StackExchange/dnscontrol
1
1
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2025-01-13 10:58:17 +08:00
Code Issues Projects Releases Packages Wiki Activity
dnscontrol/providers/powerdns/dnssec.go
Jan-Philipp Benecke 302a74b935
PowerDNS: Implement diff2 differ and some cleanup (#2194) 
Signed-off-by: Jan-Philipp Benecke <jan-philipp@bnck.me>
2023-03-17 10:22:10 -04:00

61 lines
1.5 KiB
Go
Raw Blame History

package powerdns
import (
"context"
"github.com/StackExchange/dnscontrol/v3/models"
"github.com/mittwald/go-powerdns/apis/cryptokeys"
)
// getDNSSECCorrections returns corrections that update a domain's DNSSEC state.
func (dsp *powerdnsProvider) getDNSSECCorrections(dc *models.DomainConfig) ([]*models.Correction, error) {
zoneCryptokeys, getErr := dsp.client.Cryptokeys().ListCryptokeys(context.Background(), dsp.ServerName, dc.Name)
if getErr != nil {
return nil, getErr
}
// check if any of the avail. key is active and published
hasEnabledKey := false
var keyID int
if len(zoneCryptokeys) > 0 {
for _, cryptoKey := range zoneCryptokeys {
if cryptoKey.Active && cryptoKey.Published {
hasEnabledKey = true
keyID = cryptoKey.ID
break
}
}
}
// dnssec is enabled, we want it to be disabled
if hasEnabledKey && dc.AutoDNSSEC == "off" {
return []*models.Correction{
{
Msg: "Disable DNSSEC",
F: func() error {
return dsp.client.Cryptokeys().DeleteCryptokey(context.Background(), dsp.ServerName, dc.Name, keyID)
},
},
}, nil
}
// dnssec is disabled, we want it to be enabled
if !hasEnabledKey && dc.AutoDNSSEC == "on" {
return []*models.Correction{
{
Msg: "Enable DNSSEC",
F: func() (err error) {
_, err = dsp.client.Cryptokeys().CreateCryptokey(context.Background(), dsp.ServerName, dc.Name, cryptokeys.Cryptokey{
KeyType: "csk",
Active: true,
Published: true,
})
return
},
},
}, nil
}
return nil, nil
}
Reference in a new issue View git blame Copy permalink