Merge pull request kubernetes-sigs#1397 from saidst/fix/azure-private…

…-dns-zone-detection Azure Private DNS: Fix endless loop in zone-detection
postmates · Feb 11, 2020 · 3235e62 · 3235e62
2 parents 829ed01 + 5340c89
commit 3235e62
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 15 deletions.
diff --git a/docs/tutorials/azure-private-dns.md b/docs/tutorials/azure-private-dns.md
@@ -101,8 +101,8 @@ $ az network private-dns link vnet create -g externaldns -n mylink \
 ExternalDNS needs permissions to make changes in Azure Private DNS.  
 These permissions are roles assigned to the service principal used by ExternalDNS.
 
-A service principal with a minimum access level of `contributor` to the Private DNS zone(s) and `reader` to the resource group containing the Azure Private DNS zone(s) is necessary.
-More powerful role-assignments like `owner` or assignments on subscription-level work too. 
+A service principal with a minimum access level of `Private DNS Zone Contributor` to the Private DNS zone(s) and `Reader` to the resource group containing the Azure Private DNS zone(s) is necessary.
+More powerful role-assignments like `Owner` or assignments on subscription-level work too. 
 
 Start off by **creating the service principal** without role-assignments.
 ```
@@ -134,7 +134,7 @@ Now, **create role assignments**.
 $ az role assignment create --role "Reader" --assignee <appId GUID> --scope <resource group resource id>  
 
 # 2. as a contributor to DNS Zone itself
-$ az role assignment create --role "Contributor" --assignee <appId GUID> --scope <dns zone resource id>  
+$ az role assignment create --role "Private DNS Zone Contributor" --assignee <appId GUID> --scope <dns zone resource id>  
 ```
 
 ## Deploy ExternalDNS

diff --git a/provider/azure_private_dns.go b/provider/azure_private_dns.go
@@ -168,20 +168,10 @@ func (p *AzurePrivateDNSProvider) zones(ctx context.Context) ([]privatedns.Priva
 		zone := i.Value()
 		log.Debugf("Validating Zone: %v", *zone.Name)
 
-		if zone.Name == nil {
-			continue
+		if zone.Name != nil && p.domainFilter.Match(*zone.Name) && p.zoneIDFilter.Match(*zone.ID) {
+			zones = append(zones, zone)
 		}
 
-		if !p.domainFilter.Match(*zone.Name) {
-			continue
-		}
-
-		if !p.zoneIDFilter.Match(*zone.ID) {
-			continue
-		}
-
-		zones = append(zones, zone)
-
 		err := i.NextWithContext(ctx)
 		if err != nil {
 			return nil, err