|
18 | 18 | "pending", # Assume this is ok. It'll be picked up on next iteration if it's not |
19 | 19 | } |
20 | 20 |
|
| 21 | +ALLOWED_CNAME_TARGETS = [ |
| 22 | + re.compile(t) for t in os.environ.get("ALLOWED_CNAME_TARGETS", "").split(",") |
| 23 | +] |
| 24 | + |
21 | 25 |
|
22 | 26 | def get_cloudflare_list(api, *args, params=None): |
23 | 27 | """ |
@@ -59,6 +63,13 @@ def record_exists(record: str) -> bool: |
59 | 63 | return True |
60 | 64 |
|
61 | 65 |
|
| 66 | +def is_allowed_cname_target(record: str) -> bool: |
| 67 | + """ |
| 68 | + Is the record an allowed target |
| 69 | + """ |
| 70 | + return any(target.match(record) for target in ALLOWED_CNAME_TARGETS) |
| 71 | + |
| 72 | + |
62 | 73 | def main(): |
63 | 74 | load_dotenv() |
64 | 75 |
|
@@ -132,10 +143,13 @@ def do_create(cf, heroku, matcher, heroku_teams): |
132 | 143 | logging.info("%s: domain not set", app.name) |
133 | 144 | cf.zones.dns_records.post(cf_zone["id"], data=cf_record_data) |
134 | 145 | elif existing_record["content"] != cname: |
135 | | - logging.warning("%s: incorrect record value", app.name) |
136 | | - cf.zones.dns_records.patch( |
137 | | - cf_zone["id"], existing_record["id"], data=cf_record_data |
138 | | - ) |
| 146 | + if is_allowed_cname_target(existing_record["content"]): |
| 147 | + logging.info("%s: record is different, but an allowed value", app.name) |
| 148 | + else: |
| 149 | + logging.warning("%s: incorrect record value", app.name) |
| 150 | + cf.zones.dns_records.patch( |
| 151 | + cf_zone["id"], existing_record["id"], data=cf_record_data |
| 152 | + ) |
139 | 153 |
|
140 | 154 | # Enable ACM if not already, so certs can be issued |
141 | 155 | has_acm = any(d.acm_status for d in app_domains.values()) |
|
0 commit comments