Add check-creds subcommand (#665)

docs/_providers/gcloud.md

@@ -69,3 +69,14 @@ currently no facility for creating a name server set.  You need special permissi
 will enable it on your account, responding with a list of names to use in the `name_server_set` field above.
 
 > `name_server_set` only applies on `create-domains` at the moment. Additional work needs to be done to support it during `push`
+
+# Debugging credentials
+
+You can test your `creds.json` entry with the command: `dnscontrol check-creds foo GCLOUD` where `foo` is the name of key used in `creds.json`.  Error messages you might see:
+
+* `googleapi: Error 403: Permission denied on resource project REDACTED., forbidden`
+  * Hint: `project_id` may be invalid.
+* `private key should be a PEM or plain PKCS1 or PKCS8; parse error:`
+  * Hint: `private_key` may be invalid.
+* `Response: {"error":"invalid_grant","error_description":"Invalid grant: account not found"}`
+  * Hint: `client_email` may be invalid.

docs/check-creds.md

@@ -0,0 +1,37 @@
+---
+layout: default
+title: Check-Creds subcommand
+---
+
+# check-creds
+
+This is a stand-alone utility to help verify entries in `creds.json`.
+
+The command does a trivia operation to verify credentials.  If
+successful, a list of zones will be output. If not, hopefully you see
+verbose error messages.
+
+Syntax:
+
+   dnscontrol check-creds [command options] credkey provider
+
+   --creds value   Provider credentials JSON file (default: "creds.json")
+   --out value     Instead of stdout, write to this file
+
+ARGUMENTS:
+   credkey:  The name used in creds.json (first parameter to NewDnsProvider() in dnsconfig.js)
+   provider: The name of the provider (second parameter to NewDnsProvider() in dnsconfig.js)
+
+EXAMPLES:
+   dnscontrol get-zones myr53 ROUTE53
+   dnscontrol get-zones --out=/dev/null myr53 ROUTE53
+
+# Example commands
+
+dnscontrol get-zone
+
+# Developer Note
+
+This command is not implemented for all providers.
+
+To add this to a provider, implement the get-zones subcommand

docs/get-zones.md

@@ -78,7 +78,7 @@ go generate
 
 Find the `GetZoneRecords` function in the `*Provider.go` file.
 
-If currently returns `fmt.Errorf("not implemented")`.
+It currently returns `fmt.Errorf("not implemented")`.
 
 Instead, it should gather the records from the provider
 and return them as a list of RecordConfig structs.
@@ -99,3 +99,8 @@ will query the provider for the list of zones.
 (Technically what is happening is by implementing the `ListZones`
 function, you are completing the `ZoneLister` interface for that
 provider.)
+
+Implementing the `ListZones` function also activates the `check-creds`
+subcommand for that provider. Please add to the provider documentation
+a list of error messages that people might see if the credentials are
+invalid.  See `docs/_providers/gcloud.md` for examples.