diff --git a/README.rst b/README.rst index 99d8dd2..2c6b187 100644 --- a/README.rst +++ b/README.rst @@ -16,11 +16,6 @@ with "Domain" scope .. _dashboard: https://manager.infomaniak.com/v3/infomaniak-api -Then, export this token as an environment variable: - -:: - - export INFOMANIAK_API_TOKEN=xxx Installation ------------ @@ -32,6 +27,9 @@ Installation Usage ----- +Via environment variable +^^^^^^^^^^^^^^^^^^^^^^^^ + .. code-block:: bash export INFOMANIAK_API_TOKEN=xxx @@ -54,6 +52,43 @@ If certbot requires elevated rights, the following command must be used instead: --rsa-key-size 4096 \ -d 'death.star' +Via INI file +^^^^^^^^^^^^ + +Certbot will emit a warning if it detects that the credentials file can be +accessed by other users on your system. The warning reads "Unsafe permissions +on credentials configuration file", followed by the path to the credentials +file. This warning will be emitted each time Certbot uses the credentials file, +including for renewal, and cannot be silenced except by addressing the issue +(e.g., by using a command like ``chmod 600`` to restrict access to the file). + +============================================================= ============================================== +``--authenticator certbot-dns-infomaniak:dns-infomaniak`` select the authenticator plugin (Required) + +``--certbot-dns-infomaniak:dns-infomaniak-credentials`` Infomaniak Token credentials + INI file. (Required) +============================================================= ============================================== + +An example ``credentials.ini`` file: + +.. code-block:: ini + + certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + +To start using DNS authentication for Infomaniak, pass the following arguments on certbot's command line: + + +.. code-block:: bash + + certbot certonly \ + --authenticator certbot-dns-infomaniak:dns-infomaniak \ + --certbot-dns-infomaniak:dns-infomaniak-credentials \ + --server https://acme-v02.api.letsencrypt.org/directory \ + --agree-tos \ + --rsa-key-size 4096 \ + -d 'death.star' + Automatic renewal ----------------- diff --git a/certbot_dns_infomaniak/dns_infomaniak.py b/certbot_dns_infomaniak/dns_infomaniak.py index 5f6446f..38425d0 100644 --- a/certbot_dns_infomaniak/dns_infomaniak.py +++ b/certbot_dns_infomaniak/dns_infomaniak.py @@ -29,6 +29,14 @@ def __init__(self, *args, **kwargs): # super(Authenticator, self).__init__(*args, **kwargs) super().__init__(*args, **kwargs) self.token = "" + self.credentials = None + + @classmethod + def add_parser_arguments(cls, add): # pylint: disable=arguments-differ + super(Authenticator, cls).add_parser_arguments( + add, default_propagation_seconds=120 + ) + add("credentials", help="Infomaniak credentials INI file.") def more_info(self): # pylint: disable=missing-docstring,no-self-use return self.description @@ -36,8 +44,18 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use def _setup_credentials(self): token = os.getenv("INFOMANIAK_API_TOKEN") if token is None: - raise errors.PluginError("INFOMANIAK_API_TOKEN variable not defined") - self.token = token + self.credentials = self._configure_credentials( + "credentials", + "Infomaniak credentials INI file", + { + "token": "Infomaniak API token.", + }, + ) + if not self.credentials: + raise errors.PluginError("INFOMANIAK API Token not defined") + self.token = self.credentials.conf("token") + else: + self.token = token def _perform(self, domain, validation_name, validation): try: