POWERDNS: Map dnscontrol Tags to powerdns Variants (#3803)

Co-authored-by: Peter Feigl <peter.feigl@nexoid.at>
Co-authored-by: Tom Limoncelli <6293917+tlimoncelli@users.noreply.github.com>

Author: 3 people

documentation/provider/powerdns.md

@@ -63,6 +63,11 @@ D("example.com", REG_NONE, DnsProvider(DSP_POWERDNS),
 ## Activation
 See the [PowerDNS documentation](https://doc.powerdns.com/authoritative/http-api/index.html) how the API can be enabled.
 
+## Tags and Variants
+If you use a dnscontrol *tag* (like `example.com!internal`) it will be mapped to a powerdns *variant* (like `example.com..internal`).
+
+See [PowerDNS documentation on Views](https://doc.powerdns.com/authoritative/views.html) for details on how to setup networks and views for these variants.
+
 ## Caveats
 
 ### SOA Records

providers/powerdns/diff.go

@@ -58,20 +58,22 @@ func (dsp *powerdnsProvider) getDiff2DomainCorrections(dc *models.DomainConfig,
 		}
 	}
 
+	domainVariant := GetVariantName(dc.Name, dc.Metadata[models.DomainTag])
+
 	// only append a Correction if there are any, otherwise causes an error when sending an empty rrset
 	if len(rrDeleteSets) > 0 {
 		corrections = append(corrections, &models.Correction{
 			Msg: strings.Join(deleteMsgs, "\n"),
 			F: func() error {
-				return dsp.client.Zones().RemoveRecordSetsFromZone(context.Background(), dsp.ServerName, canonical(dc.Name), rrDeleteSets)
+				return dsp.client.Zones().RemoveRecordSetsFromZone(context.Background(), dsp.ServerName, domainVariant, rrDeleteSets)
 			},
 		})
 	}
 	if len(rrChangeSets) > 0 {
 		corrections = append(corrections, &models.Correction{
 			Msg: strings.Join(changeMsgs, "\n"),
 			F: func() error {
-				return dsp.client.Zones().AddRecordSetsToZone(context.Background(), dsp.ServerName, canonical(dc.Name), rrChangeSets)
+				return dsp.client.Zones().AddRecordSetsToZone(context.Background(), dsp.ServerName, domainVariant, rrChangeSets)
 			},
 		})
 	}
@@ -98,3 +100,14 @@ func buildRecordList(change diff2.Change) (records []zones.Record) {
 func canonical(fqdn string) string {
 	return fqdn + "."
 }
+
+// Build the variant name for powerdns. this is the domain + "." + the tag
+// so dnscontrol "example.com!internal" becomes powerdns "example.com..internal"
+// See https://doc.powerdns.com/authoritative/views.html
+func GetVariantName(domain string, tag string) string {
+	if tag != "" {
+		return canonical(domain) + "." + tag
+	} else {
+		return canonical(domain)
+	}
+}

providers/powerdns/dns.go

@@ -21,7 +21,8 @@ func (dsp *powerdnsProvider) GetNameservers(string) ([]*models.Nameserver, error
 // GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
 func (dsp *powerdnsProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
 	curRecords := models.Records{}
-	zone, err := dsp.client.Zones().GetZone(context.Background(), dsp.ServerName, canonical(domain))
+	domainVariant := GetVariantName(domain, meta[models.DomainTag])
+	zone, err := dsp.client.Zones().GetZone(context.Background(), dsp.ServerName, domainVariant)
 	if err != nil {
 		if _, ok := err.(pdnshttp.ErrNotFound); ok {
 			// Zone is not found, but everything else is okay so return no records

providers/powerdns/dnssec.go

@@ -10,7 +10,8 @@ import (
 
 // getDNSSECCorrections returns corrections that update a domain's DNSSEC state.
 func (dsp *powerdnsProvider) getDNSSECCorrections(dc *models.DomainConfig) ([]*models.Correction, error) {
-	zoneCryptokeys, getErr := dsp.client.Cryptokeys().ListCryptokeys(context.Background(), dsp.ServerName, dc.Name)
+	domainVariant := GetVariantName(dc.Name, dc.Metadata[models.DomainTag])
+	zoneCryptokeys, getErr := dsp.client.Cryptokeys().ListCryptokeys(context.Background(), dsp.ServerName, domainVariant)
 	if getErr != nil {
 		if _, ok := getErr.(pdnshttp.ErrNotFound); ok {
 			// Zone doesn't exist, this is okay as no corrections are needed