* fix(aws): warn on TXT AccessDenied due to ABAC
ExternalDNS writes TXT ownership records. ABAC missing TXT can cause 403
AccessDenied from Route 53.
* Update AWS ABAC docs to include TXT in record types
* Log entries when AccessDenied occurs and batch contains TXT
* Added unit tests for AccessDenied detection, TXT detection and logging
Refs: #5773
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* fix(aws): Drop prescriptive IAM warning
* Return the first Route 53 error from `submitChanges` so operators see
the original AWS message
* Remove IAM-guessing branch while keeping split-and-retry submission
* Tidy error test and fall back to `provider.NewSoftErrorf` when no AWS
error was captured
* Add tests for error return on failures upon zone submission
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* fix(aws): Remove TXT-specific error handling
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* fix(aws): Remove Route53 final error message
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* fix(aws): Remove unused import of `error`
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
---------
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* scoping the AWS IAM policy to explicitely defined AWS Route53 zones
* Apply suggestions from code review
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* Update aws.md
* Update docs/tutorials/aws.md
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* Update aws.md
breaking up lines to make it pass markdown linting
---------
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
Only grant endpointslices permissions when using service source and remove
outdated endpoints RBAC from provider tutorials.
Add rbac tests for the chart.
* feat(aws): add support for geoproximity routing
* remove the invalid test
* make some changes based on review comments
* fix linting errors
* make changes based on review feedback
* add more tests to get better coverage
* update docs
* make the linter happy
* address review feedback
This commit addresses the review feedback by making the following changes:
- use a more object-oriented approach for geoProximity handling
- change log levels to warnings instead of errors
- add more test cases for geoProximity
* fix linting error
* use shorter annotation names
- add flag to enable regional hostname feature
- support deletion of regional hostname on annotation edit
- correctly support differences detection with cloudflare state
- increased tests coverage
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* fix(azure): Enhance retry logic using azure SDK
* Added the changes for flag based maxretries configuration
* Fixed types.go, flags.md and delected unneccesary comments
* Added the correct image for the Azure Private DNS tutorial
* Following the go naming convention for maxRetriesCount
* Added the correct flag information to the --azure-maxretries-count
* Made the required changes to accept the --azure-maxretries-count flag value from cli/env
* docs(tutorials): add IONOS Cloud setup tutorial for ExternalDNS
* docs(tutorials): improve formatting and clarity in IONOS Cloud tutorial
* docs(tutorials): address comments, file names to use dash, and more information on ionos webhook repo and image
* Update docs/tutorials/ionoscloud.md
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
---------
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* bugfix - do not reset the resultInfo var, causing infinite loop when number of custom hostnames more than 50
* support paging for custom hostnames tests; update doc
improve test coverage
test the edge case when the custom hostname has changed during the record deletion
don't use custom hostnames if Cloudflare for SaaS fails to authenticate
Use new --cloudflare-custom-hostnames flag to enable cloudflare custom hostnames support
custom hostnames flags --cloudflare-custom-hostnames-min-tls-version and --cloudflare-custom-hostnames-certificate-authority support
markdown lint
Update cloudflare.md
* First pass based on existing PR, what is currently on master and some
extra tests.
* Try to resolve AWS service documentation
* Add documentation on how to opt-out of AAAA record creation
* Address documentation concerns
* Add some IPv6 tests to sources
* Make recommended changes to documentation
