liquidweb: detect zone automatically (#2031)

Co-authored-by: Fernandez Ludovic <[email protected]>

Author: jakdept

cmd/zz_gen_cmd_dnshelp.go

@@ -1635,17 +1635,17 @@ func displayDNSHelp(w io.Writer, name string) error {
 		ew.writeln()
 
 		ew.writeln(`Credentials:`)
-		ew.writeln(`	- "LIQUID_WEB_PASSWORD":	Storm API Password`)
-		ew.writeln(`	- "LIQUID_WEB_USERNAME":	Storm API Username`)
-		ew.writeln(`	- "LIQUID_WEB_ZONE":	DNS Zone`)
+		ew.writeln(`	- "LIQUID_WEB_PASSWORD":	Liquid Web API Password`)
+		ew.writeln(`	- "LIQUID_WEB_USERNAME":	Liquid Web API Username`)
 		ew.writeln()
 
 		ew.writeln(`Additional Configuration:`)
 		ew.writeln(`	- "LIQUID_WEB_HTTP_TIMEOUT":	Maximum waiting time for the DNS records to be created (not verified)`)
 		ew.writeln(`	- "LIQUID_WEB_POLLING_INTERVAL":	Time between DNS propagation check`)
 		ew.writeln(`	- "LIQUID_WEB_PROPAGATION_TIMEOUT":	Maximum waiting time for DNS propagation`)
 		ew.writeln(`	- "LIQUID_WEB_TTL":	The TTL of the TXT record used for the DNS challenge`)
-		ew.writeln(`	- "LIQUID_WEB_URL":	Storm API endpoint`)
+		ew.writeln(`	- "LIQUID_WEB_URL":	Liquid Web API endpoint`)
+		ew.writeln(`	- "LIQUID_WEB_ZONE":	DNS Zone`)
 
 		ew.writeln()
 		ew.writeln(`More information: https://go-acme.github.io/lego/dns/liquidweb`)

docs/content/dns/zz_gen_liquidweb.md

@@ -28,7 +28,6 @@ Here is an example bash command using the Liquid Web provider:
 ```bash
 LIQUID_WEB_USERNAME=someuser \
 LIQUID_WEB_PASSWORD=somepass \
-LIQUID_WEB_ZONE=tacoman.com.net \
 lego --email [email protected] --dns liquidweb --domains my.example.org run
 ```
 
@@ -39,9 +38,8 @@ lego --email [email protected] --dns liquidweb --domains my.example.org run
 
 | Environment Variable Name | Description |
 |-----------------------|-------------|
-| `LIQUID_WEB_PASSWORD` | Storm API Password |
-| `LIQUID_WEB_USERNAME` | Storm API Username |
-| `LIQUID_WEB_ZONE` | DNS Zone |
+| `LIQUID_WEB_PASSWORD` | Liquid Web API Password |
+| `LIQUID_WEB_USERNAME` | Liquid Web API Username |
 
 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
 More information [here]({{< ref "dns#configuration-and-credentials" >}}).
@@ -55,7 +53,8 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 | `LIQUID_WEB_POLLING_INTERVAL` | Time between DNS propagation check |
 | `LIQUID_WEB_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
 | `LIQUID_WEB_TTL` | The TTL of the TXT record used for the DNS challenge |
-| `LIQUID_WEB_URL` | Storm API endpoint |
+| `LIQUID_WEB_URL` | Liquid Web API endpoint |
+| `LIQUID_WEB_ZONE` | DNS Zone |
 
 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
 More information [here]({{< ref "dns#configuration-and-credentials" >}}).
@@ -65,7 +64,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 
 ## More information
 
-- [API documentation](https://cart.liquidweb.com/storm/api/docs/v1/)
+- [API documentation](https://api.liquidweb.com/docs/)
 - [Go client](https://github.com/liquidweb/liquidweb-go)
 
 <!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->

go.mod

@@ -40,7 +40,7 @@ require (
 	github.com/infobloxopen/infoblox-go-client v1.1.1
 	github.com/labbsr0x/bindman-dns-webhook v1.0.2
 	github.com/linode/linodego v1.17.2
-	github.com/liquidweb/liquidweb-go v1.6.3
+	github.com/liquidweb/liquidweb-go v1.6.4
 	github.com/mattn/go-isatty v0.0.19
 	github.com/miekg/dns v1.1.55
 	github.com/mimuret/golang-iij-dpf v0.9.1
@@ -134,7 +134,6 @@ require (
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/labbsr0x/goh v1.0.1 // indirect
-	github.com/liquidweb/go-lwApi v0.0.5 // indirect
 	github.com/liquidweb/liquidweb-cli v0.6.9 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect

go.sum

@@ -386,12 +386,10 @@ github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmt
 github.com/linode/linodego v1.17.2 h1:b32dj4662PGG5P9qVa6nBezccWdqgukndlMIuPGq1CQ=
 github.com/linode/linodego v1.17.2/go.mod h1:C2iyT3Vg2O2sPxkWka4XAQ5WSUtm5LmTZ3Adw43Ra7Q=
 github.com/liquidweb/go-lwApi v0.0.0-20190605172801-52a4864d2738/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs=
-github.com/liquidweb/go-lwApi v0.0.5 h1:CT4cdXzJXmo0bon298kS7NeSk+Gt8/UHpWBBol1NGCA=
-github.com/liquidweb/go-lwApi v0.0.5/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs=
 github.com/liquidweb/liquidweb-cli v0.6.9 h1:acbIvdRauiwbxIsOCEMXGwF75aSJDbDiyAWPjVnwoYM=
 github.com/liquidweb/liquidweb-cli v0.6.9/go.mod h1:cE1uvQ+x24NGUL75D0QagOFCG8Wdvmwu8aL9TLmA/eQ=
-github.com/liquidweb/liquidweb-go v1.6.3 h1:NVHvcnX3eb3BltiIoA+gLYn15nOpkYkdizOEYGSKrk4=
-github.com/liquidweb/liquidweb-go v1.6.3/go.mod h1:SuXXp+thr28LnjEw18AYtWwIbWMHSUiajPQs8T9c/Rc=
+github.com/liquidweb/liquidweb-go v1.6.4 h1:6S0m3hHSpiLqGD7AFSb7lH/W/qr1wx+tKil9fgIbjMc=
+github.com/liquidweb/liquidweb-go v1.6.4/go.mod h1:B934JPIIcdA+uTq2Nz5PgOtG6CuCaEvQKe/Ge/5GgZ4=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.4/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=

providers/dns/liquidweb/liquidweb.go

@@ -4,7 +4,9 @@ package liquidweb
 import (
 	"errors"
 	"fmt"
+	"sort"
 	"strconv"
+	"strings"
 	"sync"
 	"time"
 
@@ -14,7 +16,7 @@ import (
 	"github.com/liquidweb/liquidweb-go/network"
 )
 
-const defaultBaseURL = "https://api.stormondemand.com"
+const defaultBaseURL = "https://api.liquidweb.com"
 
 // Environment variables names.
 const (
@@ -45,15 +47,13 @@ type Config struct {
 
 // NewDefaultConfig returns a default configuration for the DNSProvider.
 func NewDefaultConfig() *Config {
-	config := &Config{
+	return &Config{
 		BaseURL:            defaultBaseURL,
 		TTL:                env.GetOrDefaultInt(EnvTTL, 300),
 		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
 		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, 2*time.Second),
 		HTTPTimeout:        env.GetOrDefaultSecond(EnvHTTPTimeout, 1*time.Minute),
 	}
-
-	return config
 }
 
 // DNSProvider implements the challenge.Provider interface.
@@ -66,7 +66,7 @@ type DNSProvider struct {
 
 // NewDNSProvider returns a DNSProvider instance configured for Liquid Web.
 func NewDNSProvider() (*DNSProvider, error) {
-	values, err := env.Get(EnvUsername, EnvPassword, EnvZone)
+	values, err := env.Get(EnvUsername, EnvPassword)
 	if err != nil {
 		return nil, fmt.Errorf("liquidweb: %w", err)
 	}
@@ -75,7 +75,7 @@ func NewDNSProvider() (*DNSProvider, error) {
 	config.BaseURL = env.GetOrFile(EnvURL)
 	config.Username = values[EnvUsername]
 	config.Password = values[EnvPassword]
-	config.Zone = values[EnvZone]
+	config.Zone = env.GetOrDefaultString(EnvZone, "")
 
 	return NewDNSProviderConfig(config)
 }
@@ -90,19 +90,6 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		config.BaseURL = defaultBaseURL
 	}
 
-	if config.Zone == "" {
-		return nil, errors.New("liquidweb: zone is missing")
-	}
-
-	if config.Username == "" {
-		return nil, errors.New("liquidweb: username is missing")
-	}
-
-	if config.Password == "" {
-		return nil, errors.New("liquidweb: password is missing")
-	}
-
-	// Initialize LW client.
 	client, err := lw.NewAPI(config.Username, config.Password, config.BaseURL, int(config.HTTPTimeout.Seconds()))
 	if err != nil {
 		return nil, fmt.Errorf("liquidweb: could not create Liquid Web API client: %w", err)
@@ -133,6 +120,15 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		TTL:   d.config.TTL,
 	}
 
+	if params.Zone == "" {
+		bestZone, err := d.findZone(params.Name)
+		if err != nil {
+			return fmt.Errorf("liquidweb: %w", err)
+		}
+
+		params.Zone = bestZone
+	}
+
 	dnsEntry, err := d.client.NetworkDNS.Create(params)
 	if err != nil {
 		return fmt.Errorf("liquidweb: could not create TXT record: %w", err)
@@ -167,3 +163,31 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 
 	return nil
 }
+
+func (d *DNSProvider) findZone(domain string) (string, error) {
+	zones, err := d.client.NetworkDNSZone.ListAll()
+	if err != nil {
+		return "", fmt.Errorf("failed to retrieve zones for account: %w", err)
+	}
+
+	// filter the zones on the account to only ones that match
+	var zs []network.DNSZone
+	for _, item := range zones.Items {
+		if strings.HasSuffix(domain, item.Name) {
+			zs = append(zs, item)
+		}
+	}
+
+	if len(zs) < 1 {
+		return "", fmt.Errorf("no valid zone in account for certificate '%s'", domain)
+	}
+
+	// powerdns _only_ looks for records on the longest matching subdomain zone aka,
+	// for test.sub.example.com if sub.example.com exists,
+	// it will look there it will not look atexample.com even if it also exists
+	sort.Slice(zs, func(i, j int) bool {
+		return len(zs[i].Name) > len(zs[j].Name)
+	})
+
+	return zs[0].Name, nil
+}

providers/dns/liquidweb/liquidweb.toml

@@ -7,22 +7,21 @@ Since = "v3.1.0"
 Example = '''
 LIQUID_WEB_USERNAME=someuser \
 LIQUID_WEB_PASSWORD=somepass \
-LIQUID_WEB_ZONE=tacoman.com.net \
 lego --email [email protected] --dns liquidweb --domains my.example.org run
 '''
 
 [Configuration]
   [Configuration.Credentials]
-    LIQUID_WEB_USERNAME = "Storm API Username"
-    LIQUID_WEB_PASSWORD = "Storm API Password"
-    LIQUID_WEB_ZONE = "DNS Zone"
+    LIQUID_WEB_USERNAME = "Liquid Web API Username"
+    LIQUID_WEB_PASSWORD = "Liquid Web API Password"
   [Configuration.Additional]
-    LIQUID_WEB_URL = "Storm API endpoint"
+    LIQUID_WEB_ZONE = "DNS Zone"
+    LIQUID_WEB_URL = "Liquid Web API endpoint"
     LIQUID_WEB_TTL = "The TTL of the TXT record used for the DNS challenge"
     LIQUID_WEB_POLLING_INTERVAL = "Time between DNS propagation check"
     LIQUID_WEB_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
     LIQUID_WEB_HTTP_TIMEOUT = "Maximum waiting time for the DNS records to be created (not verified)"
 
 [Links]
-  API = "https://cart.liquidweb.com/storm/api/docs/v1/"
+  API = "https://api.liquidweb.com/docs/"
   GoClient = "https://github.com/liquidweb/liquidweb-go"