route53: avoid unexpected records deletion (#1976)

Co-authored-by: David King <king.c.david@googlemail.com>
2024-11-21 13:25:48 +02:00 · 2023-07-27 20:56:40 +02:00 · 2023-07-27 20:56:40 +02:00 · f582d12f65
commit f582d12f65
parent d21706420a
1 changed files with 21 additions and 4 deletions
--- a/providers/dns/route53/route53.go
+++ b/providers/dns/route53/route53.go
@ -176,26 +176,43 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("failed to determine Route 53 hosted zone ID: %w", err)
 	}

-	records, err := d.getExistingRecordSets(ctx, hostedZoneID, info.EffectiveFQDN)
+	existingRecords, err := d.getExistingRecordSets(ctx, hostedZoneID, info.EffectiveFQDN)
 	if err != nil {
 		return fmt.Errorf("route53: %w", err)
 	}

-	if len(records) == 0 {
+	if len(existingRecords) == 0 {
 		return nil
 	}

+	var nonLegoRecords []awstypes.ResourceRecord
+	for _, record := range existingRecords {
+		if deref(record.Value) != `"`+info.Value+`"` {
+			nonLegoRecords = append(nonLegoRecords, record)
+		}
+	}
+
+	action := awstypes.ChangeActionUpsert
+
 	recordSet := &awstypes.ResourceRecordSet{
 		Name:            aws.String(info.EffectiveFQDN),
 		Type:            "TXT",
 		TTL:             aws.Int64(int64(d.config.TTL)),
-		ResourceRecords: records,
+		ResourceRecords: nonLegoRecords,
 	}

-	err = d.changeRecord(ctx, awstypes.ChangeActionDelete, hostedZoneID, recordSet)
+	// If the records are only records created by lego.
+	if len(nonLegoRecords) == 0 {
+		action = awstypes.ChangeActionDelete
+
+		recordSet.ResourceRecords = existingRecords
+	}
+
+	err = d.changeRecord(ctx, action, hostedZoneID, recordSet)
 	if err != nil {
 		return fmt.Errorf("route53: %w", err)
 	}
+
 	return nil
 }