Add domainFilter to dns provider config

Add option to add CONFIG to dns provider secret

pkg/dns/aws/dns.go

@@ -47,23 +47,32 @@ const (
 )
 
 type Route53DNSProvider struct {
-	client                *InstrumentedRoute53
-	logger                logr.Logger
-	zoneIDFilter          dns.ZoneIDFilter
+	client *InstrumentedRoute53
+	logger logr.Logger
+	// only consider hosted zones ending with this zone id
+	zoneIDFilter dns.ZoneIDFilter
+	// only consider hosted zones managing domains ending in this suffix
+	domainFilter          dns.DomainFilter
 	healthCheckReconciler dns.HealthCheckReconciler
 }
 
 var _ dns.Provider = &Route53DNSProvider{}
 
 func NewProviderFromSecret(s *v1.Secret) (*Route53DNSProvider, error) {
 
+	if string(s.Data["AWS_ACCESS_KEY_ID"]) == "" || string(s.Data["AWS_SECRET_ACCESS_KEY"]) == "" {
+		return nil, fmt.Errorf("AWS Provider credentials is empty")
+	}
+
+	pConfig, err := dns.ConfigFromJSON(s.Data["CONFIG"])
+	if err != nil {
+		return nil, err
+	}
+
 	config := aws.NewConfig()
 	sessionOpts := session.Options{
 		Config: *config,
 	}
-	if string(s.Data["AWS_ACCESS_KEY_ID"]) == "" || string(s.Data["AWS_SECRET_ACCESS_KEY"]) == "" {
-		return nil, fmt.Errorf("AWS Provider credentials is empty")
-	}
 
 	sessionOpts.Config.Credentials = credentials.NewStaticCredentials(string(s.Data["AWS_ACCESS_KEY_ID"]), string(s.Data["AWS_SECRET_ACCESS_KEY"]), "")
 	sessionOpts.SharedConfigState = session.SharedConfigDisable
@@ -75,13 +84,14 @@ func NewProviderFromSecret(s *v1.Secret) (*Route53DNSProvider, error) {
 		sess.Config.WithRegion(string(s.Data["REGION"]))
 	}
 
-	//ToDo load zoneIDFilter from secret data['CONFIG']
-	zoneIDFilter := []string{}
+	zoneIDFilter := dns.NewZoneIDFilter(pConfig.ZoneIDFilter)
+	domainFilter := dns.NewDomainFilter(pConfig.DomainFilter)
 
 	p := &Route53DNSProvider{
 		client:       &InstrumentedRoute53{route53.New(sess, config)},
 		logger:       log.Log.WithName("aws-route53").WithValues("region", config.Region),
-		zoneIDFilter: dns.NewZoneIDFilter(zoneIDFilter),
+		zoneIDFilter: zoneIDFilter,
+		domainFilter: domainFilter,
 	}
 
 	if err := validateServiceEndpoints(p); err != nil {
@@ -218,7 +228,7 @@ func (p *Route53DNSProvider) zones() (map[string]*route53.HostedZone, error) {
 
 	f := func(resp *route53.ListHostedZonesOutput, lastPage bool) (shouldContinue bool) {
 		for _, zone := range resp.HostedZones {
-			if !p.zoneIDFilter.Match(aws.StringValue(zone.Id)) {
+			if !p.domainFilter.Match(aws.StringValue(zone.Name)) && !p.zoneIDFilter.Match(aws.StringValue(zone.Id)) {
 				continue
 			}
 			zones[aws.StringValue(zone.Id)] = zone

pkg/dns/dns.go

@@ -18,6 +18,7 @@ package dns
 
 import (
 	"context"
+	"encoding/json"
 	"errors"
 	"regexp"
 
@@ -77,6 +78,26 @@ type ZoneList struct {
 	Items []*Zone
 }
 
+type ProviderConfig struct {
+	ZoneIDFilter []string
+	DomainFilter []string
+}
+
+func ConfigFromJSON(jsonKey []byte) (*ProviderConfig, error) {
+	var pConfig struct {
+		ZoneIDFilter []string `json:"zoneIDFilter"`
+		DomainFilter []string `json:"domainFilter"`
+	}
+	if len(jsonKey) > 0 {
+		if err := json.Unmarshal(jsonKey, &pConfig); err != nil {
+			return nil, err
+		}
+	}
+	return &ProviderConfig{
+		ZoneIDFilter: pConfig.ZoneIDFilter,
+	}, nil
+}
+
 var _ Provider = &FakeProvider{}
 
 type FakeProvider struct{}

pkg/dns/filters.go

@@ -0,0 +1,71 @@
+package dns
+
+import "strings"
+
+// ZoneIDFilter holds a list of zone ids to filter by
+type ZoneIDFilter struct {
+	ZoneIDs []string
+}
+
+// NewZoneIDFilter returns a new ZoneIDFilter given a list of zone ids
+func NewZoneIDFilter(zoneIDs []string) ZoneIDFilter {
+	return ZoneIDFilter{zoneIDs}
+}
+
+// Match checks whether a zone matches one of the provided zone ids
+func (f ZoneIDFilter) Match(zoneID string) bool {
+	// An empty filter includes all zones.
+	if len(f.ZoneIDs) == 0 {
+		return true
+	}
+
+	for _, id := range f.ZoneIDs {
+		if strings.HasSuffix(zoneID, id) {
+			return true
+		}
+	}
+
+	return false
+}
+
+// IsConfigured returns true if DomainFilter is configured, false otherwise
+func (f ZoneIDFilter) IsConfigured() bool {
+	if len(f.ZoneIDs) == 1 {
+		return f.ZoneIDs[0] != ""
+	}
+	return len(f.ZoneIDs) > 0
+}
+
+// DomainFilter holds a list of domains to filter by
+type DomainFilter struct {
+	DomainNames []string
+}
+
+// NewDomainFilter returns a new DomainFilter given a list of domain names
+func NewDomainFilter(domainNames []string) DomainFilter {
+	return DomainFilter{domainNames}
+}
+
+// Match checks whether a zone matches one of the provided domains
+func (f DomainFilter) Match(domainName string) bool {
+	// An empty filter includes all zones.
+	if len(f.DomainNames) == 0 {
+		return true
+	}
+
+	for _, id := range f.DomainNames {
+		if strings.HasSuffix(domainName, id) {
+			return true
+		}
+	}
+
+	return false
+}
+
+// IsConfigured returns true if DomainFilter is configured, false otherwise
+func (f DomainFilter) IsConfigured() bool {
+	if len(f.DomainNames) == 1 {
+		return f.DomainNames[0] != ""
+	}
+	return len(f.DomainNames) > 0
+}

pkg/dns/google/google.go

@@ -137,6 +137,8 @@ type GoogleDNSProvider struct {
 	batchChangeInterval time.Duration
 	// only consider hosted zones ending with this zone id
 	zoneIDFilter dns.ZoneIDFilter
+	// only consider hosted zones managing domains ending in this suffix
+	domainFilter dns.DomainFilter
 	// A client for managing resource record sets
 	resourceRecordSetsClient resourceRecordSetsClientInterface
 	// A client for managing hosted zones
@@ -155,23 +157,29 @@ func NewProviderFromSecret(ctx context.Context, s *v1.Secret) (*GoogleDNSProvide
 		return nil, fmt.Errorf("GCP Provider credentials is empty")
 	}
 
+	pConfig, err := dns.ConfigFromJSON(s.Data["CONFIG"])
+	if err != nil {
+		return nil, err
+	}
+
 	dnsClient, err := dnsv1.NewService(ctx, option.WithCredentialsJSON(s.Data["GOOGLE"]))
 	if err != nil {
 		return nil, err
 	}
 
 	var project = string(s.Data["PROJECT_ID"])
 
-	//ToDo load zoneIDFilter from secret data['CONFIG']
-	zoneIDFilter := []string{}
+	zoneIDFilter := dns.NewZoneIDFilter(pConfig.ZoneIDFilter)
+	domainFilter := dns.NewDomainFilter(pConfig.DomainFilter)
 
 	provider := &GoogleDNSProvider{
 		logger:                   log.Log.WithName("google-dns").WithValues("project", project),
 		project:                  project,
 		dryRun:                   DryRun,
 		batchChangeSize:          GoogleBatchChangeSize,
 		batchChangeInterval:      GoogleBatchChangeInterval,
-		zoneIDFilter:             dns.NewZoneIDFilter(zoneIDFilter),
+		zoneIDFilter:             zoneIDFilter,
+		domainFilter:             domainFilter,
 		resourceRecordSetsClient: resourceRecordSetsService{dnsClient.ResourceRecordSets},
 		managedZonesClient:       managedZonesService{dnsClient.ManagedZones},
 		changesClient:            changesService{dnsClient.Changes},
@@ -205,7 +213,7 @@ func (p *GoogleDNSProvider) zones() (map[string]*dnsv1.ManagedZone, error) {
 
 	f := func(resp *dnsv1.ManagedZonesListResponse) error {
 		for _, zone := range resp.ManagedZones {
-			if !p.zoneIDFilter.Match(fmt.Sprintf("%v", zone.Id)) {
+			if !p.domainFilter.Match(zone.DnsName) && !(p.zoneIDFilter.Match(fmt.Sprintf("%v", zone.Id)) || p.zoneIDFilter.Match(fmt.Sprintf("%v", zone.Name))) {
 				continue
 			}
 			zones[zone.Name] = zone
@@ -316,6 +324,8 @@ func (g *GoogleDNSProvider) updateRecord(dnsRecord *v1alpha2.DNSRecord, action a
 
 	zoneID := *dnsRecord.Spec.ZoneID
 
+	g.logger.V(1).Info("GoogleDNSProvider updateRecord", "action", action, "zoneID", zoneID)
+
 	currentRecords, err := g.getResourceRecordSets(g.ctx, zoneID)
 	if err != nil {
 		return err
@@ -338,10 +348,14 @@ func (g *GoogleDNSProvider) updateRecord(dnsRecord *v1alpha2.DNSRecord, action a
 	}
 	addingRecords := toResourceRecordSets(dnsRecord.Spec.Endpoints)
 
-	g.logger.V(1).Info("updateRecord", "currentRecords", currentRecords, "deletingRecords", deletingRecords, "addingRecords", addingRecords)
+	g.logger.V(1).Info("GoogleDNSProvider updateRecord", "action", action, "currentRecords", currentRecords)
+	g.logger.V(1).Info("GoogleDNSProvider updateRecord", "action", action, "deletingRecords", deletingRecords)
+	g.logger.V(1).Info("GoogleDNSProvider updateRecord", "action", action, "addingRecords", addingRecords)
+	g.logger.V(1).Info("GoogleDNSProvider updateRecord", "action", action, "statusRecords", statusRecords)
 
 	change := &dnsv1.Change{}
 	if action == deleteAction {
+		g.logger.V(1).Info("GoogleDNSProvider DELETE RECORD")
 		change.Deletions = deletingRecords
 	} else {
 		change.Deletions = deletingRecords