fn, 'w') { |fp| fp.write(@api.state.to_json) }
+    end
+    def self.register
+      parser = OptionParser.new do |opts|
+        opts.banner = 'Usage: ovh_dnsup register [options]'
+      end
+      parser.parse!
+      if ARGV.length != 0
+        puts 'Invalid number of arguments'
+        puts parser
+        return
+      end
+      print "Endpoint (#{OvhApi.endpoints.join(', ')}): "
+      endpoint = gets.strip
+      if !OvhApi.endpoint_url(endpoint)
+        puts 'Invalid endpoint'
+        return
+      end
+      puts <<~EOS
+      Please visit
+         #{OvhApi.endpoint_url(endpoint)}createApp/
+      and create an application. Afterwards, come back and answer the
+      questions below.
+      EOS
+      print 'Application key: '
+      application_key = gets().strip
+      print 'Application secret: '
+      application_secret = gets().strip
+      @api = DomainManager.new(endpoint: endpoint,
+                               application_key: application_key,
+                               application_secret: application_secret)
+      save_config
+    end
+    def self.unregister
+      load_config
+      params = {}
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: ovh_dnsup unregister [-a|--all]"
+        opts.on('-a', '--all', 'Unregister all applications.')
+      end
+      parser.parse!(into: params)
+      if ARGV.length != 0
+        puts 'Invalid number of arguments'
+        puts parser
+        return
+      end
+      puts 'All sessions of unregistered applications become invalid. To continue, please type "YES"'
+      if gets.strip != 'YES'
+        puts 'Abort'
+        return
+      end
+      @api.unregister(all: params[:all])
+      if params[:all]
+        puts "All applications have been unregistered"
+      else
+        puts "This application has been unregistered"
+      end
+    end
+    def self.login
+      parser = OptionParser.new do |opts|
+        opts.banner = 'Usage: ovh_dnsup login'
+      end
+      parser.parse!
+      if ARGV.length != 0
+        puts 'Invalid number of arguments'
+        puts parser
+        return
+      end
+      load_config
+      @api.login
+      save_config
+    end
+    def self.logout
+      parser = OptionParser.new do |opts|
+        opts.banner = 'Usage: ovh_dnsup logout'
+      end
+      parser.parse!
+      if ARGV.length != 0
+        puts 'Invalid number of arguments'
+        puts parser
+        return
+      end
+      load_config
+      @api.logout
+    end
+    def self.list
+      parser = OptionParser.new do |opts|
+        opts.banner = 'Usage: ovh_dnsup list domain'
+      end
+      parser.parse!
+      if ARGV.length != 1
+        puts 'Invalid number of arguments'
+        puts parser
+        return
+      end
+      load_config
+      @api.list_zone ARGV[0]
+    end
+    def self.authorize
+      parser = OptionParser.new do |opts|
+        opts.banner = 'Usage: ovh_dnsup authorize domain subdomain token_file'
+      end
+      parser.parse!
+      if ARGV.length != 3
+        puts 'Invalid number of arguments'
+        puts parser
+        return
+      end
+      domain, subdomain, token_file = ARGV
+      load_config
+      map = @api.subdomain_type_map(domain, subdomain)
+      if map.empty?
+        puts "Subdomain has no A or AAAA record."
+        return
+      end
+      up = DomainUpdater.new(endpoint: @api.endpoint,
+                             application_key: @api.application_key,
+                             application_secret: @api.application_secret)
+      up.login(domain: domain, subdomain: subdomain, type_map: map)
+      File.open(token_file, 'w') do |of|
+        of.write(up.state.to_json)
+      end
+    end
+    def self.update
+      banner = "Usage: ovh_dnsup update [options] token_file"
+      params = {}
+      parser = OptionParser.new do |opts|
+        opts.banner = banner
+        opts.on("--ipv6", "Force IPv6")
+        opts.on("--ipv4", "Force IPv4")
+        opts.on("--ip IP", "The IP address to set")
+        opts.on("--if INTERFACE", "The interface")
+        opts.on("-d", "--daemon", "Run continuously")
+        opts.on("-v", "--verbose", "Run verbosely")
+        opts.on("--delay SECONDS", "Time in seconds between checks")
+      end
+      parser.parse!(into: params)
+      if ARGV.length != 1
+        puts "Invalid number of arguments"
+        puts parser
+        return
+      end
+      token_file, = ARGV
+      delay = params[:delay] ? params[:delay] : 60
+      if params[:ipv6]
+        version = 6
+      elsif params[:ipv4]
+        version = 4
+      end
+      if !params[:ip] && !params[:if]
+        puts "Either provide IP address of interface name"
+        return
+      end
+      if params[:ip] && params[:if]
+        puts "You cannot provide IP and interface!"
+        return
+      end
+      if params[:daemon] && !params[:if]
+        puts "Daemon mode requires an interface to be given"
+        return
+      end
+      state = File.open(token_file, 'r') { |fp| JSON.parse(fp.read) }
+      @up = DomainUpdater.new(state: state)
+      ip = nil
+      running = true
+      while running
+        begin
+          if params[:ip]
+            new_ip = params[:ip]
+          else
+            new_ip = get_interface_address(interface: params[:if], version: version)
+          end
+          if new_ip != ip
+            puts "Setting new IP #{new_ip}" if params[:verbose]
+            @up.update new_ip
+            ip = new_ip
+            if !params[:daemon]
+              running = false
+            end
+          else
+            puts "IP not changed" if params[:verbose]
+          end
+        rescue Interrupt
+          puts "Interrupted" if params[:verbose]
+          running = false
+        rescue Exception => e
+          puts "WARNING: #{e.to_s}"
+        end
+        begin
+          sleep delay if running
+        rescue Interrupt
+          running = false
+        end
+      end
+    end
+    def self.sessions
+      load_config
+      params = {}
+      parser = OptionParser.new do |opts|
+        opts.banner = 'Usage: ovh_dnsup sessions'
+        opts.on('-a', '--all', 'List all sessions')
+        opts.on('-d', '--delete ID', 'Delete session')
+        opts.on('--delete-all', 'Delte all sessions')
+      end
+      parser.parse!(into: params)
+      if ARGV.length != 0
+        puts 'Invalid number of arguments'
+        puts parser
+        return
+      end
+      if params[:delete]
+        @api.delete_session(params[:delete].to_i)
+      elsif params["delete-all".to_sym]
+        @api.delete_all_sessions()
+      else
+        @api.list_sessions(all: params[:all])
+      end
+    end
+    # version: the IP version
+    def self.get_interface_address(interface:, version: nil)
+      ipv4 = []
+      ipv6 = []
+      Socket.getifaddrs.each do |ifaddr|
+        if ifaddr.name == interface
+          if ifaddr.addr.ipv4?
+            ipv4.push(ifaddr.addr.ip_address)
+          end
+          if ifaddr.addr.ipv6?
+            ipv6.push(ifaddr.addr.ip_address)
+          end
+        end
+      end
+      # filter local addresses
+      ipv6.select { |addr| !/^fe80/ =~ addr }
+      if !ipv6.empty? && (version == nil || version == 6)
+        return ipv6[0]
+      elsif !ipv4.empty? && (version == nil || version == 4)
+        return ipv4[0]
+      else
+        raise 'No suitable address found.'
+      end
+    end
+    def self.interfaces
+      parser = OptionParser.new do |opts|
+        opts.banner = 'Usage: ovh_dnsup interfaces'
+      end
+      parser.parse!
+      if ARGV.length != 0
+        puts 'Invalid number of arguments'
+        puts parser
+        return
+      end
+      interfaces = Hash.new { |h, k| h[k] = [] }
+      Socket.getifaddrs.each do |a|
+        if a.addr.ip?
+          interfaces[a.name].push(a.addr)
+        end
+      end
+      interfaces.each do |k,v|
+        puts k
+        v.each { |i| puts "  #{i.ip_address}" }
+      end
+    end
+  end
+end

data/lib/ovh_dnsup/domain_manager.rb ADDED

@@ -0,0 +1,199 @@
+# Copyright 2021 Hannah Rittich
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require_relative 'ovh_api'
+module OvhDnsup
+  class DomainManager
+    def initialize(args)
+      @api = OvhApi.new(args)
+    end
+    def endpoint; @api.endpoint; end
+    def application_key; @api.application_key; end
+    def application_secret; @api.application_secret; end
+    def state
+      @api.state
+    end
+    def state= h
+      @api.state = h
+    end
+    def register
+      @api.register
+    end
+    def unregister(all: false)
+      response = @api.get('auth/currentCredential')
+      app_id = response['applicationId']
+      # unregister all applications other
+      if all
+        other_apps = @api.get('me/api/application').select {|id| id != app_id }
+        other_apps.each do |id|
+          @api.delete("me/api/application/#{id}")
+        end
+      end
+      @api.delete("me/api/application/#{app_id}")
+    end
+    def login
+      @api.login [{:method => 'GET', :path => '/domain/zone/*'},
+                  {:method => 'GET', :path => '/me/api/application'},
+                  {:method => 'DELETE', :path => '/me/api/application/*'},
+                  {:method => 'GET', :path => '/me/api/credential'},
+                  {:method => 'GET', :path => '/me/api/credential/*'},
+                  {:method => 'DELETE', :path => '/me/api/credential/*'}]
+    end
+    def logout
+      @api.post('auth/logout')
+    end
+    def list_zone(domain)
+      ids = @api.get("domain/zone/#{domain}/record")
+      ids.each do |id|
+        record = @api.get("domain/zone/#{domain}/record/#{id}")
+        if !record['subDomain'].empty?
+          full_domain = "#{record['subDomain']}.#{domain}"
+        else
+          full_domain = domain
+        end
+        puts "#{record['fieldType']} #{full_domain} => #{record['target']}"
+      end
+    end
+    def subdomain_type_map(domain, sub)
+      # get IDs of all entries of this subdomain
+      ids = @api.get("domain/zone/#{domain}/record", subDomain: sub)
+      type_map = {}
+      ids.each do |id|
+        record = @api.get("domain/zone/#{domain}/record/#{id}")
+        field_type = record['fieldType']
+        if ['A', 'AAAA'].include? field_type
+          type_map[field_type] = id
+        end
+      end
+      type_map
+    end
+    def list_sessions(all: false)
+      params = nil
+      if !all
+        app_id = @api.get('auth/currentCredential')['applicationId']
+        params = {'applicationId' => app_id}
+      end
+      cred_ids = @api.get('me/api/credential', params)
+      cred_ids.each do |id|
+        info = @api.get("me/api/credential/#{id}")
+        next if info['status'] == 'expired' && !all
+        app_info = @api.get("me/api/credential/#{id}/application") if all
+        puts "id: #{id}"
+        puts "  app: #{app_info['name']} (#{app_info['description']})" if all
+        puts "  status: #{info['status']}" if all
+        puts "  creation: #{info['creation']}  expiration: #{info['expiration']}"
+        info['rules'].each do |rule|
+          if /^\/domain\/zone\/(?<zone>[^\/]+)\/record\/(?<eid>[^\/]+)$/ =~ rule['path'] then
+            begin
+              entry = @api.get("domain/zone/#{zone}/record/#{eid}")
+              puts "  zone: #{zone}  subdomain: #{entry['subDomain']}"
+            rescue OvhException
+            end
+          end
+          if rule['path'] == '/domain/zone/*'
+            puts "  domain management"
+          end
+        end # info['rules'].each
+      end # cred_ids.each
+    end
+    def delete_session(id)
+      @api.delete("me/api/credential/#{id}")
+    end
+    def delete_all_sessions()
+      cred_id = @api.get('auth/currentCredential')['credentialId']
+      other_ids = @api.get('me/api/credential').select {|id| id != cred_id}
+      other_ids.each &method(:delete_session)
+      delete_session(cred_id)
+    end
+  end
+  class DomainUpdater
+    def initialize(endpoint: nil, application_key: nil, application_secret: nil, state: nil)
+      if state
+        self.state = state
+      else
+        @api = OvhApi.new(endpoint: endpoint,
+                          application_key: application_key,
+                          application_secret: application_secret)
+      end
+    end
+    def state
+      { 'api_state' => @api.state,
+        'domain' => @domain,
+        'subdomain' => @subdomain,
+        'type_map' => @type_map }
+    end
+    def state= h
+      @api = OvhApi.new(state: h['api_state'])
+      @domain = h['domain']
+      @subdomain = h['subdomain']
+      @type_map = h['type_map']
+    end
+    def login(domain:, subdomain:, type_map:)
+      @domain = domain
+      @subdomain = subdomain
+      @type_map = type_map
+      access_rules = type_map.map() {
+        |type, id| { method: 'PUT', path: "/domain/zone/#{domain}/record/#{id}" }
+      }
+      access_rules.push({method: 'POST', path: "/domain/zone/#{@domain}/refresh"})
+      @api.login(access_rules)
+    end
+    def update(new_ip)
+      type = (/:/ =~ new_ip) ? 'AAAA' : 'A'
+      id = @type_map[type]
+      if !id then raise "Subdomain has no #{type} record" end
+      obj = {'ttl' => 300,
+             'target' => new_ip }
+      @api.put("domain/zone/#{@domain}/record/#{id}", obj)
+      @api.post("domain/zone/#{@domain}/refresh")
+    end
+  end
+end

data/lib/ovh_dnsup/ovh_api.rb ADDED

@@ -0,0 +1,170 @@
+# Copyright 2021 Hannah Rittich
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require 'json'
+require 'digest'
+require 'faraday'
+module OvhDnsup
+  class OvhException < Exception; end
+  ENDPOINTS = {
+    'ovh-eu' => 'https://eu.api.ovh.com/',
+    'ovh-us' => 'https://api.us.ovhcloud.com/',
+    'ovh-ca' => 'https://ca.api.ovh.com/',
+    'kimsufi-eu' => 'https://eu.api.kimsufi.com/',
+    'kimsufi-ca' => 'https://ca.api.kimsufi.com/',
+    'soyoustart-eu' => 'https://eu.api.soyoustart.com/',
+    'soyoustart-ca' => 'https://ca.api.soyoustart.com/',
+  }
+  class OvhApi
+    attr_reader :endpoint, :application_key, :application_secret, :consumer_key
+    def self.endpoints
+      ENDPOINTS.map { |k,v| k }
+    end
+    def self.endpoint_url(endpoint)
+      ENDPOINTS[endpoint]
+    end
+    def initialize(endpoint: nil, application_key: nil, application_secret: nil, state: nil)
+      if state
+        self.state = state
+        raise 'Invalid arguments' if application_key || application_secret || endpoint
+      else
+        @endpoint = endpoint
+        @application_key = application_key
+        @application_secret = application_secret
+        @consumer_key = nil
+        @base_url = ENDPOINTS[@endpoint] + '1.0/'
+        @conn = Faraday.new @base_url
+      end
+    end
+    def state
+      { 'endpoint' => @endpoint,
+        'application_key' => @application_key,
+        'application_secret' => @application_secret,
+        'consumer_key' => @consumer_key }
+    end
+    def state= h
+      @endpoint = h['endpoint']
+      @application_key = h['application_key']
+      @application_secret = h['application_secret']
+      @consumer_key = h['consumer_key']
+      @base_url = ENDPOINTS[@endpoint] + '1.0/'
+      @conn = Faraday.new @base_url
+    end
+    def login(access_rules, verbose=true)
+      register unless @application_key && @application_secret
+      body = { :accessRules => access_rules }.to_json
+      headers = { 'Content-type' => 'application/json',
+                  'X-Ovh-Application' => @application_key }
+      response = @conn.post('auth/credential', body, headers)
+      response = process(response)
+      validation_url = response['validationUrl']
+      @consumer_key = response['consumerKey']
+      if verbose
+        puts <<~EOS
+        To complete the authentication process please open
+          #{validation_url}
+        and login with your credentials.
+        EOS
+      end
+      return validation_url
+    end
+    def sign(method, url, body, tstamp)
+      if !@application_key || !@application_secret
+        raise OvhException.new('Application key and/or secret missing.')
+      end
+      if !@consumer_key
+        raise OvhException.new('Not logged in')
+      end
+      "$1$" + Digest::SHA1.hexdigest(
+                  @application_secret + "+" +
+                  @consumer_key + "+" +
+                  method + "+" +
+                  url + "+" +
+                  body + "+" +
+                  tstamp.to_s)
+    end
+    def auth_header(method, path, params = nil, body = '')
+      raise 'Only relative paths are allowed' if path.start_with?('/')
+      url = @base_url + path
+      if params
+        url += '?' + Faraday::FlatParamsEncoder.encode(params)
+      end
+      tstamp = Time.now.to_i
+      {
+        'Content-type' => 'application/json',
+        'X-Ovh-Application' => @application_key,
+        'X-Ovh-Timestamp' => tstamp.to_s,
+        'X-Ovh-Signature' => sign(method, url, body, tstamp),
+        'X-Ovh-Consumer' => @consumer_key
+      }
+    end
+    def get(path, params = nil)
+      response = @conn.get(path, params, auth_header('GET', path, params))
+      return process(response)
+    end
+    def post(path, body='')
+      response = @conn.post(path, body, auth_header('POST', path, nil, body))
+      return process(response)
+    end
+    def put(path, obj)
+      body = obj.to_json
+      response = @conn.put(path, body, auth_header('PUT', path, nil, body))
+      return process(response)
+    end
+    def delete(path, params=nil)
+      response = @conn.delete(path, params, auth_header('DELETE', path))
+      return process(response)
+    end
+    private
+    def process(response)
+      if !response.success?
+        begin
+          msg = JSON.parse(response.body)['message']
+        rescue
+          msg = "#{response.status}: #{response.body}"
+        end
+        raise OvhException.new(msg)
+      else
+        return JSON.parse(response.body)
+      end
+    end
+  end
+end

data/lib/ovh_dnsup/version.rb ADDED

@@ -0,0 +1,17 @@
+# Copyright 2021 Hannah Rittich
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+module OvhDnsup
+  VERSION = "0.1.0"
+end

data/ovh_dnsup.gemspec ADDED

@@ -0,0 +1,24 @@
+require_relative 'lib/ovh_dnsup/version'
+Gem::Specification.new do |spec|
+  spec.name          = "ovh_dnsup"
+  spec.version       = OvhDnsup::VERSION
+  spec.authors       = ["Hannah Rittich"]
+  spec.email         = ["hrittich@users.noreply.github.com"]
+  spec.license       = 'Apache-2.0'
+  spec.summary       = %q{Securely updates DNS records in a zone hosted by OVH.}
+  spec.homepage      = "https://github.com/hrittich/ovh_dnsup"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_runtime_dependency 'faraday', '~> 1.3.0', '>= 1.3.0'
+end

metadata ADDED

@@ -0,0 +1,78 @@
+--- !ruby/object:Gem::Specification
+name: ovh_dnsup
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Hannah Rittich
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2021-01-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+description:
+email:
+- hrittich@users.noreply.github.com
+executables:
+- ovh_dnsup
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- bin/console
+- bin/setup
+- exe/ovh_dnsup
+- lib/ovh_dnsup.rb
+- lib/ovh_dnsup/cli.rb
+- lib/ovh_dnsup/domain_manager.rb
+- lib/ovh_dnsup/ovh_api.rb
+- lib/ovh_dnsup/version.rb
+- ovh_dnsup.gemspec
+homepage: https://github.com/hrittich/ovh_dnsup
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.7.6.2
+signing_key:
+specification_version: 4
+summary: Securely updates DNS records in a zone hosted by OVH.
+test_files: []