diff --git a/.github/workflows/golangci.yaml b/.github/workflows/golangci.yaml new file mode 100644 index 0000000..94192bb --- /dev/null +++ b/.github/workflows/golangci.yaml @@ -0,0 +1,24 @@ +--- +name: GolangCI +on: + push: + paths-ignore: + - '**.md' + pull_request: + branches: + - main + paths-ignore: + - '**.md' +jobs: + lint: + name: GolangCI + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: GolangCI + uses: golangci/golangci-lint-action@v3 + with: + version: v1.55.2 + args: --timeout=3m diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..959c8dd --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,78 @@ +--- +name: Release + +on: + push: + branches: + - main + +permissions: + contents: write + pull-requests: write + packages: write + id-token: write + +env: + GO111MODULE: "on" + +jobs: + release: + runs-on: ubuntu-latest + name: Release + outputs: + release_created: ${{ steps.release.outputs.release_created }} + tag_name: ${{ steps.release.outputs.tag_name }} + + steps: + - uses: googleapis/release-please-action@v4 + id: release + + provider: + if: needs.release.outputs.release_created + runs-on: ubuntu-latest + name: Publish Provider + needs: + - release + strategy: + max-parallel: 4 + matrix: + go-version: [1.22.x] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: "${{ matrix.go-version }}" + + - name: Install cosign + uses: sigstore/cosign-installer@v3.5.0 + - name: Download Syft + uses: anchore/sbom-action/download-syft@v0.16.0 + + - name: Setup QEMU + uses: docker/setup-qemu-action@v3 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Release via GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + args: -p 3 release --clean --timeout 60m0s + version: latest + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CI_COMMIT_TIMESTAMP: ${{ github.event.repository.updated_at }} + CI_COMMIT_SHA: ${{ github.sha }} + CI_COMMIT_TAG: ${{ needs.release.outputs.tag_name }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..cb5fff5 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,27 @@ +--- +name: Test +on: + push: + paths-ignore: + - '**.md' + pull_request: + branches: + - main + paths-ignore: + - '**.md' +jobs: + test: + name: Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install Dependencies + env: + GOPROXY: https://proxy.golang.org,direct + run: go mod download + + - name: Test + run: make test diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml new file mode 100644 index 0000000..86c758e --- /dev/null +++ b/.github/workflows/yamllint.yaml @@ -0,0 +1,25 @@ +--- +name: YamlLint +on: + push: + paths-ignore: + - '**.md' + pull_request: + branches: + - main + paths-ignore: + - '**.md' +jobs: + lint: + name: YamlLint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Python + uses: actions/setup-python@v5 + + - name: YamlLint + run: yamllint . diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..77f3912 --- /dev/null +++ b/.gitignore @@ -0,0 +1,27 @@ +# Ignore everything +* + +# But not these files... +!/.gitignore + +!*.go +!go.sum +!go.mod + +!Makefile +!*.yaml + +!.release-please-manifest.json +!release-please-config.json +!.goreleaser.yml +!.gitleaks.toml +!.yamllint +!.golangci.toml +!Dockerfile +!CODEOWNERS +!README.md +!LICENSE +!renovate.json + +# ...even if they are in subdirectories +!*/ diff --git a/.gitleaks.toml b/.gitleaks.toml new file mode 100644 index 0000000..f1d6c06 --- /dev/null +++ b/.gitleaks.toml @@ -0,0 +1,9 @@ +title = "Gitleaks Configuration" + +[extend] +useDefault = true +[allowlist] +description = "global allow list" +paths = [ + '''README.md''','''.idea''','''.vscode''' +] diff --git a/.golangci.toml b/.golangci.toml new file mode 100644 index 0000000..fee962a --- /dev/null +++ b/.golangci.toml @@ -0,0 +1,12 @@ +[run] +timeout = "120s" + +[output] +format = "colored-line-number" + +[linters] +enable = [ + "gocyclo", "unconvert", "goimports","vetshadow", "misspell", "ineffassign","goconst", "vet", "unparam", "gofmt"] + +[issues] +exclude-use-default = false diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..7298939 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,101 @@ +--- +archives: + - id: archive + name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}" +builds: + - binary: external-dns-infoblox-webhook + env: + - CGO_ENABLED=0 + - GO111MODULE=on + goarch: + - amd64 + - arm64 + goos: + - darwin + - linux + goarm: + - "7" + ldflags: + - -X 'main.Version={{ .Tag }}' + - -X 'main.Gitsha={{ .ShortCommit }}' + main: ./cmd/webhook +source: + enabled: true +signs: + - cmd: cosign + env: + - COSIGN_EXPERIMENTAL=1 + certificate: "${artifact}.pem" + args: + - sign-blob + - --yes + - "--output-certificate=${certificate}" + - "--bundle=${signature}" + - "${artifact}" + artifacts: all + output: true +sboms: + - artifacts: archive + - id: source + artifacts: source +dockers: + - use: buildx + goos: linux + goarch: amd64 + image_templates: + - ghcr.io/absaoss/external-dns-infoblox-webhook:latest-amd64 + - ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_SHA }}-amd64 + - ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_TAG }}-amd64 + build_flag_templates: + - --pull + - --platform=linux/amd64 + - --build-arg=CI_COMMIT_TIMESTAMP="{{ .Env.CI_COMMIT_TIMESTAMP }}" + - --build-arg=CI_COMMIT_SHA="{{ .Env.CI_COMMIT_SHA }}" + - --build-arg=CI_COMMIT_TAG="{{ .Env.CI_COMMIT_TAG }}" + - use: buildx + goos: linux + goarch: arm64 + image_templates: + - ghcr.io/absaoss/external-dns-infoblox-webhook:latest-arm64 + - ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_SHA }}-arm64 + - ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_TAG }}-arm64 + build_flag_templates: + - --pull + - --platform=linux/arm64 + - --build-arg=CI_COMMIT_TIMESTAMP="{{ .Env.CI_COMMIT_TIMESTAMP }}" + - --build-arg=CI_COMMIT_SHA="{{ .Env.CI_COMMIT_SHA }}" + - --build-arg=CI_COMMIT_TAG="{{ .Env.CI_COMMIT_TAG }}" +docker_manifests: + - name_template: ghcr.io/absaoss/external-dns-infoblox-webhook:latest + image_templates: + - ghcr.io/absaoss/external-dns-infoblox-webhook:latest-amd64 + - ghcr.io/absaoss/external-dns-infoblox-webhook:latest-arm64 + - name_template: ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_SHA }} + image_templates: + - ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_SHA }}-amd64 + - ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_SHA }}-arm64 + - name_template: ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_TAG }} + image_templates: + - ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_TAG }}-amd64 + - ghcr.io/absaoss/external-dns-infoblox-webhook:{{ .Env.CI_COMMIT_TAG }}-arm64 +changelog: + skip: true + use: github + filters: + exclude: + - "^docs" + - "^chore" + groups: + - title: "New Features" + regexp: "^.*feat[(\\w)]*:+.*$" + order: 0 + - title: "Bugfixes" + regexp: "^.*fix[(\\w)]*:+.*$" + order: 10 + - title: Other Work + order: 999 +release: + disable: false + prerelease: auto +snapshot: + name_template: "{{ .Tag }}-SNAPSHOT" diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 0000000..f5b6b2a --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "0.0.0" +} diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..46aee07 --- /dev/null +++ b/.yamllint @@ -0,0 +1,34 @@ +--- +yaml-files: + - '*.yaml' + - '.yamllint' + +rules: + braces: + level: warning + max-spaces-inside: 1 + brackets: enable + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: disable + empty-lines: enable + empty-values: disable + hyphens: enable + indentation: disable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: enable + new-lines: enable + octal-values: disable + quoted-strings: disable + trailing-spaces: enable + truthy: disable + +ignore: + "**/templates/*.yaml" diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..66b32bb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,6 @@ +FROM gcr.io/distroless/static-debian12:nonroot + +USER 20000:20000 +COPY --chmod=555 external-dns-infoblox-webhook /opt/external-dns-infoblox-webhook/app + +ENTRYPOINT ["/opt/external-dns-infoblox-webhook/app"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..0863734 --- /dev/null +++ b/Makefile @@ -0,0 +1,47 @@ +SHELL := bash + +ifndef NO_COLOR +YELLOW=\033[0;33m +CYAN=\033[1;36m +RED=\033[31m +# no color +NC=\033[0m +endif + + +ARTIFACT_NAME := external-dns-infoblox-webhook + +TESTPARALLELISM := 4 + +WORKING_DIR := $(shell pwd) + +.PHONY: clean +clean:: + rm -rf $(WORKING_DIR)/bin + +.PHONY: build +build:: + go build -o $(WORKING_DIR)/bin/${ARTIFACT_NAME} ./cmd/webhook + chmod +x $(WORKING_DIR)/bin/${ARTIFACT_NAME} + +.PHONY: test +test:: + go test -v -tags=all -parallel ${TESTPARALLELISM} -timeout 2h -covermode atomic -coverprofile=covprofile ./... + +.PHONY: lint-init +lint-init: + @echo -e "\n$(CYAN)Check for lint dependencies$(NC)" + brew install golangci-lint + brew install gitleaks + brew install yamllint + +.PHONY: lint +lint: test + @echo -e "\n$(YELLOW)Running the linters$(NC)" + @echo -e "\n$(CYAN)golangci-lint$(NC)" + goimports -w ./ + golangci-lint run -c ./.golangci.toml + @echo -e "\n$(CYAN)yamllint$(NC)" + yamllint . + @echo -e "\n$(CYAN)gitleaks$(NC)" + gitleaks detect . --no-git --verbose --config=.gitleaks.toml diff --git a/README.md b/README.md new file mode 100644 index 0000000..8889caa --- /dev/null +++ b/README.md @@ -0,0 +1,29 @@ +# external-dns-infoblox-webhook + +Infoblox provider based on in-tree provider for ExternalDNS. Supported records: + +| Record Type | Status | +|-------------|------------| +| A | supported | +| CNAME | supported | +| TXT | supported | +| PTR | not tested | + + +## Quick start + +Required environment variables: + +| Environment Variable | Default value | Required | +|-----------------------------|---------------|----------| +| INFOBLOX_HOST | localhost | true | +| INFOBLOX_PORT | 443 | true | +| INFOBLOX_WAPI_USER | | true | +| INFOBLOX_WAPI_PASSWORD | | true | +| INFOBLOX_VERSION | | true | +| INFOBLOX_SSL_VERIFY | true | false | +| INFOBLOX_DRY_RUN | false | false | +| INFOBLOX_VIEW | default | false | +| INFOBLOX_MAX_RESULTS | 1500 | false | +| INFOBLOX_CREATE_PTR | false | false | +| INFOBLOX_DEFAULT_TTL | 300 | false | diff --git a/cmd/webhook/init/configuration/configuration.go b/cmd/webhook/init/configuration/configuration.go new file mode 100644 index 0000000..7d5c018 --- /dev/null +++ b/cmd/webhook/init/configuration/configuration.go @@ -0,0 +1,30 @@ +package configuration + +import ( + "time" + + "github.com/caarlos0/env/v11" + log "github.com/sirupsen/logrus" +) + +// Config struct for configuration environmental variables +type Config struct { + ServerHost string `env:"SERVER_HOST" envDefault:"0.0.0.0"` + ServerPort int `env:"SERVER_PORT" envDefault:"8888"` + ServerReadTimeout time.Duration `env:"SERVER_READ_TIMEOUT"` + ServerWriteTimeout time.Duration `env:"SERVER_WRITE_TIMEOUT"` + DomainFilter []string `env:"DOMAIN_FILTER" envDefault:""` + ExcludeDomains []string `env:"EXCLUDE_DOMAIN_FILTER" envDefault:""` + RegexDomainFilter string `env:"REGEXP_DOMAIN_FILTER" envDefault:""` + RegexDomainExclusion string `env:"REGEXP_DOMAIN_FILTER_EXCLUSION" envDefault:""` + RegexNameFilter string `env:"REGEXP_NAME_FILTER" envDefault:""` +} + +// Init sets up configuration by reading set environmental variables +func Init() Config { + cfg := Config{} + if err := env.Parse(&cfg); err != nil { + log.Fatalf("Error reading configuration from environment: %v", err) + } + return cfg +} diff --git a/cmd/webhook/init/configuration/configuration_test.go b/cmd/webhook/init/configuration/configuration_test.go new file mode 100644 index 0000000..0deff17 --- /dev/null +++ b/cmd/webhook/init/configuration/configuration_test.go @@ -0,0 +1,38 @@ +package configuration + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestInit(t *testing.T) { + t.Setenv("SERVER_READ_TIMEOUT", "1s") + t.Setenv("SERVER_WRITE_TIMEOUT", "1s") + + cfg := Init() + + assert.Equal(t, "0.0.0.0", cfg.ServerHost) + assert.Equal(t, 8888, cfg.ServerPort) + assert.Equal(t, []string(nil), cfg.DomainFilter) + assert.Equal(t, []string(nil), cfg.ExcludeDomains) + assert.Equal(t, "", cfg.RegexDomainFilter) + assert.Equal(t, "", cfg.RegexDomainExclusion) + + t.Setenv("SERVER_HOST", "testhost") + t.Setenv("SERVER_PORT", "9999") + t.Setenv("DOMAIN_FILTER", "test.com,test2.com") + t.Setenv("EXCLUDE_DOMAIN_FILTER", "exclude.com,exclude2.com") + t.Setenv("REGEXP_DOMAIN_FILTER", ".*test.*") + t.Setenv("REGEXP_DOMAIN_FILTER_EXCLUSION", ".*exclude.*") + t.Setenv("REGEXP_DOMAIN_FILTER", ".*test.*") + t.Setenv("REGEXP_DOMAIN_FILTER_EXCLUSION", ".*exclude.*") + + cfg = Init() + assert.Equal(t, "testhost", cfg.ServerHost) + assert.Equal(t, 9999, cfg.ServerPort) + assert.Equal(t, []string{"test.com", "test2.com"}, cfg.DomainFilter) + assert.Equal(t, []string{"exclude.com", "exclude2.com"}, cfg.ExcludeDomains) + assert.Equal(t, ".*test.*", cfg.RegexDomainFilter) + assert.Equal(t, ".*exclude.*", cfg.RegexDomainExclusion) +} diff --git a/cmd/webhook/init/dnsprovider/dnsprovider.go b/cmd/webhook/init/dnsprovider/dnsprovider.go new file mode 100644 index 0000000..728f40c --- /dev/null +++ b/cmd/webhook/init/dnsprovider/dnsprovider.go @@ -0,0 +1,55 @@ +package dnsprovider + +import ( + "fmt" + "regexp" + "strings" + + "github.com/AbsaOSS/external-dns-infoblox-webhook/cmd/webhook/init/configuration" + "github.com/AbsaOSS/external-dns-infoblox-webhook/internal/infoblox" + "github.com/caarlos0/env/v11" + "sigs.k8s.io/external-dns/endpoint" + "sigs.k8s.io/external-dns/provider" + + log "github.com/sirupsen/logrus" +) + +// nolint: revive +func Init(config configuration.Config) (provider.Provider, error) { + var domainFilter endpoint.DomainFilter + createMsg := "Creating infoblox provider with " + + if config.RegexDomainFilter != "" { + createMsg += fmt.Sprintf("regexp domain filter: '%s', ", config.RegexDomainFilter) + if config.RegexDomainExclusion != "" { + createMsg += fmt.Sprintf("with exclusion: '%s', ", config.RegexDomainExclusion) + } + domainFilter = endpoint.NewRegexDomainFilter( + regexp.MustCompile(config.RegexDomainFilter), + regexp.MustCompile(config.RegexDomainExclusion), + ) + } else { + if config.DomainFilter != nil && len(config.DomainFilter) > 0 { + createMsg += fmt.Sprintf("domain filter: '%s', ", strings.Join(config.DomainFilter, ",")) + } + if config.ExcludeDomains != nil && len(config.ExcludeDomains) > 0 { + createMsg += fmt.Sprintf("exclude domain filter: '%s', ", strings.Join(config.ExcludeDomains, ",")) + } + domainFilter = endpoint.NewDomainFilterWithExclusions(config.DomainFilter, config.ExcludeDomains) + } + + createMsg = strings.TrimSuffix(createMsg, ", ") + if strings.HasSuffix(createMsg, "with ") { + createMsg += "no kind of domain filters" + } + log.Info(createMsg) + + infobloxConfig := infoblox.StartupConfig{} + if err := env.Parse(&infobloxConfig); err != nil { + return nil, fmt.Errorf("reading configuration failed: %v", err) + } + infobloxConfig.FQDNRegEx = config.RegexDomainFilter + infobloxConfig.NameRegEx = config.RegexNameFilter + + return infoblox.NewInfobloxProvider(&infobloxConfig, domainFilter) +} diff --git a/cmd/webhook/init/dnsprovider/dnsprovider_test.go b/cmd/webhook/init/dnsprovider/dnsprovider_test.go new file mode 100644 index 0000000..586ca70 --- /dev/null +++ b/cmd/webhook/init/dnsprovider/dnsprovider_test.go @@ -0,0 +1,66 @@ +package dnsprovider + +import ( + "testing" + + "github.com/AbsaOSS/external-dns-infoblox-webhook/cmd/webhook/init/configuration" + + log "github.com/sirupsen/logrus" + "github.com/stretchr/testify/assert" +) + +func TestInit(t *testing.T) { + log.SetLevel(log.DebugLevel) + + cases := []struct { + name string + config configuration.Config + env map[string]string + expectedError string + }{ + { + name: "minimal config for infoblox provider", + config: configuration.Config{}, + env: map[string]string{ + "INFOBLOX_WAPI_USER": "user123", + "INFOBLOX_WAPI_PASSWORD": "password", + "INFOBLOX_VERSION": "2.7.1", + }, + }, + { + name: "domain filter config for infoblox provider", + config: configuration.Config{ + DomainFilter: []string{"domain.com"}, + ExcludeDomains: []string{"sub.domain.com"}, + }, + env: map[string]string{ + "INFOBLOX_WAPI_USER": "user123", + "INFOBLOX_WAPI_PASSWORD": "password", + "INFOBLOX_VERSION": "2.7.1", + }, + }, + { + name: "empty configuration", + config: configuration.Config{}, + expectedError: "expecting error", + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + for k, v := range tc.env { + t.Setenv(k, v) + } + + dnsProvider, err := Init(tc.config) + + if tc.expectedError != "" { + assert.Error(t, err, "configuration error, no mandatory Environment variables set") + return + } + + assert.NoErrorf(t, err, "error creating provider") + assert.NotNil(t, dnsProvider) + }) + } +} diff --git a/cmd/webhook/init/logging/log.go b/cmd/webhook/init/logging/log.go new file mode 100644 index 0000000..4cad81e --- /dev/null +++ b/cmd/webhook/init/logging/log.go @@ -0,0 +1,43 @@ +// Package logging +package logging + +import ( + "os" + "strconv" + + log "github.com/sirupsen/logrus" +) + +// Init sets up logging configuration +func Init() { + setLogLevel() + setLogFormat() +} + +func setLogFormat() { + format := os.Getenv("LOG_FORMAT") + if format == "json" { + log.SetFormatter(&log.JSONFormatter{}) + } else { + log.SetFormatter(&log.TextFormatter{}) + } +} + +func setLogLevel() { + level := os.Getenv("LOG_LEVEL") + if level == "" { + log.SetLevel(log.InfoLevel) + } else { + if levelInt, err := strconv.Atoi(level); err == nil { + log.SetLevel(log.Level(uint32(levelInt))) + } else { + levelInt, err := log.ParseLevel(level) + if err != nil { + log.SetLevel(log.InfoLevel) + log.Errorf("Invalid log level '%s', defaulting to info", level) + } else { + log.SetLevel(levelInt) + } + } + } +} diff --git a/cmd/webhook/init/server/server.go b/cmd/webhook/init/server/server.go new file mode 100644 index 0000000..7c994d7 --- /dev/null +++ b/cmd/webhook/init/server/server.go @@ -0,0 +1,66 @@ +package server + +import ( + "context" + "errors" + "fmt" + "net/http" + "os" + "os/signal" + "syscall" + "time" + + "github.com/go-chi/chi/v5" + + log "github.com/sirupsen/logrus" + + "github.com/AbsaOSS/external-dns-infoblox-webhook/cmd/webhook/init/configuration" + + "github.com/AbsaOSS/external-dns-infoblox-webhook/pkg/webhook" +) + +// Init server initialization function +// The server will respond to the following endpoints: +// - / (GET): initialization, negotiates headers and returns the domain filter +// - /records (GET): returns the current records +// - /records (POST): applies the changes +// - /adjustendpoints (POST): executes the AdjustEndpoints method +func Init(config configuration.Config, p *webhook.Webhook) *http.Server { + r := chi.NewRouter() + r.Use(webhook.Health) + r.Get("/", p.Negotiate) + r.Get("/records", p.Records) + r.Post("/records", p.ApplyChanges) + r.Post("/adjustendpoints", p.AdjustEndpoints) + + srv := createHTTPServer(fmt.Sprintf("%s:%d", config.ServerHost, config.ServerPort), r, config.ServerReadTimeout, config.ServerWriteTimeout) + go func() { + log.Infof("starting server on addr: '%s' ", srv.Addr) + if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { + log.Errorf("can't serve on addr: '%s', error: %v", srv.Addr, err) + } + }() + return srv +} + +func createHTTPServer(addr string, hand http.Handler, readTimeout, writeTimeout time.Duration) *http.Server { + return &http.Server{ + ReadTimeout: readTimeout, + WriteTimeout: writeTimeout, + Addr: addr, + Handler: hand, + } +} + +// ShutdownGracefully gracefully shutdown the http server +func ShutdownGracefully(srv *http.Server) { + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT) + sig := <-sigCh + log.Infof("shutting down server due to received signal: %v", sig) + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + if err := srv.Shutdown(ctx); err != nil { + log.Errorf("error shutting down server: %v", err) + } + cancel() +} diff --git a/cmd/webhook/init/server/server_test.go b/cmd/webhook/init/server/server_test.go new file mode 100644 index 0000000..0a4c304 --- /dev/null +++ b/cmd/webhook/init/server/server_test.go @@ -0,0 +1,545 @@ +package server + +import ( + "context" + "fmt" + "io" + "net/http" + "reflect" + "strings" + "testing" + "time" + + "github.com/AbsaOSS/external-dns-infoblox-webhook/cmd/webhook/init/configuration" + "github.com/AbsaOSS/external-dns-infoblox-webhook/pkg/webhook" + log "github.com/sirupsen/logrus" + "sigs.k8s.io/external-dns/endpoint" + "sigs.k8s.io/external-dns/plan" +) + +type testCase struct { + name string + returnRecords []*endpoint.Endpoint + returnAdjustedEndpoints []*endpoint.Endpoint + returnDomainFilter endpoint.DomainFilter + hasError error + method string + path string + headers map[string]string + body string + expectedStatusCode int + expectedResponseHeaders map[string]string + expectedBody string + expectedChanges *plan.Changes + expectedEndpointsToAdjust []*endpoint.Endpoint + log.Ext1FieldLogger +} + +var mockProvider *MockProvider + +func TestMain(m *testing.M) { + mockProvider = &MockProvider{} + + srv := Init(configuration.Init(), webhook.New(mockProvider)) + go ShutdownGracefully(srv) + + time.Sleep(300 * time.Millisecond) + + m.Run() + if err := srv.Shutdown(context.TODO()); err != nil { + panic(err) + } +} + +func TestRecords(t *testing.T) { + testCases := []testCase{ + { + name: "valid case", + returnRecords: []*endpoint.Endpoint{ + { + DNSName: "test.example.com", + Targets: []string{""}, + RecordType: "A", + RecordTTL: 3600, + Labels: map[string]string{ + "label1": "value1", + }, + }, + }, + method: http.MethodGet, + headers: map[string]string{"Accept": "application/external.dns.webhook+json;version=1"}, + path: "/records", + body: "", + expectedStatusCode: http.StatusOK, + expectedResponseHeaders: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + }, + expectedBody: "[{\"dnsName\":\"test.example.com\",\"targets\":[\"\"],\"recordType\":\"A\",\"recordTTL\":3600,\"labels\":{\"label1\":\"value1\"}}]", + }, + { + name: "no accept header", + method: http.MethodGet, + headers: map[string]string{}, + path: "/records", + body: "", + expectedStatusCode: http.StatusNotAcceptable, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "client must provide an accept header", + }, + { + name: "wrong accept header", + method: http.MethodGet, + headers: map[string]string{"Accept": "invalid"}, + path: "/records", + body: "", + expectedStatusCode: http.StatusUnsupportedMediaType, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "Client must provide a valid versioned media type in the accept header: Unsupported media type version: 'invalid'. Supported media types are: 'application/external.dns.webhook+json;version=1'", + }, + { + name: "backend error", + hasError: fmt.Errorf("backend error"), + method: http.MethodGet, + headers: map[string]string{"Accept": "application/external.dns.webhook+json;version=1"}, + path: "/records", + body: "", + expectedStatusCode: http.StatusInternalServerError, + }, + } + + executeTestCases(t, testCases) +} + +func TestApplyChanges(t *testing.T) { + testCases := []testCase{ + { + name: "valid case", + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + }, + path: "/records", + body: ` +{ + "Create": [ + { + "dnsName": "test.example.com", + "targets": ["11.11.11.11"], + "recordType": "A", + "recordTTL": 3600, + "labels": { + "label1": "value1", + "label2": "value2" + } + } + ] +}`, + expectedStatusCode: http.StatusNoContent, + expectedResponseHeaders: map[string]string{}, + expectedBody: "", + expectedChanges: &plan.Changes{ + Create: []*endpoint.Endpoint{ + { + DNSName: "test.example.com", + Targets: []string{"11.11.11.11"}, + RecordType: "A", + RecordTTL: 3600, + Labels: map[string]string{ + "label1": "value1", + "label2": "value2", + }, + }, + }, + }, + }, + { + name: "valid case with updates", + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + }, + path: "/records", + body: ` +{ + "UpdateOld": [ + { + "dnsName": "test.example.com", + "targets": ["11.11.11.11"], + "recordType": "A", + "recordTTL": 3600, + "labels": { + "label1": "value1", + "label2": "value2" + } + } + ], + "UpdateNew": [ + { + "dnsName": "test.example.com", + "targets": ["22.22.22.22"], + "recordType": "A", + "recordTTL": 3600, + "labels": { + "label1": "value1", + "label2": "value2" + } + } + ] +}`, + expectedStatusCode: http.StatusNoContent, + expectedResponseHeaders: map[string]string{}, + expectedBody: "", + expectedChanges: &plan.Changes{ + UpdateOld: []*endpoint.Endpoint{ + { + DNSName: "test.example.com", + Targets: []string{"11.11.11.11"}, + RecordType: "A", + RecordTTL: 3600, + Labels: map[string]string{ + "label1": "value1", + "label2": "value2", + }, + }, + }, + UpdateNew: []*endpoint.Endpoint{ + { + DNSName: "test.example.com", + Targets: []string{"22.22.22.22"}, + RecordType: "A", + RecordTTL: 3600, + Labels: map[string]string{ + "label1": "value1", + "label2": "value2", + }, + }, + }, + }, + }, + { + name: "no content type header", + method: http.MethodPost, + path: "/records", + body: "", + expectedStatusCode: http.StatusNotAcceptable, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "client must provide a content type", + }, + { + name: "wrong content type header", + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "invalid", + }, + path: "/records", + body: "", + expectedStatusCode: http.StatusUnsupportedMediaType, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "Client must provide a valid versioned media type in the content type: Unsupported media type version: 'invalid'. Supported media types are: 'application/external.dns.webhook+json;version=1'", + }, + { + name: "invalid json", + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + "Accept": "application/external.dns.webhook+json;version=1", + }, + path: "/records", + body: "invalid", + expectedStatusCode: http.StatusBadRequest, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "error decoding changes: invalid character 'i' looking for beginning of value", + }, + { + name: "backend error", + hasError: fmt.Errorf("backend error"), + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + "Accept": "application/external.dns.webhook+json;version=1", + }, + path: "/records", + body: ` +{ + "Create": [ + { + "dnsName": "test.example.com", + "targets": ["11.11.11.11"], + "recordType": "A", + "recordTTL": 3600, + "labels": { + "label1": "value1", + "label2": "value2" + } + } + ] +}`, + expectedStatusCode: http.StatusInternalServerError, + }, + } + + executeTestCases(t, testCases) +} + +func TestAdjustEndpoints(t *testing.T) { + testCases := []testCase{ + { + name: "happy case", + returnAdjustedEndpoints: []*endpoint.Endpoint{ + { + DNSName: "adjusted.example.com", + Targets: []string{""}, + RecordType: "A", + RecordTTL: 3600, + Labels: map[string]string{ + "label1": "value1", + }, + }, + }, + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + "Accept": "application/external.dns.webhook+json;version=1", + }, + path: "/adjustendpoints", + body: ` +[ + { + "dnsName": "toadjust.example.com", + "targets": [], + "recordType": "A", + "recordTTL": 3600, + "labels": { + "label1": "value1", + "label2": "value2" + } + } +]`, + expectedStatusCode: http.StatusOK, + expectedResponseHeaders: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + }, + expectedBody: "[{\"dnsName\":\"adjusted.example.com\",\"targets\":[\"\"],\"recordType\":\"A\",\"recordTTL\":3600,\"labels\":{\"label1\":\"value1\"}}]", + expectedEndpointsToAdjust: []*endpoint.Endpoint{ + { + DNSName: "toadjust.example.com", + Targets: []string{}, + RecordType: "A", + RecordTTL: 3600, + Labels: map[string]string{ + "label1": "value1", + "label2": "value2", + }, + }, + }, + }, + { + name: "no content type header", + method: http.MethodPost, + headers: map[string]string{ + "Accept": "application/external.dns.webhook+json;version=1", + }, + path: "/adjustendpoints", + body: "", + expectedStatusCode: http.StatusNotAcceptable, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "client must provide a content type", + }, + { + name: "wrong content type header", + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "invalid", + "Accept": "application/external.dns.webhook+json;version=1", + }, + path: "/adjustendpoints", + body: "", + expectedStatusCode: http.StatusUnsupportedMediaType, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "Client must provide a valid versioned media type in the content type: Unsupported media type version: 'invalid'. Supported media types are: 'application/external.dns.webhook+json;version=1'", + }, + { + name: "no accept header", + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + }, + path: "/adjustendpoints", + body: "", + expectedStatusCode: http.StatusNotAcceptable, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "client must provide an accept header", + }, + { + name: "wrong accept header", + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + "Accept": "invalid", + }, + path: "/adjustendpoints", + body: "", + expectedStatusCode: http.StatusUnsupportedMediaType, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "Client must provide a valid versioned media type in the accept header: Unsupported media type version: 'invalid'. Supported media types are: 'application/external.dns.webhook+json;version=1'", + }, + { + name: "invalid json", + method: http.MethodPost, + headers: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + "Accept": "application/external.dns.webhook+json;version=1", + }, + path: "/adjustendpoints", + body: "invalid", + expectedStatusCode: http.StatusBadRequest, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "failed to decode request body: invalid character 'i' looking for beginning of value", + }, + } + + executeTestCases(t, testCases) +} + +func TestNegotiate(t *testing.T) { + testCases := []testCase{ + { + name: "happy case", + returnDomainFilter: endpoint.NewDomainFilter([]string{"a.de"}), + method: http.MethodGet, + headers: map[string]string{"Accept": "application/external.dns.webhook+json;version=1"}, + path: "/", + body: "", + expectedStatusCode: http.StatusOK, + expectedResponseHeaders: map[string]string{ + "Content-Type": "application/external.dns.webhook+json;version=1", + }, + expectedBody: `{"include":["a.de"]}`, + }, + { + name: "no accept header", + method: http.MethodGet, + headers: map[string]string{}, + path: "/", + body: "", + expectedStatusCode: http.StatusNotAcceptable, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "client must provide an accept header", + }, + { + name: "wrong accept header", + method: http.MethodGet, + headers: map[string]string{"Accept": "invalid"}, + path: "/", + body: "", + expectedStatusCode: http.StatusUnsupportedMediaType, + expectedResponseHeaders: map[string]string{ + "Content-Type": "text/plain", + }, + expectedBody: "Client must provide a valid versioned media type in the accept header: Unsupported media type version: 'invalid'. Supported media types are: 'application/external.dns.webhook+json;version=1'", + }, + } + + executeTestCases(t, testCases) +} + +func executeTestCases(t *testing.T, testCases []testCase) { + log.SetLevel(log.DebugLevel) + + for i, tc := range testCases { + t.Run(fmt.Sprintf("%d. %s", i+1, tc.name), func(t *testing.T) { + mockProvider.testCase = tc + mockProvider.t = t + + var bodyReader io.Reader = strings.NewReader(tc.body) + + request, err := http.NewRequest(tc.method, "http://localhost:8888"+tc.path, bodyReader) + if err != nil { + t.Error(err) + } + + for k, v := range tc.headers { + request.Header.Set(k, v) + } + + response, err := http.DefaultClient.Do(request) + if err != nil { + t.Error(err) + } + + if response.StatusCode != tc.expectedStatusCode { + t.Errorf("expected status code %d, got %d", tc.expectedStatusCode, response.StatusCode) + } + + for k, v := range tc.expectedResponseHeaders { + if response.Header.Get(k) != v { + t.Errorf("expected header '%s' with value '%s', got '%s'", k, v, response.Header.Get(k)) + } + } + + if tc.expectedBody != "" { + body, err := io.ReadAll(response.Body) + if err != nil { + t.Error(err) + } + _ = response.Body.Close() + actualTrimmedBody := strings.TrimSpace(string(body)) + if actualTrimmedBody != tc.expectedBody { + t.Errorf("expected body '%s', got '%s'", tc.expectedBody, actualTrimmedBody) + } + } + }) + } +} + +type MockProvider struct { + t *testing.T + testCase testCase +} + +func (d *MockProvider) Records(_ context.Context) ([]*endpoint.Endpoint, error) { + return d.testCase.returnRecords, d.testCase.hasError +} + +func (d *MockProvider) ApplyChanges(_ context.Context, changes *plan.Changes) error { + if d.testCase.hasError != nil { + return d.testCase.hasError + } + if !reflect.DeepEqual(changes, d.testCase.expectedChanges) { + d.t.Errorf("expected changes '%v', got '%v'", d.testCase.expectedChanges, changes) + } + return nil +} + +func (d *MockProvider) AdjustEndpoints(endpoints []*endpoint.Endpoint) ([]*endpoint.Endpoint, error) { + if !reflect.DeepEqual(endpoints, d.testCase.expectedEndpointsToAdjust) { + d.t.Errorf("expected endpoints to adjust '%v', got '%v'", d.testCase.expectedEndpointsToAdjust, endpoints) + } + return d.testCase.returnAdjustedEndpoints, nil +} + +func (d *MockProvider) GetDomainFilter() endpoint.DomainFilter { + return d.testCase.returnDomainFilter +} diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go new file mode 100644 index 0000000..276d8e1 --- /dev/null +++ b/cmd/webhook/main.go @@ -0,0 +1,46 @@ +// package main +package main + +import ( + "fmt" + + "github.com/AbsaOSS/external-dns-infoblox-webhook/cmd/webhook/init/configuration" + "github.com/AbsaOSS/external-dns-infoblox-webhook/cmd/webhook/init/dnsprovider" + "github.com/AbsaOSS/external-dns-infoblox-webhook/cmd/webhook/init/logging" + "github.com/AbsaOSS/external-dns-infoblox-webhook/cmd/webhook/init/server" + "github.com/AbsaOSS/external-dns-infoblox-webhook/pkg/webhook" + log "github.com/sirupsen/logrus" +) + +const banner = ` + +external-dns-infoblox-webhook +version: %s (%s) + _____ __________ _________ _____ + / _ \\______ \/ _____/ / _ \ + / /_\ \| | _/\_____ \ / /_\ \ +/ | \ | \/ \/ | \ +\____|__ /______ /_______ /\____|__ / + \/ \/ \/ \/ +` + +var ( + // Version - value can be overridden by ldflags + Version = "local" + Gitsha = "?" +) + +func main() { + fmt.Printf(banner, Version, Gitsha) + + logging.Init() + + config := configuration.Init() + provider, err := dnsprovider.Init(config) + if err != nil { + log.Fatalf("failed to initialize provider: %v", err) + } + + srv := server.Init(config, webhook.New(provider)) + server.ShutdownGracefully(srv) +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..0225374 --- /dev/null +++ b/go.mod @@ -0,0 +1,46 @@ +module github.com/AbsaOSS/external-dns-infoblox-webhook + +go 1.22.2 + +require ( + github.com/caarlos0/env/v11 v11.0.0 + github.com/go-chi/chi/v5 v5.0.12 + github.com/infobloxopen/infoblox-go-client/v2 v2.6.0 + github.com/miekg/dns v1.1.59 + github.com/sirupsen/logrus v1.9.3 + github.com/stretchr/testify v1.9.0 + sigs.k8s.io/external-dns v0.14.2 +) + +require ( + github.com/aws/aws-sdk-go v1.53.3 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/go-logr/logr v1.4.1 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/kr/text v0.2.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/onsi/ginkgo/v2 v2.17.3 // indirect + github.com/onsi/gomega v1.33.1 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/rogpeppe/go-internal v1.11.0 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect + golang.org/x/tools v0.20.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/apimachinery v0.30.1 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..e841171 --- /dev/null +++ b/go.sum @@ -0,0 +1,135 @@ +github.com/aws/aws-sdk-go v1.53.3 h1:xv0iGCCLdf6ZtlLPMCBjm+tU9UBLP5hXnSqnbKFYmto= +github.com/aws/aws-sdk-go v1.53.3/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/caarlos0/env/v11 v11.0.0 h1:ZIlkOjuL3xoZS0kmUJlF74j2Qj8GMOq3CDLX/Viak8Q= +github.com/caarlos0/env/v11 v11.0.0/go.mod h1:2RC3HQu8BQqtEK3V4iHPxj0jOdWdbPpWJ6pOueeU1xM= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-chi/chi/v5 v5.0.12 h1:9euLV5sTrTNTRUU9POmDUvfxyj6LAABLUcEWO+JJb4s= +github.com/go-chi/chi/v5 v5.0.12/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/infobloxopen/infoblox-go-client/v2 v2.6.0 h1:nwdGhQ5XRheGybEdUQ4cSl1Vw2UsSQKKi+HEleguQug= +github.com/infobloxopen/infoblox-go-client/v2 v2.6.0/go.mod h1:Zu7c+X0mTB6ahIYm7p9LlvfcH814ZUEP+eXGPEYLDU4= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs= +github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU= +github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ= +k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/external-dns v0.14.2 h1:j7rYtQqDAxYfN9N1/BZcRdzUBRsnZp4tZcuZ75ekTlc= +sigs.k8s.io/external-dns v0.14.2/go.mod h1:GTFER2cqUxkSpYNzzkge8USXp1wJmxqWwpdXr2lYdik= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/internal/infoblox/common.go b/internal/infoblox/common.go new file mode 100644 index 0000000..5bf2274 --- /dev/null +++ b/internal/infoblox/common.go @@ -0,0 +1,164 @@ +package infoblox + +import ( + "sort" + + ibclient "github.com/infobloxopen/infoblox-go-client/v2" + "sigs.k8s.io/external-dns/endpoint" +) + +type ResponseDetail struct { + Target string + TTL int64 +} + +type ResponseDetails []ResponseDetail + +type ResponseMap struct { + RecordType string + Map map[string]ResponseDetails +} + +func ToAResponseMap(res []ibclient.RecordA) *ResponseMap { + rm := &ResponseMap{ + Map: make(map[string]ResponseDetails), + RecordType: ibclient.ARecord, + } + for _, record := range res { + if _, ok := rm.Map[AsString(record.Name)]; !ok { + rm.Map[AsString(record.Name)] = ResponseDetails{{Target: AsString(record.Ipv4Addr), TTL: AsInt64(record.Ttl)}} + continue + } + rm.Map[AsString(record.Name)] = append(rm.Map[AsString(record.Name)], ResponseDetail{Target: AsString(record.Ipv4Addr), TTL: AsInt64(record.Ttl)}) + } + return rm +} + +func ToCNAMEResponseMap(res []ibclient.RecordCNAME) *ResponseMap { + rm := &ResponseMap{ + Map: make(map[string]ResponseDetails), + RecordType: ibclient.CnameRecord, + } + for _, record := range res { + if _, ok := rm.Map[AsString(record.Name)]; !ok { + rm.Map[AsString(record.Name)] = ResponseDetails{{Target: AsString(record.Canonical), TTL: AsInt64(record.Ttl)}} + continue + } + rm.Map[AsString(record.Name)] = append(rm.Map[AsString(record.Name)], ResponseDetail{Target: AsString(record.Canonical), TTL: AsInt64(record.Ttl)}) + } + return rm +} + +func ToTXTResponseMap(res []ibclient.RecordTXT) *ResponseMap { + rm := &ResponseMap{ + Map: make(map[string]ResponseDetails), + RecordType: ibclient.TxtRecord, + } + for _, record := range res { + if _, ok := rm.Map[AsString(record.Name)]; !ok { + rm.Map[AsString(record.Name)] = ResponseDetails{{Target: AsString(record.Text), TTL: AsInt64(record.Ttl)}} + continue + } + rm.Map[AsString(record.Name)] = append(rm.Map[AsString(record.Name)], ResponseDetail{Target: AsString(record.Text), TTL: AsInt64(record.Ttl)}) + } + return rm +} + +func ToHostResponseMap(res []ibclient.HostRecord) *ResponseMap { + rm := &ResponseMap{ + Map: make(map[string]ResponseDetails), + RecordType: ibclient.ARecord, //.HostRecordConst, + } + for _, record := range res { + rds := ResponseDetails{} + for _, ip := range record.Ipv4Addrs { + rds = append(rds, ResponseDetail{Target: AsString(ip.Ipv4Addr), TTL: AsInt64(record.Ttl)}) + } + if _, ok := rm.Map[AsString(record.Name)]; !ok { + rm.Map[AsString(record.Name)] = rds + continue + } + rm.Map[AsString(record.Name)] = append(rm.Map[AsString(record.Name)], rds...) + } + return rm +} + +// TODO: ToPTRResponseMap +//if p.createPTR { +// // infoblox doesn't accept reverse zone's fqdn, and instead expects .in-addr.arpa zone +// // so convert our zone fqdn (if it is a correct cidr block) into in-addr.arpa address and pass that into infoblox +// // example: 10.196.38.0/24 becomes 38.196.10.in-addr.arpa +// arpaZone, err := transform.ReverseDomainName(zone.Fqdn) +// if err == nil { +// var resP []ibclient.RecordPTR +// objP := ibclient.NewEmptyRecordPTR() +// objP.Zone = arpaZone +// objP.View = p.view +// err = p.client.GetObject(objP, "", searchParams, &resP) +// if err != nil && !isNotFoundError(err) { +// return nil, fmt.Errorf("could not fetch PTR records from zone '%s': %w", zone.Fqdn, err) +// } +// for _, res := range resP { +// endpoints = append(endpoints, endpoint.NewEndpointWithTTL(res.PtrdName, +// endpoint.RecordTypePTR, +// endpoint.TTL(int(res.Ttl)), +// res.Ipv4Addr, +// ), +// ) +// } +// } +//} + +func (rd ResponseDetails) ToEndpointDetail() (targets []string, ttl endpoint.TTL) { + for _, v := range rd { + targets = append(targets, v.Target) + ttl = endpoint.TTL(v.TTL) + } + return +} + +func (rm *ResponseMap) ToEndpoints() []*endpoint.Endpoint { + // TODO: PTR provider specific label records + // if p.createPTR { + // newEndpoint.WithProviderSpecific(providerSpecificInfobloxPtrRecord, "true") + // } + var endpoints []*endpoint.Endpoint + for k, v := range rm.Map { + targets, ttl := v.ToEndpointDetail() + ep := endpoint.NewEndpointWithTTL(k, rm.RecordType, ttl, targets...) + sort.Sort(ep.Targets) + endpoints = append(endpoints, ep) + } + return endpoints +} + +// TODO: update A records that have PTR record created for them already +//if p.createPTR { +// // save all ptr records into map for a quick look up +// ptrRecordsMap := make(map[string]bool) +// for _, ptrRecord := range endpoints { +// if ptrRecord.RecordType != endpoint.RecordTypePTR { +// continue +// } +// ptrRecordsMap[ptrRecord.DNSName] = true +// } +// +// for i := range endpoints { +// if endpoints[i].RecordType != endpoint.RecordTypeA { +// continue +// } +// // if PTR record already exists for A record, then mark it as such +// if ptrRecordsMap[endpoints[i].DNSName] { +// found := false +// for j := range endpoints[i].ProviderSpecific { +// if endpoints[i].ProviderSpecific[j].Name == providerSpecificInfobloxPtrRecord { +// endpoints[i].ProviderSpecific[j].Value = "true" +// found = true +// } +// } +// if !found { +// endpoints[i].WithProviderSpecific(providerSpecificInfobloxPtrRecord, "true") +// } +// } +// } +//} diff --git a/internal/infoblox/infoblox.go b/internal/infoblox/infoblox.go new file mode 100644 index 0000000..bb0fd1a --- /dev/null +++ b/internal/infoblox/infoblox.go @@ -0,0 +1,728 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package infoblox + +import ( + "context" + "fmt" + "net" + "net/http" + "os" + "reflect" + "strconv" + "strings" + + ibclient "github.com/infobloxopen/infoblox-go-client/v2" + log "github.com/sirupsen/logrus" + + "sigs.k8s.io/external-dns/endpoint" + "sigs.k8s.io/external-dns/plan" + "sigs.k8s.io/external-dns/provider" +) + +const ( + // provider specific key to track if PTR record was already created or not for A records + providerSpecificInfobloxPtrRecord = "infoblox-ptr-record-exists" + infobloxCreate = "CREATE" + infobloxDelete = "DELETE" + infobloxUpdate = "UPDATE" +) + +func isNotFoundError(err error) bool { + _, ok := err.(*ibclient.NotFoundError) + return ok +} + +type Provider struct { + provider.BaseProvider + client ibclient.IBConnector + domainFilter endpoint.DomainFilter + config *StartupConfig +} + +// StartupConfig clarifies the method signature +type StartupConfig struct { + Host string `env:"INFOBLOX_HOST,required" envDefault:"localhost"` + Port int `env:"INFOBLOX_PORT,required" envDefault:"443"` + Username string `env:"INFOBLOX_WAPI_USER,required"` + Password string `env:"INFOBLOX_WAPI_PASSWORD,required"` + Version string `env:"INFOBLOX_VERSION,required"` + SSLVerify bool `env:"INFOBLOX_SSL_VERIFY" envDefault:"true"` + DryRun bool `env:"INFOBLOX_DRY_RUN" envDefault:"false"` + View string `env:"INFOBLOX_VIEW" envDefault:"default"` + MaxResults int `env:"INFOBLOX_MAX_RESULTS" envDefault:"1500"` + CreatePTR bool `env:"INFOBLOX_CREATE_PTR" envDefault:"false"` + DefaultTTL int `env:"INFOBLOX_DEFAULT_TTL" envDefault:"300"` + FQDNRegEx string + NameRegEx string +} + +type infobloxRecordSet struct { + obj ibclient.IBObject + res interface{} +} + +// ExtendedRequestBuilder implements a HttpRequestBuilder which sets +// additional query parameter on all get requests +type ExtendedRequestBuilder struct { + fqdnRegEx string + nameRegEx string + maxResults int + ibclient.WapiRequestBuilder +} + +// NewExtendedRequestBuilder returns a ExtendedRequestBuilder which adds +// _max_results query parameter to all GET requests +func NewExtendedRequestBuilder(maxResults int, fqdnRegEx string, nameRegEx string) *ExtendedRequestBuilder { + return &ExtendedRequestBuilder{ + fqdnRegEx: fqdnRegEx, + nameRegEx: nameRegEx, + maxResults: maxResults, + } +} + +// BuildRequest prepares the api request. it uses BuildRequest of +// WapiRequestBuilder and then add the _max_requests parameter +func (mrb *ExtendedRequestBuilder) BuildRequest(t ibclient.RequestType, obj ibclient.IBObject, ref string, queryParams *ibclient.QueryParams) (req *http.Request, err error) { + req, err = mrb.WapiRequestBuilder.BuildRequest(t, obj, ref, queryParams) + if req.Method == "GET" { + query := req.URL.Query() + if mrb.maxResults > 0 { + query.Set("_max_results", strconv.Itoa(mrb.maxResults)) + } + _, zoneAuthQuery := obj.(*ibclient.ZoneAuth) + if zoneAuthQuery && t == ibclient.GET && mrb.fqdnRegEx != "" { + query.Set("fqdn~", mrb.fqdnRegEx) + } + + // if we are not doing a ZoneAuth query, support the name filter + if !zoneAuthQuery && mrb.nameRegEx != "" { + query.Set("name~", mrb.nameRegEx) + } + + req.URL.RawQuery = query.Encode() + } + return +} + +// NewInfobloxProvider creates a new Infoblox provider. +func NewInfobloxProvider(cfg *StartupConfig, domainFilter endpoint.DomainFilter) (*Provider, error) { + hostCfg := ibclient.HostConfig{ + Host: cfg.Host, + Port: strconv.Itoa(cfg.Port), + Version: cfg.Version, + } + + authCfg := ibclient.AuthConfig{ + Username: cfg.Username, + Password: cfg.Password, + } + + httpPoolConnections := lookupEnvAtoi("EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS", 10) + httpRequestTimeout := lookupEnvAtoi("EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT", 60) + + transportConfig := ibclient.NewTransportConfig( + strconv.FormatBool(cfg.SSLVerify), + httpRequestTimeout, + httpPoolConnections, + ) + + var ( + requestBuilder ibclient.HttpRequestBuilder + err error + ) + if cfg.MaxResults != 0 || cfg.FQDNRegEx != "" || cfg.NameRegEx != "" { + // use our own HttpRequestBuilder which sets _max_results parameter on GET requests + requestBuilder = NewExtendedRequestBuilder(cfg.MaxResults, cfg.FQDNRegEx, cfg.NameRegEx) + } else { + // use the default HttpRequestBuilder of the infoblox client + requestBuilder, err = ibclient.NewWapiRequestBuilder(hostCfg, authCfg) + if err != nil { + return nil, err + } + } + + requestor := &ibclient.WapiHttpRequestor{} + + client, err := ibclient.NewConnector(hostCfg, authCfg, transportConfig, requestBuilder, requestor) + if err != nil { + return nil, err + } + + provider := &Provider{ + client: client, + domainFilter: domainFilter, + config: cfg, + } + + return provider, nil +} + +func recordQueryParams(zone string, view string) *ibclient.QueryParams { + searchFields := map[string]string{} + if zone != "" { + searchFields["zone"] = zone + } + + if view != "" { + searchFields["view"] = view + } + return ibclient.NewQueryParams(false, searchFields) +} + +// Records gets the current records. +func (p *Provider) Records(_ context.Context) (endpoints []*endpoint.Endpoint, err error) { + zones, err := p.zones() + if err != nil { + return nil, fmt.Errorf("could not fetch zones: %w", err) + } + + for _, zone := range zones { + log.Debugf("fetch records from zone '%s'", zone.Fqdn) + searchParams := recordQueryParams(zone.Fqdn, p.config.View) + var resA []ibclient.RecordA + objA := ibclient.NewEmptyRecordA() + objA.View = p.config.View + objA.Zone = zone.Fqdn + err = p.client.GetObject(objA, "", searchParams, &resA) + if err != nil && !isNotFoundError(err) { + return nil, fmt.Errorf("could not fetch A records from zone '%s': %w", zone.Fqdn, err) + } + endpointsA := ToAResponseMap(resA).ToEndpoints() + endpoints = append(endpoints, endpointsA...) + + // Include Host records since they should be treated synonymously with A records + var resH []ibclient.HostRecord + objH := ibclient.NewEmptyHostRecord() + objH.View = &p.config.View + objH.Zone = zone.Fqdn + err = p.client.GetObject(objH, "", searchParams, &resH) + if err != nil && !isNotFoundError(err) { + return nil, fmt.Errorf("could not fetch host records from zone '%s': %w", zone.Fqdn, err) + } + endpointsHost := ToHostResponseMap(resH).ToEndpoints() + endpoints = append(endpoints, endpointsHost...) + + var resC []ibclient.RecordCNAME + objC := ibclient.NewEmptyRecordCNAME() + objC.View = &p.config.View + objC.Zone = zone.Fqdn + err = p.client.GetObject(objC, "", searchParams, &resC) + if err != nil && !isNotFoundError(err) { + return nil, fmt.Errorf("could not fetch CNAME records from zone '%s': %w", zone.Fqdn, err) + } + endpointsCNAME := ToCNAMEResponseMap(resC).ToEndpoints() + endpoints = append(endpoints, endpointsCNAME...) + + var resT []ibclient.RecordTXT + objT := ibclient.NewEmptyRecordTXT() + objT.View = &p.config.View + objT.Zone = zone.Fqdn + err = p.client.GetObject(objT, "", searchParams, &resT) + if err != nil && !isNotFoundError(err) { + return nil, fmt.Errorf("could not fetch TXT records from zone '%s': %w", zone.Fqdn, err) + } + endpointsTXT := ToTXTResponseMap(resT).ToEndpoints() + endpoints = append(endpoints, endpointsTXT...) + } + + log.Debugf("fetched %d records from infoblox", len(endpoints)) + return endpoints, nil +} + +func (p *Provider) AdjustEndpoints(endpoints []*endpoint.Endpoint) ([]*endpoint.Endpoint, error) { + // Update user specified TTL (0 == disabled) + for _, ep := range endpoints { + if !ep.RecordTTL.IsConfigured() { + ep.RecordTTL = endpoint.TTL(p.config.DefaultTTL) + } + } + + if !p.config.CreatePTR { + return endpoints, nil + } + + // for all A records, we want to create PTR records + // so add provider specific property to track if the record was created or not + for i := range endpoints { + if endpoints[i].RecordType == endpoint.RecordTypeA { + found := false + for j := range endpoints[i].ProviderSpecific { + if endpoints[i].ProviderSpecific[j].Name == providerSpecificInfobloxPtrRecord { + endpoints[i].ProviderSpecific[j].Value = "true" + found = true + } + } + if !found { + endpoints[i].WithProviderSpecific(providerSpecificInfobloxPtrRecord, "true") + } + } + } + + return endpoints, nil +} + +func newIBChanges(action string, eps []*endpoint.Endpoint) []*infobloxChange { + changes := make([]*infobloxChange, 0, len(eps)) + for _, ep := range eps { + for _, target := range ep.Targets { + newEp := ep.DeepCopy() + newEp.Targets = endpoint.Targets{target} + changes = append(changes, &infobloxChange{ + Action: action, + Endpoint: newEp, + }) + } + } + + return changes +} + +func zonePointerConverter(in []ibclient.ZoneAuth) []*ibclient.ZoneAuth { + out := make([]*ibclient.ZoneAuth, len(in)) + for i := range in { + out[i] = &in[i] + } + return out +} + +// submitChanges sends changes to Infoblox +func (p *Provider) submitChanges(changes []*infobloxChange) error { + // return early if there is nothing to change + if len(changes) == 0 { + return nil + } + + zones, err := p.zones() + if err != nil { + return fmt.Errorf("could not fetch zones: %w", err) + } + + changesByZone := p.ChangesByZone(zonePointerConverter(zones), changes) + for _, changes := range changesByZone { + for _, change := range changes { + record, err := p.buildRecord(change) + if err != nil { + return fmt.Errorf("could not build record: %w", err) + } + refId, logFields, err := getRefID(record) + if err != nil { + return err + } + logFields["action"] = change.Action + if p.config.DryRun { + log.WithFields(logFields).Info("Dry run: skipping..") + continue + } + log.WithFields(logFields).Info("Changing record") + switch change.Action { + case infobloxCreate: + _, err = p.client.CreateObject(record.obj) + if err != nil { + return err + } + case infobloxDelete: + _, err = p.client.DeleteObject(refId) + if err != nil { + return err + } + case infobloxUpdate: + _, err = p.client.UpdateObject(record.obj, refId) + if err != nil { + return err + } + default: + return fmt.Errorf("unknown action '%s'", change.Action) + } + } + } + + return nil +} + +func getRefID(record *infobloxRecordSet) (string, log.Fields, error) { + t := reflect.TypeOf(record.obj).Elem().Name() + l := log.Fields{ + "type": t, + } + switch t { + case "RecordA": + l["record"] = AsString(record.obj.(*ibclient.RecordA).Name) + l["ttl"] = AsInt64(record.obj.(*ibclient.RecordA).Ttl) + l["target"] = AsString(record.obj.(*ibclient.RecordA).Ipv4Addr) + for _, r := range *record.res.(*[]ibclient.RecordA) { + return r.Ref, l, nil + } + return "", l, nil + case "RecordTXT": + l["record"] = AsString(record.obj.(*ibclient.RecordTXT).Name) + l["ttl"] = AsInt64(record.obj.(*ibclient.RecordTXT).Ttl) + l["target"] = AsString(record.obj.(*ibclient.RecordTXT).Text) + for _, r := range *record.res.(*[]ibclient.RecordTXT) { + return r.Ref, l, nil + } + return "", l, nil + case "RecordCNAME": + l["record"] = AsString(record.obj.(*ibclient.RecordCNAME).Name) + l["ttl"] = AsInt64(record.obj.(*ibclient.RecordCNAME).Ttl) + l["target"] = AsString(record.obj.(*ibclient.RecordCNAME).Canonical) + for _, r := range *record.res.(*[]ibclient.RecordCNAME) { + return r.Ref, l, nil + } + return "", l, nil + case "RecordPTR": + l["record"] = AsString(record.obj.(*ibclient.RecordPTR).Name) + l["ttl"] = AsInt64(record.obj.(*ibclient.RecordPTR).Ttl) + l["target"] = AsString(record.obj.(*ibclient.RecordPTR).PtrdName) + for _, r := range *record.res.(*[]ibclient.RecordPTR) { + return r.Ref, l, nil + } + return "", l, nil + } + return "", l, fmt.Errorf("unknown type '%s'", t) +} + +// if updateNew is not part of Update Old , object should be created +// if updateOld is not part of Update New , object should be deleted +// if it is not there (TTL might change) , object should be updated +// if we rename the object , object should be deleted and created +func (p *Provider) CountDiff(changes *plan.Changes) { + + endpointsToMap := func(eps []*endpoint.Endpoint) map[string]*endpoint.Endpoint { + m := map[string]*endpoint.Endpoint{} + for _, v := range eps { + m[v.DNSName+"_"+v.RecordType] = v + } + return m + } + + targetsToMap := func(targets endpoint.Targets) map[string]bool { + m := map[string]bool{} + for _, v := range targets { + m[v] = true + } + return m + } + + cloneWithSingleTarget := func(ep *endpoint.Endpoint, target string) *endpoint.Endpoint { + clone := ep.DeepCopy() + clone.Targets = endpoint.Targets{target} + return clone + } + + removeTargetFromEndpoint := func(ep *endpoint.Endpoint, target string) { + for i, t := range ep.Targets { + if t == target { + ep.Targets = append(ep.Targets[:i], ep.Targets[i+1:]...) + break + } + } + } + + removeFromEndpointSlice := func(eps []*endpoint.Endpoint, ep *endpoint.Endpoint) []*endpoint.Endpoint { + for i, e := range eps { + if e.DNSName == ep.DNSName { + return append(eps[:i], eps[i+1:]...) + } + } + return eps + + } + + updateNewMap := endpointsToMap(changes.UpdateNew) + updateOldMap := endpointsToMap(changes.UpdateOld) + + for k, oldEp := range updateOldMap { + newEp := updateNewMap[k] + + if newEp == nil { + changes.Delete = append(changes.Delete, oldEp) + changes.UpdateOld = removeFromEndpointSlice(changes.UpdateOld, oldEp) + delete(updateOldMap, k) + } + } + + // TODO: consider if old and new can be different. If yes, then we need to handle that case + for k, newEp := range updateNewMap { + oldEp := updateOldMap[k] + + //exists in updateNew bud doesnt exists in updateOld, than create + if oldEp == nil { + changes.Create = append(changes.Create, newEp) + changes.UpdateNew = removeFromEndpointSlice(changes.UpdateNew, newEp) + continue + } + + // oldEP is found + oldTargets := targetsToMap(oldEp.Targets) + newTargets := targetsToMap(newEp.Targets) + + for target := range oldTargets { + if !newTargets[target] { + // delete + changes.Delete = append(changes.Delete, cloneWithSingleTarget(oldEp, target)) + removeTargetFromEndpoint(newEp, target) + } + } + + for target := range newTargets { + if !oldTargets[target] { + // create + changes.Create = append(changes.Create, cloneWithSingleTarget(newEp, target)) + removeTargetFromEndpoint(newEp, target) + } + } + + //for target, _ := range newTargets { + // if oldTargets[target] { + // // update + // changes.UpdateNew = append(changes.UpdateNew, cloneWithSingleTarget(newEp, target)) + // } + //} + } +} + +// ApplyChanges applies the given changes. +func (p *Provider) ApplyChanges(_ context.Context, changes *plan.Changes) error { + + p.CountDiff(changes) + + combinedChanges := make([]*infobloxChange, 0, len(changes.Create)+len(changes.UpdateNew)+len(changes.Delete)) + + combinedChanges = append(combinedChanges, newIBChanges(infobloxCreate, changes.Create)...) + combinedChanges = append(combinedChanges, newIBChanges(infobloxUpdate, changes.UpdateNew)...) + combinedChanges = append(combinedChanges, newIBChanges(infobloxDelete, changes.Delete)...) + + return p.submitChanges(combinedChanges) +} + +func (p *Provider) zones() ([]ibclient.ZoneAuth, error) { + var res, result []ibclient.ZoneAuth + obj := ibclient.NewZoneAuth( + ibclient.ZoneAuth{ + View: &p.config.View, + }, + ) + queryParams := recordQueryParams("", p.config.View) + err := p.client.GetObject(obj, "", queryParams, &res) + if err != nil && !isNotFoundError(err) { + return nil, err + } + + for _, zone := range res { + if !p.domainFilter.Match(zone.Fqdn) { + continue + } + + // + //if !p.config.ZoneIDFilter.Match(zone.Ref) { + // continue + //} + + result = append(result, zone) + } + + return result, nil +} + +type infobloxChange struct { + Action string + Endpoint *endpoint.Endpoint +} + +func (p *Provider) ChangesByZone(zones []*ibclient.ZoneAuth, changeSets []*infobloxChange) map[string][]*infobloxChange { + changes := make(map[string][]*infobloxChange) + for _, z := range zones { + changes[z.Fqdn] = []*infobloxChange{} + } + + for _, c := range changeSets { + zone := p.findZone(zones, c.Endpoint.DNSName) + if zone == nil || zone.Fqdn == "" { + log.Debugf("Skipping record %s because no hosted zone matching record DNS Name was detected", c.Endpoint.DNSName) + continue + } + changes[zone.Fqdn] = append(changes[zone.Fqdn], c) + + if p.config.CreatePTR && c.Endpoint.RecordType == endpoint.RecordTypeA { + reverseZone := p.findReverseZone(zones, c.Endpoint.Targets[0]) + if reverseZone == nil { + log.Debugf("Ignoring changes to '%s' because a suitable Infoblox DNS reverse zone was not found.", c.Endpoint.Targets) + continue + } + copyEp := *c.Endpoint + copyEp.RecordType = endpoint.RecordTypePTR + changes[reverseZone.Fqdn] = append(changes[reverseZone.Fqdn], &infobloxChange{c.Action, ©Ep}) + } + } + return changes +} + +func (p *Provider) findZone(zones []*ibclient.ZoneAuth, name string) *ibclient.ZoneAuth { + var result *ibclient.ZoneAuth + + // Go through every zone looking for the longest name (i.e. most specific) as a matching suffix + for idx := range zones { + zone := zones[idx] + if strings.HasSuffix(name, "."+zone.Fqdn) { + if result == nil || len(zone.Fqdn) > len(result.Fqdn) { + result = zone + } + } else if strings.EqualFold(name, zone.Fqdn) { + if result == nil || len(zone.Fqdn) > len(result.Fqdn) { + result = zone + } + } + } + return result +} + +func (p *Provider) findReverseZone(zones []*ibclient.ZoneAuth, name string) *ibclient.ZoneAuth { + ip := net.ParseIP(name) + networks := map[int]*ibclient.ZoneAuth{} + maxMask := 0 + + for i, zone := range zones { + _, rZoneNet, err := net.ParseCIDR(zone.Fqdn) + if err != nil { + log.WithError(err).Debugf("fqdn %s is no cidr", zone.Fqdn) + } else { + if rZoneNet.Contains(ip) { + _, mask := rZoneNet.Mask.Size() + networks[mask] = zones[i] + if mask > maxMask { + maxMask = mask + } + } + } + } + return networks[maxMask] +} + +func (p *Provider) recordSet(ep *endpoint.Endpoint, getObject bool) (recordSet infobloxRecordSet, err error) { + var ttl uint32 + if ep.RecordTTL.IsConfigured() { + ttl = uint32(ep.RecordTTL) + } + ptrToBoolTrue := true + switch ep.RecordType { + case endpoint.RecordTypeA: + var res []ibclient.RecordA + obj := ibclient.NewEmptyRecordA() + obj.Name = &ep.DNSName + // TODO: get target index + obj.Ipv4Addr = &ep.Targets[0] + obj.Ttl = &ttl + obj.UseTtl = &ptrToBoolTrue + if getObject { + queryParams := ibclient.NewQueryParams(false, map[string]string{"name": *obj.Name, "ipv4addr": *obj.Ipv4Addr}) + err = p.client.GetObject(obj, "", queryParams, &res) + if err != nil && !isNotFoundError(err) { + err = fmt.Errorf("could not fetch A record ['%s':'%s'] : %w", *obj.Name, *obj.Ipv4Addr, err) + return + } + } + recordSet = infobloxRecordSet{ + obj: obj, + res: &res, + } + case endpoint.RecordTypePTR: + var res []ibclient.RecordPTR + obj := ibclient.NewEmptyRecordPTR() + obj.PtrdName = &ep.DNSName + // TODO: get target index + obj.Ipv4Addr = &ep.Targets[0] + obj.Ttl = &ttl + obj.UseTtl = &ptrToBoolTrue + if getObject { + queryParams := ibclient.NewQueryParams(false, map[string]string{"name": *obj.PtrdName}) + err = p.client.GetObject(obj, "", queryParams, &res) + if err != nil && !isNotFoundError(err) { + return + } + } + recordSet = infobloxRecordSet{ + obj: obj, + res: &res, + } + case endpoint.RecordTypeCNAME: + var res []ibclient.RecordCNAME + obj := ibclient.NewEmptyRecordCNAME() + obj.Name = &ep.DNSName + obj.Canonical = &ep.Targets[0] + obj.Ttl = &ttl + obj.UseTtl = &ptrToBoolTrue + if getObject { + queryParams := ibclient.NewQueryParams(false, map[string]string{"name": *obj.Name}) + err = p.client.GetObject(obj, "", queryParams, &res) + if err != nil && !isNotFoundError(err) { + return + } + } + recordSet = infobloxRecordSet{ + obj: obj, + res: &res, + } + case endpoint.RecordTypeTXT: + var res []ibclient.RecordTXT + // The Infoblox API strips enclosing double quotes from TXT records lacking whitespace. + // Here we reconcile that fact by making this state match that reality. + if target, err2 := strconv.Unquote(ep.Targets[0]); err2 == nil && !strings.Contains(ep.Targets[0], " ") { + ep.Targets = endpoint.Targets{target} + } + obj := ibclient.NewEmptyRecordTXT() + obj.Text = &ep.Targets[0] + obj.Name = &ep.DNSName + obj.Ttl = &ttl + obj.UseTtl = &ptrToBoolTrue + // TODO: Zone? + if getObject { + queryParams := ibclient.NewQueryParams(false, map[string]string{"name": *obj.Name}) + err = p.client.GetObject(obj, "", queryParams, &res) + if err != nil && !isNotFoundError(err) { + return + } + } + recordSet = infobloxRecordSet{ + obj: obj, + res: &res, + } + } + return +} + +func (p *Provider) buildRecord(change *infobloxChange) (*infobloxRecordSet, error) { + rs, err := p.recordSet(change.Endpoint, !(change.Action == infobloxCreate)) + if err != nil { + return nil, err + } + return &rs, nil +} + +func lookupEnvAtoi(key string, fallback int) (i int) { + val, ok := os.LookupEnv(key) + if !ok { + i = fallback + return + } + i, err := strconv.Atoi(val) + if err != nil { + i = fallback + return + } + return +} diff --git a/internal/infoblox/infoblox_test.go b/internal/infoblox/infoblox_test.go new file mode 100644 index 0000000..25d10bd --- /dev/null +++ b/internal/infoblox/infoblox_test.go @@ -0,0 +1,1046 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package infoblox + +import ( + "bytes" + "context" + "encoding/base64" + "fmt" + "net/http" + "net/url" + "regexp" + "strings" + "testing" + + ibclient "github.com/infobloxopen/infoblox-go-client/v2" + "github.com/miekg/dns" + "github.com/stretchr/testify/assert" + + "sigs.k8s.io/external-dns/endpoint" + "sigs.k8s.io/external-dns/plan" + "sigs.k8s.io/external-dns/provider" +) + +type mockIBConnector struct { + mockInfobloxZones *[]ibclient.ZoneAuth + mockInfobloxObjects *[]ibclient.IBObject + createdEndpoints []*endpoint.Endpoint + deletedEndpoints []*endpoint.Endpoint + updatedEndpoints []*endpoint.Endpoint + getObjectRequests []*getObjectRequest + requestBuilder ExtendedRequestBuilder +} + +type getObjectRequest struct { + obj string + ref string + queryParams string + url url.URL + verified bool +} + +const ( + recordA = "record:a" + recordCname = "record:cname" + recordHost = "record:host" + recordTxt = "record:txt" + recordPtr = "record:ptr" +) + +func (req *getObjectRequest) ExpectRequestURLQueryParam(t *testing.T, name string, value string) *getObjectRequest { + if req.url.Query().Get(name) != value { + t.Errorf("Expected GetObject Request URL to contain query parameter %s=%s, Got: %v", name, value, req.url.Query()) + } + + return req +} + +func (req *getObjectRequest) ExpectNotRequestURLQueryParam(t *testing.T, name string) *getObjectRequest { + if req.url.Query().Has(name) { + t.Errorf("Expected GetObject Request URL not to contain query parameter %s, Got: %v", name, req.url.Query()) + } + + return req +} + +// nolint: unparam +func (client *mockIBConnector) verifyGetObjectRequest(t *testing.T, obj string, ref string, query *map[string]string) *getObjectRequest { + qp := "" + if query != nil { + qp = fmt.Sprint(ibclient.NewQueryParams(false, *query)) + } + + for _, req := range client.getObjectRequests { + if !req.verified && req.obj == obj && req.ref == ref && req.queryParams == qp { + req.verified = true + return req + } + } + + t.Errorf("Expected GetObject obj=%s, query=%s, ref=%s", obj, qp, ref) + return &getObjectRequest{} +} + +// verifyNoMoreGetObjectRequests will assert that all "GetObject" calls have been verified. +func (client *mockIBConnector) verifyNoMoreGetObjectRequests(t *testing.T) { + unverified := []getObjectRequest{} + for _, req := range client.getObjectRequests { + if !req.verified { + unverified = append(unverified, *req) + } + } + + if len(unverified) > 0 { + b := new(bytes.Buffer) + for _, req := range unverified { + fmt.Fprintf(b, "obj=%s, ref=%s, params=%s (url=%s)\n", req.obj, req.ref, req.queryParams, req.url.String()) + } + + t.Errorf("Unverified GetObject Requests: %v", unverified) + } +} + +func (client *mockIBConnector) CreateObject(obj ibclient.IBObject) (ref string, err error) { + switch obj.ObjectType() { + case recordA: + client.createdEndpoints = append( + client.createdEndpoints, + endpoint.NewEndpoint( + *obj.(*ibclient.RecordA).Name, + endpoint.RecordTypeA, + *obj.(*ibclient.RecordA).Ipv4Addr, + ), + ) + ref = fmt.Sprintf("%s/%s:%s/default", obj.ObjectType(), base64.StdEncoding.EncodeToString([]byte(*obj.(*ibclient.RecordA).Name)), *obj.(*ibclient.RecordA).Name) + obj.(*ibclient.RecordA).Ref = ref + case recordCname: + client.createdEndpoints = append( + client.createdEndpoints, + endpoint.NewEndpoint( + *obj.(*ibclient.RecordCNAME).Name, + endpoint.RecordTypeCNAME, + *obj.(*ibclient.RecordCNAME).Canonical, + ), + ) + ref = fmt.Sprintf("%s/%s:%s/default", obj.ObjectType(), base64.StdEncoding.EncodeToString([]byte(*obj.(*ibclient.RecordCNAME).Name)), *obj.(*ibclient.RecordCNAME).Name) + obj.(*ibclient.RecordCNAME).Ref = ref + case recordHost: + for _, i := range obj.(*ibclient.HostRecord).Ipv4Addrs { + client.createdEndpoints = append( + client.createdEndpoints, + endpoint.NewEndpoint( + *obj.(*ibclient.HostRecord).Name, + endpoint.RecordTypeA, + *i.Ipv4Addr, + ), + ) + } + ref = fmt.Sprintf("%s/%s:%s/default", obj.ObjectType(), base64.StdEncoding.EncodeToString([]byte(*obj.(*ibclient.HostRecord).Name)), *obj.(*ibclient.HostRecord).Name) + obj.(*ibclient.HostRecord).Ref = ref + case recordTxt: + client.createdEndpoints = append( + client.createdEndpoints, + endpoint.NewEndpoint( + *obj.(*ibclient.RecordTXT).Name, + endpoint.RecordTypeTXT, + *obj.(*ibclient.RecordTXT).Text, + ), + ) + obj.(*ibclient.RecordTXT).Ref = ref + ref = fmt.Sprintf("%s/%s:%s/default", obj.ObjectType(), base64.StdEncoding.EncodeToString([]byte(*obj.(*ibclient.RecordTXT).Name)), *obj.(*ibclient.RecordTXT).Name) + case recordPtr: + client.createdEndpoints = append( + client.createdEndpoints, + endpoint.NewEndpoint( + *obj.(*ibclient.RecordPTR).PtrdName, + endpoint.RecordTypePTR, + *obj.(*ibclient.RecordPTR).Ipv4Addr, + ), + ) + obj.(*ibclient.RecordPTR).Ref = ref + reverseAddr, err := dns.ReverseAddr(*obj.(*ibclient.RecordPTR).Ipv4Addr) + if err != nil { + return ref, fmt.Errorf("unable to create reverse addr from %s", *obj.(*ibclient.RecordPTR).Ipv4Addr) + } + ref = fmt.Sprintf("%s/%s:%s/default", obj.ObjectType(), base64.StdEncoding.EncodeToString([]byte(*obj.(*ibclient.RecordPTR).PtrdName)), reverseAddr) + } + *client.mockInfobloxObjects = append( + *client.mockInfobloxObjects, + obj, + ) + return ref, nil +} + +// nolint: gocyclo +func (client *mockIBConnector) GetObject(obj ibclient.IBObject, ref string, queryParams *ibclient.QueryParams, res interface{}) (err error) { + req := getObjectRequest{ + obj: obj.ObjectType(), + ref: ref, + } + if queryParams != nil { + req.queryParams = fmt.Sprint(queryParams) + } + r, _ := client.requestBuilder.BuildRequest(ibclient.GET, obj, ref, queryParams) + if r != nil { + req.url = *r.URL + } + client.getObjectRequests = append(client.getObjectRequests, &req) + switch obj.ObjectType() { + case recordA: + var result []ibclient.RecordA + for _, object := range *client.mockInfobloxObjects { + if object.ObjectType() == recordA { + if ref == object.(*ibclient.RecordA).Ref { + result = append(result, *object.(*ibclient.RecordA)) + } + if ref != "" && + ref != object.(*ibclient.RecordA).Ref { + continue + } + if AsString(obj.(*ibclient.RecordA).Name) != "" && + AsString(obj.(*ibclient.RecordA).Name) != AsString(object.(*ibclient.RecordA).Name) { + continue + } + if !strings.Contains(req.queryParams, fmt.Sprintf("ipv4addr:%s name:%s", AsString(object.(*ibclient.RecordA).Ipv4Addr), AsString(object.(*ibclient.RecordA).Name))) { + if !strings.Contains(req.queryParams, fmt.Sprintf("zone:%s", object.(*ibclient.RecordA).Zone)) { + continue + } + } + result = append(result, *object.(*ibclient.RecordA)) + } + } + *res.(*[]ibclient.RecordA) = result + case recordCname: + var result []ibclient.RecordCNAME + for _, object := range *client.mockInfobloxObjects { + if object.ObjectType() == recordCname { + if ref == object.(*ibclient.RecordCNAME).Ref { + result = append(result, *object.(*ibclient.RecordCNAME)) + } + if ref != "" && + ref != object.(*ibclient.RecordCNAME).Ref { + continue + } + if AsString(obj.(*ibclient.RecordCNAME).Name) != "" && + AsString(obj.(*ibclient.RecordCNAME).Name) != AsString(object.(*ibclient.RecordCNAME).Name) { + continue + } + if !strings.Contains(req.queryParams, fmt.Sprintf("name:%s", AsString(object.(*ibclient.RecordCNAME).Name))) { + if !strings.Contains(req.queryParams, fmt.Sprintf("zone:%s", object.(*ibclient.RecordCNAME).Zone)) { + continue + } + } + result = append(result, *object.(*ibclient.RecordCNAME)) + } + } + *res.(*[]ibclient.RecordCNAME) = result + case recordHost: + var result []ibclient.HostRecord + for _, object := range *client.mockInfobloxObjects { + if object.ObjectType() == recordHost { + if ref == object.(*ibclient.HostRecord).Ref { + result = append(result, *object.(*ibclient.HostRecord)) + } + if ref != "" && + ref != object.(*ibclient.HostRecord).Ref { + continue + } + if AsString(obj.(*ibclient.HostRecord).Name) != "" && + AsString(obj.(*ibclient.HostRecord).Name) != AsString(object.(*ibclient.HostRecord).Name) { + continue + } + if !strings.Contains(req.queryParams, fmt.Sprintf("ipv4addrs:%s name:%s", AsString(object.(*ibclient.HostRecord).Ipv4Addrs[0].Ipv4Addr), AsString(object.(*ibclient.HostRecord).Name))) { + if !strings.Contains(req.queryParams, fmt.Sprintf("zone:%s", object.(*ibclient.HostRecord).Zone)) { + continue + } + } + result = append(result, *object.(*ibclient.HostRecord)) + } + } + *res.(*[]ibclient.HostRecord) = result + case recordTxt: + var result []ibclient.RecordTXT + for _, object := range *client.mockInfobloxObjects { + if object.ObjectType() == recordTxt { + if ref == object.(*ibclient.RecordTXT).Ref { + result = append(result, *object.(*ibclient.RecordTXT)) + } + if ref != "" && + ref != object.(*ibclient.RecordTXT).Ref { + continue + } + if AsString(obj.(*ibclient.RecordTXT).Name) != "" && + AsString(obj.(*ibclient.RecordTXT).Name) != AsString(object.(*ibclient.RecordTXT).Name) { + continue + } + if !strings.Contains(req.queryParams, fmt.Sprintf("text:%s name:%s", AsString(object.(*ibclient.RecordTXT).Text), AsString(object.(*ibclient.RecordTXT).Name))) { + if !strings.Contains(req.queryParams, fmt.Sprintf("zone:%s", object.(*ibclient.RecordTXT).Zone)) { + continue + } + } + result = append(result, *object.(*ibclient.RecordTXT)) + } + } + *res.(*[]ibclient.RecordTXT) = result + case recordPtr: + var result []ibclient.RecordPTR + for _, object := range *client.mockInfobloxObjects { + if object.ObjectType() == "record:ptr" { + if ref == object.(*ibclient.RecordPTR).Ref { + result = append(result, *object.(*ibclient.RecordPTR)) + } + if ref != "" && + ref != object.(*ibclient.RecordPTR).Ref { + continue + } + if *obj.(*ibclient.RecordPTR).PtrdName != "" && + obj.(*ibclient.RecordPTR).PtrdName != object.(*ibclient.RecordPTR).PtrdName { + continue + } + // TODO: + if !strings.Contains(req.queryParams, fmt.Sprintf("ipv4addr:%s name:%s", AsString(object.(*ibclient.RecordPTR).Ipv4Addr), AsString(object.(*ibclient.RecordPTR).Name))) { + if !strings.Contains(req.queryParams, fmt.Sprintf("zone:%s", object.(*ibclient.RecordPTR).Zone)) { + continue + } + } + result = append(result, *object.(*ibclient.RecordPTR)) + } + } + *res.(*[]ibclient.RecordPTR) = result + case "zone_auth": + *res.(*[]ibclient.ZoneAuth) = *client.mockInfobloxZones + } + return +} + +func (client *mockIBConnector) DeleteObject(ref string) (refRes string, err error) { + re := regexp.MustCompile(`([^/]+)/[^:]+:([^/]+)/default`) + result := re.FindStringSubmatch(ref) + + switch result[1] { + case "record:a": + var records []ibclient.RecordA + obj := ibclient.NewEmptyRecordA() + obj.Name = &result[2] + client.GetObject(obj, ref, nil, &records) // nolint: errcheck + for _, record := range records { + client.deletedEndpoints = append( + client.deletedEndpoints, + endpoint.NewEndpoint( + *record.Name, + endpoint.RecordTypeA, + "", + ), + ) + } + case "record:cname": + var records []ibclient.RecordCNAME + obj := ibclient.NewEmptyRecordCNAME() + obj.Name = &result[2] + client.GetObject(obj, ref, nil, &records) // nolint: errcheck + for _, record := range records { + client.deletedEndpoints = append( + client.deletedEndpoints, + endpoint.NewEndpoint( + *record.Name, + endpoint.RecordTypeCNAME, + "", + ), + ) + } + case "record:host": + var records []ibclient.HostRecord + obj := ibclient.NewEmptyHostRecord() + obj.Name = &result[2] + client.GetObject(obj, ref, nil, &records) // nolint: errcheck + for _, record := range records { + client.deletedEndpoints = append( + client.deletedEndpoints, + endpoint.NewEndpoint( + *record.Name, + endpoint.RecordTypeA, + "", + ), + ) + } + case "record:txt": + var records []ibclient.RecordTXT + obj := ibclient.NewEmptyRecordTXT() + obj.Name = &result[2] + client.GetObject(obj, ref, nil, &records) // nolint: errcheck + for _, record := range records { + client.deletedEndpoints = append( + client.deletedEndpoints, + endpoint.NewEndpoint( + *record.Name, + endpoint.RecordTypeTXT, + "", + ), + ) + } + case "record:ptr": + var records []ibclient.RecordPTR + obj := ibclient.NewEmptyRecordPTR() + obj.Name = &result[2] + client.GetObject(obj, ref, nil, &records) // nolint: errcheck + for _, record := range records { + client.deletedEndpoints = append( + client.deletedEndpoints, + endpoint.NewEndpoint( + *record.PtrdName, + endpoint.RecordTypePTR, + "", + ), + ) + } + } + return "", nil +} + +func (client *mockIBConnector) UpdateObject(obj ibclient.IBObject, ref string) (refRes string, err error) { + switch obj.ObjectType() { + case "record:a": + client.updatedEndpoints = append( + client.updatedEndpoints, + endpoint.NewEndpoint( + *obj.(*ibclient.RecordA).Name, + *obj.(*ibclient.RecordA).Ipv4Addr, + endpoint.RecordTypeA, + ), + ) + case "record:cname": + client.updatedEndpoints = append( + client.updatedEndpoints, + endpoint.NewEndpoint( + *obj.(*ibclient.RecordCNAME).Name, + *obj.(*ibclient.RecordCNAME).Canonical, + endpoint.RecordTypeCNAME, + ), + ) + case "record:host": + for _, i := range obj.(*ibclient.HostRecord).Ipv4Addrs { + client.updatedEndpoints = append( + client.updatedEndpoints, + endpoint.NewEndpoint( + *obj.(*ibclient.HostRecord).Name, + *i.Ipv4Addr, + endpoint.RecordTypeA, + ), + ) + } + case "record:txt": + client.updatedEndpoints = append( + client.updatedEndpoints, + endpoint.NewEndpoint( + *obj.(*ibclient.RecordTXT).Name, + *obj.(*ibclient.RecordTXT).Text, + endpoint.RecordTypeTXT, + ), + ) + } + return "", nil +} + +func createMockInfobloxZone(fqdn string) ibclient.ZoneAuth { + return ibclient.ZoneAuth{ + Fqdn: fqdn, + } +} + +func createMockInfobloxObjectWithZone(name, recordType, value, zone string) ibclient.IBObject { + ref := fmt.Sprintf("record:%s/%s:%s/default", strings.ToLower(recordType), base64.StdEncoding.EncodeToString([]byte(name)), name) + switch recordType { + case endpoint.RecordTypeA: + obj := ibclient.NewEmptyRecordA() + obj.Name = &name + obj.Ref = ref + obj.Ipv4Addr = &value + obj.Zone = zone + return obj + case endpoint.RecordTypeCNAME: + obj := ibclient.NewEmptyRecordCNAME() + obj.Name = &name + obj.Ref = ref + obj.Canonical = &value + obj.Zone = zone + return obj + case endpoint.RecordTypeTXT: + obj := ibclient.NewEmptyRecordTXT() + obj.Name = &name + obj.Ref = ref + obj.Text = &value + obj.Zone = zone + return obj + case "HOST": + obj := ibclient.NewEmptyHostRecord() + obj.Name = &name + obj.Ref = ref + obj.Ipv4Addrs = []ibclient.HostRecordIpv4Addr{ + { + Ipv4Addr: &value, + }, + } + obj.Zone = zone + return obj + case endpoint.RecordTypePTR: + obj := ibclient.NewEmptyRecordPTR() + obj.PtrdName = &name + obj.Ref = ref + obj.Ipv4Addr = &value + obj.Zone = zone + return obj + } + + return nil +} + +func createMockInfobloxObject(name, recordType, value string) ibclient.IBObject { + ref := fmt.Sprintf("record:%s/%s:%s/default", strings.ToLower(recordType), base64.StdEncoding.EncodeToString([]byte(name)), name) + switch recordType { + case endpoint.RecordTypeA: + obj := ibclient.NewEmptyRecordA() + obj.Name = &name + obj.Ref = ref + obj.Ipv4Addr = &value + return obj + case endpoint.RecordTypeCNAME: + obj := ibclient.NewEmptyRecordCNAME() + obj.Name = &name + obj.Ref = ref + obj.Canonical = &value + return obj + case endpoint.RecordTypeTXT: + obj := ibclient.NewEmptyRecordTXT() + obj.Name = &name + obj.Ref = ref + obj.Text = &value + return obj + case "HOST": + obj := ibclient.NewEmptyHostRecord() + obj.Name = &name + obj.Ref = ref + obj.Ipv4Addrs = []ibclient.HostRecordIpv4Addr{ + { + Ipv4Addr: &value, + }, + } + return obj + case endpoint.RecordTypePTR: + obj := ibclient.NewEmptyRecordPTR() + obj.PtrdName = &name + obj.Ref = ref + obj.Ipv4Addr = &value + return obj + } + + return nil +} + +// nolint: unparam +func newInfobloxProvider(domainFilter endpoint.DomainFilter, zoneIDFilter provider.ZoneIDFilter, view string, dryRun bool, createPTR bool, client ibclient.IBConnector) *Provider { + return &Provider{ + client: client, + domainFilter: domainFilter, + config: &StartupConfig{ + DryRun: dryRun, + View: view, + CreatePTR: createPTR, + }, + } +} + +func TestInfobloxRecords(t *testing.T) { + client := mockIBConnector{ + mockInfobloxZones: &[]ibclient.ZoneAuth{ + createMockInfobloxZone("example.com"), + createMockInfobloxZone("other.com"), + }, + mockInfobloxObjects: &[]ibclient.IBObject{ + createMockInfobloxObjectWithZone("example.com", endpoint.RecordTypeA, "123.123.123.122", "example.com"), + createMockInfobloxObjectWithZone("example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default", "example.com"), + createMockInfobloxObjectWithZone("nginx.example.com", endpoint.RecordTypeA, "123.123.123.123", "example.com"), + createMockInfobloxObjectWithZone("nginx.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default", "example.com"), + createMockInfobloxObjectWithZone("whitespace.example.com", endpoint.RecordTypeA, "123.123.123.124", "example.com"), + createMockInfobloxObjectWithZone("whitespace.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=white space", "example.com"), + createMockInfobloxObjectWithZone("hack.example.com", endpoint.RecordTypeCNAME, "cerberus.infoblox.com", "example.com"), + createMockInfobloxObjectWithZone("multiple.example.com", endpoint.RecordTypeA, "123.123.123.122", "example.com"), + createMockInfobloxObjectWithZone("multiple.example.com", endpoint.RecordTypeA, "123.123.123.121", "example.com"), + createMockInfobloxObjectWithZone("multiple.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default", "example.com"), + createMockInfobloxObjectWithZone("existing.example.com", endpoint.RecordTypeA, "124.1.1.1", "example.com"), + createMockInfobloxObjectWithZone("existing.example.com", endpoint.RecordTypeA, "124.1.1.2", "example.com"), + createMockInfobloxObjectWithZone("existing.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=existing", "example.com"), + createMockInfobloxObjectWithZone("host.example.com", "HOST", "125.1.1.1", "example.com"), + }, + } + + providerCfg := newInfobloxProvider(endpoint.NewDomainFilter([]string{"example.com"}), provider.NewZoneIDFilter([]string{""}), "", true, false, &client) + actual, err := providerCfg.Records(context.Background()) + if err != nil { + t.Fatal(err) + } + expected := []*endpoint.Endpoint{ + endpoint.NewEndpoint("example.com", endpoint.RecordTypeA, "123.123.123.122"), + endpoint.NewEndpoint("example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"), + endpoint.NewEndpoint("nginx.example.com", endpoint.RecordTypeA, "123.123.123.123"), + endpoint.NewEndpoint("nginx.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"), + endpoint.NewEndpoint("whitespace.example.com", endpoint.RecordTypeA, "123.123.123.124"), + endpoint.NewEndpoint("whitespace.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=white space"), + endpoint.NewEndpoint("hack.example.com", endpoint.RecordTypeCNAME, "cerberus.infoblox.com"), + endpoint.NewEndpoint("multiple.example.com", endpoint.RecordTypeA, "123.123.123.122", "123.123.123.121"), + endpoint.NewEndpoint("multiple.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"), + endpoint.NewEndpoint("existing.example.com", endpoint.RecordTypeA, "124.1.1.1", "124.1.1.2"), + endpoint.NewEndpoint("existing.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=existing"), + endpoint.NewEndpoint("host.example.com", endpoint.RecordTypeA, "125.1.1.1"), + } + validateEndpoints(t, actual, expected) + client.verifyGetObjectRequest(t, "zone_auth", "", &map[string]string{}). + ExpectNotRequestURLQueryParam(t, "view"). + ExpectNotRequestURLQueryParam(t, "zone") + client.verifyGetObjectRequest(t, "record:a", "", &map[string]string{"zone": "example.com"}). + ExpectRequestURLQueryParam(t, "zone", "example.com") + client.verifyGetObjectRequest(t, "record:host", "", &map[string]string{"zone": "example.com"}). + ExpectRequestURLQueryParam(t, "zone", "example.com") + client.verifyGetObjectRequest(t, "record:cname", "", &map[string]string{"zone": "example.com"}). + ExpectRequestURLQueryParam(t, "zone", "example.com") + client.verifyGetObjectRequest(t, "record:txt", "", &map[string]string{"zone": "example.com"}). + ExpectRequestURLQueryParam(t, "zone", "example.com") + client.verifyNoMoreGetObjectRequests(t) +} + +func TestInfobloxRecordsWithView(t *testing.T) { + client := mockIBConnector{ + mockInfobloxZones: &[]ibclient.ZoneAuth{ + createMockInfobloxZone("foo.example.com"), + createMockInfobloxZone("bar.example.com"), + }, + mockInfobloxObjects: &[]ibclient.IBObject{ + createMockInfobloxObjectWithZone("cat.foo.example.com", endpoint.RecordTypeA, "123.123.123.122", "foo.example.com"), + createMockInfobloxObjectWithZone("dog.bar.example.com", endpoint.RecordTypeA, "123.123.123.123", "bar.example.com"), + }, + } + + providerCfg := newInfobloxProvider(endpoint.NewDomainFilter([]string{"foo.example.com", "bar.example.com"}), provider.NewZoneIDFilter([]string{""}), "Inside", true, false, &client) + actual, err := providerCfg.Records(context.Background()) + if err != nil { + t.Fatal(err) + } + expected := []*endpoint.Endpoint{ + endpoint.NewEndpoint("cat.foo.example.com", endpoint.RecordTypeA, "123.123.123.122"), + endpoint.NewEndpoint("dog.bar.example.com", endpoint.RecordTypeA, "123.123.123.123"), + } + validateEndpoints(t, actual, expected) + client.verifyGetObjectRequest(t, "zone_auth", "", &map[string]string{"view": "Inside"}). + ExpectRequestURLQueryParam(t, "view", "Inside"). + ExpectNotRequestURLQueryParam(t, "zone") + client.verifyGetObjectRequest(t, "record:a", "", &map[string]string{"zone": "foo.example.com", "view": "Inside"}). + ExpectRequestURLQueryParam(t, "zone", "foo.example.com"). + ExpectRequestURLQueryParam(t, "view", "Inside") + client.verifyGetObjectRequest(t, "record:host", "", &map[string]string{"zone": "foo.example.com", "view": "Inside"}). + ExpectRequestURLQueryParam(t, "zone", "foo.example.com"). + ExpectRequestURLQueryParam(t, "view", "Inside") + client.verifyGetObjectRequest(t, "record:cname", "", &map[string]string{"zone": "foo.example.com", "view": "Inside"}). + ExpectRequestURLQueryParam(t, "zone", "foo.example.com"). + ExpectRequestURLQueryParam(t, "view", "Inside") + client.verifyGetObjectRequest(t, "record:txt", "", &map[string]string{"zone": "foo.example.com", "view": "Inside"}). + ExpectRequestURLQueryParam(t, "zone", "foo.example.com"). + ExpectRequestURLQueryParam(t, "view", "Inside") + client.verifyGetObjectRequest(t, "record:a", "", &map[string]string{"zone": "bar.example.com", "view": "Inside"}). + ExpectRequestURLQueryParam(t, "zone", "bar.example.com"). + ExpectRequestURLQueryParam(t, "view", "Inside") + client.verifyGetObjectRequest(t, "record:host", "", &map[string]string{"zone": "bar.example.com", "view": "Inside"}). + ExpectRequestURLQueryParam(t, "zone", "bar.example.com"). + ExpectRequestURLQueryParam(t, "view", "Inside") + client.verifyGetObjectRequest(t, "record:cname", "", &map[string]string{"zone": "bar.example.com", "view": "Inside"}). + ExpectRequestURLQueryParam(t, "zone", "bar.example.com"). + ExpectRequestURLQueryParam(t, "view", "Inside") + client.verifyGetObjectRequest(t, "record:txt", "", &map[string]string{"zone": "bar.example.com", "view": "Inside"}). + ExpectRequestURLQueryParam(t, "zone", "bar.example.com"). + ExpectRequestURLQueryParam(t, "view", "Inside") + client.verifyNoMoreGetObjectRequests(t) +} + +func TestInfobloxAdjustEndpoints(t *testing.T) { + client := mockIBConnector{ + mockInfobloxZones: &[]ibclient.ZoneAuth{ + createMockInfobloxZone("example.com"), + createMockInfobloxZone("other.com"), + }, + mockInfobloxObjects: &[]ibclient.IBObject{ + createMockInfobloxObject("example.com", endpoint.RecordTypeA, "123.123.123.122"), + createMockInfobloxObject("example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"), + createMockInfobloxObject("hack.example.com", endpoint.RecordTypeCNAME, "cerberus.infoblox.com"), + createMockInfobloxObject("host.example.com", "HOST", "125.1.1.1"), + }, + } + + providerCfg := newInfobloxProvider(endpoint.NewDomainFilter([]string{"example.com"}), provider.NewZoneIDFilter([]string{""}), "", true, true, &client) + actual, err := providerCfg.Records(context.Background()) + if err != nil { + t.Fatal(err) + } + providerCfg.AdjustEndpoints(actual) // nolint: errcheck + + expected := []*endpoint.Endpoint{ + endpoint.NewEndpoint("example.com", endpoint.RecordTypeA, "123.123.123.122").WithProviderSpecific(providerSpecificInfobloxPtrRecord, "true"), + endpoint.NewEndpoint("example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"), + endpoint.NewEndpoint("hack.example.com", endpoint.RecordTypeCNAME, "cerberus.infoblox.com"), + endpoint.NewEndpoint("host.example.com", endpoint.RecordTypeA, "125.1.1.1").WithProviderSpecific(providerSpecificInfobloxPtrRecord, "true"), + } + validateEndpoints(t, actual, expected) +} + +func TestInfobloxRecordsReverse(t *testing.T) { + t.Skip() + client := mockIBConnector{ + mockInfobloxZones: &[]ibclient.ZoneAuth{ + createMockInfobloxZone("10.0.0.0/24"), + createMockInfobloxZone("10.0.1.0/24"), + }, + mockInfobloxObjects: &[]ibclient.IBObject{ + createMockInfobloxObject("example.com", endpoint.RecordTypePTR, "10.0.0.1"), + createMockInfobloxObject("example2.com", endpoint.RecordTypePTR, "10.0.0.2"), + }, + } + + providerCfg := newInfobloxProvider(endpoint.NewDomainFilter([]string{"10.0.0.0/24"}), provider.NewZoneIDFilter([]string{""}), "", true, true, &client) + actual, err := providerCfg.Records(context.Background()) + if err != nil { + t.Fatal(err) + } + expected := []*endpoint.Endpoint{ + endpoint.NewEndpoint("example.com", endpoint.RecordTypePTR, "10.0.0.1"), + endpoint.NewEndpoint("example2.com", endpoint.RecordTypePTR, "10.0.0.2"), + } + validateEndpoints(t, actual, expected) +} + +func TestInfobloxApplyChanges(t *testing.T) { + client := mockIBConnector{} + + testInfobloxApplyChangesInternal(t, false, false, &client) + + validateEndpoints(t, client.createdEndpoints, []*endpoint.Endpoint{ + endpoint.NewEndpoint("example.com", endpoint.RecordTypeA, "1.2.3.4"), + endpoint.NewEndpoint("example.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("foo.example.com", endpoint.RecordTypeA, "1.2.3.4"), + endpoint.NewEndpoint("foo.example.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("bar.example.com", endpoint.RecordTypeCNAME, "other.com"), + endpoint.NewEndpoint("bar.example.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("other.com", endpoint.RecordTypeA, "5.6.7.8"), + endpoint.NewEndpoint("other.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("new.example.com", endpoint.RecordTypeA, "111.222.111.222"), + endpoint.NewEndpoint("newcname.example.com", endpoint.RecordTypeCNAME, "other.com"), + endpoint.NewEndpoint("multiple.example.com", endpoint.RecordTypeA, "1.2.3.4,3.4.5.6,8.9.10.11"), + endpoint.NewEndpoint("multiple.example.com", endpoint.RecordTypeTXT, "tag-multiple-A-records"), + }) + + validateEndpoints(t, client.deletedEndpoints, []*endpoint.Endpoint{ + endpoint.NewEndpoint("old.example.com", endpoint.RecordTypeA, ""), + endpoint.NewEndpoint("oldcname.example.com", endpoint.RecordTypeCNAME, ""), + endpoint.NewEndpoint("deleted.example.com", endpoint.RecordTypeA, ""), + endpoint.NewEndpoint("deletedcname.example.com", endpoint.RecordTypeCNAME, ""), + }) + + validateEndpoints(t, client.updatedEndpoints, []*endpoint.Endpoint{}) +} + +func TestInfobloxApplyChangesReverse(t *testing.T) { + t.Skip() + client := mockIBConnector{} + + testInfobloxApplyChangesInternal(t, false, true, &client) + + validateEndpoints(t, client.createdEndpoints, []*endpoint.Endpoint{ + endpoint.NewEndpoint("example.com", endpoint.RecordTypeA, "1.2.3.4"), + endpoint.NewEndpoint("example.com", endpoint.RecordTypePTR, "1.2.3.4"), + endpoint.NewEndpoint("example.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("foo.example.com", endpoint.RecordTypeA, "1.2.3.4"), + endpoint.NewEndpoint("foo.example.com", endpoint.RecordTypePTR, "1.2.3.4"), + endpoint.NewEndpoint("foo.example.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("bar.example.com", endpoint.RecordTypeCNAME, "other.com"), + endpoint.NewEndpoint("bar.example.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("other.com", endpoint.RecordTypeA, "5.6.7.8"), + endpoint.NewEndpoint("other.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("new.example.com", endpoint.RecordTypeA, "111.222.111.222"), + endpoint.NewEndpoint("newcname.example.com", endpoint.RecordTypeCNAME, "other.com"), + endpoint.NewEndpoint("multiple.example.com", endpoint.RecordTypeA, "1.2.3.4,3.4.5.6,8.9.10.11"), + endpoint.NewEndpoint("multiple.example.com", endpoint.RecordTypeTXT, "tag-multiple-A-records"), + }) + + validateEndpoints(t, client.deletedEndpoints, []*endpoint.Endpoint{ + endpoint.NewEndpoint("old.example.com", endpoint.RecordTypeA, ""), + endpoint.NewEndpoint("oldcname.example.com", endpoint.RecordTypeCNAME, ""), + endpoint.NewEndpoint("deleted.example.com", endpoint.RecordTypeA, ""), + endpoint.NewEndpoint("deleted.example.com", endpoint.RecordTypePTR, ""), + endpoint.NewEndpoint("deletedcname.example.com", endpoint.RecordTypeCNAME, ""), + }) + + validateEndpoints(t, client.updatedEndpoints, []*endpoint.Endpoint{}) +} + +func TestInfobloxApplyChangesDryRun(t *testing.T) { + client := mockIBConnector{ + mockInfobloxObjects: &[]ibclient.IBObject{}, + } + + testInfobloxApplyChangesInternal(t, true, false, &client) + + validateEndpoints(t, client.createdEndpoints, []*endpoint.Endpoint{}) + + validateEndpoints(t, client.deletedEndpoints, []*endpoint.Endpoint{}) + + validateEndpoints(t, client.updatedEndpoints, []*endpoint.Endpoint{}) +} + +func testInfobloxApplyChangesInternal(t *testing.T, dryRun, createPTR bool, client ibclient.IBConnector) { + client.(*mockIBConnector).mockInfobloxZones = &[]ibclient.ZoneAuth{ + createMockInfobloxZone("example.com"), + createMockInfobloxZone("other.com"), + createMockInfobloxZone("1.2.3.0/24"), + } + client.(*mockIBConnector).mockInfobloxObjects = &[]ibclient.IBObject{ + createMockInfobloxObjectWithZone("deleted.example.com", endpoint.RecordTypeA, "121.212.121.212", "example.com"), + createMockInfobloxObjectWithZone("deleted.example.com", endpoint.RecordTypeTXT, "test-deleting-txt", "example.com"), + createMockInfobloxObjectWithZone("deleted.example.com", endpoint.RecordTypePTR, "121.212.121.212", "example.com"), + createMockInfobloxObjectWithZone("deletedcname.example.com", endpoint.RecordTypeCNAME, "other.com", "example.com"), + createMockInfobloxObjectWithZone("old.example.com", endpoint.RecordTypeA, "121.212.121.212", "example.com"), + createMockInfobloxObjectWithZone("oldcname.example.com", endpoint.RecordTypeCNAME, "other.com", "example.com"), + } + + providerCfg := newInfobloxProvider( + endpoint.NewDomainFilter([]string{""}), + provider.NewZoneIDFilter([]string{""}), + "", + dryRun, + createPTR, + client, + ) + + createRecords := []*endpoint.Endpoint{ + endpoint.NewEndpoint("example.com", endpoint.RecordTypeA, "1.2.3.4"), + endpoint.NewEndpoint("example.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("foo.example.com", endpoint.RecordTypeA, "1.2.3.4"), + endpoint.NewEndpoint("foo.example.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("bar.example.com", endpoint.RecordTypeCNAME, "other.com"), + endpoint.NewEndpoint("bar.example.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("other.com", endpoint.RecordTypeA, "5.6.7.8"), + endpoint.NewEndpoint("other.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("nope.com", endpoint.RecordTypeA, "4.4.4.4"), + endpoint.NewEndpoint("nope.com", endpoint.RecordTypeTXT, "tag"), + endpoint.NewEndpoint("multiple.example.com", endpoint.RecordTypeA, "1.2.3.4,3.4.5.6,8.9.10.11"), + endpoint.NewEndpoint("multiple.example.com", endpoint.RecordTypeTXT, "tag-multiple-A-records"), + } + + updateOldRecords := []*endpoint.Endpoint{ + endpoint.NewEndpoint("old.example.com", endpoint.RecordTypeA, "121.212.121.212"), + endpoint.NewEndpoint("oldcname.example.com", endpoint.RecordTypeCNAME, "other.com"), + endpoint.NewEndpoint("old.nope.com", endpoint.RecordTypeA, "121.212.121.212"), + } + + updateNewRecords := []*endpoint.Endpoint{ + endpoint.NewEndpoint("new.example.com", endpoint.RecordTypeA, "111.222.111.222"), + endpoint.NewEndpoint("newcname.example.com", endpoint.RecordTypeCNAME, "other.com"), + endpoint.NewEndpoint("new.nope.com", endpoint.RecordTypeA, "222.111.222.111"), + } + + deleteRecords := []*endpoint.Endpoint{ + endpoint.NewEndpoint("deleted.example.com", endpoint.RecordTypeA, "121.212.121.212"), + endpoint.NewEndpoint("deletedcname.example.com", endpoint.RecordTypeCNAME, "other.com"), + endpoint.NewEndpoint("deleted.nope.com", endpoint.RecordTypeA, "222.111.222.111"), + } + + if createPTR { + deleteRecords = append(deleteRecords, endpoint.NewEndpoint("deleted.example.com", endpoint.RecordTypePTR, "121.212.121.212")) + } + + changes := &plan.Changes{ + Create: createRecords, + UpdateNew: updateNewRecords, + UpdateOld: updateOldRecords, + Delete: deleteRecords, + } + + if err := providerCfg.ApplyChanges(context.Background(), changes); err != nil { + t.Fatal(err) + } +} + +func TestInfobloxZones(t *testing.T) { + client := mockIBConnector{ + mockInfobloxZones: &[]ibclient.ZoneAuth{ + createMockInfobloxZone("example.com"), + createMockInfobloxZone("lvl1-1.example.com"), + createMockInfobloxZone("lvl2-1.lvl1-1.example.com"), + createMockInfobloxZone("1.2.3.0/24"), + }, + mockInfobloxObjects: &[]ibclient.IBObject{}, + } + + providerCfg := newInfobloxProvider(endpoint.NewDomainFilter([]string{"example.com", "1.2.3.0/24"}), provider.NewZoneIDFilter([]string{""}), "", true, false, &client) + zoneAuths, _ := providerCfg.zones() + zones := zonePointerConverter(zoneAuths) + var emptyZoneAuth *ibclient.ZoneAuth + assert.Equal(t, providerCfg.findZone(zones, "example.com").Fqdn, "example.com") + assert.Equal(t, providerCfg.findZone(zones, "nomatch-example.com"), emptyZoneAuth) + assert.Equal(t, providerCfg.findZone(zones, "nginx.example.com").Fqdn, "example.com") + assert.Equal(t, providerCfg.findZone(zones, "lvl1-1.example.com").Fqdn, "lvl1-1.example.com") + assert.Equal(t, providerCfg.findZone(zones, "lvl1-2.example.com").Fqdn, "example.com") + assert.Equal(t, providerCfg.findZone(zones, "lvl2-1.lvl1-1.example.com").Fqdn, "lvl2-1.lvl1-1.example.com") + assert.Equal(t, providerCfg.findZone(zones, "lvl2-2.lvl1-1.example.com").Fqdn, "lvl1-1.example.com") + assert.Equal(t, providerCfg.findZone(zones, "lvl2-2.lvl1-2.example.com").Fqdn, "example.com") + assert.Equal(t, providerCfg.findZone(zones, "1.2.3.0/24").Fqdn, "1.2.3.0/24") +} + +func TestInfobloxReverseZones(t *testing.T) { + client := mockIBConnector{ + mockInfobloxZones: &[]ibclient.ZoneAuth{ + createMockInfobloxZone("example.com"), + createMockInfobloxZone("1.2.3.0/24"), + createMockInfobloxZone("10.0.0.0/8"), + }, + mockInfobloxObjects: &[]ibclient.IBObject{}, + } + + providerCfg := newInfobloxProvider(endpoint.NewDomainFilter([]string{"example.com", "1.2.3.0/24", "10.0.0.0/8"}), provider.NewZoneIDFilter([]string{""}), "", true, false, &client) + zoneAuths, _ := providerCfg.zones() + zones := zonePointerConverter(zoneAuths) + var emptyZoneAuth *ibclient.ZoneAuth + assert.Equal(t, providerCfg.findReverseZone(zones, "nomatch-example.com"), emptyZoneAuth) + assert.Equal(t, providerCfg.findReverseZone(zones, "192.168.0.1"), emptyZoneAuth) + assert.Equal(t, providerCfg.findReverseZone(zones, "1.2.3.4").Fqdn, "1.2.3.0/24") + assert.Equal(t, providerCfg.findReverseZone(zones, "10.28.29.30").Fqdn, "10.0.0.0/8") +} + +func TestExtendedRequestFDQDRegExBuilder(t *testing.T) { + hostCfg := ibclient.HostConfig{ + Host: "localhost", + Port: "8080", + Version: "2.3.1", + } + + authCfg := ibclient.AuthConfig{ + Username: "user", + Password: "abcd", + } + + requestBuilder := NewExtendedRequestBuilder(0, "^staging.*test.com$", "") + requestBuilder.Init(hostCfg, authCfg) + + obj := ibclient.NewZoneAuth(ibclient.ZoneAuth{}) + + req, _ := requestBuilder.BuildRequest(ibclient.GET, obj, "", &ibclient.QueryParams{}) + + assert.True(t, req.URL.Query().Get("fqdn~") == "^staging.*test.com$") + + req, _ = requestBuilder.BuildRequest(ibclient.CREATE, obj, "", &ibclient.QueryParams{}) + + assert.True(t, req.URL.Query().Get("fqdn~") == "") +} + +func TestExtendedRequestNameRegExBuilder(t *testing.T) { + hostCfg := ibclient.HostConfig{ + Host: "localhost", + Port: "8080", + Version: "2.3.1", + } + + authCfg := ibclient.AuthConfig{ + Username: "user", + Password: "abcd", + } + + requestBuilder := NewExtendedRequestBuilder(0, "", "^staging.*test.com$") + requestBuilder.Init(hostCfg, authCfg) + + obj := ibclient.NewEmptyRecordCNAME() + + req, _ := requestBuilder.BuildRequest(ibclient.GET, obj, "", &ibclient.QueryParams{}) + + assert.True(t, req.URL.Query().Get("name~") == "^staging.*test.com$") + + req, _ = requestBuilder.BuildRequest(ibclient.CREATE, obj, "", &ibclient.QueryParams{}) + + assert.True(t, req.URL.Query().Get("name~") == "") +} + +func TestExtendedRequestMaxResultsBuilder(t *testing.T) { + hostCfg := ibclient.HostConfig{ + Host: "localhost", + Port: "8080", + Version: "2.3.1", + } + + authCfg := ibclient.AuthConfig{ + Username: "user", + Password: "abcd", + } + + requestBuilder := NewExtendedRequestBuilder(54321, "", "") + requestBuilder.Init(hostCfg, authCfg) + + obj := ibclient.NewEmptyRecordCNAME() + obj.Zone = "foo.bar.com" + + req, _ := requestBuilder.BuildRequest(ibclient.GET, obj, "", &ibclient.QueryParams{}) + + assert.True(t, req.URL.Query().Get("_max_results") == "54321") + + req, _ = requestBuilder.BuildRequest(ibclient.CREATE, obj, "", &ibclient.QueryParams{}) + + assert.True(t, req.URL.Query().Get("_max_results") == "") +} + +//func TestGetObject(t *testing.T) { +// hostCfg := ibclient.HostConfig{} +// authCfg := ibclient.AuthConfig{} +// transportConfig := ibclient.TransportConfig{} +// requestBuilder := NewExtendedRequestBuilder(1000, "mysite.com", "") +// requestor := mockRequestor{} +// client, _ := ibclient.NewConnector(hostCfg, authCfg, transportConfig, requestBuilder, &requestor) +// +// providerConfig := newInfobloxProvider(endpoint.NewDomainFilter([]string{"mysite.com"}), provider.NewZoneIDFilter([]string{""}), "", true, true, client) +// +// providerConfig.ApplyChanges(context.TODO(), &plan.Changes{ +// Delete: []*endpoint.Endpoint{ +// endpoint.NewEndpoint("deletethisrecord.mysite.com", endpoint.RecordTypeA, "1.2.3.4"), +// }, +// }) +// +// requestQuery := requestor.request.URL.Query() +// assert.True(t, requestQuery.Has("name"), "Expected the request to filter objects by name") +//} + +// Mock requestor that doesn't send request +// nolint: revive +type mockRequestor struct { // nolint: unused + request *http.Request +} + +// nolint: unused +func (r *mockRequestor) Init(ibclient.AuthConfig, ibclient.TransportConfig) {} + +// nolint: unused +func (r *mockRequestor) SendRequest(req *http.Request) (res []byte, err error) { + res = []byte("[{}]") + r.request = req + return +} + +func validateEndpoints(t *testing.T, endpoints []*endpoint.Endpoint, expected []*endpoint.Endpoint) { + assert.True(t, SameEndpoints(endpoints, expected), "actual and expected endpoints don't match. %s:%s", endpoints, expected) +} diff --git a/internal/infoblox/testutils.go b/internal/infoblox/testutils.go new file mode 100644 index 0000000..df02e38 --- /dev/null +++ b/internal/infoblox/testutils.go @@ -0,0 +1,89 @@ +package infoblox + +import ( + "fmt" + "reflect" + "sort" + + "sigs.k8s.io/external-dns/endpoint" +) + +/** test utility functions for endpoints verifications */ + +type byNames endpoint.ProviderSpecific + +func (p byNames) Len() int { return len(p) } +func (p byNames) Swap(i, j int) { p[i], p[j] = p[j], p[i] } +func (p byNames) Less(i, j int) bool { return p[i].Name < p[j].Name } + +// SameEndpoint returns true if two endpoints are same +// considers example.org. and example.org DNSName/Target as different endpoints +func SameEndpoint(a, b *endpoint.Endpoint) bool { + + dif := a.DNSName == b.DNSName && a.Targets.Same(b.Targets) && a.RecordType == b.RecordType && a.SetIdentifier == b.SetIdentifier && + a.Labels[endpoint.OwnerLabelKey] == b.Labels[endpoint.OwnerLabelKey] && a.RecordTTL == b.RecordTTL && + a.Labels[endpoint.ResourceLabelKey] == b.Labels[endpoint.ResourceLabelKey] && + a.Labels[endpoint.OwnedRecordLabelKey] == b.Labels[endpoint.OwnedRecordLabelKey] && + SameProviderSpecific(a.ProviderSpecific, b.ProviderSpecific) + + if !dif { + fmt.Println("Different endpoints:") + fmt.Println(a) + fmt.Println(b) + fmt.Println("") + fmt.Println("") + fmt.Println("") + } + + return dif +} + +// SameEndpoints compares two slices of endpoints regardless of order +// [x,y,z] == [z,x,y] +// [x,x,z] == [x,z,x] +// [x,y,y] != [x,x,y] +// [x,x,x] != [x,x,z] +func SameEndpoints(a, b []*endpoint.Endpoint) bool { + if len(a) != len(b) { + return false + } + + sa := a + sb := b + + for i := range sa { + for j := range sb { + if sa[i].DNSName == sb[j].DNSName && sa[i].RecordType == sb[j].RecordType { + // fmt.Println("found:" + sa[i].DNSName + sa[i].RecordType) + if !SameEndpoint(sa[i], sb[j]) { + return false + } + } + } + } + + return true +} + +// SameProviderSpecific verifies that two maps contain the same string/string key/value pairs +func SameProviderSpecific(a, b endpoint.ProviderSpecific) bool { + sa := a + sb := b + sort.Sort(byNames(sa)) + sort.Sort(byNames(sb)) + return reflect.DeepEqual(sa, sb) +} + +func AsString(str *string) string { + if str == nil { + return "" + } + return *str +} + +func AsInt64(i *uint32) int64 { + if i == nil { + return 0 + } + return int64(*i) +} diff --git a/pkg/webhook/mediatype.go b/pkg/webhook/mediatype.go new file mode 100644 index 0000000..3e348d5 --- /dev/null +++ b/pkg/webhook/mediatype.go @@ -0,0 +1,42 @@ +// Package webhook +package webhook + +import ( + "fmt" + "strings" +) + +const ( + mediaTypeFormat = "application/external.dns.webhook+json;" + supportedMediaVersions = "1" +) + +var mediaTypeVersion1 = mediaTypeVersion("1") + +type mediaType string + +func mediaTypeVersion(v string) mediaType { + return mediaType(mediaTypeFormat + "version=" + v) +} + +func (m mediaType) Is(headerValue string) bool { + return string(m) == headerValue +} + +func checkAndGetMediaTypeHeaderValue(value string) (string, error) { + for _, v := range strings.Split(supportedMediaVersions, ",") { + if mediaTypeVersion(v).Is(value) { + return v, nil + } + } + + supportedMediaTypesString := "" + for i, v := range strings.Split(supportedMediaVersions, ",") { + sep := "" + if i < len(supportedMediaVersions)-1 { + sep = ", " + } + supportedMediaTypesString += string(mediaTypeVersion(v)) + sep + } + return "", fmt.Errorf("Unsupported media type version: '%s'. Supported media types are: '%s'", value, supportedMediaTypesString) +} diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go new file mode 100644 index 0000000..4ecd2bc --- /dev/null +++ b/pkg/webhook/webhook.go @@ -0,0 +1,228 @@ +package webhook + +import ( + "encoding/json" + "fmt" + "net/http" + + log "github.com/sirupsen/logrus" + + "sigs.k8s.io/external-dns/endpoint" + "sigs.k8s.io/external-dns/plan" + "sigs.k8s.io/external-dns/provider" +) + +const ( + contentTypeHeader = "Content-Type" + contentTypePlaintext = "text/plain" + acceptHeader = "Accept" + varyHeader = "Vary" + healthPath = "/healthz" + logFieldRequestPath = "requestPath" + logFieldRequestMethod = "requestMethod" + logFieldError = "error" +) + +// Webhook for external dns provider +type Webhook struct { + provider provider.Provider +} + +// New creates a new instance of the Webhook +func New(provider provider.Provider) *Webhook { + p := Webhook{provider: provider} + return &p +} + +// Health handles the health request +func Health(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path == healthPath { + w.WriteHeader(http.StatusOK) + return + } + next.ServeHTTP(w, r) + }) +} + +func (p *Webhook) contentTypeHeaderCheck(w http.ResponseWriter, r *http.Request) error { + return p.headerCheck(true, w, r) +} + +func (p *Webhook) acceptHeaderCheck(w http.ResponseWriter, r *http.Request) error { + return p.headerCheck(false, w, r) +} + +func (p *Webhook) headerCheck(isContentType bool, w http.ResponseWriter, r *http.Request) error { + var header string + if isContentType { + header = r.Header.Get(contentTypeHeader) + } else { + header = r.Header.Get(acceptHeader) + } + + if len(header) == 0 { + w.Header().Set(contentTypeHeader, contentTypePlaintext) + w.WriteHeader(http.StatusNotAcceptable) + + msg := "client must provide " + if isContentType { + msg += "a content type" + } else { + msg += "an accept header" + } + err := fmt.Errorf(msg) + + _, writeErr := fmt.Fprint(w, err.Error()) + if writeErr != nil { + requestLog(r).WithField(logFieldError, writeErr).Fatalf("error writing error message to response writer") + } + return err + } + + // as we support only one media type version, we can ignore the returned value + if _, err := checkAndGetMediaTypeHeaderValue(header); err != nil { + w.Header().Set(contentTypeHeader, contentTypePlaintext) + w.WriteHeader(http.StatusUnsupportedMediaType) + + msg := "Client must provide a valid versioned media type in the " + if isContentType { + msg += "content type" + } else { + msg += "accept header" + } + + err := fmt.Errorf(msg+": %s", err.Error()) + _, writeErr := fmt.Fprint(w, err.Error()) + if writeErr != nil { + requestLog(r).WithField(logFieldError, writeErr).Fatalf("error writing error message to response writer") + } + return err + } + + return nil +} + +// Records handles the get request for records +func (p *Webhook) Records(w http.ResponseWriter, r *http.Request) { + if err := p.acceptHeaderCheck(w, r); err != nil { + requestLog(r).WithField(logFieldError, err).Error("accept header check failed") + return + } + + requestLog(r).Debug("requesting records") + ctx := r.Context() + records, err := p.provider.Records(ctx) + if err != nil { + requestLog(r).WithField(logFieldError, err).Error("error getting records") + w.WriteHeader(http.StatusInternalServerError) + return + } + + requestLog(r).Debugf("returning records count: %d", len(records)) + w.Header().Set(contentTypeHeader, string(mediaTypeVersion1)) + w.Header().Set(varyHeader, contentTypeHeader) + err = json.NewEncoder(w).Encode(records) + if err != nil { + requestLog(r).WithField(logFieldError, err).Error("error encoding records") + w.WriteHeader(http.StatusInternalServerError) + return + } +} + +// ApplyChanges handles the post request for record changes +func (p *Webhook) ApplyChanges(w http.ResponseWriter, r *http.Request) { + if err := p.contentTypeHeaderCheck(w, r); err != nil { + requestLog(r).WithField(logFieldError, err).Error("content type header check failed") + return + } + + var changes plan.Changes + ctx := r.Context() + if err := json.NewDecoder(r.Body).Decode(&changes); err != nil { + w.Header().Set(contentTypeHeader, contentTypePlaintext) + w.WriteHeader(http.StatusBadRequest) + + errMsg := fmt.Sprintf("error decoding changes: %s", err.Error()) + if _, writeError := fmt.Fprint(w, errMsg); writeError != nil { + requestLog(r).WithField(logFieldError, writeError).Fatalf("error writing error message to response writer") + } + requestLog(r).WithField(logFieldError, err).Info(errMsg) + return + } + + requestLog(r).Debugf("requesting apply changes, create: %d , updateOld: %d, updateNew: %d, delete: %d", + len(changes.Create), len(changes.UpdateOld), len(changes.UpdateNew), len(changes.Delete)) + if err := p.provider.ApplyChanges(ctx, &changes); err != nil { + w.Header().Set(contentTypeHeader, contentTypePlaintext) + w.WriteHeader(http.StatusInternalServerError) + return + } + w.WriteHeader(http.StatusNoContent) +} + +// AdjustEndpoints handles the post request for adjusting endpoints +func (p *Webhook) AdjustEndpoints(w http.ResponseWriter, r *http.Request) { + if err := p.contentTypeHeaderCheck(w, r); err != nil { + log.Errorf("content type header check failed, request method: %s, request path: %s", r.Method, r.URL.Path) + return + } + if err := p.acceptHeaderCheck(w, r); err != nil { + log.Errorf("accept header check failed, request method: %s, request path: %s", r.Method, r.URL.Path) + return + } + + var pve []*endpoint.Endpoint + if err := json.NewDecoder(r.Body).Decode(&pve); err != nil { + w.Header().Set(contentTypeHeader, contentTypePlaintext) + w.WriteHeader(http.StatusBadRequest) + + errMessage := fmt.Sprintf("failed to decode request body: %v", err) + log.Infof(errMessage+" , request method: %s, request path: %s", r.Method, r.URL.Path) + if _, writeError := fmt.Fprint(w, errMessage); writeError != nil { + requestLog(r).WithField(logFieldError, writeError).Fatalf("error writing error message to response writer") + } + return + } + + log.Debugf("requesting adjust endpoints count: %d", len(pve)) + pve, err := p.provider.AdjustEndpoints(pve) + if err != nil { + w.Header().Set(contentTypeHeader, contentTypePlaintext) + w.WriteHeader(http.StatusInternalServerError) + return + } + out, _ := json.Marshal(&pve) + + log.Debugf("return adjust endpoints response, resultEndpointCount: %d", len(pve)) + w.Header().Set(contentTypeHeader, string(mediaTypeVersion1)) + w.Header().Set(varyHeader, contentTypeHeader) + if _, writeError := fmt.Fprint(w, string(out)); writeError != nil { + requestLog(r).WithField(logFieldError, writeError).Fatalf("error writing response") + } +} + +func (p *Webhook) Negotiate(w http.ResponseWriter, r *http.Request) { + if err := p.acceptHeaderCheck(w, r); err != nil { + requestLog(r).WithField(logFieldError, err).Error("accept header check failed") + return + } + + b, err := p.provider.GetDomainFilter().MarshalJSON() + if err != nil { + log.Errorf("failed to marshal domain filter, request method: %s, request path: %s", r.Method, r.URL.Path) + w.WriteHeader(http.StatusInternalServerError) + return + } + + w.Header().Set(contentTypeHeader, string(mediaTypeVersion1)) + if _, writeError := w.Write(b); writeError != nil { + requestLog(r).WithField(logFieldError, writeError).Error("error writing response") + w.WriteHeader(http.StatusInternalServerError) + return + } +} + +func requestLog(r *http.Request) *log.Entry { + return log.WithFields(log.Fields{logFieldRequestMethod: r.Method, logFieldRequestPath: r.URL.Path}) +} diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 0000000..d9e4c0e --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,65 @@ +{ + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", + "packages": { + ".": { + "release-type": "go", + "package-name": "main", + "include-component-in-tag": false, + "changelog-path": "CHANGELOG.md", + "extra-files": [] + } + }, + "include-v-in-tag": true, + "skip-github-release": false, + "pull-request-title-pattern": "chore(release): release ${version}", + "pull-request-header": ":robot: I have created a release", + "label": "release", + "changelog-type": "default", + "changelog-sections": [ + { + "type": "feat", + "section": "Features" + }, + { + "type": "fix", + "section": "Bug Fixes" + }, + { + "type": "perf", + "section": "Performance Improvements" + }, + { + "type": "revert", + "section": "Reverts" + }, + { + "type": "chore", + "section": "Miscellaneous Chores" + }, + { + "type": "docs", + "section": "Documentation", + "hidden": true + }, + { + "type": "refactor", + "section": "Code Refactoring", + "hidden": true + }, + { + "type": "test", + "section": "Tests", + "hidden": true + }, + { + "type": "build", + "section": "Build System", + "hidden": true + }, + { + "type": "ci", + "section": "Continuous Integration", + "hidden": true + } + ] +} diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..5db72dd --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ] +}