Comments (4)
Create a certificate with multiple SANs using Azure DNS zones which are in multiple resourceGroups or subscriptions.
As a user i expect that Lego finds the DNS zones automatically in my subscriptions based on the assigned roleAssignments of the serviceprincipal. It should not need a AZURE_SUBSCRIPTION_ID
or AZURE_RESOURCE_GROUP
but could be possible to filter service discovery.
without AZURE_SUBSCRIPTION_ID
and AZURE_RESOURCE_GROUP
:
(find all DNS zones in visible scope)
resources
| where type =~ "microsoft.network/dnszones"
| project id, subscriptionId, resourceGroup, name
with only AZURE_SUBSCRIPTION_ID
:
(find all DNS zones in one subscription)
resources
| where type =~ "microsoft.network/dnszones"
| where subscriptionId =~ "${AZURE_SUBSCRIPTION_ID}"
| project id, subscriptionId, resourceGroup, name
with AZURE_SUBSCRIPTION_ID
and AZURE_RESOURCE_GROUP
:
(find all DNS zones in a specific resourcegroup)
resources
| where type =~ "microsoft.network/dnszones"
| where subscriptionId =~ "${AZURE_SUBSCRIPTION_ID}" and resourceGroup =~ "${AZURE_RESOURCE_GROUP}"
| project id, subscriptionId, resourceGroup, name
This would make Azure DNS provider more flexible and easier to use.
I'm willing to create a PR if you are ok with this feature using resourceGraph for service discovery.
from lego.
implemented a first working preview (tested only with public zones)
as another idea we can also implement an AZURE_SERVICEDISCOVERY_FILTER
env var for additional filtering, eg:
resources
| where type =~ "microsoft.network/dnszones"
| where subscriptionId =~ "${AZURE_SUBSCRIPTION_ID}" and resourceGroup =~ "${AZURE_RESOURCE_GROUP}"
| ${AZURE_SERVICEDISCOVERY_FILTER}
| project id, subscriptionId, resourceGroup, name
this could allow validating zones eg. by resourcegroup tags via Kusto subquery
from lego.
@pchanvallon do you have any thoughts on this issue?
from lego.
Hello @mblaschke ,
I am a bit confused about the underlying use-case.
Can you explain a bit more what you attend to do with this new feature ?
from lego.
Related Issues (20)
- ionos: DNS records not removed HOT 12
- IONOS DNS Cleanup does not work HOT 1
- Misleading log output
- Enable option to use single command to create or renew cert HOT 1
- support several DNS providers at once HOT 3
- Support for provider: Abion
- Provider "do.de" not working, API call invalid HOT 3
- TransIP verification fails because of token error HOT 18
- Error during automated certificate renewal wildcard letsencrypt HOT 3
- Support for provider: shellrent HOT 3
- Support for provider: Gravity HOT 2
- pdns: API endpoint not at URL root resulting in incorrect URL queried and thus failing with error code 404 HOT 2
- Scaleway DNS Challenge credentials not correct HOT 1
- ERROR acme: error: 500 :: POST renewing with v4.16.0 --- v4.15.0 is OK HOT 7
- External accound binding fails with error "invalid key size for algorithm" HOT 6
- on armv7I-32 CPU: this CPU has no VFPv3 floating point hardware HOT 3
- renew doesn't take multiple domains HOT 1
- "The HTTP S3 Present should not utilize Object ACL permissions, as they are not recommended."
- acme: error presenting token: alicloud: zone com. not found in AliDNS for ... HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lego.