4646 working-directory : ./external-dns
4747
4848 - name : Configure devstack
49+ working-directory : ./devstack
50+ shell : bash
4951 run : |
50- cat <<EOF > local.conf
52+ cat <<EOF | tee local.conf
5153 [[local|localrc]]
5254 ADMIN_PASSWORD=secret
5355 DATABASE_PASSWORD=root
6365 enable_plugin designate https://opendev.org/openstack/designate stable/2024.2
6466 enable_service designate,designate-central,designate-api,designate-zone-manager,designate-mdns,designate-worker,designate-producer
6567 EOF
66- working-directory : ./devstack
67- shell : bash
6868
6969name : Run stack.sh
7070 run : ./stack.sh
@@ -79,20 +79,87 @@ jobs:
7979 - name : Create zones example.com
8080 run : |
8181 openstack zone create --email admin@example.com example.com.
82+ openstack zone create --email admin@example.com ishallnotbeusedbywebhook.test.
8283
8384name : Wait for zone creation
8485 run : |
8586 while [ "$(openstack zone list -f csv | grep PENDING)" != "" ]; do date; openstack zone list -f value; sleep 1; done
8687
88+ name : Create application credential with access rules and write clouds.yaml for external-dns-openstack-webhook
89+ shell : bash
90+ working-directory : ./build/bin/
91+ run : |
92+ # https://docs.openstack.org/python-openstackclient/latest/cli/authentication.html
93+ ZONE_ID_EXAMPLE_COM=$(openstack zone list --name example.com. -f value -c id)
94+
95+ cat <<EOF | tee openstack-access-rules.json
96+ [
97+ {
98+ "method": "GET",
99+ "path": "/v2/zones",
100+ "service": "dns"
101+ },
102+ {
103+ "method": "GET",
104+ "path": "/v2/zones/${ZONE_ID_EXAMPLE_COM}",
105+ "service": "dns"
106+ },
107+ {
108+ "method": "GET",
109+ "path": "/v2/zones/${ZONE_ID_EXAMPLE_COM}/recordsets",
110+ "service": "dns"
111+ },
112+ {
113+ "method": "GET",
114+ "path": "/v2/zones/${ZONE_ID_EXAMPLE_COM}/recordsets/*",
115+ "service": "dns"
116+ },
117+ {
118+ "method": "POST",
119+ "path": "/v2/zones/${ZONE_ID_EXAMPLE_COM}/recordsets",
120+ "service": "dns"
121+ },
122+ {
123+ "method": "PUT",
124+ "path": "/v2/zones/${ZONE_ID_EXAMPLE_COM}/recordsets/*",
125+ "service": "dns"
126+ },
127+ {
128+ "method": "DELETE",
129+ "path": "/v2/zones/${ZONE_ID_EXAMPLE_COM}/recordsets/*",
130+ "service": "dns"
131+ }
132+ ]
133+ EOF
134+
135+ readarray -t lines <<< $(openstack application credential create external-dns-webhook --access-rules openstack-access-rules.json -f value -c id -c secret)
136+ APP_CRED_ID=${lines[0]}
137+ APP_CRED_SECRET=${lines[1]}
138+
139+ cat <<EOF | tee clouds.yaml
140+ clouds:
141+ external-dns-webhook:
142+ auth:
143+ auth_url: http://127.0.0.1/identity
144+ application_credential_id: ${APP_CRED_ID}
145+ application_credential_secret: ${APP_CRED_SECRET}
146+ auth_type: v3applicationcredential
147+ EOF
148+
87149name : Start external-dns-openstack-webhook in background
150+ working-directory : ./build/bin/
88151 run : |
89- ./build/bin/external-dns-openstack-webhook >/tmp/external-dns-openstack-webhook.log 2>&1 &
152+ echo "This is the clouds.yaml used by the webhook ..."
153+ cat clouds.yaml
154+ echo "Starting webhook now ..."
155+ OS_CLOUD=external-dns-webhook ./external-dns-openstack-webhook >/tmp/external-dns-openstack-webhook.log 2>&1 &
90156
91157name : Run external-dns
92- run : ./build/external-dns --txt-owner-id my-cluster-id --provider webhook --source fake --log-level=debug --once 2>&1
93158 working-directory : ./external-dns
159+ run : ./build/external-dns --domain-filter example.com. --txt-owner-id my-cluster-id --provider webhook --source fake --log-level=debug --once 2>&1
94160
95161 - name : Show /tmp/external-dns-openstack-webhook.log
162+ if : success() || failure() # we want to see the logs of the webhook especially when things dont work
96163 run : cat /tmp/external-dns-openstack-webhook.log
97164
98165 - name : Wait for PENDING
0 commit comments