Merge pull request #2928 from Netflix/powerdnsplugin_01

Add Support for ACME_POWERDNS_VERIFY Option
This commit is contained in:
csine-nflx 2020-03-05 15:46:44 -08:00 committed by GitHub
commit 5fc62aff7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 2 deletions

View File

@ -1014,6 +1014,15 @@ The following configuration properties are required to use the PowerDNS ACME Plu
This is the number of times DNS Verification should be attempted (i.e. 20) This is the number of times DNS Verification should be attempted (i.e. 20)
.. data:: ACME_POWERDNS_VERIFY
:noindex:
This configures how TLS certificates on the PowerDNS API target are validated. The PowerDNS Plugin depends on the PyPi requests library, which supports the following options for the verify parameter:
* True: Verifies the TLS certificate was issued by a known publicly-trusted CA. (Default)
* False: Disables certificate validation (Not Recommended)
* File/Dir path to CA Bundle: Verifies the TLS certificate was issued by a Certificate Authority in the provided CA bundle.
.. _CommandLineInterface: .. _CommandLineInterface:
Command Line Interface Command Line Interface

View File

@ -246,11 +246,12 @@ def _get_zone_name(domain, account_number):
def _get(path, params=None): def _get(path, params=None):
""" Execute a GET request on the given URL (base_uri + path) and return response as JSON object """ """ Execute a GET request on the given URL (base_uri + path) and return response as JSON object """
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN") base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
resp = requests.get( resp = requests.get(
f"{base_uri}{path}", f"{base_uri}{path}",
headers=_generate_header(), headers=_generate_header(),
params=params, params=params,
verify=True, verify=verify_value
) )
resp.raise_for_status() resp.raise_for_status()
return resp.json() return resp.json()
@ -259,9 +260,11 @@ def _get(path, params=None):
def _patch(path, payload): def _patch(path, payload):
""" Execute a Patch request on the given URL (base_uri + path) with given payload """ """ Execute a Patch request on the given URL (base_uri + path) with given payload """
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN") base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
resp = requests.patch( resp = requests.patch(
f"{base_uri}{path}", f"{base_uri}{path}",
data=json.dumps(payload), data=json.dumps(payload),
headers=_generate_header() headers=_generate_header(),
verify=verify_value
) )
resp.raise_for_status() resp.raise_for_status()