Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DCV Delegated records are missing for Certification Pack #1318

Open
2 tasks done
brandonjfordham opened this issue Jun 23, 2023 · 1 comment
Open
2 tasks done

DCV Delegated records are missing for Certification Pack #1318

brandonjfordham opened this issue Jun 23, 2023 · 1 comment

Comments

@brandonjfordham
Copy link

brandonjfordham commented Jun 23, 2023

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the library and it is still present.

cloudflare-go version

v0.70.0

Go environment

GO111MODULE=""
GOARCH="arm64"
GOBIN=""
GOCACHE="/Users/Brandon.Fordham/Library/Caches/go-build"
GOENV="/Users/Brandon.Fordham/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="arm64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/Brandon.Fordham/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/Brandon.Fordham/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/opt/homebrew/Cellar/go/1.20.1/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/opt/homebrew/Cellar/go/1.20.1/libexec/pkg/tool/darwin_arm64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/Brandon.Fordham/code/june2023/COR-74376/githb-issue/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/1m/7qlsz0bd0gg7_lsg9633sm2c0000gr/T/go-build2885921398=/tmp/go-build -gno-record-gcc-switches -fno-common"

Expected output

DCV delegated records should be available when calling CertificatePack or ListCertificatePacks.

Output:

ID: 373b500e-51aa-4601-b8d1-f79305e1efb9
Type: advanced
Hosts: [example.com]
Certificates: []
PrimaryCertificate: 0
Status: pending_validation
ValidationRecords: [{  _acme-challenge.example.com redacted   []}]
ValidationErrors: []
ValidationMethod: txt
ValidityDays: 90
CertificateAuthority: lets_encrypt
CloudflareBranding: false
DCVDelegationRecords: [{"cname": "example-cname, "cname_target": "example-target-cname"}]

Actual output

Delegated DCV records do not exist.

ID: 373b500e-51aa-4601-b8d1-f79305e1efb9
Type: advanced
Hosts: [example.com]
Certificates: []
PrimaryCertificate: 0
Status: pending_validation
ValidationRecords: [{  _acme-challenge.example.com redacted   []}]
ValidationErrors: []
ValidationMethod: txt
ValidityDays: 90
CertificateAuthority: lets_encrypt
CloudflareBranding: false

Code demonstrating the issue

The native cloudflare API calls to certification packs correctly provides "dcv_delegation_records" with the cname and cname_target.

### List all certificate packs
GET [https://api.cloudflare.com/client/v4/zones/{{zone}}/ssl/certificate_packs?status=all](https://api.cloudflare.com/client/v4/zones/%7B%7Bzone%7D%7D/ssl/certificate_packs?status=all)
Authorization: Bearer {{token}}
HTTP/1.1 200 OK
Date: Fri, 23 Jun 2023 15:53:14 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: close
CF-Ray: 7dbde716e8e702e4-MIA
CF-Cache-Status: DYNAMIC
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Expires: Sun, 25 Jan 1981 05:00:00 GMT
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Server: cloudflare

{
  "result": [
    {
      "id": "redacted",
      "type": "advanced",
      "hosts": [
        "redacted"
      ],
      "primary_certificate": "0",
      "status": "pending_validation",
      "certificates": [],
      "created_on": "2023-06-23T15:03:02.120989Z",
      "validity_days": 90,
      "validation_method": "txt",
      "validation_records": [
        {
          "status": "pending",
          "txt_name": "redacted",
          "txt_value": "redacted"
        }
      ],
      "dcv_delegation_records": [
        {
          "cname": "redacted,
          "cname_target": "redacted"
        }
      ],
      "certificate_authority": "lets_encrypt"
    }
  ],
  "result_info": {
    "page": 1,
    "per_page": 20,
    "total_pages": 1,
    "count": 1,
    "total_count": 1
  },
  "success": true,
  "errors": [],
  "messages": []
}

However, when calling CertificatePack or ListCertificatePacks, dcv delegation records are missing.

package main

import (
	"context"
	"fmt"
	"log"
	"os"
	"reflect"

	"github.com/cloudflare/cloudflare-go"
)

func main() {

	api, err := cloudflare.NewWithAPIToken(os.Getenv("CLOUDFLARE_API_TOKEN"))
	if err != nil {
		log.Fatal(err)
	}

	// Most API calls require a Context
	ctx := context.Background()

	pack, err := api.CertificatePack(ctx, "redacted, "redacted")
	if err != nil {
		log.Fatal(err)
	}
	printStruct(pack)
}

// printStruct prints the keys and values of a struct using reflection
func printStruct(obj interface{}) {
	v := reflect.ValueOf(obj)
	t := v.Type()

	// Iterate over the struct fields and print key-value pairs
	for i := 0; i < v.NumField(); i++ {
		field := v.Field(i)
		fieldName := t.Field(i).Name

		fmt.Printf("%s: %v\n", fieldName, field.Interface())
	}
}

Output:

ID: redacted
Type: advanced
Hosts: [redacted]
Certificates: []
PrimaryCertificate: 0
Status: pending_validation
ValidationRecords: [{  _acme-challenge.redated redacted   []}]
ValidationErrors: []
ValidationMethod: txt
ValidityDays: 90
CertificateAuthority: lets_encrypt
CloudflareBranding: false

In order to resolve this, CertificatePack needs to handle dcv_delegated_records. Such as updating the Certificate Pack struct to allow dcv_delegation_records:

// CertificatePack is the overarching structure of a certificate pack response.
type CertificatePack struct {
	ID                   string                       `json:"id"`
	Type                 string                       `json:"type"`
	Hosts                []string                     `json:"hosts"`
	Certificates         []CertificatePackCertificate `json:"certificates"`
	PrimaryCertificate   string                       `json:"primary_certificate"`
	Status               string                       `json:"status"`
	ValidationRecords    []SSLValidationRecord        `json:"validation_records,omitempty"`
	ValidationErrors     []SSLValidationError         `json:"validation_errors,omitempty"`
	ValidationMethod     string                       `json:"validation_method"`
	ValidityDays         int                          `json:"validity_days"`
	CertificateAuthority string                       `json:"certificate_authority"`
	CloudflareBranding   bool                         `json:"cloudflare_branding"`
        // Add the new field to handle DCV delegation records
        DCVDelegationRecords []DcvDelegationRecord        `json:"dcv_delegation_records"`
}

Steps to reproduce

  1. Call the native cloudflare api for ListCertificatePacks and verify it returns the dcv_delgated_records.
  2. Call the cloudflare-go API for Get Certificate Pack and verify that the dcv delevgated records are missing.

References

No response

@brandonjfordham brandonjfordham changed the title DCV Delegated records are missing DCV Delegated records are missing for Certification Pack Jun 23, 2023
@sas5580
Copy link

sas5580 commented Dec 2, 2024

Noting that it should also be returned as part of Custom Hostnames, specifically as part of the CustomHostnameSSL struct (https://github.com/cloudflare/cloudflare-go/blob/master/custom_hostname.go#L65).

It's not in the CF API documentation, but from an actual API response, it is returned:

{
  "hostname": "foo.bar",
  ...
  "ssl": {
    ...
    "dcv_delegation_records": [
      {
        "cname": "_acme-challenge.test2.www.sastest.xyz",
        "cname_target": "test2.www.sastest.xyz.bd13fd5e9b6b0d81.dcv.cloudflare.com"
      }
    ]
  }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants