Plugins/Yandex.ps1
|
function Get-CurrentPluginType { 'dns-01' } function Add-DnsTxt { [CmdletBinding(DefaultParameterSetName='Secure')] param( [Parameter(Mandatory,Position=0)] [string]$RecordName, [Parameter(Mandatory,Position=1)] [string]$TxtValue, [Parameter(ParameterSetName='Secure',Mandatory,Position=2)] [securestring]$YDAdminToken, [Parameter(ParameterSetName='DeprecatedInsecure',Mandatory,Position=2)] [string]$YDAdminTokenInsecure, [Parameter(ValueFromRemainingArguments)] $ExtraParams ) # grab the cleartext token if the secure version was used # and make the auth header if ('Secure' -eq $PSCmdlet.ParameterSetName) { $YDAdminTokenInsecure = [pscredential]::new('a',$YDAdminToken).GetNetworkCredential().Password } $AuthHeader = @{ PddToken = $YDAdminTokenInsecure } try { Write-Verbose "Searching for existing TXT record" $zoneName,$rec = Get-YandexTxtRecord $RecordName $TxtValue $AuthHeader } catch { throw } # separate the portion of the name that doesn't contain the zone name $recShort = ($RecordName -ireplace [regex]::Escape($zoneName), [string]::Empty).TrimEnd('.') if ($rec) { Write-Debug "Record $RecordName already contains $TxtValue. Nothing to do." } else { # add a new record $body = "domain=$zoneName&subdomain=$recShort&content=$TxtValue&type=TXT&ttl=1" try { Write-Verbose "Adding $RecordName with value $TxtValue" $response = Invoke-RestMethod 'https://pddimp.yandex.ru/api2/admin/dns/add' ` -Method POST -Body $body -Headers $AuthHeader -ContentType 'application/x-www-form-urlencoded' ` @script:UseBasic -EA Stop } catch { throw } if ($response.success -ne 'ok') { throw "Yandex API threw unexpected error: $($response.error)" } } <# .SYNOPSIS Add a DNS TXT record to Yandex. .DESCRIPTION Uses the Yandex DNS API to add a DNS TXT record. .PARAMETER RecordName The fully qualified name of the TXT record. .PARAMETER TxtValue The value of the TXT record. .PARAMETER YDAdminToken The Yandex admin token generated for your account. .PARAMETER YDAdminTokenInsecure (DEPRECATED) The Yandex admin token generated for your account. .PARAMETER ExtraParams This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports. .EXAMPLE $token = Read-Host -Prompt "Yandex Token" -AsSecureString PS C:\>Add-DnsTxt '_acme-challenge.example.com' 'txt-value' $token Adds the specified TXT record with the specified value using a secure token. #> } function Remove-DnsTxt { [CmdletBinding(DefaultParameterSetName='Secure')] param( [Parameter(Mandatory,Position=0)] [string]$RecordName, [Parameter(Mandatory,Position=1)] [string]$TxtValue, [Parameter(ParameterSetName='Secure',Mandatory,Position=2)] [securestring]$YDAdminToken, [Parameter(ParameterSetName='DeprecatedInsecure',Mandatory,Position=2)] [string]$YDAdminTokenInsecure, [Parameter(ValueFromRemainingArguments)] $ExtraParams ) # grab the cleartext token if the secure version was used # and make the auth header if ('Secure' -eq $PSCmdlet.ParameterSetName) { $YDAdminTokenInsecure = [pscredential]::new('a',$YDAdminToken).GetNetworkCredential().Password } $AuthHeader = @{ PddToken = $YDAdminTokenInsecure } try { Write-Verbose "Searching for existing TXT record" $zoneName,$rec = Get-YandexTxtRecord $RecordName $TxtValue $AuthHeader } catch { throw } if ($rec) { # delete the record $body = "domain=$zoneName&record_id=$($rec.record_id)" try { Write-Verbose "Removing $RecordName with value $TxtValue" $response = Invoke-RestMethod 'https://pddimp.yandex.ru/api2/admin/dns/del' ` -Method POST -Body $body -Headers $AuthHeader -ContentType 'application/x-www-form-urlencoded' ` @script:UseBasic -EA Stop } catch { throw } if ($response.success -ne 'ok') { throw "Yandex API threw unexpected error: $($response.error)" } } else { Write-Debug "Record $RecordName with value $TxtValue doesn't exist. Nothing to do." } <# .SYNOPSIS Remove a DNS TXT record from Yandex. .DESCRIPTION Uses the Yandex DNS API to remove a DNS TXT record. .PARAMETER RecordName The fully qualified name of the TXT record. .PARAMETER TxtValue The value of the TXT record. .PARAMETER YDAdminToken The Yandex admin token generated for your account. .PARAMETER YDAdminTokenInsecure (DEPRECATED) The Yandex admin token generated for your account. .PARAMETER ExtraParams This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports. .EXAMPLE $token = Read-Host -Prompt "Yandex Token" -AsSecureString PS C:\>Remove-DnsTxt '_acme-challenge.example.com' 'txt-value' $token Removes the specified TXT record with the specified value using a secure token. #> } function Save-DnsTxt { [CmdletBinding()] param( [Parameter(ValueFromRemainingArguments)] $ExtraParams ) <# .SYNOPSIS Not required. .DESCRIPTION This provider does not require calling this function to commit changes to DNS records. .PARAMETER ExtraParams This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports. #> } ############################ # Helper Functions ############################ # API Docs # https://tech.yandex.com/domain/doc/concepts/api-dns-docpage/ function Get-YandexTxtRecord { [CmdletBinding()] param( [Parameter(Mandatory,Position=0)] [string]$RecordName, [Parameter(Mandatory,Position=1)] [string]$TxtValue, [Parameter(Mandatory,Position=2)] [hashtable]$AuthHeader ) $apiRoot = 'https://pddimp.yandex.ru/api2/admin/dns' # setup a module variable to cache the record to zone mapping # so it's quicker to find later if (!$script:YDRecordZones) { $script:YDRecordZones = @{} } # check for the record in the cache if ($script:YDRecordZones.ContainsKey($RecordName)) { $zone = $script:YDRecordZones.$RecordName } # Yandex doesn't really have a standalone API endpoint to check for the existence of a zone. # But you sort of get it for free with the endpoint to list a zone's records. If the zone # doesn't exist, you'll get an error saying as much. if ($zone) { # use the zone name we already found Write-Debug "Querying record list from zone $zone" try { $response = Invoke-RestMethod "$apiRoot/list?domain=$zone" -Headers $AuthHeader ` @script:UseBasic -EA Stop } catch { throw } if ($response.success -ne 'ok') { if ($response.error -eq 'no_auth') { throw "Failed to authenticate against Yandex API. Double check token value." } else { throw "Yandex API threw unexpected error: $($response.error)" } } } else { # find the zone for the closest/deepest sub-zone that would contain the record. $pieces = $RecordName.Split('.') for ($i=0; $i -lt ($pieces.Count-1); $i++) { $zoneTest = $pieces[$i..($pieces.Count-1)] -join '.' Write-Debug "Checking $zoneTest" $response = $null try { $response = Invoke-RestMethod "$apiRoot/list?domain=$zoneTest" -Headers $AuthHeader ` @script:UseBasic -EA Stop } catch { throw } if ($response.success -eq 'ok') { $script:YDRecordZones.$RecordName = $zoneTest $zone = $zoneTest break } else { if ($response.error -eq 'no_auth') { throw "Failed to authenticate against Yandex API. Double check token value." } elseif ($response.error -ne 'no_such_domain') { throw "Yandex API threw unexpected error: $($response.error)" } $response = $null } } } if (-not $response) { throw "Unable to find Yandex hosted zone for $RecordName" } $rec = $response.records | Where-Object { $_.type -eq 'TXT' -and $_.fqdn -eq $RecordName -and $_.content -eq $TxtValue } return @($zone,$rec) } |