Package list python-certbot-dns-rfc2136 / b6ddea5
New upstream version 1.10.1 Harlan Lieberman-Berg 7 months ago
9 changed file(s) with 76 addition(s) and 56 deletion(s). Raw diff Collapse all Expand all
00 Metadata-Version: 2.1
11 Name: certbot-dns-rfc2136
2 Version: 1.3.0
2 Version: 1.10.1
33 Summary: RFC 2136 DNS Authenticator plugin for Certbot
44 Home-page: https://github.com/certbot/certbot
55 Author: Certbot Project
1616 Classifier: Programming Language :: Python :: 2
1717 Classifier: Programming Language :: Python :: 2.7
1818 Classifier: Programming Language :: Python :: 3
19 Classifier: Programming Language :: Python :: 3.5
2019 Classifier: Programming Language :: Python :: 3.6
2120 Classifier: Programming Language :: Python :: 3.7
2221 Classifier: Programming Language :: Python :: 3.8
22 Classifier: Programming Language :: Python :: 3.9
2323 Classifier: Topic :: Internet :: WWW/HTTP
2424 Classifier: Topic :: Security
2525 Classifier: Topic :: System :: Installation/Setup
2626 Classifier: Topic :: System :: Networking
2727 Classifier: Topic :: System :: Systems Administration
2828 Classifier: Topic :: Utilities
29 Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*
29 Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*
3030 Provides-Extra: docs
9898 This configuration limits the scope of the TSIG key to just be able to
9999 add and remove TXT records for one specific host for the purpose of
100100 completing the ``dns-01`` challenge. If your version of BIND doesn't
101 support the
102 `update-policy <http://www.zytrax.com/books/dns/ch7/xfer.html#update-policy>`_
103 directive then you can use the less-secure
104 `allow-update <http://www.zytrax.com/books/dns/ch7/xfer.html#allow-update>`_
105 directive instead.
101 support the ``update-policy`` directive, then you can use the less-secure
102 ``allow-update`` directive instead. `See the BIND documentation
103 <https://bind9.readthedocs.io/en/latest/reference.html#dynamic-update-policies>`_
104 for details.
106105
107106 Examples
108107 --------
0 # type: ignore
1 # pylint: disable=no-member
2 # Many attributes of dnspython are now dynamically defined which causes both
3 # mypy and pylint to error about accessing attributes they think do not exist.
4 # This is the case even in up-to-date versions of mypy and pylint which as of
5 # writing this are 0.790 and 2.6.0 respectively. This problem may be fixed in
6 # dnspython 2.1.0. See https://github.com/rthalley/dnspython/issues/598. For
7 # now, let's disable these checks. This is done at the very top of the file
8 # like this because "type: ignore" must be the first line in the file to be
9 # respected by mypy.
010 """DNS Authenticator using RFC 2136 Dynamic Updates."""
111 import logging
212
1727
1828 logger = logging.getLogger(__name__)
1929
30 DEFAULT_NETWORK_TIMEOUT = 45
2031
2132 @zope.interface.implementer(interfaces.IAuthenticator)
2233 @zope.interface.provider(interfaces.IPluginFactory)
90101 """
91102 Encapsulates all communication with the target DNS server.
92103 """
93 def __init__(self, server, port, key_name, key_secret, key_algorithm):
104 def __init__(self, server, port, key_name, key_secret, key_algorithm,
105 timeout=DEFAULT_NETWORK_TIMEOUT):
94106 self.server = server
95107 self.port = port
96108 self.keyring = dns.tsigkeyring.from_text({
97109 key_name: key_secret
98110 })
99111 self.algorithm = key_algorithm
112 self._default_timeout = timeout
100113
101114 def add_txt_record(self, record_name, record_content, record_ttl):
102115 """
121134 update.add(rel, record_ttl, dns.rdatatype.TXT, record_content)
122135
123136 try:
124 response = dns.query.tcp(update, self.server, port=self.port)
137 response = dns.query.tcp(update, self.server, self._default_timeout, self.port)
125138 except Exception as e:
126139 raise errors.PluginError('Encountered error adding TXT record: {0}'
127140 .format(e))
156169 update.delete(rel, dns.rdatatype.TXT, record_content)
157170
158171 try:
159 response = dns.query.tcp(update, self.server, port=self.port)
172 response = dns.query.tcp(update, self.server, self._default_timeout, self.port)
160173 except Exception as e:
161174 raise errors.PluginError('Encountered error deleting TXT record: {0}'
162175 .format(e))
206219
207220 try:
208221 try:
209 response = dns.query.tcp(request, self.server, port=self.port)
210 except OSError as e:
222 response = dns.query.tcp(request, self.server, self._default_timeout, self.port)
223 except (OSError, dns.exception.Timeout) as e:
211224 logger.debug('TCP query failed, fallback to UDP: %s', e)
212 response = dns.query.udp(request, self.server, port=self.port)
225 response = dns.query.udp(request, self.server, self._default_timeout, self.port)
213226 rcode = response.rcode()
214227
215228 # Authoritative Answer bit should be set
00 Metadata-Version: 2.1
11 Name: certbot-dns-rfc2136
2 Version: 1.3.0
2 Version: 1.10.1
33 Summary: RFC 2136 DNS Authenticator plugin for Certbot
44 Home-page: https://github.com/certbot/certbot
55 Author: Certbot Project
1616 Classifier: Programming Language :: Python :: 2
1717 Classifier: Programming Language :: Python :: 2.7
1818 Classifier: Programming Language :: Python :: 3
19 Classifier: Programming Language :: Python :: 3.5
2019 Classifier: Programming Language :: Python :: 3.6
2120 Classifier: Programming Language :: Python :: 3.7
2221 Classifier: Programming Language :: Python :: 3.8
22 Classifier: Programming Language :: Python :: 3.9
2323 Classifier: Topic :: Internet :: WWW/HTTP
2424 Classifier: Topic :: Security
2525 Classifier: Topic :: System :: Installation/Setup
2626 Classifier: Topic :: System :: Networking
2727 Classifier: Topic :: System :: Systems Administration
2828 Classifier: Topic :: Utilities
29 Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*
29 Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*
3030 Provides-Extra: docs
0 dnspython
1 setuptools
2 zope.interface
03 acme>=0.29.0
14 certbot>=1.1.0
2 dnspython
5
6 [:python_version < "3.3"]
37 mock
4 setuptools
5 zope.interface
68
79 [docs]
810 Sphinx>=1.0
9292 # a list of builtin themes.
9393 #
9494
95 # http://docs.readthedocs.org/en/latest/theme.html#how-do-i-use-this-locally-and-on-read-the-docs
95 # https://docs.readthedocs.io/en/stable/faq.html#i-want-to-use-the-read-the-docs-theme-locally
9696 # on_rtd is whether we are on readthedocs.org
9797 on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
9898 if not on_rtd: # only import and set the theme if we're building docs locally
2121 echo.Sphinx directory to PATH.
2222 echo.
2323 echo.If you don't have Sphinx installed, grab it from
24 echo.http://sphinx-doc.org/
24 echo.https://www.sphinx-doc.org/
2525 exit /b 1
2626 )
2727
0 from distutils.version import LooseVersion
1 import os
02 import sys
13
4 from setuptools import __version__ as setuptools_version
25 from setuptools import find_packages
36 from setuptools import setup
4 from setuptools.command.test import test as TestCommand
57
6 version = '1.3.0'
8 version = '1.10.1'
79
810 # Remember to update local-oldest-requirements.txt when changing the minimum
911 # acme/certbot version.
1012 install_requires = [
11 'acme>=0.29.0',
12 'certbot>=1.1.0',
1313 'dnspython',
14 'mock',
1514 'setuptools',
1615 'zope.interface',
1716 ]
17
18 if not os.environ.get('SNAP_BUILD'):
19 install_requires.extend([
20 'acme>=0.29.0',
21 'certbot>=1.1.0',
22 ])
23 elif 'bdist_wheel' in sys.argv[1:]:
24 raise RuntimeError('Unset SNAP_BUILD when building wheels '
25 'to include certbot dependencies.')
26 if os.environ.get('SNAP_BUILD'):
27 install_requires.append('packaging')
28
29 setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
30 if setuptools_known_environment_markers:
31 install_requires.append('mock ; python_version < "3.3"')
32 elif 'bdist_wheel' in sys.argv[1:]:
33 raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
34 'of setuptools. Version 36.2+ of setuptools is required.')
35 elif sys.version_info < (3,3):
36 install_requires.append('mock')
1837
1938 docs_extras = [
2039 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
2140 'sphinx_rtd_theme',
2241 ]
23
24 class PyTest(TestCommand):
25 user_options = []
26
27 def initialize_options(self):
28 TestCommand.initialize_options(self)
29 self.pytest_args = ''
30
31 def run_tests(self):
32 import shlex
33 # import here, cause outside the eggs aren't loaded
34 import pytest
35 errno = pytest.main(shlex.split(self.pytest_args))
36 sys.exit(errno)
3742
3843 setup(
3944 name='certbot-dns-rfc2136',
4348 author="Certbot Project",
4449 author_email='client-dev@letsencrypt.org',
4550 license='Apache License 2.0',
46 python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*',
51 python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
4752 classifiers=[
4853 'Development Status :: 5 - Production/Stable',
4954 'Environment :: Plugins',
5459 'Programming Language :: Python :: 2',
5560 'Programming Language :: Python :: 2.7',
5661 'Programming Language :: Python :: 3',
57 'Programming Language :: Python :: 3.5',
5862 'Programming Language :: Python :: 3.6',
5963 'Programming Language :: Python :: 3.7',
6064 'Programming Language :: Python :: 3.8',
65 'Programming Language :: Python :: 3.9',
6166 'Topic :: Internet :: WWW/HTTP',
6267 'Topic :: Security',
6368 'Topic :: System :: Installation/Setup',
7782 'dns-rfc2136 = certbot_dns_rfc2136._internal.dns_rfc2136:Authenticator',
7883 ],
7984 },
80 tests_require=["pytest"],
81 test_suite='certbot_dns_rfc2136',
82 cmdclass={"test": PyTest},
8385 )
44 import dns.flags
55 import dns.rcode
66 import dns.tsig
7 import mock
7 try:
8 import mock
9 except ImportError: # pragma: no cover
10 from unittest import mock # type: ignore
811
912 from certbot import errors
1013 from certbot.compat import os
1720 NAME = 'a-tsig-key.'
1821 SECRET = 'SSB3b25kZXIgd2hvIHdpbGwgYm90aGVyIHRvIGRlY29kZSB0aGlzIHRleHQK'
1922 VALID_CONFIG = {"rfc2136_server": SERVER, "rfc2136_name": NAME, "rfc2136_secret": SECRET}
20
23 TIMEOUT = 45
2124
2225 class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthenticatorTest):
2326
7477 def setUp(self):
7578 from certbot_dns_rfc2136._internal.dns_rfc2136 import _RFC2136Client
7679
77 self.rfc2136_client = _RFC2136Client(SERVER, PORT, NAME, SECRET, dns.tsig.HMAC_MD5)
80 self.rfc2136_client = _RFC2136Client(SERVER, PORT, NAME, SECRET, dns.tsig.HMAC_MD5,
81 TIMEOUT)
7882
7983 @mock.patch("dns.query.tcp")
8084 def test_add_txt_record(self, query_mock):
8488
8589 self.rfc2136_client.add_txt_record("bar", "baz", 42)
8690
87 query_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
91 query_mock.assert_called_with(mock.ANY, SERVER, TIMEOUT, PORT)
8892 self.assertTrue("bar. 42 IN TXT \"baz\"" in str(query_mock.call_args[0][0]))
8993
9094 @mock.patch("dns.query.tcp")
117121
118122 self.rfc2136_client.del_txt_record("bar", "baz")
119123
120 query_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
124 query_mock.assert_called_with(mock.ANY, SERVER, TIMEOUT, PORT)
121125 self.assertTrue("bar. 0 NONE TXT \"baz\"" in str(query_mock.call_args[0][0]))
122126
123127 @mock.patch("dns.query.tcp")
149153 # _find_domain | pylint: disable=protected-access
150154 domain = self.rfc2136_client._find_domain('foo.bar.'+DOMAIN)
151155
152 self.assertTrue(domain == DOMAIN)
156 self.assertEqual(domain, DOMAIN)
153157
154158 def test_find_domain_wraps_errors(self):
155159 # _query_soa | pylint: disable=protected-access
169173 # _query_soa | pylint: disable=protected-access
170174 result = self.rfc2136_client._query_soa(DOMAIN)
171175
172 query_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
176 query_mock.assert_called_with(mock.ANY, SERVER, TIMEOUT, PORT)
173177 self.assertTrue(result)
174178
175179 @mock.patch("dns.query.tcp")
179183 # _query_soa | pylint: disable=protected-access
180184 result = self.rfc2136_client._query_soa(DOMAIN)
181185
182 query_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
186 query_mock.assert_called_with(mock.ANY, SERVER, TIMEOUT, PORT)
183187 self.assertFalse(result)
184188
185189 @mock.patch("dns.query.tcp")
202206 # _query_soa | pylint: disable=protected-access
203207 result = self.rfc2136_client._query_soa(DOMAIN)
204208
205 tcp_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
206 udp_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
209 tcp_mock.assert_called_with(mock.ANY, SERVER, TIMEOUT, PORT)
210 udp_mock.assert_called_with(mock.ANY, SERVER, TIMEOUT, PORT)
207211 self.assertTrue(result)
208212
209213