Add private DNS support for azure plugin (#3516)

* plugin/azure: fix bug in setting up plugin Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: add support for private zones Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: change syntax for access level Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: change import alias for azure dns Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: reword readme, var names Signed-off-by: darshanime <deathbullet@gmail.com> * plugin/azure: remove newline in imports Signed-off-by: darshanime <deathbullet@gmail.com> * fix import grouping Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
author: Darshan Chaudhary <deathbullet@gmail.com> 2020-03-11 00:52:23 +0530
committer: GitHub <noreply@github.com> 2020-03-10 15:22:23 -0400
commit: 085826776f48fe603c700313273fede6e086cd76 (patch)
tree: ad5d6218236c570c773a870b97d7cdf028ec3b2d /plugin/azure/setup.go
parent: 3c19f9f18170dd7ac2dbe2f0e7710e0883cef901 (diff)
download: coredns-085826776f48fe603c700313273fede6e086cd76.tar.gz
coredns-085826776f48fe603c700313273fede6e086cd76.tar.zst
coredns-085826776f48fe603c700313273fede6e086cd76.zip
1 files changed, 41 insertions, 21 deletions
diff --git a/plugin/azure/setup.go b/plugin/azure/setup.go
index 15ebb7d6f..4f0ec3cbe 100644
--- a/plugin/azure/setup.go
+++ b/plugin/azure/setup.go
@@ -9,7 +9,8 @@ import (
 	"github.com/coredns/coredns/plugin/pkg/fall"
 	clog "github.com/coredns/coredns/plugin/pkg/log"
 
-	azuredns "github.com/Azure/azure-sdk-for-go/profiles/latest/dns/mgmt/dns"
+	publicAzureDNS "github.com/Azure/azure-sdk-for-go/profiles/latest/dns/mgmt/dns"
+	privateAzureDNS "github.com/Azure/azure-sdk-for-go/profiles/latest/privatedns/mgmt/privatedns"
 	azurerest "github.com/Azure/go-autorest/autorest/azure"
 	"github.com/Azure/go-autorest/autorest/azure/auth"
 	"github.com/caddyserver/caddy"
@@ -20,18 +21,23 @@ var log = clog.NewWithPlugin("azure")
 func init() { plugin.Register("azure", setup) }
 
 func setup(c *caddy.Controller) error {
-	env, keys, fall, err := parse(c)
+	env, keys, accessMap, fall, err := parse(c)
 	if err != nil {
 		return plugin.Error("azure", err)
 	}
 	ctx := context.Background()
 
-	dnsClient := azuredns.NewRecordSetsClient(env.Values[auth.SubscriptionID])
-	if dnsClient.Authorizer, err = env.GetAuthorizer(); err != nil {
+	publicDNSClient := publicAzureDNS.NewRecordSetsClient(env.Values[auth.SubscriptionID])
+	if publicDNSClient.Authorizer, err = env.GetAuthorizer(); err != nil {
 		return plugin.Error("azure", err)
 	}
 
-	h, err := New(ctx, dnsClient, keys)
+	privateDNSClient := privateAzureDNS.NewRecordSetsClient(env.Values[auth.SubscriptionID])
+	if privateDNSClient.Authorizer, err = env.GetAuthorizer(); err != nil {
+		return plugin.Error("azure", err)
+	}
+
+	h, err := New(ctx, publicDNSClient, privateDNSClient, keys, accessMap)
 	if err != nil {
 		return plugin.Error("azure", err)
 	}
@@ -47,13 +53,17 @@ func setup(c *caddy.Controller) error {
 	return nil
 }
 
-func parse(c *caddy.Controller) (auth.EnvironmentSettings, map[string][]string, fall.F, error) {
+func parse(c *caddy.Controller) (auth.EnvironmentSettings, map[string][]string, map[string]string, fall.F, error) {
 	resourceGroupMapping := map[string][]string{}
+	accessMap := map[string]string{}
 	resourceGroupSet := map[string]struct{}{}
 	azureEnv := azurerest.PublicCloud
 	env := auth.EnvironmentSettings{Values: map[string]string{}}
 
 	var fall fall.F
+	var access string
+	var resourceGroup string
+	var zoneName string
 
 	for c.Next() {
 		args := c.RemainingArgs()
@@ -61,60 +71,70 @@ func parse(c *caddy.Controller) (auth.EnvironmentSettings, map[string][]string,
 		for i := 0; i < len(args); i++ {
 			parts := strings.SplitN(args[i], ":", 2)
 			if len(parts) != 2 {
-				return env, resourceGroupMapping, fall, c.Errf("invalid resource group/zone: %q", args[i])
+				return env, resourceGroupMapping, accessMap, fall, c.Errf("invalid resource group/zone: %q", args[i])
 			}
-			resourceGroup, zoneName := parts[0], parts[1]
+			resourceGroup, zoneName = parts[0], parts[1]
 			if resourceGroup == "" || zoneName == "" {
-				return env, resourceGroupMapping, fall, c.Errf("invalid resource group/zone: %q", args[i])
+				return env, resourceGroupMapping, accessMap, fall, c.Errf("invalid resource group/zone: %q", args[i])
 			}
-			if _, ok := resourceGroupSet[args[i]]; ok {
-				return env, resourceGroupMapping, fall, c.Errf("conflicting zone: %q", args[i])
+			if _, ok := resourceGroupSet[resourceGroup+zoneName]; ok {
+				return env, resourceGroupMapping, accessMap, fall, c.Errf("conflicting zone: %q", args[i])
 			}
 
-			resourceGroupSet[args[i]] = struct{}{}
+			resourceGroupSet[resourceGroup+zoneName] = struct{}{}
+			accessMap[resourceGroup+zoneName] = "public"
 			resourceGroupMapping[resourceGroup] = append(resourceGroupMapping[resourceGroup], zoneName)
 		}
+
 		for c.NextBlock() {
 			switch c.Val() {
 			case "subscription":
 				if !c.NextArg() {
-					return env, resourceGroupMapping, fall, c.ArgErr()
+					return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
 				}
 				env.Values[auth.SubscriptionID] = c.Val()
 			case "tenant":
 				if !c.NextArg() {
-					return env, resourceGroupMapping, fall, c.ArgErr()
+					return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
 				}
 				env.Values[auth.TenantID] = c.Val()
 			case "client":
 				if !c.NextArg() {
-					return env, resourceGroupMapping, fall, c.ArgErr()
+					return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
 				}
 				env.Values[auth.ClientID] = c.Val()
 			case "secret":
 				if !c.NextArg() {
-					return env, resourceGroupMapping, fall, c.ArgErr()
+					return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
 				}
 				env.Values[auth.ClientSecret] = c.Val()
 			case "environment":
 				if !c.NextArg() {
-					return env, resourceGroupMapping, fall, c.ArgErr()
+					return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
 				}
 				env.Values[auth.ClientSecret] = c.Val()
 				var err error
 				if azureEnv, err = azurerest.EnvironmentFromName(c.Val()); err != nil {
-					return env, resourceGroupMapping, fall, c.Errf("cannot set azure environment: %q", err.Error())
+					return env, resourceGroupMapping, accessMap, fall, c.Errf("cannot set azure environment: %q", err.Error())
 				}
 			case "fallthrough":
 				fall.SetZonesFromArgs(c.RemainingArgs())
+			case "access":
+				if !c.NextArg() {
+					return env, resourceGroupMapping, accessMap, fall, c.ArgErr()
+				}
+				access = c.Val()
+				if access != "public" && access != "private" {
+					return env, resourceGroupMapping, accessMap, fall, c.Errf("invalid access value: can be public/private, found: %s", access)
+				}
+				accessMap[resourceGroup+zoneName] = access
 			default:
-				return env, resourceGroupMapping, fall, c.Errf("unknown property: %q", c.Val())
+				return env, resourceGroupMapping, accessMap, fall, c.Errf("unknown property: %q", c.Val())
 			}
 		}
 	}
 
 	env.Values[auth.Resource] = azureEnv.ResourceManagerEndpoint
 	env.Environment = azureEnv
-
-	return env, resourceGroupMapping, fall, nil
+	return env, resourceGroupMapping, accessMap, fall, nil
 }
author	Darshan Chaudhary <deathbullet@gmail.com>	2020-03-11 00:52:23 +0530
committer	GitHub <noreply@github.com>	2020-03-10 15:22:23 -0400
commit	085826776f48fe603c700313273fede6e086cd76 (patch)
tree	ad5d6218236c570c773a870b97d7cdf028ec3b2d /plugin/azure/setup.go
parent	3c19f9f18170dd7ac2dbe2f0e7710e0883cef901 (diff)
download	coredns-085826776f48fe603c700313273fede6e086cd76.tar.gz coredns-085826776f48fe603c700313273fede6e086cd76.tar.zst coredns-085826776f48fe603c700313273fede6e086cd76.zip