A solution could be adding a new option in "pools.yaml" for powerdns to specify he location of the ca cert needed to verify the connection to the API endpoint, something like:
options: host: <IP> port: <PORT> api_endpoint: https://<FQDN> api_token: <API Key> api_ca_cert: <ca-cert-location>
Then, on designate/designate/backend/impl_pdns4.py:
def __init__(self, target): super(PDNS4Backend, self).__init__(target)
self.api_endpoint = self.options.get('api_endpoint') self.api_token = self.options.get('api_token') self.tsigkey_name = self.options.get('tsigkey_name', None)
+ self.api_ca_cert = self.options.get('api_ca_cert')
self.headers = { "X-API-Key": self.api_token }
(···)
try: requests.post( self._build_url(), json=data, headers=self.headers, verify=self.api_ca_cert ).raise_for_status()
Maybe differentiating the cases when the certificate is defined and when it isnt
A solution could be adding a new option in "pools.yaml" for powerdns to specify he location of the ca cert needed to verify the connection to the API endpoint, something like:
options:
api_endpoint: https://<FQDN>
api_ca_ cert: <ca-cert-location>
host: <IP>
port: <PORT>
api_token: <API Key>
Then, on designate/ designate/ backend/ impl_pdns4. py:
def __init__(self, target):
super( PDNS4Backend, self)._ _init__ (target)
+ self.api_ca_cert = self.options. get('api_ ca_cert' )
}
(···)
try:
requests. post(
self. _build_ url(),
json= data,
headers= self.headers,
verify= self.api_ ca_cert
). raise_for_ status( )
Maybe differentiating the cases when the certificate is defined and when it isnt