Open sknopp opened 1 month ago
At a high level I'm not against this, makes sense, can you flesh it out a bit, give me 2 dummy config's and how you'd use them.
As the configuration is based on INI file format i would propose to use ini sections to match domain entries to their proper service principal. This would remain backward compatibility.
So for example:
[company1]
dns_azure_sp_client_id = <client_id_company1>
dns_azure_sp_client_secret = <client_secret_company1>
dns_azure_tenant_id = <tenant_company_1>
dns_azure_environment = "AzurePublicCloud"
dns_azure_zone1 = company1.com:/subscriptions/<subscription1_company1>/resourceGroups/dns1
dns_azure_zone2 = company1.org:/subscriptions/<subscription2_company1>/resourceGroups/dns2
[company2]
dns_azure_sp_client_id = <client_id_company2>
dns_azure_sp_client_secret = <client_secret_company2>
dns_azure_tenant_id = <tenant_company_2>
dns_azure_environment = "AzurePublicCloud"
dns_azure_zone1 = company2.com:/subscriptions/<subscription1_company2>/resourceGroups/dns1
dns_azure_zone2 = company2.org:/subscriptions/<subscription2_company2>/resourceGroups/dns2
I did not look into the required code changes so far, but await your feedback to proceed with that.
Hi there,
i want to build a certificate based on two DNS zones that are sitting each on it's own Azure tenant. This comes up because we have a large building complex with multiple independent entities that share some basic IT infrastructure together. It would be helpful if the
--dns-azure-config
param could be set multiple times to support different service accounts for different sets of domains.If accepted I could also imagine to provide a PR in the future myself.