try building

Reviewed-on: #8

.gitea/workflows/build.yml

@@ -0,0 +1,17 @@
+name: Build image
+run-name: ${{ gitea.actor }} is building an image
+on: [push]
+
+jobs:
+  runs-on: alpine
+  steps:
+    - uses: https://github.com/actions/checkout@v4
+    - name: Set up Docker Buildx
+        uses: https://github.com/docker/setup-buildx-action@v3            
+    - name: Build and push Docker image
+      uses: https://github.com/docker/build-push-action@v5
+      with:
+        context: .
+        file: ./Dockerfile
+        push: true
+        tags: "hal.mafoo.org.uk/mafoo.org.uk/mythic-dns:${{gitea.sha}},hal.mafoo.org.uk/mafoo.org.uk/mythic-dns:latest"

LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2023 Matthew Slowe (foo@mafoo.org.uk)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,93 @@
+# Mythic Beasts DNS manager
+
+A simple management agent for controlling your DNS entries on the Mythic Beasts platform using a (version-controllable) YAML file.
+
+This client uses the DNSv2 API (https://www.mythic-beasts.com/support/api/dnsv2) for which you'll need to create a key (https://www.mythic-beasts.com/customer/api-users).
+
+## Configuration
+
+1. Create an API key via https://www.mythic-beasts.com/customer/api-users
+2. Create a YAML file
+
+```yaml
+defaults:
+  ttl:
+    example.com: 3600
+  api: https://api.mythic-beasts.com/dns/v2/zones
+  api_host: api.mythic-beasts.com:443
+  realm: Mythic Beasts DNS API
+
+auth:
+  key: mykey
+  secret: mysecret
+
+zones:
+  example.com:
+```
+
+3. Under `zones -> example.com`, prepare your DNS entries using the schema:
+
+```yaml
+zones:
+  example.com:
+    name1:
+      TYPE: value
+    name2:
+      TYPE:
+        - value1
+        - value2
+    name3.subdomain:
+      TYPE: value
+```
+
+Currently only a single zone is supported.
+
+## Supported types
+
+The client currently supports all of the Record Types implemented by the Mythic Beasts API except `SSHFP` and `TLSA`.
+
+## Value syntax
+
+The value for simple record types is the plain value as expected (eg. `A: 10.54.22.9` or `AAAA: 2a01:332::2`).
+
+The value for complex types, such as `MX` is as per the standard zone file (eg. `MX: 10 mta.example.com`) At some point this will become parametrised.
+
+## The Root object (`@`)
+To refer to the base/root domain, use the `"@"` key:
+```yaml
+zones:
+  example.com:
+    "@":
+      A: 10.54.22.9
+      AAAA: 2a01:332::2
+      MX:
+        - 10 mta1.example.com
+        - 10 mta2.example.com
+```
+
+## Aliases virtual type
+There is a virtual record type `aliases` which is a list of names to CNAME to this record.
+
+For example:
+
+```yaml
+zones:
+  example.com:
+    "@":
+      A: 10.54.22.9
+      aliases:
+        - www
+        - ftp
+```
+# Running
+Invoke the docker container with the input yaml file:
+```bash
+docker run --rm -ti -v "${PWD}:/a" -w /a fooflington/mythic-dns mafoo.org.uk.yml
+```
+
+## Dry run
+Pass the environment variable `DRY_RUN` to prevent any changes:
+
+```bash
+docker run --rm -ti -v "${PWD}:/a" -w /a -e DRY_RUN=1 fooflington/mythic-dns mafoo.org.uk.yml
+```

manage-dns.pl

@@ -13,6 +13,11 @@ use WWW::Form::UrlEncoded::PP qw/build_urlencoded/;
 my $in = YAML::Tiny->read(shift);
 my $ua = LWP::UserAgent->new;
 my %seen;
+my $DRY_RUN = $ENV{DRY_RUN};
+
+my @to_create;
+my @to_delete;
+my @to_update;
 
 sub _debug {
     print STDERR ("=== DEBUG ===\n", Dumper(@_), "=== END ===\n") if $ENV{DEBUG} or $in->[0]->{debug};
@@ -39,9 +44,9 @@ my %supported_types = (
     MX => "yes",
     NS => "yes",
     PTR => "yes",
-    SSHFP => "not yet implemented",
+    SSHFP => "yes",
     SRV => "yes",
-    TLSA => "not yet implemented",
+    TLSA => "yes",
     TXT => "yes",
 );
 sub is_unsupported($) {
@@ -51,6 +56,8 @@ sub is_unsupported($) {
     return $supported_types{$type};
 }
 
+_notice("Dry run - no changes will be applied") if ${DRY_RUN};
+
 if($ENV{DEBUG} or $in->[0]->{debug}) {
     use LWP::Debug qw(+);
     $ua->add_handler(
@@ -133,6 +140,17 @@ sub format_record($$$$) {
         $record->{caa_property} = $property;
         $record->{caa_tag} = $property;
         $record->{data} = $data;
+    } elsif ($type eq 'SSHFP') {
+        my ($algo, $keytype, $data) = split(/\s+/, $value);
+        $record->{sshfp_type} = $keytype;
+        $record->{sshfp_algorithm} = $algo;
+        $record->{data} = $data;
+    } elsif ($type eq 'TLSA') {
+        my ($usage, $selector, $matching, $data) = split(/\s+/, $value);
+        $record->{tlsa_usage} = $usage;
+        $record->{tlsa_selector} = $selector;
+        $record->{tlsa_matching} = $matching;
+        $record->{data} = $data;
     }
 
     return $record;
@@ -155,6 +173,19 @@ sub reformat_data($$) {
             $data->{caa_property} || $data->{caa_tag},
             $data->{data}
         );
+    } elsif($type eq 'SSHFP') {
+        return sprintf('%d %d %s',
+            $data->{sshfp_algorithm},
+            $data->{sshfp_type},
+            $data->{data},
+        );
+    } elsif($type eq 'TLSA') {
+        return sprintf('%d %d %d %s',
+            $data->{tlsa_usage},
+            $data->{tlsa_selector},
+            $data->{tlsa_matching},
+            $data->{data},
+        );
     }
 
     return $data->{data};
@@ -177,36 +208,22 @@ sub check_and_update_record($$$$$) {
         if($record->{ttl} ne $in->[0]->{defaults}->{ttl}->{$zone}) {
             # Update the record
             $record->{ttl} = $in->[0]->{defaults}->{ttl}->{$zone};
-            _debug("Update ", $url, $record, to_json($record));
+            _debug("Will update ", $url, $record, to_json($record));
-            my $res = $ua->put(
+            push(@to_update, [$url,$record]);
-                $url,
-                "Content-Type" => "application/json",
-                "Content" => to_json({ records => [ $record ] }),
-            );
-            warn "Failed to update $url: " . $res->status_line unless $res->is_success;
         }
     } else {
         # Create new record
         my $new = format_record($zone, $type, $host, $value);
-        _notice("Created new record: %s %s %s", $host, $type, $value);
+        _notice("Will create new record: %s %s %s", $host, $type, $value);
-        _debug($new);
+        push(@to_create, [$url,$new]);
-        my $res = $ua->post(
-            $url,
-            "Content-Type" => "application/json",
-            Content => to_json({
-                records => [ $new ]
-            })
-        );
-        warn "Failed to create $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
     }
 }
 
 sub delete_record($$) {
     my ($zone, $record) = @_;
-
     my $url = $in->[0]->{defaults}->{api} . "/$zone/records/$record->{host}/$record->{type}?host=$record->{host}&data=$record->{data}";
-    my $res = $ua->delete($url);
+    _notice("Will delete: %s %s %s", $record->{host}, $record->{type}, $record->{data});
-    warn "Failed to delete $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
+    push(@to_delete, $url);
 }
 
 foreach my $z (keys %{$in->[0]->{zones}}) {
@@ -260,10 +277,46 @@ foreach my $z (keys %{$in->[0]->{zones}}) {
                 }
             }
             unless ($skip) {
-                _notice("Delete %s %s %s", $record->{host}, $record->{type}, $record->{data});
+                # _notice("Will delete %s %s %s", $record->{host}, $record->{type}, $record->{data});
                 delete_record($z, $record);
             }
         }
     }
-    _info("Finished processing %s", $z);
+    _info("Finished pre-processing %s", $z);
+}
+
+unless($DRY_RUN) {
+    _info("Applying changes (%d creates, %d updates, %d deletes)", scalar @to_create, scalar @to_update, scalar @to_delete);
+
+    # Delete
+    foreach my $url (@to_delete) {
+        my $res = $ua->delete($url);
+        warn "Failed to delete $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
+    }
+
+    # Create
+    foreach my $record (@to_create) {
+        my $res = $ua->post(
+            $record->[0],
+            "Content-Type" => "application/json",
+            Content => to_json({
+                records => [ $record->[1] ]
+            })
+        );
+        warn "Failed to create $record->[0]: " . $res->status_line . "\n" . $res->content unless $res->is_success;
+    }
+
+    # Update
+    foreach my $record (@to_update) {
+        my $res = $ua->put(
+            $record->[0],
+            "Content-Type" => "application/json",
+            "Content" => to_json({ records => [ $record->[1] ] }),
+        );
+        warn "Failed to update $record->[0]: " . $res->status_line unless $res->is_success;
+    }
+
+    _info("Finished applying changes")
+} else {
+    _info("DRY RUN: Skipped applying changes (%d creates, %d updates, %d deletes)", scalar @to_create, scalar @to_update, scalar @to_delete);
 }