feat: add digitalocean ACME Authenticator

Closes: https://forums.truenas.com/t/add-digitalocean-as-acme-dns-authenicator/29879
Signed-off-by: Thomas Bettler <[email protected]>

src/middlewared/debian/control

@@ -21,6 +21,7 @@ Build-Depends: alembic,
                python3-croniter,
                python3-cryptit,
                python3-dbus,
+               python3-digitalocean,
                python3-dnspython,
                python3-docker,
                python3-email-validator,
@@ -114,6 +115,7 @@ Depends: alembic,
          python3-croniter,
          python3-cryptit,
          python3-dbus,
+         python3-digitalocean,
          python3-dnspython,
          python3-docker,
          python3-email-validator,

src/middlewared/middlewared/api/v25_04_0/acme_dns_authenticator.py

@@ -14,7 +14,7 @@
     'ACMEDNSAuthenticatorUpdateArgs', 'ACMEDNSAuthenticatorUpdateResult', 'ACMEDNSAuthenticatorDeleteArgs',
     'ACMEDNSAuthenticatorDeleteResult', 'ACMEDNSAuthenticatorSchemasArgs', 'ACMEDNSAuthenticatorSchemasResult',
     'ACMEDNSAuthenticatorPerformChallengeArgs', 'ACMEDNSAuthenticatorPerformChallengeResult', 'Route53SchemaArgs',
-    'ACMECustomDNSAuthenticatorReturns', 'CloudFlareSchemaArgs', 'OVHSchemaArgs', 'ShellSchemaArgs',
+    'ACMECustomDNSAuthenticatorReturns', 'CloudFlareSchemaArgs', 'DigitalOceanSchemaArgs', 'OVHSchemaArgs', 'ShellSchemaArgs',
 ]
 
 
@@ -44,6 +44,16 @@ class CloudFlareSchemaArgs(CloudFlareSchema):
     pass
 
 
+class DigitalOceanSchema(BaseModel):
+    authenticator: Literal['digitalocean']
+    api_token: Secret[NonEmptyString | None] = Field(default=None, description='API Token')
+
+
+@single_argument_args('attributes')
+class DigitalOceanSchemaArgs(DigitalOceanSchema):
+    pass
+
+
 class OVHSchema(BaseModel):
     authenticator: Literal['OVH']
     application_key: NonEmptyString = Field(description='OVH Application Key')
@@ -82,7 +92,7 @@ class ShellSchemaArgs(ShellSchema):
 
 
 AuthType: TypeAlias = Annotated[
-    CloudFlareSchema | OVHSchema | Route53Schema | ShellSchema,
+    CloudFlareSchema | DigitalOceanSchema | OVHSchema | Route53Schema | ShellSchema,
     Field(discriminator='authenticator')
 ]
 

src/middlewared/middlewared/plugins/acme_protocol_/authenticators/digitalocean.py

@@ -0,0 +1,33 @@
+import logging
+
+from certbot_dns_digitalocean._internal.dns_digitalocean import _DigitalOceanClient
+
+from middlewared.api.current import DigitalOceanSchemaArgs
+
+from .base import Authenticator
+
+
+logger = logging.getLogger(__name__)
+
+
+class DigitalOceanAuthenticator(Authenticator):
+
+    NAME = 'digitalocean'
+    PROPAGATION_DELAY = 60
+    SCHEMA_MODEL = DigitalOceanSchemaArgs
+
+    def initialize_credentials(self):
+        self.api_token = self.attributes.get('api_token')
+
+    @staticmethod
+    async def validate_credentials(middleware, data):
+        return data
+
+    def _perform(self, domain, validation_name, validation_content):
+        self.get_client().add_txt_record(domain, validation_name, validation_content, 600)
+
+    def get_client(self):
+        return _DigitalOceanClient(self.api_token)
+
+    def _cleanup(self, domain, validation_name, validation_content):
+        self.get_client().del_txt_record(domain, validation_name, validation_content)

src/middlewared/middlewared/plugins/acme_protocol_/authenticators/factory.py

@@ -3,6 +3,7 @@
 from middlewared.service_exception import CallError
 
 from .cloudflare import CloudFlareAuthenticator
+from .digitalocean import DigitalOceanAuthenticator
 from .ovh import OVHAuthenticator
 from .route53 import Route53Authenticator
 from .shell import ShellAuthenticator
@@ -28,6 +29,7 @@ def get_authenticators(self):
 auth_factory = AuthenticatorFactory()
 for authenticator in [
     CloudFlareAuthenticator,
+    DigitalOceanAuthenticator,
     Route53Authenticator,
     OVHAuthenticator,
     ShellAuthenticator,