libdns / gandi Goto Github PK

View Code? Open in Web Editor NEW

9.0 6.0 9.0 16 KB

Gandi provider implementation for libdns

License: MIT License

Go 100.00%

gandi libdns

gandi's Introduction

Gandi for `libdns`

This package implements the libdns interfaces for Gandi.

Authenticating

This package only supports API Key authentication. Refer to the Gandi's Public API documentation for more information.

Start by retrieving your API key from the Security section in Gandi account admin panel to be able to make authenticated requests to the API.

Technical limitations

The LiveDNS documentation states that records with the same name and type are merged so that their rrset_values are grouped together.

{
  "rrset_type": "MX",
  "rrset_ttl": 1800,
  "rrset_name": "@",
  "rrset_href": "https://api.gandi.net/v5/livedns/domains/gconfs.fr/records/@/MX",
  "rrset_values": [
    "1 aspmx.l.google.com.",
    "5 alt1.aspmx.l.google.com.",
    "5 alt2.aspmx.l.google.com.",
    "10 alt3.aspmx.l.google.com."
  ]
}

On the above example, such a design forces us to perform a PUT to add a new @ 1800 IN MX 10 alt4.aspmx.l.google.com. record instead of a simple POST. Thus, we can not use POST to add new records if there is already existing records with the same name and type.

That's why AppendRecord has the same behaviour than SetRecord. Due to these technical limitations, updating or appending records may affect the TTL of similar records which have the same name and type.

gandi's People

Contributors

Stargazers

Watchers

Forkers

francislavoie themimitoof svendowideit isabella232 dontomage n-g tiagosimao nustiueudinastea foxcpp

gandi's Issues

deleteRecord panics when trying to remove one value from multiple

So I've been making a mess in my DNS, and have multiple entries (with different values) for the same hostname, and in this case, there should be only one

I guess the RRSetValues unrolling is doing something unkind?

Deleting incorrect entry for *.township-sl in ona.im (10.10.10.176)
panic: runtime error: index out of range [1] with length 1 [recovered]
        panic: runtime error: index out of range [1] with length 1

goroutine 1 [running]:
github.com/alecthomas/kong.catch(0xc00020fe00)
        /home/dow184/go/pkg/mod/github.com/alecthomas/[email protected]/kong.go:366 +0xb3
panic(0xc34020, 0xc00047a2e0)
        /snap/go/6745/src/runtime/panic.go:969 +0x1b9
github.com/libdns/gandi.(*Provider).deleteRecord(0xc000315c20, 0xd73fe0, 0xc000136028, 0xc0003f8b88, 0x6, 0x0, 0x0, 0x1133508, 0x1, 0xc0002dc660, ...)
        /home/dow184/go/pkg/mod/github.com/libdns/[email protected]/client.go:99 +0xcdf
github.com/libdns/gandi.(*Provider).DeleteRecords(0xc000315c20, 0xd73fe0, 0xc000136028, 0xc0003f8b88, 0x6, 0xc00020f6d8, 0x1, 0x1, 0x0, 0x0, ...)
        /home/dow184/go/pkg/mod/github.com/libdns/[email protected]/provider.go:81 +0x23a
github.com/onaci/cirri/cmd.(*InitCmd).Run(0xc000146d28, 0xc000146b40, 0x0, 0x0)
        /home/dow184/src/onaci/cirri/cmd/init.go:257 +0x1713
reflect.Value.call(0xba8e40, 0xc000146d28, 0x213, 0xc830b5, 0x4, 0xc000421b40, 0x1, 0x1, 0x1, 0x0, ...)
        /snap/go/6745/src/reflect/value.go:476 +0x8c7
reflect.Value.Call(0xba8e40, 0xc000146d28, 0x213, 0xc000421b40, 0x1, 0x1, 0x0, 0x1, 0x0)
        /snap/go/6745/src/reflect/value.go:337 +0xb9
github.com/alecthomas/kong.callMethod(0xc82c4a, 0x3, 0xc3a100, 0xc000146d28, 0x199, 0xba8e40, 0xc000146d28, 0x213, 0xc00041f950, 0xc00013e000, ...)
        /home/dow184/go/pkg/mod/github.com/alecthomas/[email protected]/callbacks.go:71 +0x4b1
github.com/alecthomas/kong.(*Context).RunNode(0xc0003a6880, 0xc00039fee0, 0xc0002dfeb8, 0x1, 0x1, 0x3, 0xc0003f2ce0)
        /home/dow184/go/pkg/mod/github.com/alecthomas/[email protected]/context.go:610 +0x571
github.com/alecthomas/kong.(*Context).Run(0xc0003a6880, 0xc0002dfeb8, 0x1, 0x1, 0x0, 0x0)
        /home/dow184/go/pkg/mod/github.com/alecthomas/[email protected]/context.go:627 +0x99
github.com/onaci/cirri/cmd.Main()
        /home/dow184/src/onaci/cirri/cmd/main.go:112 +0x36c
main.main()
        /home/dow184/src/onaci/cirri/main.go:6 +0x25

It doesn't look like this has been changed in #2 - @Themimitoof

When using caddy-dynamicdns to update multiple A name records, duplicate A records are created.

This is a continuation of an issue reported on mholt's caddy-dynamicdns repo.
More information can be found here.
https://github.com/mholt/caddy-dynamicdns/issues/3

Relative/absolute record name conversions

Hi,

Over in the libdns repo, we're discussing standardizing the use of relative or absolute record names in libdns.Record structs. The current consensus is that they should be made relative (i.e. for a record named sub.example.com in a zone called example.com, the name should become sub). This may affect your provider implementation.

When you have a chance, would you please check out this issue? This is the last call for feedback before we decide and I push the changes.

Link: libdns/libdns#12 (comment)

Thank you!

API Keys are deprecated and should be replaced with Personal Access Tokens

Gandi has deprecated API keys and replaced them with Personal Access Tokens, which are more secure because they have scoped permissions and expire after a user configurable period of time (max one year).

https://api.gandi.net/docs/authentication/

The deprecated API keys use an Apikey authorization scheme:

Authorization: Apikey 0123456

The new Personal Access Tokens use the Bearer authorization scheme:

Authorization: Bearer abc123

The Gandi provider for libdns should support Personal Access Tokens in addition to API Keys.

New LiveDNS Gandi API

Hello,

The existing Gandi API (https://dns.api.gandi.net/api/v5/) is being migrated to https://api.gandi.net/v5/livedns. As mentioned here no further development will be performed on the old API but it does not say when/if it will be decommissioned.

The new API (which is still in beta) is documented here: https://api.gandi.net/docs/livedns/

Regards,
Q

go.sum checksum mismatch

Hi, I am working on a project that uses this Go package and I am facing the following issue with Go modules.

verifying github.com/libdns/[email protected]/go.mod: checksum mismatch
	downloaded: h1:VN+Lh8Teq6nYszNsPSLKdIv24hOCcQu0rJWHQa2jPZc=
	go.sum:     h1:hxpbQKcQFgQrTS5lV4tAgn6QoL6HcCnoBJaW5nOW4Sk=

Is there something to be fixed here?

Thanks.

Unable to obtain staging certificates from Caddy and unable to use the production API

Oct 09 14:11:27 caddy caddy[5279]: {"level":"debug","ts":1602252687.3269796,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/129219693","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.2.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["16035029"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["820"],"Content-Type":["application/json"],"Date":["Fri, 09 Oct 2020 14:11:27 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0002EP5TajzJkR8S-BPRUT0hgAu6Ab4HGExDKLBFvNusIkU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
Oct 09 14:11:27 caddy caddy[5279]: {"level":"error","ts":1602252687.3276086,"logger":"tls.obtain","msg":"will retry","error":"[cloud.skynewz.dev] Obtain: [cloud.skynewz.dev] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/16035029/164341612) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":306.609201325,"max_duration":2592000}
Oct 09 14:13:30 caddy caddy[5279]: {"level":"debug","ts":1602252810.017539,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.2.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Fri, 09 Oct 2020 14:13:29 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0004QU0EWOmwTN2WWIpPFZeYKSByeTvRVnKCGfic1_B5Ul4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
Oct 09 14:13:30 caddy caddy[5279]: {"level":"debug","ts":1602252810.2374177,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.2.0 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Boulder-Requester":["16035029"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["361"],"Content-Type":["application/json"],"Date":["Fri, 09 Oct 2020 14:13:30 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/16035029/164343014"],"Replay-Nonce":["0002Gxyh8lJAi5NTlMaACO90kkX7YOTpVFbJs09vWRc9CQk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
Oct 09 14:13:31 caddy caddy[5279]: {"level":"debug","ts":1602252811.1182134,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/129221602","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.2.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["16035029"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["816"],"Content-Type":["application/json"],"Date":["Fri, 09 Oct 2020 14:13:30 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["00038GzJNmClboPXjlBWA3ROo_GtU6ehyKZfuCB55MDMmn4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
Oct 09 14:13:31 caddy caddy[5279]: {"level":"debug","ts":1602252811.1194053,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"http-01"}
Oct 09 14:13:31 caddy caddy[5279]: {"level":"debug","ts":1602252811.1197758,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
Oct 09 14:13:31 caddy caddy[5279]: {"level":"info","ts":1602252811.1200745,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"cloud.skynewz.dev","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}

Request: allow overriding the API URL

Would you consider allowing overriding the URL in https://github.com/libdns/gandi/blob/master/client.go#L146 (say, via an environment variable?)

I am probably overthinking this, but I am no longer comfortable with having a god-level API key to do a single call to Gandi, so I will probably write an API proxy. Gandi have stated they don't intend to allow granular access or multiple keys outside of Organisations (because what I'd really like is a key that can only update the record needed for the DNS challenge)

Couldn't see a better place to put this, so sorry if this isn't appropriate for a GitHub Issue.