Merge pull request #687 from chaptergy/allow-additional-dns-challenge-dependencies

Allow additional dns challenge dependencies

Author: jc21

backend/internal/certificate.js

@@ -789,8 +789,8 @@ const internalCertificate = {
 		logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 
 		const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
-		const credentials_cmd = 'echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'';
-		const prepare_cmd     = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version;
+		const credentials_cmd = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'';
+		const prepare_cmd     = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version + ' ' + dns_plugin.dependencies;
 
 		// Whether the plugin has a --<name>-credentials argument
 		const has_config_arg = certificate.meta.dns_provider !== 'route53';

backend/setup.js

@@ -175,14 +175,14 @@ const setupCertbotPlugins = () => {
 
 				certificates.map(function (certificate) {
 					if (certificate.meta && certificate.meta.dns_challenge === true) {
-						const dns_plugin         = dns_plugins[certificate.meta.dns_provider];
-						const package_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version}`;
+						const dns_plugin          = dns_plugins[certificate.meta.dns_provider];
+						const packages_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version} ${dns_plugin.dependencies}`;
 
-						if (plugins.indexOf(package_to_install) === -1) plugins.push(package_to_install);
+						if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install);
 
 						// Make sure credentials file exists
 						const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; 
-						const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir /etc/letsencrypt/credentials; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
+						const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
 						promises.push(utils.exec(credentials_cmd));
 					}
 				});

global/certbot-dns-plugins.js

@@ -10,9 +10,9 @@
  *      display_name: "Name displayed to the user",
  *      package_name: "Package name in PyPi repo",
  *      package_version: "Package version in PyPi repo",
+ *      dependencies: "Additional dependencies, space separated (as you would pass it to pip install)",
  *      credentials: `Template of the credentials file`,
  *      full_plugin_name: "The full plugin name as used in the commandline with certbot, including prefixes, e.g. 'certbot-dns-njalla:dns-njalla'",
- *      credentials_file: Whether the plugin has a credentials file
  *    },
  *    ...
  *  }
@@ -24,6 +24,7 @@ module.exports = {
 		display_name:    'Cloudflare',
 		package_name:    'certbot-dns-cloudflare',
 		package_version: '1.8.0',
+		dependencies:    'cloudflare',
 		credentials:     `# Cloudflare API token
 dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`,
 		full_plugin_name: 'dns-cloudflare',
@@ -33,6 +34,7 @@ dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`,
 		display_name:    'CloudXNS',
 		package_name:    'certbot-dns-cloudxns',
 		package_version: '1.8.0',
+		dependencies:    '',
 		credentials:     `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
 dns_cloudxns_secret_key = 1122334455667788`,
 		full_plugin_name: 'dns-cloudxns',
@@ -42,6 +44,7 @@ dns_cloudxns_secret_key = 1122334455667788`,
 		display_name:    'Core Networks',
 		package_name:    'certbot-dns-corenetworks',
 		package_version: '0.1.4',
+		dependencies:    '',
 		credentials:     `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
 certbot_dns_corenetworks:dns_corenetworks_password = secure_password`,
 		full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks',
@@ -51,6 +54,7 @@ certbot_dns_corenetworks:dns_corenetworks_password = secure_password`,
 		display_name:    'cPanel',
 		package_name:    'certbot-dns-cpanel',
 		package_version: '0.2.2',
+		dependencies:    '',
 		credentials:     `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
 certbot_dns_cpanel:cpanel_username = user
 certbot_dns_cpanel:cpanel_password = hunter2`,
@@ -61,6 +65,7 @@ certbot_dns_cpanel:cpanel_password = hunter2`,
 		display_name:     'DigitalOcean',
 		package_name:     'certbot-dns-digitalocean',
 		package_version:  '1.8.0',
+		dependencies:     '',
 		credentials:      'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff',
 		full_plugin_name: 'dns-digitalocean',
 	},
@@ -69,6 +74,7 @@ certbot_dns_cpanel:cpanel_password = hunter2`,
 		display_name:    'DirectAdmin',
 		package_name:    'certbot-dns-directadmin',
 		package_version: '0.0.20',
+		dependencies:    '',
 		credentials:     `directadmin_url = https://my.directadminserver.com:2222
 directadmin_username = username
 directadmin_password = aSuperStrongPassword`,
@@ -79,6 +85,7 @@ directadmin_password = aSuperStrongPassword`,
 		display_name:     'DNSimple',
 		package_name:     'certbot-dns-dnsimple',
 		package_version:  '1.8.0',
+		dependencies:     '',
 		credentials:      'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw',
 		full_plugin_name: 'dns-dnsimple',
 	},
@@ -87,6 +94,7 @@ directadmin_password = aSuperStrongPassword`,
 		display_name:    'DNS Made Easy',
 		package_name:    'certbot-dns-dnsmadeeasy',
 		package_version: '1.8.0',
+		dependencies:    '',
 		credentials:     `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
 dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`,
 		full_plugin_name: 'dns-dnsmadeeasy',
@@ -96,6 +104,7 @@ dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`,
 		display_name:    'DNSPod',
 		package_name:    'certbot-dns-dnspod',
 		package_version: '0.1.0',
+		dependencies:    '',
 		credentials:     `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
 certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
 		full_plugin_name: 'certbot-dns-dnspod:dns-dnspod',
@@ -105,9 +114,10 @@ certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
 		display_name:    'Google',
 		package_name:    'certbot-dns-google',
 		package_version: '1.8.0',
+		dependencies:    '',
 		credentials:     `{
-	"type": "service_account",
-	...
+"type": "service_account",
+...
 }`,
 		full_plugin_name: 'dns-google',
 	},
@@ -116,6 +126,7 @@ certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
 		display_name:     'Hetzner',
 		package_name:     'certbot-dns-hetzner',
 		package_version:  '1.0.4',
+		dependencies:     '',
 		credentials:      'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
 		full_plugin_name: 'certbot-dns-hetzner:dns-hetzner',
 	},
@@ -124,6 +135,7 @@ certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
 		display_name:    'INWX',
 		package_name:    'certbot-dns-inwx',
 		package_version: '2.1.2',
+		dependencies:    '',
 		credentials:     `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
 certbot_dns_inwx:dns_inwx_username = your_username
 certbot_dns_inwx:dns_inwx_password = your_password
@@ -135,6 +147,7 @@ certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`,
 		display_name:    'ISPConfig',
 		package_name:    'certbot-dns-ispconfig',
 		package_version: '0.2.0',
+		dependencies:    '',
 		credentials:     `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
 certbot_dns_ispconfig:dns_ispconfig_password = verysecureremoteuserpassword
 certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`,
@@ -145,6 +158,7 @@ certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`,
 		display_name:    'Isset',
 		package_name:    'certbot-dns-isset',
 		package_version: '0.0.3',
+		dependencies:    '',
 		credentials:     `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
 certbot_dns_isset:dns_isset_token="<token>"`,
 		full_plugin_name: 'certbot-dns-isset:dns-isset',
@@ -154,6 +168,7 @@ certbot_dns_isset:dns_isset_token="<token>"`,
 		display_name:    'Linode',
 		package_name:    'certbot-dns-linode',
 		package_version: '1.8.0',
+		dependencies:    '',
 		credentials:     `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
 dns_linode_version = [<blank>|3|4]`,
 		full_plugin_name: 'dns-linode',
@@ -163,6 +178,7 @@ dns_linode_version = [<blank>|3|4]`,
 		display_name:    'LuaDNS',
 		package_name:    'certbot-dns-luadns',
 		package_version: '1.8.0',
+		dependencies:    '',
 		credentials:     `dns_luadns_email = user@example.com
 dns_luadns_token = 0123456789abcdef0123456789abcdef`,
 		full_plugin_name: 'dns-luadns',
@@ -172,6 +188,7 @@ dns_luadns_token = 0123456789abcdef0123456789abcdef`,
 		display_name:    'netcup',
 		package_name:    'certbot-dns-netcup',
 		package_version: '1.0.0',
+		dependencies:    '',
 		credentials:     `dns_netcup_customer_id  = 123456
 dns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567
 dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
@@ -182,6 +199,7 @@ dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
 		display_name:     'Njalla',
 		package_name:     'certbot-dns-njalla',
 		package_version:  '1.0.0',
+		dependencies:     '',
 		credentials:      'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
 		full_plugin_name: 'certbot-dns-njalla:dns-njalla',
 	},
@@ -190,6 +208,7 @@ dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
 		display_name:     'NS1',
 		package_name:     'certbot-dns-nsone',
 		package_version:  '1.8.0',
+		dependencies:     '',
 		credentials:      'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw',
 		full_plugin_name: 'dns-nsone',
 	},
@@ -198,6 +217,7 @@ dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
 		display_name:    'OVH',
 		package_name:    'certbot-dns-ovh',
 		package_version: '1.8.0',
+		dependencies:    '',
 		credentials:     `dns_ovh_endpoint = ovh-eu
 dns_ovh_application_key = MDAwMDAwMDAwMDAw
 dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
@@ -209,6 +229,7 @@ dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`,
 		display_name:    'PowerDNS',
 		package_name:    'certbot-dns-powerdns',
 		package_version: '0.2.0',
+		dependencies:    '',
 		credentials:     `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
 certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`,
 		full_plugin_name: 'certbot-dns-powerdns:dns-powerdns',
@@ -218,6 +239,7 @@ certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`,
 		display_name:    'RFC 2136',
 		package_name:    'certbot-dns-rfc2136',
 		package_version: '1.8.0',
+		dependencies:    '',
 		credentials:     `# Target DNS server
 dns_rfc2136_server = 192.0.2.1
 # Target DNS port
@@ -235,6 +257,7 @@ dns_rfc2136_algorithm = HMAC-SHA512`,
 		display_name:    'Route 53 (Amazon)',
 		package_name:    'certbot-dns-route53',
 		package_version: '1.8.0',
+		dependencies:    '',
 		credentials:     `[default]
 aws_access_key_id=AKIAIOSFODNN7EXAMPLE
 aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
@@ -245,7 +268,8 @@ aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
 		display_name:     'Vultr',
 		package_name:     'certbot-dns-vultr',
 		package_version:  '1.0.3',
+		dependencies:     '',
 		credentials:      'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
 		full_plugin_name: 'certbot-dns-vultr:dns-vultr',
 	},
-};
+};