Documentation
¶
Index ¶
Constants ¶
const SchemaV1 = "workflow.dns-portfolio.export.v1"
SchemaV1 is the canonical schema identifier for a dns-portfolio export.
Variables ¶
This section is empty.
Functions ¶
func Equal ¶
Equal reports whether two records are canonically equal, keying on (Type, Name, Value, TTL) and ignoring extra/optional fields like Priority.
func KnownType ¶
KnownType reports whether t is a well-known DNS record type. Advisory only — unknown types are valid in a portfolio snapshot.
func Sanitize ¶
func Sanitize(p *Portfolio)
Sanitize replaces sensitive data in p in-place so the portfolio can be committed to a public repository:
- A/AAAA record values that are public (routable) IPs are replaced with RFC-5737 (192.0.2.x/198.51.100.x/203.0.113.x) or RFC-3849 (2001:db8::) example ranges.
- TXT record data that looks like a secret (DKIM public key, long base64 blobs) is replaced with "[redacted]".
- _workflow-dns-policy TXT records (identified by record NAME and/or the heritage=wfinfra-v1 value prefix) are left intact — they are policy declarations, not secrets.
- Private/reserved IP ranges (RFC-1918, RFC-6598 CGNAT, loopback, link-local, IPv6 ULA, RFC-5737/3849 documentation) are left as-is.
Sanitize sets p.Sanitized = true.
Types ¶
type Portfolio ¶
type Portfolio struct {
Schema string `json:"schema"`
Sanitized bool `json:"sanitized,omitempty"`
Snapshots []Snapshot `json:"snapshots"`
}
Portfolio is the top-level export envelope for a canonical DNS catalog. Matches the "workflow.dns-portfolio.export.v1" schema used by scenario 88.
func FromResourceStates ¶
func FromResourceStates(states []interfaces.ResourceState) Portfolio
FromResourceStates converts imported IaC state into a canonical Portfolio. Reads each infra.dns ResourceState's records (Outputs preferred, else AppliedConfig), renaming provider-specific value keys to the canonical "value".
Provider value-key divergence (verified against provider drivers):
- DigitalOcean + Cloudflare emit "data"
- Hover emits "content" (workflow-plugin-hover/internal/drivers/dns.go:538)
- Namecheap emits "address"
The valueAlias helper resolves the first non-empty of: data → content → address → value. Non-infra.dns states are silently skipped.
type Record ¶
type Record struct {
Type string `json:"type"`
Name string `json:"name"`
Value string `json:"value"`
TTL int `json:"ttl"`
Priority *int `json:"priority,omitempty"`
Port *int `json:"port,omitempty"`
Weight *int `json:"weight,omitempty"`
Flags *int `json:"flags,omitempty"`
Tag string `json:"tag,omitempty"`
}
Record is the canonical, provider-neutral DNS record type. The Value field uses json:"value" to match scenario-88's fixture shape (fixture records use "value", NOT "data").
knownTypes is advisory only — a portfolio is a SNAPSHOT of whatever the provider returns, so unknown/newer types (PTR, HTTPS, SVCB, TLSA, DNAME, …) MUST be preserved, never rejected. KnownType drives an optional warning only.
type Snapshot ¶
type Snapshot struct {
ID string `json:"id"`
Provider string `json:"provider"`
Domain string `json:"domain"`
Authority map[string]any `json:"authority,omitempty"`
Records []Record `json:"records"`
Extra map[string]any `json:"extra,omitempty"`
}
Snapshot is a flat representation of one DNS zone at a point in time. One snapshot == one zone (matches scenario-88 fixture shape: flat, no zones[]).
Source Files