From 31158bc58c3977e324996d7eba83b0ddfffcdff3 Mon Sep 17 00:00:00 2001 From: risson <18313093+rissson@users.noreply.github.com> Date: Sun, 28 Feb 2021 00:45:58 +0100 Subject: [PATCH] designate: support for Openstack Application Credentials (#1360) --- cmd/zz_gen_cmd_dnshelp.go | 4 ++ docs/content/dns/zz_gen_designate.md | 46 +++++++++++++++++++++-- go.mod | 9 +++-- go.sum | 30 +++++++-------- providers/dns/designate/designate.go | 23 ++++++------ providers/dns/designate/designate.toml | 45 +++++++++++++++++++++- providers/dns/designate/designate_test.go | 21 ++++++----- 7 files changed, 134 insertions(+), 44 deletions(-) diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go index 9a99bf07..29db62ca 100644 --- a/cmd/zz_gen_cmd_dnshelp.go +++ b/cmd/zz_gen_cmd_dnshelp.go @@ -462,11 +462,15 @@ func displayDNSHelp(name string) error { ew.writeln() ew.writeln(`Credentials:`) + ew.writeln(` - "OS_APPLICATION_CREDENTIAL_ID": Application credential ID`) + ew.writeln(` - "OS_APPLICATION_CREDENTIAL_NAME": Application credential name`) + ew.writeln(` - "OS_APPLICATION_CREDENTIAL_SECRET": Application credential secret`) ew.writeln(` - "OS_AUTH_URL": Identity endpoint URL`) ew.writeln(` - "OS_PASSWORD": Password`) ew.writeln(` - "OS_PROJECT_NAME": Project name`) ew.writeln(` - "OS_REGION_NAME": Region name`) ew.writeln(` - "OS_USERNAME": Username`) + ew.writeln(` - "OS_USER_ID": User ID`) ew.writeln() ew.writeln(`Additional Configuration:`) diff --git a/docs/content/dns/zz_gen_designate.md b/docs/content/dns/zz_gen_designate.md index d2e1aab6..9141ebb3 100644 --- a/docs/content/dns/zz_gen_designate.md +++ b/docs/content/dns/zz_gen_designate.md @@ -18,9 +18,31 @@ Configuration for [Designate DNSaaS for Openstack](https://docs.openstack.org/de - Code: `designate` -{{% notice note %}} -_Please contribute by adding a CLI example._ -{{% /notice %}} +Here is an example bash command using the Designate DNSaaS for Openstack provider: + +```bash +# With a `clouds.yaml` +OS_CLOUD=my_openstack \ +lego --email myemail@example.com --dns designate --domains my.example.org run + +# or + +OS_AUTH_URL=https://openstack.example.org \ +OS_REGION_NAME=RegionOne \ +OS_PROJECT_ID=23d4522a987d4ab529f722a007c27846 +OS_USERNAME=myuser \ +OS_PASSWORD=passw0rd \ +lego --email myemail@example.com --dns designate --domains my.example.org run + +# or + +OS_AUTH_URL=https://openstack.example.org \ +OS_REGION_NAME=RegionOne \ +OS_AUTH_TYPE=v3applicationcredential \ +OS_APPLICATION_CREDENTIAL_ID=imn74uq0or7dyzz20dwo1ytls4me8dry \ +OS_APPLICATION_CREDENTIAL_SECRET=68FuSPSdQqkFQYH5X1OoriEIJOwyLtQ8QSqXZOc9XxFK1A9tzZT6He2PfPw0OMja \ +lego --email myemail@example.com --dns designate --domains my.example.org run +``` @@ -29,11 +51,15 @@ _Please contribute by adding a CLI example._ | Environment Variable Name | Description | |-----------------------|-------------| +| `OS_APPLICATION_CREDENTIAL_ID` | Application credential ID | +| `OS_APPLICATION_CREDENTIAL_NAME` | Application credential name | +| `OS_APPLICATION_CREDENTIAL_SECRET` | Application credential secret | | `OS_AUTH_URL` | Identity endpoint URL | | `OS_PASSWORD` | Password | | `OS_PROJECT_NAME` | Project name | | `OS_REGION_NAME` | Region name | | `OS_USERNAME` | Username | +| `OS_USER_ID` | User ID | The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. More information [here](/lego/dns/#configuration-and-credentials). @@ -52,6 +78,20 @@ More information [here](/lego/dns/#configuration-and-credentials). The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. More information [here](/lego/dns/#configuration-and-credentials). +## Description + +There are three main ways of authenticating with Designate: + +1. The first one is by using the `OS_CLOUD` environment variable and a `clouds.yaml` file. +2. The second one is using your username and password, via the `OS_USERNAME`, `OS_PASSWORD` and `OS_PROJECT_NAME` environment variables. +3. The third one is by using an application credential, via the `OS_APPLICATION_CREDENTIAL_*` and `OS_USER_ID` environment variables. + +For the username/password and application methods, the `OS_AUTH_URL` and `OS_REGION_NAME` environment variables are required. + +For more information, you can read about the different methods of authentication with OpenStack in the Keystone's documentation and the gophercloud documentation: + +- [Keystone username/password](https://docs.openstack.org/keystone/latest/user/supported_clients.html) +- [Keystone application credentials](https://docs.openstack.org/keystone/latest/user/application_credentials.html) diff --git a/go.mod b/go.mod index 7063bf60..4846393d 100644 --- a/go.mod +++ b/go.mod @@ -20,8 +20,8 @@ require ( github.com/dnsimple/dnsimple-go v0.63.0 github.com/exoscale/egoscale v0.23.0 github.com/google/go-querystring v1.0.0 - github.com/gophercloud/gophercloud v0.7.0 - github.com/gophercloud/utils v0.0.0-20200508015959-b0167b94122c + github.com/gophercloud/gophercloud v0.16.0 + github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect github.com/labbsr0x/bindman-dns-webhook v1.0.2 @@ -43,11 +43,12 @@ require ( github.com/transip/gotransip/v6 v6.2.0 github.com/urfave/cli v1.22.4 github.com/vultr/govultr/v2 v2.0.0 - golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 + golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad golang.org/x/net v0.0.0-20200822124328-c89045814202 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d google.golang.org/api v0.20.0 + gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/ns1/ns1-go.v2 v2.4.2 gopkg.in/square/go-jose.v2 v2.5.1 - gopkg.in/yaml.v2 v2.3.0 + gopkg.in/yaml.v2 v2.4.0 ) diff --git a/go.sum b/go.sum index 86f9304f..b2ce112d 100644 --- a/go.sum +++ b/go.sum @@ -162,11 +162,11 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gophercloud/gophercloud v0.6.1-0.20191122030953-d8ac278c1c9d/go.mod h1:ozGNgr9KYOVATV5jsgHl/ceCDXGuguqOZAzoQ/2vcNM= -github.com/gophercloud/gophercloud v0.7.0 h1:vhmQQEM2SbnGCg2/3EzQnQZ3V7+UCGy9s8exQCprNYg= -github.com/gophercloud/gophercloud v0.7.0/go.mod h1:gmC5oQqMDOMO1t1gq5DquX/yAU808e/4mzjjDA76+Ss= -github.com/gophercloud/utils v0.0.0-20200508015959-b0167b94122c h1:iawx2ojEQA7c+GmkaVO5sN+k8YONibXyDO8RlsC+1bs= -github.com/gophercloud/utils v0.0.0-20200508015959-b0167b94122c/go.mod h1:ehWUbLQJPqS0Ep+CxeD559hsm9pthPXadJNKwZkp43w= +github.com/gophercloud/gophercloud v0.15.1-0.20210202035223-633d73521055/go.mod h1:wRtmUelyIIv3CSSDI47aUwbs075O6i+LY+pXsKCBsb4= +github.com/gophercloud/gophercloud v0.16.0 h1:sWjPfypuzxRxjVbk3/MsU4H8jS0NNlyauZtIUl78BPU= +github.com/gophercloud/gophercloud v0.16.0/go.mod h1:wRtmUelyIIv3CSSDI47aUwbs075O6i+LY+pXsKCBsb4= +github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae h1:Hi3IgB9RQDE15Kfovd8MTZrcana+UlQqNbOif8dLpA0= +github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae/go.mod h1:wx8HMD8oQD0Ryhz6+6ykq75PJ79iPyEqYHfwZ4l7OsA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= @@ -182,7 +182,7 @@ github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxC github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-retryablehttp v0.6.6 h1:HJunrbHTDDbBb/ay4kxa1n+dLmttUlnP3V9oNE4hmsM= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= @@ -346,9 +346,9 @@ golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaE golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY= +golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -396,7 +396,6 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -438,7 +437,7 @@ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -447,8 +446,11 @@ golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -481,7 +483,6 @@ golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191203134012-c197fd4bf371/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= @@ -566,11 +567,10 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/providers/dns/designate/designate.go b/providers/dns/designate/designate.go index c007932b..02438c70 100644 --- a/providers/dns/designate/designate.go +++ b/providers/dns/designate/designate.go @@ -28,13 +28,17 @@ const ( envNamespaceClient = "OS_" - EnvAuthURL = envNamespaceClient + "AUTH_URL" - EnvUsername = envNamespaceClient + "USERNAME" - EnvPassword = envNamespaceClient + "PASSWORD" - EnvTenantName = envNamespaceClient + "TENANT_NAME" - EnvRegionName = envNamespaceClient + "REGION_NAME" - EnvProjectID = envNamespaceClient + "PROJECT_ID" - EnvCloud = envNamespaceClient + "CLOUD" + EnvAuthURL = envNamespaceClient + "AUTH_URL" + EnvUsername = envNamespaceClient + "USERNAME" + EnvPassword = envNamespaceClient + "PASSWORD" + EnvUserID = envNamespaceClient + "USER_ID" + EnvAppCredID = envNamespaceClient + "APPLICATION_CREDENTIAL_ID" + EnvAppCredName = envNamespaceClient + "APPLICATION_CREDENTIAL_NAME" + EnvAppCredSecret = envNamespaceClient + "APPLICATION_CREDENTIAL_SECRET" + EnvTenantName = envNamespaceClient + "TENANT_NAME" + EnvRegionName = envNamespaceClient + "REGION_NAME" + EnvProjectID = envNamespaceClient + "PROJECT_ID" + EnvCloud = envNamespaceClient + "CLOUD" ) // Config is used to configure the creation of the DNSProvider. @@ -80,11 +84,6 @@ func NewDNSProvider() (*DNSProvider, error) { config.opts = *opts } else { - _, err = env.Get(EnvAuthURL, EnvUsername, EnvPassword, EnvRegionName) - if err != nil { - return nil, fmt.Errorf("designate: %w", err) - } - opts, err := openstack.AuthOptionsFromEnv() if err != nil { return nil, fmt.Errorf("designate: %w", err) diff --git a/providers/dns/designate/designate.toml b/providers/dns/designate/designate.toml index 396a5b58..630c61bb 100644 --- a/providers/dns/designate/designate.toml +++ b/providers/dns/designate/designate.toml @@ -4,13 +4,56 @@ URL = "https://docs.openstack.org/designate/latest/" Code = "designate" Since = "v2.2.0" -Example = '''''' +Example = ''' +# With a `clouds.yaml` +OS_CLOUD=my_openstack \ +lego --email myemail@example.com --dns designate --domains my.example.org run + +# or + +OS_AUTH_URL=https://openstack.example.org \ +OS_REGION_NAME=RegionOne \ +OS_PROJECT_ID=23d4522a987d4ab529f722a007c27846 +OS_USERNAME=myuser \ +OS_PASSWORD=passw0rd \ +lego --email myemail@example.com --dns designate --domains my.example.org run + +# or + +OS_AUTH_URL=https://openstack.example.org \ +OS_REGION_NAME=RegionOne \ +OS_AUTH_TYPE=v3applicationcredential \ +OS_APPLICATION_CREDENTIAL_ID=imn74uq0or7dyzz20dwo1ytls4me8dry \ +OS_APPLICATION_CREDENTIAL_SECRET=68FuSPSdQqkFQYH5X1OoriEIJOwyLtQ8QSqXZOc9XxFK1A9tzZT6He2PfPw0OMja \ +lego --email myemail@example.com --dns designate --domains my.example.org run +''' + +Additional = ''' +## Description + +There are three main ways of authenticating with Designate: + +1. The first one is by using the `OS_CLOUD` environment variable and a `clouds.yaml` file. +2. The second one is using your username and password, via the `OS_USERNAME`, `OS_PASSWORD` and `OS_PROJECT_NAME` environment variables. +3. The third one is by using an application credential, via the `OS_APPLICATION_CREDENTIAL_*` and `OS_USER_ID` environment variables. + +For the username/password and application methods, the `OS_AUTH_URL` and `OS_REGION_NAME` environment variables are required. + +For more information, you can read about the different methods of authentication with OpenStack in the Keystone's documentation and the gophercloud documentation: + +- [Keystone username/password](https://docs.openstack.org/keystone/latest/user/supported_clients.html) +- [Keystone application credentials](https://docs.openstack.org/keystone/latest/user/application_credentials.html) +''' [Configuration] [Configuration.Credentials] OS_AUTH_URL = "Identity endpoint URL" OS_USERNAME = "Username" OS_PASSWORD = "Password" + OS_USER_ID = "User ID" + OS_APPLICATION_CREDENTIAL_ID = "Application credential ID" + OS_APPLICATION_CREDENTIAL_NAME = "Application credential name" + OS_APPLICATION_CREDENTIAL_SECRET = "Application credential secret" OS_PROJECT_NAME = "Project name" OS_REGION_NAME = "Region name" [Configuration.Additional] diff --git a/providers/dns/designate/designate_test.go b/providers/dns/designate/designate_test.go index 4a68d245..fe6de437 100644 --- a/providers/dns/designate/designate_test.go +++ b/providers/dns/designate/designate_test.go @@ -24,6 +24,10 @@ var envTest = tester.NewEnvTest( EnvAuthURL, EnvUsername, EnvPassword, + EnvUserID, + EnvAppCredID, + EnvAppCredName, + EnvAppCredSecret, EnvTenantName, EnvRegionName, EnvProjectID, @@ -56,7 +60,7 @@ func TestNewDNSProvider_fromEnv(t *testing.T) { EnvPassword: "", EnvRegionName: "", }, - expected: "designate: some credentials information are missing: OS_AUTH_URL,OS_USERNAME,OS_PASSWORD,OS_REGION_NAME", + expected: "designate: Missing environment variable [OS_AUTH_URL]", }, { desc: "missing auth url", @@ -66,7 +70,7 @@ func TestNewDNSProvider_fromEnv(t *testing.T) { EnvPassword: "C", EnvRegionName: "D", }, - expected: "designate: some credentials information are missing: OS_AUTH_URL", + expected: "designate: Missing environment variable [OS_AUTH_URL]", }, { desc: "missing username", @@ -76,7 +80,7 @@ func TestNewDNSProvider_fromEnv(t *testing.T) { EnvPassword: "C", EnvRegionName: "D", }, - expected: "designate: some credentials information are missing: OS_USERNAME", + expected: "designate: Missing one of the following environment variables [OS_USERID, OS_USERNAME]", }, { desc: "missing password", @@ -86,17 +90,16 @@ func TestNewDNSProvider_fromEnv(t *testing.T) { EnvPassword: "", EnvRegionName: "D", }, - expected: "designate: some credentials information are missing: OS_PASSWORD", + expected: "designate: Missing environment variable [OS_PASSWORD]", }, { - desc: "missing region name", + desc: "missing application credential secret", envVars: map[string]string{ EnvAuthURL: serverURL + "/v2.0/", - EnvUsername: "B", - EnvPassword: "C", - EnvRegionName: "", + EnvRegionName: "D", + EnvAppCredID: "F", }, - expected: "designate: some credentials information are missing: OS_REGION_NAME", + expected: "designate: Missing environment variable [OS_APPLICATION_CREDENTIAL_SECRET]", }, }