mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2024-09-20 14:56:20 +08:00
HOSTINGDE: Remove dnssec key from domain upon autodnssec disable (#2055)
Co-authored-by: Yannik Sembritzki <yannik@sembritzki.org>
This commit is contained in:
parent
222666414a
commit
e8ae619f89
|
@ -248,6 +248,20 @@ func (hp *hostingdeProvider) getDNSSECOptions(zoneConfigId string) (*dnsSecOptio
|
||||||
return dnsSecOptions[0], nil
|
return dnsSecOptions[0], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (hp *hostingdeProvider) dnsSecKeyModify(domain string, add []dnsSecEntry, remove []dnsSecEntry) error {
|
||||||
|
params := request{
|
||||||
|
DomainName: domain,
|
||||||
|
Add: add,
|
||||||
|
Remove: remove,
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err := hp.get("domain", "dnsSecKeyModify", params)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (hp *hostingdeProvider) get(service, method string, params request) (*responseData, error) {
|
func (hp *hostingdeProvider) get(service, method string, params request) (*responseData, error) {
|
||||||
params.AuthToken = hp.authToken
|
params.AuthToken = hp.authToken
|
||||||
params.OwnerAccountID = hp.ownerAccountID
|
params.OwnerAccountID = hp.ownerAccountID
|
||||||
|
|
|
@ -217,7 +217,8 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
|
||||||
existingAutoDNSSecEnabled := zone.ZoneConfig.DNSSECMode == "automatic"
|
existingAutoDNSSecEnabled := zone.ZoneConfig.DNSSECMode == "automatic"
|
||||||
desiredAutoDNSSecEnabled := dc.AutoDNSSEC == "on"
|
desiredAutoDNSSecEnabled := dc.AutoDNSSEC == "on"
|
||||||
|
|
||||||
var DnsSecOptions *dnsSecOptions = nil
|
var DnsSecOptions *dnsSecOptions
|
||||||
|
var removeDNSSecEntries []dnsSecEntry
|
||||||
|
|
||||||
// ensure that publishKsk is set for domains with AutoDNSSec
|
// ensure that publishKsk is set for domains with AutoDNSSec
|
||||||
if existingAutoDNSSecEnabled && desiredAutoDNSSecEnabled {
|
if existingAutoDNSSecEnabled && desiredAutoDNSSecEnabled {
|
||||||
|
@ -242,8 +243,25 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
|
||||||
zone.ZoneConfig.DNSSECMode = "automatic"
|
zone.ZoneConfig.DNSSECMode = "automatic"
|
||||||
zoneChanged = true
|
zoneChanged = true
|
||||||
} else if existingAutoDNSSecEnabled && !desiredAutoDNSSecEnabled {
|
} else if existingAutoDNSSecEnabled && !desiredAutoDNSSecEnabled {
|
||||||
|
CurrentDnsSecOptions, err := hp.getDNSSECOptions(zone.ZoneConfig.ID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
msg = append(msg, "Disable AutoDNSSEC")
|
msg = append(msg, "Disable AutoDNSSEC")
|
||||||
zone.ZoneConfig.DNSSECMode = "off"
|
zone.ZoneConfig.DNSSECMode = "off"
|
||||||
|
|
||||||
|
// Remove auto dnssec keys from domain
|
||||||
|
DomainConfig, err := hp.getDomainConfig(dc.Name)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
for _, entry := range DomainConfig.DNSSecEntries {
|
||||||
|
for _, autoDNSKey := range CurrentDnsSecOptions.Keys {
|
||||||
|
if entry.KeyData.PublicKey == autoDNSKey.KeyData.PublicKey {
|
||||||
|
removeDNSSecEntries = append(removeDNSSecEntries, entry)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
zoneChanged = true
|
zoneChanged = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -274,6 +292,20 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if removeDNSSecEntries != nil {
|
||||||
|
correction := models.Correction{
|
||||||
|
Msg: "Removing AutoDNSSEC Keys from Domain",
|
||||||
|
F: func() error {
|
||||||
|
err := hp.dnsSecKeyModify(dc.Name, nil, removeDNSSecEntries)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
}
|
||||||
|
corrections = append(corrections, &correction)
|
||||||
|
}
|
||||||
|
|
||||||
return corrections, nil
|
return corrections, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -23,13 +23,17 @@ type request struct {
|
||||||
Page uint `json:"page,omitempty"`
|
Page uint `json:"page,omitempty"`
|
||||||
|
|
||||||
// Update Zone
|
// Update Zone
|
||||||
ZoneConfig *zoneConfig `json:"zoneConfig"`
|
ZoneConfig *zoneConfig `json:"zoneConfig,omitempty"`
|
||||||
RecordsToAdd []*record `json:"recordsToAdd"`
|
RecordsToAdd []*record `json:"recordsToAdd,omitempty"`
|
||||||
RecordsToModify []*record `json:"recordsToModify"`
|
RecordsToModify []*record `json:"recordsToModify,omitempty"`
|
||||||
RecordsToDelete []*record `json:"recordsToDelete"`
|
RecordsToDelete []*record `json:"recordsToDelete,omitempty"`
|
||||||
|
|
||||||
// Create Zone
|
// Create Zone
|
||||||
Records []*record `json:"records"`
|
Records []*record `json:"records,omitempty"`
|
||||||
|
|
||||||
|
DomainName string `json:"domainName,omitempty"`
|
||||||
|
Add []dnsSecEntry `json:"add,omitempty"`
|
||||||
|
Remove []dnsSecEntry `json:"remove,omitempty"`
|
||||||
|
|
||||||
// Domain
|
// Domain
|
||||||
Domain *domainConfig `json:"domain"`
|
Domain *domainConfig `json:"domain"`
|
||||||
|
@ -52,9 +56,16 @@ type domainConfig struct {
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
Contacts json.RawMessage `json:"contacts"`
|
Contacts json.RawMessage `json:"contacts"`
|
||||||
Nameservers []nameserver `json:"nameservers"`
|
Nameservers []nameserver `json:"nameservers"`
|
||||||
|
DNSSecEntries []dnsSecEntry `json:"dnsSecEntries"`
|
||||||
TransferLockEnabled bool `json:"transferLockEnabled"`
|
TransferLockEnabled bool `json:"transferLockEnabled"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type dnsSecEntry struct {
|
||||||
|
KeyData dnsSecKey `json:"keyData"`
|
||||||
|
Comment string `json:"comment"`
|
||||||
|
KeyTag uint32 `json:"keyTag"`
|
||||||
|
}
|
||||||
|
|
||||||
type zoneConfig struct {
|
type zoneConfig struct {
|
||||||
ID string `json:"id"`
|
ID string `json:"id"`
|
||||||
DNSSECMode string `json:"dnsSecMode"`
|
DNSSECMode string `json:"dnsSecMode"`
|
||||||
|
@ -82,10 +93,10 @@ type zone struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type dnsSecOptions struct {
|
type dnsSecOptions struct {
|
||||||
Keys []dnsSecKey `json:"flags,omitempty"`
|
Keys []dnsSecEntry `json:"keys,omitempty"`
|
||||||
Algorithms []string `json:"algorithms,omitempty"`
|
Algorithms []string `json:"algorithms,omitempty"`
|
||||||
NSECMode string `json:"nsecMode"`
|
NSECMode string `json:"nsecMode"`
|
||||||
PublishKSK bool `json:"publishKsk"`
|
PublishKSK bool `json:"publishKsk"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type dnsSecKey struct {
|
type dnsSecKey struct {
|
||||||
|
|
Loading…
Reference in a new issue