New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GANDI: Gandi v5 auth changes #2726
base: main
Are you sure you want to change the base?
Conversation
4256b96
to
bd136ec
Compare
Well it looks that the promising |
Yeah, I'd remove the dryrun feature. Seems like it will create more confusion than help. |
352b45b
to
3867899
Compare
// SharingID: client.sharingid, | ||
// Debug: client.debug, | ||
// }) | ||
// g := NewLiveDNSClient(client) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"N" should be lowercase. There's no need to export this function.
I'm a Gandi user so I was very excited to see this PR. However I don't seem to be able to make this work with my configuration. From the debug output, it looks like it is using the Bearer token for most system calls, but not all. In particular, GetNameservers and GetRegistrarCorrections don't seem to be updated to use the Bearer token (PAT). My creds.json entry:
The output with debug:
|
For integration tests to work, the providers.json file needs to be updated:
|
Another suggestion:
|
Drat. I can't figure out what settings are required to make a PAT that works for me.
I even created a PAT that has all the DNS-related roles: |
8cb583c
to
a8feba5
Compare
I agree with those settings, these are the ones I use with success. My PATs are even limited to "products" (domain names) to further isolate the impact. |
a8feba5
to
edd8ce2
Compare
This seems linked to your previous error : "it looks like it is using the Bearer token for most system calls, but not all" ? If so it's unrelated to the PAT itself. |
edd8ce2
to
a6a79bc
Compare
a6a79bc
to
5b9d26a
Compare
It's my fault, I patched only the |
This PR handles the new default auth mechanism for GANDI_V5 API (
token
) now that theapikey
is officialy deprecated.The change should be transparent for existing users still using the
apikey
entry.Other changes to
creds.json
include:apiurl
setting to control then endpoint and allowing to use the sandbox endpointdryrun
setting to allow DryRun use of certain API verbs (untested)Please note that I had no success creating a domain in the sandbox environment, thus was not able to validate that everything was working as expected there. However, the API calls are (of course) properly sent to
apiurl
and the authentication works there.(notifying maintainer: @TomOnTime @tlimoncelli)