feat: add support for external dns plugins

Author: jsiebens

go.mod

@@ -16,8 +16,11 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.2
 	github.com/hashicorp/go-bexpr v0.1.14
 	github.com/hashicorp/go-getter v1.7.8
+	github.com/hashicorp/go-hclog v1.6.3
 	github.com/hashicorp/go-multierror v1.1.1
+	github.com/hashicorp/go-plugin v1.6.3
 	github.com/jsiebens/go-edit v0.1.0
+	github.com/jsiebens/libdns-plugin v0.1.0
 	github.com/jsiebens/mockoidc v0.1.0-rc2
 	github.com/klauspost/compress v1.18.0
 	github.com/labstack/echo-contrib v0.17.3
@@ -26,7 +29,7 @@ require (
 	github.com/libdns/cloudflare v0.1.1
 	github.com/libdns/digitalocean v0.0.0-20230728223659-4f9064657aea
 	github.com/libdns/googleclouddns v1.1.0
-	github.com/libdns/libdns v0.2.2
+	github.com/libdns/libdns v0.2.3
 	github.com/libdns/route53 v1.3.3
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/pointerstructure v1.2.1
@@ -43,10 +46,10 @@ require (
 	github.com/travisjeffery/certmagic-sqlstorage v1.1.1
 	github.com/xhit/go-str2duration/v2 v2.1.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.37.0
-	golang.org/x/net v0.39.0
+	golang.org/x/crypto v0.38.0
+	golang.org/x/net v0.40.0
 	golang.org/x/oauth2 v0.29.0
-	golang.org/x/sync v0.13.0
+	golang.org/x/sync v0.14.0
 	google.golang.org/protobuf v1.36.6
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -121,6 +124,7 @@ require (
 	github.com/dvsekhvalnov/jose2go v1.7.0 // indirect
 	github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/gaissmai/bart v0.11.1 // indirect
@@ -137,6 +141,7 @@ require (
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
@@ -154,6 +159,7 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
+	github.com/hashicorp/yamux v0.1.2 // indirect
 	github.com/hdevalence/ed25519consensus v0.2.0 // indirect
 	github.com/illarion/gonotify/v2 v2.0.3 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -187,6 +193,7 @@ require (
 	github.com/mtibben/percent v0.2.1 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/oklog/run v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/opencontainers/runc v1.2.3 // indirect
@@ -240,18 +247,18 @@ require (
 	go4.org/unsafe/assume-no-moving-gc v0.0.0-20231121144256-b99613f794b6 // indirect
 	golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 // indirect
 	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/sys v0.32.0 // indirect
-	golang.org/x/term v0.31.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/term v0.32.0 // indirect
+	golang.org/x/text v0.25.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 	golang.org/x/tools v0.29.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
 	google.golang.org/api v0.230.0 // indirect
 	google.golang.org/genproto v0.0.0-20250425173222-7b384671a197 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250425173222-7b384671a197 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250425173222-7b384671a197 // indirect
-	google.golang.org/grpc v1.72.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250512202823-5a2f75b736a9 // indirect
+	google.golang.org/grpc v1.72.1 // indirect
 	gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987 // indirect
 	modernc.org/libc v1.50.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect

go.sum

@@ -219,6 +219,7 @@ type DNS struct {
 
 type DNSProvider struct {
 	Name          string          `json:"name"`
+	PluginPath    string          `json:"plugin_path"`
 	Zone          string          `json:"zone"`
 	Configuration json.RawMessage `json:"config"`
 }

internal/config/config.go

@@ -0,0 +1,124 @@
+package dns
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/hashicorp/go-plugin"
+	"github.com/jsiebens/ionscale/internal/util"
+	dnsplugin "github.com/jsiebens/libdns-plugin"
+	"github.com/libdns/libdns"
+	"go.uber.org/zap"
+	"os/exec"
+	"sync"
+	"time"
+)
+
+// pluginManager handles plugin lifecycle and resilience
+type pluginManager struct {
+	pluginPath string
+	client     *plugin.Client
+	instance   dnsplugin.Provider
+	lock       sync.RWMutex
+	logger     *zap.Logger
+
+	zone   string
+	config json.RawMessage
+}
+
+// NewPluginManager creates a new plugin manager
+func newPluginManager(pluginPath string, zone string, config json.RawMessage) (*pluginManager, error) {
+	logger := zap.L().Named("dns").With(zap.String("plugin_path", pluginPath))
+
+	p := &pluginManager{
+		pluginPath: pluginPath,
+		logger:     logger,
+		zone:       zone,
+		config:     config,
+	}
+
+	if err := p.ensureRunning(true); err != nil {
+		return nil, err
+	}
+
+	return p, nil
+}
+
+// ensureRunning makes sure the plugin is running
+func (pm *pluginManager) ensureRunning(start bool) error {
+	pm.lock.RLock()
+	running := pm.client != nil && !pm.client.Exited()
+	instance := pm.instance
+	pm.lock.RUnlock()
+
+	if running && instance != nil {
+		return nil
+	}
+
+	// Need to restart
+	pm.lock.Lock()
+	defer pm.lock.Unlock()
+
+	if !start {
+		pm.logger.Info("Restarting DNS plugin")
+	}
+
+	if pm.client != nil {
+		pm.client.Kill()
+	}
+
+	// Create a new client
+	cmd := exec.Command(pm.pluginPath)
+	pm.client = plugin.NewClient(&plugin.ClientConfig{
+		HandshakeConfig: dnsplugin.Handshake,
+		Plugins:         dnsplugin.PluginMap,
+		Cmd:             cmd,
+		AllowedProtocols: []plugin.Protocol{
+			plugin.ProtocolNetRPC,
+			plugin.ProtocolGRPC,
+		},
+		Managed: true,
+		Logger:  util.NewZapAdapter(pm.logger, "dns"),
+	})
+
+	// Connect via RPC
+	rpcClient, err := pm.client.Client()
+	if err != nil {
+		return fmt.Errorf("error creating plugin client: %w", err)
+	}
+
+	// Request the plugin
+	raw, err := rpcClient.Dispense(dnsplugin.ProviderPluginName)
+	if err != nil {
+		return fmt.Errorf("error dispensing plugin: %w", err)
+	}
+
+	// Convert to the interface
+	pm.instance = raw.(dnsplugin.Provider)
+
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
+	defer cancel()
+
+	if err := pm.instance.Configure(ctx, pm.config); err != nil {
+		return fmt.Errorf("error configuring plugin: %w", err)
+	}
+
+	pm.logger.Info("DNS plugin started")
+
+	return nil
+}
+
+func (pm *pluginManager) SetRecord(ctx context.Context, recordType, recordName, value string) error {
+	if err := pm.ensureRunning(false); err != nil {
+		return err
+	}
+
+	_, err := pm.instance.SetRecords(ctx, pm.zone, []libdns.Record{{
+		Type:  recordType,
+		Name:  libdns.RelativeName(recordName, pm.zone),
+		Value: value,
+		TTL:   1 * time.Minute,
+	}})
+
+	return err
+}

internal/dns/plugin.go

@@ -11,6 +11,7 @@ import (
 	"github.com/libdns/googleclouddns"
 	"github.com/libdns/libdns"
 	"github.com/libdns/route53"
+	"go.uber.org/zap"
 	"strings"
 	"time"
 )
@@ -33,16 +34,24 @@ func NewProvider(config config.DNS) (Provider, error) {
 		return nil, nil
 	}
 
+	if p.Name == "" && p.PluginPath == "" {
+		return nil, fmt.Errorf("invalid dns provider configuration, either name or plugin_path should be set")
+	}
+
+	if p.Name != "" && p.PluginPath != "" {
+		return nil, fmt.Errorf("invalid dns provider configuration, only one of name or plugin_path should be set")
+	}
+
 	if !strings.HasSuffix(config.MagicDNSSuffix, p.Zone) {
 		return nil, fmt.Errorf("invalid MagicDNS suffix [%s], not part of zone [%s]", config.MagicDNSSuffix, p.Zone)
 	}
 
 	factory, ok := factories[p.Name]
-	if !ok {
-		return nil, fmt.Errorf("unknown dns provider: %s", p.Name)
+	if ok {
+		return newProvider(p.Zone, p.Configuration, factory)
 	}
 
-	return newProvider(p.Zone, p.Configuration, factory)
+	return newPluginManager(p.PluginPath, fqdn(p.Zone), p.Configuration)
 }
 
 func newProvider(zone string, values json.RawMessage, factory func() libdns.RecordSetter) (Provider, error) {
@@ -54,22 +63,27 @@ func newProvider(zone string, values json.RawMessage, factory func() libdns.Reco
 }
 
 func azureProvider() libdns.RecordSetter {
+	zap.L().Warn("Builtin azure DNS plugin is deprecated and will be removed in a future release.")
 	return &azure.Provider{}
 }
 
 func cloudflareProvider() libdns.RecordSetter {
+	zap.L().Warn("Builtin cloudflare DNS plugin is deprecated and will be removed in a future release.")
 	return &cloudflare.Provider{}
 }
 
 func digitalOceanProvider() libdns.RecordSetter {
+	zap.L().Warn("Builtin digitalocean DNS plugin is deprecated and will be removed in a future release.")
 	return &digitalocean.Provider{}
 }
 
 func googleCloudDNSProvider() libdns.RecordSetter {
+	zap.L().Warn("Builtin googleclouddns DNS plugin is deprecated and will be removed in a future release.")
 	return &googleclouddns.Provider{}
 }
 
 func route53Provider() libdns.RecordSetter {
+	zap.L().Warn("Builtin route53 DNS plugin is deprecated and will be removed in a future release.")
 	return &route53.Provider{}
 }
 

internal/dns/provider.go

@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/caddyserver/certmagic"
+	"github.com/hashicorp/go-plugin"
 	"github.com/jsiebens/ionscale/internal/auth"
 	"github.com/jsiebens/ionscale/internal/config"
 	"github.com/jsiebens/ionscale/internal/core"
@@ -221,6 +222,7 @@ func Start(ctx context.Context, c *config.Config) error {
 	go func() {
 		<-gCtx.Done()
 		logger.Sugar().Infow("Shutting down ionscale server")
+		plugin.CleanupClients()
 		shutdownHttpServer(metricsServer)
 		shutdownHttpServer(webServer)
 		_ = stunServer.Shutdown()