StackExchange/dnscontrol
1
1
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-09-20 14:56:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

HOSTINGDE: Remove dnssec key from domain upon autodnssec disable (#2055)

Browse source 
Co-authored-by: Yannik Sembritzki <yannik@sembritzki.org>
This commit is contained in:
Yannik Sembritzki 2023-02-07 17:39:18 +05:30 committed by GitHub
parent 222666414a
commit e8ae619f89
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 67 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
providers/hostingde/api.go
View file

@ -248,6 +248,20 @@ func (hp *hostingdeProvider) getDNSSECOptions(zoneConfigId string) (*dnsSecOptio
return dnsSecOptions[0], nil return dnsSecOptions[0], nil
} }
func (hp *hostingdeProvider) dnsSecKeyModify(domain string, add []dnsSecEntry, remove []dnsSecEntry) error {
params := request{
DomainName: domain,
Add: add,
Remove: remove,
}
_, err := hp.get("domain", "dnsSecKeyModify", params)
if err != nil {
return err
}
return nil
}
func (hp *hostingdeProvider) get(service, method string, params request) (*responseData, error) { func (hp *hostingdeProvider) get(service, method string, params request) (*responseData, error) {
params.AuthToken = hp.authToken params.AuthToken = hp.authToken
params.OwnerAccountID = hp.ownerAccountID params.OwnerAccountID = hp.ownerAccountID

34
providers/hostingde/hostingdeProvider.go
View file

@ -217,7 +217,8 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
existingAutoDNSSecEnabled := zone.ZoneConfig.DNSSECMode == "automatic" existingAutoDNSSecEnabled := zone.ZoneConfig.DNSSECMode == "automatic"
desiredAutoDNSSecEnabled := dc.AutoDNSSEC == "on" desiredAutoDNSSecEnabled := dc.AutoDNSSEC == "on"
var DnsSecOptions *dnsSecOptions = nil var DnsSecOptions *dnsSecOptions
var removeDNSSecEntries []dnsSecEntry
// ensure that publishKsk is set for domains with AutoDNSSec // ensure that publishKsk is set for domains with AutoDNSSec
if existingAutoDNSSecEnabled && desiredAutoDNSSecEnabled { if existingAutoDNSSecEnabled && desiredAutoDNSSecEnabled {
@ -242,8 +243,25 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
zone.ZoneConfig.DNSSECMode = "automatic" zone.ZoneConfig.DNSSECMode = "automatic"
zoneChanged = true zoneChanged = true
} else if existingAutoDNSSecEnabled && !desiredAutoDNSSecEnabled { } else if existingAutoDNSSecEnabled && !desiredAutoDNSSecEnabled {
CurrentDnsSecOptions, err := hp.getDNSSECOptions(zone.ZoneConfig.ID)
if err != nil {
return nil, err
}
msg = append(msg, "Disable AutoDNSSEC") msg = append(msg, "Disable AutoDNSSEC")
zone.ZoneConfig.DNSSECMode = "off" zone.ZoneConfig.DNSSECMode = "off"
// Remove auto dnssec keys from domain
DomainConfig, err := hp.getDomainConfig(dc.Name)
if err != nil {
return nil, err
}
for _, entry := range DomainConfig.DNSSecEntries {
for _, autoDNSKey := range CurrentDnsSecOptions.Keys {
if entry.KeyData.PublicKey == autoDNSKey.KeyData.PublicKey {
removeDNSSecEntries = append(removeDNSSecEntries, entry)
}
}
}
zoneChanged = true zoneChanged = true
} }
@ -274,6 +292,20 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
}, },
} }
if removeDNSSecEntries != nil {
correction := models.Correction{
Msg: "Removing AutoDNSSEC Keys from Domain",
F: func() error {
err := hp.dnsSecKeyModify(dc.Name, nil, removeDNSSecEntries)
if err != nil {
return err
}
return nil
},
}
corrections = append(corrections, &correction)
}
return corrections, nil return corrections, nil
} }

29
providers/hostingde/types.go
View file

@ -23,13 +23,17 @@ type request struct {
Page uint `json:"page,omitempty"` Page uint `json:"page,omitempty"`
// Update Zone // Update Zone
ZoneConfig *zoneConfig `json:"zoneConfig"` ZoneConfig *zoneConfig `json:"zoneConfig,omitempty"`
RecordsToAdd []*record `json:"recordsToAdd"` RecordsToAdd []*record `json:"recordsToAdd,omitempty"`
RecordsToModify []*record `json:"recordsToModify"` RecordsToModify []*record `json:"recordsToModify,omitempty"`
RecordsToDelete []*record `json:"recordsToDelete"` RecordsToDelete []*record `json:"recordsToDelete,omitempty"`
// Create Zone // Create Zone
Records []*record `json:"records"` Records []*record `json:"records,omitempty"`
DomainName string `json:"domainName,omitempty"`
Add []dnsSecEntry `json:"add,omitempty"`
Remove []dnsSecEntry `json:"remove,omitempty"`
// Domain // Domain
Domain *domainConfig `json:"domain"` Domain *domainConfig `json:"domain"`
@ -52,9 +56,16 @@ type domainConfig struct {
Name string `json:"name"` Name string `json:"name"`
Contacts json.RawMessage `json:"contacts"` Contacts json.RawMessage `json:"contacts"`
Nameservers []nameserver `json:"nameservers"` Nameservers []nameserver `json:"nameservers"`
DNSSecEntries []dnsSecEntry `json:"dnsSecEntries"`
TransferLockEnabled bool `json:"transferLockEnabled"` TransferLockEnabled bool `json:"transferLockEnabled"`
} }
type dnsSecEntry struct {
KeyData dnsSecKey `json:"keyData"`
Comment string `json:"comment"`
KeyTag uint32 `json:"keyTag"`
}
type zoneConfig struct { type zoneConfig struct {
ID string `json:"id"` ID string `json:"id"`
DNSSECMode string `json:"dnsSecMode"` DNSSECMode string `json:"dnsSecMode"`
@ -82,10 +93,10 @@ type zone struct {
} }
type dnsSecOptions struct { type dnsSecOptions struct {
Keys []dnsSecKey `json:"flags,omitempty"` Keys []dnsSecEntry `json:"keys,omitempty"`
Algorithms []string `json:"algorithms,omitempty"` Algorithms []string `json:"algorithms,omitempty"`
NSECMode string `json:"nsecMode"` NSECMode string `json:"nsecMode"`
PublishKSK bool `json:"publishKsk"` PublishKSK bool `json:"publishKsk"`
} }
type dnsSecKey struct { type dnsSecKey struct {