stackitcloud
diff --git a/‎README.md
Lines changed: 5 additions & 2 deletions b/‎README.md
Lines changed: 5 additions & 2 deletions
diff --git a/‎cmd/webhook/cmd/root.go
Lines changed: 21 additions & 17 deletions b/‎cmd/webhook/cmd/root.go
Lines changed: 21 additions & 17 deletions
diff --git a/‎go.mod
Lines changed: 4 additions & 6 deletions b/‎go.mod
Lines changed: 4 additions & 6 deletions
@@ -31,7 +31,9 @@ demonstrates the deployment as a
 [sidecar container](https://kubernetes.io/docs/concepts/workloads/pods/#workload-resources-for-managing-pods)
 within the ExternalDNS pod.
 
-```shell 
+```shell
+# We create a Secret from an auth token. Alternatively, you can also
+# use keys to authenticate the webhook - see "Authentication" below.
 kubectl create secret generic external-dns-stackit-webhook --from-literal=auth-token='<Your-Token>'
 ```
 
@@ -217,7 +219,8 @@ The configuration of the STACKIT webhook can be accomplished through command lin
 Below are the options that are available.
 
 - `--project-id`/`PROJECT_ID` (required): Specifies the project id of the STACKIT project.
-- `--auth-token`/`AUTH_TOKEN` (required): Defines the authentication token for the STACKIT API.
+- `--auth-token`/`AUTH_TOKEN` (required if `auth-key-path` is not set): Defines the authentication token for the STACKIT API. Mutually exclusive with 'auth-key-path'.
+- `--auth-key-path`/`AUTH_KEY_PATH` (required if `auth-token` is not set): Defines the file path of the service account key for the STACKIT API. Mutually exclusive with 'auth-token'.
 - `--worker`/`WORKER`  (optional): Specifies the number of workers to employ for querying the API. Given that we
   need to iterate over all zones and records, it can be parallelized. However, it is important to avoid
   setting this number excessively high to prevent receiving 429 rate limiting from the API (default 10).
 
@@ -3,16 +3,15 @@ package cmd
 import (
 	"fmt"
 	"log"
-	"net/http"
 	"strings"
-	"time"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 	"github.com/stackitcloud/external-dns-stackit-webhook/internal/stackitprovider"
 	"github.com/stackitcloud/external-dns-stackit-webhook/pkg/api"
 	"github.com/stackitcloud/external-dns-stackit-webhook/pkg/metrics"
+	"github.com/stackitcloud/external-dns-stackit-webhook/pkg/stackit"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 	"sigs.k8s.io/external-dns/endpoint"
@@ -21,6 +20,7 @@ import (
 var (
 	apiPort         string
 	authBearerToken string
+	authKeyPath     string
 	baseUrl         string
 	projectID       string
 	worker          int
@@ -34,10 +34,6 @@ var rootCmd = &cobra.Command{
 	Short: "provider webhook for the STACKIT DNS service",
 	Long:  "provider webhook for the STACKIT DNS service",
 	Run: func(cmd *cobra.Command, args []string) {
-		if len(authBearerToken) == 0 {
-			panic("auth-token is required")
-		}
-
 		logger := getLogger()
 		defer func(logger *zap.Logger) {
 			err := logger.Sync()
@@ -48,16 +44,23 @@ var rootCmd = &cobra.Command{
 
 		endpointDomainFilter := endpoint.DomainFilter{Filters: domainFilter}
 
-		stackitProvider, err := stackitprovider.NewStackitDNSProvider(stackitprovider.Config{
-			BasePath:     baseUrl,
-			Token:        authBearerToken,
-			ProjectId:    projectID,
-			DomainFilter: endpointDomainFilter,
-			DryRun:       dryRun,
-			Workers:      worker,
-		}, logger.With(zap.String("component", "stackitprovider")), &http.Client{
-			Timeout: 10 * time.Second,
-		})
+		stackitConfigOptions, err := stackit.SetConfigOptions(baseUrl, authBearerToken, authKeyPath)
+		if err != nil {
+			panic(err)
+		}
+
+		stackitProvider, err := stackitprovider.NewStackitDNSProvider(
+			logger.With(zap.String("component", "stackitprovider")),
+			// ExternalDNS provider config
+			stackitprovider.Config{
+				ProjectId:    projectID,
+				DomainFilter: endpointDomainFilter,
+				DryRun:       dryRun,
+				Workers:      worker,
+			},
+			// STACKIT client SDK config
+			stackitConfigOptions...,
+		)
 		if err != nil {
 			panic(err)
 		}
@@ -110,7 +113,8 @@ func init() {
 	cobra.OnInitialize(initConfig)
 
 	rootCmd.PersistentFlags().StringVar(&apiPort, "api-port", "8888", "Specifies the port to listen on.")
-	rootCmd.PersistentFlags().StringVar(&authBearerToken, "auth-token", "", "Defines the authentication token for the STACKIT API.")
+	rootCmd.PersistentFlags().StringVar(&authBearerToken, "auth-token", "", "Defines the authentication token for the STACKIT API. Mutually exclusive with 'auth-key-path'.")
+	rootCmd.PersistentFlags().StringVar(&authKeyPath, "auth-key-path", "", "Defines the file path of the service account key for the STACKIT API. Mutually exclusive with 'auth-token'.")
 	rootCmd.PersistentFlags().StringVar(&baseUrl, "base-url", "https://dns.api.stackit.cloud", " Identifies the Base URL for utilizing the API.")
 	rootCmd.PersistentFlags().StringVar(&projectID, "project-id", "", "Specifies the project id of the STACKIT project.")
 	rootCmd.PersistentFlags().IntVar(&worker, "worker", 10, "Specifies the number "+
 
@@ -3,15 +3,15 @@ module github.com/stackitcloud/external-dns-stackit-webhook
 go 1.20
 
 require (
-	github.com/antihax/optional v1.0.0
 	github.com/goccy/go-json v0.10.2
 	github.com/gofiber/adaptor/v2 v2.2.1
 	github.com/gofiber/fiber/v2 v2.50.0
 	github.com/prometheus/client_golang v1.17.0
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.17.0
-	github.com/stackitcloud/stackit-dns-api-client-go v0.0.0-20230228185514-6838d6d6f051
+	github.com/stackitcloud/stackit-sdk-go/core v0.10.0
+	github.com/stackitcloud/stackit-sdk-go/services/dns v0.8.4
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/mock v0.3.0
 	go.uber.org/zap v1.26.0
@@ -27,10 +27,11 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/uuid v1.3.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -57,18 +58,15 @@ require (
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.50.0 // indirect
 	github.com/valyala/tcplisten v1.0.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/oauth2 v0.13.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect