feat(gandi): add support for personal access token

docs/tutorials/gandi.md

@@ -8,11 +8,13 @@ Make sure to use **>=0.7.7** version of ExternalDNS for this tutorial.
 
 Create a new DNS zone where you want to create your records in. Let's use `example.com` as an example here. Make sure the zone uses
 
-## Creating Gandi API Key
+## Creating Gandi Personal Access Token (PAT)
 
-Generate an API key on [your account](https://account.gandi.net) (click on "Security").
+Generate a Personal Access Token on [your account](https://admin.gandi.net) (click on "User Settings") with `Manage domain name technical configurations` permission.
 
-The environment variable `GANDI_KEY` will be needed to run ExternalDNS with Gandi.
+The environment variable `GANDI_PAT` will be needed to run ExternalDNS with Gandi.
+
+You can also set `GANDI_KEY` if you have an old API key.
 
 ## Deploy ExternalDNS
 
@@ -45,8 +47,8 @@ spec:
         - --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above.
         - --provider=gandi
         env:
-        - name: GANDI_KEY
+        - name: GANDI_PAT
-          value: "YOUR_GANDI_API_KEY"
+          value: "YOUR_GANDI_PAT"
 ```
 
 ### Manifest (for clusters with RBAC enabled)
@@ -109,8 +111,8 @@ spec:
         - --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above.
         - --provider=gandi
         env:
-        - name: GANDI_KEY
+        - name: GANDI_PAT
-          value: "YOUR_GANDI_API_KEY"
+          value: "YOUR_GANDI_PAT"
 ```
 
 

provider/gandi/gandi.go

@@ -52,16 +52,21 @@ type GandiProvider struct {
 }
 
 func NewGandiProvider(ctx context.Context, domainFilter endpoint.DomainFilter, dryRun bool) (*GandiProvider, error) {
-	key, ok := os.LookupEnv("GANDI_KEY")
+	key, ok_key := os.LookupEnv("GANDI_KEY")
-	if !ok {
+	pat, ok_pat := os.LookupEnv("GANDI_PAT")
-		return nil, errors.New("no environment variable GANDI_KEY provided")
+	if !(ok_key || ok_pat) {
+		return nil, errors.New("no environment variable GANDI_KEY or GANDI_PAT provided")
+	}
+	if ok_key {
+		log.Warning("Usage of GANDI_KEY (API Key) is deprecated. Please consider creating a Personal Access Token (PAT) instead, see https://api.gandi.net/docs/authentication/")
 	}
 	sharingID, _ := os.LookupEnv("GANDI_SHARING_ID")
 
 	g := config.Config{
-		APIKey:    key,
+		APIKey:              key,
-		SharingID: sharingID,
+		PersonalAccessToken: pat,
-		Debug:     false,
+		SharingID:           sharingID,
+		Debug:               false,
 		// dry-run doesn't work but it won't hurt passing the flag
 		DryRun: dryRun,
 	}

provider/gandi/gandi_test.go

@@ -162,6 +162,20 @@ func TestNewGandiProvider(t *testing.T) {
 	}
 	assert.Equal(t, true, provider.DryRun)
 
+	_ = os.Setenv("GANDI_PAT", "myGandiPAT")
+	provider, err = NewGandiProvider(context.Background(), endpoint.NewDomainFilter([]string{"example.com"}), true)
+	if err != nil {
+		t.Errorf("failed : %s", err)
+	}
+	assert.Equal(t, true, provider.DryRun)
+
+	_ = os.Unsetenv("GANDI_KEY")
+	provider, err = NewGandiProvider(context.Background(), endpoint.NewDomainFilter([]string{"example.com"}), true)
+	if err != nil {
+		t.Errorf("failed : %s", err)
+	}
+	assert.Equal(t, true, provider.DryRun)
+
 	_ = os.Setenv("GANDI_SHARING_ID", "aSharingId")
 	provider, err = NewGandiProvider(context.Background(), endpoint.NewDomainFilter([]string{"example.com"}), false)
 	if err != nil {
@@ -169,7 +183,7 @@ func TestNewGandiProvider(t *testing.T) {
 	}
 	assert.Equal(t, false, provider.DryRun)
 
-	_ = os.Unsetenv("GANDI_KEY")
+	_ = os.Unsetenv("GANDI_PAT")
 	_, err = NewGandiProvider(context.Background(), endpoint.NewDomainFilter([]string{"example.com"}), true)
 	if err == nil {
 		t.Errorf("expected to fail")