-
-
Notifications
You must be signed in to change notification settings - Fork 404
/
acme.py
61 lines (50 loc) · 1.78 KB
/
acme.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#
#
#
from logging import getLogger
from .base import BaseProcessor
class AcmeMangingProcessor(BaseProcessor):
log = getLogger('AcmeMangingProcessor')
def __init__(self, name):
'''
processors:
acme:
class: octodns.processor.acme.AcmeMangingProcessor
...
zones:
something.com.:
...
processors:
- acme
...
'''
super().__init__(name)
self._owned = set()
def process_source_zone(self, desired, *args, **kwargs):
for record in desired.records:
if record._type == 'TXT' and record.name.startswith(
'_acme-challenge'
):
# We have a managed acme challenge record (owned by octoDNS) so
# we should mark it as such
record = record.copy()
record.values.append('*octoDNS*')
record.values.sort()
# This assumes we'll see things as sources before targets,
# which is the case...
self._owned.add(record)
desired.add_record(record, replace=True)
return desired
def process_target_zone(self, existing, *args, **kwargs):
for record in existing.records:
# Uses a startswith rather than == to ignore subdomain challenges,
# e.g. _acme-challenge.foo.domain.com when managing domain.com
if (
record._type == 'TXT'
and record.name.startswith('_acme-challenge')
and '*octoDNS*' not in record.values
and record not in self._owned
):
self.log.info('_process: ignoring %s', record.fqdn)
existing.remove_record(record)
return existing