Try #3: Support encrypted DNS txt records

[vsychov]

Hi guys,

I found few pull request about txt records encryption (#1314, #1115, #1538), that have conflicts now, or not merged.
This PR have latest PR (#1538) with resolved conflicts, hope it will help you to review and merge it.

Fixes #1825
Fixes #854

Checklist

• Unit tests updated
• End user documentation updated

[vsychov]

/assign @njuettner

[vsychov]

/kind feature

[Raffo]

Thank you for the PR @vsychov . I did a first pass at reviewing, but error handling and a few other things are a bit off and far from a good enough quality. I would suggest, if you are open to that, that you start refactoring the code following the guidelines that I gave.
In a nutshell:

• error handling according to go guidelines (no valid values when error, don't hide errors, etc.)
• comments that are useful to generate godocs
• use American English for all code.

Once a refactor is done I will proceed with a code review.

[vsychov]

@Raffo, I made some code refactoring, fixed error handling, and crypto functions logic little bit, do you have any other comments?

[vsychov]

Hi @Raffo , is all good, or something more changes needed for merge it?

[marcgascon]

Anything missing in this PR beside conflicts? I am really interested in this new feature. 😄

[vsychov]

I fixed conflicts with master, do It need more changes for be merged, @Raffo?

[Raffo]

@vsychov There are still many changes to be done, please check again that all errors are handled, comments are correct and that we do not mask possible errors. Generally speaking we also don't want to log and return err.

[Raffo]

There is a unhandled error here, please handle it.

[Raffo]

We don't want to log and return the error. If you need to add a message, please wrap the error.

[Raffo]

Suggested change

	data := []byte(text)
	data, err = compressData(data)
	data, err = compressData([]byte(text))

[Raffo]

code comment is wrong

Suggested change

	// Decompress gzip compressed data
	// decompressData gzip compressed data

[Raffo]

Suggested change

	// Compress data by gzip, for minify data stored in registry
	// compressData data by gzip, for minify data stored in registry

[Raffo]

Suggested change

	// Serialize transforms endpoints labels into a external-dns recognizable format string
	// SerializePlain transforms endpoints labels into a external-dns recognizable format string

[Raffo]

This error is masked. This function should probably return an error.

[shcherbak]

@Raffo there is a little to do with this mr
@vsychov do you have working fork with txt encryption feature?

[vsychov]

@shcherbak, yes, I'm using this feature in a production with the Cloudflare provider since the moment of the PR creation. If you want I can publish a working Docker image for your convenience.

[shcherbak]

@vsychov this is amazing, thank you
but i think will wait for official chart and image
nicely done, respect

[vsychov]

@Raffo, fixed

[Mattie112]

@Raffo Sorry for tagging you but it seems you need to approve this change. Is there any way you can look into this? We would like to use the txt-registry but don't want to expose any more information to the outside world.

[SCLogo]

Any reason why this PR not merged yet? It is a very good new feature to not leak any data about your cluster

[SCLogo]

@Raffo @njuettner Can we help in anything to merge this PR ? It fixes a huge security leak I think. Thanks

[SCLogo]

@vsychov could you please change request change to review request? maybe this is the only issue here.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[Mattie112]

We still very much want this feature and it is already a PR, so please /remove-lifecycle stale ?

[vsychov]

/remove-lifecycle stale

[szuecs]

Please don't merge remote master but fetch master and rebase your branch on top of master.
I saw this in my email and inbox maybe you already fixed it.
Thanks

[vsychov]

Please don't merge remote master but fetch master and rebase your branch on top of master. I saw this in my email and inbox maybe you already fixed it. Thanks

@szuecs, I combined all commits into one and then rebased it onto the master branch. Previously, this was nearly impossible due to numerous conflicts in each commit.

Hope now it's ok to merge?

[szuecs]

@vsychov I wait for @Raffo to review. From my side lgtm

/lgtm

[shcherbak]

is there any reason why this PR not merged yet? @Raffo

[Raffo]

Sorry I am really on life support with time. I can't review this. @szuecs please feel free to merge this if you think it's good.

[szuecs]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: szuecs, vsychov

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [szuecs]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[szuecs]

@vsychov thanks for your work and answers. Wow we just merged a PR from 2020, great to see that such old PRs are finally merged and improving the tool for everyone.

[shcherbak]

@Raffo please take care of yourself

[shcherbak]

@szuecs nicely done! It is time for pushing new tag, isn't it? :) Or talking seriously, when new release is planned?