Add subdomain filter to AWS provider #1375
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: spohner The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/assign @hjacobs |
spohner
force-pushed
the
subdomainfilter
branch
from
cc3ea34
to
2c9210b
Compare
docs/tutorials/aws.md
Outdated
| - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both) | ||
| - --registry=txt | ||
| - --txt-owner-id=my-hostedzone-identifier | ||
| - name: external-dns |
There was a problem hiding this comment.
I think the indent are wrong here
There was a problem hiding this comment.
also the other changes, please revert them
There was a problem hiding this comment.
You are right. My bad. I'll revert and add the subdomain filter section with correct indentation.
pkg/apis/externaldns/types.go
Outdated
| @@ -300,6 +302,7 @@ func (cfg *Config) ParseFlags(args []string) error { | |||
| app.Flag("provider", "The DNS provider where the DNS records will be created (required, options: aws, aws-sd, google, azure, azure-dns, azure-private-dns, cloudflare, rcodezero, digitalocean, dnsimple, akamai, infoblox, dyn, designate, coredns, skydns, inmemory, pdns, oci, exoscale, linode, rfc2136, ns1, transip, vinyldns, rdns)").Required().PlaceHolder("provider").EnumVar(&cfg.Provider, "aws", "aws-sd", "google", "azure", "azure-dns", "azure-private-dns", "alibabacloud", "cloudflare", "rcodezero", "digitalocean", "dnsimple", "akamai", "infoblox", "dyn", "designate", "coredns", "skydns", "inmemory", "pdns", "oci", "exoscale", "linode", "rfc2136", "ns1", "transip", "vinyldns", "rdns") | |||
| app.Flag("domain-filter", "Limit possible target zones by a domain suffix; specify multiple times for multiple domains (optional)").Default("").StringsVar(&cfg.DomainFilter) | |||
| app.Flag("exclude-domains", "Exclude subdomains (optional)").Default("").StringsVar(&cfg.ExcludeDomains) | |||
| app.Flag("subdomain-filter", "Allow only changes to specific subdomain").Default("").StringsVar(&cfg.AWSSubdomainFilter) | |||
There was a problem hiding this comment.
it would be nice to only name it SubdomainFilter, this might be also useable for other providers
There was a problem hiding this comment.
Agreed. Will change.
provider/aws.go
Outdated
| @@ -124,7 +124,9 @@ type AWSProvider struct { | |||
| zoneTypeFilter ZoneTypeFilter | |||
| // filter hosted zones by tags | |||
| zoneTagFilter ZoneTagFilter | |||
| preferCNAME bool | |||
| // only allow changes to specified subdomain and its subdomains | |||
| subdomainFilter DomainFilter | |||
There was a problem hiding this comment.
should this not be changed to SubdomainFilter instead of DomainFilter?
There was a problem hiding this comment.
The subdomain filter is still a domain filter and the domain filtering provided by DomainFilter will be sufficient. However, I can add a SubdomainFilter type for readability and future changes. What do you think?
There was a problem hiding this comment.
Yes please, just thought it would be better to divide it because of readability and future changes as well.
provider/aws.go
Outdated
| @@ -133,6 +135,7 @@ type AWSConfig struct { | |||
| ZoneIDFilter ZoneIDFilter | |||
| ZoneTypeFilter ZoneTypeFilter | |||
| ZoneTagFilter ZoneTagFilter | |||
| SubdomainFilter DomainFilter | |||
There was a problem hiding this comment.
Also here DomainFilter -> SubDomainFilter?
provider/aws_test.go
Outdated
| @@ -301,7 +301,7 @@ func TestAWSZones(t *testing.T) { | |||
| {"zone id filter", NewZoneIDFilter([]string{"/hostedzone/zone-3.ext-dns-test-2.teapot.zalan.do."}), NewZoneTypeFilter(""), NewZoneTagFilter([]string{}), privateZones}, | |||
| {"tag filter", NewZoneIDFilter([]string{}), NewZoneTypeFilter(""), NewZoneTagFilter([]string{"zone=3"}), privateZones}, | |||
| } { | |||
| provider, _ := newAWSProviderWithTagFilter(t, NewDomainFilter([]string{"ext-dns-test-2.teapot.zalan.do."}), ti.zoneIDFilter, ti.zoneTypeFilter, ti.zoneTagFilter, defaultEvaluateTargetHealth, false, []*endpoint.Endpoint{}) | |||
| provider, _ := newAWSProviderWithTagFilter(t, NewDomainFilter([]string{"ext-dns-test-2.teapot.zalan.do."}), NewDomainFilter([]string{}), ti.zoneIDFilter, ti.zoneTypeFilter, ti.zoneTagFilter, defaultEvaluateTargetHealth, false, []*endpoint.Endpoint{}) | |||
There was a problem hiding this comment.
NewSubDomainFilter? And please also add subdomains inside of []string to see if it works.
provider/aws.go
Outdated
| @@ -124,7 +124,9 @@ type AWSProvider struct { | |||
| zoneTypeFilter ZoneTypeFilter | |||
| // filter hosted zones by tags | |||
| zoneTagFilter ZoneTagFilter | |||
| preferCNAME bool | |||
| // only allow changes to specified subdomain and its subdomains | |||
| subdomainFilter DomainFilter | |||
There was a problem hiding this comment.
Yes please, just thought it would be better to divide it because of readability and future changes as well.
|
Did the subdomain wrapper do the trick? Anything I can do to help with this PR? |
k8s-ci-robot
removed
the
size/L
k8s-ci-robot
added
the
size/XXL
spohner
changed the base branch from
master
to
njuettner/go_modules/github.com/pkg/errors-0.9.1
spohner
changed the base branch from
njuettner/go_modules/github.com/pkg/errors-0.9.1
to
master
k8s-ci-robot
added
size/L
|
/kind feature |
k8s-ci-robot
added
the
kind/feature
|
@spohner: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-rebase
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Send feedback to sig-contributor-experience at kubernetes/community. |
|
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This PR adds a subdomain filter to the AWS provider.
For example a filter defined with foo.example.org only allows changes to foo.example.org and subdomains of this domain. So bar.foo.example.org is allowed, but foo.bar.example.org is filtered by this filter.
Any feedback is much appreciated.