Add private DNS support for azure plugin (#3516)
* plugin/azure: fix bug in setting up plugin Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: add support for private zones Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: change syntax for access level Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: change import alias for azure dns Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: reword readme, var names Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: remove newline in imports Signed-off-by: darshanime <deathbullet@gmail.com> * fix import grouping Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
This commit is contained in:
Darshan Chaudhary
GitHub
parent
3c19f9f181
commit
085826776f
4 changed files with 188 additions and 60 deletions
|
|
@ -9,7 +9,8 @@ import (
|
|||
"github.com/coredns/coredns/plugin/pkg/fall"
|
||||
clog "github.com/coredns/coredns/plugin/pkg/log"
|
||||
|
||||
azuredns "github.com/Azure/azure-sdk-for-go/profiles/latest/dns/mgmt/dns"
|
||||
publicAzureDNS "github.com/Azure/azure-sdk-for-go/profiles/latest/dns/mgmt/dns"
|
||||
privateAzureDNS "github.com/Azure/azure-sdk-for-go/profiles/latest/privatedns/mgmt/privatedns"
|
||||
azurerest "github.com/Azure/go-autorest/autorest/azure"
|
||||
"github.com/Azure/go-autorest/autorest/azure/auth"
|
||||
"github.com/caddyserver/caddy"
|
||||
|
|
@ -20,18 +21,23 @@ var log = clog.NewWithPlugin("azure")
|
|||
func init() { plugin.Register("azure", setup) }
|
||||
|
||||
func setup(c *caddy.Controller) error {
|
||||
env, keys, fall, err := parse(c)
|
||||
env, keys, accessMap, fall, err := parse(c)
|
||||
if err != nil {
|
||||
return plugin.Error("azure", err)
|
||||
}
|
||||
ctx := context.Background()
|
||||
|
||||
dnsClient := azuredns.NewRecordSetsClient(env.Values[auth.SubscriptionID])
|
||||
if dnsClient.Authorizer, err = env.GetAuthorizer(); err != nil {
|
||||
publicDNSClient := publicAzureDNS.NewRecordSetsClient(env.Values[auth.SubscriptionID])
|
||||
if publicDNSClient.Authorizer, err = env.GetAuthorizer(); err != nil {
|
||||
return plugin.Error("azure", err)
|
||||
}
|
||||
|
||||
h, err := New(ctx, dnsClient, keys)
|
||||
privateDNSClient := privateAzureDNS.NewRecordSetsClient(env.Values[auth.SubscriptionID])
|
||||
if privateDNSClient.Authorizer, err = env.GetAuthorizer(); err != nil {
|
||||
return plugin.Error("azure", err)
|
||||
}
|
||||
|
||||
h, err := New(ctx, publicDNSClient, privateDNSClient, keys, accessMap)
|
||||
if err != nil {
|
||||
return plugin.Error("azure", err)
|
||||
}
|
||||
|
|
@ -47,13 +53,17 @@ func setup(c *caddy.Controller) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func parse(c *caddy.Controller) (auth.EnvironmentSettings, map[string][]string, fall.F, error) {
|
||||
func parse(c *caddy.Controller) (auth.EnvironmentSettings, map[string][]string, map[string]string, fall.F, error) {
|
||||
resourceGroupMapping := map[string][]string{}
|
||||
accessMap := map[string]string{}
|
||||
resourceGroupSet := map[string]struct{}{}
|
||||
azureEnv := azurerest.PublicCloud
|
||||
env := auth.EnvironmentSettings{Values: map[string]string{}}
|
||||
|
||||
var fall fall.F
|
||||
var access string
|
||||
var resourceGroup string
|
||||
var zoneName string
|
||||
|
||||
for c.Next() {
|
||||
args := c.RemainingArgs()
|
||||
|
|
@ -61,60 +71,70 @@ func parse(c *caddy.Controller) (auth.EnvironmentSettings, map[string][]string,
|
|||
for i := 0; i < len(args); i++ {
|
||||
parts := strings.SplitN(args[i], ":", 2)
|
||||
if len(parts) != 2 {
|
||||
return env, resourceGroupMapping, fall, c.Errf("invalid resource group/zone: %q", args[i])
|
||||
return env, resourceGroupMapping, accessMap, fall, c.Errf("invalid resource group/zone: %q", args[i])
|
||||
}
|
||||
resourceGroup, zoneName := parts[0], parts[1]
|
||||
resourceGroup, zoneName = parts[0], parts[1]
|
||||
if resourceGroup == "" || zoneName == "" {
|
||||
return env, resourceGroupMapping, fall, c.Errf("invalid resource group/zone: %q", args[i])
|
||||
return env, resourceGroupMapping, accessMap, fall, c.Errf("invalid resource group/zone: %q", args[i])
|
||||
}
|
||||
if _, ok := resourceGroupSet[args[i]]; ok {
|
||||
return env, resourceGroupMapping, fall, c.Errf("conflicting zone: %q", args[i])
|
||||
if _, ok := resourceGroupSet[resourceGroup+zoneName]; ok {
|
||||
return env, resourceGroupMapping, accessMap, fall, c.Errf("conflicting zone: %q", args[i])
|
||||
}
|
||||
|
||||
resourceGroupSet[args[i]] = struct{}{}
|
||||
resourceGroupSet[resourceGroup+zoneName] = struct{}{}
|
||||
accessMap[resourceGroup+zoneName] = "public"
|
||||
resourceGroupMapping[resourceGroup] = append(resourceGroupMapping[resourceGroup], zoneName)
|
||||
}
|
||||
|
||||
for c.NextBlock() {
|
||||
switch c.Val() {
|
||||
case "subscription":
|
||||
if !c.NextArg() {
|
||||
return env, resourceGroupMapping, fall, c.ArgErr()
|
||||
return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
|
||||
}
|
||||
env.Values[auth.SubscriptionID] = c.Val()
|
||||
case "tenant":
|
||||
if !c.NextArg() {
|
||||
return env, resourceGroupMapping, fall, c.ArgErr()
|
||||
return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
|
||||
}
|
||||
env.Values[auth.TenantID] = c.Val()
|
||||
case "client":
|
||||
if !c.NextArg() {
|
||||
return env, resourceGroupMapping, fall, c.ArgErr()
|
||||
return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
|
||||
}
|
||||
env.Values[auth.ClientID] = c.Val()
|
||||
case "secret":
|
||||
if !c.NextArg() {
|
||||
return env, resourceGroupMapping, fall, c.ArgErr()
|
||||
return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
|
||||
}
|
||||
env.Values[auth.ClientSecret] = c.Val()
|
||||
case "environment":
|
||||
if !c.NextArg() {
|
||||
return env, resourceGroupMapping, fall, c.ArgErr()
|
||||
return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
|
||||
}
|
||||
env.Values[auth.ClientSecret] = c.Val()
|
||||
var err error
|
||||
if azureEnv, err = azurerest.EnvironmentFromName(c.Val()); err != nil {
|
||||
return env, resourceGroupMapping, fall, c.Errf("cannot set azure environment: %q", err.Error())
|
||||
return env, resourceGroupMapping, accessMap, fall, c.Errf("cannot set azure environment: %q", err.Error())
|
||||
}
|
||||
case "fallthrough":
|
||||
fall.SetZonesFromArgs(c.RemainingArgs())
|
||||
case "access":
|
||||
if !c.NextArg() {
|
||||
return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
|
||||
}
|
||||
access = c.Val()
|
||||
if access != "public" && access != "private" {
|
||||
return env, resourceGroupMapping, accessMap, fall, c.Errf("invalid access value: can be public/private, found: %s", access)
|
||||
}
|
||||
accessMap[resourceGroup+zoneName] = access
|
||||
default:
|
||||
return env, resourceGroupMapping, fall, c.Errf("unknown property: %q", c.Val())
|
||||
return env, resourceGroupMapping, accessMap, fall, c.Errf("unknown property: %q", c.Val())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
env.Values[auth.Resource] = azureEnv.ResourceManagerEndpoint
|
||||
env.Environment = azureEnv
|
||||
|
||||
return env, resourceGroupMapping, fall, nil
|
||||
return env, resourceGroupMapping, accessMap, fall, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue