Skip to content

Commit

Permalink
Add ini credentials file (#11)
Browse files Browse the repository at this point in the history
* Add possibility to use credentials INI file

* correction README

Co-authored-by: Romain <[email protected]>
  • Loading branch information
pr000t and Romain authored May 4, 2021
1 parent 016b56e commit 9d264a0
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 7 deletions.
45 changes: 40 additions & 5 deletions README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,6 @@ with "Domain" scope

.. _dashboard: https://manager.infomaniak.com/v3/infomaniak-api

Then, export this token as an environment variable:

::

export INFOMANIAK_API_TOKEN=xxx

Installation
------------
Expand All @@ -32,6 +27,9 @@ Installation
Usage
-----

Via environment variable
^^^^^^^^^^^^^^^^^^^^^^^^

.. code-block:: bash
export INFOMANIAK_API_TOKEN=xxx
Expand All @@ -54,6 +52,43 @@ If certbot requires elevated rights, the following command must be used instead:
--rsa-key-size 4096 \
-d 'death.star'
Via INI file
^^^^^^^^^^^^

Certbot will emit a warning if it detects that the credentials file can be
accessed by other users on your system. The warning reads "Unsafe permissions
on credentials configuration file", followed by the path to the credentials
file. This warning will be emitted each time Certbot uses the credentials file,
including for renewal, and cannot be silenced except by addressing the issue
(e.g., by using a command like ``chmod 600`` to restrict access to the file).

============================================================= ==============================================
``--authenticator certbot-dns-infomaniak:dns-infomaniak`` select the authenticator plugin (Required)

``--certbot-dns-infomaniak:dns-infomaniak-credentials`` Infomaniak Token credentials
INI file. (Required)
============================================================= ==============================================

An example ``credentials.ini`` file:

.. code-block:: ini
certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
To start using DNS authentication for Infomaniak, pass the following arguments on certbot's command line:


.. code-block:: bash
certbot certonly \
--authenticator certbot-dns-infomaniak:dns-infomaniak \
--certbot-dns-infomaniak:dns-infomaniak-credentials <path to file> \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--rsa-key-size 4096 \
-d 'death.star'
Automatic renewal
-----------------

Expand Down
22 changes: 20 additions & 2 deletions certbot_dns_infomaniak/dns_infomaniak.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,33 @@ def __init__(self, *args, **kwargs):
# super(Authenticator, self).__init__(*args, **kwargs)
super().__init__(*args, **kwargs)
self.token = ""
self.credentials = None

@classmethod
def add_parser_arguments(cls, add): # pylint: disable=arguments-differ
super(Authenticator, cls).add_parser_arguments(
add, default_propagation_seconds=120
)
add("credentials", help="Infomaniak credentials INI file.")

def more_info(self): # pylint: disable=missing-docstring,no-self-use
return self.description

def _setup_credentials(self):
token = os.getenv("INFOMANIAK_API_TOKEN")
if token is None:
raise errors.PluginError("INFOMANIAK_API_TOKEN variable not defined")
self.token = token
self.credentials = self._configure_credentials(
"credentials",
"Infomaniak credentials INI file",
{
"token": "Infomaniak API token.",
},
)
if not self.credentials:
raise errors.PluginError("INFOMANIAK API Token not defined")
self.token = self.credentials.conf("token")
else:
self.token = token

def _perform(self, domain, validation_name, validation):
try:
Expand Down

0 comments on commit 9d264a0

Please sign in to comment.