fix: only delete managed dns record (#5)

Signed-off-by: STRRL <im@strrl.dev>
STRRL · Jun 18, 2023 · b99c8d3 · b99c8d3
1 parent b0aede2
commit b99c8d3
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 18 deletions.
diff --git a/pkg/cloudflare-controller/dns.go b/pkg/cloudflare-controller/dns.go
@@ -7,6 +7,8 @@ import (
 	"strings"
 )
 
+const ManagedCNAMERecordCommentMark = "managed by cloudflare-tunnel-ingress-controller"
+
 type DNSOperationCreate struct {
 	Hostname string
 	Type     string
@@ -25,7 +27,7 @@ type DNSOperationDelete struct {
 	OldRecord cloudflare.DNSRecord
 }
 
-func syncDNSRecord(exposures []exposure.Exposure, existedRecords []cloudflare.DNSRecord, tunnelId string) ([]DNSOperationCreate, []DNSOperationUpdate, []DNSOperationDelete, error) {
+func syncDNSRecord(exposures []exposure.Exposure, existedCNAMERecords []cloudflare.DNSRecord, tunnelId string) ([]DNSOperationCreate, []DNSOperationUpdate, []DNSOperationDelete, error) {
 	var effectiveExposures []exposure.Exposure
 	for _, item := range exposures {
 		if !item.IsDeleted {
@@ -37,32 +39,34 @@ func syncDNSRecord(exposures []exposure.Exposure, existedRecords []cloudflare.DN
 	var toUpdate []DNSOperationUpdate
 
 	for _, item := range effectiveExposures {
-		contains, old := dnsRecordsContainsHostname(existedRecords, item.Hostname)
+		contains, old := dnsRecordsContainsHostname(existedCNAMERecords, item.Hostname)
 
 		if contains {
 			toUpdate = append(toUpdate, DNSOperationUpdate{
 				OldRecord: old,
 				Type:      "CNAME",
 				Content:   tunnelDomain(tunnelId),
-				Comment:   "managed by cloudflare-tunnel-ingress-controller",
+				Comment:   ManagedCNAMERecordCommentMark,
 			})
 		} else {
 			toCreate = append(toCreate, DNSOperationCreate{
 				Hostname: item.Hostname,
 				Type:     "CNAME",
 				Content:  tunnelDomain(tunnelId),
-				Comment:  "managed by cloudflare-tunnel-ingress-controller",
+				Comment:  ManagedCNAMERecordCommentMark,
 			})
 		}
 	}
 
 	var toDelete []DNSOperationDelete
-	for _, item := range existedRecords {
+	for _, item := range existedCNAMERecords {
 		contains, _ := exposureContainsHostname(effectiveExposures, item.Name)
 		if !contains {
-			toDelete = append(toDelete, DNSOperationDelete{
-				OldRecord: item,
-			})
+			if item.Comment == ManagedCNAMERecordCommentMark {
+				toDelete = append(toDelete, DNSOperationDelete{
+					OldRecord: item,
+				})
+			}
 		}
 	}
 

diff --git a/pkg/cloudflare-controller/dns_test.go b/pkg/cloudflare-controller/dns_test.go
@@ -55,7 +55,7 @@ func Test_syncDNSRecord(t *testing.T) {
 					Hostname: "test.example.com",
 					Type:     "CNAME",
 					Content:  WhateverTunnelDomain,
-					Comment:  "managed by cloudflare-tunnel-ingress-controller",
+					Comment:  ManagedCNAMERecordCommentMark,
 				},
 			},
 			wantUpdate: nil,
@@ -87,13 +87,38 @@ func Test_syncDNSRecord(t *testing.T) {
 					Hostname: "test2.example.com",
 					Type:     "CNAME",
 					Content:  WhateverTunnelDomain,
-					Comment:  "managed by cloudflare-tunnel-ingress-controller",
+					Comment:  ManagedCNAMERecordCommentMark,
 				},
 			},
 			wantUpdate: nil,
 			wantDelete: nil,
 			wantErr:    false,
 		},
+		{
+			name: "only delete managed record",
+			args: args{
+				exposures: nil,
+				existedRecords: []cloudflare.DNSRecord{
+					{
+						Name:    "test.example.com",
+						Type:    "CNAME",
+						Content: "another.example.com",
+						Comment: "not a managed record",
+					},
+					{
+						Name:    "test2.example.com",
+						Type:    "A",
+						Content: "1.2.3.4",
+						Comment: "",
+					},
+				},
+				tunnelId: "",
+			},
+			wantCreate: nil,
+			wantUpdate: nil,
+			wantDelete: nil,
+			wantErr:    false,
+		},
 		{
 			name: "update existed exposure",
 			args: args{
@@ -126,7 +151,7 @@ func Test_syncDNSRecord(t *testing.T) {
 					},
 					Type:    "CNAME",
 					Content: WhateverTunnelDomain,
-					Comment: "managed by cloudflare-tunnel-ingress-controller",
+					Comment: ManagedCNAMERecordCommentMark,
 				},
 			},
 			wantDelete: nil,
@@ -148,7 +173,7 @@ func Test_syncDNSRecord(t *testing.T) {
 						Name:    "test.example.com",
 						Type:    "A",
 						Content: "1.2.3.4",
-						Comment: "",
+						Comment: ManagedCNAMERecordCommentMark,
 					},
 				},
 				tunnelId: WhateverTunnelId,
@@ -161,7 +186,7 @@ func Test_syncDNSRecord(t *testing.T) {
 						Name:    "test.example.com",
 						Type:    "A",
 						Content: "1.2.3.4",
-						Comment: "",
+						Comment: ManagedCNAMERecordCommentMark,
 					},
 				},
 			},
@@ -183,7 +208,7 @@ func Test_syncDNSRecord(t *testing.T) {
 						Name:    "test.example.com",
 						Type:    "CNAME",
 						Content: WhateverTunnelDomain,
-						Comment: "managed by cloudflare-tunnel-ingress-controller",
+						Comment: ManagedCNAMERecordCommentMark,
 					},
 				},
 				tunnelId: WhateverTunnelId,
@@ -195,11 +220,11 @@ func Test_syncDNSRecord(t *testing.T) {
 						Name:    "test.example.com",
 						Type:    "CNAME",
 						Content: WhateverTunnelDomain,
-						Comment: "managed by cloudflare-tunnel-ingress-controller",
+						Comment: ManagedCNAMERecordCommentMark,
 					},
 					Type:    "CNAME",
 					Content: WhateverTunnelDomain,
-					Comment: "managed by cloudflare-tunnel-ingress-controller",
+					Comment: ManagedCNAMERecordCommentMark,
 				},
 			},
 			wantDelete: nil,

diff --git a/pkg/cloudflare-controller/tunnel-client.go b/pkg/cloudflare-controller/tunnel-client.go
@@ -111,13 +111,13 @@ func (t *TunnelClient) updateDNSCNAMERecord(ctx context.Context, exposures []exp
 }
 
 func (t *TunnelClient) updateDNSCNAMERecordForZone(ctx context.Context, exposures []exposure.Exposure, zone cloudflare.Zone) error {
-	dnsRecords, _, err := t.cfClient.ListDNSRecords(ctx, cloudflare.ResourceIdentifier(zone.ID), cloudflare.ListDNSRecordsParams{
+	cnameDnsRecords, _, err := t.cfClient.ListDNSRecords(ctx, cloudflare.ResourceIdentifier(zone.ID), cloudflare.ListDNSRecordsParams{
 		Type: "CNAME",
 	})
 	if err != nil {
 		return errors.Wrapf(err, "list DNS records for zone %s", zone.Name)
 	}
-	toCreate, toUpdate, toDelete, err := syncDNSRecord(exposures, dnsRecords, t.tunnelId)
+	toCreate, toUpdate, toDelete, err := syncDNSRecord(exposures, cnameDnsRecords, t.tunnelId)
 	if err != nil {
 		return errors.Wrap(err, "sync DNS records")
 	}
@@ -139,6 +139,13 @@ func (t *TunnelClient) updateDNSCNAMERecordForZone(ctx context.Context, exposure
 	}
 
 	for _, item := range toUpdate {
+
+		if item.OldRecord.Comment != ManagedCNAMERecordCommentMark {
+			t.logger.Info("WARNING, the origin DNS record is not managed by this controller, it would be changed to managed record",
+				"origin-record", item.OldRecord,
+			)
+		}
+
 		t.logger.Info("update DNS record", "id", item.OldRecord.ID, "type", item.Type, "hostname", item.OldRecord.Name, "content", item.Content)
 
 		_, err := t.cfClient.UpdateDNSRecord(ctx, cloudflare.ResourceIdentifier(zone.ID), cloudflare.UpdateDNSRecordParams{