feat: add INFOBLOX_CA_CERTIFICATE option (#2458)

2026-03-14 14:35:48 +01:00 · 2025-02-26 23:41:29 +01:00 · 2025-02-26 23:41:29 +01:00 · da260e45b0
commit da260e45b0
parent b31c6ce79b
4 changed files with 27 additions and 12 deletions
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@ -1557,6 +1557,7 @@ func displayDNSHelp(w io.Writer, name string) error {
 		ew.writeln()

 		ew.writeln(`Additional Configuration:`)
+		ew.writeln(`	- "INFOBLOX_CA_CERTIFICATE":	The path to the CA certificate (PEM encoded)`)
 		ew.writeln(`	- "INFOBLOX_DNS_VIEW":	The view for the TXT records (Default: External)`)
 		ew.writeln(`	- "INFOBLOX_HTTP_TIMEOUT":	API request timeout in seconds (Default: 30)`)
 		ew.writeln(`	- "INFOBLOX_POLLING_INTERVAL":	Time between DNS propagation check in seconds (Default: 2)`)
--- a/docs/content/dns/zz_gen_infoblox.md
+++ b/docs/content/dns/zz_gen_infoblox.md
@ -51,6 +51,7 @@ More information [here]({{% ref "dns#configuration-and-credentials" %}}).

 | Environment Variable Name | Description |
 |--------------------------------|-------------|
+| `INFOBLOX_CA_CERTIFICATE` | The path to the CA certificate (PEM encoded) |
 | `INFOBLOX_DNS_VIEW` | The view for the TXT records (Default: External) |
 | `INFOBLOX_HTTP_TIMEOUT` | API request timeout in seconds (Default: 30) |
 | `INFOBLOX_POLLING_INTERVAL` | Time between DNS propagation check in seconds (Default: 2) |
--- a/providers/dns/infoblox/infoblox.go
+++ b/providers/dns/infoblox/infoblox.go
@ -19,13 +19,14 @@ import (
 const (
 	envNamespace = "INFOBLOX_"

-	EnvHost        = envNamespace + "HOST"
-	EnvPort        = envNamespace + "PORT"
-	EnvUsername    = envNamespace + "USERNAME"
-	EnvPassword    = envNamespace + "PASSWORD"
-	EnvDNSView     = envNamespace + "DNS_VIEW"
-	EnvWApiVersion = envNamespace + "WAPI_VERSION"
-	EnvSSLVerify   = envNamespace + "SSL_VERIFY"
+	EnvHost          = envNamespace + "HOST"
+	EnvPort          = envNamespace + "PORT"
+	EnvUsername      = envNamespace + "USERNAME"
+	EnvPassword      = envNamespace + "PASSWORD"
+	EnvDNSView       = envNamespace + "DNS_VIEW"
+	EnvWApiVersion   = envNamespace + "WAPI_VERSION"
+	EnvSSLVerify     = envNamespace + "SSL_VERIFY"
+	EnvCACertificate = envNamespace + "CA_CERTIFICATE"

 	EnvTTL                = envNamespace + "TTL"
 	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@ -57,6 +58,9 @@ type Config struct {
 	// SSLVerify is whether or not to verify the ssl of the server being hit.
 	SSLVerify bool

+	// CACertificate is the path to the CA certificate (PEM encoded).
+	CACertificate string
+
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
 	TTL                int
@ -66,10 +70,11 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider.
 func NewDefaultConfig() *Config {
 	return &Config{
-		DNSView:     env.GetOrDefaultString(EnvDNSView, "External"),
-		WapiVersion: env.GetOrDefaultString(EnvWApiVersion, "2.11"),
-		Port:        env.GetOrDefaultString(EnvPort, "443"),
-		SSLVerify:   env.GetOrDefaultBool(EnvSSLVerify, true),
+		DNSView:       env.GetOrDefaultString(EnvDNSView, "External"),
+		WapiVersion:   env.GetOrDefaultString(EnvWApiVersion, "2.11"),
+		Port:          env.GetOrDefaultString(EnvPort, "443"),
+		SSLVerify:     env.GetOrDefaultBool(EnvSSLVerify, true),
+		CACertificate: env.GetOrDefaultString(EnvCACertificate, ""),

 		TTL:                env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
 		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
@ -122,9 +127,16 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, errors.New("infoblox: missing credentials")
 	}

+	var sslVerify string
+	if config.CACertificate != "" {
+		sslVerify = config.CACertificate
+	} else {
+		sslVerify = strconv.FormatBool(config.SSLVerify)
+	}
+
 	return &DNSProvider{
 		config:          config,
-		transportConfig: infoblox.NewTransportConfig(strconv.FormatBool(config.SSLVerify), config.HTTPTimeout, defaultPoolConnections),
+		transportConfig: infoblox.NewTransportConfig(sslVerify, config.HTTPTimeout, defaultPoolConnections),
 		ibConfig: infoblox.HostConfig{
 			Host:     config.Host,
 			Version:  config.WapiVersion,
--- a/providers/dns/infoblox/infoblox.toml
+++ b/providers/dns/infoblox/infoblox.toml
@ -25,6 +25,7 @@ When creating an API's user ensure it has the proper permissions for the view yo
    INFOBLOX_WAPI_VERSION = "The version of WAPI being used  (Default: 2.11)"
    INFOBLOX_PORT = "The port for the infoblox grid manager  (Default: 443)"
    INFOBLOX_SSL_VERIFY = "Whether or not to verify the TLS certificate  (Default: true)"
+    INFOBLOX_CA_CERTIFICATE = "The path to the CA certificate (PEM encoded)"
    INFOBLOX_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
    INFOBLOX_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
    INFOBLOX_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"