GitHub
/
pdns_api.sh
peilaus alkaen https://github.com/silkeh/pdns_api.sh.git
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Julkaisut 5 Activity
A simple DNS hook that lets Dehydrated talk to the PowerDNS API.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 Commitit
1 Haara
Haara: master
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
pdns_api.sh/pdns_api.sh

460 lines
10KB
Raaka Pysyvä linkki Blame Historia 

  1. #!/usr/bin/env bash

  2. 

  3. # Copyright 2016-2018 - Silke Hofstra and contributors

  4. #

  5. # Licensed under the EUPL

  6. #

  7. # You may not use this work except in compliance with the Licence.

  8. # You may obtain a copy of the Licence at:

  9. #

  10. # https://joinup.ec.europa.eu/collection/eupl

  11. #

  12. # Unless required by applicable law or agreed to in writing, software

  13. # distributed under the Licence is distributed on an "AS IS" basis,

  14. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either

  15. # express or implied.

  16. # See the Licence for the specific language governing

  17. # permissions and limitations under the Licence.

  18. #

  19. 

  20. set -e

  21. set -u

  22. set -o pipefail

  23. 

  24. # Local directory

  25. DIR="$(dirname "$0")"

  26. 

  27. # Config directories

  28. CONFIG_DIRS="/etc/dehydrated /usr/local/etc/dehydrated"

  29. 

  30. # Show an error/warning

  31. error() { echo "Error: $*" >&2; }

  32. warn() { echo "Warning: $*" >&2; }

  33. fatalerror() { error "$*"; exit 1; }

  34. 

  35. # Debug message

  36. debug() { [[ -z "${DEBUG:-}" ]] || echo "$@"; }

  37. 

  38. # Join an array with a character

  39. join() { local IFS="$1"; shift; echo "$*"; }

  40. 

  41. # Reverse a string

  42. rev() {

  43.   local str rev

  44.   str="$(cat)"

  45.   rev=""

  46.   for (( i=${#str}-1; i>=0; i-- )); do rev="${rev}${str:$i:1}"; done

  47.   echo "${rev}"

  48. }

  49. 

  50. # Different sed version for different os types...

  51. # From letsencrypt.sh

  52. _sed() {

  53.   if [[ "${OSTYPE}" = "Linux" ]]; then

  54.     sed -r "${@}"

  55.   else

  56.     sed -E "${@}"

  57.   fi

  58. }

  59. 

  60. # Get string value from json dictionary

  61. # From letsencrypt.sh

  62. get_json_string_value() {

  63.   local filter

  64.   filter="$(printf 's/.*"%s": *"([^"]*)".*/\\1/p' "$1")"

  65.   _sed -n "${filter}"

  66. }

  67. 

  68. # Get integer value from json dictionary

  69. get_json_int_value() {

  70.   local filter

  71.   filter="$(printf 's/.*"%s": *([^,}]*),*.*/\\1/p' "$1")"

  72.   _sed -n "${filter}"

  73. }

  74. 

  75. # Load the configuration and set default values

  76. load_config() {

  77.   # Check for config in various locations

  78.   # From letsencrypt.sh

  79.   if [[ -z "${CONFIG:-}" ]]; then

  80.     for check_config in ${CONFIG_DIRS} "${PWD}" "${DIR}"; do

  81.       if [[ -f "${check_config}/config" ]]; then

  82.         CONFIG="${check_config}/config"

  83.         break

  84.       fi

  85.     done

  86.   fi

  87. 

  88.   # Check if config was set

  89.   if [[ -z "${CONFIG:-}" ]]; then

  90.     # Warn about missing config

  91.     warn "No config file found, using default config!"

  92.   elif [[ -f "${CONFIG}" ]]; then

  93.     # shellcheck disable=SC1090

  94.     . "${CONFIG}"

  95.   fi

  96. 

  97.   if [[ -n "${CONFIG_D:-}" ]]; then

  98.     if [[ ! -d "${CONFIG_D}" ]]; then

  99.       fatalerror "The path ${CONFIG_D} specified for CONFIG_D does not point to a directory."

  100.     fi

  101. 

  102.     # Allow globbing

  103.     if [[ -n "${ZSH_VERSION:-}" ]]

  104.     then

  105.       set +o noglob

  106.     else

  107.       set +f

  108.     fi

  109. 

  110.     for check_config_d in "${CONFIG_D}"/*.sh; do

  111.       if [[ -f "${check_config_d}" ]] && [[ -r "${check_config_d}" ]]; then

  112.         echo "# INFO: Using additional config file ${check_config_d}"

  113.         # shellcheck disable=SC1090

  114.         . "${check_config_d}"

  115.       else

  116.         fatalerror "Specified additional config ${check_config_d} is not readable or not a file at all."

  117.       fi

  118.     done

  119. 

  120.     # Disable globbing

  121.     if [[ -n "${ZSH_VERSION:-}" ]]

  122.     then

  123.       set -o noglob

  124.     else

  125.       set -f

  126.     fi

  127.   fi

  128. 

  129.   # Check required settings

  130.   [[ -n "${PDNS_HOST:-}" ]] || fatalerror "PDNS_HOST setting is required."

  131.   [[ -n "${PDNS_KEY:-}" ]]  || fatalerror "PDNS_KEY setting is required."

  132. 

  133.   # Check optional settings

  134.   [[ -n "${PDNS_PORT:-}" ]] || PDNS_PORT=8081

  135. }

  136. 

  137. # Load the zones from file

  138. load_zones() {

  139.   # Check for zones.txt in various locations

  140.   if [[ -z "${PDNS_ZONES_TXT:-}" ]]; then

  141.     for check_zones in ${CONFIG_DIRS} "${PWD}" "${DIR}"; do

  142.       if [[ -f "${check_zones}/zones.txt" ]]; then

  143.         PDNS_ZONES_TXT="${check_zones}/zones.txt"

  144.         break

  145.       fi

  146.     done

  147.   fi

  148. 

  149.   # Load zones

  150.   all_zones=""

  151.   if [[ -n "${PDNS_ZONES_TXT:-}" ]] && [[ -f "${PDNS_ZONES_TXT}" ]]; then

  152.     all_zones="$(cat "${PDNS_ZONES_TXT}")"

  153.   fi

  154. }

  155. 

  156. # API request

  157. request() {

  158.   # Request parameters

  159.   local method url data

  160.   method="$1"

  161.   url="$2"

  162.   data="$3"

  163.   error=false

  164. 

  165.   # Perform the request

  166.   # This is wrappend in an if to avoid the exit on error

  167.   if ! res="$(curl -sSfL --stderr - --request "${method}" --header "${content_header}" --header "${api_header}" --data "${data}" "${url}")"; then

  168.     error=true

  169.   fi

  170. 

  171.   # Debug output

  172.   debug "Method: ${method}"

  173.   debug "URL: ${url}"

  174.   debug "Data: ${data}"

  175.   debug "Response: ${res}"

  176. 

  177.   # Abort on failed request

  178.   if [[ "${res}" = *"error"* ]] || [[ "${error}" = true ]]; then

  179.     fatalerror "API error: ${res}"

  180.   fi

  181. }

  182. 

  183. # Setup of connection settings

  184. setup() {

  185.   # Header values

  186.   api_header="X-API-Key: ${PDNS_KEY}"

  187.   content_header="Content-Type: application/json"

  188. 

  189.   # Set the URL to the host if it is a URL,

  190.   # otherwise create it from the host and port.

  191.   if [[ "${PDNS_HOST}" == http?(s)://* ]]; then

  192.     url="${PDNS_HOST}"

  193.   else

  194.     url="http://${PDNS_HOST}:${PDNS_PORT}"

  195.   fi

  196. 

  197.   # Detect the version

  198.   if [[ -z "${PDNS_VERSION:-}" ]]; then

  199.     request "GET" "${url}/api" ""

  200.     PDNS_VERSION="$(<<< "${res}" get_json_int_value version)"

  201.   fi

  202. 

  203.   # Fallback to version 0

  204.   if [[ -z "${PDNS_VERSION}" ]]; then

  205.     PDNS_VERSION=0

  206.   fi

  207. 

  208.   # Some version incompatibilities

  209.   if [[ "${PDNS_VERSION}" -ge 1 ]]; then

  210.     url="${url}/api/v${PDNS_VERSION}"

  211.   fi

  212. 

  213.   # Detect the server

  214.   if [[ -z "${PDNS_SERVER:-}" ]]; then

  215.     request "GET" "${url}/servers" ""

  216.     PDNS_SERVER="$(<<< "${res}" get_json_string_value id)"

  217.   fi

  218. 

  219.   # Fallback to localhost

  220.   if [[ -z "${PDNS_SERVER}" ]]; then

  221.     PDNS_SERVER="localhost"

  222.   fi

  223. 

  224.   # Zone endpoint on the API

  225.   url="${url}/servers/${PDNS_SERVER}/zones"

  226. 

  227.   # Get a zone list from the API is none was set

  228.   if [[ -z "${all_zones}" ]]; then

  229.     request "GET" "${url}" ""

  230.     all_zones="$(<<< "${res//, /$',\n'}" get_json_string_value name)"

  231.   fi

  232. 

  233.   # Strip trailing dots from zones

  234.   all_zones="${all_zones//$'.\n'/ }"

  235.   all_zones="${all_zones%.}"

  236. 

  237.   # Sort zones to list most specific first

  238.   all_zones="$(<<< "${all_zones}" rev | sort | rev)"

  239. 

  240.   # Set suffix in case of CNAME redirection

  241.   if [[ -n "${PDNS_SUFFIX:-}" ]]; then

  242.       suffix=".${PDNS_SUFFIX}"

  243.   else

  244.       suffix=""

  245.   fi

  246. }

  247. 

  248. setup_domain() {

  249.   # Domain and token from arguments

  250.   domain="$1"

  251.   token="$2"

  252.   zone=""

  253. 

  254.   # Record name

  255.   name="_acme-challenge.${domain}${suffix}"

  256. 

  257.   # Read name parts into array

  258.   IFS='.' read -ra name_array <<< "${name}"

  259. 

  260.   # Find zone name, cut off subdomains until match

  261.   for check_zone in ${all_zones}; do

  262.     for (( j=${#name_array[@]}-1; j>=0; j-- )); do

  263.       if [[ "${check_zone}" = "$(join . "${name_array[@]:j}")" ]]; then

  264.         zone="${check_zone}"

  265.         break 2

  266.       fi

  267.     done

  268.   done

  269. 

  270.   # Fallback to creating zone from arguments

  271.   if [[ -z "${zone}" ]]; then

  272.     zone="${name_array[*]: -2:1}.${name_array[*]: -1:1}"

  273.     warn "zone not found, using '${zone}'"

  274.   fi

  275. 

  276.   # Some version incompatibilities

  277.   if [[ "${PDNS_VERSION}" -ge 1 ]]; then

  278.     name="${name}."

  279.     zone="${zone}."

  280.     extra_data=""

  281.   else

  282.     extra_data=",\"name\": \"${name}\", \"type\": \"TXT\", \"ttl\": 1"

  283.   fi

  284. }

  285. 

  286. get_records() {

  287.   IFS=" " read -ra tokens <<< "${token}"

  288. 

  289.   for i in "${!tokens[@]}"; do

  290.     printf '%.*s' $((i != 0)) ","

  291. 

  292.     echo -n '{

  293.     "content": "\"'"${tokens[$i]}"'\"",

  294.     "disabled": false,

  295.     "set-ptr": false

  296.     '"${extra_data}"'

  297.     }'

  298.   done

  299. }

  300. 

  301. deploy_rrset() {

  302.   echo -n '{

  303.     "name": "'"${name}"'",

  304.     "type": "TXT",

  305.     "ttl": 1,

  306.     "records": ['"$(get_records)"'],

  307.     "changetype": "REPLACE"

  308.   }'

  309. }

  310. 

  311. clean_rrset() {

  312.   echo '{"name":"'"${name}"'","type":"TXT","changetype":"DELETE"}'

  313. }

  314. 

  315. soa_edit() {

  316.   # Show help

  317.   if [[ $# -eq 0 ]]; then

  318.     echo "Usage: pdns_api.sh soa_edit <zone> [SOA-EDIT] [SOA-EDIT-API]"

  319.     exit 1

  320.   fi

  321. 

  322.   # Get current values for zone

  323.   request "GET" "${url}/$1" ""

  324. 

  325.   # Set variables

  326.   if [[ $# -le 1 ]]; then

  327.     soa_edit=$(<<< "${res}" get_json_string_value soa_edit)

  328.     soa_edit_api=$(<<< "${res}" get_json_string_value soa_edit_api)

  329. 

  330.     echo "Current values:"

  331.   else

  332.     soa_edit="$2"

  333.     if [[ $# -eq 3 ]]; then

  334.       soa_edit_api="$3"

  335.     else

  336.       soa_edit_api="DEFAULT"

  337.     fi

  338. 

  339.     echo "Setting:"

  340.   fi

  341. 

  342.   # Display values

  343.   echo "SOA-EDIT:     ${soa_edit}"

  344.   echo "SOA-EDIT-API: ${soa_edit_api}"

  345. 

  346.   # Update values

  347.   if [[ $# -ge 2 ]]; then

  348.     request "PUT" "${url}/${1}" '{

  349.       "soa_edit":"'"${soa_edit}"'",

  350.       "soa_edit_api":"'"${soa_edit_api}"'",

  351.       "kind":"'"$(<<< "${res}" get_json_string_value kind)"'"

  352.     }'

  353.   fi

  354. }

  355. 

  356. exit_hook() {

  357.   if [[ ! -z "${PDNS_EXIT_HOOK:-}" ]]; then

  358.       if [[ -x "${PDNS_EXIT_HOOK}" ]]; then

  359.         exec "${PDNS_EXIT_HOOK}"

  360.       else

  361.         fatalerror "${PDNS_EXIT_HOOK} is not an executable"

  362.       fi

  363.   fi

  364. }

  365. 

  366. main() {

  367.   # Set hook

  368.   hook="$1"

  369. 

  370.   # Debug output

  371.   debug "Hook: ${hook}"

  372. 

  373.   # Ignore unknown hooks

  374.   if [[ ! "${hook}" =~ ^(deploy_challenge|clean_challenge|soa_edit|exit_hook)$ ]]; then

  375.     exit 0

  376.   fi

  377. 

  378.   # Main setup

  379.   load_config

  380.   load_zones

  381.   setup

  382.   declare -A requests

  383. 

  384.   # Interface for SOA-EDIT

  385.   if [[ "${hook}" = "soa_edit" ]]; then

  386.     shift

  387.     soa_edit "$@"

  388.     exit 0

  389.   fi

  390. 

  391.   # Interface for exit_hook

  392.   if [[ "${hook}" = "exit_hook" ]]; then

  393.     shift

  394.     exit_hook "$@"

  395.     exit 0

  396.   fi

  397. 

  398.   declare -A domains

  399.   # Loop through arguments per 3

  400.   for ((i=2; i<=$#; i=i+3)); do

  401.     t=$((i + 2))

  402.     _domain="${!i}"

  403.     _token="${!t}"

  404. 

  405.     if [[ "${_domain}" == "*."* ]]; then

  406.       debug "Domain ${_domain} is a wildcard domain, ACME challenge will be for domain apex (${_domain:2})"

  407.       _domain="${_domain:2}"

  408.     fi

  409. 

  410.     domains[${_domain}]="${_token} ${domains[${_domain}]:-}"

  411.   done

  412. 

  413.   # Loop through unique domains

  414.   for domain in "${!domains[@]}"; do

  415.     # Setup for this domain

  416.     req=""

  417.     t=${domains[${domain}]}

  418.     setup_domain "${domain}" "${t}"

  419. 

  420.     # Debug output

  421.     debug "Name:  ${name}"

  422.     debug "Token: ${token}"

  423.     debug "Zone:  ${zone}"

  424. 

  425.     # Add comma

  426.     if [[ ${requests[${zone}]+x} ]]; then

  427.       req="${requests[${zone}]},"

  428.     fi

  429. 

  430.     # Deploy a token

  431.     if [[ "${hook}" = "deploy_challenge" ]]; then

  432.       requests[${zone}]="${req}$(deploy_rrset)"

  433.     fi

  434. 

  435.     # Remove a token

  436.     if [[ "${hook}" = "clean_challenge" ]]; then

  437.       requests[${zone}]="${req}$(clean_rrset)"

  438.     fi

  439. 

  440.     # Other actions are not implemented but will not cause an error

  441.   done

  442. 

  443.   # Perform requests

  444.   for zone in "${!requests[@]}"; do

  445.     request "PATCH" "${url}/${zone}" '{"rrsets": ['"${requests[${zone}]}"']}'

  446.     if [[ -z "${PDNS_NO_NOTIFY:-}" ]]; then

  447.       request "PUT" "${url}/${zone}/notify" ''

  448.     fi

  449.   done

  450. 

  451.   # Wait the requested amount of seconds when deployed

  452.   if [[ "${hook}" = "deploy_challenge" ]] && [[ -n "${PDNS_WAIT:-}" ]]; then

  453.     debug "Waiting for ${PDNS_WAIT} seconds"

  454. 

  455.     sleep "${PDNS_WAIT}"

  456.   fi

  457. }

  458. 

  459. main "$@"