route53: adds option to use private zone

go-acme · Apr 16, 2024 · 1a7423b · 1a7423b
1 parent d60c335
commit 1a7423b
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/providers/dns/route53/route53.go b/providers/dns/route53/route53.go
@@ -33,6 +33,7 @@ const (
 	EnvMaxRetries      = envNamespace + "MAX_RETRIES"
 	EnvAssumeRoleArn   = envNamespace + "ASSUME_ROLE_ARN"
 	EnvExternalID      = envNamespace + "EXTERNAL_ID"
+	EnvPrivateZone     = envNamespace + "PRIVATE_ZONE"
 
 	EnvTTL                = envNamespace + "TTL"
 	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@@ -52,6 +53,7 @@ type Config struct {
 	MaxRetries    int
 	AssumeRoleArn string
 	ExternalID    string
+	PrivateZone   bool
 
 	TTL                int
 	PropagationTimeout time.Duration
@@ -67,6 +69,7 @@ func NewDefaultConfig() *Config {
 		MaxRetries:    env.GetOrDefaultInt(EnvMaxRetries, 5),
 		AssumeRoleArn: env.GetOrDefaultString(EnvAssumeRoleArn, ""),
 		ExternalID:    env.GetOrDefaultString(EnvExternalID, ""),
+		PrivateZone:   env.GetOrDefaultBool(EnvPrivateZone, false),
 
 		TTL:                env.GetOrDefaultInt(EnvTTL, 10),
 		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
@@ -299,7 +302,7 @@ func (d *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string,
 	var hostedZoneID string
 	for _, hostedZone := range resp.HostedZones {
 		// .Name has a trailing dot
-		if !hostedZone.Config.PrivateZone && deref(hostedZone.Name) == authZone {
+		if deref(hostedZone.Name) == authZone && (d.config.PrivateZone && hostedZone.Config.PrivateZone || !d.config.PrivateZone && !hostedZone.Config.PrivateZone) {
 			hostedZoneID = deref(hostedZone.Id)
 			break
 		}

diff --git a/providers/dns/route53/route53.toml b/providers/dns/route53/route53.toml
@@ -132,6 +132,7 @@ Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with
     AWS_ASSUME_ROLE_ARN = "Managed by the AWS Role ARN (`AWS_ASSUME_ROLE_ARN_FILE` is not supported)"
     AWS_EXTERNAL_ID = "Managed by STS AssumeRole API operation (`AWS_EXTERNAL_ID_FILE` is not supported)"
   [Configuration.Additional]
+    AWS_PRIVATE_ZONE = "Set to true to use private zones only (default: use public zones only)"
     AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."
     AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"
     AWS_POLLING_INTERVAL = "Time between DNS propagation check"

diff --git a/providers/dns/route53/route53_test.go b/providers/dns/route53/route53_test.go
@@ -23,6 +23,7 @@ var envTest = tester.NewEnvTest(
 	EnvRegion,
 	EnvHostedZoneID,
 	EnvMaxRetries,
+	EnvPrivateZone,
 	EnvTTL,
 	EnvPropagationTimeout,
 	EnvPollingInterval).