Add DNS provider for Abion

providers/dns/abion/abion.go

@@ -0,0 +1,214 @@
+// Package abion implements a DNS provider for solving the DNS-01 challenge using Abion.
+package abion
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/go-acme/lego/v4/platform/config/env"
+	"github.com/go-acme/lego/v4/providers/dns/abion/internal"
+	"github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+	envNamespace = "ABION_"
+
+	EnvAPIKey = envNamespace + "API_KEY"
+
+	EnvTTL                = envNamespace + "TTL"
+	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
+	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+	APIKey             string
+	PropagationTimeout time.Duration
+	PollingInterval    time.Duration
+	TTL                int
+	HTTPClient         *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+	return &Config{
+		TTL:                env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+		HTTPClient: &http.Client{
+			Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 10*time.Second),
+		},
+	}
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+	config *Config
+	client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Abion.
+// Credentials must be passed in the environment variable: ABION_API_KEY.
+func NewDNSProvider() (*DNSProvider, error) {
+	values, err := env.Get(EnvAPIKey)
+	if err != nil {
+		return nil, fmt.Errorf("abion: %w", err)
+	}
+
+	config := NewDefaultConfig()
+	config.APIKey = values[EnvAPIKey]
+
+	return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Abion.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+	if config == nil {
+		return nil, errors.New("abion: the configuration of the DNS provider is nil")
+	}
+
+	if config.APIKey == "" {
+		return nil, errors.New("abion: credentials missing")
+	}
+
+	client := internal.NewClient(config.APIKey)
+
+	if config.HTTPClient != nil {
+		client.HTTPClient = config.HTTPClient
+	}
+
+	client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+	return &DNSProvider{
+		config: config,
+		client: client,
+	}, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record to fulfill the dns-01 challenge.
+func (d *DNSProvider) Present(domain, _, keyAuth string) error {
+	ctx := context.Background()
+	info := dns01.GetChallengeInfo(domain, keyAuth)
+
+	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+	if err != nil {
+		return fmt.Errorf("abion: could not find zone for domain %q: %w", domain, err)
+	}
+
+	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+	if err != nil {
+		return fmt.Errorf("abion: %w", err)
+	}
+
+	zones, err := d.client.GetZone(ctx, dns01.UnFqdn(authZone))
+	if err != nil {
+		return fmt.Errorf("abion: get zone %w", err)
+	}
+
+	var data []internal.Record
+
+	if sub, ok := zones.Data.Attributes.Records[subDomain]; ok {
+		if records, exist := sub["TXT"]; exist {
+			data = append(data, records...)
+		}
+	}
+
+	data = append(data, internal.Record{
+		TTL:      d.config.TTL,
+		Data:     info.Value,
+		Comments: "lego",
+	})
+
+	patch := internal.ZoneRequest{
+		Data: internal.Zone{
+			Type: "zone",
+			ID:   dns01.UnFqdn(authZone),
+			Attributes: internal.Attributes{
+				Records: map[string]map[string][]internal.Record{
+					subDomain: {"TXT": data},
+				},
+			},
+		},
+	}
+
+	_, err = d.client.UpdateZone(ctx, dns01.UnFqdn(authZone), patch)
+	if err != nil {
+		return fmt.Errorf("abion: update zone %w", err)
+	}
+
+	return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	ctx := context.Background()
+	info := dns01.GetChallengeInfo(domain, keyAuth)
+
+	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+	if err != nil {
+		return fmt.Errorf("abion: could not find zone for domain %q: %w", domain, err)
+	}
+
+	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+	if err != nil {
+		return fmt.Errorf("abion: %w", err)
+	}
+
+	zones, err := d.client.GetZone(ctx, dns01.UnFqdn(authZone))
+	if err != nil {
+		return fmt.Errorf("abion: get zone %w", err)
+	}
+
+	var data []internal.Record
+
+	if sub, ok := zones.Data.Attributes.Records[subDomain]; ok {
+		if records, exist := sub["TXT"]; exist {
+			for _, record := range records {
+				if record.Data != info.Value {
+					data = append(data, record)
+				}
+			}
+		}
+	}
+
+	payload := map[string][]internal.Record{}
+	if len(data) == 0 {
+		payload["TXT"] = nil
+	} else {
+		payload["TXT"] = data
+	}
+
+	patch := internal.ZoneRequest{
+		Data: internal.Zone{
+			Type: "zone",
+			ID:   dns01.UnFqdn(authZone),
+			Attributes: internal.Attributes{
+				Records: map[string]map[string][]internal.Record{
+					subDomain: payload,
+				},
+			},
+		},
+	}
+
+	_, err = d.client.UpdateZone(ctx, dns01.UnFqdn(authZone), patch)
+	if err != nil {
+		return fmt.Errorf("abion: update zone %w", err)
+	}
+
+	return nil
+}

providers/dns/abion/abion.toml

@@ -0,0 +1,22 @@
+Name = "Abion"
+Description = ''''''
+URL = "https://abion.com"
+Code = "abion"
+Since = "v4.32.0"
+
+Example = '''
+ABION_API_KEY="xxxxxxxxxxxx" \
+lego --dns abion -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    ABION_API_KEY = "API key"
+  [Configuration.Additional]
+    ABION_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+    ABION_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+    ABION_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+    ABION_HTTP_TIMEOUT = "API request timeout in seconds (Default: 10)"
+
+[Links]
+  API = "https://demo.abion.com/pmapi-doc/openapi-ui/index.html"

providers/dns/abion/abion_test.go

@@ -0,0 +1,118 @@
+package abion
+
+import (
+	"testing"
+
+	"github.com/go-acme/lego/v4/platform/tester"
+	"github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		envVars  map[string]string
+		expected string
+	}{
+		{
+			desc: "success",
+			envVars: map[string]string{
+				EnvAPIKey: "123",
+			},
+		},
+		{
+			desc: "missing credentials",
+			envVars: map[string]string{
+				EnvAPIKey: "",
+			},
+			expected: "abion: some credentials information are missing: ABION_API_KEY",
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			defer envTest.RestoreEnv()
+
+			envTest.ClearEnv()
+
+			envTest.Apply(test.envVars)
+
+			p, err := NewDNSProvider()
+
+			if test.expected == "" {
+				require.NoError(t, err)
+				require.NotNil(t, p)
+				require.NotNil(t, p.config)
+			} else {
+				require.EqualError(t, err, test.expected)
+			}
+		})
+	}
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		apiKey   string
+		ttl      int
+		expected string
+	}{
+		{
+			desc:   "success",
+			apiKey: "123",
+		},
+		{
+			desc:     "missing credentials",
+			expected: "abion: credentials missing",
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			config := NewDefaultConfig()
+			config.APIKey = test.apiKey
+			config.TTL = test.ttl
+
+			p, err := NewDNSProviderConfig(config)
+
+			if test.expected == "" {
+				require.NoError(t, err)
+				require.NotNil(t, p)
+				require.NotNil(t, p.config)
+			} else {
+				require.EqualError(t, err, test.expected)
+			}
+		})
+	}
+}
+
+func TestLivePresent(t *testing.T) {
+	if !envTest.IsLiveTest() {
+		t.Skip("skipping live test")
+	}
+
+	envTest.RestoreEnv()
+
+	provider, err := NewDNSProvider()
+	require.NoError(t, err)
+
+	err = provider.Present(envTest.GetDomain(), "", "123d==")
+	require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+	if !envTest.IsLiveTest() {
+		t.Skip("skipping live test")
+	}
+
+	envTest.RestoreEnv()
+
+	provider, err := NewDNSProvider()
+	require.NoError(t, err)
+
+	err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+	require.NoError(t, err)
+}

providers/dns/abion/internal/client.go

@@ -0,0 +1,172 @@
+package internal
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+	"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+	querystring "github.com/google/go-querystring/query"
+)
+
+// defaultBaseURL represents the API endpoint to call.
+const defaultBaseURL = "https://api.abion.com"
+
+const apiKeyHeader = "X-API-KEY"
+
+// Client the Abion API client.
+type Client struct {
+	apiKey     string
+	baseURL    *url.URL
+	HTTPClient *http.Client
+}
+
+// NewClient Creates a new Client.
+func NewClient(apiKey string) *Client {
+	baseURL, _ := url.Parse(defaultBaseURL)
+
+	return &Client{
+		apiKey:     apiKey,
+		baseURL:    baseURL,
+		HTTPClient: &http.Client{Timeout: 5 * time.Second},
+	}
+}
+
+// GetZones Lists all the zones your session can access.
+func (c *Client) GetZones(ctx context.Context, page *Pagination) (*APIResponse[[]Zone], error) {
+	endpoint := c.baseURL.JoinPath("v1", "zones")
+
+	req, err := newJSONRequest(ctx, http.MethodGet, endpoint, http.NoBody)
+	if err != nil {
+		return nil, err
+	}
+
+	if page != nil {
+		v, errQ := querystring.Values(page)
+		if errQ != nil {
+			return nil, errQ
+		}
+
+		req.URL.RawQuery = v.Encode()
+	}
+
+	results := &APIResponse[[]Zone]{}
+
+	if err := c.do(req, results); err != nil {
+		return nil, fmt.Errorf("could not get zones: %w", err)
+	}
+
+	return results, nil
+}
+
+// GetZone Returns the full information on a single zone.
+func (c *Client) GetZone(ctx context.Context, name string) (*APIResponse[*Zone], error) {
+	endpoint := c.baseURL.JoinPath("v1", "zones", name)
+
+	req, err := newJSONRequest(ctx, http.MethodGet, endpoint, http.NoBody)
+	if err != nil {
+		return nil, err
+	}
+
+	results := &APIResponse[*Zone]{}
+
+	if err := c.do(req, results); err != nil {
+		return nil, fmt.Errorf("could not get zone %s: %w", name, err)
+	}
+
+	return results, nil
+}
+
+// UpdateZone Updates a zone by patching it according to JSON Merge Patch format (RFC 7396).
+func (c *Client) UpdateZone(ctx context.Context, name string, patch ZoneRequest) (*APIResponse[*Zone], error) {
+	endpoint := c.baseURL.JoinPath("v1", "zones", name)
+
+	req, err := newJSONRequest(ctx, http.MethodPatch, endpoint, patch)
+	if err != nil {
+		return nil, err
+	}
+
+	results := &APIResponse[*Zone]{}
+
+	if err := c.do(req, results); err != nil {
+		return nil, fmt.Errorf("could not update zone %s: %w", name, err)
+	}
+
+	return results, nil
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+	useragent.SetHeader(req.Header)
+
+	req.Header.Set(apiKeyHeader, c.apiKey)
+
+	resp, err := c.HTTPClient.Do(req)
+	if err != nil {
+		return errutils.NewHTTPDoError(req, err)
+	}
+
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode != http.StatusOK {
+		return parseError(req, resp)
+	}
+
+	if result == nil {
+		return nil
+	}
+
+	raw, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return errutils.NewReadResponseError(req, resp.StatusCode, err)
+	}
+
+	err = json.Unmarshal(raw, result)
+	if err != nil {
+		return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+	}
+
+	return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+	buf := new(bytes.Buffer)
+
+	if payload != nil {
+		err := json.NewEncoder(buf).Encode(payload)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+		}
+	}
+
+	req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+	if err != nil {
+		return nil, fmt.Errorf("unable to create request: %w", err)
+	}
+
+	req.Header.Set("Accept", "application/json")
+
+	if payload != nil {
+		req.Header.Set("Content-Type", "application/json")
+	}
+
+	return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+	raw, _ := io.ReadAll(resp.Body)
+
+	zResp := &APIResponse[any]{}
+
+	err := json.Unmarshal(raw, zResp)
+	if err != nil {
+		return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+	}
+
+	return zResp.Error
+}

providers/dns/abion/internal/client_test.go

@@ -0,0 +1,255 @@
+package internal
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/go-acme/lego/v4/platform/tester/servermock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+	return servermock.NewBuilder(
+		func(server *httptest.Server) (*Client, error) {
+			client := NewClient("secret")
+			client.HTTPClient = server.Client()
+			client.baseURL, _ = url.Parse(server.URL)
+
+			return client, nil
+		},
+		servermock.CheckHeader().
+			WithJSONHeaders().
+			With(apiKeyHeader, "secret"),
+	)
+}
+
+func TestUpdateZone(t *testing.T) {
+	domain := "example.com"
+
+	client := mockBuilder().
+		Route("PATCH /v1/zones/"+domain,
+			servermock.ResponseFromFixture("update.json"),
+			servermock.CheckRequestJSONBodyFromFixture("update-request.json")).
+		Build(t)
+
+	patch := ZoneRequest{
+		Data: Zone{
+			Type: "zone",
+			ID:   domain,
+			Attributes: Attributes{
+				Records: map[string]map[string][]Record{
+					"_acme-challenge.test": {
+						"TXT": []Record{
+							{Data: "test"},
+							{Data: "test1"},
+							{Data: "test2"},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	zone, err := client.UpdateZone(context.Background(), domain, patch)
+	require.NoError(t, err)
+
+	expected := &APIResponse[*Zone]{
+		Meta: &Metadata{
+			InvocationID: "95cdcc21-b9c3-4b21-8bd1-b05c34c56147",
+		},
+		Data: &Zone{
+			Type: "zone",
+			ID:   "dipcon.com",
+			Attributes: Attributes{
+				OrganisationID:          "10154",
+				OrganisationDescription: "My Company AB",
+				DNSTypeDescription:      "Anycast",
+				Slave:                   false,
+				Pending:                 false,
+				Deleted:                 false,
+				Settings: &Settings{
+					MName:   "dns01.dipcon.com.",
+					Refresh: 3600,
+					Expire:  604800,
+					TTL:     600,
+				},
+				Records: map[string]map[string][]Record{
+					"@": {
+						"NS": {
+							{
+								TTL:      3600,
+								Data:     "193.14.90.194",
+								Comments: "this is a comment",
+							},
+						},
+					},
+				},
+				Redirects: map[string][]Redirect{
+					"<name>": {
+						{
+							Path:        "/x/y",
+							Destination: "https://abion.com/?ref=dipcon",
+							Status:      301,
+							Slugs:       true,
+							Certificate: true,
+						},
+					},
+				},
+			},
+		},
+	}
+
+	assert.Equal(t, expected, zone)
+}
+
+func TestUpdateZone_error(t *testing.T) {
+	domain := "example.com"
+
+	client := mockBuilder().
+		Route("PATCH /v1/zones/"+domain,
+			servermock.ResponseFromFixture("error.json").
+				WithStatusCode(http.StatusUnauthorized)).
+		Build(t)
+
+	patch := ZoneRequest{
+		Data: Zone{
+			Type: "zone",
+			ID:   domain,
+			Attributes: Attributes{
+				Records: map[string]map[string][]Record{
+					"_acme-challenge.test": {
+						"TXT": []Record{
+							{Data: "test"},
+							{Data: "test1"},
+							{Data: "test2"},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	_, err := client.UpdateZone(context.Background(), domain, patch)
+	require.EqualError(t, err, "could not update zone example.com: api error: status=401, message=Authentication Error")
+}
+
+func TestGetZones(t *testing.T) {
+	client := mockBuilder().
+		Route("GET /v1/zones/",
+			servermock.ResponseFromFixture("zones.json")).
+		Build(t)
+
+	zones, err := client.GetZones(context.Background(), nil)
+	require.NoError(t, err)
+
+	expected := &APIResponse[[]Zone]{
+		Meta: &Metadata{
+			InvocationID: "95cdcc21-b9c3-4b21-8bd1-b05c34c56147",
+			Pagination: &Pagination{
+				Offset: 0,
+				Limit:  1,
+				Total:  1,
+			},
+		},
+		Data: []Zone{
+			{
+				Type: "zone",
+				ID:   "dipcon.com",
+				Attributes: Attributes{
+					OrganisationID:          "10154",
+					OrganisationDescription: "My Company AB",
+					DNSTypeDescription:      "Anycast",
+					Slave:                   true,
+					Pending:                 true,
+					Deleted:                 true,
+				},
+			},
+		},
+	}
+
+	assert.Equal(t, expected, zones)
+}
+
+func TestGetZones_error(t *testing.T) {
+	client := mockBuilder().
+		Route("GET /v1/zones/",
+			servermock.ResponseFromFixture("error.json").
+				WithStatusCode(http.StatusUnauthorized)).
+		Build(t)
+
+	_, err := client.GetZones(context.Background(), nil)
+	require.EqualError(t, err, "could not get zones: api error: status=401, message=Authentication Error")
+}
+
+func TestGetZone(t *testing.T) {
+	client := mockBuilder().
+		Route("GET /v1/zones/example.com",
+			servermock.ResponseFromFixture("zone.json")).
+		Build(t)
+
+	zones, err := client.GetZone(context.Background(), "example.com")
+	require.NoError(t, err)
+
+	expected := &APIResponse[*Zone]{
+		Meta: &Metadata{
+			InvocationID: "95cdcc21-b9c3-4b21-8bd1-b05c34c56147",
+		},
+		Data: &Zone{
+			Type: "zone",
+			ID:   "dipcon.com",
+			Attributes: Attributes{
+				OrganisationID:          "10154",
+				OrganisationDescription: "My Company AB",
+				DNSTypeDescription:      "Anycast",
+				Slave:                   false,
+				Pending:                 false,
+				Deleted:                 false,
+				Settings: &Settings{
+					MName:   "dns01.dipcon.com.",
+					Refresh: 3600,
+					Expire:  604800,
+					TTL:     600,
+				},
+				Records: map[string]map[string][]Record{
+					"@": {
+						"NS": {
+							{
+								TTL:      3600,
+								Data:     "193.14.90.194",
+								Comments: "this is a comment",
+							},
+						},
+					},
+				},
+				Redirects: map[string][]Redirect{
+					"<name>": {
+						{
+							Path:        "/x/y",
+							Destination: "https://abion.com/?ref=dipcon",
+							Status:      301,
+							Slugs:       true,
+							Certificate: true,
+						},
+					},
+				},
+			},
+		},
+	}
+
+	assert.Equal(t, expected, zones)
+}
+
+func TestGetZone_error(t *testing.T) {
+	client := mockBuilder().
+		Route("GET /v1/zones/example.com",
+			servermock.ResponseFromFixture("error.json").
+				WithStatusCode(http.StatusUnauthorized)).
+		Build(t)
+
+	_, err := client.GetZone(context.Background(), "example.com")
+	require.EqualError(t, err, "could not get zone example.com: api error: status=401, message=Authentication Error")
+}

providers/dns/abion/internal/fixtures/error.json

@@ -0,0 +1,9 @@
+{
+  "meta": {
+    "invocationId": "95cdcc21-b9c3-4b21-8bd1-b05c34c56147"
+  },
+  "error": {
+    "status": 401,
+    "message": "Authentication Error"
+  }
+}

providers/dns/abion/internal/fixtures/update-request.json

@@ -0,0 +1,23 @@
+{
+  "data": {
+    "type": "zone",
+    "id": "example.com",
+    "attributes": {
+      "records": {
+        "_acme-challenge.test": {
+          "TXT": [
+            {
+              "rdata": "test"
+            },
+            {
+              "rdata": "test1"
+            },
+            {
+              "rdata": "test2"
+            }
+          ]
+        }
+      }
+    }
+  }
+}

providers/dns/abion/internal/fixtures/update.json

@@ -0,0 +1,45 @@
+{
+  "meta": {
+    "invocationId": "95cdcc21-b9c3-4b21-8bd1-b05c34c56147"
+  },
+  "data": {
+    "type": "zone",
+    "id": "dipcon.com",
+    "attributes": {
+      "organisationId": "10154",
+      "organisationDescription": "My Company AB",
+      "dnsTypeDescription": "Anycast",
+      "slave": false,
+      "pending": false,
+      "deleted": false,
+      "settings": {
+        "mname": "dns01.dipcon.com.",
+        "refresh": 3600,
+        "expire": 604800,
+        "ttl": 600
+      },
+      "records": {
+        "@": {
+          "NS": [
+            {
+              "ttl": 3600,
+              "rdata": "193.14.90.194",
+              "comments": "this is a comment"
+            }
+          ]
+        }
+      },
+      "redirects": {
+        "<name>": [
+          {
+            "path": "/x/y",
+            "destination": "https://abion.com/?ref=dipcon",
+            "status": 301,
+            "slugs": true,
+            "certificate": true
+          }
+        ]
+      }
+    }
+  }
+}

providers/dns/abion/internal/fixtures/zone.json

@@ -0,0 +1,45 @@
+{
+  "meta": {
+    "invocationId": "95cdcc21-b9c3-4b21-8bd1-b05c34c56147"
+  },
+  "data": {
+    "type": "zone",
+    "id": "dipcon.com",
+    "attributes": {
+      "organisationId": "10154",
+      "organisationDescription": "My Company AB",
+      "dnsTypeDescription": "Anycast",
+      "slave": false,
+      "pending": false,
+      "deleted": false,
+      "settings": {
+        "mname": "dns01.dipcon.com.",
+        "refresh": 3600,
+        "expire": 604800,
+        "ttl": 600
+      },
+      "records": {
+        "@": {
+          "NS": [
+            {
+              "ttl": 3600,
+              "rdata": "193.14.90.194",
+              "comments": "this is a comment"
+            }
+          ]
+        }
+      },
+      "redirects": {
+        "<name>": [
+          {
+            "path": "/x/y",
+            "destination": "https://abion.com/?ref=dipcon",
+            "status": 301,
+            "slugs": true,
+            "certificate": true
+          }
+        ]
+      }
+    }
+  }
+}

providers/dns/abion/internal/fixtures/zones.json

@@ -0,0 +1,22 @@
+{
+  "meta": {
+    "invocationId": "95cdcc21-b9c3-4b21-8bd1-b05c34c56147",
+    "offset": 0,
+    "limit": 1,
+    "total": 1
+  },
+  "data": [
+    {
+      "type": "zone",
+      "id": "dipcon.com",
+      "attributes": {
+        "organisationId": "10154",
+        "organisationDescription": "My Company AB",
+        "dnsTypeDescription": "Anycast",
+        "slave": true,
+        "pending": true,
+        "deleted": true
+      }
+    }
+  ]
+}

providers/dns/abion/internal/types.go

@@ -0,0 +1,73 @@
+package internal
+
+import "fmt"
+
+type ZoneRequest struct {
+	Data Zone `json:"data"`
+}
+
+type Pagination struct {
+	Offset int `json:"offset,omitempty" url:"offset"`
+	Limit  int `json:"limit,omitempty" url:"limit"`
+	Total  int `json:"total,omitempty" url:"total"`
+}
+
+type APIResponse[T any] struct {
+	Meta  *Metadata `json:"meta,omitempty"`
+	Data  T         `json:"data,omitempty"`
+	Error *Error    `json:"error,omitempty"`
+}
+
+type Metadata struct {
+	*Pagination
+
+	InvocationID string `json:"invocationId,omitempty"`
+}
+
+type Zone struct {
+	Type       string     `json:"type,omitempty"`
+	ID         string     `json:"id,omitempty"`
+	Attributes Attributes `json:"attributes"`
+}
+
+type Attributes struct {
+	OrganisationID          string                         `json:"organisationId,omitempty"`
+	OrganisationDescription string                         `json:"organisationDescription,omitempty"`
+	DNSTypeDescription      string                         `json:"dnsTypeDescription,omitempty"`
+	Slave                   bool                           `json:"slave,omitempty"`
+	Pending                 bool                           `json:"pending,omitempty"`
+	Deleted                 bool                           `json:"deleted,omitempty"`
+	Settings                *Settings                      `json:"settings,omitempty"`
+	Records                 map[string]map[string][]Record `json:"records,omitempty"`
+	Redirects               map[string][]Redirect          `json:"redirects,omitempty"`
+}
+
+type Settings struct {
+	MName   string `json:"mname,omitempty"`
+	Refresh int    `json:"refresh,omitempty"`
+	Expire  int    `json:"expire,omitempty"`
+	TTL     int    `json:"ttl,omitempty"`
+}
+
+type Record struct {
+	TTL      int    `json:"ttl,omitempty"`
+	Data     string `json:"rdata,omitempty"`
+	Comments string `json:"comments,omitempty"`
+}
+
+type Redirect struct {
+	Path        string `json:"path"`
+	Destination string `json:"destination"`
+	Status      int    `json:"status"`
+	Slugs       bool   `json:"slugs"`
+	Certificate bool   `json:"certificate"`
+}
+
+type Error struct {
+	Status  int    `json:"status"`
+	Message string `json:"message"`
+}
+
+func (e *Error) Error() string {
+	return fmt.Sprintf("api error: status=%d, message=%s", e.Status, e.Message)
+}