Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #2928 from Netflix/powerdnsplugin_01 

Add Support for ACME_POWERDNS_VERIFY Option
This commit is contained in:
csine-nflx 2020-03-05 15:46:44 -08:00 committed by GitHub
parent 3c24c22890 e1e7efc96e
commit 5fc62aff7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/administration.rst
View File

@ -1014,6 +1014,15 @@ The following configuration properties are required to use the PowerDNS ACME Plu
This is the number of times DNS Verification should be attempted (i.e. 20) This is the number of times DNS Verification should be attempted (i.e. 20)
.. data:: ACME_POWERDNS_VERIFY
:noindex:
This configures how TLS certificates on the PowerDNS API target are validated. The PowerDNS Plugin depends on the PyPi requests library, which supports the following options for the verify parameter:
* True: Verifies the TLS certificate was issued by a known publicly-trusted CA. (Default)
* False: Disables certificate validation (Not Recommended)
* File/Dir path to CA Bundle: Verifies the TLS certificate was issued by a Certificate Authority in the provided CA bundle.
.. _CommandLineInterface: .. _CommandLineInterface:
Command Line Interface Command Line Interface

7
lemur/plugins/lemur_acme/powerdns.py
View File

@ -246,11 +246,12 @@ def _get_zone_name(domain, account_number):
def _get(path, params=None): def _get(path, params=None):
""" Execute a GET request on the given URL (base_uri + path) and return response as JSON object """ """ Execute a GET request on the given URL (base_uri + path) and return response as JSON object """
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN") base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
resp = requests.get( resp = requests.get(
f"{base_uri}{path}", f"{base_uri}{path}",
headers=_generate_header(), headers=_generate_header(),
params=params, params=params,
verify=True, verify=verify_value
) )
resp.raise_for_status() resp.raise_for_status()
return resp.json() return resp.json()
@ -259,9 +260,11 @@ def _get(path, params=None):
def _patch(path, payload): def _patch(path, payload):
""" Execute a Patch request on the given URL (base_uri + path) with given payload """ """ Execute a Patch request on the given URL (base_uri + path) with given payload """
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN") base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
resp = requests.patch( resp = requests.patch(
f"{base_uri}{path}", f"{base_uri}{path}",
data=json.dumps(payload), data=json.dumps(payload),
headers=_generate_header() headers=_generate_header(),
verify=verify_value
) )
resp.raise_for_status() resp.raise_for_status()