mirror of https://github.com/hashicorp/consul
agent: testing dns when acls are in use
parent
fb3938d88e
commit
f7f7c4695e
|
@ -13,22 +13,38 @@ import (
|
||||||
"github.com/miekg/dns"
|
"github.com/miekg/dns"
|
||||||
)
|
)
|
||||||
|
|
||||||
func makeDNSServer(t *testing.T, config *DNSConfig, recursor *dns.Server) (string, *DNSServer) {
|
func makeDNSServer(t *testing.T) (string, *DNSServer) {
|
||||||
if config == nil {
|
return makeDNSServerConfig(t, nil, nil)
|
||||||
config = &DNSConfig{}
|
|
||||||
}
|
}
|
||||||
recursors := []string{}
|
|
||||||
if recursor != nil {
|
func makeDNSServerConfig(
|
||||||
recursors = append(recursors, recursor.Addr)
|
t *testing.T,
|
||||||
|
agentFn func(c *Config),
|
||||||
|
dnsFn func(*DNSConfig)) (string, *DNSServer) {
|
||||||
|
// Create the configs and apply the functions
|
||||||
|
agentConf := nextConfig()
|
||||||
|
if agentFn != nil {
|
||||||
|
agentFn(agentConf)
|
||||||
}
|
}
|
||||||
conf := nextConfig()
|
dnsConf := &DNSConfig{}
|
||||||
addr, _ := conf.ClientListener(conf.Addresses.DNS, conf.Ports.DNS)
|
if dnsFn != nil {
|
||||||
dir, agent := makeAgent(t, conf)
|
dnsFn(dnsConf)
|
||||||
server, err := NewDNSServer(agent, config, agent.logOutput,
|
}
|
||||||
conf.Domain, addr.String(), recursors)
|
|
||||||
|
// Add in the recursor if any
|
||||||
|
if r := agentConf.DNSRecursor; r != "" {
|
||||||
|
agentConf.DNSRecursors = append(agentConf.DNSRecursors, r)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Start the server
|
||||||
|
addr, _ := agentConf.ClientListener(agentConf.Addresses.DNS, agentConf.Ports.DNS)
|
||||||
|
dir, agent := makeAgent(t, agentConf)
|
||||||
|
server, err := NewDNSServer(agent, dnsConf, agent.logOutput,
|
||||||
|
agentConf.Domain, addr.String(), agentConf.DNSRecursors)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return dir, server
|
return dir, server
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -90,7 +106,7 @@ func TestRecursorAddr(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_NodeLookup(t *testing.T) {
|
func TestDNS_NodeLookup(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -160,7 +176,7 @@ func TestDNS_NodeLookup(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) {
|
func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -194,7 +210,7 @@ func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_NodeLookup_PeriodName(t *testing.T) {
|
func TestDNS_NodeLookup_PeriodName(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -236,7 +252,7 @@ func TestDNS_NodeLookup_PeriodName(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_NodeLookup_AAAA(t *testing.T) {
|
func TestDNS_NodeLookup_AAAA(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -287,7 +303,9 @@ func TestDNS_NodeLookup_CNAME(t *testing.T) {
|
||||||
})
|
})
|
||||||
defer recursor.Shutdown()
|
defer recursor.Shutdown()
|
||||||
|
|
||||||
dir, srv := makeDNSServer(t, nil, recursor)
|
dir, srv := makeDNSServerConfig(t, func(c *Config) {
|
||||||
|
c.DNSRecursor = recursor.Addr
|
||||||
|
}, nil)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -333,7 +351,7 @@ func TestDNS_NodeLookup_CNAME(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ReverseLookup(t *testing.T) {
|
func TestDNS_ReverseLookup(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -375,7 +393,7 @@ func TestDNS_ReverseLookup(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ReverseLookup_CustomDomain(t *testing.T) {
|
func TestDNS_ReverseLookup_CustomDomain(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
srv.domain = dns.Fqdn("custom")
|
srv.domain = dns.Fqdn("custom")
|
||||||
|
@ -418,7 +436,7 @@ func TestDNS_ReverseLookup_CustomDomain(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ReverseLookup_IPV6(t *testing.T) {
|
func TestDNS_ReverseLookup_IPV6(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -460,7 +478,7 @@ func TestDNS_ReverseLookup_IPV6(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup(t *testing.T) {
|
func TestDNS_ServiceLookup(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -527,7 +545,7 @@ func TestDNS_ServiceLookup(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) {
|
func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -595,7 +613,7 @@ func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) {
|
func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -634,7 +652,7 @@ func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_TagPeriod(t *testing.T) {
|
func TestDNS_ServiceLookup_TagPeriod(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -695,7 +713,7 @@ func TestDNS_ServiceLookup_TagPeriod(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_Dedup(t *testing.T) {
|
func TestDNS_ServiceLookup_Dedup(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -772,7 +790,7 @@ func TestDNS_ServiceLookup_Dedup(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_Dedup_SRV(t *testing.T) {
|
func TestDNS_ServiceLookup_Dedup_SRV(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -880,7 +898,9 @@ func TestDNS_Recurse(t *testing.T) {
|
||||||
recursor := makeRecursor(t, []dns.RR{dnsA("apple.com", "1.2.3.4")})
|
recursor := makeRecursor(t, []dns.RR{dnsA("apple.com", "1.2.3.4")})
|
||||||
defer recursor.Shutdown()
|
defer recursor.Shutdown()
|
||||||
|
|
||||||
dir, srv := makeDNSServer(t, nil, recursor)
|
dir, srv := makeDNSServerConfig(t, func(c *Config) {
|
||||||
|
c.DNSRecursor = recursor.Addr
|
||||||
|
}, nil)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -903,7 +923,7 @@ func TestDNS_Recurse(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_FilterCritical(t *testing.T) {
|
func TestDNS_ServiceLookup_FilterCritical(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -1034,7 +1054,9 @@ func TestDNS_ServiceLookup_FilterCritical(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) {
|
func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, &DNSConfig{OnlyPassing: true}, nil)
|
dir, srv := makeDNSServerConfig(t, nil, func(c *DNSConfig) {
|
||||||
|
c.OnlyPassing = true
|
||||||
|
})
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -1150,7 +1172,7 @@ func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_Randomize(t *testing.T) {
|
func TestDNS_ServiceLookup_Randomize(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -1218,10 +1240,9 @@ func TestDNS_ServiceLookup_Randomize(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_Truncate(t *testing.T) {
|
func TestDNS_ServiceLookup_Truncate(t *testing.T) {
|
||||||
config := &DNSConfig{
|
dir, srv := makeDNSServerConfig(t, nil, func(c *DNSConfig) {
|
||||||
EnableTruncate: true,
|
c.EnableTruncate = true
|
||||||
}
|
})
|
||||||
dir, srv := makeDNSServer(t, config, nil)
|
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -1269,7 +1290,9 @@ func TestDNS_ServiceLookup_CNAME(t *testing.T) {
|
||||||
})
|
})
|
||||||
defer recursor.Shutdown()
|
defer recursor.Shutdown()
|
||||||
|
|
||||||
dir, srv := makeDNSServer(t, nil, recursor)
|
dir, srv := makeDNSServerConfig(t, func(c *Config) {
|
||||||
|
c.DNSRecursor = recursor.Addr
|
||||||
|
}, nil)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -1337,13 +1360,13 @@ func TestDNS_NodeLookup_TTL(t *testing.T) {
|
||||||
})
|
})
|
||||||
defer recursor.Shutdown()
|
defer recursor.Shutdown()
|
||||||
|
|
||||||
config := &DNSConfig{
|
dir, srv := makeDNSServerConfig(t, func(c *Config) {
|
||||||
NodeTTL: 10 * time.Second,
|
c.DNSRecursor = recursor.Addr
|
||||||
AllowStale: true,
|
}, func(c *DNSConfig) {
|
||||||
MaxStale: time.Second,
|
c.NodeTTL = 10 * time.Second
|
||||||
}
|
c.AllowStale = true
|
||||||
|
c.MaxStale = time.Second
|
||||||
dir, srv := makeDNSServer(t, config, recursor)
|
})
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -1456,16 +1479,16 @@ func TestDNS_NodeLookup_TTL(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_TTL(t *testing.T) {
|
func TestDNS_ServiceLookup_TTL(t *testing.T) {
|
||||||
config := &DNSConfig{
|
confFn := func(c *DNSConfig) {
|
||||||
ServiceTTL: map[string]time.Duration{
|
c.ServiceTTL = map[string]time.Duration{
|
||||||
"db": 10 * time.Second,
|
"db": 10 * time.Second,
|
||||||
"*": 5 * time.Second,
|
"*": 5 * time.Second,
|
||||||
},
|
|
||||||
AllowStale: true,
|
|
||||||
MaxStale: time.Second,
|
|
||||||
}
|
}
|
||||||
|
c.AllowStale = true
|
||||||
|
c.MaxStale = time.Second
|
||||||
|
|
||||||
dir, srv := makeDNSServer(t, config, nil)
|
}
|
||||||
|
dir, srv := makeDNSServerConfig(t, nil, confFn)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -1560,7 +1583,7 @@ func TestDNS_ServiceLookup_TTL(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) {
|
func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -1627,7 +1650,7 @@ func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) {
|
func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) {
|
||||||
dir, srv := makeDNSServer(t, nil, nil)
|
dir, srv := makeDNSServer(t)
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
defer srv.agent.Shutdown()
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
@ -1692,3 +1715,59 @@ func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) {
|
||||||
t.Fatalf("Bad: %#v", in.Extra[0])
|
t.Fatalf("Bad: %#v", in.Extra[0])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestDNS_ServiceLookup_FilterACL(t *testing.T) {
|
||||||
|
confFn := func(c *Config) {
|
||||||
|
c.ACLMasterToken = "root"
|
||||||
|
c.ACLDatacenter = "dc1"
|
||||||
|
c.ACLDownPolicy = "deny"
|
||||||
|
c.ACLDefaultPolicy = "deny"
|
||||||
|
}
|
||||||
|
dir, srv := makeDNSServerConfig(t, confFn, nil)
|
||||||
|
defer os.RemoveAll(dir)
|
||||||
|
defer srv.agent.Shutdown()
|
||||||
|
|
||||||
|
testutil.WaitForLeader(t, srv.agent.RPC, "dc1")
|
||||||
|
|
||||||
|
// Register a service
|
||||||
|
args := &structs.RegisterRequest{
|
||||||
|
Datacenter: "dc1",
|
||||||
|
Node: "foo",
|
||||||
|
Address: "127.0.0.1",
|
||||||
|
Service: &structs.NodeService{
|
||||||
|
Service: "foo",
|
||||||
|
Port: 12345,
|
||||||
|
},
|
||||||
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
||||||
|
}
|
||||||
|
var out struct{}
|
||||||
|
if err := srv.agent.RPC("Catalog.Register", args, &out); err != nil {
|
||||||
|
t.Fatalf("err: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set up the DNS query
|
||||||
|
c := new(dns.Client)
|
||||||
|
addr, _ := srv.agent.config.ClientListener("", srv.agent.config.Ports.DNS)
|
||||||
|
m := new(dns.Msg)
|
||||||
|
m.SetQuestion("foo.service.consul.", dns.TypeA)
|
||||||
|
|
||||||
|
// Query with the root token. Should get results.
|
||||||
|
srv.agent.config.ACLToken = "root"
|
||||||
|
in, _, err := c.Exchange(m, addr.String())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("err: %v", err)
|
||||||
|
}
|
||||||
|
if len(in.Answer) != 1 {
|
||||||
|
t.Fatalf("Bad: %#v", in)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Query with a non-root token without access. Should get nothing.
|
||||||
|
srv.agent.config.ACLToken = "anonymous"
|
||||||
|
in, _, err = c.Exchange(m, addr.String())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("err: %v", err)
|
||||||
|
}
|
||||||
|
if len(in.Answer) != 0 {
|
||||||
|
t.Fatalf("Bad: %#v", in)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue