Kaynağa Gözat

modified to enable use of http-basic authentication in case of an (nginx) reverse proxy

tags/v1.2.0
fabian 6 yıl önce
ebeveyn
işleme
c62d959209

+ 3
- 4
certbot-pdns.json Dosyayı Görüntüle

@@ -1,8 +1,7 @@
1 1
 {
2
-  "http-auth-user": "user",
3
-  "http-auth-pass": "change_it",
4 2
   "api-key": "change_it",
5
-  "api-pass": "change_it_too",
6 3
   "base-url": "http://127.0.0.1:34022/api/v1",
7
-  "axfr-time": 5
4
+  "axfr-time": 5,
5
+  "http-auth": ["user", "secret_pass"],
6
+  "verify-cert": "False"
8 7
 }

+ 5
- 3
certbot_pdns/PdnsApiAuthenticator.py Dosyayı Görüntüle

@@ -61,10 +61,12 @@ class PdnsApiAuthenticator:
61 61
             config = json.load(f)
62 62
         self.api.set_api_key(config["api-key"])
63 63
         self.api.set_base_url(config["base-url"])
64
-        self.api.set_api_pass(config["api-pass"])
65
-        self.api.set_http_auth_user(config["http-auth-user"])
66
-        self.api.set_http_auth_pass(config["http-auth-pass"])
67 64
         self.axfr_time = config["axfr-time"]
65
+        # check if additional parameters are set before trying to assign them to ensure backwards compatibility
66
+        if "verify-cert" in config:
67
+            self.api.set_verify_cert(config["verify-cert"])
68
+        if "http-auth" in config:
69
+            self.api.set_http_auth(config["http-auth"])
68 70
         self.zones = self.api.list_zones()
69 71
         # print(self.zones)
70 72
         # raw_input('Press <ENTER> to continue')

+ 22
- 15
certbot_pdns/pdnsapi.py Dosyayı Görüntüle

@@ -7,11 +7,10 @@ import requests
7 7
 
8 8
 
9 9
 class PdnsApi:
10
-    http_auth_user = None
11
-    http_auth_pass = None
12 10
     api_key = None
13
-    api_pass = None
14 11
     base_url = None
12
+    http_auth = None                                # Standard-value of requests-library will be used
13
+    verify_cert = None                              # Standard-value of requests-library will be used
15 14
 
16 15
     def set_api_key(self, api_key):
17 16
         self.api_key = api_key
@@ -19,14 +18,17 @@ class PdnsApi:
19 18
     def set_base_url(self, base_url):
20 19
         self.base_url = base_url
21 20
 
22
-    def set_api_pass(self, api_pass):
23
-        self.api_pass = api_pass
21
+    def set_verify_cert(self, verify_cert):
22
+        if verify_cert in ("True", "true"):         # convert from string to real bool
23
+            self.verify_cert = True
24
+        elif verify_cert in ("False", "false"):     # convert from string to real bool
25
+            self.verify_cert = False
26
+        elif isinstance(verify_cert, str):          # alternative: path to local cert is given as string
27
+            self.verify_cert = verify_cert          # see requests-documentation for more info
24 28
         
25
-    def set_http_auth_user(self, http_auth_user):
26
-        self.http_auth_user = http_auth_user
27
-        
28
-    def set_http_auth_pass(self, http_auth_pass):
29
-        self.http_auth_pass = http_auth_pass
29
+    def set_http_auth(self, http_auth):             # credentials should be given as list containing two elements
30
+        if len(http_auth == 2):                     # first: username, second: password for http-basic auth
31
+            self.http_auth = http_auth
30 32
         
31 33
     def _query(self, uri, method, kwargs=None):
32 34
         headers = {
@@ -38,15 +40,20 @@ class PdnsApi:
38 40
         data = json.dumps(kwargs)
39 41
 
40 42
         if method == "GET":
41
-            request = requests.get(self.base_url + uri, headers=headers, auth=(self.http_auth_user, self.http_auth_pass))
43
+            request = requests.get(self.base_url + uri, headers=headers,
44
+                                   auth=self.http_auth, verify=self.verify_cert)
42 45
         elif method == "POST":
43
-            request = requests.post(self.base_url + uri, headers=headers, auth=(self.http_auth_user, self.http_auth_pass), data=data)
46
+            request = requests.post(self.base_url + uri, headers=headers, data=data,
47
+                                    auth=self.http_auth, verify=self.verify_cert)
44 48
         elif method == "PUT":
45
-            request = requests.put(self.base_url + uri, headers=headers, auth=(self.http_auth_user, self.http_auth_pass), data=data)
49
+            request = requests.put(self.base_url + uri, headers=headers, data=data,
50
+                                   auth=self.http_auth, verify=self.verify_cert)
46 51
         elif method == "PATCH":
47
-            request = requests.patch(self.base_url + uri, headers=headers, auth=(self.http_auth_user, self.http_auth_pass), data=data)
52
+            request = requests.patch(self.base_url + uri, headers=headers, data=data,
53
+                                     auth=self.http_auth, verify=self.verify_cert)
48 54
         elif method == "DELETE":
49
-            request = requests.delete(self.base_url + uri, headers=headers, auth=(self.http_auth_user, self.http_auth_pass))
55
+            request = requests.delete(self.base_url + uri, headers=headers,
56
+                                      auth=self.http_auth, verify=self.verify_cert)
50 57
         else:
51 58
             raise ValueError("Invalid method '%s'" % method)
52 59
 

Loading…
İptal
Kaydet