Added support for Azure Private DNS (Experimental) (#530)

* Added support for Azure Private DNS (Experimental) * Update to GA PrivateDns package
shibayan · Dec 7, 2022 · c3e73c7 · c3e73c7
1 parent 670e935
commit c3e73c7
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 0 deletions.
diff --git a/KeyVault.Acmebot/KeyVault.Acmebot.csproj b/KeyVault.Acmebot/KeyVault.Acmebot.csproj
@@ -7,6 +7,7 @@
     <PackageReference Include="AWSSDK.Route53" Version="3.7.103.9" />
     <PackageReference Include="Azure.Identity" Version="1.8.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.0" />
+    <PackageReference Include="Azure.ResourceManager.PrivateDns" Version="1.0.0" />
     <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.4.0" />
     <PackageReference Include="Azure.Security.KeyVault.Keys" Version="4.4.0" />
     <PackageReference Include="DnsClient" Version="1.7.0" />

diff --git a/KeyVault.Acmebot/Options/AcmebotOptions.cs b/KeyVault.Acmebot/Options/AcmebotOptions.cs
@@ -32,6 +32,8 @@ public class AcmebotOptions
     // Properties should be in alphabetical order
     public AzureDnsOptions AzureDns { get; set; }
 
+    public AzurePrivateDnsOptions AzurePrivateDns { get; set; }
+
     public CloudflareOptions Cloudflare { get; set; }
 
     public CustomDnsOptions CustomDns { get; set; }

diff --git a/KeyVault.Acmebot/Options/AzurePrivateDnsOptions.cs b/KeyVault.Acmebot/Options/AzurePrivateDnsOptions.cs
@@ -0,0 +1,6 @@
+namespace KeyVault.Acmebot.Options;
+
+public class AzurePrivateDnsOptions
+{
+    public string SubscriptionId { get; set; }
+}
diff --git a/KeyVault.Acmebot/Providers/AzurePrivateDnsProvider.cs b/KeyVault.Acmebot/Providers/AzurePrivateDnsProvider.cs
@@ -0,0 +1,81 @@
+using System.Collections.Generic;
+using System.Net;
+using System.Threading.Tasks;
+
+using Azure;
+using Azure.Core;
+using Azure.Identity;
+using Azure.ResourceManager;
+using Azure.ResourceManager.PrivateDns;
+using Azure.ResourceManager.PrivateDns.Models;
+
+using KeyVault.Acmebot.Internal;
+using KeyVault.Acmebot.Options;
+
+namespace KeyVault.Acmebot.Providers;
+
+internal class AzurePrivateDnsProvider : IDnsProvider
+{
+    public AzurePrivateDnsProvider(AzurePrivateDnsOptions options, AzureEnvironment environment)
+    {
+        var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions
+        {
+            AuthorityHost = environment.ActiveDirectory
+        });
+
+        _armClient = new ArmClient(credential, options.SubscriptionId, new ArmClientOptions { Environment = environment.ResourceManager });
+    }
+
+    private readonly ArmClient _armClient;
+
+    public int PropagationSeconds => 10;
+
+    public async Task<IReadOnlyList<DnsZone>> ListZonesAsync()
+    {
+        var zones = new List<DnsZone>();
+
+        var subscription = await _armClient.GetDefaultSubscriptionAsync();
+
+        var result = subscription.GetPrivateDnsZonesAsync();
+
+        await foreach (var zone in result)
+        {
+            zones.Add(new DnsZone(this) { Id = zone.Id, Name = zone.Data.Name });
+        }
+
+        return zones;
+    }
+
+    public Task CreateTxtRecordAsync(DnsZone zone, string relativeRecordName, IEnumerable<string> values)
+    {
+        // TXT レコードに値をセットする
+        var txtRecordData = new PrivateDnsTxtRecordData();
+
+        foreach (var value in values)
+        {
+            txtRecordData.PrivateDnsTxtRecords.Add(new PrivateDnsTxtRecordInfo { Values = { value } });
+        }
+
+        var dnsZoneResource = _armClient.GetPrivateDnsZoneResource(new ResourceIdentifier(zone.Id));
+
+        var dnsTxtRecords = dnsZoneResource.GetPrivateDnsTxtRecords();
+
+        return dnsTxtRecords.CreateOrUpdateAsync(WaitUntil.Completed, relativeRecordName, txtRecordData);
+    }
+
+    public async Task DeleteTxtRecordAsync(DnsZone zone, string relativeRecordName)
+    {
+        var dnsZoneResource = _armClient.GetPrivateDnsZoneResource(new ResourceIdentifier(zone.Id));
+
+        try
+        {
+            PrivateDnsTxtRecordResource dnsTxtRecordResource = await dnsZoneResource.GetPrivateDnsTxtRecordAsync(relativeRecordName);
+
+            await dnsTxtRecordResource.DeleteAsync(WaitUntil.Completed);
+        }
+        catch (RequestFailedException ex) when (ex.Status == (int)HttpStatusCode.NotFound)
+        {
+            // ignored
+        }
+    }
+}
diff --git a/KeyVault.Acmebot/Startup.cs b/KeyVault.Acmebot/Startup.cs
@@ -79,6 +79,7 @@ public override void Configure(IFunctionsHostBuilder builder)
             var dnsProviders = new List<IDnsProvider>();
 
             dnsProviders.TryAdd(options.AzureDns, o => new AzureDnsProvider(o, environment));
+            dnsProviders.TryAdd(options.AzurePrivateDns, o => new AzurePrivateDnsProvider(o, environment));
             dnsProviders.TryAdd(options.Cloudflare, o => new CloudflareProvider(o));
             dnsProviders.TryAdd(options.CustomDns, o => new CustomDnsProvider(o));
             dnsProviders.TryAdd(options.DnsMadeEasy, o => new DnsMadeEasyProvider(o));