Scoped api token not working. Error 10000

tiredofit / docker-traefik-cloudflare-companion

Automatically Create CNAME records for containers served by Traefik

MIT License

404 stars 65 forks source link

Scoped api token not working. Error 10000 #5

Closed maxfield-allison closed 4 years ago

maxfield-allison commented 4 years ago

As the title says, workaround by using Global API Key.

Xpl0yt91 commented 4 years ago

Neither worked for me.

maxfield-allison commented 4 years ago

@Xpl0yt91 Try deleting the existing image and doing a fresh docker pull

Xpl0yt91 commented 4 years ago

@maxfield-allison got it working man, cheers.

maxfield-allison commented 4 years ago

@Xpl0yt91 Good to hear! If you add the tag :latest to the compose or command, you should be able to just run a down/up to get it to pull the newest.

tiredofit commented 4 years ago

Thanks for sorting this out @maxfield-allison - I had a bit of an issue in the past 3 weeks with the Docker Images building on a fritz. It's been resolved now.

maxfield-allison commented 4 years ago

Good to hear! Thanks again for this excellent utility.

anandslab commented 4 years ago

This PR would address the token support:

https://github.com/tiredofit/docker-traefik-cloudflare-companion/pull/10

tiredofit commented 4 years ago

I have a beta version of upcoming release available docker pull tiredofit/traefik-cloudflare-companion:develop

What you will need to do on this one is change the following environment variables:

API_MODE=SCOPED

CF_API_TOKEN=(yourscopedtoken)

Can you let me know if this works for you?

tiredofit commented 4 years ago

Now rewritten as tiredofit/traefik-cloudflare-companion:6.0.0 in Python3

Ignore what I wrote above, that was using an older method. Simply use your Scoped token in CF_TOKEN and set CF_EMAIL=None.

mjkl-gh commented 4 years ago

Can this be reopened? I'm still experiencing this. When setting _CONTAINER_LOGLEVEL=DEBUG

The logs show:

 curl -X GET "https://api.cloudflare.com/client/v4/zones/REDACTED/dns_records?name=REDACTED" \
            -H "User-Agent: python-cloudflare/2.8.13/python-requests/2.24.0/python/3.8.5" \
            -H "Content-Type: application/json" \
            -H "X-Auth-Email: None" \
            -H "X-Auth-Key: REDACTED"

Suggesting the python library is now trying to authenticate using email "None" and still using an X-AUTH-KEY. when using an API token it should be

~$ curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
>      -H "Authorization: Bearer vh9awGupxxxxxxxxxxxxxxxxxxx" \
>      -H "Content-Type:application/json" | jq

I'm reusing my API token from cloudflare-ddns so the keys must be right

tiredofit commented 4 years ago

I've screwed this up. I'm going to get some time to look into this in a couple days.

tiredofit commented 4 years ago

6.0.2 will fix this. I have just tested a few scenarios.

jathek commented 4 years ago

I used a scoped API token with CF_EMAIL unset and it worked perfectly.

mjkl-gh commented 4 years ago

Absolutely correct. As mentioned by @tiredofit he fixed it (for me) with 6.0.2. Working as intended now. I guess this can be closed. Sorry for the late reply

maxfield-allison commented 4 years ago

Fixed by #10