Add DNS provider for Gravity (#2738)

providers/dns/gravity/gravity.go

@@ -0,0 +1,205 @@
+// Package gravity implements a DNS provider for solving the DNS-01 challenge using Gravity.
+package gravity
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/go-acme/lego/v4/platform/config/env"
+	"github.com/go-acme/lego/v4/providers/dns/gravity/internal"
+	"github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+	"github.com/google/uuid"
+)
+
+// Environment variables names.
+const (
+	envNamespace = "GRAVITY_"
+
+	EnvUsername  = envNamespace + "USERNAME"
+	EnvPassword  = envNamespace + "PASSWORD"
+	EnvServerURL = envNamespace + "SERVER_URL"
+
+	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
+	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
+	EnvSequenceInterval   = envNamespace + "SEQUENCE_INTERVAL"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+	Username  string
+	Password  string
+	ServerURL string
+
+	PropagationTimeout time.Duration
+	PollingInterval    time.Duration
+	SequenceInterval   time.Duration
+	HTTPClient         *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+	return &Config{
+		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+		SequenceInterval:   env.GetOrDefaultSecond(EnvSequenceInterval, 1*time.Second),
+		HTTPClient: &http.Client{
+			Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+		},
+	}
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+	config *Config
+	client *internal.Client
+
+	records   map[string]internal.Record
+	recordsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Gravity.
+func NewDNSProvider() (*DNSProvider, error) {
+	values, err := env.Get(EnvUsername, EnvPassword, EnvServerURL)
+	if err != nil {
+		return nil, fmt.Errorf("gravity: %w", err)
+	}
+
+	config := NewDefaultConfig()
+	config.Username = values[EnvUsername]
+	config.Password = values[EnvPassword]
+	config.ServerURL = values[EnvServerURL]
+
+	return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Gravity.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+	if config == nil {
+		return nil, errors.New("gravity: the configuration of the DNS provider is nil")
+	}
+
+	client, err := internal.NewClient(config.ServerURL, config.Username, config.Password)
+	if err != nil {
+		return nil, fmt.Errorf("gravity: %w", err)
+	}
+
+	if config.HTTPClient != nil {
+		client.HTTPClient = config.HTTPClient
+	}
+
+	client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+	return &DNSProvider{
+		config:  config,
+		client:  client,
+		records: make(map[string]internal.Record),
+	}, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	ctx := context.Background()
+
+	info := dns01.GetChallengeInfo(domain, keyAuth)
+
+	_, err := d.client.Login(ctx)
+	if err != nil {
+		return fmt.Errorf("gravity: login: %w", err)
+	}
+
+	zone, err := d.findZone(ctx, info.EffectiveFQDN)
+	if err != nil {
+		return fmt.Errorf("gravity: %w", err)
+	}
+
+	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone)
+	if err != nil {
+		return fmt.Errorf("gravity: %w", err)
+	}
+
+	id := uuid.New()
+
+	record := internal.Record{
+		Data:     info.Value,
+		Hostname: subDomain,
+		Type:     "TXT",
+		UID:      id.String(),
+	}
+
+	err = d.client.CreateDNSRecord(ctx, zone, record)
+	if err != nil {
+		return fmt.Errorf("gravity: create DNS record: %w", err)
+	}
+
+	d.recordsMu.Lock()
+
+	record.Fqdn = zone
+	d.records[token] = record
+	d.recordsMu.Unlock()
+
+	return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	info := dns01.GetChallengeInfo(domain, keyAuth)
+
+	d.recordsMu.Lock()
+	record, ok := d.records[token]
+	d.recordsMu.Unlock()
+
+	if !ok {
+		return fmt.Errorf("gravity: unknown record for '%s' '%s'", info.EffectiveFQDN, token)
+	}
+
+	err := d.client.DeleteDNSRecord(context.Background(), record.Fqdn, record)
+	if err != nil {
+		return fmt.Errorf("gravity: delete record: %w", err)
+	}
+
+	return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Sequential implements the [dns01.sequential] interface.
+// It changes the behavior of the provider to resolve DNS challenges sequentially.
+// Returns the interval between each iteration.
+//
+// Gravity supports adding multiple records for the same domain, but the DNS server doesn't work as expected:
+// if you call the DNS server, it will answer only the latest record instead of all of them.
+func (d *DNSProvider) Sequential() time.Duration {
+	return d.config.SequenceInterval
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, effectiveFQDN string) (string, error) {
+	var zone string
+
+	for fqdn := range dns01.DomainsSeq(effectiveFQDN) {
+		zones, err := d.client.GetDNSZones(ctx, fqdn)
+		if err != nil {
+			return "", fmt.Errorf("get DNS zones: %w", err)
+		}
+
+		if len(zones) != 0 {
+			zone = zones[0].Name
+			break
+		}
+	}
+
+	if zone == "" {
+		return "", fmt.Errorf("could not find zone for %q", effectiveFQDN)
+	}
+
+	return zone, nil
+}

providers/dns/gravity/gravity.toml

@@ -0,0 +1,26 @@
+Name = "Gravity"
+Description = ''''''
+URL = "https://gravity.beryju.io/"
+Code = "gravity"
+Since = "v4.30.0"
+
+Example = '''
+GRAVITY_SERVER_URL="https://example.org:1234" \
+GRAVITY_USERNAME="xxxxxxxxxxxxxxxxxxxxx" \
+GRAVITY_PASSWORD="yyyyyyyyyyyyyyyyyyyyy" \
+lego --email you@example.com --dns gravity -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    GRAVITY_SERVER_URL = "URL of the server"
+    GRAVITY_USERNAME = "Username"
+    GRAVITY_PASSWORD = "Password"
+  [Configuration.Additional]
+    GRAVITY_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+    GRAVITY_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+    GRAVITY_SEQUENCE_INTERVAL = "Time between sequential requests in seconds (Default: 1)"
+    GRAVITY_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+  API = "https://gravity.beryju.io/docs/api/reference/"

providers/dns/gravity/gravity_test.go

@@ -0,0 +1,254 @@
+package gravity
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/go-acme/lego/v4/platform/tester"
+	"github.com/go-acme/lego/v4/platform/tester/servermock"
+	"github.com/go-acme/lego/v4/providers/dns/gravity/internal"
+	"github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+	EnvUsername,
+	EnvPassword,
+	EnvServerURL,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		envVars  map[string]string
+		expected string
+	}{
+		{
+			desc: "success",
+			envVars: map[string]string{
+				EnvUsername:  "user",
+				EnvPassword:  "secret",
+				EnvServerURL: "https://example.org:1234",
+			},
+		},
+		{
+			desc: "missing EnvUsername",
+			envVars: map[string]string{
+				EnvUsername:  "",
+				EnvPassword:  "secret",
+				EnvServerURL: "https://example.org:1234",
+			},
+			expected: "gravity: some credentials information are missing: GRAVITY_USERNAME",
+		},
+		{
+			desc: "missing EnvPassword",
+			envVars: map[string]string{
+				EnvUsername:  "user",
+				EnvPassword:  "",
+				EnvServerURL: "https://example.org:1234",
+			},
+			expected: "gravity: some credentials information are missing: GRAVITY_PASSWORD",
+		},
+		{
+			desc: "missing EnvServerURL",
+			envVars: map[string]string{
+				EnvUsername:  "user",
+				EnvPassword:  "secret",
+				EnvServerURL: "",
+			},
+			expected: "gravity: some credentials information are missing: GRAVITY_SERVER_URL",
+		},
+		{
+			desc:     "missing credentials",
+			envVars:  map[string]string{},
+			expected: "gravity: some credentials information are missing: GRAVITY_USERNAME,GRAVITY_PASSWORD,GRAVITY_SERVER_URL",
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			defer envTest.RestoreEnv()
+
+			envTest.ClearEnv()
+
+			envTest.Apply(test.envVars)
+
+			p, err := NewDNSProvider()
+
+			if test.expected == "" {
+				require.NoError(t, err)
+				require.NotNil(t, p)
+				require.NotNil(t, p.config)
+				require.NotNil(t, p.client)
+			} else {
+				require.EqualError(t, err, test.expected)
+			}
+		})
+	}
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+	testCases := []struct {
+		desc      string
+		username  string
+		password  string
+		serverURL string
+		expected  string
+	}{
+		{
+			desc:      "success",
+			username:  "user",
+			password:  "secret",
+			serverURL: "https://example.org:1234",
+		},
+		{
+			desc:      "missing username",
+			username:  "",
+			password:  "secret",
+			serverURL: "https://example.org:1234",
+			expected:  "gravity: credentials missing",
+		},
+		{
+			desc:      "missing password",
+			username:  "user",
+			password:  "",
+			serverURL: "https://example.org:1234",
+			expected:  "gravity: credentials missing",
+		},
+		{
+			desc:      "missing server URL",
+			username:  "user",
+			password:  "secret",
+			serverURL: "",
+			expected:  "gravity: server URL missing",
+		},
+		{
+			desc:     "missing credentials",
+			expected: "gravity: credentials missing",
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			config := NewDefaultConfig()
+			config.Username = test.username
+			config.Password = test.password
+			config.ServerURL = test.serverURL
+
+			p, err := NewDNSProviderConfig(config)
+
+			if test.expected == "" {
+				require.NoError(t, err)
+				require.NotNil(t, p)
+				require.NotNil(t, p.config)
+				require.NotNil(t, p.client)
+			} else {
+				require.EqualError(t, err, test.expected)
+			}
+		})
+	}
+}
+
+func TestLivePresent(t *testing.T) {
+	if !envTest.IsLiveTest() {
+		t.Skip("skipping live test")
+	}
+
+	envTest.RestoreEnv()
+
+	provider, err := NewDNSProvider()
+	require.NoError(t, err)
+
+	err = provider.Present(envTest.GetDomain(), "", "123d==")
+	require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+	if !envTest.IsLiveTest() {
+		t.Skip("skipping live test")
+	}
+
+	envTest.RestoreEnv()
+
+	provider, err := NewDNSProvider()
+	require.NoError(t, err)
+
+	err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+	require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+	return servermock.NewBuilder(
+		func(server *httptest.Server) (*DNSProvider, error) {
+			config := NewDefaultConfig()
+
+			config.Username = "user"
+			config.Password = "secret"
+			config.ServerURL = server.URL
+
+			config.HTTPClient = server.Client()
+
+			p, err := NewDNSProviderConfig(config)
+			if err != nil {
+				return nil, err
+			}
+
+			return p, nil
+		},
+		servermock.CheckHeader().
+			WithJSONHeaders(),
+	)
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+	provider := mockBuilder().
+		Route("POST /api/v1/auth/login",
+			servermock.ResponseFromInternal("login.json"),
+			servermock.CheckRequestJSONBodyFromInternal("login-request.json")).
+		Route("GET /api/v1/dns/",
+			http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+				if req.URL.Query().Get("name") != "example.com." {
+					servermock.ResponseFromInternal("zones.json").ServeHTTP(rw, req)
+					return
+				}
+
+				servermock.ResponseFromInternal("zones_empty.json").ServeHTTP(rw, req)
+			}),
+		).
+		Route("POST /api/v1/dns/zones/records",
+			servermock.Noop().
+				WithStatusCode(http.StatusNoContent),
+			servermock.CheckQueryParameter().Strict().
+				With("zone", "example.com.").
+				WithRegexp("uid", `\w{8}-\w{4}-\w{4}-\w{4}-\w{12}`).
+				With("hostname", "_acme-challenge")).
+		Build(t)
+
+	err := provider.Present("example.com", "abc", "123d==")
+	require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+	provider := mockBuilder().
+		Route("DELETE /api/v1/dns/zones/records",
+			servermock.Noop().
+				WithStatusCode(http.StatusNoContent),
+			servermock.CheckQueryParameter().Strict().
+				With("zone", "example.com.").
+				With("uid", "123").
+				With("type", "TXT").
+				With("hostname", "_acme-challenge")).
+		Build(t)
+
+	provider.records["abc"] = internal.Record{
+		Fqdn:     "example.com.",
+		Hostname: "_acme-challenge",
+		Type:     "TXT",
+		UID:      "123",
+	}
+
+	err := provider.CleanUp("example.com", "abc", "123d==")
+	require.NoError(t, err)
+}

providers/dns/gravity/internal/client.go

@@ -0,0 +1,234 @@
+package internal
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/cookiejar"
+	"net/url"
+	"time"
+
+	"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+	"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+	"golang.org/x/net/publicsuffix"
+)
+
+// Client the Gravity API client.
+type Client struct {
+	username string
+	password string
+
+	baseURL    *url.URL
+	HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(serverURL, username, password string) (*Client, error) {
+	if username == "" || password == "" {
+		return nil, errors.New("credentials missing")
+	}
+
+	if serverURL == "" {
+		return nil, errors.New("server URL missing")
+	}
+
+	baseURL, err := url.Parse(serverURL)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Client{
+		username:   username,
+		password:   password,
+		baseURL:    baseURL,
+		HTTPClient: &http.Client{Timeout: 10 * time.Second},
+	}, nil
+}
+
+func (c *Client) Login(ctx context.Context) (*Auth, error) {
+	jar, err := cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List})
+	if err != nil {
+		return nil, err
+	}
+
+	c.HTTPClient.Jar = jar
+
+	login := Login{
+		Username: c.username,
+		Password: c.password,
+	}
+
+	endpoint := c.baseURL.JoinPath("api", "v1", "auth", "login")
+
+	req, err := newJSONRequest(ctx, http.MethodPost, endpoint, login)
+	if err != nil {
+		return nil, err
+	}
+
+	result := &Auth{}
+
+	err = c.do(req, result)
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+func (c *Client) Me(ctx context.Context) (*UserInfo, error) {
+	endpoint := c.baseURL.JoinPath("api", "v1", "auth", "me")
+
+	req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	result := &UserInfo{}
+
+	err = c.do(req, result)
+	if err != nil {
+		return nil, err
+	}
+
+	return result, err
+}
+
+func (c *Client) GetDNSZones(ctx context.Context, name string) ([]Zone, error) {
+	endpoint := c.baseURL.JoinPath("api", "v1", "dns", "zones")
+
+	if name != "" {
+		query := endpoint.Query()
+		query.Set("name", name)
+		endpoint.RawQuery = query.Encode()
+	}
+
+	req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	result := Zones{}
+
+	err = c.do(req, &result)
+	if err != nil {
+		return nil, err
+	}
+
+	return result.Zones, nil
+}
+
+func (c *Client) CreateDNSRecord(ctx context.Context, zone string, record Record) error {
+	endpoint := c.baseURL.JoinPath("api", "v1", "dns", "zones", "records")
+
+	query := endpoint.Query()
+
+	query.Set("zone", zone)
+	query.Set("hostname", record.Hostname)
+
+	// When the UID is the same as an existing one, the record is updated, else a new record is created.
+	// An explicit UID is not required to create a record.
+	if record.UID != "" {
+		query.Set("uid", record.UID)
+	}
+
+	endpoint.RawQuery = query.Encode()
+
+	req, err := newJSONRequest(ctx, http.MethodPost, endpoint, record)
+	if err != nil {
+		return err
+	}
+
+	return c.do(req, nil)
+}
+
+func (c *Client) DeleteDNSRecord(ctx context.Context, zone string, record Record) error {
+	endpoint := c.baseURL.JoinPath("api", "v1", "dns", "zones", "records")
+
+	query := endpoint.Query()
+
+	query.Set("zone", zone)
+	query.Set("hostname", record.Hostname)
+	query.Set("uid", record.UID)
+	query.Set("type", record.Type)
+
+	endpoint.RawQuery = query.Encode()
+
+	req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+	if err != nil {
+		return err
+	}
+
+	return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+	useragent.SetHeader(req.Header)
+
+	resp, err := c.HTTPClient.Do(req)
+	if err != nil {
+		return errutils.NewHTTPDoError(req, err)
+	}
+
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode/100 != 2 {
+		return parseError(req, resp)
+	}
+
+	if result == nil {
+		return nil
+	}
+
+	raw, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return errutils.NewReadResponseError(req, resp.StatusCode, err)
+	}
+
+	err = json.Unmarshal(raw, result)
+	if err != nil {
+		return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+	}
+
+	return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+	buf := new(bytes.Buffer)
+
+	if payload != nil {
+		err := json.NewEncoder(buf).Encode(payload)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+		}
+	}
+
+	req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+	if err != nil {
+		return nil, fmt.Errorf("unable to create request: %w", err)
+	}
+
+	req.Header.Set("Accept", "application/json")
+
+	if payload != nil {
+		req.Header.Set("Content-Type", "application/json")
+	}
+
+	return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+	raw, _ := io.ReadAll(resp.Body)
+
+	var errAPI APIError
+
+	err := json.Unmarshal(raw, &errAPI)
+	if err != nil {
+		return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+	}
+
+	return &errAPI
+}

providers/dns/gravity/internal/client_test.go

@@ -0,0 +1,160 @@
+package internal
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/go-acme/lego/v4/platform/tester/servermock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+	return servermock.NewBuilder[*Client](
+		func(server *httptest.Server) (*Client, error) {
+			client, err := NewClient(server.URL, "user", "secret")
+			if err != nil {
+				return nil, err
+			}
+
+			client.HTTPClient = server.Client()
+
+			return client, nil
+		},
+		servermock.CheckHeader().
+			WithJSONHeaders(),
+	)
+}
+
+func TestClient_Login(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /api/v1/auth/login",
+			http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+				http.SetCookie(rw, &http.Cookie{
+					Name:  "gravity_session",
+					Value: "session_id",
+					Path:  "/",
+				})
+
+				servermock.ResponseFromFixture("login.json").ServeHTTP(rw, req)
+			}),
+			servermock.CheckRequestJSONBodyFromFixture("login-request.json")).
+		Build(t)
+
+	auth, err := client.Login(t.Context())
+	require.NoError(t, err)
+
+	cookies := client.HTTPClient.Jar.Cookies(client.baseURL)
+
+	require.Len(t, cookies, 1)
+
+	assert.Equal(t, "gravity_session", cookies[0].Name)
+	assert.Equal(t, "session_id", cookies[0].Value)
+
+	expected := &Auth{Successful: true}
+
+	assert.Equal(t, expected, auth)
+}
+
+func TestClient_Login_error(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /api/v1/auth/login",
+			servermock.ResponseFromFixture("error.json").
+				WithStatusCode(http.StatusUnauthorized)).
+		Build(t)
+
+	_, err := client.Login(t.Context())
+	require.EqualError(t, err, "status: UNAUTHENTICATED, error: unauthenticated, additionalProp1: string")
+}
+
+func TestClient_Me(t *testing.T) {
+	client := mockBuilder().
+		Route("GET /api/v1/auth/me",
+			servermock.ResponseFromFixture("me.json")).
+		Build(t)
+
+	info, err := client.Me(t.Context())
+	require.NoError(t, err)
+
+	expected := &UserInfo{
+		Username:      "admin",
+		Authenticated: true,
+		Permissions: []Permission{{
+			Methods: []string{"GET", "POST", "PUT", "HEAD", "DELETE"},
+			Path:    "/*",
+		}},
+	}
+
+	assert.Equal(t, expected, info)
+}
+
+func TestClient_GetDNSZones(t *testing.T) {
+	client := mockBuilder().
+		Route("GET /api/v1/dns/",
+			servermock.ResponseFromFixture("zones.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("name", "example.com.")).
+		Build(t)
+
+	zones, err := client.GetDNSZones(t.Context(), "example.com.")
+	require.NoError(t, err)
+
+	expected := []Zone{{
+		Name: "example.com.",
+		HandlerConfigs: []HandlerConfig{
+			{Type: "memory"},
+			{Type: "etcd"},
+		},
+		DefaultTTL:  86400,
+		RecordCount: 1,
+	}}
+
+	assert.Equal(t, expected, zones)
+}
+
+func TestClient_CreateDNSRecord(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /api/v1/dns/zones/records",
+			servermock.Noop().
+				WithStatusCode(http.StatusNoContent),
+			servermock.CheckRequestJSONBodyFromFixture("create_record-request.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("zone", "example.com.").
+				With("uid", "123").
+				With("hostname", "_acme-challenge")).
+		Build(t)
+
+	record := Record{
+		Data:     "txtTXTtxt",
+		Hostname: "_acme-challenge",
+		Type:     "TXT",
+		UID:      "123",
+	}
+
+	err := client.CreateDNSRecord(t.Context(), "example.com.", record)
+	require.NoError(t, err)
+}
+
+func TestClient_DeleteDNSRecord(t *testing.T) {
+	client := mockBuilder().
+		Route("DELETE /api/v1/dns/zones/records",
+			servermock.Noop().
+				WithStatusCode(http.StatusNoContent),
+			servermock.CheckQueryParameter().Strict().
+				With("zone", "example.com.").
+				With("uid", "123").
+				With("type", "TXT").
+				With("hostname", "_acme-challenge")).
+		Build(t)
+
+	record := Record{
+		Data:     "txtTXTtxt",
+		Hostname: "_acme-challenge",
+		Type:     "TXT",
+		UID:      "123",
+	}
+
+	err := client.DeleteDNSRecord(t.Context(), "example.com.", record)
+	require.NoError(t, err)
+}

providers/dns/gravity/internal/fixtures/create_record-request.json

@@ -0,0 +1,6 @@
+{
+  "data": "txtTXTtxt",
+  "hostname": "_acme-challenge",
+  "type": "TXT",
+  "uid": "123"
+}

providers/dns/gravity/internal/fixtures/error.json

@@ -0,0 +1,8 @@
+{
+  "code": 0,
+  "context": {
+    "additionalProp1": "string"
+  },
+  "error": "unauthenticated",
+  "status": "UNAUTHENTICATED"
+}

providers/dns/gravity/internal/fixtures/login-request.json

@@ -0,0 +1,4 @@
+{
+  "username": "user",
+  "password": "secret"
+}

providers/dns/gravity/internal/fixtures/login.json

@@ -0,0 +1,3 @@
+{
+  "successful": true
+}

providers/dns/gravity/internal/fixtures/me.json

@@ -0,0 +1,16 @@
+{
+  "username": "admin",
+  "authenticated": true,
+  "permissions": [
+    {
+      "path": "/*",
+      "methods": [
+        "GET",
+        "POST",
+        "PUT",
+        "HEAD",
+        "DELETE"
+      ]
+    }
+  ]
+}

providers/dns/gravity/internal/fixtures/me_unauthenticated.json

@@ -0,0 +1,5 @@
+{
+  "username": "",
+  "authenticated": false,
+  "permissions": null
+}

providers/dns/gravity/internal/fixtures/zones.json

@@ -0,0 +1,19 @@
+{
+  "zones": [
+    {
+      "name": "example.com.",
+      "handlerConfigs": [
+        {
+          "type": "memory"
+        },
+        {
+          "type": "etcd"
+        }
+      ],
+      "defaultTTL": 86400,
+      "authoritative": false,
+      "hook": "",
+      "recordCount": 1
+    }
+  ]
+}

providers/dns/gravity/internal/fixtures/zones_empty.json

@@ -0,0 +1,3 @@
+{
+  "zones": null
+}

providers/dns/gravity/internal/types.go

@@ -0,0 +1,82 @@
+package internal
+
+import (
+	"fmt"
+	"strings"
+)
+
+type APIError struct {
+	Status   string            `json:"status"`
+	ErrorMsg string            `json:"error"`
+	Code     int               `json:"code"`
+	Context  map[string]string `json:"context"`
+}
+
+func (a *APIError) Error() string {
+	var msg strings.Builder
+
+	msg.WriteString(fmt.Sprintf("status: %s, error: %s", a.Status, a.ErrorMsg))
+
+	if a.Code != 0 {
+		msg.WriteString(fmt.Sprintf(", code: %d", a.Code))
+	}
+
+	if len(a.Context) != 0 {
+		for k, v := range a.Context {
+			msg.WriteString(fmt.Sprintf(", %s: %s", k, v))
+		}
+	}
+
+	return msg.String()
+}
+
+type Login struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type Auth struct {
+	Successful bool `json:"successful"`
+}
+
+type UserInfo struct {
+	Username      string       `json:"username"`
+	Authenticated bool         `json:"authenticated"`
+	Permissions   []Permission `json:"permissions"`
+}
+
+type Permission struct {
+	Methods []string `json:"methods"`
+	Path    string   `json:"path"`
+}
+
+type Zones struct {
+	Zones []Zone `json:"zones"`
+}
+
+type Zone struct {
+	Name           string          `json:"name"`
+	HandlerConfigs []HandlerConfig `json:"handlerConfigs"`
+	DefaultTTL     int             `json:"defaultTTL"`
+	Authoritative  bool            `json:"authoritative"`
+	Hook           string          `json:"hook"`
+	RecordCount    int             `json:"recordCount"`
+}
+
+type HandlerConfig struct {
+	Type     string   `json:"type"`
+	CacheTTL int      `json:"cache_ttl,omitempty"`
+	To       []string `json:"to,omitempty"`
+}
+
+type Record struct {
+	Data         string `json:"data,omitempty"`
+	Fqdn         string `json:"fqdn,omitempty"`
+	Hostname     string `json:"hostname,omitempty"`
+	MxPreference int    `json:"mxPreference,omitempty"`
+	SrvPort      int    `json:"srvPort,omitempty"`
+	SrvPriority  int    `json:"srvPriority,omitempty"`
+	SrvWeight    int    `json:"srvWeight,omitempty"`
+	Type         string `json:"type,omitempty"`
+	UID          string `json:"uid,omitempty"`
+}

providers/dns/zz_gen_dns_providers.go

@@ -73,6 +73,7 @@ import (
 	"github.com/go-acme/lego/v4/providers/dns/glesys"
 	"github.com/go-acme/lego/v4/providers/dns/godaddy"
 	"github.com/go-acme/lego/v4/providers/dns/googledomains"
+	"github.com/go-acme/lego/v4/providers/dns/gravity"
 	"github.com/go-acme/lego/v4/providers/dns/hetzner"
 	"github.com/go-acme/lego/v4/providers/dns/hostingde"
 	"github.com/go-acme/lego/v4/providers/dns/hostinger"
@@ -315,6 +316,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
 		return godaddy.NewDNSProvider()
 	case "googledomains":
 		return googledomains.NewDNSProvider()
+	case "gravity":
+		return gravity.NewDNSProvider()
 	case "hetzner":
 		return hetzner.NewDNSProvider()
 	case "hostingde":