AV-174376 Adding support for Infoblox Dns #279
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0nebody
reviewed
Jun 6, 2023
| except Exception as e: | ||
| raise Exception("exception req[%s] rsp[%s]", logout_url, str(e)) | ||
|
|
||
| def add_dns_text_record(key_digest_64, txt_record_name, kwargs): |
There was a problem hiding this comment.
txt_record_name contains a trailing . which is not supported by infoblox.
0nebody
reviewed
Jun 6, 2023
| except Exception as e: | ||
| raise Exception("Error adding dns txt record to vs {}", e) | ||
|
|
||
| def remove_dns_text_record(key_digest_64, txt_record_name, kwargs): |
There was a problem hiding this comment.
txt_record_name contains a trailing . which is not supported by infoblox.
0nebody
reviewed
Jun 6, 2023
Comment on lines
+272
to
+280
| # Check if we need to overwrite the VS UUID if it was specified | ||
| # We request the info here once, instead in the loop for each SAN entry below. | ||
| if overwrite_vs != None: | ||
| if debug: | ||
| print ("DEBUG: overwrite_vs is set to '{}'".format(overwrite_vs)) | ||
| if overwrite_vs.lower().startswith('virtualservice-'): | ||
| search_term = "uuid={}".format(overwrite_vs.lower()) | ||
| else: | ||
| search_term = "name={}".format(urllib.parse.quote(overwrite_vs, safe='')) |
0nebody
reviewed
Jun 6, 2023
Comment on lines
+356
to
+406
| vhMode = False | ||
|
|
||
| # Check if we need to overwrite VirtualService UUID to something specific | ||
| if overwrite_vs == None: | ||
|
|
||
| # Get VSVIPs/VSs, based on FQDN | ||
| rsp = _do_request_avi("vsvip/?search=(fqdn,{})".format(domain), "GET").json() | ||
| if debug: | ||
| print ("DEBUG: Found {} matching VSVIP FQDNs".format(rsp["count"])) | ||
| if rsp["count"] == 0: | ||
| print ("Warning: Could not find a VSVIP with fqdn = {}".format(domain)) | ||
| # As a fallback we search for VirtualHosting entries with that domain | ||
| vhMode = True | ||
| search_term = "vh_domain_name.contains={}".format(domain) | ||
| else: | ||
| vsvip_uuid = rsp["results"][0]["uuid"] | ||
| search_term = "vsvip_ref={}".format(vsvip_uuid) | ||
|
|
||
| rsp = _do_request_avi("virtualservice/?{}".format(search_term), "GET").json() | ||
| if debug: | ||
| print ("DEBUG: Found {} matching VSs".format(rsp["count"])) | ||
| if rsp['count'] == 0: | ||
| raise Exception("Could not find a VS with fqdn = {}".format(domain)) | ||
|
|
||
| vs_uuid = rsp["results"][0]["uuid"] | ||
|
|
||
| else: | ||
| # Overwriting VS UUID to what user specified. | ||
| # ALL SANs of the CSR must be reachable on the specified VS to succeed. | ||
| rsp = overwrite_vs | ||
| vs_uuid = rsp["results"][0]["uuid"] | ||
| print ("Note: Overwriting VS UUID to {}".format(vs_uuid)) | ||
|
|
||
| print ("Found VS {} with fqdn {}".format(vs_uuid, domain)) | ||
|
|
||
| # Let's check if VS is enabled, otherwise challenge can never successfully complete. | ||
| if not rsp["results"][0]["enabled"]: | ||
| raise Exception("VS with fqdn {} is not enabled.".format(domain)) | ||
|
|
||
| # Special handling for virtualHosting: if child, get services from parent. | ||
| if vhMode and rsp["results"][0]["type"] == "VS_TYPE_VH_CHILD": | ||
| # vh_parent_vs_ref is schema of https://avi.domain.tld/api/virtualservice/virtualservice-UUID, hence picking the last part | ||
| vs_uuid_parent = rsp["results"][0]["vh_parent_vs_ref"].split("/")[-1] | ||
| vhRsp = _do_request_avi("virtualservice/?uuid={}".format(vs_uuid_parent), "GET").json() | ||
| if debug: | ||
| print ("DEBUG: Parent VS of Child-VS is {} and found {} matches".format(vs_uuid_parent, vhRsp['count'])) | ||
| if vhRsp['count'] == 0: | ||
| raise Exception("Could not find parent VS {} of child VS UUID = {}".format(vs_uuid_parent, vs_uuid)) | ||
|
|
||
| # we just copy it over. more transparent for further logic. | ||
| rsp["results"][0]["services"] = vhRsp["results"][0]["services"] |
0nebody
reviewed
Jun 6, 2023
| print("Install DNS TXT resource for domain: %s", domain) | ||
| add_dns_text_record(keydigest64, txt_record_name, kwargs) | ||
|
|
||
| print ("Challenge completed, notifying LetsEncrypt") |
There was a problem hiding this comment.
There might be a delay from creating the record and it being publicly accessible. Need at test or sleep before continuing.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
AV-174376 Adding support for Infoblox Dns