Don't publish duplicate DNS records

Before attempting to publish a domain to a zone, check if that domain is
already being published to the same zone.

Author: rfredette

pkg/operator/controller/dns/controller.go

@@ -62,6 +62,8 @@ const (
 	kubeCloudConfigName = "kube-cloud-config"
 	// cloudCABundleKey is the key in the kube cloud config ConfigMap where the custom CA bundle is located
 	cloudCABundleKey = "ca-bundle.pem"
+	// dnsRecordIndexFieldName is the key for the DNSRecord index, used to identify conflicting domain names.
+	dnsRecordIndexFieldName = "Spec.DNSName"
 )
 
 var log = logf.Logger.WithName(controllerName)
@@ -102,6 +104,12 @@ func New(mgr manager.Manager, config Config) (runtimecontroller.Controller, erro
 	})); err != nil {
 		return nil, err
 	}
+	if err := operatorCache.IndexField(context.Background(), &iov1.DNSRecord{}, dnsRecordIndexFieldName, func(o client.Object) []string {
+		dnsRecord := o.(*iov1.DNSRecord)
+		return []string{dnsRecord.Spec.DNSName}
+	}); err != nil {
+		return nil, err
+	}
 	return c, nil
 }
 
@@ -341,8 +349,9 @@ func (r *reconciler) publishRecordToZones(zones []configv1.DNSZone, record *iov1
 
 		var err error
 		var condition iov1.DNSZoneCondition
+		var isDomainPublished bool
 		if dnsPolicy == iov1.UnmanagedDNS {
-			log.Info("DNS record not published", "record", record.Spec)
+			log.Info("DNS record not published: DNS management policy is unmanaged", "record", record.Spec)
 			condition = iov1.DNSZoneCondition{
 				Message:            "DNS record is currently not being managed by the operator",
 				Reason:             "UnmanagedDNS",
@@ -352,6 +361,24 @@ func (r *reconciler) publishRecordToZones(zones []configv1.DNSZone, record *iov1
 			}
 		} else if isRecordPublished {
 			condition, err = r.replacePublishedRecord(zones[i], record)
+		} else if isDomainPublished, err = domainIsAlreadyPublishedInZone(context.Background(), r.cache, record, &zones[i]); err != nil {
+			log.Error(err, "failed to validate DNS record", "record", record.Spec)
+			condition = iov1.DNSZoneCondition{
+				Message:            "Pre-publish validation failed",
+				Reason:             "InternalError",
+				Status:             string(operatorv1.ConditionUnknown),
+				Type:               iov1.DNSRecordPublishedConditionType,
+				LastTransitionTime: metav1.Now(),
+			}
+		} else if isDomainPublished {
+			log.Info("DNS record not published: domain name already used by another DNS record", "record", record.Spec)
+			condition = iov1.DNSZoneCondition{
+				Message:            "Domain name is already in use",
+				Reason:             "DomainAlreadyInUse",
+				Status:             string(operatorv1.ConditionUnknown),
+				Type:               iov1.DNSRecordPublishedConditionType,
+				LastTransitionTime: metav1.Now(),
+			}
 		} else {
 			condition, err = r.publishRecord(zones[i], record)
 		}
@@ -846,3 +873,32 @@ func getIbmDNSProvider(dnsConfig *configv1.DNS, creds *corev1.Secret, instanceCR
 		return provider, nil
 	}
 }
+
+// domainIsAlreadyPublishedInZone returns true if the domain name in the provided DNSRecord is already published by
+// another existing dnsRecord.
+func domainIsAlreadyPublishedInZone(ctx context.Context, cache cache.Cache, record *iov1.DNSRecord, zone *configv1.DNSZone) (bool, error) {
+	records := iov1.DNSRecordList{}
+	if err := cache.List(ctx, &records, client.MatchingFields{dnsRecordIndexFieldName: record.Spec.DNSName}); err != nil {
+		return false, err
+	}
+
+	if len(records.Items) == 0 {
+		return false, nil
+	}
+
+	for _, existingRecord := range records.Items {
+		// we only care if the domain name is published by a different record, so ignore the matching record if it
+		// already exists.
+		// TODO: There's got to be a better way to match the same object
+		if (record.Name == existingRecord.Name) && (record.Namespace == existingRecord.Namespace) {
+			continue
+		}
+		if record.Spec.DNSName != existingRecord.Spec.DNSName {
+			continue
+		}
+		if recordIsAlreadyPublishedToZone(record, zone) {
+			return true, nil
+		}
+	}
+	return false, nil
+}