chore: clean up (#2610)

2026-01-25 05:06:16 +00:00 · 2025-08-02 13:41:35 +02:00
parent 4d2dc64364
commit c9157f756e
11 changed files with 45 additions and 60 deletions
--- a/challenge/dns01/fqdn.go
+++ b/challenge/dns01/fqdn.go
@@ -7,12 +7,10 @@ import (
 )

 // ToFqdn converts the name into a fqdn appending a trailing dot.
+//
+// Deprecated: Use [github.com/miekg/dns.Fqdn] directly.
 func ToFqdn(name string) string {
-	n := len(name)
-	if n == 0 || name[n-1] == '.' {
-		return name
-	}
-	return name + "."
+	return dns.Fqdn(name)
 }

 // UnFqdn converts the fqdn into a name removing the trailing dot.
--- a/challenge/dns01/fqdn_test.go
+++ b/challenge/dns01/fqdn_test.go
@@ -7,34 +7,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-func TestToFqdn(t *testing.T) {
-	testCases := []struct {
-		desc     string
-		domain   string
-		expected string
-	}{
-		{
-			desc:     "simple",
-			domain:   "foo.example.com",
-			expected: "foo.example.com.",
-		},
-		{
-			desc:     "already FQDN",
-			domain:   "foo.example.com.",
-			expected: "foo.example.com.",
-		},
-	}
-
-	for _, test := range testCases {
-		t.Run(test.desc, func(t *testing.T) {
-			t.Parallel()
-
-			fqdn := ToFqdn(test.domain)
-			assert.Equal(t, test.expected, fqdn)
-		})
-	}
-}
-
 func TestUnFqdn(t *testing.T) {
 	testCases := []struct {
 		desc     string
--- a/providers/dns/auroradns/auroradns.go
+++ b/providers/dns/auroradns/auroradns.go
@@ -10,6 +10,7 @@ import (
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
+	"github.com/miekg/dns"
 	"github.com/nrdcg/auroradns"
 )

@@ -161,7 +162,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("aurora: unknown recordID for %q", info.EffectiveFQDN)
 	}

-	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(info.EffectiveFQDN))
+	authZone, err := dns01.FindZoneByFqdn(dns.Fqdn(info.EffectiveFQDN))
 	if err != nil {
 		return fmt.Errorf("aurora: could not find zone for domain %q: %w", domain, err)
 	}
--- a/providers/dns/gandi/gandi_test.go
+++ b/providers/dns/gandi/gandi_test.go
@@ -145,7 +145,6 @@ func TestDNSProvider(t *testing.T) {
 			_, errS = io.Copy(rw, strings.NewReader(resp))
 			require.NoError(t, errS)
 		})).
-		Route("/", servermock.DumpRequest()).
 		Build(t)

 	fakeKeyAuth := "XXXX"
--- a/providers/dns/gcloud/googlecloud.go
+++ b/providers/dns/gcloud/googlecloud.go
@@ -16,10 +16,11 @@ import (
 	"github.com/go-acme/lego/v4/log"
 	"github.com/go-acme/lego/v4/platform/config/env"
 	"github.com/go-acme/lego/v4/platform/wait"
+	"github.com/miekg/dns"
 	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
-	"google.golang.org/api/dns/v1"
+	gdns "google.golang.org/api/dns/v1"
 	"google.golang.org/api/googleapi"
 	"google.golang.org/api/impersonate"
 	"google.golang.org/api/option"
@@ -74,7 +75,7 @@ func NewDefaultConfig() *Config {
 // DNSProvider implements the challenge.Provider interface.
 type DNSProvider struct {
 	config *Config
-	client *dns.Service
+	client *gdns.Service
 }

 // NewDNSProvider returns a DNSProvider instance configured for Google Cloud DNS.
@@ -170,7 +171,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, errors.New("googlecloud: unable to create Google Cloud DNS service: client is nil")
 	}

-	svc, err := dns.NewService(context.Background(), option.WithHTTPClient(config.HTTPClient))
+	svc, err := gdns.NewService(context.Background(), option.WithHTTPClient(config.HTTPClient))
 	if err != nil {
 		return nil, fmt.Errorf("googlecloud: unable to create Google Cloud DNS service: %w", err)
 	}
@@ -209,12 +210,12 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 	// Attempt to delete the existing records before adding the new one.
 	if len(existingRrSet) > 0 {
-		if err = d.applyChanges(zone, &dns.Change{Deletions: existingRrSet}); err != nil {
+		if err = d.applyChanges(zone, &gdns.Change{Deletions: existingRrSet}); err != nil {
 			return fmt.Errorf("googlecloud: %w", err)
 		}
 	}

-	rec := &dns.ResourceRecordSet{
+	rec := &gdns.ResourceRecordSet{
 		Name:    info.EffectiveFQDN,
 		Rrdatas: []string{info.Value},
 		Ttl:     int64(d.config.TTL),
@@ -230,8 +231,8 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		}
 	}

-	change := &dns.Change{
-		Additions: []*dns.ResourceRecordSet{rec},
+	change := &gdns.Change{
+		Additions: []*gdns.ResourceRecordSet{rec},
 	}

 	if err = d.applyChanges(zone, change); err != nil {
@@ -241,7 +242,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	return nil
 }

-func (d *DNSProvider) applyChanges(zone string, change *dns.Change) error {
+func (d *DNSProvider) applyChanges(zone string, change *gdns.Change) error {
 	if d.config.Debug {
 		data, _ := json.Marshal(change)
 		log.Printf("change (Create): %s", string(data))
@@ -303,7 +304,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return nil
 	}

-	_, err = d.client.Changes.Create(d.config.Project, zone, &dns.Change{Deletions: records}).Do()
+	_, err = d.client.Changes.Create(d.config.Project, zone, &gdns.Change{Deletions: records}).Do()
 	if err != nil {
 		return fmt.Errorf("googlecloud: %w", err)
 	}
@@ -352,7 +353,7 @@ func (d *DNSProvider) getHostedZone(domain string) (string, error) {
 //	(gcloud projects get-iam-policy $project_id) (a role with permission dns.managedZones.list)
 //
 // If we force a zone list to succeed, we demand more permissions than needed.
-func (d *DNSProvider) lookupHostedZoneID(domain string) (string, []*dns.ManagedZone, error) {
+func (d *DNSProvider) lookupHostedZoneID(domain string) (string, []*gdns.ManagedZone, error) {
 	// GCE_ZONE_ID override for service accounts to avoid needing zones-list permission
 	if d.config.ZoneID != "" {
 		zone, err := d.client.ManagedZones.Get(d.config.Project, d.config.ZoneID).Do()
@@ -360,10 +361,10 @@ func (d *DNSProvider) lookupHostedZoneID(domain string) (string, []*dns.ManagedZ
 			return "", nil, fmt.Errorf("API call ManagedZones.Get for explicit zone ID %q in project %q failed: %w", d.config.ZoneID, d.config.Project, err)
 		}

-		return zone.DnsName, []*dns.ManagedZone{zone}, nil
+		return zone.DnsName, []*gdns.ManagedZone{zone}, nil
 	}

-	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
+	authZone, err := dns01.FindZoneByFqdn(dns.Fqdn(domain))
 	if err != nil {
 		return "", nil, fmt.Errorf("could not find zone: %w", err)
 	}
@@ -379,7 +380,7 @@ func (d *DNSProvider) lookupHostedZoneID(domain string) (string, []*dns.ManagedZ
 	return authZone, zones.ManagedZones, nil
 }

-func (d *DNSProvider) findTxtRecords(zone, fqdn string) ([]*dns.ResourceRecordSet, error) {
+func (d *DNSProvider) findTxtRecords(zone, fqdn string) ([]*gdns.ResourceRecordSet, error) {
 	recs, err := d.client.ResourceRecordSets.List(d.config.Project, zone).Name(fqdn).Type("TXT").Do()
 	if err != nil {
 		return nil, err
@@ -398,7 +399,7 @@ func newClientFromCredentials(ctx context.Context, config *Config) (*http.Client
 		return newImpersonateClient(ctx, config.ImpersonateServiceAccount, ts)
 	}

-	client, err := google.DefaultClient(ctx, dns.NdevClouddnsReadwriteScope)
+	client, err := google.DefaultClient(ctx, gdns.NdevClouddnsReadwriteScope)
 	if err != nil {
 		return nil, fmt.Errorf("unable to get Google Cloud client: %w", err)
 	}
@@ -416,7 +417,7 @@ func newClientFromServiceAccountKey(ctx context.Context, config *Config, saKey [
 		return newImpersonateClient(ctx, config.ImpersonateServiceAccount, conf.TokenSource(ctx))
 	}

-	conf, err := google.JWTConfigFromJSON(saKey, dns.NdevClouddnsReadwriteScope)
+	conf, err := google.JWTConfigFromJSON(saKey, gdns.NdevClouddnsReadwriteScope)
 	if err != nil {
 		return nil, fmt.Errorf("unable to acquire config: %w", err)
 	}
@@ -427,7 +428,7 @@ func newClientFromServiceAccountKey(ctx context.Context, config *Config, saKey [
 func newImpersonateClient(ctx context.Context, impersonateServiceAccount string, ts oauth2.TokenSource) (*http.Client, error) {
 	impersonatedTS, err := impersonate.CredentialsTokenSource(ctx, impersonate.CredentialsConfig{
 		TargetPrincipal: impersonateServiceAccount,
-		Scopes:          []string{dns.NdevClouddnsReadwriteScope},
+		Scopes:          []string{gdns.NdevClouddnsReadwriteScope},
 	}, option.WithTokenSource(ts))
 	if err != nil {
 		return nil, fmt.Errorf("unable to create impersonated credentials: %w", err)
--- a/providers/dns/otc/internal/client_test.go
+++ b/providers/dns/otc/internal/client_test.go
@@ -84,7 +84,8 @@ func TestClient_GetRecordSetID_error(t *testing.T) {
 func TestClient_CreateRecordSet(t *testing.T) {
 	client := mockBuilder().
 		Route("POST /zones/123123/recordsets",
-			servermock.ResponseFromFixture("zones-recordsets_POST.json")).
+			servermock.ResponseFromFixture("zones-recordsets_POST.json"),
+			servermock.CheckRequestJSONBodyFromFixture("zones-recordsets_POST-request.json")).
 		Build(t)

 	rs := RecordSets{
@@ -92,7 +93,7 @@ func TestClient_CreateRecordSet(t *testing.T) {
 		Description: "Added TXT record for ACME dns-01 challenge using lego client",
 		Type:        "TXT",
 		TTL:         300,
-		Records:     []string{strconv.Quote("w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI")},
+		Records:     []string{strconv.Quote("ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY")},
 	}
 	err := client.CreateRecordSet(context.Background(), "123123", rs)
 	require.NoError(t, err)
--- a/providers/dns/otc/internal/fixtures/zones-recordsets_POST-request.json
+++ b/providers/dns/otc/internal/fixtures/zones-recordsets_POST-request.json
@@ -0,0 +1,9 @@
+{
+  "name": "_acme-challenge.example.com.",
+  "description": "Added TXT record for ACME dns-01 challenge using lego client",
+  "type": "TXT",
+  "ttl": 300,
+  "records": [
+    "\"ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY\""
+  ]
+}
--- a/providers/dns/otc/otc_test.go
+++ b/providers/dns/otc/otc_test.go
@@ -218,7 +218,9 @@ func TestDNSProvider_Present(t *testing.T) {
 			servermock.ResponseFromInternal("zones_GET.json"),
 			servermock.CheckQueryParameter().Strict().
 				With("name", "example.com.")).
-		Route("/", servermock.DumpRequest()).
+		Route("POST /v2/zones/123123/recordsets",
+			servermock.Noop(),
+			servermock.CheckRequestJSONBodyFromInternal("zones-recordsets_POST-request.json")).
 		Build(t)

 	err := provider.Present("example.com", "", "123d==")
@@ -231,7 +233,6 @@ func TestDNSProvider_Present_emptyZone(t *testing.T) {
 			servermock.ResponseFromInternal("zones_GET_empty.json"),
 			servermock.CheckQueryParameter().Strict().
 				With("name", "example.com.")).
-		Route("/", servermock.DumpRequest()).
 		Build(t)

 	err := provider.Present("example.com", "", "123d==")
--- a/providers/dns/safedns/safedns.go
+++ b/providers/dns/safedns/safedns.go
@@ -13,6 +13,7 @@ import (
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
 	"github.com/go-acme/lego/v4/providers/dns/safedns/internal"
+	"github.com/miekg/dns"
 )

 // Environment variables.
@@ -106,7 +107,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)

-	zone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(info.EffectiveFQDN))
+	zone, err := dns01.FindZoneByFqdn(dns.Fqdn(info.EffectiveFQDN))
 	if err != nil {
 		return fmt.Errorf("safedns: could not find zone for domain %q: %w", domain, err)
 	}
--- a/providers/dns/selectelv2/selectelv2.go
+++ b/providers/dns/selectelv2/selectelv2.go
@@ -12,6 +12,7 @@ import (
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
 	"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+	"github.com/miekg/dns"
 	selectelapi "github.com/selectel/domains-go/pkg/v2"
 	"github.com/selectel/go-selvpcclient/v4/selvpcclient"
 	"golang.org/x/net/idna"
@@ -266,7 +267,7 @@ func (w *clientWrapper) getZone(ctx context.Context, name string) (*selectelapi.
 	}

 	for _, zone := range zones.GetItems() {
-		if zone.Name == dns01.ToFqdn(unicodeName) {
+		if zone.Name == dns.Fqdn(unicodeName) {
 			return zone, nil
 		}
 	}
@@ -295,7 +296,7 @@ func (w *clientWrapper) getRRset(ctx context.Context, name, zoneID string) (*sel
 	}

 	for _, rrset := range resp.GetItems() {
-		if rrset.Name == dns01.ToFqdn(unicodeName) {
+		if rrset.Name == dns.Fqdn(unicodeName) {
 			return rrset, nil
 		}
 	}
--- a/providers/dns/yandex360/yandex360.go
+++ b/providers/dns/yandex360/yandex360.go
@@ -14,6 +14,7 @@ import (
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
 	"github.com/go-acme/lego/v4/providers/dns/yandex360/internal"
+	"github.com/miekg/dns"
 )

 // Environment variables names.
@@ -108,7 +109,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)

-	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(info.EffectiveFQDN))
+	authZone, err := dns01.FindZoneByFqdn(dns.Fqdn(info.EffectiveFQDN))
 	if err != nil {
 		return fmt.Errorf("yandex360: could not find zone for domain %q: %w", domain, err)
 	}
@@ -143,7 +144,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)

-	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(info.EffectiveFQDN))
+	authZone, err := dns01.FindZoneByFqdn(dns.Fqdn(info.EffectiveFQDN))
 	if err != nil {
 		return fmt.Errorf("yandex360: could not find zone for domain %q: %w", domain, err)
 	}