tornadocontrib/go-ethereum
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0fde5067c3
go-ethereum/cmd
History
John Hilliard 0fde5067c3
cmd/devp2p: require dns:read, dns:edit permissions for cloudflare deploy (#30326) 
This PR adds the `dns:read` and `dns:edit` permissions to the required
set of permissions checked before deploying an ENR tree to Cloudflare.
These permissions are necessary for a successful publish.

**Background**:
The current logic for `devp2p dns to-cloudflare` checks for `zone:edit`
and `zone:read` permissions. However, when running the command with only
these two permissions, the following error occurs:
```
wrong permissions on zone REMOVED-ZONE: map[#zone:edit:false #zone:read:true]
```

Adding `zone:read` and `zone:edit` to the API token led to a different
error:
```
INFO [08-19|14:06:16.782] Retrieving existing TXT records on pos-nodes.hardfork.dev
Authentication error (10000)
```

This suggested that additional permissions were required. I added
`dns:read`, but encountered another error:
```
INFO [08-19|14:11:42.342] Retrieving existing TXT records on pos-nodes.hardfork.dev
INFO [08-19|14:11:42.851] Updating DNS entries
failed to publish REMOVED.pos-nodes.hardfork.dev: Authentication error (10000)
```

Finally, after adding both `dns:read` and `dns:edit` permissions, the
command executed successfully with the following output:
```
INFO [08-19|14:13:07.677] Checking Permissions on zone REMOVED-ZONE
INFO [08-19|14:13:08.014] Retrieving existing TXT records on pos-nodes.hardfork.dev
INFO [08-19|14:13:08.440] Updating DNS entries
INFO [08-19|14:13:08.440] "Updating pos-nodes.hardfork.dev from \"enrtree-root:v1 e=FSED3EDKEKRDDFMCLP746QY6CY l=FDXN3SN67NA5DKA4J2GOK7BVQI seq=1 sig=Glja2c9RviRqOpaaHR0MnHsQwU76nJXadJwFeiXpp8MRTVIhvL0LIireT0yE3ETZArGEmY5Ywz3FVHZ3LR5JTAE\" to \"enrtree-root:v1 e=AB66M4ULYD5OYN4XFFCPVZRLUM l=FDXN3SN67NA5DKA4J2GOK7BVQI seq=1 sig=H8cqDzu0FAzBplK4g3yudhSaNtszIebc2aj4oDm5a5ZE5PAg-xpCnQgVE_53CsgsqQpalD9byafx_FrUT61sagA\""
INFO [08-19|14:13:16.932] Updated DNS entries                      new=32 updated=1 untouched=100
INFO [08-19|14:13:16.932] Deleting stale DNS entries
INFO [08-19|14:13:24.663] Deleted stale DNS entries                count=31
```

With this PR, the required permissions for deploying an ENR tree to
Cloudflare now include `zone:read`, `zone:edit`, `dns:read`, and
`dns:edit`. The initial check now includes all of the necessary
permissions and indicates in the error message which permissions are
missing:
```
INFO [08-19|14:17:20.339] Checking Permissions on zone REMOVED-ZONE
wrong permissions on zone REMOVED-ZONE: map[#dns_records:edit:false #dns_records:read:false #zone:edit:false #zone:read:true]
```
2024-08-20 15:59:16 +02:00
..
abidump all: update license headers and AUTHORS from git history (#24947) 2022-05-24 20:39:40 +02:00
abigen all: replace log15 with slog (#28187) 2023-11-29 08:33:50 +01:00
blsync cmd/blsync: use debug.Setup for logging configuration (#30065) 2024-06-25 11:14:12 +02:00
bootnode cmd/evm, cmd/clef, cmd/bootnode: fix / unify logging (#28696) 2023-12-18 14:11:27 +01:00
clef all: simplify tests using t.TempDir() (#30150) 2024-07-15 15:26:58 +02:00
devp2p cmd/devp2p: require dns:read, dns:edit permissions for cloudflare deploy (#30326) 2024-08-20 15:59:16 +02:00
era cmd: use package filepath over path for file system operations (#29227) 2024-03-12 10:00:34 +01:00
ethkey cmd: fix some typos in readmes (#29405) 2024-04-11 14:06:49 +03:00
evm cmd/evm: fix evm basefee (#30281) 2024-08-08 18:58:08 +02:00
geth eth/ethconfig: remove LES server config (#30298) 2024-08-15 11:42:39 +02:00
rlpdump cmd/rlpdump: add -pos flag, displaying byte positions (#28785) 2024-01-14 12:32:48 +01:00
utils eth/ethconfig: remove LES server config (#30298) 2024-08-15 11:42:39 +02:00