Package list python-certbot-dns-rfc2136 / 26b630c
Import upstream version 1.19.0 Debian Janitor 2 months ago
8 changed file(s) with 75 addition(s) and 67 deletion(s). Raw diff Collapse all Expand all
00 Metadata-Version: 2.1
11 Name: certbot-dns-rfc2136
2 Version: 1.10.1
2 Version: 1.19.0
33 Summary: RFC 2136 DNS Authenticator plugin for Certbot
44 Home-page: https://github.com/certbot/certbot
55 Author: Certbot Project
6 Author-email: client-dev@letsencrypt.org
6 Author-email: certbot-dev@eff.org
77 License: Apache License 2.0
8 Description: UNKNOWN
98 Platform: UNKNOWN
109 Classifier: Development Status :: 5 - Production/Stable
1110 Classifier: Environment :: Plugins
1312 Classifier: License :: OSI Approved :: Apache Software License
1413 Classifier: Operating System :: POSIX :: Linux
1514 Classifier: Programming Language :: Python
16 Classifier: Programming Language :: Python :: 2
17 Classifier: Programming Language :: Python :: 2.7
1815 Classifier: Programming Language :: Python :: 3
1916 Classifier: Programming Language :: Python :: 3.6
2017 Classifier: Programming Language :: Python :: 3.7
2623 Classifier: Topic :: System :: Networking
2724 Classifier: Topic :: System :: Systems Administration
2825 Classifier: Topic :: Utilities
29 Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*
26 Requires-Python: >=3.6
3027 Provides-Extra: docs
28 License-File: LICENSE.txt
29
30 UNKNOWN
31
22 completing a ``dns-01`` challenge (`~acme.challenges.DNS01`) by creating, and
33 subsequently removing, TXT records using RFC 2136 Dynamic Updates.
44
5 .. note::
6 The plugin is not installed by default. It can be installed by heading to
7 `certbot.eff.org <https://certbot.eff.org/instructions#wildcard>`_, choosing your system and
8 selecting the Wildcard tab.
59
610 Named Arguments
711 ---------------
2832 :name: credentials.ini
2933 :caption: Example credentials file:
3034
31 # Target DNS server
35 # Target DNS server (IPv4 or IPv6 address, not a hostname)
3236 dns_rfc2136_server = 192.0.2.1
3337 # Target DNS port
3438 dns_rfc2136_port = 53
0 # type: ignore
1 # pylint: disable=no-member
2 # Many attributes of dnspython are now dynamically defined which causes both
3 # mypy and pylint to error about accessing attributes they think do not exist.
4 # This is the case even in up-to-date versions of mypy and pylint which as of
5 # writing this are 0.790 and 2.6.0 respectively. This problem may be fixed in
6 # dnspython 2.1.0. See https://github.com/rthalley/dnspython/issues/598. For
7 # now, let's disable these checks. This is done at the very top of the file
8 # like this because "type: ignore" must be the first line in the file to be
9 # respected by mypy.
100 """DNS Authenticator using RFC 2136 Dynamic Updates."""
111 import logging
2 from typing import Optional
123
134 import dns.flags
5 from dns.inet import is_address
146 import dns.message
157 import dns.name
168 import dns.query
1911 import dns.tsig
2012 import dns.tsigkeyring
2113 import dns.update
22 import zope.interface
2314
2415 from certbot import errors
25 from certbot import interfaces
2616 from certbot.plugins import dns_common
17 from certbot.plugins.dns_common import CredentialsConfiguration
2718
2819 logger = logging.getLogger(__name__)
2920
3021 DEFAULT_NETWORK_TIMEOUT = 45
3122
32 @zope.interface.implementer(interfaces.IAuthenticator)
33 @zope.interface.provider(interfaces.IPluginFactory)
23
3424 class Authenticator(dns_common.DNSAuthenticator):
3525 """DNS Authenticator using RFC 2136 Dynamic Updates
3626
37 This Authenticator uses RFC 2136 Dynamic Updates to fulfull a dns-01 challenge.
27 This Authenticator uses RFC 2136 Dynamic Updates to fulfill a dns-01 challenge.
3828 """
3929
4030 ALGORITHMS = {
5242 ttl = 120
5343
5444 def __init__(self, *args, **kwargs):
55 super(Authenticator, self).__init__(*args, **kwargs)
56 self.credentials = None
45 super().__init__(*args, **kwargs)
46 self.credentials: Optional[CredentialsConfiguration] = None
5747
5848 @classmethod
5949 def add_parser_arguments(cls, add): # pylint: disable=arguments-differ
60 super(Authenticator, cls).add_parser_arguments(add, default_propagation_seconds=60)
50 super().add_parser_arguments(add, default_propagation_seconds=60)
6151 add('credentials', help='RFC 2136 credentials INI file.')
6252
6353 def more_info(self): # pylint: disable=missing-function-docstring
6454 return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \
6555 'RFC 2136 Dynamic Updates.'
6656
67 def _validate_algorithm(self, credentials):
57 def _validate_credentials(self, credentials):
58 server = credentials.conf('server')
59 if not is_address(server):
60 raise errors.PluginError("The configured target DNS server ({0}) is not a valid IPv4 "
61 "or IPv6 address. A hostname is not allowed.".format(server))
6862 algorithm = credentials.conf('algorithm')
6963 if algorithm:
7064 if not self.ALGORITHMS.get(algorithm.upper()):
7973 'secret': 'TSIG key secret',
8074 'server': 'The target DNS server'
8175 },
82 self._validate_algorithm
76 self._validate_credentials
8377 )
8478
8579 def _perform(self, _domain, validation_name, validation):
8983 self._get_rfc2136_client().del_txt_record(validation_name, validation)
9084
9185 def _get_rfc2136_client(self):
86 if not self.credentials: # pragma: no cover
87 raise errors.Error("Plugin has not been prepared.")
9288 return _RFC2136Client(self.credentials.conf('server'),
9389 int(self.credentials.conf('port') or self.PORT),
9490 self.credentials.conf('name'),
9793 dns.tsig.HMAC_MD5))
9894
9995
100 class _RFC2136Client(object):
96 class _RFC2136Client:
10197 """
10298 Encapsulates all communication with the target DNS server.
10399 """
00 Metadata-Version: 2.1
11 Name: certbot-dns-rfc2136
2 Version: 1.10.1
2 Version: 1.19.0
33 Summary: RFC 2136 DNS Authenticator plugin for Certbot
44 Home-page: https://github.com/certbot/certbot
55 Author: Certbot Project
6 Author-email: client-dev@letsencrypt.org
6 Author-email: certbot-dev@eff.org
77 License: Apache License 2.0
8 Description: UNKNOWN
98 Platform: UNKNOWN
109 Classifier: Development Status :: 5 - Production/Stable
1110 Classifier: Environment :: Plugins
1312 Classifier: License :: OSI Approved :: Apache Software License
1413 Classifier: Operating System :: POSIX :: Linux
1514 Classifier: Programming Language :: Python
16 Classifier: Programming Language :: Python :: 2
17 Classifier: Programming Language :: Python :: 2.7
1815 Classifier: Programming Language :: Python :: 3
1916 Classifier: Programming Language :: Python :: 3.6
2017 Classifier: Programming Language :: Python :: 3.7
2623 Classifier: Topic :: System :: Networking
2724 Classifier: Topic :: System :: Systems Administration
2825 Classifier: Topic :: Utilities
29 Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*
26 Requires-Python: >=3.6
3027 Provides-Extra: docs
28 License-File: LICENSE.txt
29
30 UNKNOWN
31
00 dnspython
1 setuptools
2 zope.interface
3 acme>=0.29.0
4 certbot>=1.1.0
5
6 [:python_version < "3.3"]
7 mock
1 setuptools>=39.0.1
2 acme>=1.19.0
3 certbot>=1.19.0
84
95 [docs]
106 Sphinx>=1.0
110110 # Add any paths that contain custom static files (such as style sheets) here,
111111 # relative to this directory. They are copied after the builtin static files,
112112 # so a file named "default.css" will overwrite the builtin "default.css".
113 html_static_path = ['_static']
113 #html_static_path = ['_static']
114114
115115
116116 # -- Options for HTMLHelp output ------------------------------------------
0 from distutils.version import LooseVersion
10 import os
21 import sys
32
4 from setuptools import __version__ as setuptools_version
53 from setuptools import find_packages
64 from setuptools import setup
75
8 version = '1.10.1'
6 version = '1.19.0'
97
10 # Remember to update local-oldest-requirements.txt when changing the minimum
11 # acme/certbot version.
128 install_requires = [
139 'dnspython',
14 'setuptools',
15 'zope.interface',
10 'setuptools>=39.0.1',
1611 ]
1712
1813 if not os.environ.get('SNAP_BUILD'):
1914 install_requires.extend([
20 'acme>=0.29.0',
21 'certbot>=1.1.0',
15 # We specify the minimum acme and certbot version as the current plugin
16 # version for simplicity. See
17 # https://github.com/certbot/certbot/issues/8761 for more info.
18 f'acme>={version}',
19 f'certbot>={version}',
2220 ])
2321 elif 'bdist_wheel' in sys.argv[1:]:
2422 raise RuntimeError('Unset SNAP_BUILD when building wheels '
2523 'to include certbot dependencies.')
2624 if os.environ.get('SNAP_BUILD'):
2725 install_requires.append('packaging')
28
29 setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
30 if setuptools_known_environment_markers:
31 install_requires.append('mock ; python_version < "3.3"')
32 elif 'bdist_wheel' in sys.argv[1:]:
33 raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
34 'of setuptools. Version 36.2+ of setuptools is required.')
35 elif sys.version_info < (3,3):
36 install_requires.append('mock')
3726
3827 docs_extras = [
3928 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
4635 description="RFC 2136 DNS Authenticator plugin for Certbot",
4736 url='https://github.com/certbot/certbot',
4837 author="Certbot Project",
49 author_email='client-dev@letsencrypt.org',
38 author_email='certbot-dev@eff.org',
5039 license='Apache License 2.0',
51 python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
40 python_requires='>=3.6',
5241 classifiers=[
5342 'Development Status :: 5 - Production/Stable',
5443 'Environment :: Plugins',
5645 'License :: OSI Approved :: Apache Software License',
5746 'Operating System :: POSIX :: Linux',
5847 'Programming Language :: Python',
59 'Programming Language :: Python :: 2',
60 'Programming Language :: Python :: 2.7',
6148 'Programming Language :: Python :: 3',
6249 'Programming Language :: Python :: 3.6',
6350 'Programming Language :: Python :: 3.7',
2727 def setUp(self):
2828 from certbot_dns_rfc2136._internal.dns_rfc2136 import Authenticator
2929
30 super(AuthenticatorTest, self).setUp()
30 super().setUp()
3131
3232 path = os.path.join(self.tempdir, 'file.ini')
3333 dns_test_common.write(VALID_CONFIG, path)
4141 # _get_rfc2136_client | pylint: disable=protected-access
4242 self.auth._get_rfc2136_client = mock.MagicMock(return_value=self.mock_client)
4343
44 def test_perform(self):
44 @test_util.patch_display_util()
45 def test_perform(self, unused_mock_get_utility):
4546 self.auth.perform([self.achall])
4647
4748 expected = [mock.call.add_txt_record('_acme-challenge.'+DOMAIN, mock.ANY, mock.ANY)]
6465 self.auth.perform,
6566 [self.achall])
6667
67 def test_valid_algorithm_passes(self):
68 @test_util.patch_display_util()
69 def test_valid_algorithm_passes(self, unused_mock_get_utility):
6870 config = VALID_CONFIG.copy()
6971 config["rfc2136_algorithm"] = "HMAC-sha512"
72 dns_test_common.write(config, self.config.rfc2136_credentials)
73
74 self.auth.perform([self.achall])
75
76 def test_invalid_server_raises(self):
77 config = VALID_CONFIG.copy()
78 config["rfc2136_server"] = "example.com"
79 dns_test_common.write(config, self.config.rfc2136_credentials)
80
81 self.assertRaises(errors.PluginError,
82 self.auth.perform,
83 [self.achall])
84
85 @test_util.patch_display_util()
86 def test_valid_server_passes(self, unused_mock_get_utility):
87 config = VALID_CONFIG.copy()
88 dns_test_common.write(config, self.config.rfc2136_credentials)
89
90 self.auth.perform([self.achall])
91
92 config["rfc2136_server"] = "2001:db8:3333:4444:cccc:dddd:eeee:ffff"
7093 dns_test_common.write(config, self.config.rfc2136_credentials)
7194
7295 self.auth.perform([self.achall])