#!/usr/bin/env python3 # Copyright 2019 vg # SPDX-License-Identifier: MIT '''\ Takes json in stdin to modify a challenge in a zone txt record. Usage: update-acme-challenge --zones=ZONES Options: --zones=ZONES json object: {"zone-to-check": "zone-to-modify"} Json format: { "action": "add|delete", "zone": "zone_name_to_modify", "challenge": "mandatory only with add action: challenge", } ''' import datetime import docopt import json import subprocess import sys def nsupdate(zone, challenge): content = f''' server ::1 del {zone} TXT add {zone} 60 TXT "{challenge}" send ''' subprocess.run(['nsupdate'], check=True, input=content, encoding='utf8') def main(): args = docopt.docopt(__doc__) jsonmap = json.loads(sys.stdin.read()) zones = json.loads(args['--zones']) zone = jsonmap.get('zone', '') zone = zone[:-1] if zone.endswith('.') else zone if zone not in zones: raise ValueError(f'not permitted to modify zone {zone}') action = jsonmap.get('action', '') if action not in ('add', 'delete'): raise ValueError(f'bad value for action content: {action}') challenge = jsonmap.get('challenge', '') if not all(x.isalnum() or x in '_-' for x in challenge): # base64url as in acme spec raise ValueError('bad format for challenge content') nsupdate(zones[zone], challenge if action == 'add' else '') main()