feat(ns1): optionally identify NS1 zone by handle instead of FQDN #5750
Conversation
|
Welcome @cbertinato! |
k8s-ci-robot
added
cncf-cla: no
|
Hi @cbertinato. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
apis
k8s-ci-robot
added
ok-to-test
cbertinato
force-pushed
the
map-ns1-zone-handle
branch
from
949f0e7 to
3625a8e
Compare
k8s-ci-robot
removed
the
needs-rebase
|
@mloiseleur you got it! |
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
Could you share evidences that NS1 provider still works with and without this new flag? |
pkg/apis/externaldns/types.go
Outdated
| EmitEvents []string | ||
| ForceDefaultTargets bool | ||
| sourceWrappers map[string]bool // map of source wrappers, e.g. "targetfilter", "nat64" | ||
| // Accepts repeatable --ns1-zone-handle-map flags or a comma-separated |
There was a problem hiding this comment.
Either godoc style or none as the others.
provider/ns1/ns1.go
Outdated
| @@ -91,6 +91,11 @@ type NS1Config struct { | |||
| NS1IgnoreSSL bool | |||
| DryRun bool | |||
| MinTTLSeconds int | |||
| // Optional: map a zone FQDN (or suffix) to the NS1 zone handle/ID to use | |||
There was a problem hiding this comment.
Please godoc style or no comment
| if err != nil { | ||
| return nil, err | ||
| if lookup != strings.TrimSuffix(zone.Zone, ".") { | ||
| // fallback to FQDN lookup if override missed |
There was a problem hiding this comment.
I think we should better fail by an error.
There was a problem hiding this comment.
Do you mean return an error instead of falling back?
| if err != nil { | ||
| return nil, err | ||
| if lookup != strings.TrimSuffix(zone.Zone, ".") { | ||
| // fallback to FQDN lookup if override missed |
There was a problem hiding this comment.
I think we should better fail by an error.
provider/ns1/ns1.go
Outdated
| if len(m) == 0 { | ||
| return map[string]string{} | ||
| } | ||
| out := make(map[string]string, len(m)) |
There was a problem hiding this comment.
I think you can drop the len hint for maps. You won't have any advantage in doing this and it is uncommon for maps to have it.
provider/ns1/ns1.go
Outdated
| for k, v := range m { | ||
| kk := strings.TrimSuffix(strings.ToLower(strings.TrimSpace(k)), ".") | ||
| vv := strings.ToLower(strings.TrimSpace(v)) | ||
| if kk != "" && vv != "" { |
There was a problem hiding this comment.
Don't you want to log anything because it looks like an error if you end up ignoring empty string.
| // otherwise return the normalized FQDN. | ||
| func (p *NS1Provider) zoneLookupKeyFor(fqdn string) string { | ||
| name := strings.TrimSuffix(strings.ToLower(strings.TrimSpace(fqdn)), ".") | ||
| bestKey := "" |
There was a problem hiding this comment.
Maybe change the name to longestMatch and you can delete the comment below.
provider/ns1/ns1.go
Outdated
| for k := range p.zoneHandleOverrides { | ||
| if name == k || strings.HasSuffix(name, "."+k) { | ||
| if len(k) > len(bestKey) { | ||
| bestKey = k // longest (most specific) match wins |
provider/ns1/ns1_test.go
Outdated
| assert.Len(t, changes["bar.com"], 1) | ||
| assert.Len(t, changes["foo.com"], 3) | ||
| } | ||
|
|
||
| // helper: build a change |
There was a problem hiding this comment.
Drop the comment because it ha no value
k8s-ci-robot
removed
the
lgtm
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@ivankatliarchuk yes, I will do. Also, I will address all feedback @szuecs. |
What does it do ?
This PR introduces the ability to explicitly override a zone FQDN with a "zone handle" for the NS1 provider, which is an organization-unique identifier for a zone in NS1.
Motivation
When a zone is created in NS1 and a zone handle is not specified, then the zone handle is the same as the zone FQDN. However, if a zone has been created with a zone handle that is different from its FQDN, then external-dns will fail to find that zone in NS1.
The functionality allows one to explicitly map an FQDN to a zone handle via flags:
and by environment variable:
If a zone handle override is not found for a given FQDN, then external-dns will default to using the FQDN to identify the zone.
More