AntonOfTheWoods/ovh_consumer_key.py

## ovh_consumer_key.py
# This is a template for getting the famous "consumer key" that you need in order to set up
# Let's Encrypt DNS issuing for your domain via the DNS provider

# See https://medium.com/@gabin.chambon/automatic-certificate-generation-on-kubernetes-with-cert-manager-on-ovh-cloud-a0b58b64279b
# for most details, including the installation of https://github.com/baarde/cert-manager-webhook-ovh.
# This script is useful for the part:
# Then we need to create an OVH API Key , access this URL : And create an API Access with the GET PUT POST DELETE
# right on the /<domain>/zone/* (replace with the domain you want to validate).

# Here are instructions for getting all the credentials you need and configuring this correctly, as it is far from obvious for someone
# who has never used the OVH api before!

# Sidebar - OVH's API appears to work on the following principle. You have "apps" that you can create in your own account that will be
# owned by you. These "apps" are useless on their own, however, as they need to be activated and given permissions for specific accounts,
# even your own. This is the famous "consumer key". So you create an "app" and then get consumer keys for all the client accounts that
# you want the app to be able to access. For this you MUST get a key and use it every time you want to interact with an account in
# addition to the appication keys.

# First go to https://eu.api.ovh.com/createApp/ (or https://us.api.ovh.com/createApp/ for the US I guess) and fill in a name and desc
# Get the "Application Key" and "Application Secret". You need both of these to get your consumer key.

# the following python3.6+ will get your consumer key. First install the ovh python client

# pip install ovh
# then modify the <your_application_key>, <your_application_secret>, <your_domain> values below and execute:

import ovh

app_key = '<your_application_key>'
app_secret = '<your_application_secret>'
your_domain = '<your_domain>'

# create a client using configuration
client = ovh.Client(
    endpoint='ovh-eu',  # or 'ovh-us' for the US
    application_key=app_key,
    application_secret=app_secret
)
perm_base = f"/domain/zone/{your_domain}/*"

access_rules = [
        {'method': 'GET', 'path': perm_base},
        {'method': 'POST', 'path': perm_base},
        {'method': 'PUT', 'path': perm_base},
        {'method': 'DELETE', 'path': perm_base}
        ]

validation = client.request_consumerkey(access_rules)

print(f"Please visit {validation['validationUrl']} to authenticate")

# Once you have visited that URL and accepted that the "app" access your account, you can use the consumer key.
# I advise you select "Unlimited" from the "Validity" dropdown, so cert-manager can just take care of updating your certs when they expire
# but that is obviously up to you if you want to repeat this every three months!

# You can now continue with
# https://medium.com/@gabin.chambon/automatic-certificate-generation-on-kubernetes-with-cert-manager-on-ovh-cloud-a0b58b64279b
	# This is a template for getting the famous "consumer key" that you need in order to set up
	# Let's Encrypt DNS issuing for your domain via the DNS provider

	# See https://medium.com/@gabin.chambon/automatic-certificate-generation-on-kubernetes-with-cert-manager-on-ovh-cloud-a0b58b64279b
	# for most details, including the installation of https://github.com/baarde/cert-manager-webhook-ovh.
	# This script is useful for the part:
	# Then we need to create an OVH API Key , access this URL : And create an API Access with the GET PUT POST DELETE
	# right on the /<domain>/zone/* (replace with the domain you want to validate).

	# Here are instructions for getting all the credentials you need and configuring this correctly, as it is far from obvious for someone
	# who has never used the OVH api before!

	# Sidebar - OVH's API appears to work on the following principle. You have "apps" that you can create in your own account that will be
	# owned by you. These "apps" are useless on their own, however, as they need to be activated and given permissions for specific accounts,
	# even your own. This is the famous "consumer key". So you create an "app" and then get consumer keys for all the client accounts that
	# you want the app to be able to access. For this you MUST get a key and use it every time you want to interact with an account in
	# addition to the appication keys.

	# First go to https://eu.api.ovh.com/createApp/ (or https://us.api.ovh.com/createApp/ for the US I guess) and fill in a name and desc
	# Get the "Application Key" and "Application Secret". You need both of these to get your consumer key.

	# the following python3.6+ will get your consumer key. First install the ovh python client

	# pip install ovh
	# then modify the <your_application_key>, <your_application_secret>, <your_domain> values below and execute:

	import ovh

	app_key = '<your_application_key>'
	app_secret = '<your_application_secret>'
	your_domain = '<your_domain>'

	# create a client using configuration
	client = ovh.Client(
	endpoint='ovh-eu', # or 'ovh-us' for the US
	application_key=app_key,
	application_secret=app_secret
	)
	perm_base = f"/domain/zone/{your_domain}/*"

	access_rules = [
	{'method': 'GET', 'path': perm_base},
	{'method': 'POST', 'path': perm_base},
	{'method': 'PUT', 'path': perm_base},
	{'method': 'DELETE', 'path': perm_base}
	]

	validation = client.request_consumerkey(access_rules)

	print(f"Please visit {validation['validationUrl']} to authenticate")

	# Once you have visited that URL and accepted that the "app" access your account, you can use the consumer key.
	# I advise you select "Unlimited" from the "Validity" dropdown, so cert-manager can just take care of updating your certs when they expire
	# but that is obviously up to you if you want to repeat this every three months!

	# You can now continue with
	# https://medium.com/@gabin.chambon/automatic-certificate-generation-on-kubernetes-with-cert-manager-on-ovh-cloud-a0b58b64279b