Allow specifying some CNAMEs which don't need to be overridden

torchbox · Oct 21, 2024 · 555fd87 · 555fd87
1 parent d533391
commit 555fd87
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ Optionally:
 
 - `APP_NAME`: A regex of app names to act on. Any not matching this will be skipped.
 - `HEROKU_TEAMS`: A comma separated list of Heroku teams to operate on. By default will use all apps the account has access to.
+- `ALLOWED_CNAME_TARGETS`: A comma-separated list of regexes which match CNAMEs. If these CNAMEs are found in place of the correct Heroku CNAME, they won't be overridden.
 
 These can also be set in a `.env` file.
 

diff --git a/main.py b/main.py
@@ -18,6 +18,10 @@
     "pending",  # Assume this is ok. It'll be picked up on next iteration if it's not
 }
 
+ALLOWED_CNAME_TARGETS = [
+    re.compile(t) for t in os.environ.get("ALLOWED_CNAME_TARGETS", "").split(",")
+]
+
 
 def get_cloudflare_list(api, *args, params=None):
     """
@@ -59,6 +63,13 @@ def record_exists(record: str) -> bool:
     return True
 
 
+def is_allowed_cname_target(record: str) -> bool:
+    """
+    Is the record an allowed target
+    """
+    return any(target.match(record) for target in ALLOWED_CNAME_TARGETS)
+
+
 def main():
     load_dotenv()
 
@@ -132,10 +143,13 @@ def do_create(cf, heroku, matcher, heroku_teams):
             logging.info("%s: domain not set", app.name)
             cf.zones.dns_records.post(cf_zone["id"], data=cf_record_data)
         elif existing_record["content"] != cname:
-            logging.warning("%s: incorrect record value", app.name)
-            cf.zones.dns_records.patch(
-                cf_zone["id"], existing_record["id"], data=cf_record_data
-            )
+            if is_allowed_cname_target(existing_record["content"]):
+                logging.info("%s: record is different, but an allowed value", app.name)
+            else:
+                logging.warning("%s: incorrect record value", app.name)
+                cf.zones.dns_records.patch(
+                    cf_zone["id"], existing_record["id"], data=cf_record_data
+                )
 
         # Enable ACM if not already, so certs can be issued
         has_acm = any(d.acm_status for d in app_domains.values())