feat: add azure dns applicant

2025-01-12 21:10:35 +08:00
parent e5518b1067
commit b5db2d565a
18 changed files with 421 additions and 36 deletions
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@@ -8,7 +8,8 @@ import (
 	"github.com/usual2970/certimate/internal/domain"
 	providerACMEHttpReq "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/acmehttpreq"
 	providerAliyun "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun"
-	providerAWS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aws"
+	providerAWSRoute53 "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aws-route53"
+	providerAzureDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/azure-dns"
 	providerCloudflare "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudflare"
 	providerGoDaddy "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/godaddy"
 	providerHuaweiCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/huaweicloud"
@@ -65,7 +66,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 				return nil, fmt.Errorf("failed to decode provider access config: %w", err)
 			}

-			applicant, err := providerAWS.NewChallengeProvider(&providerAWS.AWSApplicantConfig{
+			applicant, err := providerAWSRoute53.NewChallengeProvider(&providerAWSRoute53.AWSRoute53ApplicantConfig{
 				AccessKeyId:        access.AccessKeyId,
 				SecretAccessKey:    access.SecretAccessKey,
 				Region:             maps.GetValueAsString(options.ProviderApplyConfig, "region"),
@@ -75,6 +76,23 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}

+	case domain.ApplyDNSProviderTypeAzureDNS:
+		{
+			access := domain.AccessConfigForAzure{}
+			if err := maps.Decode(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to decode provider access config: %w", err)
+			}
+
+			applicant, err := providerAzureDNS.NewChallengeProvider(&providerAzureDNS.AzureDNSApplicantConfig{
+				TenantId:           access.TenantId,
+				ClientId:           access.ClientId,
+				ClientSecret:       access.ClientSecret,
+				CloudName:          access.CloudName,
+				PropagationTimeout: options.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
 	case domain.ApplyDNSProviderTypeCloudflare:
 		{
 			access := domain.AccessConfigForCloudflare{}
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -40,6 +40,13 @@ type AccessConfigForAWS struct {
 	SecretAccessKey string `json:"secretAccessKey"`
 }

+type AccessConfigForAzure struct {
+	TenantId     string `json:"tenantId"`
+	ClientId     string `json:"clientId"`
+	ClientSecret string `json:"clientSecret"`
+	CloudName    string `json:"cloudName,omitempty"`
+}
+
 type AccessConfigForBaiduCloud struct {
 	AccessKeyId     string `json:"accessKeyId"`
 	SecretAccessKey string `json:"secretAccessKey"`
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -12,6 +12,7 @@ const (
 	AccessProviderTypeACMEHttpReq  = AccessProviderType("acmehttpreq")
 	AccessProviderTypeAliyun       = AccessProviderType("aliyun")
 	AccessProviderTypeAWS          = AccessProviderType("aws")
+	AccessProviderTypeAzure        = AccessProviderType("azure")
 	AccessProviderTypeBaiduCloud   = AccessProviderType("baiducloud")
 	AccessProviderTypeBytePlus     = AccessProviderType("byteplus")
 	AccessProviderTypeCloudflare   = AccessProviderType("cloudflare")
@@ -45,6 +46,7 @@ const (
 	ApplyDNSProviderTypeAliyunDNS       = ApplyDNSProviderType("aliyun-dns")
 	ApplyDNSProviderTypeAWS             = ApplyDNSProviderType("aws") // 兼容旧值，等同于 [ApplyDNSProviderTypeAWSRoute53]
 	ApplyDNSProviderTypeAWSRoute53      = ApplyDNSProviderType("aws-route53")
+	ApplyDNSProviderTypeAzureDNS        = ApplyDNSProviderType("azure-dns")
 	ApplyDNSProviderTypeCloudflare      = ApplyDNSProviderType("cloudflare")
 	ApplyDNSProviderTypeGoDaddy         = ApplyDNSProviderType("godaddy")
 	ApplyDNSProviderTypeHuaweiCloud     = ApplyDNSProviderType("huaweicloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeHuaweiCloudDNS]
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/aws-route53/aws-route53.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/aws-route53/aws-route53.go
@@ -1,4 +1,4 @@
-package aws
+package awsroute53

 import (
 	"errors"
@@ -8,7 +8,7 @@ import (
 	"github.com/go-acme/lego/v4/providers/dns/route53"
 )

-type AWSApplicantConfig struct {
+type AWSRoute53ApplicantConfig struct {
 	AccessKeyId        string `json:"accessKeyId"`
 	SecretAccessKey    string `json:"secretAccessKey"`
 	Region             string `json:"region"`
@@ -16,7 +16,7 @@ type AWSApplicantConfig struct {
 	PropagationTimeout int32  `json:"propagationTimeout,omitempty"`
 }

-func NewChallengeProvider(config *AWSApplicantConfig) (challenge.Provider, error) {
+func NewChallengeProvider(config *AWSRoute53ApplicantConfig) (challenge.Provider, error) {
 	if config == nil {
 		return nil, errors.New("config is nil")
 	}
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/azure-dns/azure-dns.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/azure-dns/azure-dns.go
@@ -0,0 +1,53 @@
+package azuredns
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/providers/dns/azuredns"
+)
+
+type AzureDNSApplicantConfig struct {
+	TenantId           string `json:"tenantId"`
+	ClientId           string `json:"clientId"`
+	ClientSecret       string `json:"clientSecret"`
+	CloudName          string `json:"cloudName,omitempty"`
+	PropagationTimeout int32  `json:"propagationTimeout,omitempty"`
+}
+
+func NewChallengeProvider(config *AzureDNSApplicantConfig) (challenge.Provider, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	providerConfig := azuredns.NewDefaultConfig()
+	providerConfig.TenantID = config.TenantId
+	providerConfig.ClientID = config.ClientId
+	providerConfig.ClientSecret = config.ClientSecret
+	if config.CloudName != "" {
+		switch strings.ToLower(config.CloudName) {
+		case "default", "public", "cloud", "azurecloud":
+			providerConfig.Environment = cloud.AzurePublic
+		case "usgovernment", "azureusgovernment":
+			providerConfig.Environment = cloud.AzureGovernment
+		case "china", "chinacloud", "azurechina", "azurechinacloud":
+			providerConfig.Environment = cloud.AzureChina
+		default:
+			return nil, fmt.Errorf("azuredns: unknown environment %s", config.CloudName)
+		}
+	}
+	if config.PropagationTimeout != 0 {
+		providerConfig.PropagationTimeout = time.Duration(config.PropagationTimeout) * time.Second
+	}
+
+	provider, err := azuredns.NewDNSProviderConfig(providerConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return provider, nil
+}