32107571d1
Selectel Cloud DNS v2 requires a project IAM token in X-Auth-Token, not the raw service-user secret; the previous client sent the static secret directly and got 401. The client now parses Credentials.Secret as a Creds JSON blob (username/password/account_id/project_name), exchanges it for a token via the Identity API (POST /identity/v3/auth/tokens), and caches the token in memory per-account until 5 minutes before expiry. ListZones/GetRecords/ ApplyChanges send the cached IAM token instead of the raw secret. provider.Provider gains a Validate(ctx, Credentials) method so a bad account can be rejected via trial login at creation time; all Provider fakes across provider/registry/api/service test packages implement it as a no-op stub for now (Task 2 will make api's mock configurable). Security: the service-user password is folded into the token cache key via SHA-256 (never stored in the clear) so a password change invalidates the cached token; identity errors are generic and never echo the request body. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
37 lines
1.1 KiB
Go
37 lines
1.1 KiB
Go
package registry
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/vasyakrg/dns-autoresolver/internal/diff"
|
|
"github.com/vasyakrg/dns-autoresolver/internal/model"
|
|
"github.com/vasyakrg/dns-autoresolver/internal/provider"
|
|
)
|
|
|
|
type fakeProvider struct{ name string }
|
|
|
|
func (f fakeProvider) Name() string { return f.name }
|
|
func (fakeProvider) ListZones(context.Context, provider.Credentials) ([]provider.Zone, error) {
|
|
return nil, nil
|
|
}
|
|
func (fakeProvider) GetRecords(context.Context, provider.Credentials, string) ([]model.Record, error) {
|
|
return nil, nil
|
|
}
|
|
func (fakeProvider) ApplyChanges(context.Context, provider.Credentials, string, diff.Changeset) error {
|
|
return nil
|
|
}
|
|
func (fakeProvider) Validate(context.Context, provider.Credentials) error { return nil }
|
|
|
|
func TestRegistryByName(t *testing.T) {
|
|
r := New()
|
|
r.Register(fakeProvider{name: "selectel"})
|
|
p, err := r.ByName("selectel")
|
|
if err != nil || p.Name() != "selectel" {
|
|
t.Fatalf("expected selectel, got %v err=%v", p, err)
|
|
}
|
|
if _, err := r.ByName("unknown"); err == nil {
|
|
t.Fatal("expected error for unknown provider")
|
|
}
|
|
}
|