update docs and examples for auth
This commit is contained in:
bovenliggende
e9368ab218
commit
e612d57912
10
README.md
10
README.md
|
|
@ -15,13 +15,21 @@ Implementation Details
|
|||
- https://cloud.google.com/service-usage/docs/getting-started#api
|
||||
- https://github.com/google/oauth2l
|
||||
|
||||
## Authenticating
|
||||
|
||||
Google has made things _way_ too complicated.
|
||||
|
||||
- Create a project
|
||||
- Create a Service Account and download the `service_account.json`
|
||||
- Create a managed public zone for your domain: <https://cloud.google.com/dns/docs/quickstart#create_a_managed_public_zone>
|
||||
|
||||
# Test This First!
|
||||
|
||||
Edit the file `oauth2l-test-token.sh`
|
||||
|
||||
Change the location of `service_account.json` to whatever it needs to be.
|
||||
|
||||
Change the `project` to the name of your project.
|
||||
Change the `PROJECT` to the name of your project.
|
||||
|
||||
If that doesn't work, something is wrong with your credentials, nothing else will work.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
# NOT credentials.json
|
||||
GOOGLE_APPLICATION_CREDENTIALS=/Users/me/service_account.json
|
||||
TOKEN=yyyy.a.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
ZONE=example.co.uk
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
'use strict';
|
||||
|
||||
var auth = require('./auth.js');
|
||||
//var auth = require('./auth.js');
|
||||
var defaults = {
|
||||
baseUrl: 'https://www.googleapis.com/dns/v1/'
|
||||
};
|
||||
|
|
@ -8,6 +8,7 @@ var defaults = {
|
|||
module.exports.create = function(config) {
|
||||
var request;
|
||||
var baseUrl = (config.baseUrl || defaults.baseUrl).replace(/\/$/, '');
|
||||
var token = config.token;
|
||||
var sa = getServiceAccount(config);
|
||||
|
||||
return {
|
||||
|
|
@ -43,11 +44,11 @@ module.exports.create = function(config) {
|
|||
};
|
||||
|
||||
function api(opts) {
|
||||
return auth.getToken(sa).then(function(token) {
|
||||
//return auth.getToken(sa).then(function(token) {
|
||||
opts.headers = opts.headers || {};
|
||||
opts.headers.Authorization = 'Bearer ' + token;
|
||||
return request(opts);
|
||||
});
|
||||
//});
|
||||
}
|
||||
|
||||
function getServiceAccount(config) {
|
||||
|
|
|
|||
|
|
@ -5,13 +5,16 @@
|
|||
|
||||
set -e
|
||||
|
||||
rm -f ~/.oauth2l
|
||||
|
||||
export GOOGLE_APPLICATION_CREDENTIALS=$HOME/Downloads/service_account.json
|
||||
project=example-change-me
|
||||
PROJECT=even-flight-244020
|
||||
|
||||
token=$(oauth2l fetch ndev.clouddns.readwrite)
|
||||
echo $token
|
||||
curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token"
|
||||
echo API Token: $token
|
||||
curl -fL "https://www.googleapis.com/dns/v1/projects/$PROJECT/managedZones" -H "Authorization: Bearer $token"
|
||||
|
||||
token=$(oauth2l fetch --jwt https://www.googleapis.com/auth/ndev.clouddns.readwrite)
|
||||
echo $token
|
||||
curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token"
|
||||
#token=$(oauth2l fetch --jwt ndev.clouddns.readwrite)
|
||||
#token=$(oauth2l fetch --jwt https://www.googleapis.com/auth/ndev.clouddns.readwrite)
|
||||
#echo JWT: $token
|
||||
#curl -fL "https://www.googleapis.com/dns/v1/projects/$PROJECT/managedZones" -H "Authorization: Bearer $token"
|
||||
|
|
|
|||
|
|
@ -19,15 +19,6 @@
|
|||
"@root/request": "^1.3.11"
|
||||
}
|
||||
},
|
||||
"acme-dns-01-test": {
|
||||
"version": "3.3.1",
|
||||
"resolved": "https://registry.npmjs.org/acme-dns-01-test/-/acme-dns-01-test-3.3.1.tgz",
|
||||
"integrity": "sha512-di2/n19FDLc/pe4CDxd/FpxuuCZG7CHEQVjWr96vvtxe5XNNgdHi2eJqVP0z9WBf9s61zxslyRPrAWzTN8ZVWw==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"acme-challenge-test": "^3.3.1"
|
||||
}
|
||||
},
|
||||
"dotenv": {
|
||||
"version": "8.0.0",
|
||||
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.0.0.tgz",
|
||||
|
|
|
|||
7
test.js
7
test.js
|
|
@ -9,7 +9,8 @@ require('dotenv').config();
|
|||
var zone = process.argv[2] || process.env.ZONE;
|
||||
var config = {
|
||||
serviceAccountPath:
|
||||
process.argv[3] || process.env.GOOGLE_APPLICATION_CREDENTIALS
|
||||
process.argv[3] || process.env.GOOGLE_APPLICATION_CREDENTIALS,
|
||||
token: process.argv[4] || process.env.TOKEN
|
||||
};
|
||||
var challenger = require('./index.js').create(config);
|
||||
|
||||
|
|
@ -17,8 +18,8 @@ var challenger = require('./index.js').create(config);
|
|||
var sa = require(config.serviceAccountPath);
|
||||
require('./lib/auth.js')
|
||||
.getToken(sa)
|
||||
.then(function(jwt) {
|
||||
console.info('\nAuthorization: Bearer ' + jwt + '\n');
|
||||
.then(function(/*jwt*/) {
|
||||
//console.info('\nAuthorization: Bearer ' + jwt + '\n');
|
||||
|
||||
// The dry-run tests can pass on, literally, 'example.com'
|
||||
// but the integration tests require that you have control over the domain
|
||||
|
|
|
|||
Laden…
Verwijs in nieuw issue