{"id":19592057,"url":"https://github.com/catalyst/powerdns-auth-proxy","last_synced_at":"2025-04-27T14:33:36.654Z","repository":{"id":37742930,"uuid":"93592521","full_name":"catalyst/powerdns-auth-proxy","owner":"catalyst","description":"Authenticating proxy for PowerDNS's HTTP API","archived":false,"fork":false,"pushed_at":"2023-11-13T19:04:22.000Z","size":52,"stargazers_count":45,"open_issues_count":4,"forks_count":17,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-05T00:51:13.960Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/catalyst.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-06-07T04:28:36.000Z","updated_at":"2025-03-07T10:01:41.000Z","dependencies_parsed_at":"2022-08-24T16:01:58.384Z","dependency_job_id":null,"html_url":"https://github.com/catalyst/powerdns-auth-proxy","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/catalyst%2Fpowerdns-auth-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/catalyst%2Fpowerdns-auth-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/catalyst%2Fpowerdns-auth-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/catalyst%2Fpowerdns-auth-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/catalyst","download_url":"https://codeload.github.com/catalyst/powerdns-auth-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251154686,"owners_count":21544541,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-11T08:32:55.773Z","updated_at":"2025-04-27T14:33:35.494Z","avatar_url":"https://github.com/catalyst.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# powerdns-auth-proxy\n\nThis proxy implements a subset of the PowerDNS API with more flexible authentication and per-zone access control.\n\nMore information about the PowerDNS API is available at https://doc.powerdns.com/md/httpapi/api_spec/.\n\nFuture versions of this software will also support per-RRset ACLs.\n\n## Configuration\n\nThe proxy expects to read a `proxy.ini` file which defines ACLs, for instance:\n\n````\n[pdns]\napi-key = 7128ae9eb680a14390ee22a988a9d01a\napi-url = http://127.0.0.1:8081/api/v1/servers/localhost\noverride-soa_edit_api = INCEPTION-INCREMENT\noverride-nameservers = ns1.example.com. ns2.example.com. ns3.example.com. ns4.example.com.\noverride-kind = Master\n\n# This user will be able to create a zone called \"example.org.\" if it doesn't already exist, and\n# then modify the records in that zone only.\n[user:demo-example-org]\nkey = dd70d1b0eccd79a0cf5d79ddf6672dce\nallow-suffix-creation = example.org.\n````\n\nThis specifies the API key and URL used to connect to the PowerDNS backend, as well as allowing for certain zone metadata items which will be overriden during zone creation and metadata updates. `account` is always overriden to prevent people from moving zones around between accounts they don't control. What you override will likely depend on how much access users need in your environment.\n\nKeys should be generated using something like `dd if=/dev/urandom bs=1 count=16 | xxd -ps` to ensure they have sufficient entropy.\n\n## Installation\n\nWe run the application with `waitress` launched by `supervisord`, though any of the standard methods for deploying Flask 1.x applications should work. We recommend using a virtual env to install the dependencies of the application.\n\nAn example `supervisord` configuration would be:\n\n````\n[program:dnsapi]\ncommand=/opt/dnsapi/venv/bin/waitress-serve --listen=127.0.0.1:8000 --call 'powerdns_auth_proxy:create_app'\ndirectory=/opt/dnsapi/powerdns-auth-proxy\nuser=dnsapi\nautostart=true\nautorestart=true\n````\n\n## Running tests\n\n### Setup\n\n* Ubuntu / Debian\n\n  The officially supported system for testing is Debian or Ubuntu. To start, install the the official PowerDNS 4.1.x upstream packages: `pdns-server` and `pdns-backend-sqlite3`.\n\n* Arch\n\n  The tests can also be run on Arch Linux. Install the `powerdns` package.\n\nAdditonally a few python modules need to be installed to run the tests (mainly `pytest`): `pip install -r requirements-dev.txt`. You can then run tests by running `pytest -v` inside the source directory.\n\n## Authenticating\n\nEither use HTTP Basic authentication or encode your username and key in the `X-API-Key` HTTP header with a `:` character separating the parts (e.g. add an `X-API-Key: username:key` header).\n\n## Client compatibility\n\nThis proxy has been tested with:\n\n* Terraform [PowerDNS provider](https://www.terraform.io/docs/providers/powerdns/index.html)\n* Traefik [ACME pdns plugin](https://traefik.io/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcatalyst%2Fpowerdns-auth-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcatalyst%2Fpowerdns-auth-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcatalyst%2Fpowerdns-auth-proxy/lists"}