RubyGems - zonesync - Versions diffs - 0.9.0 → 0.11.0 - Mend

zonesync 0.9.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

checksums.yaml +4 -4
data/CLAUDE.md +90 -0
data/Gemfile +1 -0
data/lib/zonesync/cli.rb +9 -0
data/lib/zonesync/cloudflare.rb +64 -39
data/lib/zonesync/diff.rb +10 -1
data/lib/zonesync/errors.rb +35 -0
data/lib/zonesync/generate.rb +14 -0
data/lib/zonesync/http.rb +24 -8
data/lib/zonesync/logger.rb +20 -15
data/lib/zonesync/manifest.rb +68 -21
data/lib/zonesync/parser.rb +337 -0
data/lib/zonesync/provider.rb +105 -26
data/lib/zonesync/record.rb +18 -23
data/lib/zonesync/record_hash.rb +15 -0
data/lib/zonesync/route53.rb +146 -28
data/lib/zonesync/sync.rb +51 -0
data/lib/zonesync/validator.rb +77 -19
data/lib/zonesync/version.rb +1 -1
data/lib/zonesync/zonefile.rb +22 -311
data/lib/zonesync.rb +28 -60
data/sorbet/config +4 -0
data/sorbet/rbi/annotations/.gitattributes +1 -0
data/sorbet/rbi/annotations/activesupport.rbi +457 -0
data/sorbet/rbi/annotations/minitest.rbi +119 -0
data/sorbet/rbi/annotations/webmock.rbi +9 -0
data/sorbet/rbi/gems/.gitattributes +1 -0
data/sorbet/rbi/gems/activesupport@8.0.1.rbi +18474 -0
data/sorbet/rbi/gems/addressable@2.8.7.rbi +1994 -0
data/sorbet/rbi/gems/base64@0.2.0.rbi +507 -0
data/sorbet/rbi/gems/benchmark@0.4.0.rbi +618 -0
data/sorbet/rbi/gems/bigdecimal@3.1.9.rbi +9 -0
data/sorbet/rbi/gems/concurrent-ruby@1.3.4.rbi +11645 -0
data/sorbet/rbi/gems/connection_pool@2.4.1.rbi +9 -0
data/sorbet/rbi/gems/crack@1.0.0.rbi +145 -0
data/sorbet/rbi/gems/date@3.4.1.rbi +75 -0
data/sorbet/rbi/gems/diff-lcs@1.5.1.rbi +1131 -0
data/sorbet/rbi/gems/drb@2.2.1.rbi +1347 -0
data/sorbet/rbi/gems/erubi@1.13.1.rbi +155 -0
data/sorbet/rbi/gems/hashdiff@1.1.2.rbi +353 -0
data/sorbet/rbi/gems/i18n@1.14.6.rbi +2275 -0
data/sorbet/rbi/gems/io-console@0.8.0.rbi +9 -0
data/sorbet/rbi/gems/logger@1.6.4.rbi +940 -0
data/sorbet/rbi/gems/minitest@5.25.4.rbi +1547 -0
data/sorbet/rbi/gems/netrc@0.11.0.rbi +159 -0
data/sorbet/rbi/gems/parallel@1.26.3.rbi +291 -0
data/sorbet/rbi/gems/polyglot@0.3.5.rbi +42 -0
data/sorbet/rbi/gems/prism@1.3.0.rbi +40040 -0
data/sorbet/rbi/gems/psych@5.2.2.rbi +1785 -0
data/sorbet/rbi/gems/public_suffix@6.0.1.rbi +936 -0
data/sorbet/rbi/gems/rake@13.2.1.rbi +3028 -0
data/sorbet/rbi/gems/rbi@0.2.2.rbi +4527 -0
data/sorbet/rbi/gems/rdoc@6.10.0.rbi +12766 -0
data/sorbet/rbi/gems/reline@0.6.0.rbi +9 -0
data/sorbet/rbi/gems/rexml@3.4.0.rbi +4974 -0
data/sorbet/rbi/gems/rspec-core@3.13.2.rbi +10896 -0
data/sorbet/rbi/gems/rspec-expectations@3.13.3.rbi +8183 -0
data/sorbet/rbi/gems/rspec-mocks@3.13.2.rbi +5341 -0
data/sorbet/rbi/gems/rspec-support@3.13.2.rbi +1630 -0
data/sorbet/rbi/gems/rspec@3.13.0.rbi +83 -0
data/sorbet/rbi/gems/securerandom@0.4.1.rbi +75 -0
data/sorbet/rbi/gems/spoom@1.5.0.rbi +4932 -0
data/sorbet/rbi/gems/stringio@3.1.2.rbi +9 -0
data/sorbet/rbi/gems/tapioca@0.16.6.rbi +3611 -0
data/sorbet/rbi/gems/thor@1.3.2.rbi +4378 -0
data/sorbet/rbi/gems/treetop@1.6.12.rbi +1895 -0
data/sorbet/rbi/gems/tzinfo@2.0.6.rbi +5918 -0
data/sorbet/rbi/gems/uri@1.0.2.rbi +2340 -0
data/sorbet/rbi/gems/webmock@3.24.0.rbi +1780 -0
data/sorbet/rbi/gems/yard-sorbet@0.9.0.rbi +435 -0
data/sorbet/rbi/gems/yard@0.9.37.rbi +18379 -0
data/sorbet/rbi/todo.rbi +7 -0
data/sorbet/tapioca/config.yml +13 -0
data/sorbet/tapioca/require.rb +4 -0
data/zonesync.gemspec +3 -0
metadata +102 -2

data/lib/zonesync/record.rb CHANGED Viewed

@@ -1,32 +1,22 @@
+# typed: strict
+require "sorbet-runtime"
 module Zonesync
-  class Record < Struct.new(:name, :type, :ttl, :rdata, :comment, keyword_init: true)
-    def self.from_dns_zonefile_record record
-      type = record.class.name.split("::").last
-      rdata = case type
-      when "SOA"
-        def record.host = origin
-        "" # it just gets ignored anyways
-      when "A", "AAAA"
-        record.address
-      when "CNAME", "NS", "PTR"
-        record.domainname
-      when "MX"
-        "#{record.priority} #{record.domainname}"
-      when "TXT", "SPF", "NAPTR"
-        record.data
-      else
-        raise NotImplementedError.new(record.class).to_s
-      end
+  Record = Struct.new(:name, :type, :ttl, :rdata, :comment, keyword_init: true) do
+    extend T::Sig
+    sig { params(record: Zonesync::Parser::Record).returns(Record) }
+    def self.from_dns_zonefile_record record
       new(
         name: record.host,
-        type:,
+        type: record.type,
         ttl: record.ttl,
-        rdata:,
+        rdata: record.rdata,
         comment: record.comment,
       )
     end
+    sig { params(origin: String).returns(String) }
     def short_name origin
       ret = name.sub(origin, "")
       ret = ret.sub(/\.$/, "")
@@ -34,25 +24,30 @@ module Zonesync
       ret
     end
+    sig { returns(T::Boolean) }
     def manifest?
       type == "TXT" &&
-        name =~ /^zonesync_manifest\./
+        name.match?(/^zonesync_manifest\./)
     end
+    sig { returns(T::Boolean) }
     def checksum?
       type == "TXT" &&
-        name =~ /^zonesync_checksum\./
+        name.match?(/^zonesync_checksum\./)
     end
+    sig { params(other: Record).returns(Integer) }
     def <=> other
       to_sortable <=> other.to_sortable
     end
+    sig { returns([Integer, String, String, String, Integer]) }
     def to_sortable
       is_soa = type == "SOA" ? 0 : 1
-      [is_soa, type, name, rdata, ttl]
+      [is_soa, type, name, rdata, ttl.to_i]
     end
+    sig { returns(String) }
     def to_s
       string = [name, ttl, type, rdata].join(" ")
       string << " ; #{comment}" if comment

data/lib/zonesync/record_hash.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# typed: strict
+require "sorbet-runtime"
+require "zlib"
+module Zonesync
+  module RecordHash
+    extend T::Sig
+    sig { params(record: Record).returns(String) }
+    def self.generate(record)
+      identity = "#{record.name}:#{record.type}:#{record.ttl}:#{record.rdata}"
+      Zlib.crc32(identity).to_s(36)
+    end
+  end
+end

data/lib/zonesync/route53.rb CHANGED Viewed

@@ -1,34 +1,121 @@
+# typed: strict
+require "sorbet-runtime"
 require "zonesync/record"
 require "zonesync/http"
 require "rexml/document"
+require "erb"
 module Zonesync
   class Route53 < Provider
+    sig { returns(String) }
     def read
-      doc = REXML::Document.new(http.get(nil))
-      records = doc.elements.collect("*/ResourceRecordSets/ResourceRecordSet") do |record_set|
-        to_records(record_set)
-      end.flatten.sort
-      records.map(&:to_s).join("\n") + "\n"
+      @read = T.let(@read, T.nilable(String))
+      @read ||= begin
+        doc = REXML::Document.new(http.get(""))
+        records = doc.elements.collect("*/ResourceRecordSets/ResourceRecordSet") do |record_set|
+          to_records(record_set)
+        end.flatten.sort
+        records.map(&:to_s).join("\n") + "\n"
+      end
     end
+    sig { params(record: Record).void }
     def remove(record)
-      change_record("DELETE", record)
+      if record.type == "TXT"
+        # Route53 requires all TXT records with the same name to be managed together
+        existing_txt_records = records.select do |r|
+          r.name == record.name && r.type == "TXT"
+        end
+        if existing_txt_records.length == 1
+          # Only one TXT record, delete it normally
+          change_record("DELETE", record)
+        else
+          # Multiple TXT records - delete all, then recreate without the removed one
+          remaining_txt_records = existing_txt_records.reject { |r| r == record }
+          # Use change_records to handle both DELETE and CREATE in one request
+          grouped = [
+            [existing_txt_records, "DELETE"],
+            [remaining_txt_records, "CREATE"]
+          ]
+          http.post("", ERB.new(<<~XML, trim_mode: "-").result(binding))
+            <?xml version="1.0" encoding="UTF-8"?>
+            <ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/">
+              <ChangeBatch>
+                <Changes>
+                  <%- grouped.each do |records_list, action| -%>
+                  <%- records_grouped = records_list.group_by { |r| [r.name, r.type, r.ttl] } -%>
+                  <%- records_grouped.each do |(name, type, ttl), group_records| -%>
+                  <Change>
+                    <Action><%= action %></Action>
+                    <ResourceRecordSet>
+                      <Name><%= name %></Name>
+                      <Type><%= type %></Type>
+                      <TTL><%= ttl %></TTL>
+                      <ResourceRecords>
+                        <%- group_records.each do |group_record| -%>
+                        <ResourceRecord>
+                          <Value><%= group_record.rdata %></Value>
+                        </ResourceRecord>
+                        <%- end -%>
+                      </ResourceRecords>
+                    </ResourceRecordSet>
+                  </Change>
+                  <%- end -%>
+                  <%- end -%>
+                </Changes>
+              </ChangeBatch>
+            </ChangeResourceRecordSetsRequest>
+          XML
+        end
+      else
+        change_record("DELETE", record)
+      end
     end
+    sig { params(old_record: Record, new_record: Record).void }
     def change(old_record, new_record)
       remove(old_record)
       add(new_record)
     end
+    sig { params(record: Record).void }
     def add(record)
-      change_record("CREATE", record)
+      add_with_duplicate_handling(record) do
+        begin
+          if record.type == "TXT"
+            # Route53 requires all TXT records with the same name to be combined into a single record set
+            existing_txt_records = records.select do |r|
+              r.name == record.name && r.type == "TXT"
+            end
+            all_txt_records = existing_txt_records + [record]
+            # Use UPSERT if records already exist, CREATE if they don't
+            action = existing_txt_records.empty? ? "CREATE" : "UPSERT"
+            change_records(action, all_txt_records)
+          else
+            change_record("CREATE", record)
+          end
+        rescue RuntimeError => e
+          # Convert Route53-specific duplicate error to standard exception
+          if e.message.include?("RRSet already exists")
+            raise DuplicateRecordError.new(record, "Route53 duplicate record error")
+          else
+            # Re-raise other errors
+            raise
+          end
+        end
+      end
     end
     private
+    sig { params(action: String, record: Record).void }
     def change_record(action, record)
-      http.post(nil, <<~XML)
+      http.post("", <<~XML)
         <?xml version="1.0" encoding="UTF-8"?>
         <ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/">
           <ChangeBatch>
@@ -36,12 +123,12 @@ module Zonesync
               <Change>
                 <Action>#{action}</Action>
                 <ResourceRecordSet>
-                  <Name>#{record[:name]}</Name>
-                  <Type>#{record[:type]}</Type>
-                  <TTL>#{record[:ttl]}</TTL>
+                  <Name>#{record.name}</Name>
+                  <Type>#{record.type}</Type>
+                  <TTL>#{record.ttl}</TTL>
                   <ResourceRecords>
                     <ResourceRecord>
-                      <Value>#{record[:rdata]}</Value>
+                      <Value>#{record.rdata}</Value>
                     </ResourceRecord>
                   </ResourceRecords>
                 </ResourceRecordSet>
@@ -52,50 +139,80 @@ module Zonesync
       XML
     end
+    sig { params(action: String, records_list: T::Array[Record]).void }
+    def change_records(action, records_list)
+      # Group records by name and type to handle multiple values
+      grouped = records_list.group_by { |r| [r.name, r.type, r.ttl] }
+      http.post("", ERB.new(<<~XML, trim_mode: "-").result(binding))
+        <?xml version="1.0" encoding="UTF-8"?>
+        <ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/">
+          <ChangeBatch>
+            <Changes>
+              <%- grouped.each do |(name, type, ttl), records| -%>
+              <Change>
+                <Action><%= action %></Action>
+                <ResourceRecordSet>
+                  <Name><%= name %></Name>
+                  <Type><%= type %></Type>
+                  <TTL><%= ttl %></TTL>
+                  <ResourceRecords>
+                    <%- records.each do |record| -%>
+                    <ResourceRecord>
+                      <Value><%= record.rdata %></Value>
+                    </ResourceRecord>
+                    <%- end -%>
+                  </ResourceRecords>
+                </ResourceRecordSet>
+              </Change>
+              <%- end -%>
+            </Changes>
+          </ChangeBatch>
+        </ChangeResourceRecordSetsRequest>
+      XML
+    end
+    sig { params(el: REXML::Element).returns(T::Array[Record]) }
     def to_records(el)
       el.elements.collect("ResourceRecords/ResourceRecord") do |rr|
         name = normalize_trailing_period(get_value(el, "Name"))
         type = get_value(el, "Type")
+        ttl = get_value(el, "TTL")
         rdata = get_value(rr, "Value")
         record = Record.new(
           name:,
           type:,
-          ttl: get_value(el, "TTL"),
+          ttl:,
           rdata:,
           comment: nil, # Route 53 does not have a direct comment field
         )
       end
     end
+    sig { params(el: REXML::Element, field: String).returns(String) }
     def get_value el, field
       el.elements[field].text.gsub(/\\(\d{3})/) { $1.to_i(8).chr } # unescape octal
     end
-    def from_record(record)
-      {
-        Name: normalize_trailing_period(record[:name]),
-        Type: record[:type],
-        TTL: record[:ttl],
-        ResourceRecords: record[:rdata].split(",").map { |value| { Value: value } }
-      }
-    end
+    sig { params(value: String).returns(String) }
     def normalize_trailing_period(value)
       value =~ /\.$/ ? value : value + "."
     end
+    sig { returns(HTTP) }
     def http
       return @http if @http
-      @http = HTTP.new("https://route53.amazonaws.com/2013-04-01/hostedzone/#{credentials.fetch(:hosted_zone_id)}/rrset")
-      @http.before_request do |request, uri, body|
+      @http = T.let(HTTP.new("https://route53.amazonaws.com/2013-04-01/hostedzone/#{config.fetch(:hosted_zone_id)}/rrset"), T.nilable(Zonesync::HTTP))
+      T.must(@http).before_request do |request, uri, body|
         request["Content-Type"] = "application/xml"
         request["X-Amz-Date"] = Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
         request["Authorization"] = sign_request(request.method, uri, body)
       end
-      @http
+      T.must(@http)
     end
+    sig { params(method: String, uri: URI::HTTPS, body: T.nilable(String)).returns(String) }
     def sign_request(method, uri, body)
       service = "route53"
       date = Time.now.utc.strftime("%Y%m%d")
@@ -115,7 +232,7 @@ module Zonesync
       ].join("\n")
       algorithm = "AWS4-HMAC-SHA256"
-      credential_scope = "#{date}/#{credentials.fetch(:aws_region)}/#{service}/aws4_request"
+      credential_scope = "#{date}/#{config.fetch(:aws_region)}/#{service}/aws4_request"
       string_to_sign = [
         algorithm,
         amz_date,
@@ -123,12 +240,13 @@ module Zonesync
         OpenSSL::Digest::SHA256.hexdigest(canonical_request)
       ].join("\n")
-      signing_key = get_signature_key(credentials.fetch(:aws_secret_access_key), date, credentials.fetch(:aws_region), service)
+      signing_key = get_signature_key(config.fetch(:aws_secret_access_key), date, config.fetch(:aws_region), service)
       signature = OpenSSL::HMAC.hexdigest("SHA256", signing_key, string_to_sign)
-      "#{algorithm} Credential=#{credentials.fetch(:aws_access_key_id)}/#{credential_scope}, SignedHeaders=#{signed_headers}, Signature=#{signature}"
+      "#{algorithm} Credential=#{config.fetch(:aws_access_key_id)}/#{credential_scope}, SignedHeaders=#{signed_headers}, Signature=#{signature}"
     end
+    sig { params(key: String, date_stamp: String, region_name: String, service_name: String).returns(String) }
     def get_signature_key(key, date_stamp, region_name, service_name)
       k_date = OpenSSL::HMAC.digest("SHA256", "AWS4" + key, date_stamp)
       k_region = OpenSSL::HMAC.digest("SHA256", k_date, region_name)

data/lib/zonesync/sync.rb ADDED Viewed

@@ -0,0 +1,51 @@
+# typed: strict
+require "sorbet-runtime"
+require "zonesync/logger"
+module Zonesync
+  Sync = Struct.new(:source, :destination) do
+    extend T::Sig
+    sig { params(dry_run: T::Boolean, force: T::Boolean).void }
+    def call dry_run: false, force: false
+      operations = destination.diff!(source, force: force)
+      smanifest = source.manifest.generate
+      dmanifest = destination.manifest.existing
+      if smanifest != dmanifest
+        if dmanifest
+          operations << [:change, [dmanifest, smanifest]]
+        else
+          operations << [:add, [smanifest]]
+        end
+      end
+      # Only sync checksums for v1 manifests (v2 manifests provide integrity via hashes)
+      source_will_generate_v2 = !source.manifest.existing? # No existing manifest = will generate v2
+      dest_has_checksum = destination.manifest.existing_checksum
+      dest_has_v1_manifest = destination.manifest.existing? && destination.manifest.v1_format?
+      if source_will_generate_v2 && dest_has_checksum
+        # Transitioning to v2: remove old checksum
+        operations << [:remove, [dest_has_checksum]]
+      elsif !source_will_generate_v2 && (source.manifest.v1_format? || dest_has_v1_manifest)
+        # Both source and dest use v1 format: sync checksum
+        schecksum = source.manifest.generate_checksum
+        dchecksum = destination.manifest.existing_checksum
+        if schecksum != dchecksum
+          if dchecksum
+            operations << [:change, [dchecksum, schecksum]]
+          else
+            operations << [:add, [schecksum]]
+          end
+        end
+      end
+      operations.each do |method, records|
+        Logger.log(method, records, dry_run: dry_run)
+        destination.send(method, *records) unless dry_run
+      end
+    end
+  end
+end

data/lib/zonesync/validator.rb CHANGED Viewed

@@ -1,45 +1,103 @@
+# typed: strict
+require "sorbet-runtime"
+require "zonesync/record_hash"
 module Zonesync
-  class Validator < Struct.new(:operations, :destination)
-    def self.call(...)
-      new(...).call
+  Validator = Struct.new(:operations, :destination) do
+    extend T::Sig
+    sig { params(operations: T::Array[Operation], destination: Provider, force: T::Boolean).void }
+    def self.call(operations, destination, force: false)
+      new(operations, destination).call(force: force)
     end
-    def call
-      if operations.any? && !manifest.existing?
+    sig { params(force: T::Boolean).void }
+    def call(force: false)
+      if !force && operations.any? && !manifest.existing?
         raise MissingManifestError.new(manifest.generate)
       end
-      if manifest.existing_checksum && manifest.existing_checksum != manifest.generate_checksum
+      # Only validate checksums for v1 manifests (v2 manifests provide integrity via hashes)
+      if !force && manifest.v1_format? && manifest.existing_checksum && manifest.existing_checksum != manifest.generate_checksum
         raise ChecksumMismatchError.new(manifest.existing_checksum, manifest.generate_checksum)
       end
       operations.each do |method, args|
-        send(method, *args)
+        if method == :add
+          validate_addition args.first, force: force
+        end
       end
+      nil
     end
     private
+    sig { returns(Manifest) }
     def manifest
       destination.manifest
     end
-    def add record
+    sig { params(record: Record, force: T::Boolean).void }
+    def validate_addition record, force: false
       return if manifest.matches?(record)
-      shorthand = manifest.shorthand_for(record, with_type: true)
-      conflicting_record = destination.records.find do |r|
-        manifest.shorthand_for(r, with_type: true) == shorthand
+      return if force
+      # Use hash-based conflict detection when we have a v2 manifest
+      if manifest.existing? && !manifest.existing.rdata[1..-2].include?(";")
+        # V2 hash-based manifest: check for untracked records that conflict
+        record_hash = RecordHash.generate(record)
+        expected_hashes = manifest.existing.rdata[1..-2].split(",")
+        # Find conflicting records that would be overwritten by this addition
+        conflicting_record = destination.records.find do |r|
+          next if r.manifest? || r.checksum?
+          # Skip if this record is tracked in the manifest
+          r_hash = RecordHash.generate(r)
+          next if expected_hashes.include?(r_hash)
+          # Skip if it's exactly the same record (we're just starting to track it)
+          next if r.name == record.name && r.type == record.type && r.ttl == record.ttl && r.rdata == record.rdata
+          # Check for conflicts based on record type
+          case record.type
+          when "CNAME", "SOA"
+            # These types only allow one record per name
+            r.name == record.name && r.type == record.type
+          when "MX"
+            # MX records conflict if same name and same priority (first part of rdata)
+            if r.name == record.name && r.type == record.type
+              existing_priority = r.rdata.split(' ').first
+              new_priority = record.rdata.split(' ').first
+              existing_priority == new_priority
+            end
+          else
+            # For other types (A, AAAA, TXT, etc.), multiple records are allowed
+            # Only conflict if trying to add identical record (but we already checked that above)
+            false
+          end
+        end
+      else
+        # V1 name-based manifest or no manifest
+        if manifest.existing?
+          # V1 name-based manifest: use old shorthand logic
+          shorthand = manifest.shorthand_for(record, with_type: true)
+          conflicting_record = destination.records.find do |r|
+            manifest.shorthand_for(r, with_type: true) == shorthand
+          end
+        else
+          # No manifest: only conflict if exact same record exists
+          conflicting_record = destination.records.find do |r|
+            r.name == record.name &&
+            r.type == record.type &&
+            r.ttl == record.ttl &&
+            r.rdata == record.rdata
+          end
+        end
       end
       return if !conflicting_record
       return if conflicting_record == record
       raise Zonesync::ConflictError.new(conflicting_record, record)
     end
-    def change *records
-      # FIXME? is it possible to break something with a tracked changed record
-    end
-    def remove record
-      # FIXME? is it possible to break something with a tracked removed record
-    end
   end
 end

data/lib/zonesync/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Zonesync
-  VERSION = "0.9.0"
+  VERSION = "0.11.0"
 end