feat(txt-registry): add apex record delegation check

internal/idna/idna.go

@@ -17,6 +17,9 @@ limitations under the License.
 package idna
 
 import (
+	"strings"
+
+	log "github.com/sirupsen/logrus"
 	"golang.org/x/net/idna"
 )
 
@@ -27,3 +30,16 @@ var (
 		idna.StrictDomainName(false),
 	)
 )
+
+// normalizeDNSName converts a DNS name to a canonical form, so that we can use string equality
+// it: removes space, get ASCII version of dnsName complient with Section 5 of RFC 5891, ensures there is a trailing dot
+func NormalizeDNSName(dnsName string) string {
+	s, err := Profile.ToASCII(strings.TrimSpace(dnsName))
+	if err != nil {
+		log.Warnf(`Got error while parsing DNSName %s: %v`, dnsName, err)
+	}
+	if !strings.HasSuffix(s, ".") {
+		s += "."
+	}
+	return s
+}

internal/idna/idna_test.go

@@ -57,3 +57,101 @@ func TestProfileWithDefault(t *testing.T) {
 		})
 	}
 }
+
+func TestNormalizeDNSName(tt *testing.T) {
+	records := []struct {
+		dnsName string
+		expect  string
+	}{
+		{
+			"3AAAA.FOO.BAR.COM    ",
+			"3aaaa.foo.bar.com.",
+		},
+		{
+			"   example.foo.com.",
+			"example.foo.com.",
+		},
+		{
+			"example123.foo.com ",
+			"example123.foo.com.",
+		},
+		{
+			"foo",
+			"foo.",
+		},
+		{
+			"123foo.bar",
+			"123foo.bar.",
+		},
+		{
+			"foo.com",
+			"foo.com.",
+		},
+		{
+			"foo.com.",
+			"foo.com.",
+		},
+		{
+			"_foo.com.",
+			"_foo.com.",
+		},
+		{
+			"\u005Ffoo.com.",
+			"_foo.com.",
+		},
+		{
+			".foo.com.",
+			".foo.com.",
+		},
+		{
+			"foo123.COM",
+			"foo123.com.",
+		},
+		{
+			"my-exaMple3.FOO.BAR.COM",
+			"my-example3.foo.bar.com.",
+		},
+		{
+			"   my-example1214.FOO-1235.BAR-foo.COM   ",
+			"my-example1214.foo-1235.bar-foo.com.",
+		},
+		{
+			"my-example-my-example-1214.FOO-1235.BAR-foo.COM",
+			"my-example-my-example-1214.foo-1235.bar-foo.com.",
+		},
+		{
+			"點看.org.",
+			"xn--c1yn36f.org.",
+		},
+		{
+			"nordic-ø.xn--kitty-點看pd34d.com",
+			"xn--nordic--w1a.xn--xn--kitty-pd34d-hn01b3542b.com.",
+		},
+		{
+			"nordic-ø.kitty😸.com.",
+			"xn--nordic--w1a.xn--kitty-pd34d.com.",
+		},
+		{
+			"  nordic-ø.kitty😸.COM",
+			"xn--nordic--w1a.xn--kitty-pd34d.com.",
+		},
+		{
+			"xn--nordic--w1a.kitty😸.com.",
+			"xn--nordic--w1a.xn--kitty-pd34d.com.",
+		},
+		{
+			"*.example.com.",
+			"*.example.com.",
+		},
+		{
+			"*.example.com",
+			"*.example.com.",
+		},
+	}
+	for _, r := range records {
+		tt.Run(r.dnsName, func(t *testing.T) {
+			gotName := NormalizeDNSName(r.dnsName)
+			assert.Equal(t, r.expect, gotName)
+		})
+	}
+}

plan/plan.go

@@ -19,7 +19,6 @@ package plan
 import (
 	"fmt"
 	"slices"
-	"strings"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
@@ -142,7 +141,7 @@ func (t *planTable) addCandidate(e *endpoint.Endpoint) {
 
 func (t *planTable) newPlanKey(e *endpoint.Endpoint) planKey {
 	key := planKey{
-		dnsName:       normalizeDNSName(e.DNSName),
+		dnsName:       idna.NormalizeDNSName(e.DNSName),
 		setIdentifier: e.SetIdentifier,
 	}
 
@@ -348,19 +347,6 @@ func filterRecordsForPlan(records []*endpoint.Endpoint, domainFilter endpoint.Ma
 	return filtered
 }
 
-// normalizeDNSName converts a DNS name to a canonical form, so that we can use string equality
-// it: removes space, get ASCII version of dnsName complient with Section 5 of RFC 5891, ensures there is a trailing dot
-func normalizeDNSName(dnsName string) string {
-	s, err := idna.Profile.ToASCII(strings.TrimSpace(dnsName))
-	if err != nil {
-		log.Warnf(`Got error while parsing DNSName %s: %v`, dnsName, err)
-	}
-	if !strings.HasSuffix(s, ".") {
-		s += "."
-	}
-	return s
-}
-
 func IsManagedRecord(record string, managedRecords, excludeRecords []string) bool {
 	if slices.Contains(excludeRecords, record) {
 		return false

plan/plan_test.go

@@ -1054,104 +1054,6 @@ func validateEntries(t *testing.T, entries, expected []*endpoint.Endpoint) {
 	}
 }
 
-func TestNormalizeDNSName(tt *testing.T) {
-	records := []struct {
-		dnsName string
-		expect  string
-	}{
-		{
-			"3AAAA.FOO.BAR.COM    ",
-			"3aaaa.foo.bar.com.",
-		},
-		{
-			"   example.foo.com.",
-			"example.foo.com.",
-		},
-		{
-			"example123.foo.com ",
-			"example123.foo.com.",
-		},
-		{
-			"foo",
-			"foo.",
-		},
-		{
-			"123foo.bar",
-			"123foo.bar.",
-		},
-		{
-			"foo.com",
-			"foo.com.",
-		},
-		{
-			"foo.com.",
-			"foo.com.",
-		},
-		{
-			"_foo.com.",
-			"_foo.com.",
-		},
-		{
-			"\u005Ffoo.com.",
-			"_foo.com.",
-		},
-		{
-			".foo.com.",
-			".foo.com.",
-		},
-		{
-			"foo123.COM",
-			"foo123.com.",
-		},
-		{
-			"my-exaMple3.FOO.BAR.COM",
-			"my-example3.foo.bar.com.",
-		},
-		{
-			"   my-example1214.FOO-1235.BAR-foo.COM   ",
-			"my-example1214.foo-1235.bar-foo.com.",
-		},
-		{
-			"my-example-my-example-1214.FOO-1235.BAR-foo.COM",
-			"my-example-my-example-1214.foo-1235.bar-foo.com.",
-		},
-		{
-			"點看.org.",
-			"xn--c1yn36f.org.",
-		},
-		{
-			"nordic-ø.xn--kitty-點看pd34d.com",
-			"xn--nordic--w1a.xn--xn--kitty-pd34d-hn01b3542b.com.",
-		},
-		{
-			"nordic-ø.kitty😸.com.",
-			"xn--nordic--w1a.xn--kitty-pd34d.com.",
-		},
-		{
-			"  nordic-ø.kitty😸.COM",
-			"xn--nordic--w1a.xn--kitty-pd34d.com.",
-		},
-		{
-			"xn--nordic--w1a.kitty😸.com.",
-			"xn--nordic--w1a.xn--kitty-pd34d.com.",
-		},
-		{
-			"*.example.com.",
-			"*.example.com.",
-		},
-		{
-			"*.example.com",
-			"*.example.com.",
-		},
-	}
-	for _, r := range records {
-		tt.Run(r.dnsName, func(t *testing.T) {
-			gotName := normalizeDNSName(r.dnsName)
-			assert.Equal(t, r.expect, gotName)
-		})
-	}
-}
-
 func TestShouldUpdateProviderSpecific(tt *testing.T) {
 	for _, test := range []struct {
 		name         string