From cfb0e6d85381ed805ec02969b255322a138c790b Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 31 Oct 2023 22:34:22 -0400
Subject: Only manage the actual DNS entry named by the `dns-name` argument.

The original version of this program (written for another project) laid claim to the entire subtree under the target DNS name, as part of a broader feature of adding both per-instance hostnames and a per-ASG hostname with multiple records. This program doesn't do that; however, I forgot to remove this behaviour when porting the code.

This was caught in production, of course, though without any damage. An attempt to manage `grimoire.ca` failed because the AWS identity it ran under didn't have permission to do anything other than modify A and AAAA records.
---
 src/converge.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/converge.rs')

diff --git a/src/converge.rs b/src/converge.rs
index 073e9e6..a858347 100644
--- a/src/converge.rs
+++ b/src/converge.rs
@@ -47,7 +47,7 @@ where
             &live_instance_ids,
             aws_context
         ),
-        zone_suffix_recordsets(dns_name, zone_id, aws_context),
+        zone_suffix_recordsets(aws_context, zone_id, dns_name),
     )?;
 
     let remove_records = actual_records.difference(&intended_records);
-- 
cgit v1.2.3