search

obynio / certbot-plugin-gandi

Certbot plugin for authentication using Gandi LiveDNS
https://pypi.org/project/certbot-plugin-gandi/
MIT License
194 stars 27 forks source link

Available using the Domains or Zone with the API #7

Closed Ramel closed 4 years ago

Ramel commented 5 years ago

I'm facing an issue using the Gandi LiveDnsApi, that's I'm not using Zones, but Domains. And the script is only using Zones. I don't get the Zones purpose for my own use! So I've updated the script to use Zones OR Domains. Don't known if it's a feature to merge.

obynio commented 5 years ago

Seems a good idea, I will look at that asap 👍

robotoz commented 5 years ago

We need to use domain too. Thanks obynio and Ramel !

baloo commented 4 years ago

Hello @Ramel and @obynio, as one of the maintainers of the livedns api at gandi, I would suggest to actually remove the zone uuid lookup and just use the /domains/example.com/records api.

I do not see any use-case where the zone lookup would work where the domain would not.

oklona commented 4 years ago

Agreed with the above. I opened a support case with Gandi since I am not "owner" of one of the zones I manage, but instead just "technical contact". For some reason, although I have created and manage the DNS zone of this domain, the API does not allow me to make changes using the Zones approach. Using "domain" works perfectly. To overcome this, I made some very simple changes to the code, by replacing "zones" in all calls to _request with "domains", and using "base_domain.fqdn instead of "base_domain.zone_uuid". In addition, I had to remove the extra parameter "TXT" in _del_txt_record

-So, based on @baloo 's comments, I would rather suggest this change. Since this issue already has a PR, I didn't want to create a new one. -But here is a "diff" between the original gandi_api.py, and my adjusted version:

72c72 < ('domains', base_domain.fqdn, 'records', relative_name))

    ('zones', base_domain.zone_uuid, 'records', relative_name, 'TXT'))

101c101 < ('domains', base_domain.fqdn, 'records', relative_name, 'TXT'))

    ('zones', base_domain.zone_uuid, 'records', relative_name, 'TXT'))

115c115 < ('domains', base_domain.fqdn, 'records', relative_name, 'TXT'),

        ('zones', base_domain.zone_uuid, 'records', relative_name, 'TXT'),

As you can see, the changes are minimal, and the only changed file is gandi_api.py.

baloo commented 4 years ago

@oklona yeah, that is one of the use-cases I was concerned about. The zone is owned by the owner of the domain (this is enforced by the api), and you're granted access if you access via /domains/example.com/records, but not from the zone directly. This is a workaround to support old shared-management schemes. We have yet to come up with a better alternative for it.

obynio commented 4 years ago

As you all suggested, I created a second PR to get rid of zones lookup and replace it with domains lookup. I will merge and release it in a few days if everybody is ok with it.

obynio commented 4 years ago

I published the latest version 1.2.0 which includes these changes, therefore I'm closing the PR 🙂 Do not hesitate to open an issue if you run into a problem

oklona commented 4 years ago

Thank you very much!