Comments (11)
ptts
commented on July 29, 2024
3
Another option would be to split API Tokens like this:
Apart from the regular API_KEY there could be an additional, optional variable ZONE_API_KEY.
API_KEY is used to change DNS records, ZONE_API_KEY is used to resolve a zone name to a zone id. If no ZONE_API_KEY is supplied it is set equal to API_KEY at launch.
This would allow users to create two create more narrowly defined scopes.
For API_KEY:
Token permissions: Zone - DNS - Edit
Zone resources: Include - Only the domain's zone
For ZONE_API_KEY:
Token permissions: Zone - Zone Settings - Read / Zone - Zone - Read
Zone resources: Include - All zones
from docker-cloudflare-ddns.
ptts
commented on July 29, 2024
1
Thanks! For a current project I am uncomfortable saving an API token that gives access to all of my managed domains in my personal zone on a machine... This would be a great and easy solution.
Looking into this more, it's probably not worthwhile because it also has implications on how the subdomain is computed (which is currently prepended to the zone). You would have to specify the fully-qualified record name yourself and further conditional logic.
I was looking at the code and I don't understand what implications it would have for the subdomain computation. If the user supplies the variables API_KEY, ZONE, ZONE_ID and SUBDOMAIN everything should work fine, right? Doesn't the user have to specify the full domain name anyway (as in SUBDOMAIN.ZONE?
What would happen if you just change the getZoneId() function to check for a supplied ZONE_ID environment variable and then return it instead of making an API call?
from docker-cloudflare-ddns.
JakeWharton
commented on July 29, 2024
It also means you only need to give access to a specific zone, rather than all zones.
from docker-cloudflare-ddns.
JakeWharton
commented on July 29, 2024
Looking into this more, it's probably not worthwhile because it also has implications on how the subdomain is computed (which is currently prepended to the zone). You would have to specify the fully-qualified record name yourself and further conditional logic.
Going to preemptively close since it would require too many changes for little benefit.
from docker-cloudflare-ddns.
ptts
commented on July 29, 2024
I was just about to open a separate issue for this before I saw this one. The feature is supported for example here: https://github.com/joshuaavalon/docker-cloudflare
from docker-cloudflare-ddns.
JakeWharton
commented on July 29, 2024
I'll reopen then and let @oznu weigh in
from docker-cloudflare-ddns.
Appelg
commented on July 29, 2024
Yeah, we really need the split token approach here.
from docker-cloudflare-ddns.
hyperknot
commented on July 29, 2024
Giving access to all zones is a blocker for me as well.
from docker-cloudflare-ddns.
mrhotio
commented on July 29, 2024
I hate doing this, but seeing you all suffer like this is no picknick either...until oznu ever decides to pick up development again, have a look at https://github.com/hotio/docker-cloudflare-ddns
from docker-cloudflare-ddns.
oznu
commented on July 29, 2024
I'll accept pull requests 😄
from docker-cloudflare-ddns.
stale
commented on July 29, 2024
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from docker-cloudflare-ddns.
Related Issues (20)
- ERROR: Failed to update CloudFlare DNS <domain> from X.X.X.X to ;; connection timed out; no servers could be reached HOT 2
- ssh not working HOT 3
- ERROR: Failed To Get Public IPv4 Address HOT 1
- Update multiple domains HOT 8
- cannot update wildcard * A record HOT 9
- Can update zone or subdomains, but not both HOT 7
- Cloudflare proxy had been disabled. HOT 3
- Updating AAAA record: "connection timed out; no servers could be reached" HOT 1
- Add multiple subdomains without using CNAME?
- API key not working HOT 6
- Support for updating both IPV4 and IPV6 at the same time
- Suggestion - Implement a healthcheck ping HOT 1
- getZoneId is always using the ZONE environment variable, even when ZONE_FILE is set. HOT 4
- Improper DIG Error Handling For IPv4
- log file - no time stamp
- Update multiple sub-domains HOT 3
- IPv6 address detection fallback not working correctly HOT 2
- Large amount of vulnerabilities HOT 2
- Unable to update A record Cookie mismatch
- ERROR: Failed to update CloudFlare DNS record HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-cloudflare-ddns.