certbot-dns-dnspod-109 1.0.2__py3-none-any.whl → 1.0.3__py3-none-any.whl

certbot_dns_dnspod_109/_internal/dns_dnspod.py

@@ -1,6 +1,6 @@
 """DNS Authenticator for Dnspod."""
 import logging
-from typing import Any
+from typing import Any, List, Tuple
 from typing import Callable
 from typing import Optional
 
@@ -9,6 +9,8 @@ from certbot.plugins import dns_common
 from certbot.plugins.dns_common import CredentialsConfiguration
 
 from tencentcloud.common import credential
+from tencentcloud.common.profile.client_profile import ClientProfile
+from tencentcloud.common.profile.http_profile import HttpProfile
 from tencentcloud.dnspod.v20210323 import dnspod_client, models
 
 logger = logging.getLogger(__name__)
@@ -50,18 +52,20 @@ class Authenticator(dns_common.DNSAuthenticator):
         )
 
     def _perform(self, domain: str, validation_name: str, validation: str) -> None:
-        self._get_dnspod_client().add_txt_record(domain, validation_name, validation, self.ttl)
+        self._get_dnspod_client().add_txt_record(validation_name, validation, self.ttl)
 
     def _cleanup(self, domain: str, validation_name: str, validation: str) -> None:
-        self._get_dnspod_client().del_txt_record(domain, validation_name, validation)
+        self._get_dnspod_client().del_txt_record(validation_name, validation)
 
-    def _get_dnspod_client(self) -> "_DnspodClient":
+    def _get_dnspod_client(self) -> '_DnspodClient':
         if not self.credentials:  # pragma: no cover
             raise errors.Error("Plugin has not been prepared, did you set 'credentials'?")
         if self.credentials.conf('secret_id') and self.credentials.conf('secret_key'):
             return _DnspodClient(secret_id=self.credentials.conf('secret_id'),
                                  secret_key=self.credentials.conf('secret_key'),
-                                 endpoint=self.credentials.conf('endpoint') or "https://dnspod.tencentcloudapi.com")
+                                 endpoint=self.credentials.conf('endpoint') or "dnspod.tencentcloudapi.com")
+        else:
+            raise errors.Error("Missing required credentials: secret_id and secret_key are required")
 
 
 class _DnspodClient:
@@ -69,85 +73,241 @@ class _DnspodClient:
     Encapsulates all communication with the Tencent Cloud API 3.0.
     """
 
-    def __init__(self, secret_id: str, secret_key: str, endpoint: str) -> None:
-        # Use Tencent Cloud SDK
+    def __init__(self, secret_id: str, secret_key: str, endpoint: str = "dnspod.tencentcloudapi.com") -> None:
+        # init Tencent Cloud SDK
         cred = credential.Credential(secret_id, secret_key)
-        self.client = dnspod_client.DnspodClient(cred, "")
 
-    def add_txt_record(self, domain: str, record_name: str, record_content: str, record_ttl: int) -> None:
+        http_profile = HttpProfile()
+        http_profile.endpoint = endpoint
+
+        client_profile = ClientProfile()
+        client_profile.httpProfile = http_profile
+
+        self.client = dnspod_client.DnspodClient(cred, "", client_profile)
+
+    @staticmethod
+    def _normalize_fqdn(name: str) -> str:
+        """
+        Normalizes a fully qualified domain name (FQDN).
+
+        This method is used to transform an input FQDN by stripping any trailing
+        dots and converting the string to lowercase. This ensures uniformity
+        and consistent handling of FQDNs for comparisons and other operations.
+
+        Parameters:
+        name: str
+            The fully qualified domain name to normalize.
+
+        Returns:
+        str
+            The normalized FQDN with trailing dots removed and all characters
+            in lowercase.
+        """
+        return name.rstrip(".").lower()
+
+    def _to_ascii_fqdn(self, fqdn: str) -> str:
+        """
+        Converts a fully qualified domain name (FQDN) to its ASCII representation.
+
+        This method processes the provided FQDN to ensure it adheres to ASCII encoding
+        standards. Non-ASCII labels are converted using IDNA encoding, while ASCII
+        labels remain unchanged. Empty labels and invalid input are ignored during
+        conversion.
+
+        Parameters:
+        fqdn: str
+            The fully qualified domain name to be processed.
+
+        Returns:
+        str
+            The ASCII-encoded version of the provided fully qualified domain name.
+        """
+        fqdn = self._normalize_fqdn(fqdn)
+        labels = fqdn.split(".")
+        out = []
+        for lab in labels:
+            if not lab:
+                continue
+            if all(ord(c) < 128 for c in lab):
+                out.append(lab)
+            else:
+                out.append(lab.encode("idna").decode("ascii"))
+        return ".".join(out)
+
+    def find_hosted_domain(self, record_fqdn: str) -> Tuple[str, str]:
+        """
+        Determines the hosted domain and the subdomain part for a given fully qualified domain name (FQDN).
+
+        The method searches the list of all hosted domains to find one that either matches exactly
+        or is a parent domain to the provided FQDN. If found, it returns the hosted domain and the
+        subdomain part of the FQDN. If no matching hosted domain is found, an exception is raised.
+
+        Parameters:
+            record_fqdn (str): The fully qualified domain name (FQDN) to search for.
+
+        Returns:
+            Tuple[str, str]: A tuple containing:
+                - The hosted domain that covers the provided FQDN.
+                - The subdomain part of the FQDN relative to the hosted domain
+                  or "@" if the FQDN matches the hosted domain exactly.
+
+        Raises:
+            PluginError: If no hosted domain is found, that can cover the provided FQDN.
+        """
+        fqdn = self._to_ascii_fqdn(record_fqdn)
+        domains = self._list_all_domain()
+
+        for domain in domains:
+            if fqdn == domain or fqdn.endswith("." + domain):
+                if fqdn == domain:
+                    sub = "@"
+                else:
+                    sub = fqdn[:-(len(domain) + 1)]
+                return domain, sub
+
+        raise errors.PluginError(
+            f"Can't find a hosted domain that can cover {record_fqdn}. "
+            f"Please make sure you have hosted the domain (e.g. example.com / us.example.com) in DNSPod."
+        )
+
+    def _list_all_domain(self) -> List[str]:
         """
-        Add a TXT record using the supplied information.
+        Fetches and returns a sorted list of all domains associated with the account.
+
+        This method interacts with the API to retrieve a complete list of domains by
+        iteratively querying the DescribeDomainList API endpoint. It normalizes and
+        filters the retrieved domain data, ensuring that the list contains unique
+        entries sorted in descending order by their length.
 
-        :param domain: The domain to use to look up the DNS zone.
-        :param record_name: The record name (typically '_acme-challenge.').
-        :param record_content: The record content (typically the challenge validation string).
-        :param record_ttl: The record TTL in seconds.
+        Returns:
+            List[str]: A sorted list of unique domain names.
         """
-        logger.info(f"Adding TXT record for {record_name}")
+        zones: List[str] = []
+        offset = 0
+        limit = 3000  # default limit for DescribeDomainList API
+
+        while True:
+            req = models.DescribeDomainListRequest()
+            req.Offset = offset
+            req.Limit = limit
+            resp = self.client.DescribeDomainList(req)
+
+            domain_list = resp.DomainList or []
+            for d in domain_list:
+                if getattr(d, "Punycode", None):
+                    zones.append(self._normalize_fqdn(d.Punycode))
+
+            total = int(resp.DomainCountInfo.DomainTotal)
+            offset += len(domain_list)
+            if offset >= total or len(domain_list) == 0:
+                break
+
+        return sorted(set(zones), key=len, reverse=True)
+
+    def add_txt_record(self, record_name: str, record_content: str, record_ttl: int) -> None:
+        """
+        Adds a TXT DNS record to the specified domain using the provided details.
+
+        This function is responsible for creating a TXT type DNS record in the
+        appropriate hosted zone identified by the given record name.
+
+        Parameters:
+        record_name (str): The full name of the record (e.g., "_acme-challenge.example.com").
+        record_content (str): The value or content of the TXT record.
+        record_ttl (int): The time-to-live (TTL) value for the record, dictating how long
+                          it can be cached.
+
+        Raises:
+        PluginError: If the TXT record addition fails, typically due to an issue in
+                     the response from the DNS provider.
+
+        Notes:
+        The function automatically determines the hosted domain and subdomain to
+        target the correct DNS zone. A log entry is also created upon successful
+        record addition with relevant details.
+        """
+        zone, subdomain = self.find_hosted_domain(record_name)
 
         req = models.CreateTXTRecordRequest()
-        req.Domain = domain
+        req.Domain = zone
+        req.SubDomain = subdomain
         req.RecordLine = '默认'  # required
         req.Value = record_content
         req.TTL = record_ttl
-        req.SubDomain = record_name.split(".")[0]
 
-        response = self.client.CreateTXTRecord(req)
-        record_id = response.RequestId
+        resp = self.client.CreateTXTRecord(req)
 
+        record_id = getattr(resp, "RecordId", None)
         if not record_id:
-            raise Exception(f"Failed to add TXT record: {response}")
-        logger.info(f"Successfully added TXT record: {record_id}")
+            raise errors.PluginError(f"Failed to add TXT record, response: {resp}")
+        logger.info(
+            f"Successfully added TXT record: zone: {zone} sub: {subdomain} record_id: {record_id} request_id: {resp.RequestId}")
 
-    def del_txt_record(self, domain: str, record_name: str, record_content: str) -> None:
+    def del_txt_record(self, record_name: str, record_content: str) -> None:
         """
-        Delete a TXT record using the supplied information.
+        Deletes a TXT record from the DNS configuration.
+
+        This method removes a specific TXT record from the DNS configuration associated with the given
+        record name and record content. It identifies the domain and subdomain hosting the record,
+        verifies its ID, and submits a request to delete it. In the event the record is not found or
+        an error occurs during deletion, appropriate logging messages are generated.
+
+        Parameters:
+        record_name: str
+            The fully qualified domain name (FQDN) of the TXT record to be deleted.
+        record_content: str
+            The content of the TXT record to be deleted.
 
-        :param domain: The domain to use to look up the DNS zone.
-        :param record_name: The record name (typically '_acme-challenge.').
-        :param record_content: The record content (typically the challenge validation string).
+        Raises:
+            Exception: If an error occurs during record retrieval or deletion.
         """
         try:
-            logger.info("Deleting TXT record for %s", record_name)
-
-            record_id = self._find_txt_record_id(domain, record_name, record_content)
+            domain, subdomain = self.find_hosted_domain(record_name)
+            record_id = self._find_txt_record_id(domain, subdomain, record_content)
             if not record_id:
-                logger.warning("Record not found, skipping deletion.")
+                logger.warning("Record not found, skipping deletion: domain=%s sub=%s", domain, subdomain)
                 return
 
             req = models.DeleteRecordRequest()
             req.Domain = domain
             req.RecordId = record_id
-
-            response = self.client.DeleteRecord(req)
-            if response.RequestId:
-                logger.info(f"Successfully deleted TXT record: {record_id}, RequestId ID: {response.RequestId}")
+            resp = self.client.DeleteRecord(req)
+            logger.info(
+                f"Successfully deleted TXT record: domain: {domain} sub: {subdomain} request_id: {resp.RequestId}")
         except Exception as e:
-            logger.error(f"Failed to delete TXT record: {e}")
+            logger.error("Failed to delete TXT record: %s", e)
 
-    def _find_txt_record_id(self, domain: str, record_name: str, record_content: str) -> Optional[int]:
+    def _find_txt_record_id(self, domain: str, subdomain: str, record_content: str) -> Optional[int]:
         """
-        Find the record ID for a TXT record with the given name and content.
-
-        :param domain: The domain to use to look up the DNS zone.
-        :param record_name: The record name (typically '_acme-challenge.').
-        :param record_content: The record content (typically the challenge validation string).
-        :returns: The record ID, if found.
+        Find the ID of a TXT record that matches the specified domain name, subdomain,
+        and record content.
+
+        This method searches for an existing TXT record by domain, subdomain, and the
+        record content within the list of records returned by the client. If a matching
+        record is found, its ID is returned. If no match is found, None is returned.
+
+        Parameters:
+            domain: str
+                The domain name in which to search for the TXT record.
+            subdomain: str
+                The subdomain name for the TXT record, typically the host or name
+                portion of the record.
+            record_content: str
+                The text content of the TXT record that is being searched for.
+
+        Returns:
+            Optional[int]: The ID of the matching TXT record if found, otherwise None.
         """
-        logger.info(f"Searching for TXT record for {record_name}")
-
         req = models.DescribeRecordFilterListRequest()
         req.Domain = domain
-        req.SubDomain = record_name.split(".")[0]
+        req.SubDomain = subdomain
         req.RecordType = ["TXT"]
 
-        response = self.client.DescribeRecordFilterList(req)
-        records = response.RecordList
-
-        for record in records:
-            if record.Name == record_name.split(".")[0] and record.Value == record_content:
-                logger.info(f"Found TXT record for {record.Name}")
-                return record.RecordId
+        resp = self.client.DescribeRecordFilterList(req)
+        for r in (resp.RecordList or []):
+            if r.Name == subdomain and r.Value == record_content:
+                logger.info(f"Found TXT record for {r.Name}")
+                return int(r.RecordId)
 
-        logger.warning(f"No TXT record found for {record_name}")
+        logger.warning(f"No TXT record found for {subdomain}")
         return None

certbot_dns_dnspod_109/_internal/tests/dns_dnspod_test.py

@@ -1,4 +1,4 @@
-"""Tests for certbot_certbot_dns_dnspod_109._internal.dns_dnspod"""
+"""Tests for certbot_dns_dnspod_109._internal.dns_dnspod"""
 
 import sys
 import unittest
@@ -13,7 +13,7 @@ from certbot.plugins.dns_test_common import DOMAIN
 from certbot.tests import util as test_util
 
 
-# Simulate the exception returned by Tencent Cloud Dnspod API to test error handling
+# Simulate Tencent Cloud API exception for delete-path robustness tests.
 class MockApiException(Exception):
     pass
 
@@ -25,37 +25,39 @@ class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthentic
 
         super().setUp()
 
-        path = os.path.join(self.tempdir, 'file.ini')
-        dns_test_common.write({"dnspod_secret_id": "test_id", "dnspod_secret_key": "test_key"}, path)
+        path = os.path.join(self.tempdir, "file.ini")
+        # This plugin version expects prefixed keys in credentials file.
+        dns_test_common.write(
+            {"dnspod_secret_id": "test_id", "dnspod_secret_key": "test_key"},
+            path
+        )
 
-        self.config = mock.MagicMock(dnspod_credentials=path,
-                                     dnspod_propagation_seconds=0)  # Don't wait for actual records to take effect in tests
+        self.config = mock.MagicMock(
+            dnspod_credentials=path,
+            dnspod_propagation_seconds=0,
+        )
 
         self.auth = Authenticator(self.config, "dnspod")
-
         self.mock_client = mock.MagicMock()
-        # Mock _get_dnspod_client
-        self.auth._get_dnspod_client = mock.MagicMock(return_value=self.mock_client)
 
     @test_util.patch_display_util()
     def test_perform(self, unused_mock_get_utility):
-        # Test whether the perform method calls add_txt_record correctly
-        self.auth.perform([self.achall])
+        with mock.patch.object(self.auth, "_get_dnspod_client", return_value=self.mock_client):
+            self.auth.perform([self.achall])
 
-        expected = [mock.call.add_txt_record(DOMAIN, '_acme-challenge.' + DOMAIN, mock.ANY, mock.ANY)]
+        expected = [mock.call.add_txt_record("_acme-challenge." + DOMAIN, mock.ANY, 600)]
         assert expected == self.mock_client.mock_calls
 
     def test_cleanup(self):
-        # Test that the cleanup method calls del_txt_record correctly
         self.auth._attempt_cleanup = True
-        self.auth.cleanup([self.achall])
+        with mock.patch.object(self.auth, "_get_dnspod_client", return_value=self.mock_client):
+            self.auth.cleanup([self.achall])
 
-        expected = [mock.call.del_txt_record(DOMAIN, '_acme-challenge.' + DOMAIN, mock.ANY)]
+        expected = [mock.call.del_txt_record("_acme-challenge." + DOMAIN, mock.ANY)]
         assert expected == self.mock_client.mock_calls
 
     def test_no_creds(self):
-        # Test that an exception is thrown when correct credentials are not provided
-        path = os.path.join(self.tempdir, 'empty.ini')
+        path = os.path.join(self.tempdir, "empty.ini")
         dns_test_common.write({}, path)
         self.config.dnspod_credentials = path
 
@@ -65,9 +67,8 @@ class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthentic
             auth.perform([self.achall])
 
     def test_missing_secret_id(self):
-        # Test whether an exception is thrown when no credentials are provided
-        path = os.path.join(self.tempdir, 'no_id.ini')
-        dns_test_common.write({"secret_key": "test_key"}, path)
+        path = os.path.join(self.tempdir, "no_id.ini")
+        dns_test_common.write({"dnspod_secret_key": "test_key"}, path)
         self.config.dnspod_credentials = path
 
         from certbot_dns_dnspod_109._internal.dns_dnspod import Authenticator
@@ -76,9 +77,8 @@ class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthentic
             auth.perform([self.achall])
 
     def test_missing_secret_key(self):
-        # Test whether an exception is thrown when no credentials are provided
-        path = os.path.join(self.tempdir, 'no_key.ini')
-        dns_test_common.write({"secret_id": "test_id"}, path)
+        path = os.path.join(self.tempdir, "no_key.ini")
+        dns_test_common.write({"dnspod_secret_id": "test_id"}, path)
         self.config.dnspod_credentials = path
 
         from certbot_dns_dnspod_109._internal.dns_dnspod import Authenticator
@@ -86,115 +86,244 @@ class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthentic
         with pytest.raises(errors.PluginError):
             auth.perform([self.achall])
 
+    def test_get_dnspod_client_not_prepared(self):
+        self.auth.credentials = None
+        with pytest.raises(errors.Error):
+            self.auth._get_dnspod_client()
+
+    def test_get_dnspod_client_missing_required(self):
+        creds = mock.MagicMock()
+        creds.conf.side_effect = lambda k: {"dnspod_secret_id": "id_only"}.get(k)
+        self.auth.credentials = creds
+        with pytest.raises(errors.Error):
+            self.auth._get_dnspod_client()
+
+    def test_get_dnspod_client_default_endpoint(self):
+        from certbot_dns_dnspod_109._internal import dns_dnspod as mod
+
+        creds = mock.MagicMock()
+        creds.conf.side_effect = lambda k: {
+            "secret_id": "id",
+            "secret_key": "key",
+            "endpoint": None,
+        }.get(k)
+
+        self.auth.credentials = creds
+
+        with mock.patch.object(mod, "_DnspodClient") as m_client_cls:
+            self.auth._get_dnspod_client()
+            m_client_cls.assert_called_once_with(
+                secret_id="id",
+                secret_key="key",
+                endpoint="dnspod.tencentcloudapi.com",
+            )
+
+    def test_get_dnspod_client_custom_endpoint(self):
+        from certbot_dns_dnspod_109._internal import dns_dnspod as mod
+
+        creds = mock.MagicMock()
+        creds.conf.side_effect = lambda k: {
+            "secret_id": "id",
+            "secret_key": "key",
+            "endpoint": "custom.endpoint.tencentcloudapi.com",
+        }.get(k)
+
+        self.auth.credentials = creds
+
+        with mock.patch.object(mod, "_DnspodClient") as m_client_cls:
+            self.auth._get_dnspod_client()
+            m_client_cls.assert_called_once_with(
+                secret_id="id",
+                secret_key="key",
+                endpoint="custom.endpoint.tencentcloudapi.com",
+            )
+
 
 class DnspodClientTest(unittest.TestCase):
-    record_name = "_acme-challenge"
+    record_name = "_acme-challenge." + DOMAIN
     record_content = "test_challenge"
     record_ttl = 600
-    domain = DOMAIN
+    zone = DOMAIN
+    subdomain = "_acme-challenge"
     record_id = 12345
 
     def setUp(self):
         from certbot_dns_dnspod_109._internal.dns_dnspod import _DnspodClient
-        # Create a simulated dnspod_client
-        self.mock_dnspod_client = mock.MagicMock()
-        self.mock_credential = mock.MagicMock()
+
         self.mock_dnspod_sdk_client = mock.MagicMock()
 
-        # Patch dnspod_client.DnspodClient constructor returns mock_dnspod_sdk_client
-        patcher = mock.patch('certbot_dns_dnspod_109._internal.dns_dnspod.dnspod_client.DnspodClient',
-                             return_value=self.mock_dnspod_sdk_client)
+        # Patch SDK client constructor.
+        patcher = mock.patch(
+            "certbot_dns_dnspod_109._internal.dns_dnspod.dnspod_client.DnspodClient",
+            return_value=self.mock_dnspod_sdk_client,
+        )
         patcher.start()
         self.addCleanup(patcher.stop)
 
-        # Patch models module
-        self.models_patcher = mock.patch('certbot_dns_dnspod_109._internal.dns_dnspod.models')
+        # Patch request models used by the implementation.
+        self.models_patcher = mock.patch("certbot_dns_dnspod_109._internal.dns_dnspod.models")
         self.mock_models = self.models_patcher.start()
         self.addCleanup(self.models_patcher.stop)
 
         self.CreateTXTRecordRequest = mock.MagicMock()
         self.DeleteRecordRequest = mock.MagicMock()
         self.DescribeRecordFilterListRequest = mock.MagicMock()
+        self.DescribeDomainListRequest = mock.MagicMock()
 
         self.mock_models.CreateTXTRecordRequest.return_value = self.CreateTXTRecordRequest
         self.mock_models.DeleteRecordRequest.return_value = self.DeleteRecordRequest
         self.mock_models.DescribeRecordFilterListRequest.return_value = self.DescribeRecordFilterListRequest
+        self.mock_models.DescribeDomainListRequest.return_value = self.DescribeDomainListRequest
+
+        self.client = _DnspodClient(
+            secret_id="test_id",
+            secret_key="test_key",
+            endpoint="dnspod.tencentcloudapi.com",
+        )
+
+    def test_normalize_fqdn(self):
+        # Should strip trailing dots and lowercase.
+        assert self.client._normalize_fqdn("WWW.Example.COM.") == "www.example.com"
+
+    def test_to_ascii_fqdn_ascii_passthrough(self):
+        # ASCII labels should remain unchanged except normalization.
+        assert self.client._to_ascii_fqdn("WWW.Example.COM.") == "www.example.com"
+
+    def test_to_ascii_fqdn_idn(self):
+        # Non-ASCII labels should be IDNA-encoded.
+        out = self.client._to_ascii_fqdn("www.例子.测试.")
+        assert out == "www.xn--fsqu00a.xn--0zwm56d"
+
+    def test_find_hosted_domain_exact_match(self):
+        # Exact zone match should return ('zone', '@').
+        self.client._list_all_domain = mock.MagicMock(return_value=["example.com"])
+        zone, sub = self.client.find_hosted_domain("example.com.")
+        assert zone == "example.com"
+        assert sub == "@"
+
+    def test_find_hosted_domain_parent_match(self):
+        # Parent zone match should extract left part as subdomain.
+        self.client._list_all_domain = mock.MagicMock(return_value=["example.com"])
+        zone, sub = self.client.find_hosted_domain("_acme-challenge.example.com.")
+        assert zone == "example.com"
+        assert sub == "_acme-challenge"
+
+    def test_find_hosted_domain_longest_suffix_wins(self):
+        # Domains are expected to be sorted longest-first; ensure most specific zone is selected.
+        self.client._list_all_domain = mock.MagicMock(return_value=["us.example.com", "example.com"])
+        zone, sub = self.client.find_hosted_domain("_acme-challenge.us.example.com")
+        assert zone == "us.example.com"
+        assert sub == "_acme-challenge"
+
+    def test_find_hosted_domain_not_found(self):
+        self.client._list_all_domain = mock.MagicMock(return_value=["example.com"])
+        with pytest.raises(errors.PluginError):
+            self.client.find_hosted_domain("_acme-challenge.not-hosted.net")
+
+    def test_list_all_domain_pagination_and_sort(self):
+        # Build 2-page API responses and verify dedupe + normalization + sort-by-length-desc.
+        d1 = mock.MagicMock()
+        d1.Punycode = "Example.COM."
+        d2 = mock.MagicMock()
+        d2.Punycode = "us.example.com"
+        d3 = mock.MagicMock()
+        d3.Punycode = "example.com"  # duplicate after normalize
+        d4 = mock.MagicMock()
+        d4.Punycode = None  # should be skipped
 
-        self.client = _DnspodClient(secret_id="test_id", secret_key="test_key",
-                                    endpoint="https://dnspod.tencentcloudapi.com")
+        resp1 = mock.MagicMock()
+        resp1.DomainList = [d1, d2]
+        resp1.DomainCountInfo.DomainTotal = 4
+
+        resp2 = mock.MagicMock()
+        resp2.DomainList = [d3, d4]
+        resp2.DomainCountInfo.DomainTotal = 4
+
+        self.mock_dnspod_sdk_client.DescribeDomainList.side_effect = [resp1, resp2]
+
+        zones = self.client._list_all_domain()
+        assert zones == ["us.example.com", "example.com"]
 
     def test_add_txt_record(self):
-        # Simulate the return of a successful RequestId when adding a record
+        # Avoid testing zone lookup path here; isolate CreateTXTRecord request behavior.
+        self.client.find_hosted_domain = mock.MagicMock(return_value=(self.zone, self.subdomain))
+
         mock_response = mock.MagicMock()
+        mock_response.RecordId = self.record_id
         mock_response.RequestId = "mock_request_id"
         self.mock_dnspod_sdk_client.CreateTXTRecord.return_value = mock_response
 
-        self.client.add_txt_record(self.domain, self.record_name, self.record_content, self.record_ttl)
-        self.mock_dnspod_sdk_client.CreateTXTRecord.assert_called_once_with(self.CreateTXTRecordRequest)
+        self.client.add_txt_record(self.record_name, self.record_content, self.record_ttl)
 
-        # Check if the request parameters are correctly assigned
-        assert self.CreateTXTRecordRequest.Domain == self.domain
+        self.mock_dnspod_sdk_client.CreateTXTRecord.assert_called_once_with(self.CreateTXTRecordRequest)
+        assert self.CreateTXTRecordRequest.Domain == self.zone
+        assert self.CreateTXTRecordRequest.SubDomain == self.subdomain
         assert self.CreateTXTRecordRequest.Value == self.record_content
         assert self.CreateTXTRecordRequest.TTL == self.record_ttl
-        assert self.CreateTXTRecordRequest.SubDomain == self.record_name
+        assert self.CreateTXTRecordRequest.RecordLine == "默认"
 
     def test_add_txt_record_failed(self):
-        # Simulate adding records and return no RequestId
+        self.client.find_hosted_domain = mock.MagicMock(return_value=(self.zone, self.subdomain))
+
+        # Missing RecordId should be treated as failure.
         mock_response = mock.MagicMock()
-        mock_response.RequestId = ""
+        mock_response.RecordId = None
         self.mock_dnspod_sdk_client.CreateTXTRecord.return_value = mock_response
 
-        with pytest.raises(Exception):
-            self.client.add_txt_record(self.domain, self.record_name, self.record_content, self.record_ttl)
+        with pytest.raises(errors.PluginError):
+            self.client.add_txt_record(self.record_name, self.record_content, self.record_ttl)
 
     def test_del_txt_record(self):
-        # Simulate the return of matching records when searching for record IDs
+        self.client.find_hosted_domain = mock.MagicMock(return_value=(self.zone, self.subdomain))
+
+        # _find_txt_record_id checks Name == subdomain and Value == content.
         mock_record = mock.MagicMock()
         mock_record.RecordId = self.record_id
-        mock_record.Name = self.record_name
+        mock_record.Name = self.subdomain
         mock_record.Value = self.record_content
+
         mock_response = mock.MagicMock()
         mock_response.RecordList = [mock_record]
         self.mock_dnspod_sdk_client.DescribeRecordFilterList.return_value = mock_response
 
-        # Simulate the success of deleting records
         mock_del_response = mock.MagicMock()
         mock_del_response.RequestId = "del_request_id"
         self.mock_dnspod_sdk_client.DeleteRecord.return_value = mock_del_response
 
-        self.client.del_txt_record(self.domain, self.record_name, self.record_content)
+        self.client.del_txt_record(self.record_name, self.record_content)
 
         self.mock_dnspod_sdk_client.DescribeRecordFilterList.assert_called_once_with(
-            self.DescribeRecordFilterListRequest)
+            self.DescribeRecordFilterListRequest
+        )
         self.mock_dnspod_sdk_client.DeleteRecord.assert_called_once_with(self.DeleteRecordRequest)
-
         assert self.DeleteRecordRequest.RecordId == self.record_id
-        assert self.DeleteRecordRequest.Domain == self.domain
+        assert self.DeleteRecordRequest.Domain == self.zone
 
     def test_del_txt_record_not_found(self):
-        # Simulate that no matching records are found
+        self.client.find_hosted_domain = mock.MagicMock(return_value=(self.zone, self.subdomain))
+
         mock_response = mock.MagicMock()
         mock_response.RecordList = []
         self.mock_dnspod_sdk_client.DescribeRecordFilterList.return_value = mock_response
 
-        # Calling to delete a record will not throw an exception but will generate a warning
-        self.client.del_txt_record(self.domain, self.record_name, self.record_content)
+        # Not found should be a no-op.
+        self.client.del_txt_record(self.record_name, self.record_content)
         self.mock_dnspod_sdk_client.DeleteRecord.assert_not_called()
 
     def test_del_txt_record_error(self):
-        # Simulate the return of records when searching for record IDs, but throw an exception when deleting
+        self.client.find_hosted_domain = mock.MagicMock(return_value=(self.zone, self.subdomain))
+
         mock_record = mock.MagicMock()
         mock_record.RecordId = self.record_id
-        mock_record.Name = self.record_name
+        mock_record.Name = self.subdomain
         mock_record.Value = self.record_content
         mock_response = mock.MagicMock()
         mock_response.RecordList = [mock_record]
         self.mock_dnspod_sdk_client.DescribeRecordFilterList.return_value = mock_response
 
+        # del_txt_record should swallow exceptions and log errors.
         self.mock_dnspod_sdk_client.DeleteRecord.side_effect = MockApiException("Delete error")
-
-        # Should not throw exceptions, but errors will be logged
-        self.client.del_txt_record(self.domain, self.record_name, self.record_content)
+        self.client.del_txt_record(self.record_name, self.record_content)
 
 
 if __name__ == "__main__":

{certbot_dns_dnspod_109-1.0.2.dist-info → certbot_dns_dnspod_109-1.0.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: certbot-dns-dnspod-109
-Version: 1.0.2
+Version: 1.0.3
 Summary: Dnspod DNS Authenticator plugin for Certbot
 Home-page: https://github.com/10935336/certbot-dns-dnspod-109
 Author: 10935336
@@ -43,6 +43,9 @@ Requires-Dist: pytest; extra == "test"
 
 
 ## Just Another DNSPod DNS Authenticator plugin for Certbot
+
+Just Another Tencent Cloud DNSPod DNS Authenticator plugin for [Certbot](https://certbot.eff.org/)
+
 The `certbot-dns-dnspod-109` plugin automates the process of
 completing a `dns-01` challenge (`~acme.challenges.DNS01`)
 by creating, and subsequently removing, TXT records using the
@@ -54,6 +57,8 @@ then this is your plugin.
 
 Tested on
 - Certbot 3.0.1
+- Certbot 5.1.0
+- Certbot 5.2.2
 
 
 ## Usage
@@ -71,6 +76,8 @@ pip install git+https://github.com/10935336/certbot-dns-dnspod-109.git
 
 
 #### snap:
+The snap version is deprecated and will not receive updates after version v1.0.2.
+
 ```bash
 snap install certbot-dns-dnspod-10935336
 snap set certbot trust-plugin-with-root=ok
@@ -91,6 +98,11 @@ dns_dnspod_109_secret_id=foo
 dns_dnspod_109_secret_key=bar
 ```
 
+Optional parameters: 
+```ini
+dns_dnspod_109_endpoint=dnspod.tencentcloudapi.com
+```
+
 ### 4. Ready to go
 
 #### Usage Examples
@@ -113,6 +125,15 @@ certbot certonly \
   -d www.example.com
 ```
 
+Obtain a wildcard certificate for `example.com`
+```bash
+certbot certonly \
+  -a dns-dnspod-109 \
+  --dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
+  -d example.com \
+  -d *.example.com
+```
+
 To acquire a certificate for example.com, waiting 60 seconds for DNS propagation
 ```bash
 certbot certonly \
@@ -122,7 +143,7 @@ certbot certonly \
   -d example.com
 ```
 
-Test run
+Test run (Skipping the final certificate issuance)
 ```bash
 certbot certonly \
   --register-unsafely-without-email \
@@ -133,8 +154,22 @@ certbot certonly \
   --dry-run
 ```
 
+Test run a wildcard certificate for `example.com`(Skipping the final certificate issuance)
+```bash
+certbot certonly \
+  --register-unsafely-without-email \
+  -a dns-dnspod-109 \
+  --dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
+  --dns-dnspod-109-propagation-seconds 60 \
+  -v \
+  --dry-run \
+  -d example.com \
+  -d *.example.com
+```
+
+
 ## Parameter Description
-``--dns-dnspod-109-credentials <path>`` points to the credentials file. (Required)
+``--dns-dnspod-109-credentials <path>`` Path to the credential file (required)
 
 ``--dns-dnspod-109-propagation-seconds`` The number of seconds to wait for DNS propagation before asking the ACME server to verify DNS records. If DNS records appear to be added successfully but verification fails, try increasing this value. (Default: 10)
 
@@ -151,12 +186,16 @@ certbot certonly \
 
 ## 只是另一个适用于 Certbot 的 DNSPod DNS Authenticator 插件
 
+只是另一个适用于 [Certbot](https://certbot.eff.org/) 的 Tencent Cloud DNSPod DNS Authenticator 插件
+
 `certbot-dns-dnspod-109` 插件通过使用 Dnspod API（腾讯云 API 3.0）创建并随后删除 TXT 记录，自动完成`dns-01` 质询（`~acme.challenges.DNS01`）。
 
 如果你使用 [Dnspod](https://www.dnspod.cn/) ([腾讯云](https://cloud.tencent.com)) 作为你的域名解析服务提供商，那么这就是你的插件。
 
 在以下版本中测试通过
 - Certbot 3.0.1
+- Certbot 5.1.0
+- Certbot 5.2.2
 
 ## 使用方法
 
@@ -172,6 +211,9 @@ pip install git+https://github.com/10935336/certbot-dns-dnspod-109.git
 ```
 
 #### snap:
+
+snap 版本已弃用，将不会收到 v1.0.2 版本之后的更新
+
 ```bash
 snap install certbot-dns-dnspod-10935336
 snap set certbot trust-plugin-with-root=ok
@@ -186,12 +228,17 @@ snap connect certbot:plugin certbot-dns-dnspod-10935336
 
 ### 3. 准备凭证文件
 
-foobar.ini:
+foobar.ini: 
 ```ini
 dns_dnspod_109_secret_id=foo
 dns_dnspod_109_secret_key=bar
 ```
 
+可选参数: 
+```ini
+dns_dnspod_109_endpoint=dnspod.tencentcloudapi.com
+```
+
 ### 4. 准备就绪
 
 #### 使用示例
@@ -200,30 +247,40 @@ dns_dnspod_109_secret_key=bar
 
 ```bash
 certbot certonly \
--a dns-dnspod-109 \
---dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
--d example.com
+  -a dns-dnspod-109 \
+  --dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
+  -d example.com
 ```
 
 获取同时有 `example.com` 和 `www.example.com` 的单个证书
 ```bash
 certbot certonly \
--a dns-dnspod-109 \
---dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
--d example.com \
--d www.example.com
+  -a dns-dnspod-109 \
+  --dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
+  -d example.com \
+  -d www.example.com
 ```
 
+获取 `example.com` 的泛域名证书
+```bash
+certbot certonly \
+  -a dns-dnspod-109 \
+  --dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
+  -d example.com \
+  -d *.example.com
+```
+
+
 获取 `example.com` 的证书，但设置等待 60 秒（等待 DNS 传播）
 ```bash
 certbot certonly \
--a dns-dnspod-109 \
---dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
---dns-dnspod-109-propagation-seconds 60 \
--d example.com
+  -a dns-dnspod-109 \
+  --dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
+  --dns-dnspod-109-propagation-seconds 60 \
+  -d example.com
 ```
 
-测试运行
+测试运行（跳过最终证书颁发）
 ```bash
 certbot certonly \
   --register-unsafely-without-email \
@@ -234,8 +291,22 @@ certbot certonly \
   --dry-run
 ```
 
+测试运行，获取 `example.com` 的泛域名证书（跳过最终证书颁发）
+```bash
+certbot certonly \
+  --register-unsafely-without-email \
+  -a dns-dnspod-109 \
+  --dns-dnspod-109-credentials ~/.secrets/certbot/dnspod-109.ini \
+  --dns-dnspod-109-propagation-seconds 60 \
+  -v \
+  --dry-run \
+  -d example.com \
+  -d *.example.com
+```
+
+
 ## 参数说明
-``--dns-dnspod-109-credentials <路径>`` 指向凭证文件。（必需）
+``--dns-dnspod-109-credentials <路径>`` 指向凭证文件的路径（必需）
 
-``--dns-dnspod-109-propagation-seconds`` 在要求 ACME 服务器验证 DNS 记录之前等待 DNS 传播的秒数。如果显示 DNS 记录添加成功但验证失败，则尝试增加此值 。 （默认值：10）
+``--dns-dnspod-109-propagation-seconds`` 在要求 ACME 服务器验证 DNS 记录之前等待 DNS 传播的秒数。如果显示 DNS 记录添加成功但验证失败，则尝试增加此值 （默认值：10）
 

certbot_dns_dnspod_109-1.0.3.dist-info/RECORD

@@ -0,0 +1,11 @@
+certbot_dns_dnspod_109/__init__.py,sha256=qvnjZ72P7cvpavn66_Ws2c7s0Ft6OJpaSiIP8bAtYmc,3479
+certbot_dns_dnspod_109/_internal/__init__.py,sha256=TxsS2fQuUdzQP-YoerMhKrCrodqACPybbe2JDGdtcZw,95
+certbot_dns_dnspod_109/_internal/dns_dnspod.py,sha256=SXBWvXr7NaifW-WE-LYF3jYqqdh2h8hwHnjPG5XlcOU,12850
+certbot_dns_dnspod_109/_internal/tests/__init__.py,sha256=rjj8qB-_GHbjCMAlaq6MKyzVtE_NWf5A6NGYGC8JAPk,68
+certbot_dns_dnspod_109/_internal/tests/dns_dnspod_test.py,sha256=56PwuKH6lGdLhZzI3DrHmEDJqyZWqaCsknrd9_-hqB4,13510
+certbot_dns_dnspod_109-1.0.3.dist-info/LICENSE.txt,sha256=LMXecVrlqXbwhvukkwiAyeQhkUFz_IURG_9RTUdXEj8,10786
+certbot_dns_dnspod_109-1.0.3.dist-info/METADATA,sha256=DEObA_RWSXXhPeHReRI6a3BQoyYWrnBTO2UyP_Uc3yk,8719
+certbot_dns_dnspod_109-1.0.3.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+certbot_dns_dnspod_109-1.0.3.dist-info/entry_points.txt,sha256=ri1pHfGGa7B3kLCWkTGn8Xg32rdNTLqBv4pDHwD8OUs,93
+certbot_dns_dnspod_109-1.0.3.dist-info/top_level.txt,sha256=TZ8F7YwXuC4Q35y9QMVXnIAAf2aEEhxyBCQVwIK5yvg,23
+certbot_dns_dnspod_109-1.0.3.dist-info/RECORD,,

certbot_dns_dnspod_109-1.0.2.dist-info/RECORD

@@ -1,11 +0,0 @@
-certbot_dns_dnspod_109/__init__.py,sha256=qvnjZ72P7cvpavn66_Ws2c7s0Ft6OJpaSiIP8bAtYmc,3479
-certbot_dns_dnspod_109/_internal/__init__.py,sha256=TxsS2fQuUdzQP-YoerMhKrCrodqACPybbe2JDGdtcZw,95
-certbot_dns_dnspod_109/_internal/dns_dnspod.py,sha256=nNz-Fyve_1an-D-cMthvV2IcswrrffU-M5hZ2cB6KGM,6393
-certbot_dns_dnspod_109/_internal/tests/__init__.py,sha256=rjj8qB-_GHbjCMAlaq6MKyzVtE_NWf5A6NGYGC8JAPk,68
-certbot_dns_dnspod_109/_internal/tests/dns_dnspod_test.py,sha256=6J7Rgk7iEeW9J_32bpIx4wmQ9aiyyi7koCNXBbj5fTo,8864
-certbot_dns_dnspod_109-1.0.2.dist-info/LICENSE.txt,sha256=LMXecVrlqXbwhvukkwiAyeQhkUFz_IURG_9RTUdXEj8,10786
-certbot_dns_dnspod_109-1.0.2.dist-info/METADATA,sha256=VgBZIy_c4Dzu_GhEGF2fJpRSgHzwM0AIP60HS1_6vkA,6853
-certbot_dns_dnspod_109-1.0.2.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-certbot_dns_dnspod_109-1.0.2.dist-info/entry_points.txt,sha256=ri1pHfGGa7B3kLCWkTGn8Xg32rdNTLqBv4pDHwD8OUs,93
-certbot_dns_dnspod_109-1.0.2.dist-info/top_level.txt,sha256=TZ8F7YwXuC4Q35y9QMVXnIAAf2aEEhxyBCQVwIK5yvg,23
-certbot_dns_dnspod_109-1.0.2.dist-info/RECORD,,