Only manage the actual DNS entry named by the `dns-name` argument.

The original version of this program (written for another project) laid claim to the entire subtree under the target DNS name, as part of a broader feature of adding both per-instance hostnames and a per-ASG hostname with multiple records. This program doesn't do that; however, I forgot to remove this behaviour when porting the code.

This was caught in production, of course, though without any damage. An attempt to manage `grimoire.ca` failed because the AWS identity it ran under didn't have permission to do anything other than modify A and AAAA records.

1 files changed, 9 insertions, 7 deletions

diff --git a/src/route53.rs b/src/route53.rs
index 22e4126..67bccb5 100644
--- a/src/route53.rs
+++ b/src/route53.rs
@@ -66,16 +66,16 @@ where
 }
 
 pub async fn zone_suffix_recordsets<C>(
-    dns_suffix: &Name,
-    zone_id: &str,
     aws_context: &C,
+    zone_id: &str,
+    dns_name: &Name,
 ) -> Result<HashSet<Hashable<ResourceRecordSet>>>
 where
     C: Route53,
 {
     let mut suffix_records = HashSet::new();
 
-    let mut next_record_name = Some(dns_suffix.to_ascii());
+    let mut next_record_name = Some(dns_name.to_ascii());
     let mut next_record_type = None;
     let mut next_record_identifier = None;
 
@@ -97,13 +97,15 @@ where
                 zone_id
             ))?;
             let recordset_name = Name::from_str(recordset_name)?;
-            let recordset_names = suffixes(recordset_name);
-
-            if !recordset_names.iter().any(|name| name == dns_suffix) {
+            if &recordset_name != dns_name {
                 break;
             }
 
-            suffix_records.insert(recordset.clone().into());
+            if let Some(rr_type) = recordset.r#type() {
+                if [RrType::A, RrType::Aaaa].contains(rr_type) {
+                    suffix_records.insert(recordset.clone().into());
+                }
+            }
         }
 
         if records_resp.is_truncated() {