Added support for DDNS / RFC2136

backend/lib/services/cloudProviderSecrets.js

@@ -10,7 +10,22 @@ const { Resources } = require('@gardener-dashboard/kube-client')
 const createError = require('http-errors')
 const { format: fmt } = require('util')
 const { decodeBase64, encodeBase64 } = require('../utils')
-const cleartextPropertyKeys = ['accessKeyID', 'subscriptionID', 'project', 'domainName', 'tenantName', 'authUrl', 'vsphereUsername', 'nsxtUsername', 'username', 'metalAPIURL', 'AWS_REGION']
+const cleartextPropertyKeys = [
+  'accessKeyID',
+  'subscriptionID',
+  'project',
+  'domainName',
+  'tenantName',
+  'authUrl',
+  'vsphereUsername',
+  'nsxtUsername',
+  'username',
+  'metalAPIURL',
+  'AWS_REGION',
+  'Server',
+  'TSIGKeyName',
+  'Zone'
+]
 const normalizedCleartextPropertyKeys = cleartextPropertyKeys.map(key => key.toLowerCase())
 const cloudprofiles = require('./cloudprofiles')
 const shoots = require('./shoots')

frontend/src/components/GVendorIcon.vue

@@ -91,6 +91,8 @@ const iconSrc = computed(() => {
       return new URL('/src/assets/infoblox-dns.svg', import.meta.url)
     case 'netlify-dns':
       return new URL('/src/assets/netlify-dns.svg', import.meta.url)
+    case 'ddns':
+      return new URL('/src/assets/ddns.png', import.meta.url)
 
     // os
     case 'coreos':

frontend/src/components/Secrets/GSecretDetailsItemContent.vue

@@ -208,6 +208,21 @@ export default {
               value: 'hidden',
             },
           ]
+        case 'ddns':
+          return [
+            {
+              label: 'Server',
+              value: secretData.Server,
+            },
+            {
+              label: 'TSIG Key Name',
+              value: secretData.TSIGKeyName,
+            },
+            {
+              label: 'Zone',
+              value: secretData.Zone,
+            },
+          ]
         default:
           return [
             {

frontend/src/components/Secrets/GSecretDialogDDNS.vue

@@ -0,0 +1,245 @@
+<!--
+SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors
+
+SPDX-License-Identifier: Apache-2.0
+ -->
+
+<template>
+  <g-secret-dialog
+    v-model="visible"
+    :data="secretData"
+    :secret-validations="v$"
+    :secret="secret"
+    vendor="netlify-dns"
+    create-title="Add new DDNS (RFC2136) Secret"
+    replace-title="Replace DDNS (RFC2136) Secret"
+  >
+    <template #secret-slot>
+      <div>
+        <v-text-field
+          v-model="server"
+          color="primary"
+          label="<host>:<port> of the authorive DNS server"
+          :error-messages="getErrorMessages(v$.server)"
+          type="text"
+          variant="underlined"
+          @update:model-value="v$.server.$touch()"
+          @blur="v$.server.$touch()"
+        />
+      </div>
+      <div>
+        <v-text-field
+          v-model="tsigKeyName"
+          color="primary"
+          label="TSIG Key Name"
+          :error-messages="getErrorMessages(v$.tsigKeyName)"
+          type="text"
+          variant="underlined"
+          @update:model-value="v$.tsigKeyName.$touch()"
+          @blur="v$.tsigKeyName.$touch()"
+        />
+      </div>
+      <div>
+        <v-text-field
+          v-model="tsigSecret"
+          color="primary"
+          label="TSIG Secret"
+          :error-messages="getErrorMessages(v$.tsigSecret)"
+          :append-icon="hideTSIGSecret ? 'mdi-eye' : 'mdi-eye-off'"
+          :type="hideTSIGSecret ? 'password' : 'text'"
+          variant="underlined"
+          @click:append="() => (hideTSIGSecret = !hideTSIGSecret)"
+          @update:model-value="v$.tsigSecret.$touch()"
+          @blur="v$.tsigSecret.$touch()"
+        />
+      </div>
+      <div>
+        <v-text-field
+          v-model="zone"
+          color="primary"
+          label="Zone"
+          :error-messages="getErrorMessages(v$.zone)"
+          type="text"
+          variant="underlined"
+          @update:model-value="v$.zone.$touch()"
+          @blur="v$.zone.$touch()"
+        />
+      </div>
+      <div>
+        <v-select
+          v-model="tsigSecretAlgorithm"
+          color="primary"
+          label="TSIG Secret Algorithm"
+          :items="secretAlgorithmItems"
+          variant="underlined"
+        />
+      </div>
+    </template>
+
+    <template #help-slot>
+      <div>
+        <p>
+          This DNS provider allows you to create and manage DNS entries for authoritive DNS server supporting dynamic updates with DNS messages following
+          <g-external-link url="https://datatracker.ietf.org/doc/html/rfc2136">
+            RFC2136
+          </g-external-link>
+          (DNS Update) like knot-dns or others.
+        </p>
+        <p>
+          The configuration is depending on the DNS server product. You need permissions for <code>update</code> and <code>transfer</code> (AXFR) actions on your zones and a TSIG secret.
+        </p>
+        <p>
+          For details see <g-external-link url="https://github.com/gardener/external-dns-management/tree/master/docs/rfc2136">
+            Gardener RFC2136 DNS Provider Documentation
+          </g-external-link>
+        </p>
+      </div>
+    </template>
+  </g-secret-dialog>
+</template>
+
+<script>
+import { useVuelidate } from '@vuelidate/core'
+import { required } from '@vuelidate/validators'
+
+import GSecretDialog from '@/components/Secrets/GSecretDialog'
+import GExternalLink from '@/components/GExternalLink'
+
+import { getErrorMessages } from '@/utils'
+import {
+  withFieldName,
+  withMessage,
+} from '@/utils/validators'
+
+export default {
+  components: {
+    GSecretDialog,
+    GExternalLink,
+  },
+  props: {
+    modelValue: {
+      type: Boolean,
+      required: true,
+    },
+    secret: {
+      type: Object,
+    },
+  },
+  emits: [
+    'update:modelValue',
+  ],
+  setup () {
+    return {
+      v$: useVuelidate(),
+    }
+  },
+  data () {
+    return {
+      server: undefined,
+      tsigKeyName: undefined,
+      tsigSecret: undefined,
+      zone: undefined,
+      tsigSecretAlgorithm: 'hmac-sha256',
+      hideTSIGSecret: true,
+      secretAlgorithmItems: [
+        {
+          title: 'HMAC-SHA256 (default)',
+          value: 'hmac-sha256',
+        },
+        {
+          title: 'HMAC-SHA224',
+          value: 'hmac-sha224',
+        },
+        {
+          title: 'HMAC-SHA384',
+          value: 'hmac-sha384',
+        },
+        {
+          title: 'HMAC-SHA512',
+          value: 'hmac-sha512',
+        },
+        {
+          title: 'HMAC-SHA1',
+          value: 'hmac-sha1',
+        },
+        {
+          title: 'HMAC-MD5',
+          value: 'hmac-md5',
+        },
+      ],
+    }
+  },
+  validations () {
+    return {
+      server: withFieldName('Server', {
+        required,
+        format: withMessage('Must have format <host>:<port>', value => {
+          return /^([^:]+):(\d+)$/.test(value)
+        }),
+      }),
+      tsigKeyName: withFieldName('TSIG Key Name', {
+        required,
+        format: withMessage('Must end with a dot', value => {
+          return /\.$/.test(value)
+        }),
+      }),
+      tsigSecret: withFieldName('TSIG Secret', {
+        required,
+      }),
+      zone: withFieldName('Zone', {
+        required,
+        format: withMessage('Must be fully qualified', value => {
+          return /^[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.$/.test(value)
+        }),
+      }),
+    }
+  },
+  computed: {
+    visible: {
+      get () {
+        return this.modelValue
+      },
+      set (modelValue) {
+        this.$emit('update:modelValue', modelValue)
+      },
+    },
+    valid () {
+      return !this.v$.$invalid
+    },
+    secretData () {
+      const data = {
+        Server: this.server,
+        TSIGKeyName: this.tsigKeyName,
+        TSIGSecret: this.tsigSecret,
+        Zone: this.zone,
+      }
+      if (this.tsigSecretAlgorithm !== 'hmac-sha256') {
+        data.TSIGSecretAlgorithm = this.tsigSecretAlgorithm
+      }
+      return data
+    },
+    isCreateMode () {
+      return !this.secret
+    },
+  },
+  watch: {
+    value: function (value) {
+      if (value) {
+        this.reset()
+      }
+    },
+  },
+  methods: {
+    reset () {
+      this.v$.$reset()
+
+      this.server = undefined
+      this.tsigKeyName = undefined
+      this.tsigSecret = undefined
+      this.zone = undefined
+      this.tsigSecretAlgorithm = 'hmac-sha256'
+    },
+    getErrorMessages,
+  },
+}
+</script>

frontend/src/components/Secrets/GSecretDialogWrapper.vue

@@ -24,6 +24,7 @@ import VsphereDialog from '@/components/Secrets/GSecretDialogVSphere'
 import CloudflareDialog from '@/components/Secrets/GSecretDialogCloudflare'
 import InfobloxDialog from '@/components/Secrets/GSecretDialogInfoblox'
 import NetlifyDialog from '@/components/Secrets/GSecretDialogNetlify'
+import DdnsDialog from '@/components/Secrets/GSecretDialogDDNS'
 import DeleteDialog from '@/components/Secrets/GSecretDialogDelete'
 import HcloudDialog from '@/components/Secrets/GSecretDialogHCloud'
 import GenericDialog from '@/components/Secrets/GSecretDialogGeneric'
@@ -45,6 +46,7 @@ const components = {
   CloudflareDialog,
   InfobloxDialog,
   NetlifyDialog,
+  DdnsDialog,
   HcloudDialog,
   GenericDialog,
   DeleteDialog,

frontend/src/store/gardenerExtension.js

@@ -44,7 +44,7 @@ export const useGardenerExtensionStore = defineStore('gardenerExtension', () =>
   }
 
   const sortedDnsProviderList = computed(() => {
-    const supportedProviderTypes = ['aws-route53', 'azure-dns', 'azure-private-dns', 'google-clouddns', 'openstack-designate', 'alicloud-dns', 'infoblox-dns', 'netlify-dns']
+    const supportedProviderTypes = ['aws-route53', 'azure-dns', 'azure-private-dns', 'google-clouddns', 'openstack-designate', 'alicloud-dns', 'infoblox-dns', 'netlify-dns', 'ddns']
     const resources = flatMap(list.value, 'resources')
     const dnsProvidersFromDnsRecords = filter(resources, ['kind', 'DNSRecord'])