MythicSalt/states/certificates/dehydrated/dehydrated-mythic-dns01/common/mythic-dns01

# Copyright (C) Mythic Beasts Ltd 2018

CONFIG=${MYTHIC_DNS_CONFIG:-/etc/dehydrated/dnsapi.config.txt}

# configure the busy wait loop; max time is $SLEEP * $MAXTRIES
SLEEP=5
MAXTRIES=60

# all our public authoritative servers
SERVERS="ns1.mythic-beasts.com ns2.mythic-beasts.com"

# dig options
DIGOPT='+time=1 +tries=1 +short'

wait_for_dns() {
    local key val i s
    key="$1" val="$2"
    for i in $(seq $MAXTRIES); do
        for s in $SERVERS; do
            if ! dig $DIGOPT @$s $key txt | grep -q -e $val; then
               sleep $SLEEP
               continue 2
            fi
        done
        break
    done
    if [ "$i" -eq "$MAXTRIES" ]; then
        echo challenge record not found in DNS >&2
        exit 1
    fi
}

call_api() {
    local action key val dns_domain dns_api_pass rr_part dns_api_secret
    action="$1" key="$2" val="$3"
    while read dns_domain dns_api_pass dns_api_secret; do
        case $key in
        *$dns_domain)
            rr_part=$(basename $key .$dns_domain)

            # If we have a third component in the config file then use the v2 API.
            if [ -z "${dns_api_secret}" ]; then
                # use DNS API v1
                echo -n "$dns_api_pass" |
                    curl --data-urlencode "domain=$dns_domain" --data-urlencode "password@-" --data-urlencode "command=$action $rr_part 30 TXT $val" https://dnsapi.mythic-beasts.com/
            else
                # use DNS API v2
                case $action in
                    ADD)
                        # Use POST here rather than PUT as we may handle multiple challenges in a single run - for example both '*' and bare domain.
                        echo -n "user = ${dns_api_pass}:${dns_api_secret}" |
                            curl -f -K - -X POST "https://api.mythic-beasts.com/dns/v2/zones/${dns_domain}/records/${rr_part}/TXT" -d data="${val}"
                            if [ $? -ne 0 ]; then
                                echo "Error adding DNS records"
                                exit 2
                            fi
                    ;;
                    DELETE)
                        echo -n "user = ${dns_api_pass}:${dns_api_secret}" |
                            curl -f -K - -X DELETE "https://api.mythic-beasts.com/dns/v2/zones/${dns_domain}/records/${rr_part}/TXT"
                            if [ $? -ne 0 ]; then
                                echo "Error cleaning up DNS records"
                                exit 3
                            fi
                    ;;
                esac
            fi

            break
            ;;
        esac
    done < $CONFIG
}