Cloudflare: Disable proxy mode for TXT and others (#361)

* Cloudflare: Disable proxy mode for TXT and others * Improve code according to review * Add test * Disable proxy mode for wildcards * Fix review, add test * Move var * chore: fix some golang related stuff * chore: update changelog to reflect latest changes
kubernetes-sigs · Oct 18, 2017 · 19ab8cd · 19ab8cd
1 parent 4efa187
commit 19ab8cd
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## v0.4.7 - 2017-10-18
+
+  - CloudFlare: Disable proxy mode for TXT and others (#361) @dunglas
+
 ## v0.4.6 - 2017-10-12
 
   - [AWS Route53 provider] Support customization of DNS record TTL through the use of annotation `external-dns.alpha.kubernetes.io/ttl` on services or ingresses (#320) @kevinjqiu

diff --git a/provider/cloudflare.go b/provider/cloudflare.go
@@ -19,6 +19,7 @@ package provider
 import (
 	"fmt"
 	"os"
+	"strings"
 
 	cloudflare "github.com/cloudflare/cloudflare-go"
 	log "github.com/sirupsen/logrus"
@@ -36,6 +37,15 @@ const (
 	cloudFlareUpdate = "UPDATE"
 )
 
+var cloudFlareTypeNotSupported = map[string]bool{
+	"LOC": true,
+	"MX":  true,
+	"NS":  true,
+	"SPF": true,
+	"TXT": true,
+	"SRV": true,
+}
+
 // cloudFlareDNS is the subset of the CloudFlare API that we actually use.  Add methods as required. Signatures must match exactly.
 type cloudFlareDNS interface {
 	UserDetails() (cloudflare.User, error)
@@ -260,6 +270,10 @@ func newCloudFlareChanges(action string, endpoints []*endpoint.Endpoint, proxied
 }
 
 func newCloudFlareChange(action string, endpoint *endpoint.Endpoint, proxied bool) *cloudFlareChange {
+	if proxied && (cloudFlareTypeNotSupported[endpoint.RecordType] || strings.Contains(endpoint.DNSName, "*")) {
+		proxied = false
+	}
+
 	return &cloudFlareChange{
 		Action: action,
 		ResourceRecordSet: cloudflare.DNSRecord{

diff --git a/provider/cloudflare_test.go b/provider/cloudflare_test.go
@@ -336,9 +336,42 @@ func (m *mockCloudFlareUpdateRecordsFail) ListZones(zoneID ...string) ([]cloudfl
 }
 
 func TestNewCloudFlareChanges(t *testing.T) {
-	action := cloudFlareCreate
 	endpoints := []*endpoint.Endpoint{{DNSName: "new", Target: "target"}}
-	_ = newCloudFlareChanges(action, endpoints, true)
+	newCloudFlareChanges(cloudFlareCreate, endpoints, true)
+}
+
+func TestNewCloudFlareChangeNoProxied(t *testing.T) {
+	change := newCloudFlareChange(cloudFlareCreate, &endpoint.Endpoint{DNSName: "new", RecordType: "A", Target: "target"}, false)
+	assert.False(t, change.ResourceRecordSet.Proxied)
+}
+
+func TestNewCloudFlareChangeProxiable(t *testing.T) {
+	var cloudFlareTypes = []struct {
+		recordType string
+		proxiable  bool
+	}{
+		{"A", true},
+		{"CNAME", true},
+		{"LOC", false},
+		{"MX", false},
+		{"NS", false},
+		{"SPF", false},
+		{"TXT", false},
+		{"SRV", false},
+	}
+
+	for _, cloudFlareType := range cloudFlareTypes {
+		change := newCloudFlareChange(cloudFlareCreate, &endpoint.Endpoint{DNSName: "new", RecordType: cloudFlareType.recordType, Target: "target"}, true)
+
+		if cloudFlareType.proxiable {
+			assert.True(t, change.ResourceRecordSet.Proxied)
+		} else {
+			assert.False(t, change.ResourceRecordSet.Proxied)
+		}
+	}
+
+	change := newCloudFlareChange(cloudFlareCreate, &endpoint.Endpoint{DNSName: "*.foo", RecordType: "A", Target: "target"}, true)
+	assert.False(t, change.ResourceRecordSet.Proxied)
 }
 
 func TestCloudFlareZones(t *testing.T) {