Add DNS provider for Selectel v2

Archirk commented 2 months ago

We, in Selectel, released v2 version of DNS API. But it fully independent service from v1. For a while(year or even more) we will support both versions, that why v1 ins not yet noted as deprecated and v2 porvider created as spearated package.

Also we decided to do authorization with Openstack credentials instead of asking end user to obtain keystone token by himself as we think it is more convenient. If we will get feedback that users want to pass Keystone directly we will add env varbiale for this in the future.

Didn't know that is correct way to mention version on .toml so decided to set to feature bump relative to current tag.

[x] add a description to your PR
[x] have a homogeneous design with the other providers
[x] add tests (units)
[x] add tests ("live")
[x] add a provider descriptor
[x] generate CLI help, documentation, and readme.
[x] do go mod tidy
[x] be able to do: (and put the output of this command to a comment)
```
make build
rm -rf .lego
```

SELECTELV2_USERNAME= \ SELECTELV2_PASSWORD= \ SELECTELV2_ACCOUNT_ID=** \ SELECTELV2_PROJECT_ID=**** \ ./dist/lego -m your@email.com --dns selectelv2 -d .example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

output:

./dist/lego --email digitalarchie@gmail.com --dns selectelv2 -d *.project-scribbler.art -d project-scribbler.art -s https://acme-staging-v02.api.letsencrypt.org/directory run 2024/04/09 15:23:33 No key found for account digitalarchie@gmail.com. Generating a P256 key. 2024/04/09 15:23:33 Saved key to /home/chirkov/Repositories/github/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/digitalarchie@gmail.com/keys/digitalarchie@gmail.com.key 2024/04/09 15:23:33 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf Do you accept the TOS? Y/n y 2024/04/09 15:23:34 [INFO] acme: Registering account for digitalarchie@gmail.com !!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt configuration directory at "/home/chirkov/Repositories/github/lego/.lego/accounts".

You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained from Let's Encrypt so making regular backups of this folder is ideal. 2024/04/09 15:23:35 [INFO] [.project-scribbler.art, project-scribbler.art] acme: Obtaining bundled SAN certificate 2024/04/09 15:23:36 [INFO] [.project-scribbler.art] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/11943318124 2024/04/09 15:23:36 [INFO] [project-scribbler.art] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/11943318134 2024/04/09 15:23:36 [INFO] [.project-scribbler.art] acme: use dns-01 solver 2024/04/09 15:23:36 [INFO] [project-scribbler.art] acme: Could not find solver for: tls-alpn-01 2024/04/09 15:23:36 [INFO] [project-scribbler.art] acme: Could not find solver for: http-01 2024/04/09 15:23:36 [INFO] [project-scribbler.art] acme: use dns-01 solver 2024/04/09 15:23:36 [INFO] [.project-scribbler.art] acme: Preparing to solve DNS-01 2024/04/09 15:23:38 [INFO] [project-scribbler.art] acme: Preparing to solve DNS-01 2024/04/09 15:23:38 [INFO] [.project-scribbler.art] acme: Trying to solve DNS-01 2024/04/09 15:23:39 [INFO] [.project-scribbler.art] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53] 2024/04/09 15:23:44 [INFO] Wait for propagation [timeout: 2m0s, interval: 5s] 2024/04/09 15:23:44 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:23:49 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:23:54 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:23:59 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:24:04 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:24:09 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:24:14 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:24:19 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:24:24 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:24:29 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:24:34 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:24:39 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:24:44 [INFO] [.project-scribbler.art] acme: Waiting for DNS record propagation. 2024/04/09 15:25:08 [INFO] [.project-scribbler.art] The server validated our request 2024/04/09 15:25:08 [INFO] [project-scribbler.art] acme: Trying to solve DNS-01 2024/04/09 15:25:08 [INFO] [project-scribbler.art] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53] 2024/04/09 15:25:13 [INFO] Wait for propagation [timeout: 2m0s, interval: 5s] 2024/04/09 15:25:21 [INFO] [project-scribbler.art] The server validated our request 2024/04/09 15:25:21 [INFO] [.project-scribbler.art] acme: Cleaning DNS-01 challenge 2024/04/09 15:25:24 [INFO] [project-scribbler.art] acme: Cleaning DNS-01 challenge 2024/04/09 15:25:25 [INFO] [.project-scribbler.art, project-scribbler.art] acme: Validations succeeded; requesting certificates 2024/04/09 15:25:25 [INFO] Wait for certificate [timeout: 30s, interval: 500ms] 2024/04/09 15:25:27 [INFO] [*.project-scribbler.art] Server responded with a certificate.

ldez commented 2 months ago

https://github.com/go-acme/lego/pull/2151#issuecomment-2045098311

Archirk commented 2 months ago

#2151 (comment)

Incorrect branch for merging

ldez commented 2 months ago

Incorrect branch for merging

It's recommended to use a dedicated branch for a PR, and to avoid using master, so I don't understand.

Archirk commented 2 months ago

Incorrect branch for merging

It's recommended to use a dedicated branch for a PR, and to avoid using master, so I don't understand.

Is it required to update dedicated branch in my forked repository and reopen PR with dedicated branch or you could review this PR?

ldez commented 2 months ago

I can review this PR.

ldez commented 2 months ago

Hello, in order for a PR adding a DNS provider to be accepted, you have to:

[x] add a description to your PR
[x] be able to maintain this provider
[x] have a homogeneous design with the other providers
[x] add tests (units)
```
make test
```
[x] add tests ("live") https://github.com/go-acme/lego/blob/c938de68f262c057542d44bcb67ef961cefcc60e/providers/dns/cloudflare/cloudflare_test.go#L125-L151

make test

[x] add a provider descriptor
[x] generate CLI help, documentation, and readme.
```
make generate-dns
```
[x] be able to do: (and put the output of this command to a comment in your PR)
```
rm -rf .lego
```

./lego -m your@email.com --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

Note the wildcard domain is important.
- [x] pass the linter ([golangci-lint](https://github.com/golangci/golangci-lint#install) must be installed):
```shell
make checks

[x] do go mod tidy

ldez commented 2 months ago

The code was far from having a homogeneous design with the other providers, so I fixed that.

The way to handle the token was not working with long-running instances (I guess the token has a lifespan).

Can you run again the following command and provide the output of the command?

rm -rf .lego

SELECTELV2_USERNAME=***** \
SELECTELV2_PASSWORD=***** \
SELECTELV2_ACCOUNT_ID=****** \
SELECTELV2_PROJECT_ID=***** \
./dist/lego -m your@email.com --dns selectelv2 -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

@Archirk

Archirk commented 2 months ago

Thank you.

Yes token has a lifespan but it is 24 hours.

Seems to be working fine on my side.

chirkov@chirkov:~/Repositories/github/lego$ git log --pretty=format:'%h' -n 1
79a39c28
chirkov@chirkov:~/Repositories/github/lego$ SELECTELV2_USERNAME=*** SELECTELV2_PASSWORD=*** SELECTELV2_ACCOUNT_ID=*** SELECTELV2_PROJECT_ID=*** ./dist/lego --email digitalarchie@gmail.com --dns selectelv2 -d *.project-scribbler.art -d project-scribbler.art -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/04/09 17:58:08 No key found for account digitalarchie@gmail.com. Generating a P256 key.
2024/04/09 17:58:08 Saved key to /home/chirkov/Repositories/github/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/digitalarchie@gmail.com/keys/digitalarchie@gmail.com.key
2024/04/09 17:58:09 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
y
2024/04/09 17:58:11 [INFO] acme: Registering account for digitalarchie@gmail.com
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/home/chirkov/Repositories/github/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/04/09 17:58:11 [INFO] [*.project-scribbler.art, project-scribbler.art] acme: Obtaining bundled SAN certificate
2024/04/09 17:58:12 [INFO] [*.project-scribbler.art] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/11944399374
2024/04/09 17:58:12 [INFO] [project-scribbler.art] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/11944399384
2024/04/09 17:58:12 [INFO] [*.project-scribbler.art] acme: use dns-01 solver
2024/04/09 17:58:12 [INFO] [project-scribbler.art] acme: Could not find solver for: tls-alpn-01
2024/04/09 17:58:12 [INFO] [project-scribbler.art] acme: Could not find solver for: http-01
2024/04/09 17:58:12 [INFO] [project-scribbler.art] acme: use dns-01 solver
2024/04/09 17:58:12 [INFO] [*.project-scribbler.art] acme: Preparing to solve DNS-01
2024/04/09 17:58:14 [INFO] [project-scribbler.art] acme: Preparing to solve DNS-01
2024/04/09 17:58:16 [INFO] [*.project-scribbler.art] acme: Trying to solve DNS-01
2024/04/09 17:58:16 [INFO] [*.project-scribbler.art] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/04/09 17:58:21 [INFO] Wait for propagation [timeout: 2m0s, interval: 5s]
2024/04/09 17:58:22 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:58:27 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:58:32 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:58:37 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:58:42 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:58:47 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:58:52 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:58:57 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:59:02 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:59:07 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:59:12 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:59:17 [INFO] [*.project-scribbler.art] acme: Waiting for DNS record propagation.
2024/04/09 17:59:46 [INFO] [*.project-scribbler.art] The server validated our request
2024/04/09 17:59:46 [INFO] [project-scribbler.art] acme: Trying to solve DNS-01
2024/04/09 17:59:46 [INFO] [project-scribbler.art] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/04/09 17:59:51 [INFO] Wait for propagation [timeout: 2m0s, interval: 5s]
2024/04/09 18:00:09 [INFO] [project-scribbler.art] The server validated our request
2024/04/09 18:00:09 [INFO] [*.project-scribbler.art] acme: Cleaning DNS-01 challenge
2024/04/09 18:00:11 [INFO] [project-scribbler.art] acme: Cleaning DNS-01 challenge
2024/04/09 18:00:13 [INFO] [*.project-scribbler.art, project-scribbler.art] acme: Validations succeeded; requesting certificates
2024/04/09 18:00:13 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/04/09 18:00:15 [INFO] [*.project-scribbler.art] Server responded with a certificate.

Archirk commented 2 months ago

@ldez Thank your for corrections. I am sorry that I understand homogeneous in different way so you had to make these changes.

I assume from all passed checks and your thumb up that PR is ok. Can you tell when I could expect PR to be merged into master(and tagged) so I could forward this information to my team?

ldez commented 2 months ago

I always try waiting a bit after a review like that (when I make changes) just to be able to do a second review. I did the "second" review (cf the latest commit), then I will merge the PR.

ldez commented 2 months ago

FYI your profile picture doesn't appear in the commit tree because the email you have used to commit is not linked to your GitHub account. If you add it, your PP will appear.

Archirk commented 2 months ago

FYI your profile picture doesn't appear in the commit tree because the email you have used to commit is not linked to your GitHub account. If you add it, your PP will appear.

Thank you for noticing. I know. Just do my work with work email and I have no habbit to specify local git config when do occasional work on public repos (probably should though) Just hope it is not any security concerns for you. As for my public contributions stats and etc - I do not care that much.

go-acme / lego

Add DNS provider for Selectel v2 #2152