From c0d92d33dc5f1b07a94a8479501ce71a61eb1b63 Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pvizeli@syshack.ch>
Date: Tue, 18 Feb 2020 15:47:36 +0100
Subject: [PATCH] cloudflare selected and streamline propagation seconds
 (#1099)

* cloudflare-selected

* Update config.json

* Update README.md

* Update CHANGELOG.md

* Update README.md

* Update run.sh

* Fix lint

* Update run.sh

* address comments
---
 letsencrypt/CHANGELOG.md |  5 +++
 letsencrypt/README.md    |  6 +--
 letsencrypt/config.json  |  6 +--
 letsencrypt/data/run.sh  | 89 ++++++++++++++++++++++------------------
 4 files changed, 60 insertions(+), 46 deletions(-)

diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
index 66c3951..cd69048 100755
--- a/letsencrypt/CHANGELOG.md
+++ b/letsencrypt/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## 4.6
+
+- Streamline propagation seconds
+- Add propagation seconds to CloudFlare / option selection
+
 ## 4.5
 
 - Update cerbot to 1.2.0
diff --git a/letsencrypt/README.md b/letsencrypt/README.md
index 913be19..206b9a1 100644
--- a/letsencrypt/README.md
+++ b/letsencrypt/README.md
@@ -55,6 +55,7 @@ In addition add the fields according to the credentials required by your dns pro
 
 
 ```yaml
+propagation_seconds: 60
 cloudflare_email: ''
 cloudflare_api_key: ''
 cloudflare_api_token: ''
@@ -88,7 +89,6 @@ sakuracloud_api_secret: ''
 netcup_customer_id: ''
 netcup_api_key: ''
 netcup_api_password: ''
-netcup_propagation_seconds: 60
 ```
 
 ## Example Configurations
@@ -154,14 +154,14 @@ However, due to some shortcomings in Cloudflare’s implementation of Tokens, To
 Example credentials file using restricted API Token (recommended):
 ```yaml
 dns:
-  provider: dns-clooudflare
+  provider: dns-cloudflare
   dns_cloudflare_api_token: 0123456789abcdef0123456789abcdef01234
 ```
 
 Example credentials file using Global API Key (not recommended):
 ```yaml
 dns:
-  provider: dns-clooudflare
+  provider: dns-cloudflare
   dns_cloudflare_email: cloudflare@example.com
   dns_cloudflare_api_key: 0123456789abcdef0123456789abcdef01234
 ```
diff --git a/letsencrypt/config.json b/letsencrypt/config.json
index f4637c4..913c4bb 100755
--- a/letsencrypt/config.json
+++ b/letsencrypt/config.json
@@ -1,6 +1,6 @@
 {
   "name": "Let's Encrypt",
-  "version": "4.5",
+  "version": "4.6",
   "slug": "letsencrypt",
   "description": "Manage certificate from Let's Encrypt",
   "url": "https://github.com/home-assistant/hassio-addons/tree/master/letsencrypt",
@@ -30,6 +30,7 @@
     "challenge": "list(dns|http)",
     "dns": {
       "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup)?",
+      "propagation_seconds": "int(60,3600)?",
       "cloudflare_email": "email?",
       "cloudflare_api_key": "str?",
       "cloudflare_api_token": "str?",
@@ -62,8 +63,7 @@
       "sakuracloud_api_secret": "str?",
       "netcup_customer_id": "str?",
       "netcup_api_key": "str?",
-      "netcup_api_password": "str?",
-      "netcup_propagation_seconds": "int(60,3600)?"
+      "netcup_api_password": "str?"
     }
   },
   "image": "homeassistant/{arch}-addon-letsencrypt"
diff --git a/letsencrypt/data/run.sh b/letsencrypt/data/run.sh
index d70f7f2..0384627 100755
--- a/letsencrypt/data/run.sh
+++ b/letsencrypt/data/run.sh
@@ -5,12 +5,17 @@ DOMAINS=$(bashio::config 'domains')
 KEYFILE=$(bashio::config 'keyfile')
 CERTFILE=$(bashio::config 'certfile')
 CHALLENGE=$(bashio::config 'challenge')
-DNS_PROVIDER=$(bashio::config 'dns.provider')
 
 if [[ "$CHALLENGE" == "dns" ]]; then
-  bashio::log.info "Selected DNS Provider: $(bashio::config 'dns.provider')"
+    bashio::log.info "Selected DNS Provider: $(bashio::config 'dns.provider')"
+
+    PROPAGATION_SECONDS=60
+    if bashio::config.exists 'dns.propagation_seconds'; then
+        PROPAGATION_SECONDS="$(bashio::config 'dns.propagation_seconds')" 
+    fi
+    bashio::log.info "Use propagation seconds: ${PROPAGATION_SECONDS}"
 else
-  bashio::log.info "Selected http verification"
+    bashio::log.info "Selected http verification"
 fi
 
 CERT_DIR=/data/letsencrypt
@@ -23,38 +28,35 @@ chmod +x /run.sh
 touch /data/dnsapikey
 PROVIDER_ARGUMENTS=()
 
-echo -e "dns_cloudflare_email = $(bashio::config 'dns.cloudflare_email')\n" \
-  "dns_cloudflare_api_key = $(bashio::config 'dns.cloudflare_api_key')\n" \
-  "dns_cloudflare_api_token = $(bashio::config 'dns.cloudflare_api_token')\n" \
-  "dns_cloudxns_api_key = $(bashio::config 'dns.cloudxns_api_key')\n" \
-  "dns_cloudxns_secret_key = $(bashio::config 'dns.cloudxns_secret_key')\n" \
-  "dns_digitalocean_token = $(bashio::config 'dns.digitalocean_token')\n" \
-  "dns_dnsimple_token = $(bashio::config 'dns.dnsimple_token')\n" \
-  "dns_dnsmadeeasy_api_key = $(bashio::config 'dns.dnsmadeeasy_api_key')\n" \
-  "dns_dnsmadeeasy_secret_key = $(bashio::config 'dns.dnsmadeeasy_secret_key')\n" \
-  "dns_gehirn_api_token = $(bashio::config 'dns.gehirn_api_token')\n" \
-  "dns_gehirn_api_secret = $(bashio::config 'dns.gehirn_api_secret')\n" \
-  "dns_linode_key = $(bashio::config 'dns.linode_key')\n" \
-  "dns_linode_version = $(bashio::config 'dns.linode_version')\n" \
-  "dns_luadns_email = $(bashio::config 'dns.luadns_email')\n" \
-  "dns_luadns_token = $(bashio::config 'dns.luadns_token')\n" \
-  "certbot_dns_netcup:dns_netcup_customer_id = $(bashio::config 'dns.netcup_customer_id')\n" \
-  "certbot_dns_netcup:dns_netcup_api_key = $(bashio::config 'dns.netcup_api_key')\n" \
-  "certbot_dns_netcup:dns_netcup_api_password = $(bashio::config 'dns.netcup_api_password')\n" \
-  "dns_nsone_api_key = $(bashio::config 'dns.nsone_api_key')\n" \
-  "dns_ovh_endpoint = $(bashio::config 'dns.ovh_endpoint')\n" \
-  "dns_ovh_application_key = $(bashio::config 'dns.ovh_application_key')\n" \
-  "dns_ovh_application_secret = $(bashio::config 'dns.ovh_application_secret')\n" \
-  "dns_ovh_consumer_key = $(bashio::config 'dns.ovh_consumer_key')\n" \
-  "dns_rfc2136_server = $(bashio::config 'dns.rfc2136_server')\n" \
-  "dns_rfc2136_port = $(bashio::config 'dns.rfc2136_port')\n" \
-  "dns_rfc2136_name = $(bashio::config 'dns.rfc2136_name')\n" \
-  "dns_rfc2136_secret = $(bashio::config 'dns.rfc2136_secret')\n" \
-  "dns_rfc2136_algorithm = $(bashio::config 'dns.rfc2136_algorithm')\n" \
-  "aws_access_key_id = $(bashio::config 'dns.aws_access_key_id')\n" \
-  "aws_secret_access_key = $(bashio::config 'dns.aws_secret_access_key')\n" \
-  "dns_sakuracloud_api_token = $(bashio::config 'dns.sakuracloud_api_token')\n" \
-  "dns_sakuracloud_api_secret = $(bashio::config 'dns.sakuracloud_api_secret')" > /data/dnsapikey
+echo -e "dns_cloudxns_api_key = $(bashio::config 'dns.cloudxns_api_key')\n" \
+      "dns_cloudxns_secret_key = $(bashio::config 'dns.cloudxns_secret_key')\n" \
+      "dns_digitalocean_token = $(bashio::config 'dns.digitalocean_token')\n" \
+      "dns_dnsimple_token = $(bashio::config 'dns.dnsimple_token')\n" \
+      "dns_dnsmadeeasy_api_key = $(bashio::config 'dns.dnsmadeeasy_api_key')\n" \
+      "dns_dnsmadeeasy_secret_key = $(bashio::config 'dns.dnsmadeeasy_secret_key')\n" \
+      "dns_gehirn_api_token = $(bashio::config 'dns.gehirn_api_token')\n" \
+      "dns_gehirn_api_secret = $(bashio::config 'dns.gehirn_api_secret')\n" \
+      "dns_linode_key = $(bashio::config 'dns.linode_key')\n" \
+      "dns_linode_version = $(bashio::config 'dns.linode_version')\n" \
+      "dns_luadns_email = $(bashio::config 'dns.luadns_email')\n" \
+      "dns_luadns_token = $(bashio::config 'dns.luadns_token')\n" \
+      "certbot_dns_netcup:dns_netcup_customer_id = $(bashio::config 'dns.netcup_customer_id')\n" \
+      "certbot_dns_netcup:dns_netcup_api_key = $(bashio::config 'dns.netcup_api_key')\n" \
+      "certbot_dns_netcup:dns_netcup_api_password = $(bashio::config 'dns.netcup_api_password')\n" \
+      "dns_nsone_api_key = $(bashio::config 'dns.nsone_api_key')\n" \
+      "dns_ovh_endpoint = $(bashio::config 'dns.ovh_endpoint')\n" \
+      "dns_ovh_application_key = $(bashio::config 'dns.ovh_application_key')\n" \
+      "dns_ovh_application_secret = $(bashio::config 'dns.ovh_application_secret')\n" \
+      "dns_ovh_consumer_key = $(bashio::config 'dns.ovh_consumer_key')\n" \
+      "dns_rfc2136_server = $(bashio::config 'dns.rfc2136_server')\n" \
+      "dns_rfc2136_port = $(bashio::config 'dns.rfc2136_port')\n" \
+      "dns_rfc2136_name = $(bashio::config 'dns.rfc2136_name')\n" \
+      "dns_rfc2136_secret = $(bashio::config 'dns.rfc2136_secret')\n" \
+      "dns_rfc2136_algorithm = $(bashio::config 'dns.rfc2136_algorithm')\n" \
+      "aws_access_key_id = $(bashio::config 'dns.aws_access_key_id')\n" \
+      "aws_secret_access_key = $(bashio::config 'dns.aws_secret_access_key')\n" \
+      "dns_sakuracloud_api_token = $(bashio::config 'dns.sakuracloud_api_token')\n" \
+      "dns_sakuracloud_api_secret = $(bashio::config 'dns.sakuracloud_api_secret')" > /data/dnsapikey
 chmod 600 /data/dnsapikey
 
 # AWS
@@ -77,16 +79,23 @@ elif bashio::config.exists 'dns.google_creds'; then
       bashio::log.info "Google Credentials File doesnt exists in folder share."
     fi
     PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/${GOOGLE_CREDS}")
+
 #Netcup
 elif bashio::config.exists 'dns.netcup_customer_id' && bashio::config.exists 'dns.netcup_api_key' && bashio::config.exists 'dns.netcup_api_password'; then
-    if bashio::config.exists 'dns.netcup_propagation_seconds'; then
-      NETCUP_DNS_PROPAGATION_SECONDS="$(bashio::config 'dns.netcup_propagation_seconds')"
+    PROVIDER_ARGUMENTS+=("--authenticator" "certbot-dns-netcup:dns-netcup" "--certbot-dns-netcup:dns-netcup-credentials" /data/dnsapikey "--certbot-dns-netcup:dns-netcup-propagation-seconds" "${PROPAGATION_SECONDS}")
+
+# CloudFlare
+elif [[ "${DNS_PROVIDER}" == "dns-cloudflare" ]]; then
+    if bashio::config.exists 'dns.cloudflare_api_token'; then
+        bashio::log.info "Use CloudFlare token"
+        echo "dns_cloudflare_api_token = $(bashio::config 'dns.cloudflare_api_token')" >> /data/dnsapikey
     else
-      NETCUP_DNS_PROPAGATION_SECONDS=600
-      bashio::log.info "no propagation time found for netcup, using default value"
+        bashio::log.warning "Use CloudFlare global key (not recommended!)"
+        echo -e "dns_cloudflare_email = $(bashio::config 'dns.cloudflare_email')\n" \
+            "dns_cloudflare_api_key = $(bashio::config 'dns.cloudflare_api_key')\n" >> /data/dnsapikey
     fi
 
-    PROVIDER_ARGUMENTS+=("--authenticator" "certbot-dns-netcup:dns-netcup" "--certbot-dns-netcup:dns-netcup-credentials" /data/dnsapikey "--certbot-dns-netcup:dns-netcup-propagation-seconds" "${NETCUP_DNS_PROPAGATION_SECONDS}")
+    PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" /data/dnsapikey "--dns-cloudflare-propagation-seconds" "${PROPAGATION_SECONDS}")
 
 #All others
 else