Skip to content

docs: clarify DNS ownership policy#821

Merged
intel352 merged 2 commits into
mainfrom
feat/779-iac-ownership
Jun 1, 2026
Merged

docs: clarify DNS ownership policy#821
intel352 merged 2 commits into
mainfrom
feat/779-iac-ownership

Conversation

@intel352
Copy link
Copy Markdown
Contributor

@intel352 intel352 commented Jun 1, 2026

Summary

  • documents the existing cross-provider wfctl dns-policy ownership mechanism for infra.dns
  • clarifies that _workflow-dns-policy.<zone> supersedes the older per-record _dns-managed-by idea
  • records operational behavior for WORKFLOW_DNS_OWNER, fail-closed policy reads, SOA/NS protection, and policy preservation

Partially addresses #779 by documenting/narrowing the DNS ownership portion. The remaining generic cloud-resource tag/label ownership convention still needs a separate implementation pass.

Verification

  • git diff --check
  • Documentation-only change; no Go tests run.

Copilot AI review requested due to automatic review settings June 1, 2026 15:51
Copilot AI reviewed Jun 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Documents and clarifies the cross-provider DNS ownership enforcement mechanism for infra.dns, centering on wfctl dns-policy and the _workflow-dns-policy.<zone> TXT policy record used during wfctl infra apply.

Changes:

  • Adds an “Ownership policy” section describing zone-level policy storage, delegation semantics, and WORKFLOW_DNS_OWNER enforcement behavior.
  • Provides CLI examples for showing, setting, and transferring DNS policy ownership.
  • Records operational rules (fail-closed policy reads, SOA/NS protection, sanitizer preservation).

Comment thread docs/iac-dns-providers.md
@intel352 intel352 mentioned this pull request Jun 1, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 1, 2026
edited
Loading

⏱ Benchmark Results

No significant performance regressions detected.

benchstat comparison (baseline → PR) 
## benchstat: baseline → PR
baseline-bench.txt:308: parsing iteration count: invalid syntax
baseline-bench.txt:339024: parsing iteration count: invalid syntax
baseline-bench.txt:685264: parsing iteration count: invalid syntax
baseline-bench.txt:1006883: parsing iteration count: invalid syntax
baseline-bench.txt:1334745: parsing iteration count: invalid syntax
baseline-bench.txt:1635520: parsing iteration count: invalid syntax
benchmark-results.txt:308: parsing iteration count: invalid syntax
benchmark-results.txt:294219: parsing iteration count: invalid syntax
benchmark-results.txt:574372: parsing iteration count: invalid syntax
benchmark-results.txt:883790: parsing iteration count: invalid syntax
benchmark-results.txt:1171434: parsing iteration count: invalid syntax
benchmark-results.txt:1489534: parsing iteration count: invalid syntax
goos: linux
goarch: amd64
pkg: github.com/GoCodeAlone/workflow/dynamic
cpu: AMD EPYC 7763 64-Core Processor                
                            │ benchmark-results.txt │
                            │        sec/op         │
InterpreterCreation-4                  10.12m ± 62%
ComponentLoad-4                        3.648m ± 11%
ComponentExecute-4                     1.961µ ±  3%
PoolContention/workers-1-4             1.090µ ±  2%
PoolContention/workers-2-4             1.088µ ±  2%
PoolContention/workers-4-4             1.100µ ±  2%
PoolContention/workers-8-4             1.107µ ±  1%
PoolContention/workers-16-4            1.104µ ±  2%
ComponentLifecycle-4                   3.599m ±  1%
SourceValidation-4                     2.330µ ±  1%
RegistryConcurrent-4                   815.1n ±  3%
LoaderLoadFromString-4                 3.684m ±  1%
geomean                                19.44µ

                            │ benchmark-results.txt │
                            │         B/op          │
InterpreterCreation-4                  2.027Mi ± 0%
ComponentLoad-4                        2.180Mi ± 0%
ComponentExecute-4                     1.203Ki ± 0%
PoolContention/workers-1-4             1.203Ki ± 0%
PoolContention/workers-2-4             1.203Ki ± 0%
PoolContention/workers-4-4             1.203Ki ± 0%
PoolContention/workers-8-4             1.203Ki ± 0%
PoolContention/workers-16-4            1.203Ki ± 0%
ComponentLifecycle-4                   2.183Mi ± 0%
SourceValidation-4                     1.984Ki ± 0%
RegistryConcurrent-4                   1.133Ki ± 0%
LoaderLoadFromString-4                 2.182Mi ± 0%
geomean                                15.25Ki

                            │ benchmark-results.txt │
                            │       allocs/op       │
InterpreterCreation-4                   15.68k ± 0%
ComponentLoad-4                         18.02k ± 0%
ComponentExecute-4                       25.00 ± 0%
PoolContention/workers-1-4               25.00 ± 0%
PoolContention/workers-2-4               25.00 ± 0%
PoolContention/workers-4-4               25.00 ± 0%
PoolContention/workers-8-4               25.00 ± 0%
PoolContention/workers-16-4              25.00 ± 0%
ComponentLifecycle-4                    18.07k ± 0%
SourceValidation-4                       32.00 ± 0%
RegistryConcurrent-4                     2.000 ± 0%
LoaderLoadFromString-4                  18.06k ± 0%
geomean                                  183.3

cpu: AMD EPYC 9V74 80-Core Processor                
                            │ baseline-bench.txt │
                            │       sec/op       │
InterpreterCreation-4               8.847m ± 65%
ComponentLoad-4                     3.481m ±  6%
ComponentExecute-4                  1.830µ ±  2%
PoolContention/workers-1-4          1.004µ ±  1%
PoolContention/workers-2-4          1.032µ ±  2%
PoolContention/workers-4-4          1.043µ ±  5%
PoolContention/workers-8-4          1.020µ ±  1%
PoolContention/workers-16-4         1.013µ ±  5%
ComponentLifecycle-4                3.552m ±  1%
SourceValidation-4                  2.165µ ±  1%
RegistryConcurrent-4                820.1n ±  4%
LoaderLoadFromString-4              3.583m ±  0%
geomean                             18.31µ

                            │ baseline-bench.txt │
                            │        B/op        │
InterpreterCreation-4               2.027Mi ± 0%
ComponentLoad-4                     2.180Mi ± 0%
ComponentExecute-4                  1.203Ki ± 0%
PoolContention/workers-1-4          1.203Ki ± 0%
PoolContention/workers-2-4          1.203Ki ± 0%
PoolContention/workers-4-4          1.203Ki ± 0%
PoolContention/workers-8-4          1.203Ki ± 0%
PoolContention/workers-16-4         1.203Ki ± 0%
ComponentLifecycle-4                2.183Mi ± 0%
SourceValidation-4                  1.984Ki ± 0%
RegistryConcurrent-4                1.133Ki ± 0%
LoaderLoadFromString-4              2.182Mi ± 0%
geomean                             15.25Ki

                            │ baseline-bench.txt │
                            │     allocs/op      │
InterpreterCreation-4                15.68k ± 0%
ComponentLoad-4                      18.02k ± 0%
ComponentExecute-4                    25.00 ± 0%
PoolContention/workers-1-4            25.00 ± 0%
PoolContention/workers-2-4            25.00 ± 0%
PoolContention/workers-4-4            25.00 ± 0%
PoolContention/workers-8-4            25.00 ± 0%
PoolContention/workers-16-4           25.00 ± 0%
ComponentLifecycle-4                 18.07k ± 0%
SourceValidation-4                    32.00 ± 0%
RegistryConcurrent-4                  2.000 ± 0%
LoaderLoadFromString-4               18.06k ± 0%
geomean                               183.3

pkg: github.com/GoCodeAlone/workflow/middleware
cpu: AMD EPYC 7763 64-Core Processor                
                                  │ benchmark-results.txt │
                                  │        sec/op         │
CircuitBreakerDetection-4                     294.3n ± 9%
CircuitBreakerExecution_Success-4             21.50n ± 0%
CircuitBreakerExecution_Failure-4             66.27n ± 0%
geomean                                       74.86n

                                  │ benchmark-results.txt │
                                  │         B/op          │
CircuitBreakerDetection-4                    144.0 ± 0%
CircuitBreakerExecution_Success-4            0.000 ± 0%
CircuitBreakerExecution_Failure-4            0.000 ± 0%
geomean                                                 ¹
¹ summaries must be >0 to compute geomean

                                  │ benchmark-results.txt │
                                  │       allocs/op       │
CircuitBreakerDetection-4                    1.000 ± 0%
CircuitBreakerExecution_Success-4            0.000 ± 0%
CircuitBreakerExecution_Failure-4            0.000 ± 0%
geomean                                                 ¹
¹ summaries must be >0 to compute geomean

cpu: AMD EPYC 9V74 80-Core Processor                
                                  │ baseline-bench.txt │
                                  │       sec/op       │
CircuitBreakerDetection-4                  297.0n ± 1%
CircuitBreakerExecution_Success-4          22.69n ± 0%
CircuitBreakerExecution_Failure-4          70.99n ± 0%
geomean                                    78.21n

                                  │ baseline-bench.txt │
                                  │        B/op        │
CircuitBreakerDetection-4                 144.0 ± 0%
CircuitBreakerExecution_Success-4         0.000 ± 0%
CircuitBreakerExecution_Failure-4         0.000 ± 0%
geomean                                              ¹
¹ summaries must be >0 to compute geomean

                                  │ baseline-bench.txt │
                                  │     allocs/op      │
CircuitBreakerDetection-4                 1.000 ± 0%
CircuitBreakerExecution_Success-4         0.000 ± 0%
CircuitBreakerExecution_Failure-4         0.000 ± 0%
geomean                                              ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/module
cpu: AMD EPYC 7763 64-Core Processor                
                                 │ benchmark-results.txt │
                                 │        sec/op         │
IaCStateBackend_InProcess-4                 325.5n ± 21%
IaCStateBackend_GRPC-4                      9.848m ± 18%
JQTransform_Simple-4                        731.8n ± 24%
JQTransform_ObjectConstruction-4            1.490µ ±  2%
JQTransform_ArraySelect-4                   3.497µ ±  3%
JQTransform_Complex-4                       40.06µ ±  1%
JQTransform_Throughput-4                    1.855µ ±  4%
SSEPublishDelivery-4                        64.74n ±  1%
geomean                                     3.946µ

                                 │ benchmark-results.txt │
                                 │         B/op          │
IaCStateBackend_InProcess-4                 416.0 ± 0%
IaCStateBackend_GRPC-4                    5.849Mi ± 8%
JQTransform_Simple-4                      1.273Ki ± 0%
JQTransform_ObjectConstruction-4          1.773Ki ± 0%
JQTransform_ArraySelect-4                 2.625Ki ± 0%
JQTransform_Complex-4                     16.31Ki ± 0%
JQTransform_Throughput-4                  1.984Ki ± 0%
SSEPublishDelivery-4                        0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

                                 │ benchmark-results.txt │
                                 │       allocs/op       │
IaCStateBackend_InProcess-4                 2.000 ± 0%
IaCStateBackend_GRPC-4                     6.838k ± 0%
JQTransform_Simple-4                        10.00 ± 0%
JQTransform_ObjectConstruction-4            15.00 ± 0%
JQTransform_ArraySelect-4                   30.00 ± 0%
JQTransform_Complex-4                       328.0 ± 0%
JQTransform_Throughput-4                    17.00 ± 0%
SSEPublishDelivery-4                        0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

cpu: AMD EPYC 9V74 80-Core Processor                
                                 │ baseline-bench.txt │
                                 │       sec/op       │
IaCStateBackend_InProcess-4              289.6n ±  0%
IaCStateBackend_GRPC-4                   10.74m ± 11%
JQTransform_Simple-4                     669.4n ± 25%
JQTransform_ObjectConstruction-4         1.413µ ±  1%
JQTransform_ArraySelect-4                3.391µ ±  4%
JQTransform_Complex-4                    41.39µ ±  1%
JQTransform_Throughput-4                 1.726µ ±  1%
SSEPublishDelivery-4                     63.27n ±  1%
geomean                                  3.817µ

                                 │ baseline-bench.txt │
                                 │        B/op        │
IaCStateBackend_InProcess-4             416.0 ±  0%
IaCStateBackend_GRPC-4                5.775Mi ± 10%
JQTransform_Simple-4                  1.273Ki ±  0%
JQTransform_ObjectConstruction-4      1.773Ki ±  0%
JQTransform_ArraySelect-4             2.625Ki ±  0%
JQTransform_Complex-4                 16.31Ki ±  0%
JQTransform_Throughput-4              1.984Ki ±  0%
SSEPublishDelivery-4                    0.000 ±  0%
geomean                                             ¹
¹ summaries must be >0 to compute geomean

                                 │ baseline-bench.txt │
                                 │     allocs/op      │
IaCStateBackend_InProcess-4              2.000 ± 0%
IaCStateBackend_GRPC-4                  6.854k ± 0%
JQTransform_Simple-4                     10.00 ± 0%
JQTransform_ObjectConstruction-4         15.00 ± 0%
JQTransform_ArraySelect-4                30.00 ± 0%
JQTransform_Complex-4                    328.0 ± 0%
JQTransform_Throughput-4                 17.00 ± 0%
SSEPublishDelivery-4                     0.000 ± 0%
geomean                                             ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/schema
cpu: AMD EPYC 7763 64-Core Processor                
                                    │ benchmark-results.txt │
                                    │        sec/op         │
SchemaValidation_Simple-4                      1.100µ ± 22%
SchemaValidation_AllFields-4                   1.644µ ±  3%
SchemaValidation_FormatValidation-4            1.597µ ±  3%
SchemaValidation_ManySchemas-4                 1.821µ ±  1%
geomean                                        1.514µ

                                    │ benchmark-results.txt │
                                    │         B/op          │
SchemaValidation_Simple-4                      0.000 ± 0%
SchemaValidation_AllFields-4                   0.000 ± 0%
SchemaValidation_FormatValidation-4            0.000 ± 0%
SchemaValidation_ManySchemas-4                 0.000 ± 0%
geomean                                                   ¹
¹ summaries must be >0 to compute geomean

                                    │ benchmark-results.txt │
                                    │       allocs/op       │
SchemaValidation_Simple-4                      0.000 ± 0%
SchemaValidation_AllFields-4                   0.000 ± 0%
SchemaValidation_FormatValidation-4            0.000 ± 0%
SchemaValidation_ManySchemas-4                 0.000 ± 0%
geomean                                                   ¹
¹ summaries must be >0 to compute geomean

cpu: AMD EPYC 9V74 80-Core Processor                
                                    │ baseline-bench.txt │
                                    │       sec/op       │
SchemaValidation_Simple-4                    1.073µ ± 8%
SchemaValidation_AllFields-4                 1.621µ ± 7%
SchemaValidation_FormatValidation-4          1.558µ ± 2%
SchemaValidation_ManySchemas-4               1.585µ ± 1%
geomean                                      1.439µ

                                    │ baseline-bench.txt │
                                    │        B/op        │
SchemaValidation_Simple-4                   0.000 ± 0%
SchemaValidation_AllFields-4                0.000 ± 0%
SchemaValidation_FormatValidation-4         0.000 ± 0%
SchemaValidation_ManySchemas-4              0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

                                    │ baseline-bench.txt │
                                    │     allocs/op      │
SchemaValidation_Simple-4                   0.000 ± 0%
SchemaValidation_AllFields-4                0.000 ± 0%
SchemaValidation_FormatValidation-4         0.000 ± 0%
SchemaValidation_ManySchemas-4              0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/store
cpu: AMD EPYC 7763 64-Core Processor                
                                   │ benchmark-results.txt │
                                   │        sec/op         │
EventStoreAppend_InMemory-4                   1.226µ ± 10%
EventStoreAppend_SQLite-4                     1.344m ±  5%
GetTimeline_InMemory/events-10-4              14.13µ ±  5%
GetTimeline_InMemory/events-50-4              80.79µ ±  2%
GetTimeline_InMemory/events-100-4             158.9µ ± 22%
GetTimeline_InMemory/events-500-4             637.7µ ±  2%
GetTimeline_InMemory/events-1000-4            1.308m ±  3%
GetTimeline_SQLite/events-10-4                105.8µ ±  1%
GetTimeline_SQLite/events-50-4                249.6µ ±  0%
GetTimeline_SQLite/events-100-4               423.2µ ±  0%
GetTimeline_SQLite/events-500-4               1.813m ±  0%
GetTimeline_SQLite/events-1000-4              3.535m ±  0%
geomean                                       226.1µ

                                   │ benchmark-results.txt │
                                   │         B/op          │
EventStoreAppend_InMemory-4                    826.5 ± 10%
EventStoreAppend_SQLite-4                    1.985Ki ±  3%
GetTimeline_InMemory/events-10-4             7.953Ki ±  0%
GetTimeline_InMemory/events-50-4             46.62Ki ±  0%
GetTimeline_InMemory/events-100-4            94.48Ki ±  0%
GetTimeline_InMemory/events-500-4            472.8Ki ±  0%
GetTimeline_InMemory/events-1000-4           944.3Ki ±  0%
GetTimeline_SQLite/events-10-4               16.74Ki ±  0%
GetTimeline_SQLite/events-50-4               87.14Ki ±  0%
GetTimeline_SQLite/events-100-4              175.4Ki ±  0%
GetTimeline_SQLite/events-500-4              846.1Ki ±  0%
GetTimeline_SQLite/events-1000-4             1.639Mi ±  0%
geomean                                      67.60Ki

                                   │ benchmark-results.txt │
                                   │       allocs/op       │
EventStoreAppend_InMemory-4                     7.000 ± 0%
EventStoreAppend_SQLite-4                       53.00 ± 0%
GetTimeline_InMemory/events-10-4                125.0 ± 0%
GetTimeline_InMemory/events-50-4                653.0 ± 0%
GetTimeline_InMemory/events-100-4              1.306k ± 0%
GetTimeline_InMemory/events-500-4              6.514k ± 0%
GetTimeline_InMemory/events-1000-4             13.02k ± 0%
GetTimeline_SQLite/events-10-4                  382.0 ± 0%
GetTimeline_SQLite/events-50-4                 1.852k ± 0%
GetTimeline_SQLite/events-100-4                3.681k ± 0%
GetTimeline_SQLite/events-500-4                18.54k ± 0%
GetTimeline_SQLite/events-1000-4               37.29k ± 0%
geomean                                        1.162k

cpu: AMD EPYC 9V74 80-Core Processor                
                                   │ baseline-bench.txt │
                                   │       sec/op       │
EventStoreAppend_InMemory-4                1.054µ ± 15%
EventStoreAppend_SQLite-4                  1.018m ±  1%
GetTimeline_InMemory/events-10-4           12.91µ ±  2%
GetTimeline_InMemory/events-50-4           72.14µ ±  4%
GetTimeline_InMemory/events-100-4          110.2µ ± 31%
GetTimeline_InMemory/events-500-4          562.6µ ±  1%
GetTimeline_InMemory/events-1000-4         1.138m ±  1%
GetTimeline_SQLite/events-10-4             85.30µ ±  0%
GetTimeline_SQLite/events-50-4             220.2µ ±  1%
GetTimeline_SQLite/events-100-4            384.4µ ±  1%
GetTimeline_SQLite/events-500-4            1.665m ±  0%
GetTimeline_SQLite/events-1000-4           3.258m ±  0%
geomean                                    193.5µ

                                   │ baseline-bench.txt │
                                   │        B/op        │
EventStoreAppend_InMemory-4                 753.0 ± 14%
EventStoreAppend_SQLite-4                 1.983Ki ±  1%
GetTimeline_InMemory/events-10-4          7.953Ki ±  0%
GetTimeline_InMemory/events-50-4          46.62Ki ±  0%
GetTimeline_InMemory/events-100-4         94.48Ki ±  0%
GetTimeline_InMemory/events-500-4         472.8Ki ±  0%
GetTimeline_InMemory/events-1000-4        944.3Ki ±  0%
GetTimeline_SQLite/events-10-4            16.74Ki ±  0%
GetTimeline_SQLite/events-50-4            87.14Ki ±  0%
GetTimeline_SQLite/events-100-4           175.4Ki ±  0%
GetTimeline_SQLite/events-500-4           846.1Ki ±  0%
GetTimeline_SQLite/events-1000-4          1.639Mi ±  0%
geomean                                   67.07Ki

                                   │ baseline-bench.txt │
                                   │     allocs/op      │
EventStoreAppend_InMemory-4                  7.000 ± 0%
EventStoreAppend_SQLite-4                    53.00 ± 0%
GetTimeline_InMemory/events-10-4             125.0 ± 0%
GetTimeline_InMemory/events-50-4             653.0 ± 0%
GetTimeline_InMemory/events-100-4           1.306k ± 0%
GetTimeline_InMemory/events-500-4           6.514k ± 0%
GetTimeline_InMemory/events-1000-4          13.02k ± 0%
GetTimeline_SQLite/events-10-4               382.0 ± 0%
GetTimeline_SQLite/events-50-4              1.852k ± 0%
GetTimeline_SQLite/events-100-4             3.681k ± 0%
GetTimeline_SQLite/events-500-4             18.54k ± 0%
GetTimeline_SQLite/events-1000-4            37.29k ± 0%
geomean                                     1.162k

Benchmarks run with go test -bench=. -benchmem -count=6.
Regressions ≥ 20% are flagged. Results compared via benchstat.

@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 1, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@intel352 intel352 merged commit d4755fd into main Jun 1, 2026
22 checks passed
@intel352 intel352 deleted the feat/779-iac-ownership branch June 1, 2026 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@intel352