certbot-dns-google-0.23.0/0000755000076600000240000000000013261245103015200 5ustar bmwstaff00000000000000certbot-dns-google-0.23.0/PKG-INFO0000644000076600000240000000227413261245103016302 0ustar bmwstaff00000000000000Metadata-Version: 2.1 Name: certbot-dns-google Version: 0.23.0 Summary: Google Cloud DNS Authenticator plugin for Certbot Home-page: https://github.com/certbot/certbot Author: Certbot Project Author-email: client-dev@letsencrypt.org License: Apache License 2.0 Description: UNKNOWN Platform: UNKNOWN Classifier: Development Status :: 3 - Alpha Classifier: Environment :: Plugins Classifier: Intended Audience :: System Administrators Classifier: License :: OSI Approved :: Apache Software License Classifier: Operating System :: POSIX :: Linux Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 2 Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.4 Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 Classifier: Topic :: Internet :: WWW/HTTP Classifier: Topic :: Security Classifier: Topic :: System :: Installation/Setup Classifier: Topic :: System :: Networking Classifier: Topic :: System :: Systems Administration Classifier: Topic :: Utilities Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.* Provides-Extra: docs certbot-dns-google-0.23.0/certbot_dns_google/0000755000076600000240000000000013261245103021042 5ustar bmwstaff00000000000000certbot-dns-google-0.23.0/certbot_dns_google/testdata/0000755000076600000240000000000013261245103022653 5ustar bmwstaff00000000000000certbot-dns-google-0.23.0/certbot_dns_google/testdata/discovery.json0000644000076600000240000013474013261244762025600 0ustar bmwstaff00000000000000{ "kind": "discovery#restDescription", "etag": "\"-iA1DTNe4s-I6JZXPt1t1Ypy8IU/gSzgHqX4Zwypnde2YApimTf_qmE\"", "discoveryVersion": "v1", "id": "dns:v1", "name": "dns", "version": "v1", "revision": "20180314", "title": "Google Cloud DNS API", "description": "Configures and serves authoritative DNS records.", "ownerDomain": "google.com", "ownerName": "Google", "icons": { "x16": "https://www.gstatic.com/images/branding/product/1x/googleg_16dp.png", "x32": "https://www.gstatic.com/images/branding/product/1x/googleg_32dp.png" }, "documentationLink": "https://developers.google.com/cloud-dns", "protocol": "rest", "baseUrl": "https://www.googleapis.com/dns/v1/projects/", "basePath": "/dns/v1/projects/", "rootUrl": "https://www.googleapis.com/", "servicePath": "dns/v1/projects/", "batchPath": "batch/dns/v1", "parameters": { "alt": { "type": "string", "description": "Data format for the response.", "default": "json", "enum": [ "json" ], "enumDescriptions": [ "Responses with Content-Type of application/json" ], "location": "query" }, "fields": { "type": "string", "description": "Selector specifying which fields to include in a partial response.", "location": "query" }, "key": { "type": "string", "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", "location": "query" }, "oauth_token": { "type": "string", "description": "OAuth 2.0 token for the current user.", "location": "query" }, "prettyPrint": { "type": "boolean", "description": "Returns response with indentations and line breaks.", "default": "true", "location": "query" }, "quotaUser": { "type": "string", "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. Overrides userIp if both are provided.", "location": "query" }, "userIp": { "type": "string", "description": "IP address of the site where the request originates. Use this if you want to enforce per-user limits.", "location": "query" } }, "auth": { "oauth2": { "scopes": { "https://www.googleapis.com/auth/cloud-platform": { "description": "View and manage your data across Google Cloud Platform services" }, "https://www.googleapis.com/auth/cloud-platform.read-only": { "description": "View your data across Google Cloud Platform services" }, "https://www.googleapis.com/auth/ndev.clouddns.readonly": { "description": "View your DNS records hosted by Google Cloud DNS" }, "https://www.googleapis.com/auth/ndev.clouddns.readwrite": { "description": "View and manage your DNS records hosted by Google Cloud DNS" } } } }, "schemas": { "Change": { "id": "Change", "type": "object", "description": "An atomic update to a collection of ResourceRecordSets.", "properties": { "additions": { "type": "array", "description": "Which ResourceRecordSets to add?", "items": { "$ref": "ResourceRecordSet" } }, "deletions": { "type": "array", "description": "Which ResourceRecordSets to remove? Must match existing data exactly.", "items": { "$ref": "ResourceRecordSet" } }, "id": { "type": "string", "description": "Unique identifier for the resource; defined by the server (output only)." }, "isServing": { "type": "boolean", "description": "If the DNS queries for the zone will be served." }, "kind": { "type": "string", "description": "Identifies what kind of resource this is. Value: the fixed string \"dns#change\".", "default": "dns#change" }, "startTime": { "type": "string", "description": "The time that this operation was started by the server (output only). This is in RFC3339 text format." }, "status": { "type": "string", "description": "Status of the operation (output only).", "enum": [ "done", "pending" ], "enumDescriptions": [ "", "" ] } } }, "ChangesListResponse": { "id": "ChangesListResponse", "type": "object", "description": "The response to a request to enumerate Changes to a ResourceRecordSets collection.", "properties": { "changes": { "type": "array", "description": "The requested changes.", "items": { "$ref": "Change" } }, "header": { "$ref": "ResponseHeader" }, "kind": { "type": "string", "description": "Type of resource.", "default": "dns#changesListResponse" }, "nextPageToken": { "type": "string", "description": "The presence of this field indicates that there exist more results following your last page of results in pagination order. To fetch them, make another list request using this value as your pagination token.\n\nIn this way you can retrieve the complete contents of even very large collections one page at a time. However, if the contents of the collection change between the first and last paginated list request, the set of all elements returned will be an inconsistent view of the collection. There is no way to retrieve a \"snapshot\" of collections larger than the maximum page size." } } }, "DnsKey": { "id": "DnsKey", "type": "object", "description": "A DNSSEC key pair.", "properties": { "algorithm": { "type": "string", "description": "String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time.", "enum": [ "ecdsap256sha256", "ecdsap384sha384", "rsasha1", "rsasha256", "rsasha512" ], "enumDescriptions": [ "", "", "", "", "" ] }, "creationTime": { "type": "string", "description": "The time that this resource was created in the control plane. This is in RFC3339 text format. Output only." }, "description": { "type": "string", "description": "A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the resource's function." }, "digests": { "type": "array", "description": "Cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Output only.", "items": { "$ref": "DnsKeyDigest" } }, "id": { "type": "string", "description": "Unique identifier for the resource; defined by the server (output only)." }, "isActive": { "type": "boolean", "description": "Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures." }, "keyLength": { "type": "integer", "description": "Length of the key in bits. Specified at creation time then immutable.", "format": "uint32" }, "keyTag": { "type": "integer", "description": "The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B. Output only.", "format": "int32" }, "kind": { "type": "string", "description": "Identifies what kind of resource this is. Value: the fixed string \"dns#dnsKey\".", "default": "dns#dnsKey" }, "publicKey": { "type": "string", "description": "Base64 encoded public half of this key. Output only." }, "type": { "type": "string", "description": "One of \"KEY_SIGNING\" or \"ZONE_SIGNING\". Keys of type KEY_SIGNING have the Secure Entry Point flag set and, when active, will be used to sign only resource record sets of type DNSKEY. Otherwise, the Secure Entry Point flag will be cleared and this key will be used to sign only resource record sets of other types. Immutable after creation time.", "enum": [ "keySigning", "zoneSigning" ], "enumDescriptions": [ "", "" ] } } }, "DnsKeyDigest": { "id": "DnsKeyDigest", "type": "object", "properties": { "digest": { "type": "string", "description": "The base-16 encoded bytes of this digest. Suitable for use in a DS resource record." }, "type": { "type": "string", "description": "Specifies the algorithm used to calculate this digest.", "enum": [ "sha1", "sha256", "sha384" ], "enumDescriptions": [ "", "", "" ] } } }, "DnsKeySpec": { "id": "DnsKeySpec", "type": "object", "description": "Parameters for DnsKey key generation. Used for generating initial keys for a new ManagedZone and as default when adding a new DnsKey.", "properties": { "algorithm": { "type": "string", "description": "String mnemonic specifying the DNSSEC algorithm of this key.", "enum": [ "ecdsap256sha256", "ecdsap384sha384", "rsasha1", "rsasha256", "rsasha512" ], "enumDescriptions": [ "", "", "", "", "" ] }, "keyLength": { "type": "integer", "description": "Length of the keys in bits.", "format": "uint32" }, "keyType": { "type": "string", "description": "One of \"KEY_SIGNING\" or \"ZONE_SIGNING\". Keys of type KEY_SIGNING have the Secure Entry Point flag set and, when active, will be used to sign only resource record sets of type DNSKEY. Otherwise, the Secure Entry Point flag will be cleared and this key will be used to sign only resource record sets of other types.", "enum": [ "keySigning", "zoneSigning" ], "enumDescriptions": [ "", "" ] }, "kind": { "type": "string", "description": "Identifies what kind of resource this is. Value: the fixed string \"dns#dnsKeySpec\".", "default": "dns#dnsKeySpec" } } }, "DnsKeysListResponse": { "id": "DnsKeysListResponse", "type": "object", "description": "The response to a request to enumerate DnsKeys in a ManagedZone.", "properties": { "dnsKeys": { "type": "array", "description": "The requested resources.", "items": { "$ref": "DnsKey" } }, "header": { "$ref": "ResponseHeader" }, "kind": { "type": "string", "description": "Type of resource.", "default": "dns#dnsKeysListResponse" }, "nextPageToken": { "type": "string", "description": "The presence of this field indicates that there exist more results following your last page of results in pagination order. To fetch them, make another list request using this value as your pagination token.\n\nIn this way you can retrieve the complete contents of even very large collections one page at a time. However, if the contents of the collection change between the first and last paginated list request, the set of all elements returned will be an inconsistent view of the collection. There is no way to retrieve a \"snapshot\" of collections larger than the maximum page size." } } }, "ManagedZone": { "id": "ManagedZone", "type": "object", "description": "A zone is a subtree of the DNS namespace under one administrative responsibility. A ManagedZone is a resource that represents a DNS zone hosted by the Cloud DNS service.", "properties": { "creationTime": { "type": "string", "description": "The time that this resource was created on the server. This is in RFC3339 text format. Output only." }, "description": { "type": "string", "description": "A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the managed zone's function." }, "dnsName": { "type": "string", "description": "The DNS name of this managed zone, for instance \"example.com.\"." }, "dnssecConfig": { "$ref": "ManagedZoneDnsSecConfig", "description": "DNSSEC configuration." }, "id": { "type": "string", "description": "Unique identifier for the resource; defined by the server (output only)", "format": "uint64" }, "kind": { "type": "string", "description": "Identifies what kind of resource this is. Value: the fixed string \"dns#managedZone\".", "default": "dns#managedZone" }, "labels": { "type": "object", "description": "User labels.", "additionalProperties": { "type": "string" } }, "name": { "type": "string", "description": "User assigned name for this resource. Must be unique within the project. The name must be 1-63 characters long, must begin with a letter, end with a letter or digit, and only contain lowercase letters, digits or dashes." }, "nameServerSet": { "type": "string", "description": "Optionally specifies the NameServerSet for this ManagedZone. A NameServerSet is a set of DNS name servers that all host the same ManagedZones. Most users will leave this field unset." }, "nameServers": { "type": "array", "description": "Delegate your managed_zone to these virtual name servers; defined by the server (output only)", "items": { "type": "string" } } } }, "ManagedZoneDnsSecConfig": { "id": "ManagedZoneDnsSecConfig", "type": "object", "properties": { "defaultKeySpecs": { "type": "array", "description": "Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. Output only while state is not OFF.", "items": { "$ref": "DnsKeySpec" } }, "kind": { "type": "string", "description": "Identifies what kind of resource this is. Value: the fixed string \"dns#managedZoneDnsSecConfig\".", "default": "dns#managedZoneDnsSecConfig" }, "nonExistence": { "type": "string", "description": "Specifies the mechanism used to provide authenticated denial-of-existence responses. Output only while state is not OFF.", "enum": [ "nsec", "nsec3" ], "enumDescriptions": [ "", "" ] }, "state": { "type": "string", "description": "Specifies whether DNSSEC is enabled, and what mode it is in.", "enum": [ "off", "on", "transfer" ], "enumDescriptions": [ "", "", "" ] } } }, "ManagedZoneOperationsListResponse": { "id": "ManagedZoneOperationsListResponse", "type": "object", "properties": { "header": { "$ref": "ResponseHeader" }, "kind": { "type": "string", "description": "Type of resource.", "default": "dns#managedZoneOperationsListResponse" }, "nextPageToken": { "type": "string", "description": "The presence of this field indicates that there exist more results following your last page of results in pagination order. To fetch them, make another list request using this value as your page token.\n\nIn this way you can retrieve the complete contents of even very large collections one page at a time. However, if the contents of the collection change between the first and last paginated list request, the set of all elements returned will be an inconsistent view of the collection. There is no way to retrieve a consistent snapshot of a collection larger than the maximum page size." }, "operations": { "type": "array", "description": "The operation resources.", "items": { "$ref": "Operation" } } } }, "ManagedZonesListResponse": { "id": "ManagedZonesListResponse", "type": "object", "properties": { "header": { "$ref": "ResponseHeader" }, "kind": { "type": "string", "description": "Type of resource.", "default": "dns#managedZonesListResponse" }, "managedZones": { "type": "array", "description": "The managed zone resources.", "items": { "$ref": "ManagedZone" } }, "nextPageToken": { "type": "string", "description": "The presence of this field indicates that there exist more results following your last page of results in pagination order. To fetch them, make another list request using this value as your page token.\n\nIn this way you can retrieve the complete contents of even very large collections one page at a time. However, if the contents of the collection change between the first and last paginated list request, the set of all elements returned will be an inconsistent view of the collection. There is no way to retrieve a consistent snapshot of a collection larger than the maximum page size." } } }, "Operation": { "id": "Operation", "type": "object", "description": "An operation represents a successful mutation performed on a Cloud DNS resource. Operations provide: - An audit log of server resource mutations. - A way to recover/retry API calls in the case where the response is never received by the caller. Use the caller specified client_operation_id.", "properties": { "dnsKeyContext": { "$ref": "OperationDnsKeyContext", "description": "Only populated if the operation targeted a DnsKey (output only)." }, "id": { "type": "string", "description": "Unique identifier for the resource. This is the client_operation_id if the client specified it when the mutation was initiated, otherwise, it is generated by the server. The name must be 1-63 characters long and match the regular expression [-a-z0-9]? (output only)" }, "kind": { "type": "string", "description": "Identifies what kind of resource this is. Value: the fixed string \"dns#operation\".", "default": "dns#operation" }, "startTime": { "type": "string", "description": "The time that this operation was started by the server. This is in RFC3339 text format (output only)." }, "status": { "type": "string", "description": "Status of the operation. Can be one of the following: \"PENDING\" or \"DONE\" (output only).", "enum": [ "done", "pending" ], "enumDescriptions": [ "", "" ] }, "type": { "type": "string", "description": "Type of the operation. Operations include insert, update, and delete (output only)." }, "user": { "type": "string", "description": "User who requested the operation, for example: user@example.com. cloud-dns-system for operations automatically done by the system. (output only)" }, "zoneContext": { "$ref": "OperationManagedZoneContext", "description": "Only populated if the operation targeted a ManagedZone (output only)." } } }, "OperationDnsKeyContext": { "id": "OperationDnsKeyContext", "type": "object", "properties": { "newValue": { "$ref": "DnsKey", "description": "The post-operation DnsKey resource." }, "oldValue": { "$ref": "DnsKey", "description": "The pre-operation DnsKey resource." } } }, "OperationManagedZoneContext": { "id": "OperationManagedZoneContext", "type": "object", "properties": { "newValue": { "$ref": "ManagedZone", "description": "The post-operation ManagedZone resource." }, "oldValue": { "$ref": "ManagedZone", "description": "The pre-operation ManagedZone resource." } } }, "Project": { "id": "Project", "type": "object", "description": "A project resource. The project is a top level container for resources including Cloud DNS ManagedZones. Projects can be created only in the APIs console.", "properties": { "id": { "type": "string", "description": "User assigned unique identifier for the resource (output only)." }, "kind": { "type": "string", "description": "Identifies what kind of resource this is. Value: the fixed string \"dns#project\".", "default": "dns#project" }, "number": { "type": "string", "description": "Unique numeric identifier for the resource; defined by the server (output only).", "format": "uint64" }, "quota": { "$ref": "Quota", "description": "Quotas assigned to this project (output only)." } } }, "Quota": { "id": "Quota", "type": "object", "description": "Limits associated with a Project.", "properties": { "dnsKeysPerManagedZone": { "type": "integer", "description": "Maximum allowed number of DnsKeys per ManagedZone.", "format": "int32" }, "kind": { "type": "string", "description": "Identifies what kind of resource this is. Value: the fixed string \"dns#quota\".", "default": "dns#quota" }, "managedZones": { "type": "integer", "description": "Maximum allowed number of managed zones in the project.", "format": "int32" }, "resourceRecordsPerRrset": { "type": "integer", "description": "Maximum allowed number of ResourceRecords per ResourceRecordSet.", "format": "int32" }, "rrsetAdditionsPerChange": { "type": "integer", "description": "Maximum allowed number of ResourceRecordSets to add per ChangesCreateRequest.", "format": "int32" }, "rrsetDeletionsPerChange": { "type": "integer", "description": "Maximum allowed number of ResourceRecordSets to delete per ChangesCreateRequest.", "format": "int32" }, "rrsetsPerManagedZone": { "type": "integer", "description": "Maximum allowed number of ResourceRecordSets per zone in the project.", "format": "int32" }, "totalRrdataSizePerChange": { "type": "integer", "description": "Maximum allowed size for total rrdata in one ChangesCreateRequest in bytes.", "format": "int32" }, "whitelistedKeySpecs": { "type": "array", "description": "DNSSEC algorithm and key length types that can be used for DnsKeys.", "items": { "$ref": "DnsKeySpec" } } } }, "ResourceRecordSet": { "id": "ResourceRecordSet", "type": "object", "description": "A unit of data that will be returned by the DNS servers.", "properties": { "kind": { "type": "string", "description": "Identifies what kind of resource this is. Value: the fixed string \"dns#resourceRecordSet\".", "default": "dns#resourceRecordSet" }, "name": { "type": "string", "description": "For example, www.example.com." }, "rrdatas": { "type": "array", "description": "As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1).", "items": { "type": "string" } }, "signatureRrdatas": { "type": "array", "description": "As defined in RFC 4034 (section 3.2).", "items": { "type": "string" } }, "ttl": { "type": "integer", "description": "Number of seconds that this ResourceRecordSet can be cached by resolvers.", "format": "int32" }, "type": { "type": "string", "description": "The identifier of a supported record type, for example, A, AAAA, MX, TXT, and so on." } } }, "ResourceRecordSetsListResponse": { "id": "ResourceRecordSetsListResponse", "type": "object", "properties": { "header": { "$ref": "ResponseHeader" }, "kind": { "type": "string", "description": "Type of resource.", "default": "dns#resourceRecordSetsListResponse" }, "nextPageToken": { "type": "string", "description": "The presence of this field indicates that there exist more results following your last page of results in pagination order. To fetch them, make another list request using this value as your pagination token.\n\nIn this way you can retrieve the complete contents of even very large collections one page at a time. However, if the contents of the collection change between the first and last paginated list request, the set of all elements returned will be an inconsistent view of the collection. There is no way to retrieve a consistent snapshot of a collection larger than the maximum page size." }, "rrsets": { "type": "array", "description": "The resource record set resources.", "items": { "$ref": "ResourceRecordSet" } } } }, "ResponseHeader": { "id": "ResponseHeader", "type": "object", "description": "Elements common to every response.", "properties": { "operationId": { "type": "string", "description": "For mutating operation requests that completed successfully. This is the client_operation_id if the client specified it, otherwise it is generated by the server (output only)." } } } }, "resources": { "changes": { "methods": { "create": { "id": "dns.changes.create", "path": "{project}/managedZones/{managedZone}/changes", "httpMethod": "POST", "description": "Atomically update the ResourceRecordSet collection.", "parameters": { "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project", "managedZone" ], "request": { "$ref": "Change" }, "response": { "$ref": "Change" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] }, "get": { "id": "dns.changes.get", "path": "{project}/managedZones/{managedZone}/changes/{changeId}", "httpMethod": "GET", "description": "Fetch the representation of an existing Change.", "parameters": { "changeId": { "type": "string", "description": "The identifier of the requested change, from a previous ResourceRecordSetsChangeResponse.", "required": true, "location": "path" }, "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project", "managedZone", "changeId" ], "response": { "$ref": "Change" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] }, "list": { "id": "dns.changes.list", "path": "{project}/managedZones/{managedZone}/changes", "httpMethod": "GET", "description": "Enumerate Changes to a ResourceRecordSet collection.", "parameters": { "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "maxResults": { "type": "integer", "description": "Optional. Maximum number of results to be returned. If unspecified, the server will decide how many results to return.", "format": "int32", "location": "query" }, "pageToken": { "type": "string", "description": "Optional. A tag returned by a previous list request that was truncated. Use this parameter to continue a previous list request.", "location": "query" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" }, "sortBy": { "type": "string", "description": "Sorting criterion. The only supported value is change sequence.", "default": "changeSequence", "enum": [ "changeSequence" ], "enumDescriptions": [ "" ], "location": "query" }, "sortOrder": { "type": "string", "description": "Sorting order direction: 'ascending' or 'descending'.", "location": "query" } }, "parameterOrder": [ "project", "managedZone" ], "response": { "$ref": "ChangesListResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] } } }, "dnsKeys": { "methods": { "get": { "id": "dns.dnsKeys.get", "path": "{project}/managedZones/{managedZone}/dnsKeys/{dnsKeyId}", "httpMethod": "GET", "description": "Fetch the representation of an existing DnsKey.", "parameters": { "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "digestType": { "type": "string", "description": "An optional comma-separated list of digest types to compute and display for key signing keys. If omitted, the recommended digest type will be computed and displayed.", "location": "query" }, "dnsKeyId": { "type": "string", "description": "The identifier of the requested DnsKey.", "required": true, "location": "path" }, "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project", "managedZone", "dnsKeyId" ], "response": { "$ref": "DnsKey" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] }, "list": { "id": "dns.dnsKeys.list", "path": "{project}/managedZones/{managedZone}/dnsKeys", "httpMethod": "GET", "description": "Enumerate DnsKeys to a ResourceRecordSet collection.", "parameters": { "digestType": { "type": "string", "description": "An optional comma-separated list of digest types to compute and display for key signing keys. If omitted, the recommended digest type will be computed and displayed.", "location": "query" }, "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "maxResults": { "type": "integer", "description": "Optional. Maximum number of results to be returned. If unspecified, the server will decide how many results to return.", "format": "int32", "location": "query" }, "pageToken": { "type": "string", "description": "Optional. A tag returned by a previous list request that was truncated. Use this parameter to continue a previous list request.", "location": "query" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project", "managedZone" ], "response": { "$ref": "DnsKeysListResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] } } }, "managedZoneOperations": { "methods": { "get": { "id": "dns.managedZoneOperations.get", "path": "{project}/managedZones/{managedZone}/operations/{operation}", "httpMethod": "GET", "description": "Fetch the representation of an existing Operation.", "parameters": { "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request.", "required": true, "location": "path" }, "operation": { "type": "string", "description": "Identifies the operation addressed by this request.", "required": true, "location": "path" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project", "managedZone", "operation" ], "response": { "$ref": "Operation" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] }, "list": { "id": "dns.managedZoneOperations.list", "path": "{project}/managedZones/{managedZone}/operations", "httpMethod": "GET", "description": "Enumerate Operations for the given ManagedZone.", "parameters": { "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request.", "required": true, "location": "path" }, "maxResults": { "type": "integer", "description": "Optional. Maximum number of results to be returned. If unspecified, the server will decide how many results to return.", "format": "int32", "location": "query" }, "pageToken": { "type": "string", "description": "Optional. A tag returned by a previous list request that was truncated. Use this parameter to continue a previous list request.", "location": "query" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" }, "sortBy": { "type": "string", "description": "Sorting criterion. The only supported values are START_TIME and ID.", "default": "startTime", "enum": [ "id", "startTime" ], "enumDescriptions": [ "", "" ], "location": "query" } }, "parameterOrder": [ "project", "managedZone" ], "response": { "$ref": "ManagedZoneOperationsListResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] } } }, "managedZones": { "methods": { "create": { "id": "dns.managedZones.create", "path": "{project}/managedZones", "httpMethod": "POST", "description": "Create a new ManagedZone.", "parameters": { "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project" ], "request": { "$ref": "ManagedZone" }, "response": { "$ref": "ManagedZone" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] }, "delete": { "id": "dns.managedZones.delete", "path": "{project}/managedZones/{managedZone}", "httpMethod": "DELETE", "description": "Delete a previously created ManagedZone.", "parameters": { "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project", "managedZone" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] }, "get": { "id": "dns.managedZones.get", "path": "{project}/managedZones/{managedZone}", "httpMethod": "GET", "description": "Fetch the representation of an existing ManagedZone.", "parameters": { "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project", "managedZone" ], "response": { "$ref": "ManagedZone" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] }, "list": { "id": "dns.managedZones.list", "path": "{project}/managedZones", "httpMethod": "GET", "description": "Enumerate ManagedZones that have been created but not yet deleted.", "parameters": { "dnsName": { "type": "string", "description": "Restricts the list to return only zones with this domain name.", "location": "query" }, "maxResults": { "type": "integer", "description": "Optional. Maximum number of results to be returned. If unspecified, the server will decide how many results to return.", "format": "int32", "location": "query" }, "pageToken": { "type": "string", "description": "Optional. A tag returned by a previous list request that was truncated. Use this parameter to continue a previous list request.", "location": "query" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project" ], "response": { "$ref": "ManagedZonesListResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] }, "patch": { "id": "dns.managedZones.patch", "path": "{project}/managedZones/{managedZone}", "httpMethod": "PATCH", "description": "Update an existing ManagedZone. This method supports patch semantics.", "parameters": { "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project", "managedZone" ], "request": { "$ref": "ManagedZone" }, "response": { "$ref": "Operation" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] }, "update": { "id": "dns.managedZones.update", "path": "{project}/managedZones/{managedZone}", "httpMethod": "PUT", "description": "Update an existing ManagedZone.", "parameters": { "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project", "managedZone" ], "request": { "$ref": "ManagedZone" }, "response": { "$ref": "Operation" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] } } }, "projects": { "methods": { "get": { "id": "dns.projects.get", "path": "{project}", "httpMethod": "GET", "description": "Fetch the representation of an existing Project.", "parameters": { "clientOperationId": { "type": "string", "description": "For mutating operation requests only. An optional identifier specified by the client. Must be unique for operation resources in the Operations collection.", "location": "query" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" } }, "parameterOrder": [ "project" ], "response": { "$ref": "Project" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] } } }, "resourceRecordSets": { "methods": { "list": { "id": "dns.resourceRecordSets.list", "path": "{project}/managedZones/{managedZone}/rrsets", "httpMethod": "GET", "description": "Enumerate ResourceRecordSets that have been created but not yet deleted.", "parameters": { "managedZone": { "type": "string", "description": "Identifies the managed zone addressed by this request. Can be the managed zone name or id.", "required": true, "location": "path" }, "maxResults": { "type": "integer", "description": "Optional. Maximum number of results to be returned. If unspecified, the server will decide how many results to return.", "format": "int32", "location": "query" }, "name": { "type": "string", "description": "Restricts the list to return only records with this fully qualified domain name.", "location": "query" }, "pageToken": { "type": "string", "description": "Optional. A tag returned by a previous list request that was truncated. Use this parameter to continue a previous list request.", "location": "query" }, "project": { "type": "string", "description": "Identifies the project addressed by this request.", "required": true, "location": "path" }, "type": { "type": "string", "description": "Restricts the list to return only records of this type. If present, the \"name\" parameter must also be present.", "location": "query" } }, "parameterOrder": [ "project", "managedZone" ], "response": { "$ref": "ResourceRecordSetsListResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/ndev.clouddns.readonly", "https://www.googleapis.com/auth/ndev.clouddns.readwrite" ] } } } } } certbot-dns-google-0.23.0/certbot_dns_google/dns_google_test.py0000644000076600000240000003714613261244762024620 0ustar bmwstaff00000000000000"""Tests for certbot_dns_google.dns_google.""" import os import unittest import mock from googleapiclient import discovery from googleapiclient.errors import Error from googleapiclient.http import HttpMock from httplib2 import ServerNotFoundError from certbot import errors from certbot.errors import PluginError from certbot.plugins import dns_test_common from certbot.plugins.dns_test_common import DOMAIN from certbot.tests import util as test_util ACCOUNT_JSON_PATH = '/not/a/real/path.json' API_ERROR = Error() PROJECT_ID = "test-test-1" class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthenticatorTest): def setUp(self): super(AuthenticatorTest, self).setUp() from certbot_dns_google.dns_google import Authenticator path = os.path.join(self.tempdir, 'file.json') open(path, "wb").close() super(AuthenticatorTest, self).setUp() self.config = mock.MagicMock(google_credentials=path, google_propagation_seconds=0) # don't wait during tests self.auth = Authenticator(self.config, "google") self.mock_client = mock.MagicMock() # _get_google_client | pylint: disable=protected-access self.auth._get_google_client = mock.MagicMock(return_value=self.mock_client) def test_perform(self): self.auth.perform([self.achall]) expected = [mock.call.add_txt_record(DOMAIN, '_acme-challenge.'+DOMAIN, mock.ANY, mock.ANY)] self.assertEqual(expected, self.mock_client.mock_calls) def test_cleanup(self): # _attempt_cleanup | pylint: disable=protected-access self.auth._attempt_cleanup = True self.auth.cleanup([self.achall]) expected = [mock.call.del_txt_record(DOMAIN, '_acme-challenge.'+DOMAIN, mock.ANY, mock.ANY)] self.assertEqual(expected, self.mock_client.mock_calls) @mock.patch('httplib2.Http.request', side_effect=ServerNotFoundError) def test_without_auth(self, unused_mock): self.config.google_credentials = None self.assertRaises(PluginError, self.auth.perform, [self.achall]) class GoogleClientTest(unittest.TestCase): record_name = "foo" record_content = "bar" record_ttl = 42 zone = "ZONE_ID" change = "an-id" def _setUp_client_with_mock(self, zone_request_side_effect): from certbot_dns_google.dns_google import _GoogleClient pwd = os.path.dirname(__file__) rel_path = 'testdata/discovery.json' discovery_file = os.path.join(pwd, rel_path) http_mock = HttpMock(discovery_file, {'status': '200'}) dns_api = discovery.build('dns', 'v1', http=http_mock) client = _GoogleClient(ACCOUNT_JSON_PATH, dns_api) # Setup mock_mz = mock.MagicMock() mock_mz.list.return_value.execute.side_effect = zone_request_side_effect mock_rrs = mock.MagicMock() rrsets = {"rrsets": [{"name": "_acme-challenge.example.org.", "type": "TXT", "rrdatas": ["\"example-txt-contents\""]}]} mock_rrs.list.return_value.execute.return_value = rrsets mock_changes = mock.MagicMock() client.dns.managedZones = mock.MagicMock(return_value=mock_mz) client.dns.changes = mock.MagicMock(return_value=mock_changes) client.dns.resourceRecordSets = mock.MagicMock(return_value=mock_rrs) return client, mock_changes @mock.patch('googleapiclient.discovery.build') @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google._GoogleClient.get_project_id') def test_client_without_credentials(self, get_project_id_mock, credential_mock, unused_discovery_mock): from certbot_dns_google.dns_google import _GoogleClient _GoogleClient(None) self.assertFalse(credential_mock.called) self.assertTrue(get_project_id_mock.called) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) @mock.patch('certbot_dns_google.dns_google._GoogleClient.get_project_id') def test_add_txt_record(self, get_project_id_mock, credential_mock): client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}]) credential_mock.assert_called_once_with('/not/a/real/path.json', mock.ANY) self.assertFalse(get_project_id_mock.called) client.add_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl) expected_body = { "kind": "dns#change", "additions": [ { "kind": "dns#resourceRecordSet", "type": "TXT", "name": self.record_name + ".", "rrdatas": [self.record_content, ], "ttl": self.record_ttl, }, ], } changes.create.assert_called_with(body=expected_body, managedZone=self.zone, project=PROJECT_ID) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_add_txt_record_and_poll(self, unused_credential_mock): client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}]) changes.create.return_value.execute.return_value = {'status': 'pending', 'id': self.change} changes.get.return_value.execute.return_value = {'status': 'done'} client.add_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl) changes.create.assert_called_with(body=mock.ANY, managedZone=self.zone, project=PROJECT_ID) changes.get.assert_called_with(changeId=self.change, managedZone=self.zone, project=PROJECT_ID) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_add_txt_record_delete_old(self, unused_credential_mock): client, changes = self._setUp_client_with_mock( [{'managedZones': [{'id': self.zone}]}]) mock_get_rrs = "certbot_dns_google.dns_google._GoogleClient.get_existing_txt_rrset" with mock.patch(mock_get_rrs) as mock_rrs: mock_rrs.return_value = ["sample-txt-contents"] client.add_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl) self.assertTrue(changes.create.called) self.assertTrue("sample-txt-contents" in changes.create.call_args_list[0][1]["body"]["deletions"][0]["rrdatas"]) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_add_txt_record_noop(self, unused_credential_mock): client, changes = self._setUp_client_with_mock( [{'managedZones': [{'id': self.zone}]}]) client.add_txt_record(DOMAIN, "_acme-challenge.example.org", "example-txt-contents", self.record_ttl) self.assertFalse(changes.create.called) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_add_txt_record_error_during_zone_lookup(self, unused_credential_mock): client, unused_changes = self._setUp_client_with_mock(API_ERROR) self.assertRaises(errors.PluginError, client.add_txt_record, DOMAIN, self.record_name, self.record_content, self.record_ttl) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_add_txt_record_zone_not_found(self, unused_credential_mock): client, unused_changes = self._setUp_client_with_mock([{'managedZones': []}, {'managedZones': []}]) self.assertRaises(errors.PluginError, client.add_txt_record, DOMAIN, self.record_name, self.record_content, self.record_ttl) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_add_txt_record_error_during_add(self, unused_credential_mock): client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}]) changes.create.side_effect = API_ERROR self.assertRaises(errors.PluginError, client.add_txt_record, DOMAIN, self.record_name, self.record_content, self.record_ttl) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_del_txt_record(self, unused_credential_mock): client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}]) mock_get_rrs = "certbot_dns_google.dns_google._GoogleClient.get_existing_txt_rrset" with mock.patch(mock_get_rrs) as mock_rrs: mock_rrs.return_value = ["\"sample-txt-contents\"", "\"example-txt-contents\""] client.del_txt_record(DOMAIN, "_acme-challenge.example.org", "example-txt-contents", self.record_ttl) expected_body = { "kind": "dns#change", "deletions": [ { "kind": "dns#resourceRecordSet", "type": "TXT", "name": "_acme-challenge.example.org.", "rrdatas": ["\"sample-txt-contents\"", "\"example-txt-contents\""], "ttl": self.record_ttl, }, ], "additions": [ { "kind": "dns#resourceRecordSet", "type": "TXT", "name": "_acme-challenge.example.org.", "rrdatas": ["\"sample-txt-contents\"", ], "ttl": self.record_ttl, }, ], } changes.create.assert_called_with(body=expected_body, managedZone=self.zone, project=PROJECT_ID) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_del_txt_record_error_during_zone_lookup(self, unused_credential_mock): client, unused_changes = self._setUp_client_with_mock(API_ERROR) client.del_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_del_txt_record_zone_not_found(self, unused_credential_mock): client, unused_changes = self._setUp_client_with_mock([{'managedZones': []}, {'managedZones': []}]) client.del_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_del_txt_record_error_during_delete(self, unused_credential_mock): client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}]) changes.create.side_effect = API_ERROR client.del_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_get_existing(self, unused_credential_mock): client, unused_changes = self._setUp_client_with_mock( [{'managedZones': [{'id': self.zone}]}]) # Record name mocked in setUp found = client.get_existing_txt_rrset(self.zone, "_acme-challenge.example.org") self.assertEquals(found, ["\"example-txt-contents\""]) not_found = client.get_existing_txt_rrset(self.zone, "nonexistent.tld") self.assertEquals(not_found, None) @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name') @mock.patch('certbot_dns_google.dns_google.open', mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True) def test_get_existing_fallback(self, unused_credential_mock): client, unused_changes = self._setUp_client_with_mock( [{'managedZones': [{'id': self.zone}]}]) # pylint: disable=no-member mock_execute = client.dns.resourceRecordSets.return_value.list.return_value.execute mock_execute.side_effect = API_ERROR rrset = client.get_existing_txt_rrset(self.zone, "_acme-challenge.example.org") self.assertFalse(rrset) def test_get_project_id(self): from certbot_dns_google.dns_google import _GoogleClient response = DummyResponse() response.status = 200 with mock.patch('httplib2.Http.request', return_value=(response, 'test-test-1')): project_id = _GoogleClient.get_project_id() self.assertEqual(project_id, 'test-test-1') with mock.patch('httplib2.Http.request', return_value=(response, b'test-test-1')): project_id = _GoogleClient.get_project_id() self.assertEqual(project_id, 'test-test-1') failed_response = DummyResponse() failed_response.status = 404 with mock.patch('httplib2.Http.request', return_value=(failed_response, "some detailed http error response")): self.assertRaises(ValueError, _GoogleClient.get_project_id) with mock.patch('httplib2.Http.request', side_effect=ServerNotFoundError): self.assertRaises(ServerNotFoundError, _GoogleClient.get_project_id) class DummyResponse(object): """ Dummy object to create a fake HTTPResponse (the actual one requires a socket and we only need the status attribute) """ def __init__(self): self.status = 200 if __name__ == "__main__": unittest.main() # pragma: no cover certbot-dns-google-0.23.0/certbot_dns_google/dns_google.py0000644000076600000240000003036713261244762023557 0ustar bmwstaff00000000000000"""DNS Authenticator for Google Cloud DNS.""" import json import logging import httplib2 import zope.interface from googleapiclient import discovery from googleapiclient import errors as googleapiclient_errors from oauth2client.service_account import ServiceAccountCredentials from certbot import errors from certbot import interfaces from certbot.plugins import dns_common logger = logging.getLogger(__name__) ACCT_URL = 'https://developers.google.com/identity/protocols/OAuth2ServiceAccount#creatinganaccount' PERMISSIONS_URL = 'https://cloud.google.com/dns/access-control#permissions_and_roles' METADATA_URL = 'http://metadata.google.internal/computeMetadata/v1/' METADATA_HEADERS = {'Metadata-Flavor': 'Google'} @zope.interface.implementer(interfaces.IAuthenticator) @zope.interface.provider(interfaces.IPluginFactory) class Authenticator(dns_common.DNSAuthenticator): """DNS Authenticator for Google Cloud DNS This Authenticator uses the Google Cloud DNS API to fulfill a dns-01 challenge. """ description = ('Obtain certificates using a DNS TXT record (if you are using Google Cloud DNS ' 'for DNS).') ttl = 60 def __init__(self, *args, **kwargs): super(Authenticator, self).__init__(*args, **kwargs) self.credentials = None @classmethod def add_parser_arguments(cls, add): # pylint: disable=arguments-differ super(Authenticator, cls).add_parser_arguments(add, default_propagation_seconds=60) add('credentials', help=('Path to Google Cloud DNS service account JSON file. (See {0} for' + 'information about creating a service account and {1} for information about the' + 'required permissions.)').format(ACCT_URL, PERMISSIONS_URL), default=None) def more_info(self): # pylint: disable=missing-docstring,no-self-use return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \ 'the Google Cloud DNS API.' def _setup_credentials(self): if self.conf('credentials') is None: try: # use project_id query to check for availability of google metadata server # we won't use the result but know we're not on GCP when an exception is thrown _GoogleClient.get_project_id() except (ValueError, httplib2.ServerNotFoundError): raise errors.PluginError('Unable to get Google Cloud Metadata and no credentials' ' specified. Automatic credential lookup is only ' 'available on Google Cloud Platform. Please configure' ' credentials using --dns-google-credentials ') else: self._configure_file('credentials', 'path to Google Cloud DNS service account JSON file') dns_common.validate_file_permissions(self.conf('credentials')) def _perform(self, domain, validation_name, validation): self._get_google_client().add_txt_record(domain, validation_name, validation, self.ttl) def _cleanup(self, domain, validation_name, validation): self._get_google_client().del_txt_record(domain, validation_name, validation, self.ttl) def _get_google_client(self): return _GoogleClient(self.conf('credentials')) class _GoogleClient(object): """ Encapsulates all communication with the Google Cloud DNS API. """ def __init__(self, account_json=None, dns_api=None): scopes = ['https://www.googleapis.com/auth/ndev.clouddns.readwrite'] if account_json is not None: credentials = ServiceAccountCredentials.from_json_keyfile_name(account_json, scopes) with open(account_json) as account: self.project_id = json.load(account)['project_id'] else: credentials = None self.project_id = self.get_project_id() if not dns_api: self.dns = discovery.build('dns', 'v1', credentials=credentials, cache_discovery=False) else: self.dns = dns_api def add_txt_record(self, domain, record_name, record_content, record_ttl): """ Add a TXT record using the supplied information. :param str domain: The domain to use to look up the managed zone. :param str record_name: The record name (typically beginning with '_acme-challenge.'). :param str record_content: The record content (typically the challenge validation). :param int record_ttl: The record TTL (number of seconds that the record may be cached). :raises certbot.errors.PluginError: if an error occurs communicating with the Google API """ zone_id = self._find_managed_zone_id(domain) record_contents = self.get_existing_txt_rrset(zone_id, record_name) if record_contents is None: record_contents = [] add_records = record_contents[:] if "\""+record_content+"\"" in record_contents: # The process was interrupted previously and validation token exists return add_records.append(record_content) data = { "kind": "dns#change", "additions": [ { "kind": "dns#resourceRecordSet", "type": "TXT", "name": record_name + ".", "rrdatas": add_records, "ttl": record_ttl, }, ], } if record_contents: # We need to remove old records in the same request data["deletions"] = [ { "kind": "dns#resourceRecordSet", "type": "TXT", "name": record_name + ".", "rrdatas": record_contents, "ttl": record_ttl, }, ] changes = self.dns.changes() # changes | pylint: disable=no-member try: request = changes.create(project=self.project_id, managedZone=zone_id, body=data) response = request.execute() status = response['status'] change = response['id'] while status == 'pending': request = changes.get(project=self.project_id, managedZone=zone_id, changeId=change) response = request.execute() status = response['status'] except googleapiclient_errors.Error as e: logger.error('Encountered error adding TXT record: %s', e) raise errors.PluginError('Error communicating with the Google Cloud DNS API: {0}' .format(e)) def del_txt_record(self, domain, record_name, record_content, record_ttl): """ Delete a TXT record using the supplied information. :param str domain: The domain to use to look up the managed zone. :param str record_name: The record name (typically beginning with '_acme-challenge.'). :param str record_content: The record content (typically the challenge validation). :param int record_ttl: The record TTL (number of seconds that the record may be cached). :raises certbot.errors.PluginError: if an error occurs communicating with the Google API """ try: zone_id = self._find_managed_zone_id(domain) except errors.PluginError as e: logger.warn('Error finding zone. Skipping cleanup.') return record_contents = self.get_existing_txt_rrset(zone_id, record_name) if record_contents is None: record_contents = ["\"" + record_content + "\""] data = { "kind": "dns#change", "deletions": [ { "kind": "dns#resourceRecordSet", "type": "TXT", "name": record_name + ".", "rrdatas": record_contents, "ttl": record_ttl, }, ], } # Remove the record being deleted from the list readd_contents = [r for r in record_contents if r != "\"" + record_content + "\""] if readd_contents: # We need to remove old records in the same request data["additions"] = [ { "kind": "dns#resourceRecordSet", "type": "TXT", "name": record_name + ".", "rrdatas": readd_contents, "ttl": record_ttl, }, ] changes = self.dns.changes() # changes | pylint: disable=no-member try: request = changes.create(project=self.project_id, managedZone=zone_id, body=data) request.execute() except googleapiclient_errors.Error as e: logger.warn('Encountered error deleting TXT record: %s', e) def get_existing_txt_rrset(self, zone_id, record_name): """ Get existing TXT records from the RRset for the record name. If an error occurs while requesting the record set, it is suppressed and None is returned. :param str zone_id: The ID of the managed zone. :param str record_name: The record name (typically beginning with '_acme-challenge.'). :returns: List of TXT record values or None :rtype: `list` of `string` or `None` """ rrs_request = self.dns.resourceRecordSets() # pylint: disable=no-member request = rrs_request.list(managedZone=zone_id, project=self.project_id) # Add dot as the API returns absolute domains record_name += "." try: response = request.execute() except googleapiclient_errors.Error: logger.info("Unable to list existing records. If you're " "requesting a wildcard certificate, this might not work.") logger.debug("Error was:", exc_info=True) else: if response: for rr in response["rrsets"]: if rr["name"] == record_name and rr["type"] == "TXT": return rr["rrdatas"] return None def _find_managed_zone_id(self, domain): """ Find the managed zone for a given domain. :param str domain: The domain for which to find the managed zone. :returns: The ID of the managed zone, if found. :rtype: str :raises certbot.errors.PluginError: if the managed zone cannot be found. """ zone_dns_name_guesses = dns_common.base_domain_name_guesses(domain) mz = self.dns.managedZones() # managedZones | pylint: disable=no-member for zone_name in zone_dns_name_guesses: try: request = mz.list(project=self.project_id, dnsName=zone_name + '.') response = request.execute() zones = response['managedZones'] except googleapiclient_errors.Error as e: raise errors.PluginError('Encountered error finding managed zone: {0}' .format(e)) if len(zones) > 0: zone_id = zones[0]['id'] logger.debug('Found id of %s for %s using name %s', zone_id, domain, zone_name) return zone_id raise errors.PluginError('Unable to determine managed zone for {0} using zone names: {1}.' .format(domain, zone_dns_name_guesses)) @staticmethod def get_project_id(): """ Query the google metadata service for the current project ID This only works on Google Cloud Platform :raises ServerNotFoundError: Not running on Google Compute or DNS not available :raises ValueError: Server is found, but response code is not 200 :returns: project id """ url = '{0}project/project-id'.format(METADATA_URL) # Request an access token from the metadata server. http = httplib2.Http() r, content = http.request(url, headers=METADATA_HEADERS) if r.status != 200: raise ValueError("Invalid status code: {0}".format(r)) if isinstance(content, bytes): return content.decode() else: return content certbot-dns-google-0.23.0/certbot_dns_google/__init__.py0000644000076600000240000000776413261244762023203 0ustar bmwstaff00000000000000""" The `~certbot_dns_google.dns_google` plugin automates the process of completing a ``dns-01`` challenge (`~acme.challenges.DNS01`) by creating, and subsequently removing, TXT records using the Google Cloud DNS API. Named Arguments --------------- ======================================== ===================================== ``--dns-google-credentials`` Google Cloud Platform credentials_ JSON file. (Required - Optional on Google Compute Engine) ``--dns-google-propagation-seconds`` The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (Default: 60) ======================================== ===================================== Credentials ----------- Use of this plugin requires Google Cloud Platform API credentials for an account with the following permissions: * ``dns.changes.create`` * ``dns.changes.get`` * ``dns.managedZones.list`` * ``dns.resourceRecordSets.create`` * ``dns.resourceRecordSets.delete`` * ``dns.resourceRecordSets.list`` * ``dns.resourceRecordSets.update`` Google provides instructions for `creating a service account `_ and `information about the required permissions `_. If you're running on Google Compute Engine, you can `assign the service account to the instance `_ which is running certbot. A credentials file is not required in this case, as they are automatically obtained by certbot through the `metadata service `_ . .. code-block:: json :name: credentials.json :caption: Example credentials file: { "type": "service_account", ... } The path to this file can be provided interactively or using the ``--dns-google-credentials`` command-line argument. Certbot records the path to this file for use during renewal, but does not store the file's contents. .. caution:: You should protect these API credentials as you would a password. Users who can read this file can use these credentials to issue some types of API calls on your behalf, limited by the permissions assigned to the account. Users who can cause Certbot to run using these credentials can complete a ``dns-01`` challenge to acquire new certificates or revoke existing certificates for domains these credentials are authorized to manage. Certbot will emit a warning if it detects that the credentials file can be accessed by other users on your system. The warning reads "Unsafe permissions on credentials configuration file", followed by the path to the credentials file. This warning will be emitted each time Certbot uses the credentials file, including for renewal, and cannot be silenced except by addressing the issue (e.g., by using a command like ``chmod 600`` to restrict access to the file). Examples -------- .. code-block:: bash :caption: To acquire a certificate for ``example.com`` certbot certonly \\ --dns-google \\ --dns-google-credentials ~/.secrets/certbot/google.json \\ -d example.com .. code-block:: bash :caption: To acquire a single certificate for both ``example.com`` and ``www.example.com`` certbot certonly \\ --dns-google \\ --dns-google-credentials ~/.secrets/certbot/google.json \\ -d example.com \\ -d www.example.com .. code-block:: bash :caption: To acquire a certificate for ``example.com``, waiting 120 seconds for DNS propagation certbot certonly \\ --dns-google \\ --dns-google-credentials ~/.secrets/certbot/google.ini \\ --dns-google-propagation-seconds 120 \\ -d example.com """ certbot-dns-google-0.23.0/MANIFEST.in0000644000076600000240000000016013261244762016745 0ustar bmwstaff00000000000000include LICENSE.txt include README.rst recursive-include docs * recursive-include certbot_dns_google/testdata * certbot-dns-google-0.23.0/docs/0000755000076600000240000000000013261245103016130 5ustar bmwstaff00000000000000certbot-dns-google-0.23.0/docs/index.rst0000644000076600000240000000105513261244762020004 0ustar bmwstaff00000000000000.. certbot-dns-google documentation master file, created by sphinx-quickstart on Wed May 10 15:47:49 2017. You can adapt this file completely to your liking, but it should at least contain the root `toctree` directive. Welcome to certbot-dns-google's documentation! ============================================== .. toctree:: :maxdepth: 2 :caption: Contents: .. automodule:: certbot_dns_google :members: .. toctree:: :maxdepth: 1 api Indices and tables ================== * :ref:`genindex` * :ref:`modindex` * :ref:`search` certbot-dns-google-0.23.0/docs/Makefile0000644000076600000240000000114713261244762017605 0ustar bmwstaff00000000000000# Minimal makefile for Sphinx documentation # # You can set these variables from the command line. SPHINXOPTS = SPHINXBUILD = sphinx-build SPHINXPROJ = certbot-dns-google SOURCEDIR = . BUILDDIR = _build # Put it first so that "make" without argument is like "make help". help: @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) .PHONY: help Makefile # Catch-all target: route all unknown targets to Sphinx using the new # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). %: Makefile @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)certbot-dns-google-0.23.0/docs/conf.py0000644000076600000240000001330113261244762017437 0ustar bmwstaff00000000000000# -*- coding: utf-8 -*- # # certbot-dns-google documentation build configuration file, created by # sphinx-quickstart on Wed May 10 15:47:49 2017. # # This file is execfile()d with the current directory set to its # containing dir. # # Note that not all possible configuration values are present in this # autogenerated file. # # All configuration values have a default; values that are commented out # serve to show the default. # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the # documentation root, use os.path.abspath to make it absolute, like shown here. # import os import sys sys.path.insert(0, os.path.abspath('_ext')) # -- General configuration ------------------------------------------------ # If your documentation needs a minimal Sphinx version, state it here. # needs_sphinx = '1.0' # Add any Sphinx extension module names here, as strings. They can be # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom # ones. extensions = ['sphinx.ext.autodoc', 'sphinx.ext.intersphinx', 'sphinx.ext.todo', 'sphinx.ext.coverage', 'sphinx.ext.viewcode', 'jsonlexer'] autodoc_member_order = 'bysource' autodoc_default_flags = ['show-inheritance', 'private-members'] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] # The suffix(es) of source filenames. # You can specify multiple suffix as a list of string: # # source_suffix = ['.rst', '.md'] source_suffix = '.rst' # The master toctree document. master_doc = 'index' # General information about the project. project = u'certbot-dns-google' copyright = u'2017, Certbot Project' author = u'Certbot Project' # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the # built documents. # # The short X.Y version. version = u'0' # The full version, including alpha/beta/rc tags. release = u'0' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. # # This is also used if you do content translation via gettext catalogs. # Usually you set "language" from the command line for these cases. language = 'en' # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. # This patterns also effect to html_static_path and html_extra_path exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] default_role = 'py:obj' # The name of the Pygments (syntax highlighting) style to use. pygments_style = 'sphinx' # If true, `todo` and `todoList` produce output, else they produce nothing. todo_include_todos = True # -- Options for HTML output ---------------------------------------------- # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. # # http://docs.readthedocs.org/en/latest/theme.html#how-do-i-use-this-locally-and-on-read-the-docs # on_rtd is whether we are on readthedocs.org on_rtd = os.environ.get('READTHEDOCS', None) == 'True' if not on_rtd: # only import and set the theme if we're building docs locally import sphinx_rtd_theme html_theme = 'sphinx_rtd_theme' html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] # otherwise, readthedocs.org uses their theme by default, so no need to specify it # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the # documentation. # # html_theme_options = {} # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". html_static_path = ['_static'] # -- Options for HTMLHelp output ------------------------------------------ # Output file base name for HTML help builder. htmlhelp_basename = 'certbot-dns-googledoc' # -- Options for LaTeX output --------------------------------------------- latex_elements = { # The paper size ('letterpaper' or 'a4paper'). # # 'papersize': 'letterpaper', # The font size ('10pt', '11pt' or '12pt'). # # 'pointsize': '10pt', # Additional stuff for the LaTeX preamble. # # 'preamble': '', # Latex figure (float) alignment # # 'figure_align': 'htbp', } # Grouping the document tree into LaTeX files. List of tuples # (source start file, target name, title, # author, documentclass [howto, manual, or own class]). latex_documents = [ (master_doc, 'certbot-dns-google.tex', u'certbot-dns-google Documentation', u'Certbot Project', 'manual'), ] # -- Options for manual page output --------------------------------------- # One entry per manual page. List of tuples # (source start file, name, description, authors, manual section). man_pages = [ (master_doc, 'certbot-dns-google', u'certbot-dns-google Documentation', [author], 1) ] # -- Options for Texinfo output ------------------------------------------- # Grouping the document tree into Texinfo files. List of tuples # (source start file, target name, title, author, # dir menu entry, description, category) texinfo_documents = [ (master_doc, 'certbot-dns-google', u'certbot-dns-google Documentation', author, 'certbot-dns-google', 'One line description of project.', 'Miscellaneous'), ] # Example configuration for intersphinx: refer to the Python standard library. intersphinx_mapping = { 'python': ('https://docs.python.org/', None), 'acme': ('https://acme-python.readthedocs.org/en/latest/', None), 'certbot': ('https://certbot.eff.org/docs/', None), } certbot-dns-google-0.23.0/docs/_ext/0000755000076600000240000000000013261245103017067 5ustar bmwstaff00000000000000certbot-dns-google-0.23.0/docs/_ext/jsonlexer.py0000644000076600000240000000112313261244762021461 0ustar bmwstaff00000000000000"""Copied from https://stackoverflow.com/a/16863232""" def setup(app): # enable Pygments json lexer try: import pygments if pygments.__version__ >= '1.5': # use JSON lexer included in recent versions of Pygments from pygments.lexers import JsonLexer else: # use JSON lexer from pygments-json if installed from pygson.json_lexer import JSONLexer as JsonLexer except ImportError: pass # not fatal if we have old (or no) Pygments and no pygments-json else: app.add_lexer('json', JsonLexer()) certbot-dns-google-0.23.0/docs/make.bat0000644000076600000240000000146613261244762017556 0ustar bmwstaff00000000000000@ECHO OFF pushd %~dp0 REM Command file for Sphinx documentation if "%SPHINXBUILD%" == "" ( set SPHINXBUILD=sphinx-build ) set SOURCEDIR=. set BUILDDIR=_build set SPHINXPROJ=certbot-dns-google if "%1" == "" goto help %SPHINXBUILD% >NUL 2>NUL if errorlevel 9009 ( echo. echo.The 'sphinx-build' command was not found. Make sure you have Sphinx echo.installed, then set the SPHINXBUILD environment variable to point echo.to the full path of the 'sphinx-build' executable. Alternatively you echo.may add the Sphinx directory to PATH. echo. echo.If you don't have Sphinx installed, grab it from echo.http://sphinx-doc.org/ exit /b 1 ) %SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% goto end :help %SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% :end popd certbot-dns-google-0.23.0/docs/.gitignore0000644000076600000240000000001113261244762020122 0ustar bmwstaff00000000000000/_build/ certbot-dns-google-0.23.0/docs/api/0000755000076600000240000000000013261245103016701 5ustar bmwstaff00000000000000certbot-dns-google-0.23.0/docs/api/dns_google.rst0000644000076600000240000000020613261244762021563 0ustar bmwstaff00000000000000:mod:`certbot_dns_google.dns_google` ------------------------------------ .. automodule:: certbot_dns_google.dns_google :members: certbot-dns-google-0.23.0/docs/api.rst0000644000076600000240000000013113261244762017440 0ustar bmwstaff00000000000000================= API Documentation ================= .. toctree:: :glob: api/** certbot-dns-google-0.23.0/certbot_dns_google.egg-info/0000755000076600000240000000000013261245103022534 5ustar bmwstaff00000000000000certbot-dns-google-0.23.0/certbot_dns_google.egg-info/PKG-INFO0000644000076600000240000000227413261245103023636 0ustar bmwstaff00000000000000Metadata-Version: 2.1 Name: certbot-dns-google Version: 0.23.0 Summary: Google Cloud DNS Authenticator plugin for Certbot Home-page: https://github.com/certbot/certbot Author: Certbot Project Author-email: client-dev@letsencrypt.org License: Apache License 2.0 Description: UNKNOWN Platform: UNKNOWN Classifier: Development Status :: 3 - Alpha Classifier: Environment :: Plugins Classifier: Intended Audience :: System Administrators Classifier: License :: OSI Approved :: Apache Software License Classifier: Operating System :: POSIX :: Linux Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 2 Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.4 Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 Classifier: Topic :: Internet :: WWW/HTTP Classifier: Topic :: Security Classifier: Topic :: System :: Installation/Setup Classifier: Topic :: System :: Networking Classifier: Topic :: System :: Systems Administration Classifier: Topic :: Utilities Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.* Provides-Extra: docs certbot-dns-google-0.23.0/certbot_dns_google.egg-info/SOURCES.txt0000644000076600000240000000111013261245103024411 0ustar bmwstaff00000000000000LICENSE.txt MANIFEST.in README.rst setup.cfg setup.py certbot_dns_google/__init__.py certbot_dns_google/dns_google.py certbot_dns_google/dns_google_test.py certbot_dns_google.egg-info/PKG-INFO certbot_dns_google.egg-info/SOURCES.txt certbot_dns_google.egg-info/dependency_links.txt certbot_dns_google.egg-info/entry_points.txt certbot_dns_google.egg-info/requires.txt certbot_dns_google.egg-info/top_level.txt certbot_dns_google/testdata/discovery.json docs/.gitignore docs/Makefile docs/api.rst docs/conf.py docs/index.rst docs/make.bat docs/_ext/jsonlexer.py docs/api/dns_google.rstcertbot-dns-google-0.23.0/certbot_dns_google.egg-info/entry_points.txt0000644000076600000240000000011413261245103026026 0ustar bmwstaff00000000000000[certbot.plugins] dns-google = certbot_dns_google.dns_google:Authenticator certbot-dns-google-0.23.0/certbot_dns_google.egg-info/requires.txt0000644000076600000240000000023213261245103025131 0ustar bmwstaff00000000000000acme>=0.21.1 certbot>=0.21.1 google-api-python-client>=1.5 mock oauth2client>=2.0 setuptools zope.interface httplib2 [docs] Sphinx>=1.0 sphinx_rtd_theme certbot-dns-google-0.23.0/certbot_dns_google.egg-info/top_level.txt0000644000076600000240000000002313261245103025261 0ustar bmwstaff00000000000000certbot_dns_google certbot-dns-google-0.23.0/certbot_dns_google.egg-info/dependency_links.txt0000644000076600000240000000000113261245103026602 0ustar bmwstaff00000000000000 certbot-dns-google-0.23.0/setup.py0000644000076600000240000000431513261244762016727 0ustar bmwstaff00000000000000import sys from setuptools import setup from setuptools import find_packages version = '0.23.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.21.1', 'certbot>=0.21.1', # 1.5 is the first version that supports oauth2client>=2.0 'google-api-python-client>=1.5', 'mock', # for oauth2client.service_account.ServiceAccountCredentials 'oauth2client>=2.0', 'setuptools', 'zope.interface', # already a dependency of google-api-python-client, but added for consistency 'httplib2' ] docs_extras = [ 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags 'sphinx_rtd_theme', ] setup( name='certbot-dns-google', version=version, description="Google Cloud DNS Authenticator plugin for Certbot", url='https://github.com/certbot/certbot', author="Certbot Project", author_email='client-dev@letsencrypt.org', license='Apache License 2.0', python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*', classifiers=[ 'Development Status :: 3 - Alpha', 'Environment :: Plugins', 'Intended Audience :: System Administrators', 'License :: OSI Approved :: Apache Software License', 'Operating System :: POSIX :: Linux', 'Programming Language :: Python', 'Programming Language :: Python :: 2', 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3', 'Programming Language :: Python :: 3.4', 'Programming Language :: Python :: 3.5', 'Programming Language :: Python :: 3.6', 'Topic :: Internet :: WWW/HTTP', 'Topic :: Security', 'Topic :: System :: Installation/Setup', 'Topic :: System :: Networking', 'Topic :: System :: Systems Administration', 'Topic :: Utilities', ], packages=find_packages(), include_package_data=True, install_requires=install_requires, extras_require={ 'docs': docs_extras, }, entry_points={ 'certbot.plugins': [ 'dns-google = certbot_dns_google.dns_google:Authenticator', ], }, test_suite='certbot_dns_google', ) certbot-dns-google-0.23.0/setup.cfg0000644000076600000240000000010313261245103017013 0ustar bmwstaff00000000000000[bdist_wheel] universal = 1 [egg_info] tag_build = tag_date = 0 certbot-dns-google-0.23.0/README.rst0000644000076600000240000000006213261244762016677 0ustar bmwstaff00000000000000Google Cloud DNS Authenticator plugin for Certbot certbot-dns-google-0.23.0/LICENSE.txt0000644000076600000240000002504213261244762017040 0ustar bmwstaff00000000000000 Copyright 2015 Electronic Frontier Foundation and others Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS