Add DNS provider for Bunny (#1848)

Co-authored-by: Fernandez Ludovic <[email protected]>

cmd/zz_gen_cmd_dnshelp.go

@@ -23,6 +23,7 @@ func allDNSCodes() string {
 		"azure",
 		"bindman",
 		"bluecat",
+		"bunny",
 		"checkdomain",
 		"civo",
 		"clouddns",
@@ -330,6 +331,25 @@ func displayDNSHelp(w io.Writer, name string) error {
 		ew.writeln()
 		ew.writeln(`More information: https://go-acme.github.io/lego/dns/bluecat`)
 
+	case "bunny":
+		// generated from: providers/dns/bunny/bunny.toml
+		ew.writeln(`Configuration for Bunny.`)
+		ew.writeln(`Code:	'bunny'`)
+		ew.writeln(`Since:	'v4.11.0'`)
+		ew.writeln()
+
+		ew.writeln(`Credentials:`)
+		ew.writeln(`	- "BUNNY_API_KEY":	API key`)
+		ew.writeln()
+
+		ew.writeln(`Additional Configuration:`)
+		ew.writeln(`	- "BUNNY_POLLING_INTERVAL":	Time between DNS propagation check`)
+		ew.writeln(`	- "BUNNY_PROPAGATION_TIMEOUT":	Maximum waiting time for DNS propagation`)
+		ew.writeln(`	- "BUNNY_TTL":	The TTL of the TXT record used for the DNS challenge`)
+
+		ew.writeln()
+		ew.writeln(`More information: https://go-acme.github.io/lego/dns/bunny`)
+
 	case "checkdomain":
 		// generated from: providers/dns/checkdomain/checkdomain.toml
 		ew.writeln(`Configuration for Checkdomain.`)

docs/content/dns/zz_gen_bunny.md

@@ -0,0 +1,66 @@
+---
+title: "Bunny"
+date: 2019-03-03T16:39:46+01:00
+draft: false
+slug: bunny
+dnsprovider:
+  since:    "v4.11.0"
+  code:     "bunny"
+  url:      "https://bunny.net"
+---
+
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
+<!-- providers/dns/bunny/bunny.toml -->
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
+
+
+Configuration for [Bunny](https://bunny.net).
+
+
+<!--more-->
+
+- Code: `bunny`
+- Since: v4.11.0
+
+
+Here is an example bash command using the Bunny provider:
+
+```bash
+BUNNY_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
+lego --email [email protected] --dns bunny --domains my.example.org run
+```
+
+
+
+
+## Credentials
+
+| Environment Variable Name | Description |
+|-----------------------|-------------|
+| `BUNNY_API_KEY` | API key |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{< ref "dns#configuration-and-credentials" >}}).
+
+
+## Additional Configuration
+
+| Environment Variable Name | Description |
+|--------------------------------|-------------|
+| `BUNNY_POLLING_INTERVAL` | Time between DNS propagation check |
+| `BUNNY_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
+| `BUNNY_TTL` | The TTL of the TXT record used for the DNS challenge |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{< ref "dns#configuration-and-credentials" >}}).
+
+
+
+
+## More information
+
+- [API documentation](https://docs.bunny.net/reference/dnszonepublic_index)
+
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
+<!-- providers/dns/bunny/bunny.toml -->
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->

docs/data/zz_cli_help.toml

@@ -125,7 +125,7 @@ To display the documentation for a specific DNS provider, run:
   $ lego dnshelp -c code
 
 Supported DNS providers:
-  acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, bindman, bluecat, checkdomain, civo, clouddns, cloudflare, cloudns, cloudxns, conoha, constellix, desec, designate, digitalocean, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, hetzner, hostingde, hosttech, httpreq, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, iwantmyname, joker, liara, lightsail, linode, liquidweb, loopia, luadns, manual, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, servercow, simply, sonic, stackpath, tencentcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, vscale, vultr, websupport, wedos, yandex, yandexcloud, zoneee, zonomi
+  acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, bindman, bluecat, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudxns, conoha, constellix, desec, designate, digitalocean, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, hetzner, hostingde, hosttech, httpreq, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, iwantmyname, joker, liara, lightsail, linode, liquidweb, loopia, luadns, manual, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, servercow, simply, sonic, stackpath, tencentcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, vscale, vultr, websupport, wedos, yandex, yandexcloud, zoneee, zonomi
 
 More information: https://go-acme.github.io/lego/dns
 """

go.mod

@@ -51,6 +51,7 @@ require (
 	github.com/sacloud/api-client-go v0.2.1
 	github.com/sacloud/iaas-api-go v1.3.2
 	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9
+	github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04
 	github.com/softlayer/softlayer-go v1.0.6
 	github.com/stretchr/testify v1.8.1
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490

go.sum

@@ -497,6 +497,8 @@ github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9 h1:0roa6gXKgyta64uqh52AQG3wzZX
 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04 h1:ZTzdx88+AcnjqUfJwnz89UBrMSBQ1NEysg9u5d+dU9c=
+github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04/go.mod h1:5KS21fpch8TIMyAUv/qQqTa3GZfBDYgjaZbd2KXKYfg=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=

providers/dns/bunny/bunny.go

@@ -0,0 +1,205 @@
+// Package bunny implements a DNS provider for solving the DNS-01 challenge using Bunny DNS.
+package bunny
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/go-acme/lego/v4/platform/config/env"
+	"github.com/simplesurance/bunny-go"
+)
+
+const minTTL = 60
+
+// Environment variables names.
+const (
+	envNamespace = "BUNNY_"
+
+	EnvAPIKey = envNamespace + "API_KEY"
+
+	EnvTTL                = envNamespace + "TTL"
+	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+	APIKey             string
+	PropagationTimeout time.Duration
+	PollingInterval    time.Duration
+	TTL                int
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+	return &Config{
+		TTL:                env.GetOrDefaultInt(EnvTTL, minTTL),
+		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second),
+		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, 2*time.Second),
+	}
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+	config *Config
+	client *bunny.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for bunny.
+// Credentials must be passed in the environment variable: BUNNY_API_KEY.
+func NewDNSProvider() (*DNSProvider, error) {
+	values, err := env.Get(EnvAPIKey)
+	if err != nil {
+		return nil, fmt.Errorf("bunny: %w", err)
+	}
+
+	config := NewDefaultConfig()
+	config.APIKey = values[EnvAPIKey]
+
+	return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for bunny.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+	if config == nil {
+		return nil, errors.New("bunny: the configuration of the DNS provider is nil")
+	}
+
+	if config.APIKey == "" {
+		return nil, errors.New("bunny: credentials missing")
+	}
+
+	if config.TTL < minTTL {
+		return nil, fmt.Errorf("bunny: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
+	}
+
+	client := bunny.NewClient(config.APIKey)
+
+	return &DNSProvider{config: config, client: client}, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS
+// propagation. Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record to fulfill the dns-01 challenge.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
+
+	authZone, err := getZone(fqdn)
+	if err != nil {
+		return fmt.Errorf("bunny: failed to find zone: fqdn=%s: %w", fqdn, err)
+	}
+
+	ctx := context.Background()
+
+	zone, err := d.findZone(ctx, authZone)
+	if err != nil {
+		return fmt.Errorf("bunny: %w", err)
+	}
+
+	subDomain, err := dns01.ExtractSubDomain(fqdn, authZone)
+	if err != nil {
+		return fmt.Errorf("bunny: %w", err)
+	}
+
+	record := &bunny.AddOrUpdateDNSRecordOptions{
+		Type:  pointer(bunny.DNSRecordTypeTXT),
+		Name:  pointer(subDomain),
+		Value: pointer(value),
+		TTL:   pointer(int32(d.config.TTL)),
+	}
+
+	if _, err := d.client.DNSZone.AddDNSRecord(ctx, deref(zone.ID), record); err != nil {
+		return fmt.Errorf("bunny: failed to add TXT record: fqdn=%s, zoneID=%d: %w", fqdn, deref(zone.ID), err)
+	}
+
+	return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)
+
+	authZone, err := getZone(fqdn)
+	if err != nil {
+		return fmt.Errorf("bunny:  failed to find zone: fqdn=%s: %w", fqdn, err)
+	}
+
+	ctx := context.Background()
+
+	zone, err := d.findZone(ctx, authZone)
+	if err != nil {
+		return fmt.Errorf("bunny: %w", err)
+	}
+
+	subDomain, err := dns01.ExtractSubDomain(fqdn, authZone)
+	if err != nil {
+		return fmt.Errorf("bunny: %w", err)
+	}
+
+	var record *bunny.DNSRecord
+	for _, r := range zone.Records {
+		if deref(r.Name) == subDomain && deref(r.Type) == bunny.DNSRecordTypeTXT {
+			r := r
+			record = &r
+			break
+		}
+	}
+
+	if record == nil {
+		return fmt.Errorf("bunny: could not find TXT record zone=%d, subdomain=%s", deref(zone.ID), subDomain)
+	}
+
+	if err := d.client.DNSZone.DeleteDNSRecord(ctx, deref(zone.ID), deref(record.ID)); err != nil {
+		return fmt.Errorf("bunny: failed to delete TXT record: id=%d, name=%s: %w", deref(record.ID), deref(record.Name), err)
+	}
+
+	return nil
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, authZone string) (*bunny.DNSZone, error) {
+	zones, err := d.client.DNSZone.List(ctx, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var zone *bunny.DNSZone
+	for _, item := range zones.Items {
+		if item != nil && deref(item.Domain) == authZone {
+			zone = item
+			break
+		}
+	}
+
+	if zone == nil {
+		return nil, fmt.Errorf("could not find DNSZone zone=%s", authZone)
+	}
+
+	return zone, nil
+}
+
+func getZone(fqdn string) (string, error) {
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
+	if err != nil {
+		return "", err
+	}
+
+	return dns01.UnFqdn(authZone), nil
+}
+
+func pointer[T string | int | int32 | int64](v T) *T { return &v }
+
+func deref[T string | int | int32 | int64](v *T) T {
+	if v == nil {
+		var zero T
+		return zero
+	}
+
+	return *v
+}

providers/dns/bunny/bunny.toml

@@ -0,0 +1,22 @@
+Name = "Bunny"
+Description = ''''''
+URL = "https://bunny.net"
+Code = "bunny"
+Since = "v4.11.0"
+
+Example = '''
+BUNNY_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
+lego --email [email protected] --dns bunny --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    BUNNY_API_KEY = "API key"
+  [Configuration.Additional]
+    BUNNY_POLLING_INTERVAL = "Time between DNS propagation check"
+    BUNNY_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    BUNNY_TTL = "The TTL of the TXT record used for the DNS challenge"
+
+[Links]
+  API = "https://docs.bunny.net/reference/dnszonepublic_index"
+  bunny-go = "https://github.com/simplesurance/bunny-go"