agent: testing dns when acls are in use

pull/1029/head
Ryan Uber 2015-06-12 15:59:18 -07:00
parent fb3938d88e
commit f7f7c4695e
1 changed files with 129 additions and 50 deletions

View File

@ -13,22 +13,38 @@ import (
"github.com/miekg/dns" "github.com/miekg/dns"
) )
func makeDNSServer(t *testing.T, config *DNSConfig, recursor *dns.Server) (string, *DNSServer) { func makeDNSServer(t *testing.T) (string, *DNSServer) {
if config == nil { return makeDNSServerConfig(t, nil, nil)
config = &DNSConfig{} }
func makeDNSServerConfig(
t *testing.T,
agentFn func(c *Config),
dnsFn func(*DNSConfig)) (string, *DNSServer) {
// Create the configs and apply the functions
agentConf := nextConfig()
if agentFn != nil {
agentFn(agentConf)
} }
recursors := []string{} dnsConf := &DNSConfig{}
if recursor != nil { if dnsFn != nil {
recursors = append(recursors, recursor.Addr) dnsFn(dnsConf)
} }
conf := nextConfig()
addr, _ := conf.ClientListener(conf.Addresses.DNS, conf.Ports.DNS) // Add in the recursor if any
dir, agent := makeAgent(t, conf) if r := agentConf.DNSRecursor; r != "" {
server, err := NewDNSServer(agent, config, agent.logOutput, agentConf.DNSRecursors = append(agentConf.DNSRecursors, r)
conf.Domain, addr.String(), recursors) }
// Start the server
addr, _ := agentConf.ClientListener(agentConf.Addresses.DNS, agentConf.Ports.DNS)
dir, agent := makeAgent(t, agentConf)
server, err := NewDNSServer(agent, dnsConf, agent.logOutput,
agentConf.Domain, addr.String(), agentConf.DNSRecursors)
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
return dir, server return dir, server
} }
@ -90,7 +106,7 @@ func TestRecursorAddr(t *testing.T) {
} }
func TestDNS_NodeLookup(t *testing.T) { func TestDNS_NodeLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -160,7 +176,7 @@ func TestDNS_NodeLookup(t *testing.T) {
} }
func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) { func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -194,7 +210,7 @@ func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) {
} }
func TestDNS_NodeLookup_PeriodName(t *testing.T) { func TestDNS_NodeLookup_PeriodName(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -236,7 +252,7 @@ func TestDNS_NodeLookup_PeriodName(t *testing.T) {
} }
func TestDNS_NodeLookup_AAAA(t *testing.T) { func TestDNS_NodeLookup_AAAA(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -287,7 +303,9 @@ func TestDNS_NodeLookup_CNAME(t *testing.T) {
}) })
defer recursor.Shutdown() defer recursor.Shutdown()
dir, srv := makeDNSServer(t, nil, recursor) dir, srv := makeDNSServerConfig(t, func(c *Config) {
c.DNSRecursor = recursor.Addr
}, nil)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -333,7 +351,7 @@ func TestDNS_NodeLookup_CNAME(t *testing.T) {
} }
func TestDNS_ReverseLookup(t *testing.T) { func TestDNS_ReverseLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -375,7 +393,7 @@ func TestDNS_ReverseLookup(t *testing.T) {
} }
func TestDNS_ReverseLookup_CustomDomain(t *testing.T) { func TestDNS_ReverseLookup_CustomDomain(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
srv.domain = dns.Fqdn("custom") srv.domain = dns.Fqdn("custom")
@ -418,7 +436,7 @@ func TestDNS_ReverseLookup_CustomDomain(t *testing.T) {
} }
func TestDNS_ReverseLookup_IPV6(t *testing.T) { func TestDNS_ReverseLookup_IPV6(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -460,7 +478,7 @@ func TestDNS_ReverseLookup_IPV6(t *testing.T) {
} }
func TestDNS_ServiceLookup(t *testing.T) { func TestDNS_ServiceLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -527,7 +545,7 @@ func TestDNS_ServiceLookup(t *testing.T) {
} }
func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) { func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -595,7 +613,7 @@ func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) {
} }
func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) { func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -634,7 +652,7 @@ func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) {
} }
func TestDNS_ServiceLookup_TagPeriod(t *testing.T) { func TestDNS_ServiceLookup_TagPeriod(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -695,7 +713,7 @@ func TestDNS_ServiceLookup_TagPeriod(t *testing.T) {
} }
func TestDNS_ServiceLookup_Dedup(t *testing.T) { func TestDNS_ServiceLookup_Dedup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -772,7 +790,7 @@ func TestDNS_ServiceLookup_Dedup(t *testing.T) {
} }
func TestDNS_ServiceLookup_Dedup_SRV(t *testing.T) { func TestDNS_ServiceLookup_Dedup_SRV(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -880,7 +898,9 @@ func TestDNS_Recurse(t *testing.T) {
recursor := makeRecursor(t, []dns.RR{dnsA("apple.com", "1.2.3.4")}) recursor := makeRecursor(t, []dns.RR{dnsA("apple.com", "1.2.3.4")})
defer recursor.Shutdown() defer recursor.Shutdown()
dir, srv := makeDNSServer(t, nil, recursor) dir, srv := makeDNSServerConfig(t, func(c *Config) {
c.DNSRecursor = recursor.Addr
}, nil)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -903,7 +923,7 @@ func TestDNS_Recurse(t *testing.T) {
} }
func TestDNS_ServiceLookup_FilterCritical(t *testing.T) { func TestDNS_ServiceLookup_FilterCritical(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -1034,7 +1054,9 @@ func TestDNS_ServiceLookup_FilterCritical(t *testing.T) {
} }
func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) { func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) {
dir, srv := makeDNSServer(t, &DNSConfig{OnlyPassing: true}, nil) dir, srv := makeDNSServerConfig(t, nil, func(c *DNSConfig) {
c.OnlyPassing = true
})
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -1150,7 +1172,7 @@ func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) {
} }
func TestDNS_ServiceLookup_Randomize(t *testing.T) { func TestDNS_ServiceLookup_Randomize(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -1218,10 +1240,9 @@ func TestDNS_ServiceLookup_Randomize(t *testing.T) {
} }
func TestDNS_ServiceLookup_Truncate(t *testing.T) { func TestDNS_ServiceLookup_Truncate(t *testing.T) {
config := &DNSConfig{ dir, srv := makeDNSServerConfig(t, nil, func(c *DNSConfig) {
EnableTruncate: true, c.EnableTruncate = true
} })
dir, srv := makeDNSServer(t, config, nil)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -1269,7 +1290,9 @@ func TestDNS_ServiceLookup_CNAME(t *testing.T) {
}) })
defer recursor.Shutdown() defer recursor.Shutdown()
dir, srv := makeDNSServer(t, nil, recursor) dir, srv := makeDNSServerConfig(t, func(c *Config) {
c.DNSRecursor = recursor.Addr
}, nil)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -1337,13 +1360,13 @@ func TestDNS_NodeLookup_TTL(t *testing.T) {
}) })
defer recursor.Shutdown() defer recursor.Shutdown()
config := &DNSConfig{ dir, srv := makeDNSServerConfig(t, func(c *Config) {
NodeTTL: 10 * time.Second, c.DNSRecursor = recursor.Addr
AllowStale: true, }, func(c *DNSConfig) {
MaxStale: time.Second, c.NodeTTL = 10 * time.Second
} c.AllowStale = true
c.MaxStale = time.Second
dir, srv := makeDNSServer(t, config, recursor) })
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -1456,16 +1479,16 @@ func TestDNS_NodeLookup_TTL(t *testing.T) {
} }
func TestDNS_ServiceLookup_TTL(t *testing.T) { func TestDNS_ServiceLookup_TTL(t *testing.T) {
config := &DNSConfig{ confFn := func(c *DNSConfig) {
ServiceTTL: map[string]time.Duration{ c.ServiceTTL = map[string]time.Duration{
"db": 10 * time.Second, "db": 10 * time.Second,
"*": 5 * time.Second, "*": 5 * time.Second,
},
AllowStale: true,
MaxStale: time.Second,
} }
c.AllowStale = true
c.MaxStale = time.Second
dir, srv := makeDNSServer(t, config, nil) }
dir, srv := makeDNSServerConfig(t, nil, confFn)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -1560,7 +1583,7 @@ func TestDNS_ServiceLookup_TTL(t *testing.T) {
} }
func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) { func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -1627,7 +1650,7 @@ func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) {
} }
func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) { func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil) dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
defer srv.agent.Shutdown() defer srv.agent.Shutdown()
@ -1692,3 +1715,59 @@ func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) {
t.Fatalf("Bad: %#v", in.Extra[0]) t.Fatalf("Bad: %#v", in.Extra[0])
} }
} }
func TestDNS_ServiceLookup_FilterACL(t *testing.T) {
confFn := func(c *Config) {
c.ACLMasterToken = "root"
c.ACLDatacenter = "dc1"
c.ACLDownPolicy = "deny"
c.ACLDefaultPolicy = "deny"
}
dir, srv := makeDNSServerConfig(t, confFn, nil)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
testutil.WaitForLeader(t, srv.agent.RPC, "dc1")
// Register a service
args := &structs.RegisterRequest{
Datacenter: "dc1",
Node: "foo",
Address: "127.0.0.1",
Service: &structs.NodeService{
Service: "foo",
Port: 12345,
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
var out struct{}
if err := srv.agent.RPC("Catalog.Register", args, &out); err != nil {
t.Fatalf("err: %v", err)
}
// Set up the DNS query
c := new(dns.Client)
addr, _ := srv.agent.config.ClientListener("", srv.agent.config.Ports.DNS)
m := new(dns.Msg)
m.SetQuestion("foo.service.consul.", dns.TypeA)
// Query with the root token. Should get results.
srv.agent.config.ACLToken = "root"
in, _, err := c.Exchange(m, addr.String())
if err != nil {
t.Fatalf("err: %v", err)
}
if len(in.Answer) != 1 {
t.Fatalf("Bad: %#v", in)
}
// Query with a non-root token without access. Should get nothing.
srv.agent.config.ACLToken = "anonymous"
in, _, err = c.Exchange(m, addr.String())
if err != nil {
t.Fatalf("err: %v", err)
}
if len(in.Answer) != 0 {
t.Fatalf("Bad: %#v", in)
}
}