Add pkg/crypto/certmanager.MakeDnsResponder().

tyen-brex · Apr 13, 2021 · 8a5595b · 8a5595b
1 parent 5f5befd
commit 8a5595b
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 0 deletions.
diff --git a/pkg/crypto/certmanager/api.go b/pkg/crypto/certmanager/api.go
@@ -61,6 +61,12 @@ type CertificateManager struct {
 	certificate    *Certificate
 }
 
+// DnsRecordDeleteWriter is an interface to a DNS record manager.
+type DnsRecordDeleteWriter interface {
+	DeleteRecords(fqdn, recType string) error
+	WriteRecords(fqdn, recType string, recs []string, ttl time.Duration) error
+}
+
 type keyMakerFunc func() (crypto.Signer, error)
 
 // Locker is an interface to a remote locking mechanism.
@@ -136,3 +142,9 @@ func (cm *CertificateManager) GetCertificate(hello *tls.ClientHelloInfo) (
 func (cm *CertificateManager) GetWriteNotifier() <-chan struct{} {
 	return cm.writeNotifier
 }
+
+// MakeDnsResponder will create a dns-01 Responder from a DNS record manager.
+func MakeDnsResponder(rdw DnsRecordDeleteWriter,
+	logger log.DebugLogger) (Responder, error) {
+	return makeDnsResponder(rdw, logger)
+}
diff --git a/pkg/crypto/certmanager/dns.go b/pkg/crypto/certmanager/dns.go
@@ -2,8 +2,18 @@ package certmanager
 
 import (
 	"golang.org/x/crypto/acme"
+	"time"
+
+	"github.com/Cloud-Foundations/golib/pkg/log"
 )
 
+type dnsResponder struct {
+	rdw    DnsRecordDeleteWriter
+	logger log.DebugLogger
+	// Mutable data follow.
+	records map[string]string
+}
+
 func (cm *CertificateManager) respondDNS(domain string,
 	challenge *acme.Challenge) error {
 	response, err := cm.acmeClient.DNS01ChallengeRecord(challenge.Token)
@@ -12,3 +22,38 @@ func (cm *CertificateManager) respondDNS(domain string,
 	}
 	return cm.responder.Respond("_acme-challenge."+domain, response)
 }
+
+func makeDnsResponder(rdw DnsRecordDeleteWriter,
+	logger log.DebugLogger) (Responder, error) {
+	return &dnsResponder{
+		rdw:     rdw,
+		logger:  logger,
+		records: make(map[string]string),
+	}, nil
+}
+
+func (r *dnsResponder) Cleanup() {
+	if len(r.records) < 1 {
+		return
+	}
+	for fqdn := range r.records {
+		if err := r.rdw.DeleteRecords(fqdn, "TXT"); err != nil {
+			r.logger.Println(err)
+		} else {
+			delete(r.records, fqdn)
+		}
+	}
+}
+
+func (r *dnsResponder) Respond(key, value string) error {
+	if r.records[key] == value {
+		return nil
+	}
+	r.logger.Debugf(1, "publishing %s TXT=\"%s\"\n", key, value)
+	err := r.rdw.WriteRecords(key, "TXT", []string{value}, time.Second*15)
+	if err != nil {
+		return err
+	}
+	r.records[key] = value
+	return nil
+}