coolaj86
/
acme-dns-01-googlecloud.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update docs and examples for auth

This commit is contained in:
AJ ONeal 2019-07-23 20:39:46 -06:00
parent e9368ab218
commit e612d57912
6 changed files with 77 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -15,13 +15,21 @@ Implementation Details
- https://cloud.google.com/service-usage/docs/getting-started#api - https://cloud.google.com/service-usage/docs/getting-started#api
- https://github.com/google/oauth2l - https://github.com/google/oauth2l
## Authenticating
Google has made things _way_ too complicated.
- Create a project
- Create a Service Account and download the `service_account.json`
- Create a managed public zone for your domain: <https://cloud.google.com/dns/docs/quickstart#create_a_managed_public_zone>
# Test This First! # Test This First!
Edit the file `oauth2l-test-token.sh` Edit the file `oauth2l-test-token.sh`
Change the location of `service_account.json` to whatever it needs to be. Change the location of `service_account.json` to whatever it needs to be.
Change the `project` to the name of your project. Change the `PROJECT` to the name of your project.
If that doesn't work, something is wrong with your credentials, nothing else will work. If that doesn't work, something is wrong with your credentials, nothing else will work.

1
example.env
View File

@ -1,3 +1,4 @@
# NOT credentials.json # NOT credentials.json
GOOGLE_APPLICATION_CREDENTIALS=/Users/me/service_account.json GOOGLE_APPLICATION_CREDENTIALS=/Users/me/service_account.json
TOKEN=yyyy.a.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ZONE=example.co.uk ZONE=example.co.uk

7
lib/index.js
View File

@ -1,6 +1,6 @@
'use strict'; 'use strict';
var auth = require('./auth.js'); //var auth = require('./auth.js');
var defaults = { var defaults = {
baseUrl: 'https://www.googleapis.com/dns/v1/' baseUrl: 'https://www.googleapis.com/dns/v1/'
}; };
@ -8,6 +8,7 @@ var defaults = {
module.exports.create = function(config) { module.exports.create = function(config) {
var request; var request;
var baseUrl = (config.baseUrl || defaults.baseUrl).replace(/\/$/, ''); var baseUrl = (config.baseUrl || defaults.baseUrl).replace(/\/$/, '');
var token = config.token;
var sa = getServiceAccount(config); var sa = getServiceAccount(config);
return { return {
@ -43,11 +44,11 @@ module.exports.create = function(config) {
}; };
function api(opts) { function api(opts) {
return auth.getToken(sa).then(function(token) { //return auth.getToken(sa).then(function(token) {
opts.headers = opts.headers || {}; opts.headers = opts.headers || {};
opts.headers.Authorization = 'Bearer ' + token; opts.headers.Authorization = 'Bearer ' + token;
return request(opts); return request(opts);
}); //});
} }
function getServiceAccount(config) { function getServiceAccount(config) {

15
oauth2l-test-token.sh
View File

@ -5,13 +5,16 @@
set -e set -e
rm -f ~/.oauth2l
export GOOGLE_APPLICATION_CREDENTIALS=$HOME/Downloads/service_account.json export GOOGLE_APPLICATION_CREDENTIALS=$HOME/Downloads/service_account.json
project=example-change-me PROJECT=even-flight-244020
token=$(oauth2l fetch ndev.clouddns.readwrite) token=$(oauth2l fetch ndev.clouddns.readwrite)
echo $token echo API Token: $token
curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token" curl -fL "https://www.googleapis.com/dns/v1/projects/$PROJECT/managedZones" -H "Authorization: Bearer $token"
token=$(oauth2l fetch --jwt https://www.googleapis.com/auth/ndev.clouddns.readwrite) #token=$(oauth2l fetch --jwt ndev.clouddns.readwrite)
echo $token #token=$(oauth2l fetch --jwt https://www.googleapis.com/auth/ndev.clouddns.readwrite)
curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token" #echo JWT: $token
#curl -fL "https://www.googleapis.com/dns/v1/projects/$PROJECT/managedZones" -H "Authorization: Bearer $token"

9
package-lock.json generated
View File

@ -19,15 +19,6 @@
"@root/request": "^1.3.11" "@root/request": "^1.3.11"
} }
}, },
"acme-dns-01-test": {
"version": "3.3.1",
"resolved": "https://registry.npmjs.org/acme-dns-01-test/-/acme-dns-01-test-3.3.1.tgz",
"integrity": "sha512-di2/n19FDLc/pe4CDxd/FpxuuCZG7CHEQVjWr96vvtxe5XNNgdHi2eJqVP0z9WBf9s61zxslyRPrAWzTN8ZVWw==",
"dev": true,
"requires": {
"acme-challenge-test": "^3.3.1"
}
},
"dotenv": { "dotenv": {
"version": "8.0.0", "version": "8.0.0",
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.0.0.tgz", "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.0.0.tgz",

7
test.js
View File

@ -9,7 +9,8 @@ require('dotenv').config();
var zone = process.argv[2] || process.env.ZONE; var zone = process.argv[2] || process.env.ZONE;
var config = { var config = {
serviceAccountPath: serviceAccountPath:
process.argv[3] || process.env.GOOGLE_APPLICATION_CREDENTIALS process.argv[3] || process.env.GOOGLE_APPLICATION_CREDENTIALS,
token: process.argv[4] || process.env.TOKEN
}; };
var challenger = require('./index.js').create(config); var challenger = require('./index.js').create(config);
@ -17,8 +18,8 @@ var challenger = require('./index.js').create(config);
var sa = require(config.serviceAccountPath); var sa = require(config.serviceAccountPath);
require('./lib/auth.js') require('./lib/auth.js')
.getToken(sa) .getToken(sa)
.then(function(jwt) { .then(function(/*jwt*/) {
console.info('\nAuthorization: Bearer ' + jwt + '\n'); //console.info('\nAuthorization: Bearer ' + jwt + '\n');
// The dry-run tests can pass on, literally, 'example.com' // The dry-run tests can pass on, literally, 'example.com'
// but the integration tests require that you have control over the domain // but the integration tests require that you have control over the domain