fix: allow create to ignore existing matching records

ensure both DNS record and tunnel ingress are configured

Author: hans-m-song

Dockerfile

@@ -1,9 +1,9 @@
-FROM golang:1 as build
+FROM golang:1 AS build
 WORKDIR /go/src/app
 COPY . .
 ARG BUILD_COMMIT=unknown
 ARG BUILD_TIME=unknown
-RUN --mount=type=cache,target=/root/.cache/go-build \
+RUN --mount=type=cache,target=/go/pkg/mod \
   make build-binary BUILD_COMMIT=${BUILD_COMMIT} BUILD_TIME=${BUILD_TIME} OUTPUT=/go/bin/app
 
 FROM gcr.io/distroless/static-debian12:nonroot

pkg/cf/client.go

@@ -68,6 +68,7 @@ func (p clientImpl) GetTunnelConfiguration(ctx context.Context, accountID, tunne
 		return nil, fmt.Errorf("failed to get tunnel configuration: %w", err)
 	}
 
+	log.Debug().Any("tunnel_configuration", tunnel).Send()
 	return &tunnel, nil
 }
 
@@ -79,20 +80,22 @@ func (p clientImpl) UpdateTunnelIngress(ctx context.Context, accountID, tunnelID
 		return fmt.Errorf("failed to get tunnel configuration: %w", err)
 	}
 
-	log.Debug().Any("tunnel_before", tunnel).Send()
+	log.Trace().Any("tunnel_before", tunnel).Send()
 
 	tunnel.Config.Ingress = ingress
 	params := cloudflare.TunnelConfigurationParams{
 		TunnelID: tunnelID,
 		Config:   tunnel.Config,
 	}
 
-	log.Debug().Any("tunnel_after", tunnel).Send()
+	log.Trace().Any("tunnel_after", tunnel).Send()
 
-	if _, err := p.api.UpdateTunnelConfiguration(ctx, rc, params); err != nil {
+	tunnel, err = p.api.UpdateTunnelConfiguration(ctx, rc, params)
+	if err != nil {
 		return fmt.Errorf("failed to update tunnel configuration: %w", err)
 	}
 
+	log.Debug().Any("updated_tunnel_configuration", tunnel).Send()
 	return nil
 }
 
@@ -102,6 +105,7 @@ func (p clientImpl) ListZones(ctx context.Context) ([]cloudflare.Zone, error) {
 		return nil, fmt.Errorf("failed to list zones: %w", err)
 	}
 
+	log.Debug().Any("zones", zones).Send()
 	return zones, nil
 }
 
@@ -131,6 +135,7 @@ func (p clientImpl) ListZoneRecords(ctx context.Context, zoneID string) ([]cloud
 		return nil, fmt.Errorf("failed to list dns records for zone %s: %w", zoneID, err)
 	}
 
+	log.Debug().Any("records", records).Send()
 	return records, nil
 }
 
@@ -145,10 +150,12 @@ func (p clientImpl) CreateDNSRecord(ctx context.Context, record cloudflare.DNSRe
 		Content: record.Content,
 	}
 
-	if _, err := p.api.CreateDNSRecord(ctx, rc, params); err != nil {
+	record, err := p.api.CreateDNSRecord(ctx, rc, params)
+	if err != nil {
 		return fmt.Errorf("failed to create dns record %s: %w", record.Name, err)
 	}
 
+	log.Debug().Any("created_record", record).Send()
 	return nil
 }
 
@@ -158,6 +165,7 @@ func (p clientImpl) DeleteDNSRecord(ctx context.Context, zoneID, recordID string
 		return fmt.Errorf("failed to delete dns record %s: %w", recordID, err)
 	}
 
+	log.Debug().Str("deleted_record_id", recordID).Send()
 	return nil
 }
 
@@ -173,9 +181,11 @@ func (p clientImpl) UpdateDNSRecord(ctx context.Context, record cloudflare.DNSRe
 		Content: record.Content,
 	}
 
-	if _, err := p.api.UpdateDNSRecord(ctx, rc, params); err != nil {
+	record, err := p.api.UpdateDNSRecord(ctx, rc, params)
+	if err != nil {
 		return fmt.Errorf("failed to update dns record %s: %w", record.Name, err)
 	}
 
+	log.Debug().Any("updated_record", record).Send()
 	return nil
 }

pkg/provider/provider.go

@@ -30,12 +30,23 @@ func (p CloudflareTunnelProvider) Records(ctx context.Context) ([]*endpoint.Endp
 		return nil, fmt.Errorf("failed to get tunnel configuration: %w", err)
 	}
 
+	records, err := p.Cloudflare.ListAllZoneRecords(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list all zone records: %w", err)
+	}
+
+	recordMap := cf.RecordMapByName(records)
 	endpoints := []*endpoint.Endpoint{}
+
 	for _, ingress := range tunnel.Config.Ingress {
 		if ingress.Hostname == "" {
 			continue
 		}
 
+		if r, ok := recordMap[ingress.Hostname]; !ok || r == nil {
+			continue
+		}
+
 		endpoints = append(endpoints, &endpoint.Endpoint{
 			DNSName:    ingress.Hostname,
 			RecordType: endpoint.RecordTypeCNAME,
@@ -53,7 +64,8 @@ func (p CloudflareTunnelProvider) Records(ctx context.Context) ([]*endpoint.Endp
 func (CloudflareTunnelProvider) AdjustEndpoints(endpoints []*endpoint.Endpoint) ([]*endpoint.Endpoint, error) {
 	adjusted := []*endpoint.Endpoint{}
 	for _, e := range endpoints {
-		if e.RecordType != endpoint.RecordTypeCNAME {
+		if e.RecordType != endpoint.RecordTypeCNAME &&
+			e.RecordType != endpoint.RecordTypeTXT {
 			continue
 		}
 

pkg/provider/rules.go

@@ -4,15 +4,21 @@ import (
 	"fmt"
 
 	"github.com/cloudflare/cloudflare-go"
+	"github.com/rs/zerolog/log"
 	"sigs.k8s.io/external-dns/plan"
 )
 
 type Rules []cloudflare.UnvalidatedIngressRule
 
 func (r *Rules) CreateRule(hostname, service string) error {
 	for _, rule := range *r {
-		if rule.Hostname == hostname {
-			return fmt.Errorf("rule for hostname %s already exists", hostname)
+		if rule.Hostname == hostname && rule.Service == service {
+			log.Debug().Str("hostname", hostname).Str("service", service).Msg("rule already exists, skipping")
+			return nil
+		}
+
+		if rule.Hostname == hostname && rule.Service != service {
+			return fmt.Errorf("rule for hostname %s already exists: %s", hostname, service)
 		}
 	}
 
@@ -50,30 +56,18 @@ func (r *Rules) DeleteRule(hostname string) error {
 
 func (r *Rules) ApplyChanges(changes *plan.Changes) error {
 	for _, change := range changes.Create {
-		if change.RecordType != "CNAME" {
-			continue
-		}
-
 		if err := r.CreateRule(change.DNSName, change.Targets[0]); err != nil {
 			return err
 		}
 	}
 
 	for _, change := range changes.UpdateNew {
-		if change.RecordType != "CNAME" {
-			continue
-		}
-
 		if err := r.UpdateRule(change.DNSName, change.Targets[0]); err != nil {
 			return err
 		}
 	}
 
 	for _, change := range changes.Delete {
-		if change.RecordType != "CNAME" {
-			continue
-		}
-
 		if err := r.DeleteRule(change.DNSName); err != nil {
 			return err
 		}

pkg/provider/rules_test.go

@@ -18,12 +18,15 @@ func TestRules_CreateRule(t *testing.T) {
 		},
 	}
 
-	err := rules.CreateRule("example2.com", "service2")
+	// same
+	err := rules.CreateRule("example.com", "service1")
 	assert.NoError(t, err)
+	assert.Len(t, rules, 1)
 
-	err = rules.CreateRule("example.com", "service3")
-	assert.Error(t, err)
-	assert.EqualError(t, err, "rule for hostname example.com already exists")
+	// new
+	err = rules.CreateRule("example2.com", "service2")
+	assert.NoError(t, err)
+	assert.Len(t, rules, 2)
 }
 
 func TestRules_UpdateRule(t *testing.T) {
@@ -36,10 +39,11 @@ func TestRules_UpdateRule(t *testing.T) {
 
 	err := rules.UpdateRule("example.com", "service2")
 	assert.NoError(t, err)
+	assert.Len(t, rules, 1)
 
 	err = rules.UpdateRule("example2.com", "service3")
-	assert.Error(t, err)
 	assert.EqualError(t, err, "rule for hostname example2.com does not exist")
+	assert.Len(t, rules, 1)
 }
 
 func TestRules_DeleteRule(t *testing.T) {
@@ -52,19 +56,18 @@ func TestRules_DeleteRule(t *testing.T) {
 
 	err := rules.DeleteRule("example.com")
 	assert.NoError(t, err)
+	assert.Len(t, rules, 0)
 
 	err = rules.DeleteRule("example2.com")
-	assert.Error(t, err)
 	assert.EqualError(t, err, "rule for hostname example2.com does not exist")
+	assert.Len(t, rules, 0)
 }
 
 func TestRules_ApplyChanges(t *testing.T) {
-	rules := provider.Rules{
-		cloudflare.UnvalidatedIngressRule{
-			Hostname: "example.com",
-			Service:  "service1",
-		},
-	}
+	rules := provider.Rules{{
+		Hostname: "example.com",
+		Service:  "service1",
+	}}
 
 	changes := &plan.Changes{
 		Create: []*endpoint.Endpoint{
@@ -83,13 +86,17 @@ func TestRules_ApplyChanges(t *testing.T) {
 		},
 		Delete: []*endpoint.Endpoint{
 			{
-				DNSName:    "example.com",
-				Targets:    []string{"service1"},
+				DNSName:    "example2.com",
+				Targets:    []string{"service2"},
 				RecordType: "CNAME",
 			},
 		},
 	}
 
 	err := rules.ApplyChanges(changes)
 	assert.NoError(t, err)
+	assert.Equal(t, provider.Rules{{
+		Hostname: "example.com",
+		Service:  "service3",
+	}}, rules)
 }

pkg/server/server.go

@@ -39,16 +39,22 @@ func NewServer(port int64, p provider.Provider, readTimeout, writeTimeout time.D
 }
 
 func handleNegotiation(p provider.Provider) http.HandlerFunc {
+	log := log.With().Str("action", "handleNegotiation").Logger()
+
 	return func(w http.ResponseWriter, r *http.Request) {
 		raw, err := json.Marshal(p.GetDomainFilter())
 		if err != nil {
-			write(w, http.StatusInternalServerError, nil)
+			err = fmt.Errorf("failed to marshal response: %w", err)
+			log.Error().Err(err).Send()
+			w.WriteHeader(http.StatusInternalServerError)
+			_, _ = w.Write([]byte(http.StatusText(http.StatusInternalServerError)))
 			return
 		}
 
-		log.Debug().Str("action", "handleNegotiation").RawJSON("domain_filter", raw).Send()
+		log.Debug().RawJSON("domain_filter", raw).Send()
 		w.Header().Set(contentTypeHeader, externalDNSMediaType)
-		write(w, http.StatusOK, raw)
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write(raw)
 	}
 }
 
@@ -58,21 +64,26 @@ func handleGetRecords(p provider.Provider) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		records, err := p.Records(r.Context())
 		if err != nil {
-			log.Error().Err(err).Msg("failed to get records")
-			write(w, http.StatusInternalServerError, nil)
+			err = fmt.Errorf("failed to get records: %w", err)
+			log.Error().Err(err).Send()
+			w.WriteHeader(http.StatusInternalServerError)
+			_, _ = w.Write([]byte(http.StatusText(http.StatusInternalServerError)))
 			return
 		}
 
 		raw, err := json.Marshal(records)
 		if err != nil {
-			log.Error().Err(err).Msg("failed to marshal records to json")
-			write(w, http.StatusInternalServerError, nil)
+			err = fmt.Errorf("failed to marshal records to json: %w", err)
+			log.Error().Err(err).Send()
+			w.WriteHeader(http.StatusInternalServerError)
+			_, _ = w.Write([]byte(http.StatusText(http.StatusInternalServerError)))
 			return
 		}
 
 		log.Debug().RawJSON("records", raw).Send()
 		w.Header().Set(contentTypeHeader, externalDNSMediaType)
-		write(w, http.StatusOK, raw)
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write(raw)
 	}
 }
 
@@ -82,20 +93,24 @@ func handleApplyChanges(p provider.Provider) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		var changes plan.Changes
 		if err := json.NewDecoder(r.Body).Decode(&changes); err != nil {
-			log.Error().Err(err).Msg("failed to decode changes")
+			err = fmt.Errorf("failed to decode changes: %w", err)
+			log.Error().Err(err).Send()
+			w.WriteHeader(http.StatusBadRequest)
 			w.WriteHeader(http.StatusBadRequest)
-			write(w, http.StatusBadRequest, nil)
+			_, _ = w.Write([]byte(http.StatusText(http.StatusBadRequest)))
 			return
 		}
 
 		if err := p.ApplyChanges(r.Context(), &changes); err != nil {
-			log.Error().Err(err).Any("changes", changes).Msg("failed to apply changes")
-			write(w, http.StatusInternalServerError, nil)
+			err = fmt.Errorf("failed to apply changes: %w", err)
+			log.Error().Err(err).Any("changes", changes).Send()
+			w.WriteHeader(http.StatusInternalServerError)
+			_, _ = w.Write([]byte(http.StatusText(http.StatusInternalServerError)))
 			return
 		}
 
 		log.Debug().Any("changes", changes).Send()
-		write(w, http.StatusNoContent, nil)
+		w.WriteHeader(http.StatusNoContent)
 	}
 }
 
@@ -105,27 +120,34 @@ func handleAdjustEndpoints(p provider.Provider) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		var endpoints []*endpoint.Endpoint
 		if err := json.NewDecoder(r.Body).Decode(&endpoints); err != nil {
-			log.Error().Err(err).Msg("failed to decode endpoints")
-			write(w, http.StatusBadRequest, nil)
+			err = fmt.Errorf("failed to decode endpoints: %w", err)
+			log.Error().Err(err).Send()
+			w.WriteHeader(http.StatusBadRequest)
+			_, _ = w.Write([]byte(http.StatusText(http.StatusBadRequest)))
 			return
 		}
 
 		endpoints, err := p.AdjustEndpoints(endpoints)
 		if err != nil {
-			log.Error().Err(err).Any("endpoints", endpoints).Msg("failed to adjust endpoints")
-			write(w, http.StatusInternalServerError, nil)
+			err = fmt.Errorf("failed to adjust endpoints: %w", err)
+			log.Error().Err(err).Any("endpoints", endpoints).Send()
+			w.WriteHeader(http.StatusInternalServerError)
+			_, _ = w.Write([]byte(http.StatusText(http.StatusInternalServerError)))
 			return
 		}
 
 		raw, err := json.Marshal(endpoints)
 		if err != nil {
-			log.Error().Err(err).Any("endpoints", endpoints).Msg("failed to marshal endpoints to json")
-			write(w, http.StatusInternalServerError, nil)
+			err = fmt.Errorf("failed to marshal endpoints to json: %w", err)
+			log.Error().Err(err).Any("endpoints", endpoints).Send()
+			w.WriteHeader(http.StatusInternalServerError)
+			_, _ = w.Write([]byte(http.StatusText(http.StatusInternalServerError)))
 			return
 		}
 
-		log.Debug().Any("endpoints", endpoints).Send()
+		log.Debug().RawJSON("endpoints", raw).Send()
 		w.Header().Set(contentTypeHeader, externalDNSMediaType)
-		write(w, http.StatusOK, raw)
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write(raw)
 	}
 }