-
-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add existing bearer token support to Azure DNS API #5276
Conversation
Welcome |
PR to dev, and code tested in forked repo. |
@Neilpang I've ran it through shfmt locally now, so hopefully it passes shfmt this time, if you can re run the workflows please |
Now that all checks have passed, can you merge it @Neilpang ? :) |
@Neilpang done! Sorry, I did not understand the DNS API test documentation earlier, I thought I'd done it. |
@stbeldarborge Have you tested this with federated credentials on service principals + GitHub actions? I need to use acme with service principals keyless on github workflows. I'm about to test this but it might take a while. Thanks for this PR! Edit: |
absolutely, that's the exact usecase I have as well and the reason why I created this 😃 but would work with any context as long as it's authenticated to ARM @Neilpang sorry to keep bothering you, but DNS API test succeeded, and it's in "production" even for others now like @maonat.. would be nice if it could get into the official release 👼 |
@Neilpang isn't this related to something else and not to the code that was implemented by @stbeldarborge? He simply merged master from this repo to his fork and that has nothing to do with his changes. Edit: Check out... I've forked @stbeldarborge work on the commit before his latest master merge and got the following result: |
@Neilpang like I mentioned, it does pass the DNS test; https://github.com/stbeldarborge/acme.sh/actions/runs/11272323811 However, you probably ran it without providing a token or a secret or any other authentication to Azure? If you ran the same workflow without authentication to Azure on master, that would fail too. |
I didn't/couldnt' run the dns test , because I don't have Azure account. please fix it. |
@Neilpang Here I've ran the test on my repository I forked from @stbeldarborge repository. |
@Neilpang latest run is green; https://github.com/stbeldarborge/acme.sh/actions @maonat yeah, sorry, had other matters to attend to, but at least I've configured the secrets and re runned it now! This should prove the code is good to merge hopefully? 🙏 |
would any of you guys update the usage here? https://github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_azure |
Absolutely! Updated the wiki now. 🙂 |
Done! |
The Azure DNS API only works with provided service principal credentials, or if running on a resource with a managed identity.
If you want to run it in a pre authenticated context (e.g. on a local machine which is already authenticated with
az cli
or in a GitHub Action which already has authenticated withazure/login
), there's no way to do this.This PR adds support to skip the authentication by providing the Bearer token.
With
az cli
the bearer token can be extracted and used in Azure DNS API with this command