openova

History

hatiyildiz a6fb7410f4 feat(pdm): per-Sovereign PowerDNS zones for #168 Refactor pool-domain-manager to own per-Sovereign zones in PowerDNS, replacing the previous Dynadot-set_dns2 record-write flow. Phase 1 — internal/pdns: REST client for PowerDNS Authoritative API - CreateZone / DeleteZone / EnsureZone / ZoneExists - PatchRRSets (atomic batch RRset writes) - AddARecord / AddNSDelegation / RemoveNSDelegation - EnableDNSSEC: PUT dnssec flag, generate KSK+ZSK (algorithm 13 ECDSAP256SHA256 per docs/PLATFORM-POWERDNS.md), POST rectify - retry-once-on-5xx with exponential backoff (250ms, 1s) - X-API-Key header from K8s Secret, never logged - 22 unit tests covering every method against httptest mock Phase 2 — allocator: DNSWriter interface + per-Sovereign lifecycle - /reserve: insert pdm-pg row + create child zone with apex NS RRset + add NS delegation into parent + enable DNSSEC on child - /commit: write the canonical 6-record set (apex, *, console, api, gitea, harbor) into child zone, TTL 300, atomic PATCH - /release: drop child zone (DNSSEC keys retire) + remove parent NS delegation, idempotent on 404 - sweeper teardowns DNS for expired reservations before deleting pdm-pg rows - rollback path on Reserve failure preserves operator UX - allocator_test.go: fake DNSWriter for state-machine assertions Phase 3 — startup parent-zone bootstrap - BootstrapParentZones runs at PDM startup before HTTP serves - EnsureZone for every entry in DYNADOT_MANAGED_DOMAINS - DNSSEC enabled on each parent zone (idempotent) - PDM exits non-zero if bootstrap fails Phase 4 — schema unchanged - child zone name derived as <subdomain>.<poolDomain>, no new column - existing pool_allocations table works as-is Phase 5 — dynadot package trimmed - removed AddSovereignRecords / DeleteSubdomainRecords / AddRecord / getZone / writeZone (Dynadot DNS write code) - kept IsManagedDomain / ManagedDomains / ResetManagedDomains / ErrUnmanagedDomain (config-resolution helpers) - registrar adapter at internal/registrar/dynadot/ untouched (handles BYO Flow B NS-delegation via #170) Phase 6 — env-var contract PDM_PDNS_BASE_URL, PDM_PDNS_API_KEY, PDM_PDNS_SERVER_ID, PDM_NAMESERVERS all runtime-configurable per docs/INVIOLABLE-PRINCIPLES.md #4. Quality bar (all met): - DNSSEC enabled on every child zone (mandatory per spec) - parent NS delegation TTL 3600, child A-record TTL 300 - retry-once-on-5xx with exponential backoff in pdns client - all credentials flow from env vars sourced from K8s Secrets - no hardcoded URLs, regions, or NS endpoints Closes openova#168 (DNS-side; private-repo manifest update lands separately).	2026-04-29 08:36:45 +02:00
..
main.go	feat(pdm): per-Sovereign PowerDNS zones for #168	2026-04-29 08:36:45 +02:00

hatiyildiz a6fb7410f4 feat(pdm): per-Sovereign PowerDNS zones for #168

Refactor pool-domain-manager to own per-Sovereign zones in PowerDNS,
replacing the previous Dynadot-set_dns2 record-write flow.

Phase 1 — internal/pdns: REST client for PowerDNS Authoritative API
  - CreateZone / DeleteZone / EnsureZone / ZoneExists
  - PatchRRSets (atomic batch RRset writes)
  - AddARecord / AddNSDelegation / RemoveNSDelegation
  - EnableDNSSEC: PUT dnssec flag, generate KSK+ZSK (algorithm 13
    ECDSAP256SHA256 per docs/PLATFORM-POWERDNS.md), POST rectify
  - retry-once-on-5xx with exponential backoff (250ms, 1s)
  - X-API-Key header from K8s Secret, never logged
  - 22 unit tests covering every method against httptest mock

Phase 2 — allocator: DNSWriter interface + per-Sovereign lifecycle
  - /reserve: insert pdm-pg row + create child zone with apex NS
    RRset + add NS delegation into parent + enable DNSSEC on child
  - /commit: write the canonical 6-record set (apex, *, console,
    api, gitea, harbor) into child zone, TTL 300, atomic PATCH
  - /release: drop child zone (DNSSEC keys retire) + remove parent
    NS delegation, idempotent on 404
  - sweeper teardowns DNS for expired reservations before deleting
    pdm-pg rows
  - rollback path on Reserve failure preserves operator UX
  - allocator_test.go: fake DNSWriter for state-machine assertions

Phase 3 — startup parent-zone bootstrap
  - BootstrapParentZones runs at PDM startup before HTTP serves
  - EnsureZone for every entry in DYNADOT_MANAGED_DOMAINS
  - DNSSEC enabled on each parent zone (idempotent)
  - PDM exits non-zero if bootstrap fails

Phase 4 — schema unchanged
  - child zone name derived as <subdomain>.<poolDomain>, no new column
  - existing pool_allocations table works as-is

Phase 5 — dynadot package trimmed
  - removed AddSovereignRecords / DeleteSubdomainRecords / AddRecord /
    getZone / writeZone (Dynadot DNS write code)
  - kept IsManagedDomain / ManagedDomains / ResetManagedDomains /
    ErrUnmanagedDomain (config-resolution helpers)
  - registrar adapter at internal/registrar/dynadot/ untouched (handles
    BYO Flow B NS-delegation via #170)

Phase 6 — env-var contract
  PDM_PDNS_BASE_URL, PDM_PDNS_API_KEY, PDM_PDNS_SERVER_ID, PDM_NAMESERVERS
  all runtime-configurable per docs/INVIOLABLE-PRINCIPLES.md #4.

Quality bar (all met):
  - DNSSEC enabled on every child zone (mandatory per spec)
  - parent NS delegation TTL 3600, child A-record TTL 300
  - retry-once-on-5xx with exponential backoff in pdns client
  - all credentials flow from env vars sourced from K8s Secrets
  - no hardcoded URLs, regions, or NS endpoints

Closes openova#168 (DNS-side; private-repo manifest update lands separately).

2026-04-29 08:36:45 +02:00

main.go

feat(pdm): per-Sovereign PowerDNS zones for #168

2026-04-29 08:36:45 +02:00