azure: new implementation based on the new API client (go-acme#1830)

Co-authored-by: Fernandez Ludovic <[email protected]>

Author: pchanvallon

README.md

@@ -21,6 +21,7 @@ func allDNSCodes() string {
 		"auroradns",
 		"autodns",
 		"azure",
+		"azuredns",
 		"bindman",
 		"bluecat",
 		"brandit",
@@ -267,7 +268,7 @@ func displayDNSHelp(w io.Writer, name string) error {
 
 	case "azure":
 		// generated from: providers/dns/azure/azure.toml
-		ew.writeln(`Configuration for Azure.`)
+		ew.writeln(`Configuration for Azure (deprecated).`)
 		ew.writeln(`Code:	'azure'`)
 		ew.writeln(`Since:	'v0.4.0'`)
 		ew.writeln()
@@ -293,6 +294,32 @@ func displayDNSHelp(w io.Writer, name string) error {
 		ew.writeln()
 		ew.writeln(`More information: https://go-acme.github.io/lego/dns/azure`)
 
+	case "azuredns":
+		// generated from: providers/dns/azuredns/azuredns.toml
+		ew.writeln(`Configuration for AzureDNS.`)
+		ew.writeln(`Code:	'azuredns'`)
+		ew.writeln(`Since:	'v0.1.0'`)
+		ew.writeln()
+
+		ew.writeln(`Credentials:`)
+		ew.writeln(`	- "AZURE_CLIENT_ID":	Client ID`)
+		ew.writeln(`	- "AZURE_CLIENT_SECRET":	Client secret`)
+		ew.writeln(`	- "AZURE_RESOURCE_GROUP":	DNS zone resource group`)
+		ew.writeln(`	- "AZURE_SUBSCRIPTION_ID":	DNS zone subscription ID`)
+		ew.writeln(`	- "AZURE_TENANT_ID":	Tenant ID`)
+		ew.writeln()
+
+		ew.writeln(`Additional Configuration:`)
+		ew.writeln(`	- "AZURE_ENVIRONMENT":	Azure environment, one of: public, usgovernment, and china`)
+		ew.writeln(`	- "AZURE_POLLING_INTERVAL":	Time between DNS propagation check`)
+		ew.writeln(`	- "AZURE_PRIVATE_ZONE":	Set to true to use Azure Private DNS Zones and not public`)
+		ew.writeln(`	- "AZURE_PROPAGATION_TIMEOUT":	Maximum waiting time for DNS propagation`)
+		ew.writeln(`	- "AZURE_TTL":	The TTL of the TXT record used for the DNS challenge`)
+		ew.writeln(`	- "AZURE_ZONE_NAME":	Zone name to use inside Azure DNS service to add the TXT record in`)
+
+		ew.writeln()
+		ew.writeln(`More information: https://go-acme.github.io/lego/dns/azuredns`)
+
 	case "bindman":
 		// generated from: providers/dns/bindman/bindman.toml
 		ew.writeln(`Configuration for Bindman.`)

cmd/zz_gen_cmd_dnshelp.go

@@ -1,5 +1,5 @@
 ---
-title: "Azure"
+title: "Azure (deprecated)"
 date: 2019-03-03T16:39:46+01:00
 draft: false
 slug: azure
@@ -14,7 +14,7 @@ dnsprovider:
 <!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
 
 
-Configuration for [Azure](https://azure.microsoft.com/services/dns/).
+Configuration for [Azure (deprecated)](https://azure.microsoft.com/services/dns/).
 
 
 <!--more-->

docs/content/dns/zz_gen_azure.md

@@ -0,0 +1,119 @@
+---
+title: "AzureDNS"
+date: 2019-03-03T16:39:46+01:00
+draft: false
+slug: azuredns
+dnsprovider:
+  since:    "v0.1.0"
+  code:     "azuredns"
+  url:      "https://azure.microsoft.com/services/dns/"
+---
+
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
+<!-- providers/dns/azuredns/azuredns.toml -->
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
+
+
+Configuration for [AzureDNS](https://azure.microsoft.com/services/dns/).
+
+
+<!--more-->
+
+- Code: `azuredns`
+- Since: v0.1.0
+
+
+Here is an example bash command using the AzureDNS provider:
+
+```bash
+### Using client secret
+AZURE_CLIENT_ID=<your service principal client ID> \
+AZURE_TENANT_ID=<your service principal tenant ID> \
+AZURE_CLIENT_SECRET=<your service principal client secret> \
+lego --domains example.com --email [email protected] --dns azuredns run
+
+### Using client certificate
+AZURE_CLIENT_ID=<your service principal client ID> \
+AZURE_TENANT_ID=<your service principal tenant ID> \
+AZURE_CLIENT_CERTIFICATE_PATH=<your service principal certificate path> \
+lego --domains example.com --email [email protected] --dns azuredns run
+
+### Using Azure CLI
+az login \
+lego --domains example.com --email [email protected] --dns azuredns run
+```
+
+
+
+
+## Credentials
+
+| Environment Variable Name | Description |
+|-----------------------|-------------|
+| `AZURE_CLIENT_ID` | Client ID |
+| `AZURE_CLIENT_SECRET` | Client secret |
+| `AZURE_RESOURCE_GROUP` | DNS zone resource group |
+| `AZURE_SUBSCRIPTION_ID` | DNS zone subscription ID |
+| `AZURE_TENANT_ID` | Tenant ID |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{< ref "dns#configuration-and-credentials" >}}).
+
+
+## Additional Configuration
+
+| Environment Variable Name | Description |
+|--------------------------------|-------------|
+| `AZURE_ENVIRONMENT` | Azure environment, one of: public, usgovernment, and china |
+| `AZURE_POLLING_INTERVAL` | Time between DNS propagation check |
+| `AZURE_PRIVATE_ZONE` | Set to true to use Azure Private DNS Zones and not public |
+| `AZURE_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
+| `AZURE_TTL` | The TTL of the TXT record used for the DNS challenge |
+| `AZURE_ZONE_NAME` | Zone name to use inside Azure DNS service to add the TXT record in |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{< ref "dns#configuration-and-credentials" >}}).
+
+## Description
+
+Azure Credentials are automatically detected in the following locations and prioritized in the following order:
+
+1. Environment variables for client secret: `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_SECRET`
+2. Environment variables for client certificate: `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_CERTIFICATE_PATH`
+3. Workload identity for resources hosted in Azure environment (see below)
+4. Shared credentials file (defaults to `~/.azure`), used by Azure CLI
+
+Link:
+- [Azure Authentication](https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication)
+
+### Workload identity
+
+#### Azure Managed Identity
+
+Azure managed identity service allows linking Azure AD identities to Azure resources. \
+Workloads running inside compute typed resource can inherit from this configuration to get rights on Azure resources.
+
+#### Workload identity for AKS
+
+Workload identity allows workloads running Azure Kubernetes Services (AKS) clusters to authenticate as an Azure AD application identity using federated credentials. \
+This must be configured in kubernetes workload deployment in one hand and on the Azure AD application registration in the other hand. \
+
+Here is a summary of the steps to follow to use it :
+* create a `ServiceAccount` resource, add following annotations to reference the targeted Azure AD application registration : `azure.workload.identity/client-id` and `azure.workload.identity/tenant-id`. \
+* on the `Deployment` resource you must reference the previous `ServiceAccount` and add the following label : `azure.workload.identity/use: "true"`.
+* create a fedreated credentials of type `Kubernetes accessing Azure resources`, add the cluster issuer URL  and add the namespace and name of your kubernetes service account.
+
+Link :
+- [Azure AD Workload identity](https://azure.github.io/azure-workload-identity/docs/topics/service-account-labels-and-annotations.html)
+
+
+
+
+## More information
+
+- [API documentation](https://docs.microsoft.com/en-us/go/azure/)
+- [Go client](https://github.com/Azure/azure-sdk-for-go)
+
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
+<!-- providers/dns/azuredns/azuredns.toml -->
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->

docs/content/dns/zz_gen_azuredns.md

@@ -136,7 +136,7 @@ To display the documentation for a specific DNS provider, run:
   $ lego dnshelp -c code
 
 Supported DNS providers:
-  acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, bindman, bluecat, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudxns, conoha, constellix, derak, desec, designate, digitalocean, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, efficientip, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, googledomains, hetzner, hostingde, hosttech, httpreq, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, iwantmyname, joker, liara, lightsail, linode, liquidweb, loopia, luadns, manual, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rcodezero, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, servercow, simply, sonic, stackpath, tencentcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, vscale, vultr, websupport, wedos, yandex, yandexcloud, zoneee, zonomi
+  acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, azuredns, bindman, bluecat, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudxns, conoha, constellix, derak, desec, designate, digitalocean, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, efficientip, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, googledomains, hetzner, hostingde, hosttech, httpreq, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, iwantmyname, joker, liara, lightsail, linode, liquidweb, loopia, luadns, manual, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rcodezero, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, servercow, simply, sonic, stackpath, tencentcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, vscale, vultr, websupport, wedos, yandex, yandexcloud, zoneee, zonomi
 
 More information: https://go-acme.github.io/lego/dns
 """

docs/data/zz_cli_help.toml

@@ -5,9 +5,13 @@ go 1.19
 // github.com/exoscale/egoscale v1.19.0 => It is an error, please don't use it.
 require (
 	cloud.google.com/go/compute/metadata v0.2.3
-	github.com/Azure/azure-sdk-for-go v32.4.0+incompatible
+	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0
 	github.com/Azure/go-autorest/autorest v0.11.24
-	github.com/Azure/go-autorest/autorest/azure/auth v0.5.11
+	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/BurntSushi/toml v1.3.2
 	github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87
@@ -74,13 +78,14 @@ require (
 
 require (
 	cloud.google.com/go/compute v1.18.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
-	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
 	github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect
 	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
@@ -92,7 +97,7 @@ require (
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-errors/errors v1.0.1 // indirect
 	github.com/go-resty/resty/v2 v2.7.0 // indirect
-	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/uuid v1.3.0 // indirect
@@ -105,13 +110,15 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/labbsr0x/goh v1.0.1 // indirect
 	github.com/liquidweb/go-lwApi v0.0.5 // indirect
 	github.com/liquidweb/liquidweb-cli v0.6.9 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
+	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect