mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
49e643783d
`dnspython` 2.0.0 has many changes and several deprecations like: ``` > dns.resolver.resolve() has been added, allowing control of whether search lists are used. dns.resolver.query() is retained for backwards compatibility, but deprecated. The default for search list behavior can be set at in the resolver object with the use_search_by_default parameter. The default is False. > dns.resolver.resolve_address() has been added, allowing easy address-to-name lookups. ``` The new class `DNSResolver`: - provides the compatibility layer - defaults the previous behavior (the search list configured in the system's resolver configuration is used for relative names) - defaults lifetime to 15sec (determines the number of seconds to spend trying to get an answer to the question) Fixes: https://pagure.io/freeipa/issue/8383 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
50 lines
1.2 KiB
Python
Executable File
50 lines
1.2 KiB
Python
Executable File
#!/usr/bin/python3
|
|
#
|
|
# Copyright (C) 2020 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
"""
|
|
This script can be used with Certbot to satisfy dns-01 challenges.
|
|
FreeIPA integrated DNS is required.
|
|
|
|
This script can be used for both --manual-auth-hook and
|
|
--manual-cleanup-hook. It not intended to be used in other
|
|
contexts.
|
|
|
|
Kerberos credentials are required. The principal must have
|
|
permission to add and delete DNS records via the dnsrecord_add and
|
|
dnsrecord_del commands.
|
|
|
|
"""
|
|
|
|
import os
|
|
import sys
|
|
|
|
from ipalib import api, errors
|
|
from ipapython import dnsutil
|
|
|
|
try:
|
|
certbot_domain = os.environ['CERTBOT_DOMAIN']
|
|
certbot_validation = os.environ['CERTBOT_VALIDATION']
|
|
except KeyError:
|
|
sys.exit("Missing Certbot environment variables.")
|
|
|
|
if 'CERTBOT_AUTH_OUTPUT' in os.environ:
|
|
command = 'dnsrecord_del'
|
|
else:
|
|
command = 'dnsrecord_add'
|
|
|
|
validation_domain = f'_acme-challenge.{certbot_domain}'
|
|
fqdn = dnsutil.DNSName(validation_domain).make_absolute()
|
|
zone = dnsutil.DNSName(dnsutil.zone_for_name(fqdn))
|
|
name = fqdn.relativize(zone)
|
|
|
|
try:
|
|
api.bootstrap(context='cli')
|
|
api.finalize()
|
|
api.Backend.rpcclient.connect()
|
|
except errors.CCacheError as e:
|
|
sys.exit(e)
|
|
|
|
api.Command[command](zone, name, txtrecord=[certbot_validation], dnsttl=60)
|