route53: avoid unexpected records deletion (#1976)

Co-authored-by: David King <king.c.david@googlemail.com>
This commit is contained in:
Ludovic Fernandez 2023-07-27 20:56:40 +02:00 committed by GitHub
parent d21706420a
commit f582d12f65
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -176,26 +176,43 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("failed to determine Route 53 hosted zone ID: %w", err) return fmt.Errorf("failed to determine Route 53 hosted zone ID: %w", err)
} }
records, err := d.getExistingRecordSets(ctx, hostedZoneID, info.EffectiveFQDN) existingRecords, err := d.getExistingRecordSets(ctx, hostedZoneID, info.EffectiveFQDN)
if err != nil { if err != nil {
return fmt.Errorf("route53: %w", err) return fmt.Errorf("route53: %w", err)
} }
if len(records) == 0 { if len(existingRecords) == 0 {
return nil return nil
} }
var nonLegoRecords []awstypes.ResourceRecord
for _, record := range existingRecords {
if deref(record.Value) != `"`+info.Value+`"` {
nonLegoRecords = append(nonLegoRecords, record)
}
}
action := awstypes.ChangeActionUpsert
recordSet := &awstypes.ResourceRecordSet{ recordSet := &awstypes.ResourceRecordSet{
Name: aws.String(info.EffectiveFQDN), Name: aws.String(info.EffectiveFQDN),
Type: "TXT", Type: "TXT",
TTL: aws.Int64(int64(d.config.TTL)), TTL: aws.Int64(int64(d.config.TTL)),
ResourceRecords: records, ResourceRecords: nonLegoRecords,
} }
err = d.changeRecord(ctx, awstypes.ChangeActionDelete, hostedZoneID, recordSet) // If the records are only records created by lego.
if len(nonLegoRecords) == 0 {
action = awstypes.ChangeActionDelete
recordSet.ResourceRecords = existingRecords
}
err = d.changeRecord(ctx, action, hostedZoneID, recordSet)
if err != nil { if err != nil {
return fmt.Errorf("route53: %w", err) return fmt.Errorf("route53: %w", err)
} }
return nil return nil
} }