1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
From af81daf60c64f01611a1f6a34ef141dc1cf020d0 Mon Sep 17 00:00:00 2001
From: Corentin Forler <10946971+cogk@users.noreply.github.com>
Date: Wed, 20 Sep 2023 11:01:23 +0200
Subject: [PATCH 1/2] feat: Add authentication with Personal Access Token
---
certbot_plugin_gandi/gandi_api.py | 12 ++++++++----
certbot_plugin_gandi/main.py | 24 ++++++++++++++++++------
2 files changed, 26 insertions(+), 10 deletions(-)
diff --git a/certbot_plugin_gandi/gandi_api.py b/certbot_plugin_gandi/gandi_api.py
index 3e1ef84..67c9908 100644
--- a/certbot_plugin_gandi/gandi_api.py
+++ b/certbot_plugin_gandi/gandi_api.py
@@ -4,11 +4,11 @@
from collections import namedtuple
from certbot.plugins import dns_common
-_GandiConfig = namedtuple('_GandiConfig', ('api_key', 'sharing_id',))
+_GandiConfig = namedtuple('_GandiConfig', ('api_key', 'sharing_id', 'personal_access_token',))
_BaseDomain = namedtuple('_BaseDomain', ('fqdn'))
-def get_config(api_key, sharing_id):
- return _GandiConfig(api_key=api_key, sharing_id=sharing_id)
+def get_config(api_key, sharing_id, personal_access_token=None):
+ return _GandiConfig(api_key=api_key, sharing_id=sharing_id, personal_access_token=personal_access_token)
def _get_json(response):
@@ -24,9 +24,13 @@ def _get_response_message(response, default='<No reason given>'):
def _headers(cfg):
+ if cfg.personal_access_token:
+ auth = 'Bearer ' + cfg.personal_access_token
+ else:
+ auth = 'Apikey ' + cfg.api_key
return {
'Content-Type': 'application/json',
- 'Authorization': 'Apikey ' + cfg.api_key
+ 'Authorization': auth,
}
diff --git a/certbot_plugin_gandi/main.py b/certbot_plugin_gandi/main.py
index c547d1a..6930f0c 100644
--- a/certbot_plugin_gandi/main.py
+++ b/certbot_plugin_gandi/main.py
@@ -15,7 +15,7 @@ def register_authenticator(cls):
import zope.interface
zope.interface.implementer(interfaces.IAuthenticator)(cls)
zope.interface.provider(interfaces.IPluginFactory)(cls)
- return cls
+ return cls
@register_authenticator
class Authenticator(dns_common.DNSAuthenticator):
@@ -47,14 +47,22 @@ def _validate_sharing_id(self, credentials):
except ValueError:
raise errors.PluginError("Invalid sharing_id: {0}.".format(sharing_id))
+ def _validate(self, credentials):
+ self._validate_sharing_id(credentials)
+
+ # Either api-key or token must be set
+ if not credentials.conf('api-key') and not credentials.conf('token'):
+ raise errors.PluginError(
+ 'Missing property in credentials configuration file {0}: {1}'.format(
+ credentials.confobj.filename, 'dns_gandi_api_key or dns_gandi_token must be set')
+ )
+
def _setup_credentials(self):
self.credentials = self._configure_credentials(
'credentials',
'Gandi credentials INI file',
- {
- 'api-key': 'API key for Gandi account',
- },
- self._validate_sharing_id
+ {},
+ self._validate
)
@@ -71,4 +79,8 @@ def _cleanup(self, domain, validation_name, validation):
def _get_gandi_config(self):
- return gandi_api.get_config(api_key = self.credentials.conf('api-key'), sharing_id = self.credentials.conf('sharing-id'))
+ return gandi_api.get_config(
+ api_key = self.credentials.conf('api-key'),
+ sharing_id = self.credentials.conf('sharing-id'),
+ personal_access_token = self.credentials.conf('token'),
+ )
From da164a8360a6cceeb5fc9b45000d37d75682fb45 Mon Sep 17 00:00:00 2001
From: Corentin Forler <10946971+cogk@users.noreply.github.com>
Date: Wed, 20 Sep 2023 11:08:02 +0200
Subject: [PATCH 2/2] doc: Update readme to showcase personal access token
---
README.md | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/README.md b/README.md
index ede080d..68f982e 100644
--- a/README.md
+++ b/README.md
@@ -13,15 +13,12 @@ customers to prove control of a domain name.
2. Install the plugin using `pip install certbot-plugin-gandi`
3. Create a `gandi.ini` config file with the following contents and apply `chmod 600 gandi.ini` on it:
+ ```conf
+ # Gandi personal access token
+ dns_gandi_token=PERSONAL_ACCESS_TOKEN
```
- # live dns v5 api key
- dns_gandi_api_key=APIKEY
-
- # optional organization id, remove it if not used
- dns_gandi_sharing_id=SHARINGID
- ```
- Replace `APIKEY` with your Gandi API key and ensure permissions are set
- to disallow access to other users.
+ Replace `PERSONAL_ACCESS_TOKEN` with your Gandi personal access token and ensure permissions are set
+ to disallow access to other users. You can also use a Gandi LiveDNS API Key instead, see FAQ below.
4. Run `certbot` and direct it to use the plugin for authentication and to use
the config file previously created:
@@ -70,6 +67,20 @@ You can setup automatic renewal using `crontab` with the following job for weekl
## FAQ
+> I don't have a personal access token, only a Gandi LiveDNS API Key
+
+Use the following configuration in your `gandi.ini` file instead:
+
+```conf
+# live dns v5 api key
+dns_gandi_api_key=APIKEY
+
+# optional organization id, remove it if not used
+dns_gandi_sharing_id=SHARINGID
+```
+Replace `APIKEY` with your Gandi API key and ensure permissions are set
+to disallow access to other users.
+
> I have a warning telling me `Plugin legacy name certbot-plugin-gandi:dns may be removed in a future version. Please use dns instead.`
Certbot had moved to remove 3rd party plugins prefixes since v1.7.0. Please switch to the new configuration format and remove any used prefix-based configuration.
|
