GitHub
/
pdns_api.sh
peilaus alkaen https://github.com/silkeh/pdns_api.sh.git
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Julkaisut 6 Activity
A simple DNS hook that lets Dehydrated talk to the PowerDNS API.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58 Commitit
1 Haara
Haara: master
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
pdns_api.sh/pdns_api.sh

469 lines
11KB
Raaka Pysyvä linkki Blame Historia 

  1. #!/usr/bin/env bash

  2. 

  3. # Copyright 2016-2018 - Silke Hofstra and contributors

  4. #

  5. # Licensed under the EUPL

  6. #

  7. # You may not use this work except in compliance with the Licence.

  8. # You may obtain a copy of the Licence at:

  9. #

  10. # https://joinup.ec.europa.eu/collection/eupl

  11. #

  12. # Unless required by applicable law or agreed to in writing, software

  13. # distributed under the Licence is distributed on an "AS IS" basis,

  14. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either

  15. # express or implied.

  16. # See the Licence for the specific language governing

  17. # permissions and limitations under the Licence.

  18. #

  19. 

  20. set -e

  21. set -u

  22. set -o pipefail

  23. 

  24. # Local directory

  25. DIR="$(dirname "$0")"

  26. 

  27. # Config directories

  28. CONFIG_DIRS="/etc/dehydrated /usr/local/etc/dehydrated"

  29. 

  30. # Show an error/warning

  31. error() { echo "Error: $*" >&2; }

  32. warn() { echo "Warning: $*" >&2; }

  33. fatalerror() { error "$*"; exit 1; }

  34. 

  35. # Debug message

  36. debug() { [[ -z "${DEBUG:-}" ]] || echo "$@"; }

  37. 

  38. # Join an array with a character

  39. join() { local IFS="$1"; shift; echo "$*"; }

  40. 

  41. # Reverse a string

  42. rev() {

  43.   local str rev

  44.   str="$(cat)"

  45.   rev=""

  46.   for (( i=${#str}-1; i>=0; i-- )); do rev="${rev}${str:$i:1}"; done

  47.   echo "${rev}"

  48. }

  49. 

  50. # Different sed version for different os types...

  51. # From letsencrypt.sh

  52. _sed() {

  53.   if [[ "${OSTYPE}" = "Linux" ]]; then

  54.     sed -r "${@}"

  55.   else

  56.     sed -E "${@}"

  57.   fi

  58. }

  59. 

  60. # Get string value from json dictionary

  61. # From letsencrypt.sh

  62. get_json_string_value() {

  63.   local filter

  64.   filter="$(printf 's/.*"%s": *"([^"]*)".*/\\1/p' "$1")"

  65.   _sed -n "${filter}"

  66. }

  67. 

  68. # Get integer value from json dictionary

  69. get_json_int_value() {

  70.   local filter

  71.   filter="$(printf 's/.*"%s": *([^,}]*),*.*/\\1/p' "$1")"

  72.   _sed -n "${filter}"

  73. }

  74. 

  75. # Load the configuration and set default values

  76. load_config() {

  77.   # Check for config in various locations

  78.   # From letsencrypt.sh

  79.   if [[ -z "${CONFIG:-}" ]]; then

  80.     for check_config in ${CONFIG_DIRS} "${PWD}" "${DIR}"; do

  81.       if [[ -f "${check_config}/config" ]]; then

  82.         CONFIG="${check_config}/config"

  83.         break

  84.       fi

  85.     done

  86.   fi

  87. 

  88.   # Check if config was set

  89.   if [[ -z "${CONFIG:-}" ]]; then

  90.     # Warn about missing config

  91.     warn "No config file found, using default config!"

  92.   elif [[ -f "${CONFIG}" ]]; then

  93.     # shellcheck disable=SC1090

  94.     . "${CONFIG}"

  95.   fi

  96. 

  97.   if [[ -n "${CONFIG_D:-}" ]]; then

  98.     if [[ ! -d "${CONFIG_D}" ]]; then

  99.       fatalerror "The path ${CONFIG_D} specified for CONFIG_D does not point to a directory."

  100.     fi

  101. 

  102.     # Allow globbing

  103.     if [[ -n "${ZSH_VERSION:-}" ]]

  104.     then

  105.       set +o noglob

  106.     else

  107.       set +f

  108.     fi

  109. 

  110.     for check_config_d in "${CONFIG_D}"/*.sh; do

  111.       if [[ -f "${check_config_d}" ]] && [[ -r "${check_config_d}" ]]; then

  112.         echo "# INFO: Using additional config file ${check_config_d}"

  113.         # shellcheck disable=SC1090

  114.         . "${check_config_d}"

  115.       else

  116.         fatalerror "Specified additional config ${check_config_d} is not readable or not a file at all."

  117.       fi

  118.     done

  119. 

  120.     # Disable globbing

  121.     if [[ -n "${ZSH_VERSION:-}" ]]

  122.     then

  123.       set -o noglob

  124.     else

  125.       set -f

  126.     fi

  127.   fi

  128. 

  129.   # Check required settings

  130.   [[ -n "${PDNS_HOST:-}" ]] || fatalerror "PDNS_HOST setting is required."

  131.   [[ -n "${PDNS_KEY:-}" ]]  || fatalerror "PDNS_KEY setting is required."

  132. 

  133.   # Check optional settings

  134.   [[ -n "${PDNS_PORT:-}" ]] || PDNS_PORT=8081

  135. }

  136. 

  137. # Load the zones from file

  138. load_zones() {

  139.   # Check for zones.txt in various locations

  140.   if [[ -z "${PDNS_ZONES_TXT:-}" ]]; then

  141.     for check_zones in ${CONFIG_DIRS} "${PWD}" "${DIR}"; do

  142.       if [[ -f "${check_zones}/zones.txt" ]]; then

  143.         PDNS_ZONES_TXT="${check_zones}/zones.txt"

  144.         break

  145.       fi

  146.     done

  147.   fi

  148. 

  149.   # Load zones

  150.   all_zones=""

  151.   if [[ -n "${PDNS_ZONES_TXT:-}" ]] && [[ -f "${PDNS_ZONES_TXT}" ]]; then

  152.     all_zones="$(cat "${PDNS_ZONES_TXT}")"

  153.   fi

  154. }

  155. 

  156. # API request

  157. request() {

  158.   # Request parameters

  159.   local method url data

  160.   method="$1"

  161.   url="$2"

  162.   data="$3"

  163.   error=false

  164. 

  165.   # Perform the request

  166.   # This is wrappend in an if to avoid the exit on error

  167.   if ! res="$(curl -sSfL --stderr - --request "${method}" --header "${content_header}" --header "${api_header}" --data "${data}" "${url}")"; then

  168.     error=true

  169.   fi

  170. 

  171.   # Debug output

  172.   debug "# Request"

  173.   debug "Method: ${method}"

  174.   debug "URL: ${url}"

  175.   debug "Data: ${data}"

  176.   debug "Response: ${res}"

  177. 

  178.   # Abort on failed request

  179.   if [[ "${res}" = *"error"* ]] || [[ "${error}" = true ]]; then

  180.     fatalerror "API error: ${res}"

  181.   fi

  182. }

  183. 

  184. # Setup of connection settings

  185. setup() {

  186.   # Header values

  187.   api_header="X-API-Key: ${PDNS_KEY}"

  188.   content_header="Content-Type: application/json"

  189. 

  190.   # Set the URL to the host if it is a URL,

  191.   # otherwise create it from the host and port.

  192.   if [[ "${PDNS_HOST}" == http?(s)://* ]]; then

  193.     url="${PDNS_HOST}"

  194.   else

  195.     url="http://${PDNS_HOST}:${PDNS_PORT}"

  196.   fi

  197. 

  198.   # Detect the version

  199.   if [[ -z "${PDNS_VERSION:-}" ]]; then

  200.     request "GET" "${url}/api" ""

  201.     PDNS_VERSION="$(<<< "${res}" get_json_int_value version)"

  202.   fi

  203. 

  204.   # Fallback to version 0

  205.   if [[ -z "${PDNS_VERSION}" ]]; then

  206.     PDNS_VERSION=0

  207.   fi

  208. 

  209.   # Some version incompatibilities

  210.   if [[ "${PDNS_VERSION}" -ge 1 ]]; then

  211.     url="${url}/api/v${PDNS_VERSION}"

  212.   fi

  213. 

  214.   # Detect the server

  215.   if [[ -z "${PDNS_SERVER:-}" ]]; then

  216.     request "GET" "${url}/servers" ""

  217.     PDNS_SERVER="$(<<< "${res}" get_json_string_value id)"

  218.   fi

  219. 

  220.   # Fallback to localhost

  221.   if [[ -z "${PDNS_SERVER}" ]]; then

  222.     PDNS_SERVER="localhost"

  223.   fi

  224. 

  225.   # Zone endpoint on the API

  226.   url="${url}/servers/${PDNS_SERVER}/zones"

  227. 

  228.   # Get a zone list from the API is none was set

  229.   if [[ -z "${all_zones}" ]]; then

  230.     request "GET" "${url}" ""

  231.     all_zones="$(<<< "${res//, /$',\n'}" get_json_string_value name)"

  232.   fi

  233. 

  234.   # Strip trailing dots from zones

  235.   all_zones="${all_zones//$'.\n'/ }"

  236.   all_zones="${all_zones%.}"

  237. 

  238.   # Sort zones to list most specific first

  239.   all_zones="$(<<< "${all_zones}" rev | sort | rev)"

  240. 

  241.   # Set suffix in case of CNAME redirection

  242.   if [[ -n "${PDNS_SUFFIX:-}" ]]; then

  243.       suffix=".${PDNS_SUFFIX}"

  244.   else

  245.       suffix=""

  246.   fi

  247. 

  248.   # Debug setup result

  249.   debug "# Setup"

  250.   debug "API version: ${PDNS_VERSION}"

  251.   debug "PDNS server: ${PDNS_SERVER}"

  252.   debug "Zones: ${all_zones}"

  253.   debug "Suffix: \"${suffix}\""

  254. }

  255. 

  256. setup_domain() {

  257.   # Domain and token from arguments

  258.   domain="$1"

  259.   token="$2"

  260.   zone=""

  261. 

  262.   # Record name

  263.   name="_acme-challenge.${domain}${suffix}"

  264. 

  265.   # Read name parts into array

  266.   IFS='.' read -ra name_array <<< "${name}"

  267. 

  268.   # Find zone name, cut off subdomains until match

  269.   for check_zone in ${all_zones}; do

  270.     for (( j=${#name_array[@]}-1; j>=0; j-- )); do

  271.       if [[ "${check_zone}" = "$(join . "${name_array[@]:j}")" ]]; then

  272.         zone="${check_zone}"

  273.         break 2

  274.       fi

  275.     done

  276.   done

  277. 

  278.   # Fallback to creating zone from arguments

  279.   if [[ -z "${zone}" ]]; then

  280.     zone="${name_array[*]: -2:1}.${name_array[*]: -1:1}"

  281.     warn "zone not found, using '${zone}'"

  282.   fi

  283. 

  284.   # Some version incompatibilities

  285.   if [[ "${PDNS_VERSION}" -ge 1 ]]; then

  286.     name="${name}."

  287.     zone="${zone}."

  288.     extra_data=""

  289.   else

  290.     extra_data=",\"name\": \"${name}\", \"type\": \"TXT\", \"ttl\": 1"

  291.   fi

  292. }

  293. 

  294. get_records() {

  295.   IFS=" " read -ra tokens <<< "${token}"

  296. 

  297.   for i in "${!tokens[@]}"; do

  298.     printf '%.*s' $((i != 0)) ","

  299. 

  300.     echo -n '{

  301.     "content": "\"'"${tokens[$i]}"'\"",

  302.     "disabled": false,

  303.     "set-ptr": false

  304.     '"${extra_data}"'

  305.     }'

  306.   done

  307. }

  308. 

  309. deploy_rrset() {

  310.   echo -n '{

  311.     "name": "'"${name}"'",

  312.     "type": "TXT",

  313.     "ttl": 1,

  314.     "records": ['"$(get_records)"'],

  315.     "changetype": "REPLACE"

  316.   }'

  317. }

  318. 

  319. clean_rrset() {

  320.   echo '{"name":"'"${name}"'","type":"TXT","changetype":"DELETE"}'

  321. }

  322. 

  323. soa_edit() {

  324.   # Show help

  325.   if [[ $# -eq 0 ]]; then

  326.     echo "Usage: pdns_api.sh soa_edit <zone> [SOA-EDIT] [SOA-EDIT-API]"

  327.     exit 1

  328.   fi

  329. 

  330.   # Get current values for zone

  331.   request "GET" "${url}/$1" ""

  332. 

  333.   # Set variables

  334.   if [[ $# -le 1 ]]; then

  335.     soa_edit=$(<<< "${res}" get_json_string_value soa_edit)

  336.     soa_edit_api=$(<<< "${res}" get_json_string_value soa_edit_api)

  337. 

  338.     echo "Current values:"

  339.   else

  340.     soa_edit="$2"

  341.     if [[ $# -eq 3 ]]; then

  342.       soa_edit_api="$3"

  343.     else

  344.       soa_edit_api="DEFAULT"

  345.     fi

  346. 

  347.     echo "Setting:"

  348.   fi

  349. 

  350.   # Display values

  351.   echo "SOA-EDIT:     ${soa_edit}"

  352.   echo "SOA-EDIT-API: ${soa_edit_api}"

  353. 

  354.   # Update values

  355.   if [[ $# -ge 2 ]]; then

  356.     request "PUT" "${url}/${1}" '{

  357.       "soa_edit":"'"${soa_edit}"'",

  358.       "soa_edit_api":"'"${soa_edit_api}"'",

  359.       "kind":"'"$(<<< "${res}" get_json_string_value kind)"'"

  360.     }'

  361.   fi

  362. }

  363. 

  364. exit_hook() {

  365.   if [[ ! -z "${PDNS_EXIT_HOOK:-}" ]]; then

  366.       if [[ -x "${PDNS_EXIT_HOOK}" ]]; then

  367.         exec "${PDNS_EXIT_HOOK}"

  368.       else

  369.         fatalerror "${PDNS_EXIT_HOOK} is not an executable"

  370.       fi

  371.   fi

  372. }

  373. 

  374. main() {

  375.   # Set hook

  376.   hook="$1"

  377. 

  378.   # Debug output

  379.   debug "Hook: ${hook}"

  380. 

  381.   # Ignore unknown hooks

  382.   if [[ ! "${hook}" =~ ^(deploy_challenge|clean_challenge|soa_edit|exit_hook)$ ]]; then

  383.     exit 0

  384.   fi

  385. 

  386.   # Main setup

  387.   load_config

  388.   load_zones

  389.   setup

  390.   declare -A requests

  391. 

  392.   # Interface for SOA-EDIT

  393.   if [[ "${hook}" = "soa_edit" ]]; then

  394.     shift

  395.     soa_edit "$@"

  396.     exit 0

  397.   fi

  398. 

  399.   # Interface for exit_hook

  400.   if [[ "${hook}" = "exit_hook" ]]; then

  401.     shift

  402.     exit_hook "$@"

  403.     exit 0

  404.   fi

  405. 

  406.   declare -A domains

  407.   # Loop through arguments per 3

  408.   for ((i=2; i<=$#; i=i+3)); do

  409.     t=$((i + 2))

  410.     _domain="${!i}"

  411.     _token="${!t}"

  412. 

  413.     if [[ "${_domain}" == "*."* ]]; then

  414.       debug "Domain ${_domain} is a wildcard domain, ACME challenge will be for domain apex (${_domain:2})"

  415.       _domain="${_domain:2}"

  416.     fi

  417. 

  418.     domains[${_domain}]="${_token} ${domains[${_domain}]:-}"

  419.   done

  420. 

  421.   # Loop through unique domains

  422.   for domain in "${!domains[@]}"; do

  423.     # Setup for this domain

  424.     req=""

  425.     t=${domains[${domain}]}

  426.     setup_domain "${domain}" "${t}"

  427. 

  428.     # Debug output

  429.     debug "# Domain"

  430.     debug "Name:  ${name}"

  431.     debug "Token: ${token}"

  432.     debug "Zone:  ${zone}"

  433. 

  434.     # Add comma

  435.     if [[ ${requests[${zone}]+x} ]]; then

  436.       req="${requests[${zone}]},"

  437.     fi

  438. 

  439.     # Deploy a token

  440.     if [[ "${hook}" = "deploy_challenge" ]]; then

  441.       requests[${zone}]="${req}$(deploy_rrset)"

  442.     fi

  443. 

  444.     # Remove a token

  445.     if [[ "${hook}" = "clean_challenge" ]]; then

  446.       requests[${zone}]="${req}$(clean_rrset)"

  447.     fi

  448. 

  449.     # Other actions are not implemented but will not cause an error

  450.   done

  451. 

  452.   # Perform requests

  453.   for zone in "${!requests[@]}"; do

  454.     request "PATCH" "${url}/${zone}" '{"rrsets": ['"${requests[${zone}]}"']}'

  455.     if [[ -z "${PDNS_NO_NOTIFY:-}" ]]; then

  456.       request "PUT" "${url}/${zone}/notify" ''

  457.     fi

  458.   done

  459. 

  460.   # Wait the requested amount of seconds when deployed

  461.   if [[ "${hook}" = "deploy_challenge" ]] && [[ -n "${PDNS_WAIT:-}" ]]; then

  462.     debug "Waiting for ${PDNS_WAIT} seconds"

  463. 

  464.     sleep "${PDNS_WAIT}"

  465.   fi

  466. }

  467. 

  468. main "$@"