Add DNS provider for YandexCloud

[kluevandrew]

DNS Provider implementation for Yandex Cloud - 1 of 2 largest cloud providers in Russia

closes #1693

[ldez]

Hello, in order for a PR adding a DNS provider to be accepted, you have to:

• add a description to your PR
• be able to maintain this provider
• have a homogeneous design with the other providers
• add tests (units)

make test

• add tests ("live")
  

  lego/providers/dns/cloudflare/cloudflare_test.go

  Lines 125 to 151 in c938de6

  	func TestLivePresent(t *testing.T) {
  	if !envTest.IsLiveTest() {
  	t.Skip("skipping live test")
  	}
  	envTest.RestoreEnv()
  	provider, err := NewDNSProvider()
  	require.NoError(t, err)
  	err = provider.Present(envTest.GetDomain(), "", "123d==")
  	require.NoError(t, err)
  	}
  	func TestLiveCleanUp(t *testing.T) {
  	if !envTest.IsLiveTest() {
  	t.Skip("skipping live test")
  	}
  	envTest.RestoreEnv()
  	provider, err := NewDNSProvider()
  	require.NoError(t, err)
  	time.Sleep(2 * time.Second)
  	err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
  	require.NoError(t, err)
  	}

make test

• add a provider descriptor
• generate CLI help, documentation, and readme.

make generate-dns

• be able to do: (and put the output of this command to a comment in your PR)

rm -rf .lego

./lego -m your@email.com --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

Note the wildcard domain is important.

• pass the linter (golangci-lint must be installed):

make checks

• do go mod tidy

[kluevandrew]

I do not promise to do everything in one day, but I will try, I will keep a checklist in this comment

• add a description to your PR
• be able to maintain this provider
• have a homogeneous design with the other providers
• add tests (units)
• add tests ("live")
• add a provider descriptor
• generate CLI help, documentation, and readme.
• be able to do: (and put the output of this command to a comment in your PR)

rm -rf .lego

./lego -m your@email.com --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

Result without envs:

➜  dist git:(yandexcloud) ./lego -m your@email.com --dns yandexcloud -d "*.example.com" -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
2022/08/09 17:29:44 yandexcloud: some credentials information are missing: YANDEX_CLOUD_IAM_TOKEN,YANDEX_CLOUD_FOLDER_ID

Result with real credentials in envs but with domain that i do not owns:

➜  dist git:(yandexcloud) export YANDEX_CLOUD_IAM_TOKEN="private info"
➜  dist git:(yandexcloud) export YANDEX_CLOUD_FOLDER_ID="private info"
➜  dist git:(yandexcloud) ./lego -m andrey.klyuev@newbydev.team --dns yandexcloud -d "*.example.com" -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

2022/08/09 17:35:47 [INFO] [*.example.com, example.com] acme: Obtaining bundled SAN certificate
2022/08/09 17:35:48 [INFO] [*.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3285370364
2022/08/09 17:35:48 [INFO] [example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3285370374
2022/08/09 17:35:48 [INFO] [*.example.com] acme: use dns-01 solver
2022/08/09 17:35:48 [INFO] [example.com] acme: Could not find solver for: tls-alpn-01
2022/08/09 17:35:48 [INFO] [example.com] acme: Could not find solver for: http-01
2022/08/09 17:35:48 [INFO] [example.com] acme: use dns-01 solver
2022/08/09 17:35:48 [INFO] [*.example.com] acme: Preparing to solve DNS-01
2022/08/09 17:35:48 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge
2022/08/09 17:35:48 [INFO] [example.com] acme: Preparing to solve DNS-01
2022/08/09 17:35:48 [INFO] [example.com] acme: Cleaning DNS-01 challenge
2022/08/09 17:35:49 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3285370364
2022/08/09 17:35:49 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3285370374
2022/08/09 17:35:50 Could not obtain certificates:
        error: one or more domains had a problem:
[*.example.com] [*.example.com] acme: error presenting token: yandexcloud: cant find dns zone example.com. in yandex cloud
[example.com] [example.com] acme: error presenting token: yandexcloud: cant find dns zone example.com. in yandex cloud

Result with real credentials in envs and domain that i owns:

➜  dist git:(yandexcloud) export YANDEX_CLOUD_IAM_TOKEN="private info"
➜  dist git:(yandexcloud) export YANDEX_CLOUD_FOLDER_ID="private info"
➜  dist git:(yandexcloud) ./lego -m andrey.klyuev@newbydev.team --dns yandexcloud -d "*.newbydev.team" -d newbydev.team -s https://acme-staging-v02.api.letsencrypt.org/directory run
2022/08/09 17:36:52 [INFO] [*.newbydev.team, newbydev.team] acme: Obtaining bundled SAN certificate
2022/08/09 17:36:53 [INFO] [*.newbydev.team] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3285385164
2022/08/09 17:36:53 [INFO] [newbydev.team] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3285385174
2022/08/09 17:36:53 [INFO] [*.newbydev.team] acme: use dns-01 solver
2022/08/09 17:36:53 [INFO] [newbydev.team] acme: Could not find solver for: tls-alpn-01
2022/08/09 17:36:53 [INFO] [newbydev.team] acme: Could not find solver for: http-01
2022/08/09 17:36:53 [INFO] [newbydev.team] acme: use dns-01 solver
2022/08/09 17:36:53 [INFO] [*.newbydev.team] acme: Preparing to solve DNS-01
2022/08/09 17:36:54 [INFO] [*.newbydev.team] acme: Trying to solve DNS-01
2022/08/09 17:36:54 [INFO] [*.newbydev.team] acme: Checking DNS record propagation using [100.99.0.231:53 100.99.0.230:53]
2022/08/09 17:36:56 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2022/08/09 17:36:59 [INFO] [*.newbydev.team] The server validated our request
2022/08/09 17:36:59 [INFO] [*.newbydev.team] acme: Cleaning DNS-01 challenge
2022/08/09 17:37:00 [INFO] sequence: wait for 1m0s
2022/08/09 17:38:00 [INFO] [newbydev.team] acme: Preparing to solve DNS-01
2022/08/09 17:38:01 [INFO] [newbydev.team] acme: Trying to solve DNS-01
2022/08/09 17:38:01 [INFO] [newbydev.team] acme: Checking DNS record propagation using [100.99.0.231:53 100.99.0.230:53]
2022/08/09 17:38:03 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2022/08/09 17:38:10 [INFO] [newbydev.team] The server validated our request
2022/08/09 17:38:10 [INFO] [newbydev.team] acme: Cleaning DNS-01 challenge
2022/08/09 17:38:10 [INFO] [*.newbydev.team, newbydev.team] acme: Validations succeeded; requesting certificates
2022/08/09 17:38:12 [INFO] [*.newbydev.team] Server responded with a certificate.

• pass the linter (golangci-lint must be installed):

make checks

Result: lot of nosnakecase errors, but no errors in my code

• do go mod tidy

[kluevandrew]

Done as i think

[kluevandrew]

Is there anything else I should do as part of this pull request?

[kluevandrew]

Please give me a feedback about this

[ldez]

@kluevandrew have you used the Sequential approach because Yandex doesn't support multiple TXT record for the same domain?

[kluevandrew]

@kluevandrew have you used the Sequential approach because Yandex doesn't support multiple TXT record for the same domain?

Yes, yandex supports only one TXT record for domain, but with multiple values

PS After your question, I stopped being sure that this is really necessary.

[ldez]

Yes, yandex supports only one TXT record for domain, but with multiple values

In fact, this means that Yandex supports multiple TXT records for a domain because DNSes are just key-value stores.

Maybe you have to change your implementation.

[kluevandrew]

In fact, this means that Yandex supports multiple TXT records for a domain because DNSes are just key-value stores.

No problem, i will check all cases and fix implementation in few days

[kluevandrew]

@ldez done, now it's not sequential, work normally even if TXT record for _acme_challenge is already present and does not produces if it already has needed value

[ldez]

Thank you 👍