fix(aws): incorrect behavior for non-aliasable record types

[u-kai]

What does it do?

This PR fixes incorrect behavior for record types that do not support AWS Alias records (e.g., MX, TXT, SRV, etc.).

Motivation

This work originated from the discussion here:
#5997 (comment)

When a ProviderSpecific property alias=true exists on record types that don't support alias records
(like MX records):

• Alias processing continues even after alias property deletion
  • The alias property is deleted at aws.go, but the alias variable remains true
  • This results in unnecessary evaluateTargetHealth=false being added
• TTL value gets unintentionally modified
  • When RecordTTL is configured, it gets fixed to 300

Reproduction

ep := &endpoint.Endpoint{
    RecordType: endpoint.RecordTypeMX,
    RecordTTL:  600,
    ProviderSpecific: endpoint.ProviderSpecific{
        {Name: "alias", Value: "true"},
    },
}
// Expected: TTL=600, ProviderSpecific=empty
// But result is: TTL=300, evaluateTargetHealth=false gets added

While this affects cases with incorrectly configured ProviderSpecific properties, I believe the behavior should

More

• Yes, this PR title follows Conventional Commits
• Yes, I added unit tests
• Yes, I updated end user documentation accordingly

[k8s-ci-robot]

Hi @u-kai. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ivankatliarchuk]

Refactoring and bug fix in single PR. Too risky. As well as for bug, it should be manifests provided to reproduce

[u-kai]

@ivankatliarchuk
Sorry about that — I’ll be more careful next time.

To make the existing issue easier to fix, I’ve opened a separate PR with the refactoring work.
Once that PR is merged, I will rebase this PR and continue the bug fix on top of it.

It would be great if you could review the refactoring PR first. Thanks!

[u-kai]

@ivankatliarchuk
Now that the refactoring PR has been merged, I’ve rebased and updated this PR so it’s ready for review again.

[ivankatliarchuk]

Missing links to docs in description with facts about this behaviour. Missing end to end tests with the proof.

I'll review only after other reviewers share their review. I could not keep approving on my own.

[ivankatliarchuk]

There’s no example showing the current behaviour, so it’s unclear whether this is actually a problem or not.

[u-kai]

I’ve updated the PR description.

Previously, even for record types that do not support alias (such as MX records), ExternalDNS was applying alias-specific behavior — updating TTL and adding the evaluateTargetHealth property — whenever alias was set to true.

This was incorrect and also hurt code readability.
With this change, MX records no longer have their TTL modified even if alias is true, and alias-related properties are removed for record types that do not support alias.

[ivankatliarchuk]

Missing before and after real example. And missing links to official documentation describing AWS alias record behavior

[ivankatliarchuk]

Now:

• AWS provider silently “fixes” invalid alias usage
• Other providers may not
• Behavior diverges across providers

ExternalDNS should enforce provider-agnostic semantics before provider code runs.

[ivankatliarchuk]

Ideally, what we should have

Reject invalid combinations at middleware layer:

• alias=true only allowed for A / AAAA
• fail endpoint validation
• surface a clear debug msg

This is the cleanest contract.

[u-kai]

Totally agree — the issue here is the responsibility boundary.

To move in that direction, I opened a follow-up PR that makes endpoint validation fail when alias=true is used for non A/AAAA,CNAME record types. Once that PR is merged, this PR can be simplified further.

I’ll update this PR accordingly once the validation change lands.

[ivankatliarchuk]

Is this resolved or still a problem?

[u-kai]

Sorry, it has already been resolved.

[ivankatliarchuk]

Sorry, it has already been resolved.

/close

[k8s-ci-robot]

@ivankatliarchuk: Closed this PR.

Details

In response to this:

Sorry, it has already been resolved.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[u-kai]

Sorry for the confusion. "Resolved" was referring to the code review comment being addressed, not the PR itself being resolved. I'll reopen this.

[u-kai]

/reopen

[k8s-ci-robot]

@u-kai: Reopened this PR.

Details

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ivankatliarchuk]

Ok

[ivankatliarchuk]

I think the change missing some links in PR title + debug logs or something.

High level. We have a gap - no end 2 end test that stitches together CheckEndpoint → dedupSource → AdjustEndpoints to show the full rejection path. The two unit tests exist, but their composition is not visible in unit tests.

[ivankatliarchuk]

Are we cleaning up the providerSpecificAlias property in wrapper layer? This was just added in recent PR https://github.com/kubernetes-sigs/external-dns/pull/6021/changes

[u-kai]

I've separated this into the PR below:
#6342

[u-kai]

PR has merged! thanks!

[ivankatliarchuk]

I'm not sure. Maybe instead of removing test, actually provide a current code behaviour with changed name?

[u-kai]

You're right that this case can still exist from a unit test perspective.
However, in the current design, it's difficult for an alias record to be used with MX, since it's prevented at another layer, so I removed the test.

What kind of test name would you suggest if we keep it?

[u-kai]

The links and before/after examples are already included in the comments above.

Regarding E2E tests:
I agree it would be valuable, but I'd prefer to track it as a follow-up rather than blocking this fix.

[ivankatliarchuk]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ivankatliarchuk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ivankatliarchuk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ivankatliarchuk]

e2e #6017 (comment)