github.com/teknogeek/dnscontrol/v2@v2.10.1-0.20200227202244-ae299b55ba42/docs/_providers/gcloud.md (about)

     1  ---
     2  name: Google Cloud DNS
     3  title: Google Cloud DNS Provider 
     4  layout: default
     5  jsId: GCLOUD
     6  ---
     7  
     8  # Google Cloud DNS Provider
     9  
    10  ## Configuration
    11  
    12  For Google cloud authentication, DNSControl requires a JSON 'Service Account Key' for your project. Newlines in the private key need to be replaced with `\n`.Copy the full JSON object into your `creds.json` like so:
    13  
    14  {% highlight json %}
    15  {
    16      "gcloud": {
    17          "type": "service_account",
    18          "project_id": "mydnsproject",
    19          "private_key_id": "a05483aa208364c56716b384efff33c0574d365b",
    20          "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADL2dhlY7YZbx7tpsfksOX\nih0DbxhiQ==\n-----END PRIVATE KEY-----\n",
    21          "client_email": "dnscontrolacct@mydnsproject.iam.gserviceaccount.com",
    22          "client_id": "107996619231234567750",
    23          "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    24          "token_uri": "https://accounts.google.com/o/oauth2/token",
    25          "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    26          "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dnscontrolsdfsdfsdf%40craigdnstest.iam.gserviceaccount.com",
    27          "name_server_set" : "optional_name_server_set_name (contact your TAM)"
    28      }
    29  }
    30  {% endhighlight %}
    31  
    32  **Note**: The `project_id`, `private_key`, and `client_email`, are the only fields that are strictly required, but it is sometimes easier to just paste the entire json object in. Either way is fine.  `name_server_set` is optional and requires special permission from your TAM at Google in order to setup (See [Name server sets](#name_server_sets) below)
    33  
    34  See [the Activation section](#activation) for some tips on obtaining these credentials.
    35  
    36  ## Metadata
    37  This provider does not recognize any special metadata fields unique to google cloud dns.
    38  
    39  ## Usage
    40  Use this provider like any other DNS Provider:
    41  
    42  {% highlight js %}
    43  var REG_NAMECOM = NewRegistrar("name.com","NAMEDOTCOM");
    44  var GCLOUD = NewDnsProvider("gcloud", "GCLOUD");
    45  
    46  D("example.tld", REG_NAMECOM, DnsProvider(GCLOUD),
    47      A("test","1.2.3.4")
    48  );
    49  {%endhighlight%}
    50  
    51  ## Activation
    52  1. Go to your app-engine console and select the appropriate project.
    53  2. Go to "API Manager > Credentials", and create a new "Service Account Key"
    54  
    55      <img src="{{ site.github.url }}/assets/gcloud-json-screen.png" alt="New Service Account" style="width: 900px;"/>
    56  
    57  3. Choose an existing user, or create a new one. The user requires the "DNS Administrator" role.
    58  4. Download the JSON key and copy it into your `creds.json` under the name of your gcloud provider.
    59  
    60  ## New domains
    61  If a domain does not exist in your Google Cloud DNS account, DNSControl
    62  will *not* automatically add it with the `push` command. You'll need to do that via the
    63  control panel manually or via the `create-domains` command.
    64  
    65  ## Name server sets
    66  
    67  This optional feature lets you pin domains to a set of GCLOUD name servers.  The `nameServerSet` field is exposed in their API but there is
    68  currently no facility for creating a name server set.  You need special permission from your technical account manager at Google and they 
    69  will enable it on your account, responding with a list of names to use in the `name_server_set` field above.
    70  
    71  > `name_server_set` only applies on `create-domains` at the moment. Additional work needs to be done to support it during `push`