package dns import ( "net" "strings" v1 "k8s.io/api/core/v1" "k8s.io/klog/v2" ) const ( SthomeAccessKeyEnv = "STHOME_ACCESS_KEY" SthomeSecretKeyEnv = "STHOME_SECRET_KEY" ProviderName = "sthome" bashShell = "/bin/bash" zshShell = "/bin/zsh" AcmeDir = "/acme" Shell = bashShell AcmeAuthCmd = AcmeDir + "/acmeauth.sh" Dnsserver_net = "10.0.0.15" Dnsserver_lan = "192.168.2.1" Hostserver_net = "truenas.sthome.net" Hostserver_lan = "truenas.sthome.lan" ) // localDNSProviderConfig is a structure that is used to decode into when // solving a DNS01 challenge. // This information is provided by cert-manager, and may be a reference to // additional configuration that's needed to solve the challenge for this // particular certificate or issuer. // This typically includes references to Secret resources containing DNS // provider credentials, in cases where a 'multi-tenant' DNS solver is being // created. // If you do *not* require per-issuer or per-certificate configuration to be // provided to your webhook, you can skip decoding altogether in favour of // using CLI flags or similar to provide configuration. // You should not include sensitive information here. If credentials need to // be used by your provider here, you should reference a Kubernetes Secret // resource and fetch these credentials using a Kubernetes clientset. type LocalDNSProviderConfig struct { AccessKey *v1.SecretKeySelector `json:"accessKeySecretRef,omitempty"` SecretKey *v1.SecretKeySelector `json:"secretKeySecretRef,omitempty"` // Change the two fields below according to the format of the configuration // to be decoded. // These fields will be set by users in the // `issuer.spec.acme.dns01.providers.webhook.config` field. Email string `json:"email"` // APIKeySecretRef contains the reference information for the Kubernetes // secret which contains the sthome API Key. APIKeySecretRef v1.SecretKeySelector `json:"apiKeySecretRef"` // Host is the Base URL (e.g. https://dns.example.ca) of the sthome API. //Host string `json:"host"` // Scheme supports HTTP AuthSchemes // https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml // // +optional default "" //APIKeyScheme string `json:"apiKeyScheme"` // APIKeyHeaderName is the header name where apiKey will be set // // +optional default "X-API-Key" //APIKeyHeaderName string `json:"apiKeyHeaderName"` // ServerID is the server ID in the sthome API. // When unset, defaults to "localhost". //ServerID string `json:"serverID"` // Headers are additional headers added to requests to the // sthome API server. //Headers map[string]string `json:"headers"` // CABundle is a PEM encoded CA bundle which will be used in // certificate validation when connecting to the sthome server. // // When left blank, the default system store will be used. // // +optional //CABundle []byte `json:"caBundle"` // TTL is the time-to-live value of the inserted DNS records. // // +optional //TTL int `json:"ttl"` // Timeout is the timeout value for requests to the sthome API. // The value is specified in seconds. // // +optional //Timeout int `json:"timeout"` // AllowedZones is the list of zones that may be edited. If the list is // empty, all zones are permitted. AllowedZones []string `json:"allowed-zones"` } // IsAllowedZone checks if the webhook is allowed to edit the given zone, per // AllowedZones setting. All zones allowed if AllowedZones is empty (the default setting) func (cfg LocalDNSProviderConfig) IsAllowedZone(zone string) bool { if len(cfg.AllowedZones) == 0 { return true } for _, allowed := range cfg.AllowedZones { if zone == allowed || strings.HasSuffix(zone, "."+allowed) { return true } } return false } // Get preferred outbound ip of this machine func GetOutboundIP(dest string) string { conn, err := net.Dial("udp", dest+":80") if err != nil { klog.Errorf("net.Dial error: %s", err) return "0.0.0.0" } defer conn.Close() localAddr := conn.LocalAddr().(*net.UDPAddr) return localAddr.IP.String() }