mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2024-09-20 14:56:20 +08:00
HOSTINGDE: Remove dnssec key from domain upon autodnssec disable (#2055)
Co-authored-by: Yannik Sembritzki <yannik@sembritzki.org>
This commit is contained in:
parent
222666414a
commit
e8ae619f89
|
@ -248,6 +248,20 @@ func (hp *hostingdeProvider) getDNSSECOptions(zoneConfigId string) (*dnsSecOptio
|
|||
return dnsSecOptions[0], nil
|
||||
}
|
||||
|
||||
func (hp *hostingdeProvider) dnsSecKeyModify(domain string, add []dnsSecEntry, remove []dnsSecEntry) error {
|
||||
params := request{
|
||||
DomainName: domain,
|
||||
Add: add,
|
||||
Remove: remove,
|
||||
}
|
||||
|
||||
_, err := hp.get("domain", "dnsSecKeyModify", params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (hp *hostingdeProvider) get(service, method string, params request) (*responseData, error) {
|
||||
params.AuthToken = hp.authToken
|
||||
params.OwnerAccountID = hp.ownerAccountID
|
||||
|
|
|
@ -217,7 +217,8 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
|
|||
existingAutoDNSSecEnabled := zone.ZoneConfig.DNSSECMode == "automatic"
|
||||
desiredAutoDNSSecEnabled := dc.AutoDNSSEC == "on"
|
||||
|
||||
var DnsSecOptions *dnsSecOptions = nil
|
||||
var DnsSecOptions *dnsSecOptions
|
||||
var removeDNSSecEntries []dnsSecEntry
|
||||
|
||||
// ensure that publishKsk is set for domains with AutoDNSSec
|
||||
if existingAutoDNSSecEnabled && desiredAutoDNSSecEnabled {
|
||||
|
@ -242,8 +243,25 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
|
|||
zone.ZoneConfig.DNSSECMode = "automatic"
|
||||
zoneChanged = true
|
||||
} else if existingAutoDNSSecEnabled && !desiredAutoDNSSecEnabled {
|
||||
CurrentDnsSecOptions, err := hp.getDNSSECOptions(zone.ZoneConfig.ID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
msg = append(msg, "Disable AutoDNSSEC")
|
||||
zone.ZoneConfig.DNSSECMode = "off"
|
||||
|
||||
// Remove auto dnssec keys from domain
|
||||
DomainConfig, err := hp.getDomainConfig(dc.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
for _, entry := range DomainConfig.DNSSecEntries {
|
||||
for _, autoDNSKey := range CurrentDnsSecOptions.Keys {
|
||||
if entry.KeyData.PublicKey == autoDNSKey.KeyData.PublicKey {
|
||||
removeDNSSecEntries = append(removeDNSSecEntries, entry)
|
||||
}
|
||||
}
|
||||
}
|
||||
zoneChanged = true
|
||||
}
|
||||
|
||||
|
@ -274,6 +292,20 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
|
|||
},
|
||||
}
|
||||
|
||||
if removeDNSSecEntries != nil {
|
||||
correction := models.Correction{
|
||||
Msg: "Removing AutoDNSSEC Keys from Domain",
|
||||
F: func() error {
|
||||
err := hp.dnsSecKeyModify(dc.Name, nil, removeDNSSecEntries)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
},
|
||||
}
|
||||
corrections = append(corrections, &correction)
|
||||
}
|
||||
|
||||
return corrections, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -23,13 +23,17 @@ type request struct {
|
|||
Page uint `json:"page,omitempty"`
|
||||
|
||||
// Update Zone
|
||||
ZoneConfig *zoneConfig `json:"zoneConfig"`
|
||||
RecordsToAdd []*record `json:"recordsToAdd"`
|
||||
RecordsToModify []*record `json:"recordsToModify"`
|
||||
RecordsToDelete []*record `json:"recordsToDelete"`
|
||||
ZoneConfig *zoneConfig `json:"zoneConfig,omitempty"`
|
||||
RecordsToAdd []*record `json:"recordsToAdd,omitempty"`
|
||||
RecordsToModify []*record `json:"recordsToModify,omitempty"`
|
||||
RecordsToDelete []*record `json:"recordsToDelete,omitempty"`
|
||||
|
||||
// Create Zone
|
||||
Records []*record `json:"records"`
|
||||
Records []*record `json:"records,omitempty"`
|
||||
|
||||
DomainName string `json:"domainName,omitempty"`
|
||||
Add []dnsSecEntry `json:"add,omitempty"`
|
||||
Remove []dnsSecEntry `json:"remove,omitempty"`
|
||||
|
||||
// Domain
|
||||
Domain *domainConfig `json:"domain"`
|
||||
|
@ -52,9 +56,16 @@ type domainConfig struct {
|
|||
Name string `json:"name"`
|
||||
Contacts json.RawMessage `json:"contacts"`
|
||||
Nameservers []nameserver `json:"nameservers"`
|
||||
DNSSecEntries []dnsSecEntry `json:"dnsSecEntries"`
|
||||
TransferLockEnabled bool `json:"transferLockEnabled"`
|
||||
}
|
||||
|
||||
type dnsSecEntry struct {
|
||||
KeyData dnsSecKey `json:"keyData"`
|
||||
Comment string `json:"comment"`
|
||||
KeyTag uint32 `json:"keyTag"`
|
||||
}
|
||||
|
||||
type zoneConfig struct {
|
||||
ID string `json:"id"`
|
||||
DNSSECMode string `json:"dnsSecMode"`
|
||||
|
@ -82,10 +93,10 @@ type zone struct {
|
|||
}
|
||||
|
||||
type dnsSecOptions struct {
|
||||
Keys []dnsSecKey `json:"flags,omitempty"`
|
||||
Algorithms []string `json:"algorithms,omitempty"`
|
||||
NSECMode string `json:"nsecMode"`
|
||||
PublishKSK bool `json:"publishKsk"`
|
||||
Keys []dnsSecEntry `json:"keys,omitempty"`
|
||||
Algorithms []string `json:"algorithms,omitempty"`
|
||||
NSECMode string `json:"nsecMode"`
|
||||
PublishKSK bool `json:"publishKsk"`
|
||||
}
|
||||
|
||||
type dnsSecKey struct {
|
||||
|
|
Loading…
Reference in a new issue