
function Get-CurrentPluginType { 'dns-01' }

function Add-DnsTxt {
        [Parameter(Mandatory, Position = 0)]
        [Parameter(Mandatory, Position = 1)]
        [string]$CoreNetworksApiRoot = '',

    if (-not $script:CoreNetworksToken) {
        $script:CoreNetworksToken = Get-CoreNetworksAuthToken $CoreNetworksApiRoot $CoreNetworksCred

    ### Authentication at the API via authentication token, which must be sent in the headers of every request.
    $headers = @{
        Authorization="Bearer $($script:CoreNetworksToken)"

    ### Search und find the dns zone of the (sub)domain (for example:
    $zoneName = $(Find-CoreNetworksDnsZones $CoreNetworksApiRoot $headers $RecordName)
    Write-Debug $zoneName

    ### Grab the relative portion of the Fully Qualified Domain Name (FQDN)
    $DnsTxtName = $RecordName -ireplace "\.?$([regex]::Escape($zoneName.TrimEnd('.')))$",''
    Write-Debug $DnsTxtName

    # build the add record query
    # API will ignore if the record already exists
    $queryParams = @{
        Uri = "$CoreNetworksApiRoot/dnszones/$zoneName/records/"
        Method = 'POST'
        Body = @{
            name = $DnsTxtName
            ttl  = 60
            type = 'TXT'
            data = "`"$TxtValue`""
        } | ConvertTo-Json
        Headers = $headers
        ContentType = 'application/json'
        Verbose = $false
        ErrorAction = 'Stop'

    ### Send a POST request including bearer authentication.
    try {
        Write-Debug "POST $($queryParams.Uri)`n$($queryParams.Body)"
        Invoke-RestMethod @queryParams @script:UseBasic | Out-Null
    catch {
        Write-Debug $_

    # Add the zone name to a script variable so the Save function can commit
    # all changes at once when it's called.
    if (-not $script:CoreNetworksZones) { $script:CoreNetworksZones = @() }
    $script:CoreNetworksZones += $zoneName

        Add a DNS TXT record to CoreNetworks.

        Add a DNS TXT record to CoreNetworks.

    .PARAMETER RecordName
        The fully qualified name of the TXT record.

    .PARAMETER TxtValue
        The value of the TXT record.

    .PARAMETER CoreNetworksCred
        The API username and password required to authenticate.

    .PARAMETER CoreNetworksApiRoot
        The root URL of the API. Defaults to

    .PARAMETER ExtraParams
        This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.

        Add-DnsTxt '' 'txtvalue' -CoreNetworksCred (Get-Credential)

        Adds a TXT record using credentials and ignores certificate validation.


function Remove-DnsTxt {
        [Parameter(Mandatory, Position = 0)]
        [Parameter(Mandatory, Position = 1)]
        [string]$CoreNetworksApiRoot = '',

    if (-not $script:CoreNetworksToken) {
        $script:CoreNetworksToken = Get-CoreNetworksAuthToken $CoreNetworksApiRoot $CoreNetworksCred

    ### Authentication at the API via authentication token, which must be sent in the headers of every request.
    $headers = @{
        Authorization="Bearer $($script:CoreNetworksToken)"

    ### Search und find the dns zone of the (sub)domain (for example:
    $zoneName = $(Find-CoreNetworksDnsZones $CoreNetworksApiRoot $headers $RecordName)
    Write-Debug $zoneName

    ### Grab the relative portion of the Fully Qualified Domain Name (FQDN)
    $DnsTxtName = $RecordName -ireplace "\.?$([regex]::Escape($zoneName.TrimEnd('.')))$",''
    Write-Debug $DnsTxtName

    # build the delete record query
    # API will ignore if the record we're deleting doesn't exist
    $queryParams = @{
        Uri = "$CoreNetworksApiRoot/dnszones/$zoneName/records/delete"
        Method = 'POST'
        Body = @{
            name = $DnsTxtName
            data = "`"$TxtValue`""
        } | ConvertTo-Json
        Headers = $headers
        ContentType = 'application/json'
        Verbose = $false
        ErrorAction = 'Stop'

    ### Send a POST request including bearer authentication.
    try {
        Write-Debug "POST $($queryParams.Uri)`n$($queryParams.Body)"
        Invoke-RestMethod @queryParams @script:UseBasic | Out-Null
    catch {
        Write-Debug $_

    # Add the zone name to a script variable so the Save function can commit
    # all changes at once when it's called.
    if (-not $script:CoreNetworksZones) { $script:CoreNetworksZones = @() }
    $script:CoreNetworksZones += $zoneName

        Add a DNS TXT record to CoreNetworks.

        Add a DNS TXT record to CoreNetworks.

    .PARAMETER RecordName
        The fully qualified name of the TXT record.

    .PARAMETER TxtValue
        The value of the TXT record.

    .PARAMETER CoreNetworksCred
        The API username and password required to authenticate.

    .PARAMETER CoreNetworksApiRoot
        The root URL of the API. Defaults to

    .PARAMETER ExtraParams
        This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.

        Remove-DnsTxt '' 'txt-value' -CoreNetworksCred (Get-Credential)

        Removes a TXT record for the specified site with the specified value.


function Save-DnsTxt {
        [string]$CoreNetworksApiRoot = '',

    ### Our current backend for the name server is not suitable for the high-frequency processing of DNS records. So that you can make
    ### major changes to DNS zones quickly without having to wait for the name server, changes to the DNS records are not transmitted
    ### to the name servers immediately. Instead, when you are done changing DNS records, you must commit the zone.

    # return early if there's nothing to commit
    if (-not $script:CoreNetworksZones) { return }

    if (-not $script:CoreNetworksToken) {
        $script:CoreNetworksToken = Get-CoreNetworksAuthToken $CoreNetworksApiRoot $CoreNetworksCred

    # get a fresh auth token
    $headers = @{
        Authorization="Bearer $($script:CoreNetworksToken)"

    # commit each unique zone
    $script:CoreNetworksZones | Sort-Object -Unique | ForEach-Object {

        $queryParams = @{
            Uri = "$CoreNetworksApiRoot/dnszones/$_/records/commit"
            Method = 'POST'
            Headers = $headers
            ContentType = 'application/json'
            Verbose = $false
            ErrorAction = 'Stop'

        ### Send a POST request including bearer authentication.
        try {
            Write-Verbose "Committing changes for $_"
            Write-Debug "POST $($queryParams.Uri)"
            Invoke-RestMethod @queryParams @script:UseBasic | Out-Null
        catch {
            Write-Debug $_


    if ($script:CoreNetworksZones) { Remove-Variable CoreNetworksZones -Scope Script }

        Commit changes made to Core Networks zones

        This provider does not require calling this function to commit changes to DNS records.

    .PARAMETER CoreNetworksCred
        The API username and password required to authenticate.

    .PARAMETER CoreNetworksApiRoot
        The root URL of the API. Defaults to

    .PARAMETER ExtraParams
        This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.

        Save-DnsTxt -CoreNetworksCred (Get-Credential)

        Commits changes to zones modified by Add-DnsTxt and Remove-DnsTxt.


# Helper Functions

# API Docs

### To get a token, you need an API user account. You can set this up in the API user account management in our web interface.
function Get-CoreNetworksAuthToken {
        [Parameter(Mandatory, Position=0)]
        [Parameter(Mandatory, Position=1)]

    $passPlain = $Cred.GetNetworkCredential().Password

    # Request a new bearer token using the credentials.
    $queryParams = @{
        Uri = "$ApiRootUrl/auth/token"
        Method = 'POST'
        Body = @{
            login = $Cred.UserName
            password = $passPlain
        } | ConvertTo-Json
        ContentType = 'application/json'
        Verbose = $false
        ErrorAction = 'Stop'
    try {
        # sanitize the body so we don't log the plaintext password
        Write-Debug "POST $($queryParams.Uri)`n$($queryParams.Body.Replace($passPlain,'XXXXXXXX'))"

        $data = Invoke-RestMethod @queryParams @script:UseBasic

        return $data.token
    catch {
        Write-Debug $_

### With the following function you get a list of all DNS zones that you currently have.
function Find-CoreNetworksDnsZones {
        [Parameter(Mandatory, Position=0)]
        [Parameter(Mandatory, Position=1)]
        [Parameter(Mandatory, Position=2)]

    ### Send a POST request including bearer authentication.
    try {
        $queryParams = @{
            Uri = "$ApiRootUrl/dnszones/"
            Headers = $Headers
            Verbose = $false
            ErrorAction = 'Stop'
        Write-Debug "GET $($queryParams.Uri)"
        $data = Invoke-RestMethod @queryParams @script:UseBasic

        foreach ($e in $ {
            if ($RecordName -match $e ) {
                return $e
    catch {
        Write-Debug $_