Minimal authentication API for use with the PowerDNS API
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Silke 361f646282 Add systemd service 1 year ago
.gitignore Initial implementation 1 year ago
LICENCE.md Add licence and readme 1 year ago
README.md Move from GitHub to private repo 1 year ago
config.go Do not panic when reloading invalid config 1 year ago
pdns-api-authenticator.go Deny access to certain endpoints 1 year ago
pdns-api-authenticator.service Add systemd service 1 year ago
user.go Deny access to certain endpoints 1 year ago

README.md

PowerDNS API Authenticator

Minimal authentication API for use with the PowerDNS API. Allows certain tokens read and/or write access to configured zones.

Note: this is an extremely crude ‘authentication’ layer, don’t use it unless you know what you’re doing.

Download and install with Go:

go get git.slxh.eu/prometheus/pdns-api-authenticator

Start the program with:

pdns-api-authenticator -config config.json

Where config.json is the path to the configuration file. The configuration contains the remote API settings as well as user definitions:

{
  "listen": ":8082",
  "server": "pdns-auth:8081",
  "token":  "secret token",
  "users": {
    "user1": {
      "token": "less secret token",
      "zones": {
        "": "r",
        "example.nl": "r",
        "example.com": "rw"
      }
    },
    "user2": {
      "token": "another token",
      "zones": {
         "example.com": "r"
      }
    }
  }
}

Access to none-zone endpoints can be configured by setting a value for "", which defaults to "" (no permissions). In the example configuration above the permissions are as follows:

  • User1 has acess to the zone list and statistics, can view (GET) everything in example.nl and can read and write to example.com.
  • User2 cannot list the zones or view the statistics but can view (GET) everything in example.com.

Access to the search and config endpoints is always denied.