coolaj86
/
acme-dns-01-googlecloud.js
1
0
Форк 0
Код Задачі Запити на злиття Релізи Вікі Активність

update docs and examples for auth

This commit is contained in:
AJ ONeal 2019-07-23 20:39:46 -06:00
джерело e9368ab218
коміт e612d57912
6 змінених файлів з 77 додано та 72 видалено
Показати статистику Завантажити патч Завантажити файл різниці Expand all files Collapse all files

12
README.md
Переглянути файл

@ -15,13 +15,21 @@ Implementation Details
- https://cloud.google.com/service-usage/docs/getting-started#api - https://cloud.google.com/service-usage/docs/getting-started#api
- https://github.com/google/oauth2l - https://github.com/google/oauth2l
## Authenticating
Google has made things _way_ too complicated.
- Create a project
- Create a Service Account and download the `service_account.json`
- Create a managed public zone for your domain: <https://cloud.google.com/dns/docs/quickstart#create_a_managed_public_zone>
# Test This First! # Test This First!
Edit the file `oauth2l-test-token.sh` Edit the file `oauth2l-test-token.sh`
Change the location of `service_account.json` to whatever it needs to be. Change the location of `service_account.json` to whatever it needs to be.
Change the `project` to the name of your project. Change the `PROJECT` to the name of your project.
If that doesn't work, something is wrong with your credentials, nothing else will work. If that doesn't work, something is wrong with your credentials, nothing else will work.
@ -33,7 +41,7 @@ First you create an instance with your credentials:
var dns01 = require('acme-dns-01-googlecloud').create({ var dns01 = require('acme-dns-01-googlecloud').create({
baseUrl: 'https://www.googleapis.com/dns/v1/', // default baseUrl: 'https://www.googleapis.com/dns/v1/', // default
// contains private_key, private_key_id, project_id, and client_email // contains private_key, private_key_id, project_id, and client_email
serviceAccountPath: __dirname + '/service_account.json' serviceAccountPath: __dirname + '/service_account.json'
}); });
``` ```

1
example.env
Переглянути файл

@ -1,3 +1,4 @@
# NOT credentials.json # NOT credentials.json
GOOGLE_APPLICATION_CREDENTIALS=/Users/me/service_account.json GOOGLE_APPLICATION_CREDENTIALS=/Users/me/service_account.json
TOKEN=yyyy.a.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ZONE=example.co.uk ZONE=example.co.uk

13
lib/index.js
Переглянути файл

@ -1,6 +1,6 @@
'use strict'; 'use strict';
var auth = require('./auth.js'); //var auth = require('./auth.js');
var defaults = { var defaults = {
baseUrl: 'https://www.googleapis.com/dns/v1/' baseUrl: 'https://www.googleapis.com/dns/v1/'
}; };
@ -8,6 +8,7 @@ var defaults = {
module.exports.create = function(config) { module.exports.create = function(config) {
var request; var request;
var baseUrl = (config.baseUrl || defaults.baseUrl).replace(/\/$/, ''); var baseUrl = (config.baseUrl || defaults.baseUrl).replace(/\/$/, '');
var token = config.token;
var sa = getServiceAccount(config); var sa = getServiceAccount(config);
return { return {
@ -43,11 +44,11 @@ module.exports.create = function(config) {
}; };
function api(opts) { function api(opts) {
return auth.getToken(sa).then(function(token) { //return auth.getToken(sa).then(function(token) {
opts.headers = opts.headers || {}; opts.headers = opts.headers || {};
opts.headers.Authorization = 'Bearer ' + token; opts.headers.Authorization = 'Bearer ' + token;
return request(opts); return request(opts);
}); //});
} }
function getServiceAccount(config) { function getServiceAccount(config) {

15
oauth2l-test-token.sh
Переглянути файл

@ -5,13 +5,16 @@
set -e set -e
rm -f ~/.oauth2l
export GOOGLE_APPLICATION_CREDENTIALS=$HOME/Downloads/service_account.json export GOOGLE_APPLICATION_CREDENTIALS=$HOME/Downloads/service_account.json
project=example-change-me PROJECT=even-flight-244020
token=$(oauth2l fetch ndev.clouddns.readwrite) token=$(oauth2l fetch ndev.clouddns.readwrite)
echo $token echo API Token: $token
curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token" curl -fL "https://www.googleapis.com/dns/v1/projects/$PROJECT/managedZones" -H "Authorization: Bearer $token"
token=$(oauth2l fetch --jwt https://www.googleapis.com/auth/ndev.clouddns.readwrite) #token=$(oauth2l fetch --jwt ndev.clouddns.readwrite)
echo $token #token=$(oauth2l fetch --jwt https://www.googleapis.com/auth/ndev.clouddns.readwrite)
curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token" #echo JWT: $token
#curl -fL "https://www.googleapis.com/dns/v1/projects/$PROJECT/managedZones" -H "Authorization: Bearer $token"

101
package-lock.json згенерований
Переглянути файл

@ -1,57 +1,48 @@
{ {
"name": "acme-dns-01-googlecloud", "name": "acme-dns-01-googlecloud",
"version": "0.0.1", "version": "0.0.1",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {
"@root/request": { "@root/request": {
"version": "1.3.11", "version": "1.3.11",
"resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz", "resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz",
"integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw==", "integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw==",
"dev": true "dev": true
}, },
"acme-challenge-test": { "acme-challenge-test": {
"version": "3.3.2", "version": "3.3.2",
"resolved": "https://registry.npmjs.org/acme-challenge-test/-/acme-challenge-test-3.3.2.tgz", "resolved": "https://registry.npmjs.org/acme-challenge-test/-/acme-challenge-test-3.3.2.tgz",
"integrity": "sha512-0AbMcaON20wpI5vzFDAqwcv2VerY4xIlNCqX0w1xEJUIu/EQtQNmkje+rKNuy2TUl2KBMdIaR6YBbJUdaEiC4w==", "integrity": "sha512-0AbMcaON20wpI5vzFDAqwcv2VerY4xIlNCqX0w1xEJUIu/EQtQNmkje+rKNuy2TUl2KBMdIaR6YBbJUdaEiC4w==",
"dev": true, "dev": true,
"requires": { "requires": {
"@root/request": "^1.3.11" "@root/request": "^1.3.11"
} }
}, },
"acme-dns-01-test": { "dotenv": {
"version": "3.3.1", "version": "8.0.0",
"resolved": "https://registry.npmjs.org/acme-dns-01-test/-/acme-dns-01-test-3.3.1.tgz", "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.0.0.tgz",
"integrity": "sha512-di2/n19FDLc/pe4CDxd/FpxuuCZG7CHEQVjWr96vvtxe5XNNgdHi2eJqVP0z9WBf9s61zxslyRPrAWzTN8ZVWw==", "integrity": "sha512-30xVGqjLjiUOArT4+M5q9sYdvuR4riM6yK9wMcas9Vbp6zZa+ocC9dp6QoftuhTPhFAiLK/0C5Ni2nou/Bk8lg==",
"dev": true, "dev": true
"requires": { },
"acme-challenge-test": "^3.3.1" "eckles": {
} "version": "1.4.1",
}, "resolved": "https://registry.npmjs.org/eckles/-/eckles-1.4.1.tgz",
"dotenv": { "integrity": "sha512-auWyk/k8oSkVHaD4RxkPadKsLUcIwKgr/h8F7UZEueFDBO7BsE4y+H6IMUDbfqKIFPg/9MxV6KcBdJCmVVcxSA=="
"version": "8.0.0", },
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.0.0.tgz", "keypairs": {
"integrity": "sha512-30xVGqjLjiUOArT4+M5q9sYdvuR4riM6yK9wMcas9Vbp6zZa+ocC9dp6QoftuhTPhFAiLK/0C5Ni2nou/Bk8lg==", "version": "1.2.14",
"dev": true "resolved": "https://registry.npmjs.org/keypairs/-/keypairs-1.2.14.tgz",
}, "integrity": "sha512-ZoZfZMygyB0QcjSlz7Rh6wT2CJasYEHBPETtmHZEfxuJd7bnsOG5AdtPZqHZBT+hoHvuWCp/4y8VmvTvH0Y9uA==",
"eckles": { "requires": {
"version": "1.4.1", "eckles": "^1.4.1",
"resolved": "https://registry.npmjs.org/eckles/-/eckles-1.4.1.tgz", "rasha": "^1.2.4"
"integrity": "sha512-auWyk/k8oSkVHaD4RxkPadKsLUcIwKgr/h8F7UZEueFDBO7BsE4y+H6IMUDbfqKIFPg/9MxV6KcBdJCmVVcxSA==" }
}, },
"keypairs": { "rasha": {
"version": "1.2.14", "version": "1.2.5",
"resolved": "https://registry.npmjs.org/keypairs/-/keypairs-1.2.14.tgz", "resolved": "https://registry.npmjs.org/rasha/-/rasha-1.2.5.tgz",
"integrity": "sha512-ZoZfZMygyB0QcjSlz7Rh6wT2CJasYEHBPETtmHZEfxuJd7bnsOG5AdtPZqHZBT+hoHvuWCp/4y8VmvTvH0Y9uA==", "integrity": "sha512-KxtX+/fBk+wM7O3CNgwjSh5elwFilLvqWajhr6wFr2Hd63JnKTTi43Tw+Jb1hxJQWOwoya+NZWR2xztn3hCrTw=="
"requires": { }
"eckles": "^1.4.1", }
"rasha": "^1.2.4"
}
},
"rasha": {
"version": "1.2.5",
"resolved": "https://registry.npmjs.org/rasha/-/rasha-1.2.5.tgz",
"integrity": "sha512-KxtX+/fBk+wM7O3CNgwjSh5elwFilLvqWajhr6wFr2Hd63JnKTTi43Tw+Jb1hxJQWOwoya+NZWR2xztn3hCrTw=="
}
}
} }

7
test.js
Переглянути файл

@ -9,7 +9,8 @@ require('dotenv').config();
var zone = process.argv[2] || process.env.ZONE; var zone = process.argv[2] || process.env.ZONE;
var config = { var config = {
serviceAccountPath: serviceAccountPath:
process.argv[3] || process.env.GOOGLE_APPLICATION_CREDENTIALS process.argv[3] || process.env.GOOGLE_APPLICATION_CREDENTIALS,
token: process.argv[4] || process.env.TOKEN
}; };
var challenger = require('./index.js').create(config); var challenger = require('./index.js').create(config);
@ -17,8 +18,8 @@ var challenger = require('./index.js').create(config);
var sa = require(config.serviceAccountPath); var sa = require(config.serviceAccountPath);
require('./lib/auth.js') require('./lib/auth.js')
.getToken(sa) .getToken(sa)
.then(function(jwt) { .then(function(/*jwt*/) {
console.info('\nAuthorization: Bearer ' + jwt + '\n'); //console.info('\nAuthorization: Bearer ' + jwt + '\n');
// The dry-run tests can pass on, literally, 'example.com' // The dry-run tests can pass on, literally, 'example.com'
// but the integration tests require that you have control over the domain // but the integration tests require that you have control over the domain