Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rfc2136 provider expects TSIG key in base64 DEcoded format #346

Closed
Avarei opened this issue Dec 20, 2023 · 0 comments · Fixed by #347
Closed

rfc2136 provider expects TSIG key in base64 DEcoded format #346

Avarei opened this issue Dec 20, 2023 · 0 comments · Fixed by #347
Labels
kind/bug Bug status/closed Issue is closed (either delivered or triaged)

Comments

@Avarei
Copy link
Contributor

Avarei commented Dec 20, 2023

What happened:
Currently the provider secret for rfc2136 expects TSIGSecret to be set to the base64 decoded version of the TSIG key.
While it base64 encodes the secret during runtime.

What you expected to happen:
no decoding and reencoding.

How to reproduce it (as minimally and precisely as possible):

  • Generate a tsig Key. tsig-keygen -a HMAC-SHA256 mykey:

    key "keyname" {
  algorithm hmac-sha256;
  secret "base64encodedkey==";
};

  • Configure it on the DNS server

  • Create the rfc2136 provider secret:

    export SERVER="127.0.0.1"
export ZONE="example.com."
export TSIG_ID="keyname."
export TSIG_KEY="base64encodedkey=="
export TSIG_ALGO="hmac-sha256"

kubectl create secret -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: rfc2136-credentials
  namespace: default
type: Opaque
data:
  Server: $SERVER
  TSIGKeyName: $TSIG_ID
  TSIGSecret: $TSIG_KEY # this currently only works if set to $(echo $TSIG_KEY | base64 -d)
  Zone: $ZONE
  TSIGSecretAlgorithm: $TSIG_ALGO
EOF

  • Create DNSProvider and DNSEntry

Anything else we need to know:

Environment:
external-dns-management v0.16.0 as well as on master.
kubernetes 1.26
@Avarei Avarei added the kind/bug Bug label Dec 20, 2023
@Avarei Avarei mentioned this issue Dec 20, 2023
Merged
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Dec 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Bug status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

rfc2136 provider: expect base64 encoded TSIG key Avarei/external-dns-management
2 participants
@Avarei @gardener-robot