-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add subdomain filter to AWS provider #1375
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: spohner The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/assign @hjacobs |
cc3ea34
to
2c9210b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR 👍. I added some comments, PTAL 🙂.
docs/tutorials/aws.md
Outdated
- --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both) | ||
- --registry=txt | ||
- --txt-owner-id=my-hostedzone-identifier | ||
- name: external-dns |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the indent are wrong here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also the other changes, please revert them
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right. My bad. I'll revert and add the subdomain filter section with correct indentation.
pkg/apis/externaldns/types.go
Outdated
@@ -300,6 +302,7 @@ func (cfg *Config) ParseFlags(args []string) error { | |||
app.Flag("provider", "The DNS provider where the DNS records will be created (required, options: aws, aws-sd, google, azure, azure-dns, azure-private-dns, cloudflare, rcodezero, digitalocean, dnsimple, akamai, infoblox, dyn, designate, coredns, skydns, inmemory, pdns, oci, exoscale, linode, rfc2136, ns1, transip, vinyldns, rdns)").Required().PlaceHolder("provider").EnumVar(&cfg.Provider, "aws", "aws-sd", "google", "azure", "azure-dns", "azure-private-dns", "alibabacloud", "cloudflare", "rcodezero", "digitalocean", "dnsimple", "akamai", "infoblox", "dyn", "designate", "coredns", "skydns", "inmemory", "pdns", "oci", "exoscale", "linode", "rfc2136", "ns1", "transip", "vinyldns", "rdns") | |||
app.Flag("domain-filter", "Limit possible target zones by a domain suffix; specify multiple times for multiple domains (optional)").Default("").StringsVar(&cfg.DomainFilter) | |||
app.Flag("exclude-domains", "Exclude subdomains (optional)").Default("").StringsVar(&cfg.ExcludeDomains) | |||
app.Flag("subdomain-filter", "Allow only changes to specific subdomain").Default("").StringsVar(&cfg.AWSSubdomainFilter) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it would be nice to only name it SubdomainFilter
, this might be also useable for other providers
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. Will change.
provider/aws.go
Outdated
@@ -124,7 +124,9 @@ type AWSProvider struct { | |||
zoneTypeFilter ZoneTypeFilter | |||
// filter hosted zones by tags | |||
zoneTagFilter ZoneTagFilter | |||
preferCNAME bool | |||
// only allow changes to specified subdomain and its subdomains | |||
subdomainFilter DomainFilter |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this not be changed to SubdomainFilter instead of DomainFilter?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The subdomain filter is still a domain filter and the domain filtering provided by DomainFilter will be sufficient. However, I can add a SubdomainFilter type for readability and future changes. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes please, just thought it would be better to divide it because of readability and future changes as well.
provider/aws.go
Outdated
@@ -133,6 +135,7 @@ type AWSConfig struct { | |||
ZoneIDFilter ZoneIDFilter | |||
ZoneTypeFilter ZoneTypeFilter | |||
ZoneTagFilter ZoneTagFilter | |||
SubdomainFilter DomainFilter |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also here DomainFilter -> SubDomainFilter?
provider/aws_test.go
Outdated
@@ -301,7 +301,7 @@ func TestAWSZones(t *testing.T) { | |||
{"zone id filter", NewZoneIDFilter([]string{"/hostedzone/zone-3.ext-dns-test-2.teapot.zalan.do."}), NewZoneTypeFilter(""), NewZoneTagFilter([]string{}), privateZones}, | |||
{"tag filter", NewZoneIDFilter([]string{}), NewZoneTypeFilter(""), NewZoneTagFilter([]string{"zone=3"}), privateZones}, | |||
} { | |||
provider, _ := newAWSProviderWithTagFilter(t, NewDomainFilter([]string{"ext-dns-test-2.teapot.zalan.do."}), ti.zoneIDFilter, ti.zoneTypeFilter, ti.zoneTagFilter, defaultEvaluateTargetHealth, false, []*endpoint.Endpoint{}) | |||
provider, _ := newAWSProviderWithTagFilter(t, NewDomainFilter([]string{"ext-dns-test-2.teapot.zalan.do."}), NewDomainFilter([]string{}), ti.zoneIDFilter, ti.zoneTypeFilter, ti.zoneTagFilter, defaultEvaluateTargetHealth, false, []*endpoint.Endpoint{}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NewSubDomainFilter? And please also add subdomains inside of []string to see if it works.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same for the ones below
provider/aws.go
Outdated
@@ -124,7 +124,9 @@ type AWSProvider struct { | |||
zoneTypeFilter ZoneTypeFilter | |||
// filter hosted zones by tags | |||
zoneTagFilter ZoneTagFilter | |||
preferCNAME bool | |||
// only allow changes to specified subdomain and its subdomains | |||
subdomainFilter DomainFilter |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes please, just thought it would be better to divide it because of readability and future changes as well.
Did the subdomain wrapper do the trick? Anything I can do to help with this PR? |
/kind feature |
@spohner: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
Rotten issues close after 30d of inactivity. Send feedback to sig-contributor-experience at kubernetes/community. |
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This PR adds a subdomain filter to the AWS provider.
For example a filter defined with foo.example.org only allows changes to foo.example.org and subdomains of this domain. So bar.foo.example.org is allowed, but foo.bar.example.org is filtered by this filter.
Any feedback is much appreciated.