ervin/acme.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add ecs ram role support

Browse Source
This commit is contained in:
Yang Liu 2021-03-08 09:56:36 +08:00
parent c33e5bc40f
commit d3ed8bea26
1 changed files with 74 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
dnsapi/dns_ali.sh
View File

@ -1,27 +1,34 @@
#!/usr/bin/env sh #!/usr/local/bin/bash
Ali_API="https://alidns.aliyuncs.com/" Ali_API="https://alidns.aliyuncs.com/"
#Ali_Key="LTqIA87hOKdjevsf5" #ALICLOUD_ACCESS_KEY="LTqIA87hOKdjevsf5"
#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2" #ALICLOUD_SECRET_KEY="0p5EYueFNq501xnCPzKNbx6K51qPH2"
#Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" #Usage: dns_ali_add $(_ali_urlencode "_acme-challenge.www.domain.com") "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_ali_add() { dns_ali_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}" ALICLOUD_ACCESS_KEY="${ALICLOUD_ACCESS_KEY:-$(_readaccountconf_mutable ALICLOUD_ACCESS_KEY)}"
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}" ALICLOUD_SECRET_KEY="${ALICLOUD_SECRET_KEY:-$(_readaccountconf_mutable ALICLOUD_SECRET_KEY)}"
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
Ali_Key="" if [ -z "$ALICLOUD_ACCESS_KEY" ] || [ -z "$ALICLOUD_SECRET_KEY" ]; then
Ali_Secret="" _use_instance_role
fi
if [ -z "$ALICLOUD_ACCESS_KEY" ] || [ -z "$ALICLOUD_SECRET_KEY" ]; then
ALICLOUD_ACCESS_KEY=""
ALICLOUD_SECRET_KEY=""
_err "You don't specify aliyun api key and secret yet." _err "You don't specify aliyun api key and secret yet."
return 1 return 1
fi fi
#save the api key and secret to the account conf file. #save the api key and secret to the account conf file.
_saveaccountconf_mutable Ali_Key "$Ali_Key" if [ -z "$_using_role" ]; then
_saveaccountconf_mutable Ali_Secret "$Ali_Secret" _saveaccountconf_mutable ALICLOUD_ACCESS_KEY "$ALICLOUD_ACCESS_KEY"
_saveaccountconf_mutable ALICLOUD_SECRET_KEY "$ALICLOUD_SECRET_KEY"
fi
_debug "First detect the root zone" _debug "First detect the root zone"
if ! _get_root "$fulldomain"; then if ! _get_root "$fulldomain"; then
@ -35,8 +42,8 @@ dns_ali_add() {
dns_ali_rm() { dns_ali_rm() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}" ALICLOUD_ACCESS_KEY="${ALICLOUD_ACCESS_KEY:-$(_readaccountconf_mutable ALICLOUD_ACCESS_KEY)}"
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}" ALICLOUD_SECRET_KEY="${ALICLOUD_SECRET_KEY:-$(_readaccountconf_mutable ALICLOUD_SECRET_KEY)}"
_debug "First detect the root zone" _debug "First detect the root zone"
if ! _get_root "$fulldomain"; then if ! _get_root "$fulldomain"; then
@ -77,8 +84,45 @@ _get_root() {
return 1 return 1
} }
_use_instance_role() {
_url="http://100.100.100.200/latest/meta-data/ram/security-credentials/"
_debug "_url" "$_url"
if ! _get "$_url" true 1 | _head_n 1 | grep -Fq 200; then
_debug "Unable to fetch IAM role from instance metadata"
return 1
fi
_ali_instance_role=$(_get "$_url" "" 1)
_debug "_ali_instance_role" "_ali_instance_role"
_ali_creds="$(
_get "$_url$_ali_instance_role" "" 1 |
_normalizeJson |
tr '{,}' '\n' |
while read -r _line; do
_key="$(echo "${_line%%:*}" | tr -d '"')"
_value="${_line#*:}"
_debug3 "_key" "$_key"
_secure_debug3 "_value" "$_value"
case "$_key" in
AccessKeyId) echo "ALICLOUD_ACCESS_KEY=$_value" ;;
AccessKeySecret) echo "ALICLOUD_SECRET_KEY=$_value" ;;
SecurityToken) echo "ALICLOUD_SECURITY_TOKEN=$_value" ;;
esac
done |
paste -sd' ' -
)"
_secure_debug "_ali_creds" "$_ali_creds"
if [ -z "$_ali_creds" ]; then
return 1
fi
eval "$_ali_creds"
_using_role=true
}
_ali_rest() { _ali_rest() {
signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64) signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$ALICLOUD_SECRET_KEY&" | _hex_dump | tr -d " ")" | _base64)
signature=$(_ali_urlencode "$signature") signature=$(_ali_urlencode "$signature")
url="$Ali_API?$query&Signature=$signature" url="$Ali_API?$query&Signature=$signature"
@ -124,11 +168,14 @@ _check_exist_query() {
_qdomain="$1" _qdomain="$1"
_qsubdomain="$2" _qsubdomain="$2"
query='' query=''
query=$query'AccessKeyId='$Ali_Key query=$query'AccessKeyId='$ALICLOUD_ACCESS_KEY
query=$query'&Action=DescribeDomainRecords' query=$query'&Action=DescribeDomainRecords'
query=$query'&DomainName='$_qdomain query=$query'&DomainName='$_qdomain
query=$query'&Format=json' query=$query'&Format=json'
query=$query'&RRKeyWord='$_qsubdomain query=$query'&RRKeyWord='$_qsubdomain
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'
@ -139,11 +186,14 @@ _check_exist_query() {
_add_record_query() { _add_record_query() {
query='' query=''
query=$query'AccessKeyId='$Ali_Key query=$query'AccessKeyId='$ALICLOUD_ACCESS_KEY
query=$query'&Action=AddDomainRecord' query=$query'&Action=AddDomainRecord'
query=$query'&DomainName='$1 query=$query'&DomainName='$1
query=$query'&Format=json' query=$query'&Format=json'
query=$query'&RR='$2 query=$query'&RR='$2
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'
@ -155,10 +205,13 @@ _add_record_query() {
_delete_record_query() { _delete_record_query() {
query='' query=''
query=$query'AccessKeyId='$Ali_Key query=$query'AccessKeyId='$ALICLOUD_ACCESS_KEY
query=$query'&Action=DeleteDomainRecord' query=$query'&Action=DeleteDomainRecord'
query=$query'&Format=json' query=$query'&Format=json'
query=$query'&RecordId='$1 query=$query'&RecordId='$1
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'
@ -168,10 +221,13 @@ _delete_record_query() {
_describe_records_query() { _describe_records_query() {
query='' query=''
query=$query'AccessKeyId='$Ali_Key query=$query'AccessKeyId='$ALICLOUD_ACCESS_KEY
query=$query'&Action=DescribeDomainRecords' query=$query'&Action=DescribeDomainRecords'
query=$query'&DomainName='$1 query=$query'&DomainName='$1
query=$query'&Format=json' query=$query'&Format=json'
if [ -n "$ALICLOUD_SECURITY_TOKEN" ]; then
query=$query'&SecurityToken='$(_ali_urlencode "$ALICLOUD_SECURITY_TOKEN")
fi
query=$query'&SignatureMethod=HMAC-SHA1' query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)" query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0' query=$query'&SignatureVersion=1.0'