From cfb0e6d85381ed805ec02969b255322a138c790b Mon Sep 17 00:00:00 2001 From: Owen Jacobson Date: Tue, 31 Oct 2023 22:34:22 -0400 Subject: Only manage the actual DNS entry named by the `dns-name` argument. The original version of this program (written for another project) laid claim to the entire subtree under the target DNS name, as part of a broader feature of adding both per-instance hostnames and a per-ASG hostname with multiple records. This program doesn't do that; however, I forgot to remove this behaviour when porting the code. This was caught in production, of course, though without any damage. An attempt to manage `grimoire.ca` failed because the AWS identity it ran under didn't have permission to do anything other than modify A and AAAA records. --- src/route53.rs | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'src/route53.rs') diff --git a/src/route53.rs b/src/route53.rs index 22e4126..67bccb5 100644 --- a/src/route53.rs +++ b/src/route53.rs @@ -66,16 +66,16 @@ where } pub async fn zone_suffix_recordsets( - dns_suffix: &Name, - zone_id: &str, aws_context: &C, + zone_id: &str, + dns_name: &Name, ) -> Result>> where C: Route53, { let mut suffix_records = HashSet::new(); - let mut next_record_name = Some(dns_suffix.to_ascii()); + let mut next_record_name = Some(dns_name.to_ascii()); let mut next_record_type = None; let mut next_record_identifier = None; @@ -97,13 +97,15 @@ where zone_id ))?; let recordset_name = Name::from_str(recordset_name)?; - let recordset_names = suffixes(recordset_name); - - if !recordset_names.iter().any(|name| name == dns_suffix) { + if &recordset_name != dns_name { break; } - suffix_records.insert(recordset.clone().into()); + if let Some(rr_type) = recordset.r#type() { + if [RrType::A, RrType::Aaaa].contains(rr_type) { + suffix_records.insert(recordset.clone().into()); + } + } } if records_resp.is_truncated() { -- cgit v1.2.3