mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2026-05-05 06:36:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Private Zone support

Browse Source 
Signed-off-by: Anders Swanson <anders.swanson@oracle.com>
This commit is contained in:
Anders Swanson 2023-10-20 10:11:05 -07:00
parent 4eb71536e1
commit 45d0abe19f
2 changed files with 81 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
provider/oci/oci.go
View File

@ -93,6 +93,9 @@ func NewOCIProvider(cfg OCIConfig, domainFilter endpoint.DomainFilter, zoneIDFil
var client ociDNSClient
var err error
var configProvider common.ConfigurationProvider
if cfg.Auth.UseInstancePrincipal && cfg.Auth.UseWorkloadIdentity {
return nil, errors.New("only one of 'useInstancePrincipal' and 'useWorkloadIdentity' may be enabled for Oracle authentication")
}
if cfg.Auth.UseWorkloadIdentity {
// OCI SDK requires specific, dynamic environment variables for workload identity.
if err := os.Setenv(auth.ResourcePrincipalVersionEnvVar, auth.ResourcePrincipalVersion2_2); err != nil {

101
provider/oci/oci_test.go
View File

@ -32,27 +32,52 @@ import (
"sigs.k8s.io/external-dns/provider"
)
type mockOCIDNSClient struct{}
type mockOCIDNSClient struct {
}
func (c *mockOCIDNSClient) ListZones(ctx context.Context, request dns.ListZonesRequest) (response dns.ListZonesResponse, err error) {
var (
zoneIdQux = "ocid1.dns-zone.oc1..123456ef0bfbb5c251b9713fd7bf8959"
zoneNameQux = "qux.com"
testPrivateZoneSummaryQux = dns.ZoneSummary{
Id: &zoneIdQux,
Name: &zoneNameQux,
}
zoneIdBaz = "ocid1.dns-zone.oc1..789012ef0bfbb5c251b9713fd7bf8959"
zoneNameBaz = "baz.com"
testPrivateZoneSummaryBaz = dns.ZoneSummary{
Id: &zoneIdBaz,
Name: &zoneNameBaz,
}
testGlobalZoneSummaryFoo = dns.ZoneSummary{
Id: common.String("ocid1.dns-zone.oc1..e1e042ef0bfbb5c251b9713fd7bf8959"),
Name: common.String("foo.com"),
}
testGlobalZoneSummaryBar = dns.ZoneSummary{
Id: common.String("ocid1.dns-zone.oc1..502aeddba262b92fd13ed7874f6f1404"),
Name: common.String("bar.com"),
}
)
func buildZoneResponseItems(scope dns.ListZonesScopeEnum, privateZones, globalZones []dns.ZoneSummary) []dns.ZoneSummary {
switch string(scope) {
case "PRIVATE":
return privateZones
case "GLOBAL":
return globalZones
default:
return append(privateZones, globalZones...)
}
}
func (c *mockOCIDNSClient) ListZones(_ context.Context, request dns.ListZonesRequest) (response dns.ListZonesResponse, err error) {
if request.Page == nil || *request.Page == "0" {
return dns.ListZonesResponse{
Items: []dns.ZoneSummary{
{
Id: common.String("ocid1.dns-zone.oc1..e1e042ef0bfbb5c251b9713fd7bf8959"),
Name: common.String("foo.com"),
},
},
Items: buildZoneResponseItems(request.Scope, []dns.ZoneSummary{testPrivateZoneSummaryBaz}, []dns.ZoneSummary{testGlobalZoneSummaryFoo}),
OpcNextPage: common.String("1"),
}, nil
}
return dns.ListZonesResponse{
Items: []dns.ZoneSummary{
{
Id: common.String("ocid1.dns-zone.oc1..502aeddba262b92fd13ed7874f6f1404"),
Name: common.String("bar.com"),
},
},
Items: buildZoneResponseItems(request.Scope, []dns.ZoneSummary{testPrivateZoneSummaryQux}, []dns.ZoneSummary{testGlobalZoneSummaryBar}),
}, nil
}
@ -193,6 +218,16 @@ hKRtDhmSdWBo3tJK12RrAe4t7CUe8gMgTvU7ExlcA3xQkseFPx9K
},
err: errors.New("initializing OCI DNS API client: can not create client, bad configuration: PEM data was not found in buffer"),
},
"invalid-auth-methods": {
config: OCIConfig{
Auth: OCIAuthConfig{
Region: "us-ashburn-1",
UseInstancePrincipal: true,
UseWorkloadIdentity: true,
},
},
err: errors.New("only one of 'useInstancePrincipal' and 'useWorkloadIdentity' may be enabled for Oracle authentication"),
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
@ -220,26 +255,45 @@ func TestOCIZones(t *testing.T) {
name string
domainFilter endpoint.DomainFilter
zoneIDFilter provider.ZoneIDFilter
zoneScope string
expected map[string]dns.ZoneSummary
}{
{
name: "AllZones",
domainFilter: endpoint.NewDomainFilter([]string{"com"}),
zoneIDFilter: provider.NewZoneIDFilter([]string{""}),
zoneScope: "",
expected: map[string]dns.ZoneSummary{
fooZoneId: testGlobalZoneSummaryFoo,
barZoneId: testGlobalZoneSummaryBar,
zoneIdBaz: testPrivateZoneSummaryBaz,
zoneIdQux: testPrivateZoneSummaryQux,
},
},
{
name: "Privatezones",
domainFilter: endpoint.NewDomainFilter([]string{"com"}),
zoneIDFilter: provider.NewZoneIDFilter([]string{""}),
zoneScope: "PRIVATE",
expected: map[string]dns.ZoneSummary{
zoneIdBaz: testPrivateZoneSummaryBaz,
zoneIdQux: testPrivateZoneSummaryQux,
},
},
{
name: "DomainFilter_com",
domainFilter: endpoint.NewDomainFilter([]string{"com"}),
zoneIDFilter: provider.NewZoneIDFilter([]string{""}),
zoneScope: "GLOBAL",
expected: map[string]dns.ZoneSummary{
fooZoneId: {
Id: common.String(fooZoneId),
Name: common.String("foo.com"),
},
barZoneId: {
Id: common.String(barZoneId),
Name: common.String("bar.com"),
},
fooZoneId: testGlobalZoneSummaryFoo,
barZoneId: testGlobalZoneSummaryBar,
},
}, {
name: "DomainFilter_foo.com",
domainFilter: endpoint.NewDomainFilter([]string{"foo.com"}),
zoneIDFilter: provider.NewZoneIDFilter([]string{""}),
zoneScope: "GLOBAL",
expected: map[string]dns.ZoneSummary{
fooZoneId: {
Id: common.String(fooZoneId),
@ -250,6 +304,7 @@ func TestOCIZones(t *testing.T) {
name: "ZoneIDFilter_ocid1.dns-zone.oc1..e1e042ef0bfbb5c251b9713fd7bf8959",
domainFilter: endpoint.NewDomainFilter([]string{""}),
zoneIDFilter: provider.NewZoneIDFilter([]string{"ocid1.dns-zone.oc1..e1e042ef0bfbb5c251b9713fd7bf8959"}),
zoneScope: "GLOBAL",
expected: map[string]dns.ZoneSummary{
fooZoneId: {
Id: common.String(fooZoneId),
@ -260,7 +315,7 @@ func TestOCIZones(t *testing.T) {
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
provider := newOCIProvider(&mockOCIDNSClient{}, tc.domainFilter, tc.zoneIDFilter, "", false)
provider := newOCIProvider(&mockOCIDNSClient{}, tc.domainFilter, tc.zoneIDFilter, tc.zoneScope, false)
zones, err := provider.zones(context.Background())
require.NoError(t, err)
validateOCIZones(t, zones, tc.expected)