StackExchange · tlimoncelli · Oct 1, 2023 · Oct 1, 2023 · Oct 1, 2023 · Oct 1, 2023
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -90,119 +90,13 @@ jobs:
         ENV_CONTEXT: ${{ toJson(env) }}
         VARS_CONTEXT: ${{ toJson(vars) }}
         SECRETS_CONTEXT: ${{ toJson(secrets) }}
-  integrtests-diff1:
-    if: github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main'
-    needs: integration-test-providers
-    runs-on: ubuntu-latest
-    container:
-      image: golang:1.20
-      env:
-        TEST_RESULTS: "/tmp/test-results"
-        GOTESTSUM_FORMAT: testname
-
-        # These providers will be tested if the env variable is set.
-        # Set it to the domain name to use during the test.
-        AZURE_DNS_DOMAIN: ${{ vars.AZURE_DNS_DOMAIN }}
-        BIND_DOMAIN: ${{ vars.BIND_DOMAIN }}
-        CLOUDFLAREAPI_DOMAIN: ${{ vars.CLOUDFLAREAPI_DOMAIN }}
-        CLOUDNS_DOMAIN: ${{ vars.CLOUDNS_DOMAIN }}
-        CSCGLOBAL_DOMAIN: ${{ vars.CSCGLOBAL_DOMAIN }}
-        DIGITALOCEAN_DOMAIN: ${{ vars.DIGITALOCEAN_DOMAIN }}
-        GANDI_V5_DOMAIN: ${{ vars.GANDI_V5_DOMAIN }}
-        GCLOUD_DOMAIN: ${{ vars.GCLOUD_DOMAIN }}
-        HEDNS_DOMAIN: ${{ vars.HEDNS_DOMAIN }}
-        HEXONET_DOMAIN: ${{ vars.HEXONET_DOMAIN }}
-        NAMEDOTCOM_DOMAIN: ${{ vars.NAMEDOTCOM_DOMAIN }}
-        NS1_DOMAIN: ${{ vars.NS1_DOMAIN }}
-        POWERDNS_DOMAIN: ${{ vars.POWERDNS_DOMAIN }}
-        ROUTE53_DOMAIN: ${{ vars.ROUTE53_DOMAIN }}
-        TRANSIP_DOMAIN: ${{ vars.TRANSIP_DOMAIN }}
-
-        # The above providers have additional env variables they
-        # need for credentials and such.
-
-        AZURE_DNS_CLIENT_ID: ${{ secrets.AZURE_DNS_CLIENT_ID }}
-        AZURE_DNS_CLIENT_SECRET: ${{ secrets.AZURE_DNS_CLIENT_SECRET }}
-        AZURE_DNS_RESOURCE_GROUP: ${{ secrets.AZURE_DNS_RESOURCE_GROUP }}
-        AZURE_DNS_SUBSCRIPTION_ID: ${{ secrets.AZURE_DNS_SUBSCRIPTION_ID }}
-        AZURE_DNS_TENANT_ID: ${{ secrets.AZURE_DNS_TENANT_ID }}
-
-        CLOUDFLAREAPI_ACCOUNTID: ${{ secrets.CLOUDFLAREAPI_ACCOUNTID }}
-        CLOUDFLAREAPI_TOKEN: ${{ secrets.CLOUDFLAREAPI_TOKEN }}
-
-        CLOUDNS_AUTH_ID: ${{ secrets.CLOUDNS_AUTH_ID }}
-        CLOUDNS_AUTH_PASSWORD: ${{ secrets.CLOUDNS_AUTH_PASSWORD }}
-
-        CSCGLOBAL_APIKEY: ${{ secrets.CSCGLOBAL_APIKEY }}
-        CSCGLOBAL_USERTOKEN: ${{ secrets.CSCGLOBAL_USERTOKEN }}
-
-        DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
-
-        GANDI_V5_APIKEY: ${{ secrets.GANDI_V5_APIKEY }}
-
-        GCLOUD_EMAIL: ${{ secrets.GCLOUD_EMAIL }}
-        GCLOUD_PRIVATEKEY: ${{ secrets.GCLOUD_PRIVATEKEY }}
-        GCLOUD_PROJECT: ${{ secrets.GCLOUD_PROJECT }}
-        GCLOUD_TYPE: ${{ secrets.GCLOUD_TYPE }}
-
-        HEDNS_PASSWORD: ${{ secrets.HEDNS_PASSWORD }}
-        HEDNS_TOTP_SECRET: ${{ secrets.HEDNS_TOTP_SECRET }}
-        HEDNS_USERNAME: ${{ secrets.HEDNS_USERNAME }}
-
-        HEXONET_ENTITY: ${{ secrets.HEXONET_ENTITY }}
-        HEXONET_PW: ${{ secrets.HEXONET_PW }}
-        HEXONET_UID: ${{ secrets.HEXONET_UID }}
-
-        NAMEDOTCOM_KEY: ${{ secrets.NAMEDOTCOM_KEY }}
-        NAMEDOTCOM_URL: ${{ secrets.NAMEDOTCOM_URL }}
-        NAMEDOTCOM_USER: ${{ secrets.NAMEDOTCOM_USER }}
-
-        NS1_TOKEN: ${{ secrets.NS1_TOKEN }}
-
-        POWERDNS_APIKEY: ${{ secrets.POWERDNS_APIKEY }}
-        POWERDNS_APIURL: ${{ secrets.POWERDNS_APIURL }}
-        POWERDNS_SERVERNAME: ${{ secrets.POWERDNS_SERVERNAME }}
-
-        ROUTE53_KEY: ${{ secrets.ROUTE53_KEY }}
-        ROUTE53_KEY_ID: ${{ secrets.ROUTE53_KEY_ID }}
-
-        TRANSIP_ACCOUNT_NAME: ${{ secrets.TRANSIP_ACCOUNT_NAME }}
-        TRANSIP_PRIVATE_KEY: ${{ secrets.TRANSIP_PRIVATE_KEY }}
-
-    concurrency: ${{ matrix.provider }}
-    strategy:
-      fail-fast: false
-      matrix:
-        provider: ${{ fromJson(needs.integration-test-providers.outputs.integration_test_providers )}}
-    steps:
-    - uses: actions/checkout@v4
-    - run: mkdir -p "$TEST_RESULTS"
-    - name: restore_cache
-      uses: actions/[email protected]
-      with:
-        key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
-        restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
-        path: ${{ env.go-mod-path }}
-    - name: Run integration tests for ${{ matrix.provider }} provider
-      run: |-
-        if [ -z "$${{ matrix.provider }}_DOMAIN" ] ; then
-          echo "Skip test for ${{ matrix.provider }} provider"
-        else
-          go install gotest.tools/gotestsum@latest
-          gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- -timeout 30m -v -verbose -provider ${{ matrix.provider }} -cfworkers=false
-        fi
-      working-directory: integrationTest
-    - uses: actions/[email protected]
-      with:
-        path: "/tmp/test-results"
   integrtests-diff2:
     if: github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main'
     runs-on: ubuntu-latest
     container:
       image: golang:1.20
     needs:
     - integration-test-providers
-    - integrtests-diff1
     env:
       TEST_RESULTS: "/tmp/test-results"
       GOTESTSUM_FORMAT: testname
@@ -294,7 +188,7 @@ jobs:
       run: |-
         go install gotest.tools/gotestsum@latest
         if [ -n "$${{ matrix.provider }}_DOMAIN" ] ; then
-          gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- -timeout 30m -v -verbose -provider ${{ matrix.provider }} -cfworkers=false -diff2
+          gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- -timeout 30m -v -verbose -provider ${{ matrix.provider }} -cfworkers=false
         else
           echo "Skip test for ${{ matrix.provider }} provider"
         fi

diff --git a/commands/commands.go b/commands/commands.go
@@ -65,14 +65,17 @@ func Run(v string) int {
 			Destination: &js.EnableFetch,
 		},
 		&cli.BoolFlag{
-			Name:        "diff2",
-			Usage:       "Enable replacement diff algorithm",
-			Destination: &diff2.EnableDiff2,
-			Value:       true,
+			Name:   "diff2",
+			Usage:  "Obsolete flag. Will be removed in v5 or later",
+			Hidden: true,
+			Action: func(ctx *cli.Context, v bool) error {
+				obsoleteDiff2FlagUsed = true
+				return nil
+			},
 		},
 		&cli.BoolFlag{
 			Name:        "disableordering",
-			Usage:       "Disables the dns ordering part of the diff2 package",
+			Usage:       "Disables update reordering",
 			Destination: &diff2.DisableOrdering,
 		},
 		&cli.BoolFlag{

diff --git a/commands/previewPush.go b/commands/previewPush.go
@@ -12,7 +12,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/bindserial"
 	"github.com/StackExchange/dnscontrol/v4/pkg/credsfile"
-	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/nameservers"
 	"github.com/StackExchange/dnscontrol/v4/pkg/normalize"
 	"github.com/StackExchange/dnscontrol/v4/pkg/notifications"
@@ -129,17 +128,17 @@ func Push(args PushArgs) error {
 	return run(args.PreviewArgs, true, args.Interactive, printer.DefaultPrinter, &args.Report)
 }
 
+var obsoleteDiff2FlagUsed = false
+
 // run is the main routine common to preview/push
 func run(args PreviewArgs, push bool, interactive bool, out printer.CLI, report *string) error {
 	// TODO: make truly CLI independent. Perhaps return results on a channel as they occur
 
 	// This is a hack until we have the new printer replacement.
 	printer.SkinnyReport = !args.Full
 
-	if diff2.EnableDiff2 {
-		printer.Println("INFO: Diff2 algorithm in use. Welcome to the future!")
-	} else {
-		printer.Println("WARNING: Diff1 algorithm in use. Please upgrade to diff2 (`dnscontrol --diff2=true preview`) as diff1 will go away after 2023-07-05. See https://github.com/StackExchange/dnscontrol/issues/2262")
+	if obsoleteDiff2FlagUsed {
+		printer.Println("WARNING: Please remove obsolete --diff2 flag. This will be an error in v5 or later. See https://github.com/StackExchange/dnscontrol/issues/2262")
 	}
 
 	cfg, err := GetDNSConfig(args.GetDNSConfigArgs)
@@ -237,15 +236,13 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI, report
 				}
 
 				reports, corrections, err := zonerecs.CorrectZoneRecords(provider.Driver, domain)
-				printReports(domain.Name, provider.Name, reports, out, push, notifier)
 				out.EndProvider(provider.Name, len(corrections), err)
 				if err != nil {
 					anyErrors = true
 					return
 				}
 				totalCorrections += len(corrections)
-				// When diff1 goes away, the call to printReports() should be moved to HERE.
-				//printReports(domain.Name, provider.Name, reports, out, push, notifier)
+				printReports(domain.Name, provider.Name, reports, out, push, notifier)
 				reportItems = append(reportItems, ReportItem{
 					Domain:      domain.Name,
 					Corrections: len(corrections),

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
@@ -1245,85 +1245,7 @@ declare function IGNORE(labelSpec: string, typeSpec?: string, targetSpec?: strin
 /**
  * `IGNORE_NAME(a)` is the same as `IGNORE(a, "*", "*")`.
  *
- * ## Legacy mode ("diff1")
- *
- * When `--diff2=false` is used to revert to the old "diff1" algorithm, `IGNORE_NAME()` behaves as follows:
- *
- * WARNING: The `IGNORE_*` family  of functions is risky to use. The code
- * is brittle and has subtle bugs. Use at your own risk. Do not use these
- * commands with `D_EXTEND()`.
- *
- * `IGNORE_NAME` can be used to ignore some records present in zone.
- * Records of that name will be completely ignored. An optional `rTypes` may be specified as a comma separated list to only ignore records of the given type, e.g. `"A"`, `"A,CNAME"`, `"A, MX, CNAME"`. If `rTypes` is omitted or is `"*"` all record types matching the name will be ignored.
- *
- * `IGNORE_NAME` is like `NO_PURGE` except it acts only on some specific records instead of the whole zone.
- *
- * Technically `IGNORE_NAME` is a promise that DNSControl will not add, change, or delete records at a given label.  This permits another entity to "own" that label.
- *
- * `IGNORE_NAME` is generally used in very specific situations:
- *
- * * Some records are managed by some other system and DNSControl is only used to manage some records and/or keep them updated. For example a DNS `A` record that is managed by a dynamic DNS client, or by Kubernetes External DNS, but DNSControl is used to manage the rest of the zone. In this case we don't want DNSControl to try to delete the externally managed record.
- * * To work-around a pseudo record type that is not supported by DNSControl. For example some providers have a fake DNS record type called "URL" which creates a redirect. DNSControl normally deletes these records because it doesn't understand them. `IGNORE_NAME` will leave those records alone.
- *
- * In this example, DNSControl will insert/update the "baz.example.com" record but will leave unchanged the "foo.example.com" and "bar.example.com" ones.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   IGNORE_NAME("foo"), // ignore all record types for name foo
- *   IGNORE_NAME("baz", "*"), // ignore all record types for name baz
- *   IGNORE_NAME("bar", "A,MX"), // ignore only A and MX records for name bar
- *   CNAME("bar", "www"), // CNAME is not ignored
- *   A("baz", "1.2.3.4")
- * );
- * ```
- *
- * `IGNORE_NAME` also supports glob patterns in the style of the [gobwas/glob](https://github.com/gobwas/glob) library. All of
- * the following patterns will work:
- *
- * * `IGNORE_NAME("*.foo")` will ignore all records in the style of `bar.foo`, but will not ignore records using a double
- * subdomain, such as `foo.bar.foo`.
- * * `IGNORE_NAME("**.foo")` will ignore all subdomains of `foo`, including double subdomains.
- * * `IGNORE_NAME("?oo")` will ignore all records of three symbols ending in `oo`, for example `foo` and `zoo`. It will
- * not match `.`
- * * `IGNORE_NAME("[abc]oo")` will ignore records `aoo`, `boo` and `coo`. `IGNORE_NAME("[a-c]oo")` is equivalent.
- * * `IGNORE_NAME("[!abc]oo")` will ignore all three symbol records ending in `oo`, except for `aoo`, `boo`, `coo`. `IGNORE_NAME("[!a-c]oo")` is equivalent.
- * * `IGNORE_NAME("{bar,[fz]oo}")` will ignore `bar`, `foo` and `zoo`.
- * * `IGNORE_NAME("\\*.foo")` will ignore the literal record `*.foo`.
- *
- * # Caveats
- *
- * It is considered as an error to try to manage an ignored record.
- * Ignoring a label is a promise that DNSControl won't meddle with
- * anything at a particular label, therefore DNSControl prevents you from
- * adding records at a label that is `IGNORE_NAME`'ed.
- *
- * Use `IGNORE_NAME("@")` to ignore at the domain's apex. Most providers
- * insert magic or unchangeable records at the domain's apex; usually `NS`
- * and `SOA` records.  DNSControl treats them specially.
- *
- * # Errors
- *
- * * `trying to update/add IGNORE_NAME'd record: foo CNAME`
- *
- * This means you have both ignored `foo` and included a record (in this
- * case, a CNAME) to update it.  This is an error because `IGNORE_NAME`
- * is a promise not to modify records at a certain label so that others
- * may have free reign there.  Therefore, DNSControl prevents you from
- * modifying that label.
- *
- * The `foo CNAME` at the end of the message indicates the label name
- * (`foo`) and the type of record (`CNAME`) that your dnsconfig.js file
- * is trying to insert.
- *
- * You can override this error by adding the
- * `IGNORE_NAME_DISABLE_SAFETY_CHECK` flag to the record.
- *
- *     TXT("vpn", "this thing", IGNORE_NAME_DISABLE_SAFETY_CHECK)
- *
- * Disabling this safety check creates two risks:
- *
- * 1. Two owners (DNSControl and some other entity) toggling a record between two settings.
- * 2. The other owner wiping all records at this label, which won't be noticed until the next time DNSControl is run.
+ * `IGNORE_NAME(a, b)` is the same as `IGNORE(a, b, "*")`.
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ignore_name
  */
@@ -1334,40 +1256,6 @@ declare function IGNORE_NAME(pattern: string, rTypes?: string): DomainModifier;
  *
  * `IGNORE_TARGET_NAME(target, rtype)` is the same as `IGNORE("*", rtype, target)`.
  *
- * ## Legacy mode ("diff1")
- *
- * When `--diff2=false` is used to revert to the old "diff1" algorithm, `IGNORE_NAME()` behaves as follows:
- *
- * WARNING: The `IGNORE_*` family  of functions is risky to use. The code
- * is brittle and has subtle bugs. Use at your own risk. Do not use these
- * commands with `D_EXTEND()` or use it at the domain apex.
- *
- * IGNORE_TARGET can be used to ignore some records present in zone based on the record's target and type. IGNORE_TARGET currently only supports CNAME record types.
- *
- * IGNORE_TARGET is like NO_PURGE except it acts only on some specific records instead of the whole zone.
- *
- * IGNORE_TARGET is generally used in very specific situations:
- *
- * * Some records are managed by some other system and DNSControl is only used to manage some records and/or keep them updated. For example a DNS record that is created by AWS Certificate Manager for validation, but DNSControl is used to manage the rest of the zone. In this case we don't want DNSControl to try to delete the externally managed record.
- *
- * In this example, DNSControl will insert/update the "baz.example.com" record but will leave unchanged a CNAME to "foo.acm-validations.aws" record.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   IGNORE_TARGET("**.acm-validations.aws.", "CNAME"),
- *   A("baz", "1.2.3.4")
- * );
- * ```
- *
- * IGNORE_TARGET also supports glob patterns in the style of the [gobwas/glob](https://github.com/gobwas/glob#example) library. Some example patterns:
- *
- * * `IGNORE_TARGET("example.com", "CNAME")` will ignore all CNAME records with targets of exactly `example.com`.
- * * `IGNORE_TARGET("*.foo", "CNAME")` will ignore all CNAME records with targets in the style of `bar.foo`, but will not ignore records with targets using a double subdomain, such as `foo.bar.foo`.
- * * `IGNORE_TARGET("**.bar", "CNAME")` will ignore all CNAME records with target subdomains of `bar`, including double subdomains such as `www.foo.bar`.
- * * `IGNORE_TARGET("dev.*.foo", "CNAME")` will ignore all CNAME records with targets in the style of `dev.bar.foo`, but will not ignore records with targets using a double subdomain, such as `dev.foo.bar.foo`.
- *
- * It is considered as an error to try to manage an ignored record.
- *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ignore_target
  */
 declare function IGNORE_TARGET(pattern: string, rType: string): DomainModifier;

diff --git a/documentation/byo-secrets.md b/documentation/byo-secrets.md
@@ -50,7 +50,7 @@ only run if they have access to the secrets they will need.
 # How it works
 
 Tests are executed if `*_DOMAIN` exists where `*` is the name of the provider.  If the value is empty or
-unset, the test is skipped.  
+unset, the test is skipped.
 For example, if a provider is called `FANCYDNS`, there must
 be a secret called `FANCYDNS_DOMAIN`.
 
@@ -79,7 +79,7 @@ The line looks something like:
 
 2. Add your providers `_DOMAIN` env variable:
 
-Add it to the `env` section of `integrtests-diff1` and again in `integrtests-diff2`.
+Add it to the `env` section of `integrtests-diff2`.
 
 For example, the entry for BIND looks like: