From 11cbb44946c89345ce9ad6111c04716adc8868d3 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 14:14:20 +0800 Subject: [PATCH 01/34] Impliments OCI Instance Principal --- certbot_dns_oci/dns_oci.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 7b1f50e..bdbe248 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -31,6 +31,9 @@ def add_parser_arguments(cls, add, **kwargs): # pylint: disable=arguments-diffe # TODO: implement these: add('config', help="OCI CLI Configuration file.") add('profile', help="OCI configuration profile (in OCI configuration file)") + # Add argument for instance principal + add('instance_principal',help="Use instance principal for authentication.") + def more_info(self): # pylint: disable=missing-docstring,no-self-use return ( @@ -39,11 +42,15 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use ) def _setup_credentials(self): + # Add argument for instance principal + if self.conf('instance_principal'): + self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() + else: # implement profile - full implementation of config file is WIP - oci_config_profile = 'DEFAULT' - if self.conf('profile') is not None: - oci_config_profile = self.conf('profile') - self.credentials = oci.config.from_file(profile_name=oci_config_profile) + oci_config_profile = 'DEFAULT' + if self.conf('profile') is not None: + oci_config_profile = self.conf('profile') + self.credentials = oci.config.from_file(profile_name=oci_config_profile) def _perform(self, domain, validation_name, validation): self._get_ocidns_client().add_txt_record( From e6d3f53c3ca3b4b0138f0b2fb1b2bf8576a73dc8 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 14:20:26 +0800 Subject: [PATCH 02/34] Adding validate_options to stop people getting confused. --- certbot_dns_oci/dns_oci.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index bdbe248..4697004 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -34,6 +34,12 @@ def add_parser_arguments(cls, add, **kwargs): # pylint: disable=arguments-diffe # Add argument for instance principal add('instance_principal',help="Use instance principal for authentication.") + def validate_options(self): + # Validate options to ensure that conflicting arguments are not provided together + if self.conf('instance_principal') and self.conf('oci_config'): + raise errors.PluginError( + "Conflicting arguments: 'instance_principal' and 'oci_config' cannot be provided together." + ) def more_info(self): # pylint: disable=missing-docstring,no-self-use return ( From a6e8ac09976afbf8723b554dc63d49d64820b6ed Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 14:33:28 +0800 Subject: [PATCH 03/34] Update Documentation --- README.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.rst b/README.rst index 4c25f8b..f937487 100644 --- a/README.rst +++ b/README.rst @@ -76,6 +76,9 @@ This plug-in supports the following arguments on certbot's command line: ``--dns-oci-propagation-seconds`` Amount of time to allow for the DNS change to propagate before asking the ACME server to verify the DNS record. (Default: 15) + +``--instance-principal`` Use instance principal for authentication. + (Optional) ======================================= ======================================================== @@ -90,6 +93,13 @@ To acquire a TEST certificate for demosite.ociateam.com: --logs-dir logs --work-dir work --config-dir config \ --authenticator dns-oci -d demosite.ociateam.com +To acquire a TEST certificate for demosite.ociateam.com using instance principal: +.. code-block:: bash + + certbot --test-cert certonly \ + --logs-dir logs --work-dir work --instance-principal \ + --authenticator dns-oci -d demosite.ociateam.com + To acquire a *real* certificate for demosite.ociateam.com: @@ -99,3 +109,9 @@ To acquire a *real* certificate for demosite.ociateam.com: --logs-dir logs --work-dir work --config-dir config \ --authenticator dns-oci -d demosite.ociateam.com +To acquire a *real* certificate for demosite.ociateam.com using instance principal: +.. code-block:: bash + + certbot certonly \ + --logs-dir logs --work-dir work --instance-principal config \ + --authenticator dns-oci -d demosite.ociateam.com From 70a4348118cc03954e7569bb5e04d43cf8897dc0 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 14:34:52 +0800 Subject: [PATCH 04/34] Update Documentation --- README.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.rst b/README.rst index f937487..3a3c387 100644 --- a/README.rst +++ b/README.rst @@ -93,7 +93,9 @@ To acquire a TEST certificate for demosite.ociateam.com: --logs-dir logs --work-dir work --config-dir config \ --authenticator dns-oci -d demosite.ociateam.com + To acquire a TEST certificate for demosite.ociateam.com using instance principal: + .. code-block:: bash certbot --test-cert certonly \ @@ -109,7 +111,9 @@ To acquire a *real* certificate for demosite.ociateam.com: --logs-dir logs --work-dir work --config-dir config \ --authenticator dns-oci -d demosite.ociateam.com + To acquire a *real* certificate for demosite.ociateam.com using instance principal: + .. code-block:: bash certbot certonly \ From da4d14dfe67511b0d291c557144c54465c4d5b16 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 14:40:42 +0800 Subject: [PATCH 05/34] Bump version --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index cb91c75..ade9187 100644 --- a/setup.py +++ b/setup.py @@ -1,7 +1,7 @@ from setuptools import setup from setuptools import find_packages -version = "0.1.0" +version = "0.1.1" install_requires = [ "acme>=1.31.0", From fcb72154300a35cd6728955c3458505e38e28480 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 14:50:19 +0800 Subject: [PATCH 06/34] Update Documentation. Bug Fix --- README.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index 3a3c387..dc1f739 100644 --- a/README.rst +++ b/README.rst @@ -77,7 +77,7 @@ This plug-in supports the following arguments on certbot's command line: before asking the ACME server to verify the DNS record. (Default: 15) -``--instance-principal`` Use instance principal for authentication. +``--dns-oci-instance-principal``` Use instance principal for authentication. (Optional) ======================================= ======================================================== @@ -99,7 +99,7 @@ To acquire a TEST certificate for demosite.ociateam.com using instance principal .. code-block:: bash certbot --test-cert certonly \ - --logs-dir logs --work-dir work --instance-principal \ + --logs-dir logs --work-dir work --dns-oci-instance-principal` \ --authenticator dns-oci -d demosite.ociateam.com @@ -117,5 +117,5 @@ To acquire a *real* certificate for demosite.ociateam.com using instance princip .. code-block:: bash certbot certonly \ - --logs-dir logs --work-dir work --instance-principal config \ + --logs-dir logs --work-dir work --dns-oci-instance-principal` config \ --authenticator dns-oci -d demosite.ociateam.com From 5d7f75e8a9eb8d3af4de2aa0dba43e79bb6e5eac Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 14:55:47 +0800 Subject: [PATCH 07/34] Update Documentation. Bug Fix --- README.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index dc1f739..52b8ed8 100644 --- a/README.rst +++ b/README.rst @@ -77,7 +77,7 @@ This plug-in supports the following arguments on certbot's command line: before asking the ACME server to verify the DNS record. (Default: 15) -``--dns-oci-instance-principal``` Use instance principal for authentication. +``--dns-oci-instance-principal`` Use instance principal for authentication. (Optional) ======================================= ======================================================== @@ -99,7 +99,7 @@ To acquire a TEST certificate for demosite.ociateam.com using instance principal .. code-block:: bash certbot --test-cert certonly \ - --logs-dir logs --work-dir work --dns-oci-instance-principal` \ + --logs-dir logs --work-dir work --dns-oci-instance-principal \ --authenticator dns-oci -d demosite.ociateam.com @@ -117,5 +117,5 @@ To acquire a *real* certificate for demosite.ociateam.com using instance princip .. code-block:: bash certbot certonly \ - --logs-dir logs --work-dir work --dns-oci-instance-principal` config \ + --logs-dir logs --work-dir work --dns-oci-instance-principal config \ --authenticator dns-oci -d demosite.ociateam.com From 9267aeb5343e60f38f861704537cce3c12788971 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 14:56:40 +0800 Subject: [PATCH 08/34] Update Documentation. Bug Fix --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 52b8ed8..d3aa944 100644 --- a/README.rst +++ b/README.rst @@ -77,7 +77,7 @@ This plug-in supports the following arguments on certbot's command line: before asking the ACME server to verify the DNS record. (Default: 15) -``--dns-oci-instance-principal`` Use instance principal for authentication. +``--dns-oci-instance-principal`` Use instance principal for authentication. (Optional) ======================================= ======================================================== From 8bfa78ff9917ca689bfd46b99b2930a7a4368a8d Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 15:15:42 +0800 Subject: [PATCH 09/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 4697004..e0e7918 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -32,11 +32,11 @@ def add_parser_arguments(cls, add, **kwargs): # pylint: disable=arguments-diffe add('config', help="OCI CLI Configuration file.") add('profile', help="OCI configuration profile (in OCI configuration file)") # Add argument for instance principal - add('instance_principal',help="Use instance principal for authentication.") + add('dns-oci-instance-principal',help="Use instance principal for authentication.") def validate_options(self): # Validate options to ensure that conflicting arguments are not provided together - if self.conf('instance_principal') and self.conf('oci_config'): + if self.conf('dns-oci-instance_principal') and self.conf('oci_config'): raise errors.PluginError( "Conflicting arguments: 'instance_principal' and 'oci_config' cannot be provided together." ) From 1c092ededee43eefda25405f5e247de49a86612b Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 15:24:45 +0800 Subject: [PATCH 10/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 151 +++++-------------------------------- 1 file changed, 19 insertions(+), 132 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index e0e7918..fa6704b 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -2,7 +2,6 @@ import logging from certbot import errors -from certbot import interfaces from certbot.plugins import dns_common import oci @@ -21,42 +20,37 @@ class Authenticator(dns_common.DNSAuthenticator): def __init__(self, *args, **kwargs): super(Authenticator, self).__init__(*args, **kwargs) - # self.credentials = None @classmethod - def add_parser_arguments(cls, add, **kwargs): # pylint: disable=arguments-differ + def add_parser_arguments(cls, add, **kwargs): super(Authenticator, cls).add_parser_arguments( add, default_propagation_seconds=15 ) - # TODO: implement these: - add('config', help="OCI CLI Configuration file.") - add('profile', help="OCI configuration profile (in OCI configuration file)") - # Add argument for instance principal - add('dns-oci-instance-principal',help="Use instance principal for authentication.") + add('oci-config', help="OCI CLI Configuration file.") + add('oci-profile', help="OCI configuration profile (in OCI configuration file)") + add('oci-instance-principal', help="Use instance principal for authentication.") def validate_options(self): # Validate options to ensure that conflicting arguments are not provided together - if self.conf('dns-oci-instance_principal') and self.conf('oci_config'): + if self.conf('oci-instance-principal') and self.conf('oci-config'): raise errors.PluginError( - "Conflicting arguments: 'instance_principal' and 'oci_config' cannot be provided together." + "Conflicting arguments: 'oci-instance-principal' and 'oci-config' cannot be provided together." ) - def more_info(self): # pylint: disable=missing-docstring,no-self-use - return ( - "This plugin configures a DNS TXT record to respond to a dns-01 challenge using " - + "the OCI REST API." - ) - def _setup_credentials(self): - # Add argument for instance principal - if self.conf('instance_principal'): + if self.conf('oci-instance-principal'): self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() else: - # implement profile - full implementation of config file is WIP oci_config_profile = 'DEFAULT' - if self.conf('profile') is not None: - oci_config_profile = self.conf('profile') - self.credentials = oci.config.from_file(profile_name=oci_config_profile) + if self.conf('oci-profile') is not None: + oci_config_profile = self.conf('oci-profile') + self.credentials = oci.config.from_file(profile_name=oci_config_profile) + + def more_info(self): + return ( + "This plugin configures a DNS TXT record to respond to a dns-01 challenge using " + + "the OCI REST API." + ) def _perform(self, domain, validation_name, validation): self._get_ocidns_client().add_txt_record( @@ -75,121 +69,14 @@ def _get_ocidns_client(self): class _OCIDNSClient: """ This class handles calling OCI SDK / REST API needed for this use case. - This is a FAR from complete implementation of anything and is really - only intended for my own use. - In Other Words: thar be dragons """ def __init__(self, oci_config): logger.debug("creating OCI DnsClient") - # this is where you would add code to handle Resource, Instance, or non-default configs - config = oci.config.from_file() self.dns_client = oci.dns.DnsClient(oci_config) def add_txt_record(self, domain, record_name, record_content, record_ttl): - """ - Add a TXT record using the supplied information. - - :param str domain: The domain to use to look up the OCI DNS zone. - :param str record_name: The record name (typically beginning with '_acme-challenge.'). - :param str record_content: The record content (typically the challenge validation). - :param int record_ttl: The record TTL (number of seconds that the record may be cached). - :raises certbot.errors.PluginError: if an error occurs communicating with the OCI API - """ - - # check to see if the DNS zone is present in OCI - - # first find the domain - zone_ocid, zone_name = self._find_managed_zone(domain, record_name) - if zone_name is None: - raise errors.PluginError("Domain not known") - logger.debug("Found domain %s with OCID %s", zone_name, zone_ocid) - - # NOTE: the OCI SDK will treat: - # - an addition of the same name + value + TTL as a NO OP - # - an addition of the same name + value (but different TTL) as an update to the TTL - # it does NOT throw an error in either case. - - logger.debug("Setting record %s in zone %s to value %s w/ TTL %d", - record_name, zone_ocid, record_content, record_ttl) - - result = self.dns_client.patch_domain_records( - zone_name, - record_name, - oci.dns.models.PatchDomainRecordsDetails( items=[ oci.dns.models.RecordOperation( - operation='ADD', - domain=record_name, - ttl=record_ttl, - rtype='TXT', - rdata=record_content) ] ) ) - - logger.debug("Update successful.") - logger.debug("New rrset version: %s", result.data.items[0].rrset_version) - - logger.debug("Success") - - # note: add_txt_record takes a 4th parameter for the ttl - # but ALL records with the same name have the same TTL - # so just in case anyone else changed the TTL on us unexpectedly - # we just delete the record with the name, type (TXT), and value we created + # Implementation for adding TXT record + def del_txt_record(self, domain, record_name, record_content): - """ - Delete a TXT record using the supplied information. - - :param str domain: The domain name - :param str record_name: The record name (typically beginning with '_acme-challenge.'). - :param str record_content: The record content - - :raises certbot.errors.PluginError: if the domain name is not known - """ - # first find the domain - zone_ocid, zone_name = self._find_managed_zone(domain, record_name) - if zone_name is None: - raise errors.PluginError("Domain not known") - logger.debug("Found domain %s with OCID %s", zone_name, zone_ocid) - - result = self.dns_client.patch_domain_records( - zone_name, - record_name, - oci.dns.models.PatchDomainRecordsDetails( items=[ oci.dns.models.RecordOperation( - operation='REMOVE', - domain=record_name, - rtype='TXT', - rdata=record_content - ) ] ) ) - - logger.debug("Success") - - def _find_managed_zone(self, domain, record_name): - """ - Find the managed zone for a given domain. - - :param str domain: The domain for which to find the managed zone. - :returns: The ID of the managed zone, if found. - :rtype: str - :raises certbot.errors.PluginError: if the managed zone cannot be found. - """ - - zone_dns_name_guesses = [record_name] + dns_common.base_domain_name_guesses(domain) - - logger.debug("Guesses: ") - for zone_name in zone_dns_name_guesses: - logger.debug(" - %s", zone_name) - - for zone_name in zone_dns_name_guesses: - # get the zone id - try: - logger.debug("looking for zone: %s", zone_name) - try: - response = self.dns_client.get_zone(zone_name) - if response.status == 200: - logger.debug("Response data %s", response.data) - logger.debug("Found zone: %s", zone_name) - logger.debug("OCID: %s", response.data.id) - logger.debug("Compartment: %s", response.data.compartment_id) - return response.data.id, zone_name - except oci.exceptions.ServiceError as e: - logger.debug("Zone '%s' not found", zone_name) - except errors.PluginError as e: - pass - return None, None + # Implementation for deleting TXT record From b509ec1af927f495503692e37cac377c135c1216 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 15:27:37 +0800 Subject: [PATCH 11/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 151 ++++++++++++++++++++++++++++++++----- 1 file changed, 132 insertions(+), 19 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index fa6704b..4697004 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -2,6 +2,7 @@ import logging from certbot import errors +from certbot import interfaces from certbot.plugins import dns_common import oci @@ -20,38 +21,43 @@ class Authenticator(dns_common.DNSAuthenticator): def __init__(self, *args, **kwargs): super(Authenticator, self).__init__(*args, **kwargs) + # self.credentials = None @classmethod - def add_parser_arguments(cls, add, **kwargs): + def add_parser_arguments(cls, add, **kwargs): # pylint: disable=arguments-differ super(Authenticator, cls).add_parser_arguments( add, default_propagation_seconds=15 ) - add('oci-config', help="OCI CLI Configuration file.") - add('oci-profile', help="OCI configuration profile (in OCI configuration file)") - add('oci-instance-principal', help="Use instance principal for authentication.") + # TODO: implement these: + add('config', help="OCI CLI Configuration file.") + add('profile', help="OCI configuration profile (in OCI configuration file)") + # Add argument for instance principal + add('instance_principal',help="Use instance principal for authentication.") def validate_options(self): # Validate options to ensure that conflicting arguments are not provided together - if self.conf('oci-instance-principal') and self.conf('oci-config'): + if self.conf('instance_principal') and self.conf('oci_config'): raise errors.PluginError( - "Conflicting arguments: 'oci-instance-principal' and 'oci-config' cannot be provided together." + "Conflicting arguments: 'instance_principal' and 'oci_config' cannot be provided together." ) - def _setup_credentials(self): - if self.conf('oci-instance-principal'): - self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() - else: - oci_config_profile = 'DEFAULT' - if self.conf('oci-profile') is not None: - oci_config_profile = self.conf('oci-profile') - self.credentials = oci.config.from_file(profile_name=oci_config_profile) - - def more_info(self): + def more_info(self): # pylint: disable=missing-docstring,no-self-use return ( "This plugin configures a DNS TXT record to respond to a dns-01 challenge using " + "the OCI REST API." ) + def _setup_credentials(self): + # Add argument for instance principal + if self.conf('instance_principal'): + self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() + else: + # implement profile - full implementation of config file is WIP + oci_config_profile = 'DEFAULT' + if self.conf('profile') is not None: + oci_config_profile = self.conf('profile') + self.credentials = oci.config.from_file(profile_name=oci_config_profile) + def _perform(self, domain, validation_name, validation): self._get_ocidns_client().add_txt_record( domain, validation_name, validation, self.ttl @@ -69,14 +75,121 @@ def _get_ocidns_client(self): class _OCIDNSClient: """ This class handles calling OCI SDK / REST API needed for this use case. + This is a FAR from complete implementation of anything and is really + only intended for my own use. + In Other Words: thar be dragons """ def __init__(self, oci_config): logger.debug("creating OCI DnsClient") + # this is where you would add code to handle Resource, Instance, or non-default configs + config = oci.config.from_file() self.dns_client = oci.dns.DnsClient(oci_config) def add_txt_record(self, domain, record_name, record_content, record_ttl): - # Implementation for adding TXT record - + """ + Add a TXT record using the supplied information. + + :param str domain: The domain to use to look up the OCI DNS zone. + :param str record_name: The record name (typically beginning with '_acme-challenge.'). + :param str record_content: The record content (typically the challenge validation). + :param int record_ttl: The record TTL (number of seconds that the record may be cached). + :raises certbot.errors.PluginError: if an error occurs communicating with the OCI API + """ + + # check to see if the DNS zone is present in OCI + + # first find the domain + zone_ocid, zone_name = self._find_managed_zone(domain, record_name) + if zone_name is None: + raise errors.PluginError("Domain not known") + logger.debug("Found domain %s with OCID %s", zone_name, zone_ocid) + + # NOTE: the OCI SDK will treat: + # - an addition of the same name + value + TTL as a NO OP + # - an addition of the same name + value (but different TTL) as an update to the TTL + # it does NOT throw an error in either case. + + logger.debug("Setting record %s in zone %s to value %s w/ TTL %d", + record_name, zone_ocid, record_content, record_ttl) + + result = self.dns_client.patch_domain_records( + zone_name, + record_name, + oci.dns.models.PatchDomainRecordsDetails( items=[ oci.dns.models.RecordOperation( + operation='ADD', + domain=record_name, + ttl=record_ttl, + rtype='TXT', + rdata=record_content) ] ) ) + + logger.debug("Update successful.") + logger.debug("New rrset version: %s", result.data.items[0].rrset_version) + + logger.debug("Success") + + # note: add_txt_record takes a 4th parameter for the ttl + # but ALL records with the same name have the same TTL + # so just in case anyone else changed the TTL on us unexpectedly + # we just delete the record with the name, type (TXT), and value we created def del_txt_record(self, domain, record_name, record_content): - # Implementation for deleting TXT record + """ + Delete a TXT record using the supplied information. + + :param str domain: The domain name + :param str record_name: The record name (typically beginning with '_acme-challenge.'). + :param str record_content: The record content + + :raises certbot.errors.PluginError: if the domain name is not known + """ + # first find the domain + zone_ocid, zone_name = self._find_managed_zone(domain, record_name) + if zone_name is None: + raise errors.PluginError("Domain not known") + logger.debug("Found domain %s with OCID %s", zone_name, zone_ocid) + + result = self.dns_client.patch_domain_records( + zone_name, + record_name, + oci.dns.models.PatchDomainRecordsDetails( items=[ oci.dns.models.RecordOperation( + operation='REMOVE', + domain=record_name, + rtype='TXT', + rdata=record_content + ) ] ) ) + + logger.debug("Success") + + def _find_managed_zone(self, domain, record_name): + """ + Find the managed zone for a given domain. + + :param str domain: The domain for which to find the managed zone. + :returns: The ID of the managed zone, if found. + :rtype: str + :raises certbot.errors.PluginError: if the managed zone cannot be found. + """ + + zone_dns_name_guesses = [record_name] + dns_common.base_domain_name_guesses(domain) + + logger.debug("Guesses: ") + for zone_name in zone_dns_name_guesses: + logger.debug(" - %s", zone_name) + + for zone_name in zone_dns_name_guesses: + # get the zone id + try: + logger.debug("looking for zone: %s", zone_name) + try: + response = self.dns_client.get_zone(zone_name) + if response.status == 200: + logger.debug("Response data %s", response.data) + logger.debug("Found zone: %s", zone_name) + logger.debug("OCID: %s", response.data.id) + logger.debug("Compartment: %s", response.data.compartment_id) + return response.data.id, zone_name + except oci.exceptions.ServiceError as e: + logger.debug("Zone '%s' not found", zone_name) + except errors.PluginError as e: + pass + return None, None From fee33609dfd11cb5a0d746bcfa6454dbcf3e7d8b Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 15:29:51 +0800 Subject: [PATCH 12/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 4697004..d4ffd97 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -32,13 +32,13 @@ def add_parser_arguments(cls, add, **kwargs): # pylint: disable=arguments-diffe add('config', help="OCI CLI Configuration file.") add('profile', help="OCI configuration profile (in OCI configuration file)") # Add argument for instance principal - add('instance_principal',help="Use instance principal for authentication.") + add('dns-oci-instance-principal',help="Use instance principal for authentication.") def validate_options(self): # Validate options to ensure that conflicting arguments are not provided together - if self.conf('instance_principal') and self.conf('oci_config'): + if self.conf('dns-oci-instance-principal') and self.conf('oci_config'): raise errors.PluginError( - "Conflicting arguments: 'instance_principal' and 'oci_config' cannot be provided together." + "Conflicting arguments: 'dns-oci-instance-principal' and 'oci_config' cannot be provided together." ) def more_info(self): # pylint: disable=missing-docstring,no-self-use @@ -49,7 +49,7 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use def _setup_credentials(self): # Add argument for instance principal - if self.conf('instance_principal'): + if self.conf('dns-oci-instance-principal'): self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() else: # implement profile - full implementation of config file is WIP From 8ed2c7ab31b17bdf31676b1edb63b5043f57c8b0 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 15:35:17 +0800 Subject: [PATCH 13/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index d4ffd97..247efff 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -36,9 +36,9 @@ def add_parser_arguments(cls, add, **kwargs): # pylint: disable=arguments-diffe def validate_options(self): # Validate options to ensure that conflicting arguments are not provided together - if self.conf('dns-oci-instance-principal') and self.conf('oci_config'): + if self.conf('dns-oci-instance-principal') and self.conf('config'): raise errors.PluginError( - "Conflicting arguments: 'dns-oci-instance-principal' and 'oci_config' cannot be provided together." + "Conflicting arguments: 'dns-oci-instance-principal' and 'config' cannot be provided together." ) def more_info(self): # pylint: disable=missing-docstring,no-self-use From f212fad7109b7aa805b902c6532304d512af5f3f Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 15:43:41 +0800 Subject: [PATCH 14/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 247efff..7594ab6 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -32,13 +32,13 @@ def add_parser_arguments(cls, add, **kwargs): # pylint: disable=arguments-diffe add('config', help="OCI CLI Configuration file.") add('profile', help="OCI configuration profile (in OCI configuration file)") # Add argument for instance principal - add('dns-oci-instance-principal',help="Use instance principal for authentication.") + add('instance-principal',help="Use instance principal for authentication.") def validate_options(self): # Validate options to ensure that conflicting arguments are not provided together - if self.conf('dns-oci-instance-principal') and self.conf('config'): + if self.conf('instance-principal') and self.conf('config'): raise errors.PluginError( - "Conflicting arguments: 'dns-oci-instance-principal' and 'config' cannot be provided together." + "Conflicting arguments: 'instance-principal' and 'config' cannot be provided together." ) def more_info(self): # pylint: disable=missing-docstring,no-self-use @@ -49,7 +49,7 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use def _setup_credentials(self): # Add argument for instance principal - if self.conf('dns-oci-instance-principal'): + if self.conf('instance-principal'): self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() else: # implement profile - full implementation of config file is WIP From 8cde5d36bea5932f8f422e1226e4ffdb80d2c477 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 15:49:10 +0800 Subject: [PATCH 15/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 7594ab6..1bc7e8b 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -4,6 +4,7 @@ from certbot import errors from certbot import interfaces from certbot.plugins import dns_common +from pprint import pprint import oci @@ -49,6 +50,7 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use def _setup_credentials(self): # Add argument for instance principal + pprint(self.conf) if self.conf('instance-principal'): self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() else: From 9d4a7508e92323362dca67ec62eafd625ce73f62 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 19:20:30 +0800 Subject: [PATCH 16/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 1bc7e8b..6d47bd7 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -50,7 +50,8 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use def _setup_credentials(self): # Add argument for instance principal - pprint(self.conf) + logger.critical(pprint(self.conf)) + if self.conf('instance-principal'): self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() else: From dd6e2d9239a7379b3232c414b6702bb0ee75d068 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 19:34:29 +0800 Subject: [PATCH 17/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 6d47bd7..5d00c01 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -25,7 +25,7 @@ def __init__(self, *args, **kwargs): # self.credentials = None @classmethod - def add_parser_arguments(cls, add, **kwargs): # pylint: disable=arguments-differ + def add_parser_arguments(cls, add): # pylint: disable=arguments-differ super(Authenticator, cls).add_parser_arguments( add, default_propagation_seconds=15 ) @@ -49,9 +49,11 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use ) def _setup_credentials(self): + # Validate options + self.validate_options() + # Add argument for instance principal - logger.critical(pprint(self.conf)) - + if self.conf('instance-principal'): self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() else: From ca2d73f12a375af16ac848e236716de992aeb4d6 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 19:38:06 +0800 Subject: [PATCH 18/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 5d00c01..1e2b80a 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -39,7 +39,7 @@ def validate_options(self): # Validate options to ensure that conflicting arguments are not provided together if self.conf('instance-principal') and self.conf('config'): raise errors.PluginError( - "Conflicting arguments: 'instance-principal' and 'config' cannot be provided together." + "Conflicting arguments: '--oci-dns-instance-principal' and '--oci-dns-config' cannot be provided together." ) def more_info(self): # pylint: disable=missing-docstring,no-self-use From 44f2c7a4a150e65256d8292d93de4e11322352cb Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 19:57:46 +0800 Subject: [PATCH 19/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 1e2b80a..5d812b4 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -4,7 +4,6 @@ from certbot import errors from certbot import interfaces from certbot.plugins import dns_common -from pprint import pprint import oci @@ -55,7 +54,7 @@ def _setup_credentials(self): # Add argument for instance principal if self.conf('instance-principal'): - self.credentials = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() + self.signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() else: # implement profile - full implementation of config file is WIP oci_config_profile = 'DEFAULT' @@ -87,9 +86,14 @@ class _OCIDNSClient: def __init__(self, oci_config): logger.debug("creating OCI DnsClient") - # this is where you would add code to handle Resource, Instance, or non-default configs - config = oci.config.from_file() - self.dns_client = oci.dns.DnsClient(oci_config) + if self.signer is not None: + self.dns_client = oci.dns.DnsClient(self.signer) + logger.debug("Using Instance Principal for authentication.") + else: + # this is where you would add code to handle Resource, Instance, or non-default configs + config = oci.config.from_file() + self.dns_client = oci.dns.DnsClient(config={}, signer=self.signer) + logger.debug("Using config file for authentication.") def add_txt_record(self, domain, record_name, record_content, record_ttl): """ From 2749ef7eac5967eec7fb8e6ea2b652d9bc4c8810 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 20:03:35 +0800 Subject: [PATCH 20/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 1 + 1 file changed, 1 insertion(+) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 5d812b4..daeab27 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -55,6 +55,7 @@ def _setup_credentials(self): if self.conf('instance-principal'): self.signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() + self.credentials = oci.config.from_signer(self.signer) else: # implement profile - full implementation of config file is WIP oci_config_profile = 'DEFAULT' From e471bc7e4d90afe65f2fd0f3e35c4640534c472e Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 20:10:54 +0800 Subject: [PATCH 21/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index daeab27..faa855a 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -55,7 +55,7 @@ def _setup_credentials(self): if self.conf('instance-principal'): self.signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() - self.credentials = oci.config.from_signer(self.signer) + self.credentials = None else: # implement profile - full implementation of config file is WIP oci_config_profile = 'DEFAULT' From 9b3d31fd2644171bf497b8b0790db702a0c2c328 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 20:30:25 +0800 Subject: [PATCH 22/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index faa855a..4f9bdd6 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -54,8 +54,7 @@ def _setup_credentials(self): # Add argument for instance principal if self.conf('instance-principal'): - self.signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() - self.credentials = None + self.ip = True else: # implement profile - full implementation of config file is WIP oci_config_profile = 'DEFAULT' @@ -74,7 +73,10 @@ def _cleanup(self, domain, validation_name, validation): ) def _get_ocidns_client(self): - return _OCIDNSClient(self.credentials) + if self.ip is not None: + return _OCIDNSClient() + else: + return _OCIDNSClient(self.credentials) class _OCIDNSClient: @@ -86,15 +88,16 @@ class _OCIDNSClient: """ def __init__(self, oci_config): - logger.debug("creating OCI DnsClient") - if self.signer is not None: - self.dns_client = oci.dns.DnsClient(self.signer) - logger.debug("Using Instance Principal for authentication.") - else: - # this is where you would add code to handle Resource, Instance, or non-default configs - config = oci.config.from_file() - self.dns_client = oci.dns.DnsClient(config={}, signer=self.signer) - logger.debug("Using config file for authentication.") + logger.debug("creating OCI DnsClient Using Config File") + # this is where you would add code to handle Resource, Instance, or non-default configs + config = oci.config.from_file() + self.dns_client = oci.dns.DnsClient(oci_config) + + def __initt__(self): + logger.debug("creating OCI DnsClient Using Instance Principal") + # this is where you would add code to handle Resource, Instance, or non-default configs + signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() + self.dns_client = oci.dns.DnsClient(config={}, signer=signer) def add_txt_record(self, domain, record_name, record_content, record_ttl): """ From 5f678dfea0607a421bd3e19b67d2192a753b2f71 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 20:31:56 +0800 Subject: [PATCH 23/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 4f9bdd6..e124b76 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -93,7 +93,7 @@ def __init__(self, oci_config): config = oci.config.from_file() self.dns_client = oci.dns.DnsClient(oci_config) - def __initt__(self): + def __init__(self): logger.debug("creating OCI DnsClient Using Instance Principal") # this is where you would add code to handle Resource, Instance, or non-default configs signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() From 2b77da8a19a09cd6d29ff8875d655200be0ece14 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 20:41:09 +0800 Subject: [PATCH 24/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index e124b76..24d13e5 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -115,7 +115,7 @@ def add_txt_record(self, domain, record_name, record_content, record_ttl): # first find the domain zone_ocid, zone_name = self._find_managed_zone(domain, record_name) if zone_name is None: - raise errors.PluginError("Domain not known") + raise errors.PluginError("Domain not known. Please Make sure the domain is in OCI DNS and You have the correct permissions.") logger.debug("Found domain %s with OCID %s", zone_name, zone_ocid) # NOTE: the OCI SDK will treat: From 69974272ce7546fcbaadb51c80b5d415363e2d1e Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 20:43:18 +0800 Subject: [PATCH 25/34] Increase Propagation to 60s --- certbot_dns_oci/dns_oci.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 24d13e5..fae6504 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -26,7 +26,7 @@ def __init__(self, *args, **kwargs): @classmethod def add_parser_arguments(cls, add): # pylint: disable=arguments-differ super(Authenticator, cls).add_parser_arguments( - add, default_propagation_seconds=15 + add, default_propagation_seconds=60 ) # TODO: implement these: add('config', help="OCI CLI Configuration file.") From 47ae105f6c65b9876b4db42af97fca8ca982f207 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 20:50:29 +0800 Subject: [PATCH 26/34] Update Documentation --- README.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index d3aa944..0db5121 100644 --- a/README.rst +++ b/README.rst @@ -17,6 +17,7 @@ To use this authenticator you will need: * a registered domain name, configured with the OCI DNS servers * that domain name created in OCI (via the console, the CLI, or the API) * an OCI account with adequate permission to Create / Update / Delete DNS entries in that domain +* or instance principal setup on the target instance with the same permissions Installation ------------ @@ -75,10 +76,10 @@ This plug-in supports the following arguments on certbot's command line: ``--dns-oci-propagation-seconds`` Amount of time to allow for the DNS change to propagate before asking the ACME server to verify the DNS record. - (Default: 15) + (Default: 60) ``--dns-oci-instance-principal`` Use instance principal for authentication. - (Optional) + (Optional) set this to 'y' to use instance principal ======================================= ======================================================== @@ -99,7 +100,7 @@ To acquire a TEST certificate for demosite.ociateam.com using instance principal .. code-block:: bash certbot --test-cert certonly \ - --logs-dir logs --work-dir work --dns-oci-instance-principal \ + --logs-dir logs --work-dir work --dns-oci-instance-principal=y \ --authenticator dns-oci -d demosite.ociateam.com @@ -117,5 +118,5 @@ To acquire a *real* certificate for demosite.ociateam.com using instance princip .. code-block:: bash certbot certonly \ - --logs-dir logs --work-dir work --dns-oci-instance-principal config \ + --logs-dir logs --work-dir work --dns-oci-instance-principal=y \ --authenticator dns-oci -d demosite.ociateam.com From 8c7eb428b74d3c47cb01dd219a71d470c7fcded8 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 21:25:47 +0800 Subject: [PATCH 27/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index fae6504..2091942 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -38,7 +38,7 @@ def validate_options(self): # Validate options to ensure that conflicting arguments are not provided together if self.conf('instance-principal') and self.conf('config'): raise errors.PluginError( - "Conflicting arguments: '--oci-dns-instance-principal' and '--oci-dns-config' cannot be provided together." + "Conflicting arguments: '--dns-oci-instance-principal' and '--dns-oci-config' cannot be provided together." ) def more_info(self): # pylint: disable=missing-docstring,no-self-use @@ -51,17 +51,13 @@ def _setup_credentials(self): # Validate options self.validate_options() - # Add argument for instance principal - - if self.conf('instance-principal'): - self.ip = True - else: - # implement profile - full implementation of config file is WIP - oci_config_profile = 'DEFAULT' - if self.conf('profile') is not None: + + oci_config_profile = 'DEFAULT' + if self.conf('profile') is not None: oci_config_profile = self.conf('profile') self.credentials = oci.config.from_file(profile_name=oci_config_profile) + def _perform(self, domain, validation_name, validation): self._get_ocidns_client().add_txt_record( domain, validation_name, validation, self.ttl @@ -73,7 +69,7 @@ def _cleanup(self, domain, validation_name, validation): ) def _get_ocidns_client(self): - if self.ip is not None: + if self.conf('instance-principal') is not None: return _OCIDNSClient() else: return _OCIDNSClient(self.credentials) From c6928b4b024c567df22ff6ee90fb0d1ceeb1d47d Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 21:28:50 +0800 Subject: [PATCH 28/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 2091942..55e941d 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -55,7 +55,7 @@ def _setup_credentials(self): oci_config_profile = 'DEFAULT' if self.conf('profile') is not None: oci_config_profile = self.conf('profile') - self.credentials = oci.config.from_file(profile_name=oci_config_profile) + self.oci.credentials = oci.config.from_file(profile_name=oci_config_profile) def _perform(self, domain, validation_name, validation): @@ -72,7 +72,7 @@ def _get_ocidns_client(self): if self.conf('instance-principal') is not None: return _OCIDNSClient() else: - return _OCIDNSClient(self.credentials) + return _OCIDNSClient(self.oci.credentials) class _OCIDNSClient: @@ -83,11 +83,11 @@ class _OCIDNSClient: In Other Words: thar be dragons """ - def __init__(self, oci_config): + def __init__(self, oci.oci_config): logger.debug("creating OCI DnsClient Using Config File") # this is where you would add code to handle Resource, Instance, or non-default configs config = oci.config.from_file() - self.dns_client = oci.dns.DnsClient(oci_config) + self.dns_client = oci.dns.DnsClient(oci.ci_config) def __init__(self): logger.debug("creating OCI DnsClient Using Instance Principal") From 96f5b258654d06eee50873410e5f023d88495a79 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 21:29:54 +0800 Subject: [PATCH 29/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 55e941d..d0cdf9c 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -83,7 +83,7 @@ class _OCIDNSClient: In Other Words: thar be dragons """ - def __init__(self, oci.oci_config): + def __init__(self, oci): logger.debug("creating OCI DnsClient Using Config File") # this is where you would add code to handle Resource, Instance, or non-default configs config = oci.config.from_file() From 775c4da2a1a8eec3a157bfa80323d096afdaf600 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 21:34:33 +0800 Subject: [PATCH 30/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index d0cdf9c..70491f7 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -50,12 +50,11 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use def _setup_credentials(self): # Validate options self.validate_options() - - + oci_config_profile = 'DEFAULT' if self.conf('profile') is not None: oci_config_profile = self.conf('profile') - self.oci.credentials = oci.config.from_file(profile_name=oci_config_profile) + self.credentials = oci.config.from_file(profile_name=oci_config_profile) def _perform(self, domain, validation_name, validation): @@ -72,7 +71,7 @@ def _get_ocidns_client(self): if self.conf('instance-principal') is not None: return _OCIDNSClient() else: - return _OCIDNSClient(self.oci.credentials) + return _OCIDNSClient(self.credentials) class _OCIDNSClient: From 5426e7db0fed45f3e34440766c285822de449bcc Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 21:36:31 +0800 Subject: [PATCH 31/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 1 + 1 file changed, 1 insertion(+) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 70491f7..6d4079a 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -50,6 +50,7 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use def _setup_credentials(self): # Validate options self.validate_options() + self.credentials = oci.config.from_file() oci_config_profile = 'DEFAULT' if self.conf('profile') is not None: From a21d387a01d14084e179a512d49aad17348787f6 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 21:38:15 +0800 Subject: [PATCH 32/34] Bug Fix --- certbot_dns_oci/dns_oci.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index 6d4079a..bea1dfb 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -50,12 +50,14 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use def _setup_credentials(self): # Validate options self.validate_options() - self.credentials = oci.config.from_file() + + if self.conf('instance-principal') is None: + self.credentials = oci.config.from_file() - oci_config_profile = 'DEFAULT' - if self.conf('profile') is not None: - oci_config_profile = self.conf('profile') - self.credentials = oci.config.from_file(profile_name=oci_config_profile) + oci_config_profile = 'DEFAULT' + if self.conf('profile') is not None: + oci_config_profile = self.conf('profile') + self.credentials = oci.config.from_file(profile_name=oci_config_profile) def _perform(self, domain, validation_name, validation): From b333d70b1074ceecec60a2cb950da0d37a8c5d82 Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 22:24:52 +0800 Subject: [PATCH 33/34] Bug Fix: There is a problem with oci_config credentils --- certbot_dns_oci/dns_oci.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index bea1dfb..e6dc54f 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -85,11 +85,11 @@ class _OCIDNSClient: In Other Words: thar be dragons """ - def __init__(self, oci): + def __init__(self, oci_config): logger.debug("creating OCI DnsClient Using Config File") # this is where you would add code to handle Resource, Instance, or non-default configs config = oci.config.from_file() - self.dns_client = oci.dns.DnsClient(oci.ci_config) + self.dns_client = oci.dns.DnsClient(oci_config) def __init__(self): logger.debug("creating OCI DnsClient Using Instance Principal") From 0a0f9c47a3c6213a0beb1344a39f12d308eafa8f Mon Sep 17 00:00:00 2001 From: damithkothalawala Date: Sat, 4 May 2024 23:02:16 +0800 Subject: [PATCH 34/34] Trying to Fix Consturct Error --- certbot_dns_oci/dns_oci.py | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/certbot_dns_oci/dns_oci.py b/certbot_dns_oci/dns_oci.py index e6dc54f..72e1499 100644 --- a/certbot_dns_oci/dns_oci.py +++ b/certbot_dns_oci/dns_oci.py @@ -72,7 +72,7 @@ def _cleanup(self, domain, validation_name, validation): def _get_ocidns_client(self): if self.conf('instance-principal') is not None: - return _OCIDNSClient() + return _OCIDNSClient(None) else: return _OCIDNSClient(self.credentials) @@ -85,17 +85,18 @@ class _OCIDNSClient: In Other Words: thar be dragons """ - def __init__(self, oci_config): - logger.debug("creating OCI DnsClient Using Config File") - # this is where you would add code to handle Resource, Instance, or non-default configs - config = oci.config.from_file() - self.dns_client = oci.dns.DnsClient(oci_config) - - def __init__(self): - logger.debug("creating OCI DnsClient Using Instance Principal") - # this is where you would add code to handle Resource, Instance, or non-default configs - signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() - self.dns_client = oci.dns.DnsClient(config={}, signer=signer) + def __init__(self, oci_config=None): + if oci_config is not None: + logger.debug("creating OCI DnsClient Using Config File") + # this is where you would add code to handle Resource, Instance, or non-default configs + config = oci.config.from_file() + self.dns_client = oci.dns.DnsClient(oci_config) + else: + logger.debug("creating OCI DnsClient Using Instance Principal") + # this is where you would add code to handle Resource, Instance, or non-default configs + signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() + self.dns_client = oci.dns.DnsClient(config={}, signer=signer) + def add_txt_record(self, domain, record_name, record_content, record_ttl): """