From 4adef209c787bc8ee84bcf12446c13809d0f8cec Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackexchange.com>
Date: Thu, 27 Feb 2020 23:10:35 -0500
Subject: [PATCH] AZUREDNS: Do not warn about underscore for
 acm-validations.aws (#661)

* Check for acm-validations.aws.
---
 pkg/normalize/validate.go      |  9 +++++++--
 pkg/normalize/validate_test.go | 21 ++++++++++++---------
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index f0f941e8e..a0330fa48 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -100,7 +100,7 @@ var labelUnderscores = []string{
 // these record types may contain underscores
 var rTypeUnderscores = []string{"SRV", "TLSA", "TXT"}
 
-func checkLabel(label string, rType string, domain string, meta map[string]string) error {
+func checkLabel(label string, rType string, target, domain string, meta map[string]string) error {
 	if label == "@" {
 		return nil
 	}
@@ -125,6 +125,11 @@ func checkLabel(label string, rType string, domain string, meta map[string]strin
 			return nil
 		}
 	}
+	// Don't warn for CNAMEs if the target ends with acm-validations.aws
+	// See https://github.com/StackExchange/dnscontrol/issues/519
+	if strings.HasPrefix(label, "_") && rType == "CNAME" && strings.HasSuffix(target, ".acm-validations.aws.") {
+		return nil
+	}
 	// Don't warn for certain label substrings
 	for _, ex := range labelUnderscores {
 		if strings.Contains(label, ex) {
@@ -296,7 +301,7 @@ func NormalizeAndValidateConfig(config *models.DNSConfig) (errs []error) {
 			if err := validateRecordTypes(rec, domain.Name, pTypes); err != nil {
 				errs = append(errs, err)
 			}
-			if err := checkLabel(rec.GetLabel(), rec.Type, domain.Name, rec.Metadata); err != nil {
+			if err := checkLabel(rec.GetLabel(), rec.Type, rec.GetTargetField(), domain.Name, rec.Metadata); err != nil {
 				errs = append(errs, err)
 			}
 			if errs2 := checkTargets(rec, domain.Name); errs2 != nil {
diff --git a/pkg/normalize/validate_test.go b/pkg/normalize/validate_test.go
index bc4fe2abf..a00e524ad 100644
--- a/pkg/normalize/validate_test.go
+++ b/pkg/normalize/validate_test.go
@@ -12,17 +12,20 @@ func TestCheckLabel(t *testing.T) {
 	var tests = []struct {
 		label       string
 		rType       string
+		target      string
 		isError     bool
 		hasSkipMeta bool
 	}{
-		{"@", "A", false, false},
-		{"foo.bar", "A", false, false},
-		{"_foo", "A", true, false},
-		{"_foo", "SRV", false, false},
-		{"_foo", "TLSA", false, false},
-		{"_foo", "TXT", false, false},
-		{"test.foo.tld", "A", true, false},
-		{"test.foo.tld", "A", false, true},
+		{"@", "A", "zap", false, false},
+		{"foo.bar", "A", "zap", false, false},
+		{"_foo", "A", "zap", true, false},
+		{"_foo", "SRV", "zap", false, false},
+		{"_foo", "TLSA", "zap", false, false},
+		{"_foo", "TXT", "zap", false, false},
+		{"_y2", "CNAME", "foo", true, false},
+		{"_y3", "CNAME", "asfljds.acm-validations.aws", false, false},
+		{"test.foo.tld", "A", "zap", true, false},
+		{"test.foo.tld", "A", "zap", false, true},
 	}
 
 	for _, test := range tests {
@@ -31,7 +34,7 @@ func TestCheckLabel(t *testing.T) {
 			if test.hasSkipMeta {
 				meta["skip_fqdn_check"] = "true"
 			}
-			err := checkLabel(test.label, test.rType, "foo.tld", meta)
+			err := checkLabel(test.label, test.rType, test.target, "foo.tld", meta)
 			if err != nil && !test.isError {
 				t.Errorf(" Expected no error but got %s", err)
 			}