This PR deprecates plaintext secret in Corefile for route53 plugin (`aws_access_key`).
Since using environmental variables of `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
have already been available, no other changes other than deprecation is needed.
This will avoid saving plaintext secret in Corefile which could be
of security concern.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Went over all generated manual pages and fixed some markdown issues,
mostly escaping "_" to avoid underlining entire paragraphs.
Some textual fixes in route53 and other cloud DNS plugins.
Regenerated the markdown with mmark.
Signed-off-by: Miek Gieben <miek@miek.nl>
Update all documentation in the tree to use example.org as an example
configuration (in so far possible). As to get out of the just use "."
and fallthrough and things would be fine.
Signed-off-by: Miek Gieben <miek@miek.nl>
the current update frequency for the refresh loop in the route 53 plugin is hard-coded
to 1 minute. aws rate-limits the number of api requests so less frequent record refreshes
can help when reaching those limits depending upon your individual scenarios. this pull
adds a configuration option to the route53 plugin to adjust the refresh frequency.
thanks for getting my last pull released so quickly. this is the last local change that
i have been running and would love to get it contributed back to the project.
Signed-off-by: Matt Kulka <mkulka@parchment.com>
`upstream` is not needed as a setting; just set if unconditionally and
remove all documentation and tests for it.
At some point we want remove the hanlding for `upstream` as well and
error out on seeing it.
Signed-off-by: Miek Gieben <miek@miek.nl>
Various plugins still had this documented, the setup functions still
allow it (which is fine), but update the docs that this arguments isn't
there any more.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Default to upstream to self
This is a backwards incompatible change.
This is a massive (cleanup) PR where we default to resolving external
names by the coredns process itself, instead of directly forwarding them
to some upstream.
This ignores any arguments `upstream` may have had and makes it depend
on proxy/forward configuration in the Corefile. This allows resolved
upstream names to be cached and we have better healthchecking of the
upstreams. It also means there is only one way to resolve names, by
either using the proxy or forward plugin.
The proxy/forward lookup.go functions have been removed. This also
lessen the dependency on proxy, meaning deprecating proxy will become
easier. Some tests have been removed as well, or moved to the top-level
test directory as they now require a full coredns process instead of
just the plugin.
For the etcd plugin, the entire StubZone resolving is *dropped*! This
was a hacky (but working) solution to say the least. If someone cares
deeply it can be brought back (maybe)?
The pkg/upstream is now very small and almost does nothing. Also the
New() function was changed to return a pointer to upstream.Upstream. It
also returns only one parameter, so any stragglers using it will
encounter a compile error.
All documentation has been adapted. This affected the following plugins:
* etcd
* file
* auto
* secondary
* federation
* template
* route53
A followup PR will make any upstream directives with arguments an error,
right now they are ignored.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix etcd build - probably still fails unit test
Signed-off-by: Miek Gieben <miek@miek.nl>
* Slightly smarter lookup check in upstream
Signed-off-by: Miek Gieben <miek@miek.nl>
* Compilez
Signed-off-by: Miek Gieben <miek@miek.nl>
* [plugin/route53]: Support batch mode operation.
Cache all Route53 records internally using `ListResourceRecordPagesWithContext`
and serve them from memory.
Bonus features:
* Support additional r53 record types (`CNAME`, `SOA`, etc)
* Support `upstream` option (#2099 filed to support argument optionality)
Signed-off-by: Dmitry Ilyevskiy <dmitry.ilyevskiy@getcruise.com>
Signed-off-by: Dmitry Ilyevskiy <ilyevsky@gmail.com>
* plugins: Return error for multiple use of some
Return plugin.ErrOnce when a plugin that doesn't support it, is called
mutliple times.
This now adds it for: cache, dnssec, errors, forward, hosts, nsid.
And changes it slightly in kubernetes, pprof, reload, root.
* more tests
* Update vendor
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add route53 plugin
This fix adds route53 plugin so that it is possible to
query route53 record through CoreDNS.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
