search

doddo / octodns-lexicon

Use Lexicon providers in OctoDNS
MIT License
12 stars 2 forks source link

Configuration Questions #2

Open brianeclow opened 4 years ago

brianeclow commented 4 years ago

supports: Is this a sibling of provider_name under lexicon_config? Or a child of provider_name? I wasn't able to glean it from the code.

domain: Is this a required key for lexicon_config? How does having multiple domains within a provider work? Do they require individual configurations?

doddo commented 4 years ago

supports is sibling of provider name. all that which goes into lexicon_config is sent straight into the lexicon configuration. Some keys are mandatory or else config validation (in lexicon) will fail, There are other such keys which I have short circuited already and I was of mind to try and see if I could do the same for this one, as this information gets fed when applying the zone changes.

If that experiment is successful then same block can be re-used for all zones, if not then the block needs to be copied for each provider and that does not seem as nice and so I shall try and see if it's possible to get rid of that one.

doddo commented 4 years ago

OK so lexicon has domain in constructor and many lexicon providers rely upon that one to construct various authentication URL:s. Therefore, to get rid of domain, one would have to move lexicon provider initialisation to _apply, and I am not sure which side effects that entails (aside from being ugly)

So right now, it'll be like this (unfortunately) ie one provider per domain (anchors maki it somewhat less repetitive):

 namecheap:
    class: octodns_lexicon.LexiconProvider
    lexicon_config:
      provider_name: namecheap
      domain: peppe.club
      supports:
        - A
        - CNAME
      namecheap: &namecheap_config
        auth_sandbox: True
        auth_username: phassberg
        auth_client_ip: 127.0.0.1

  namecheap2:
    class: octodns_lexicon.LexiconProvider
    lexicon_config:
      provider_name: namecheap
      domain: peppe2.club
      namecheap: *namecheap_config
brianeclow commented 4 years ago

Next question -- environment vars. In octoDNS proper configurations, one would set an environment var like with the pattern: env/NAME_OF_THE_VAR for the thing being collected from the environment.

Something like this:

providers:
    namecheap:
      class: octodns_lexicon.LexiconProvider
      lexicon_config:
        provider_name: namecheap
        domain: example.com
        namecheap:
          auth_sandbox: True
          auth_username: foobar
          auth_client_ip: 127.0.0.1
          auth_token: env/NAMECHEAP_TOKEN

However, when I do this for a provider, it isn't being collected from the environment. I proved this by providing the secrets/tokens/etc directly, and it wasn't giving me an unauthorized response.

doddo commented 4 years ago

For that there are two ways:

OctoDNS sees a value that starts with env/ it will look for that value in the process's environment and pass the result along.

That's the variant which you tried, and it should work, i think, not having tested it with this provider. Lexicon also has the ability to resolve environment variables through it's intricate config resolvers. You might want to try that one, because that one should work: If you set the following env var:

LEXICON_NAMECHEAPI_AUTH_TOKEN

and omit auth_token from the config file altogether it will read that value 👍

brianeclow commented 4 years ago

I was just using namecheap as the example because its the example you are using. 😅 I am using the godaddy provider, to be specific.