Skip to content

Instantly share code, notes, and snippets.

@mat813
Last active February 22, 2022 16:02
Show Gist options
  • Save mat813/3135484 to your computer and use it in GitHub Desktop.
Save mat813/3135484 to your computer and use it in GitHub Desktop.
OpenDNSSEC to Gandi
#!/usr/bin/env ruby
# frozen_string_literal: true
# ods-ksmutil key export --keystate ready -t KSK --all | ruby gandi.rb ready
# ods-ksmutil key export --keystate retire -t KSK --all | ruby gandi.rb retire
require 'pp'
require 'rubygems'
require 'dnsruby'
require 'xmlrpc/client'
QUOI = ARGV[0]
def debug(*rest)
puts(*rest) if STDOUT.tty?
end
if QUOI.nil? || !%w[ready retire].include?(QUOI)
puts 'usage : gandi.rb [ready|retire]'
exit 1
end
# redefine without warning.
XMLRPC::Config.__send__(:remove_const, :ENABLE_NIL_PARSER)
XMLRPC::Config::ENABLE_NIL_PARSER = true
SERVER = XMLRPC::Client.new2('https://rpc.gandi.net/xmlrpc/')
SERVER.instance_variable_get(:@http).verify_mode = OpenSSL::SSL::VERIFY_NONE
APIKEY = 'what did you expect...'
def call_api(command, *args)
SERVER.call(command, APIKEY, *args)
rescue XMLRPC::FaultException => e
if e.faultString =~ /CAUSE_NOTFOUND/
debug 'Error:'
debug e.faultCode
debug e.faultString
else
puts 'Error:'
puts e.faultCode
puts e.faultString
end
rescue StandardError => e
pp e
end
def call_and_wait_api(command, *args)
op = call_api(command, *args)
while %w[BILL WAIT RUN].include? op['step']
op = call_api('operation.info', op['id'])
sleep 1
end
op
end
domain_found = false
while (line = STDIN.gets)
next unless line =~ /^[a-z0-9]/
new_key = Dnsruby::RR::DNSKEY.new_from_string(line)
new_b64 = [new_key.key.to_s].pack('m*').delete("\n")
domain = new_key.name.to_s
debug "Domaine #{domain}"
if call_api('domain.info', domain)
domain_found = true
keys = call_api('domain.dnssec.list', domain)
if keys.nil?
puts "DNSSEC pas actif sur l'extension"
else
key_present = keys.find { |k| k['public_key'] == new_b64 }
case QUOI
when 'ready'
if key_present.nil?
op = call_and_wait_api('domain.dnssec.create', domain, 'algorithm' => new_key.algorithm.code, 'flags' => new_key.flags, 'public_key' => new_b64)
if op['step'] == 'DONE'
puts "clef installee #{new_key.rdata}"
else
puts '#######################'
pp op
puts '#######################'
end
else
debug "clef deja la #{new_key.rdata}"
end
when 'retire'
if key_present
op = call_and_wait_api('domain.dnssec.delete', key_present['id'])
if op['step'] == 'DONE'
puts "clef supprimee #{new_key.rdata}"
else
puts '#######################'
pp op
puts '#######################'
end
else
debug "clef deja supprimee #{new_key.rdata}"
end
end
end
else
debug 'Domaine pas chez gandi'
end
end
exit domain_found ? 0 : 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment