Home Explore Project
Register Sign In
linux
/
acme.sh
3
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Tree: be0df07dfb
Branches Tags
acme.sh
/
dnsapi
/
dns_gcloud.sh

dns_gcloud.sh 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167 
  1. #!/usr/bin/env sh
    2. 

  2. 

  3. # Author: Janos Lenart <janos@lenart.io>
    4. 

  4. 

  5. ########  Public functions #####################
    6. 

  6. 

  7. # Usage: dns_gcloud_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
    8. 

  8. dns_gcloud_add() {
    9. 

  9.   fulldomain=$1
    10. 

  10.   txtvalue=$2
    11. 

  11.   _info "Using gcloud"
    12. 

  12.   _debug fulldomain "$fulldomain"
    13. 

  13.   _debug txtvalue "$txtvalue"
    14. 

  14. 

  15.   _dns_gcloud_find_zone || return $?
    16. 

  16. 

  17.   # Add an extra RR
    18. 

  18.   _dns_gcloud_start_tr || return $?
    19. 

  19.   _dns_gcloud_get_rrdatas || return $?
    20. 

  20.   echo "$rrdatas" | _dns_gcloud_remove_rrs || return $?
    21. 

  21.   printf "%s\n%s\n" "$rrdatas" "\"$txtvalue\"" | grep -v '^$' | _dns_gcloud_add_rrs || return $?
    22. 

  22.   _dns_gcloud_execute_tr || return $?
    23. 

  23. 

  24.   _info "$fulldomain record added"
    25. 

  25. }
    26. 

  26. 

  27. # Usage: dns_gcloud_rm   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
    28. 

  28. # Remove the txt record after validation.
    29. 

  29. dns_gcloud_rm() {
    30. 

  30.   fulldomain=$1
    31. 

  31.   txtvalue=$2
    32. 

  32.   _info "Using gcloud"
    33. 

  33.   _debug fulldomain "$fulldomain"
    34. 

  34.   _debug txtvalue "$txtvalue"
    35. 

  35. 

  36.   _dns_gcloud_find_zone || return $?
    37. 

  37. 

  38.   # Remove one RR
    39. 

  39.   _dns_gcloud_start_tr || return $?
    40. 

  40.   _dns_gcloud_get_rrdatas || return $?
    41. 

  41.   echo "$rrdatas" | _dns_gcloud_remove_rrs || return $?
    42. 

  42.   echo "$rrdatas" | grep -F -v "\"$txtvalue\"" | _dns_gcloud_add_rrs || return $?
    43. 

  43.   _dns_gcloud_execute_tr || return $?
    44. 

  44. 

  45.   _info "$fulldomain record added"
    46. 

  46. }
    47. 

  47. 

  48. ####################  Private functions below ##################################
    49. 

  49. 

  50. _dns_gcloud_start_tr() {
    51. 

  51.   if ! trd=$(mktemp -d); then
    52. 

  52.     _err "_dns_gcloud_start_tr: failed to create temporary directory"
    53. 

  53.     return 1
    54. 

  54.   fi
    55. 

  55.   tr="$trd/tr.yaml"
    56. 

  56.   _debug tr "$tr"
    57. 

  57. 

  58.   if ! gcloud dns record-sets transaction start \
    59. 

  59.     --transaction-file="$tr" \
    60. 

  60.     --zone="$managedZone"; then
    61. 

  61.     rm -r "$trd"
    62. 

  62.     _err "_dns_gcloud_start_tr: failed to execute transaction"
    63. 

  63.     return 1
    64. 

  64.   fi
    65. 

  65. }
    66. 

  66. 

  67. _dns_gcloud_execute_tr() {
    68. 

  68.   if ! gcloud dns record-sets transaction execute \
    69. 

  69.     --transaction-file="$tr" \
    70. 

  70.     --zone="$managedZone"; then
    71. 

  71.     _debug tr "$(cat "$tr")"
    72. 

  72.     rm -r "$trd"
    73. 

  73.     _err "_dns_gcloud_execute_tr: failed to execute transaction"
    74. 

  74.     return 1
    75. 

  75.   fi
    76. 

  76.   rm -r "$trd"
    77. 

  77. 

  78.   for i in $(seq 1 120); do
    79. 

  79.     if gcloud dns record-sets changes list \
    80. 

  80.       --zone="$managedZone" \
    81. 

  81.       --filter='status != done' \
    82. 

  82.       | grep -q '^.*'; then
    83. 

  83.       _info "_dns_gcloud_execute_tr: waiting for transaction to be comitted ($i/120)..."
    84. 

  84.       sleep 5
    85. 

  85.     else
    86. 

  86.       return 0
    87. 

  87.     fi
    88. 

  88.   done
    89. 

  89. 

  90.   _err "_dns_gcloud_execute_tr: transaction is still pending after 10 minutes"
    91. 

  91.   rm -r "$trd"
    92. 

  92.   return 1
    93. 

  93. }
    94. 

  94. 

  95. _dns_gcloud_remove_rrs() {
    96. 

  96.   if ! xargs -r gcloud dns record-sets transaction remove \
    97. 

  97.     --name="$fulldomain." \
    98. 

  98.     --ttl="$ttl" \
    99. 

  99.     --type=TXT \
    100. 

  100.     --zone="$managedZone" \
    101. 

  101.     --transaction-file="$tr"; then
    102. 

  102.     _debug tr "$(cat "$tr")"
    103. 

  103.     rm -r "$trd"
    104. 

  104.     _err "_dns_gcloud_remove_rrs: failed to remove RRs"
    105. 

  105.     return 1
    106. 

  106.   fi
    107. 

  107. }
    108. 

  108. 

  109. _dns_gcloud_add_rrs() {
    110. 

  110.   ttl=60
    111. 

  111.   if ! xargs -r gcloud dns record-sets transaction add \
    112. 

  112.     --name="$fulldomain." \
    113. 

  113.     --ttl="$ttl" \
    114. 

  114.     --type=TXT \
    115. 

  115.     --zone="$managedZone" \
    116. 

  116.     --transaction-file="$tr"; then
    117. 

  117.     _debug tr "$(cat "$tr")"
    118. 

  118.     rm -r "$trd"
    119. 

  119.     _err "_dns_gcloud_add_rrs: failed to add RRs"
    120. 

  120.     return 1
    121. 

  121.   fi
    122. 

  122. }
    123. 

  123. 

  124. _dns_gcloud_find_zone() {
    125. 

  125.   # Prepare a filter that matches zones that are suiteable for this entry.
    126. 

  126.   # For example, _acme-challenge.something.domain.com might need to go into something.domain.com or domain.com;
    127. 

  127.   # this function finds the longest postfix that has a managed zone.
    128. 

  128.   part="$fulldomain"
    129. 

  129.   filter="dnsName=( "
    130. 

  130.   while [ "$part" != "" ]; do
    131. 

  131.     filter="$filter$part. "
    132. 

  132.     part="$(echo "$part" | sed 's/[^.]*\.*//')"
    133. 

  133.   done
    134. 

  134.   filter="$filter)"
    135. 

  135.   _debug filter "$filter"
    136. 

  136. 

  137.   # List domains and find the zone with the deepest sub-domain (in case of some levels of delegation)
    138. 

  138.   if ! match=$(gcloud dns managed-zones list \
    139. 

  139.     --format="value(name, dnsName)" \
    140. 

  140.     --filter="$filter" \
    141. 

  141.     | while read -r dnsName name; do
    142. 

  142.       printf "%s\t%s\t%s\n" "$(echo "$name" | awk -F"." '{print NF-1}')" "$dnsName" "$name"
    143. 

  143.     done \
    144. 

  144.       | sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then
    145. 

  145.     _err "_dns_gcloud_find_zone: Can't find a matching managed zone! Perhaps wrong project or gcloud credentials?"
    146. 

  146.     return 1
    147. 

  147.   fi
    148. 

  148. 

  149.   dnsName=$(echo "$match" | cut -f2)
    150. 

  150.   _debug dnsName "$dnsName"
    151. 

  151.   managedZone=$(echo "$match" | cut -f1)
    152. 

  152.   _debug managedZone "$managedZone"
    153. 

  153. }
    154. 

  154. 

  155. _dns_gcloud_get_rrdatas() {
    156. 

  156.   if ! rrdatas=$(gcloud dns record-sets list \
    157. 

  157.     --zone="$managedZone" \
    158. 

  158.     --name="$fulldomain." \
    159. 

  159.     --type=TXT \
    160. 

  160.     --format="value(ttl,rrdatas)"); then
    161. 

  161.     _err "_dns_gcloud_get_rrdatas: Failed to list record-sets"
    162. 

  162.     rm -r "$trd"
    163. 

  163.     return 1
    164. 

  164.   fi
    165. 

  165.   ttl=$(echo "$rrdatas" | cut -f1)
    166. 

  166.   rrdatas=$(echo "$rrdatas" | cut -f2 | sed 's/","/"\n"/g')
    167. 

  167. }
    168.