Skip to content

Split API key into two parts#10

Merged
mholt merged 1 commit into
libdns:masterfrom
aliask:split-api-key
Jun 4, 2024
Merged

Split API key into two parts#10
mholt merged 1 commit into
libdns:masterfrom
aliask:split-api-key

Conversation

@aliask
Copy link
Copy Markdown
Contributor

@aliask aliask commented Jun 4, 2024

Overview

This PR allows for a second API token to be optionally configured, used for the API call in the getZoneInfo() function.

The change is backwards compatible with existing configs - if the Zone API token is not provided, the regular API token is used for all requests.

Why

The /zones API endpoint requires that the entire token be scoped globally, which then means that the DNS edit permission must also be scoped globally. This prevents the use of a single API token to perform DNS updates to be restricted to a single zone in a multi-zone account.

By splitting the token used by getZoneInfo() out, this global scoped token can be left as read-only, and the DNS read/write token can be scoped to a single Zone.

Solves #4

Testing

I've personally tested this working over here, and if this PR is merged I'll hope to contribute the update to the Caddy provider.

mholt
mholt approved these changes Jun 4, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah nice, that sounds great. Thanks for the enhancement! Simple, elegant, and effective.

@mholt mholt merged commit 0549667 into libdns:master Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mholt mholt mholt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aliask @mholt