mirror of https://github.com/hashicorp/consul
agent: testing dns when acls are in use
parent
fb3938d88e
commit
f7f7c4695e
|
@ -13,22 +13,38 @@ import (
|
|||
"github.com/miekg/dns"
|
||||
)
|
||||
|
||||
func makeDNSServer(t *testing.T, config *DNSConfig, recursor *dns.Server) (string, *DNSServer) {
|
||||
if config == nil {
|
||||
config = &DNSConfig{}
|
||||
func makeDNSServer(t *testing.T) (string, *DNSServer) {
|
||||
return makeDNSServerConfig(t, nil, nil)
|
||||
}
|
||||
recursors := []string{}
|
||||
if recursor != nil {
|
||||
recursors = append(recursors, recursor.Addr)
|
||||
|
||||
func makeDNSServerConfig(
|
||||
t *testing.T,
|
||||
agentFn func(c *Config),
|
||||
dnsFn func(*DNSConfig)) (string, *DNSServer) {
|
||||
// Create the configs and apply the functions
|
||||
agentConf := nextConfig()
|
||||
if agentFn != nil {
|
||||
agentFn(agentConf)
|
||||
}
|
||||
conf := nextConfig()
|
||||
addr, _ := conf.ClientListener(conf.Addresses.DNS, conf.Ports.DNS)
|
||||
dir, agent := makeAgent(t, conf)
|
||||
server, err := NewDNSServer(agent, config, agent.logOutput,
|
||||
conf.Domain, addr.String(), recursors)
|
||||
dnsConf := &DNSConfig{}
|
||||
if dnsFn != nil {
|
||||
dnsFn(dnsConf)
|
||||
}
|
||||
|
||||
// Add in the recursor if any
|
||||
if r := agentConf.DNSRecursor; r != "" {
|
||||
agentConf.DNSRecursors = append(agentConf.DNSRecursors, r)
|
||||
}
|
||||
|
||||
// Start the server
|
||||
addr, _ := agentConf.ClientListener(agentConf.Addresses.DNS, agentConf.Ports.DNS)
|
||||
dir, agent := makeAgent(t, agentConf)
|
||||
server, err := NewDNSServer(agent, dnsConf, agent.logOutput,
|
||||
agentConf.Domain, addr.String(), agentConf.DNSRecursors)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
return dir, server
|
||||
}
|
||||
|
||||
|
@ -90,7 +106,7 @@ func TestRecursorAddr(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_NodeLookup(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -160,7 +176,7 @@ func TestDNS_NodeLookup(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -194,7 +210,7 @@ func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_NodeLookup_PeriodName(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -236,7 +252,7 @@ func TestDNS_NodeLookup_PeriodName(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_NodeLookup_AAAA(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -287,7 +303,9 @@ func TestDNS_NodeLookup_CNAME(t *testing.T) {
|
|||
})
|
||||
defer recursor.Shutdown()
|
||||
|
||||
dir, srv := makeDNSServer(t, nil, recursor)
|
||||
dir, srv := makeDNSServerConfig(t, func(c *Config) {
|
||||
c.DNSRecursor = recursor.Addr
|
||||
}, nil)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -333,7 +351,7 @@ func TestDNS_NodeLookup_CNAME(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ReverseLookup(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -375,7 +393,7 @@ func TestDNS_ReverseLookup(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ReverseLookup_CustomDomain(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
srv.domain = dns.Fqdn("custom")
|
||||
|
@ -418,7 +436,7 @@ func TestDNS_ReverseLookup_CustomDomain(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ReverseLookup_IPV6(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -460,7 +478,7 @@ func TestDNS_ReverseLookup_IPV6(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -527,7 +545,7 @@ func TestDNS_ServiceLookup(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -595,7 +613,7 @@ func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -634,7 +652,7 @@ func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_TagPeriod(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -695,7 +713,7 @@ func TestDNS_ServiceLookup_TagPeriod(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_Dedup(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -772,7 +790,7 @@ func TestDNS_ServiceLookup_Dedup(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_Dedup_SRV(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -880,7 +898,9 @@ func TestDNS_Recurse(t *testing.T) {
|
|||
recursor := makeRecursor(t, []dns.RR{dnsA("apple.com", "1.2.3.4")})
|
||||
defer recursor.Shutdown()
|
||||
|
||||
dir, srv := makeDNSServer(t, nil, recursor)
|
||||
dir, srv := makeDNSServerConfig(t, func(c *Config) {
|
||||
c.DNSRecursor = recursor.Addr
|
||||
}, nil)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -903,7 +923,7 @@ func TestDNS_Recurse(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_FilterCritical(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -1034,7 +1054,9 @@ func TestDNS_ServiceLookup_FilterCritical(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, &DNSConfig{OnlyPassing: true}, nil)
|
||||
dir, srv := makeDNSServerConfig(t, nil, func(c *DNSConfig) {
|
||||
c.OnlyPassing = true
|
||||
})
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -1150,7 +1172,7 @@ func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_Randomize(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -1218,10 +1240,9 @@ func TestDNS_ServiceLookup_Randomize(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_Truncate(t *testing.T) {
|
||||
config := &DNSConfig{
|
||||
EnableTruncate: true,
|
||||
}
|
||||
dir, srv := makeDNSServer(t, config, nil)
|
||||
dir, srv := makeDNSServerConfig(t, nil, func(c *DNSConfig) {
|
||||
c.EnableTruncate = true
|
||||
})
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -1269,7 +1290,9 @@ func TestDNS_ServiceLookup_CNAME(t *testing.T) {
|
|||
})
|
||||
defer recursor.Shutdown()
|
||||
|
||||
dir, srv := makeDNSServer(t, nil, recursor)
|
||||
dir, srv := makeDNSServerConfig(t, func(c *Config) {
|
||||
c.DNSRecursor = recursor.Addr
|
||||
}, nil)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -1337,13 +1360,13 @@ func TestDNS_NodeLookup_TTL(t *testing.T) {
|
|||
})
|
||||
defer recursor.Shutdown()
|
||||
|
||||
config := &DNSConfig{
|
||||
NodeTTL: 10 * time.Second,
|
||||
AllowStale: true,
|
||||
MaxStale: time.Second,
|
||||
}
|
||||
|
||||
dir, srv := makeDNSServer(t, config, recursor)
|
||||
dir, srv := makeDNSServerConfig(t, func(c *Config) {
|
||||
c.DNSRecursor = recursor.Addr
|
||||
}, func(c *DNSConfig) {
|
||||
c.NodeTTL = 10 * time.Second
|
||||
c.AllowStale = true
|
||||
c.MaxStale = time.Second
|
||||
})
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -1456,16 +1479,16 @@ func TestDNS_NodeLookup_TTL(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_TTL(t *testing.T) {
|
||||
config := &DNSConfig{
|
||||
ServiceTTL: map[string]time.Duration{
|
||||
confFn := func(c *DNSConfig) {
|
||||
c.ServiceTTL = map[string]time.Duration{
|
||||
"db": 10 * time.Second,
|
||||
"*": 5 * time.Second,
|
||||
},
|
||||
AllowStale: true,
|
||||
MaxStale: time.Second,
|
||||
}
|
||||
c.AllowStale = true
|
||||
c.MaxStale = time.Second
|
||||
|
||||
dir, srv := makeDNSServer(t, config, nil)
|
||||
}
|
||||
dir, srv := makeDNSServerConfig(t, nil, confFn)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -1560,7 +1583,7 @@ func TestDNS_ServiceLookup_TTL(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -1627,7 +1650,7 @@ func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) {
|
||||
dir, srv := makeDNSServer(t, nil, nil)
|
||||
dir, srv := makeDNSServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
|
@ -1692,3 +1715,59 @@ func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) {
|
|||
t.Fatalf("Bad: %#v", in.Extra[0])
|
||||
}
|
||||
}
|
||||
|
||||
func TestDNS_ServiceLookup_FilterACL(t *testing.T) {
|
||||
confFn := func(c *Config) {
|
||||
c.ACLMasterToken = "root"
|
||||
c.ACLDatacenter = "dc1"
|
||||
c.ACLDownPolicy = "deny"
|
||||
c.ACLDefaultPolicy = "deny"
|
||||
}
|
||||
dir, srv := makeDNSServerConfig(t, confFn, nil)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
testutil.WaitForLeader(t, srv.agent.RPC, "dc1")
|
||||
|
||||
// Register a service
|
||||
args := &structs.RegisterRequest{
|
||||
Datacenter: "dc1",
|
||||
Node: "foo",
|
||||
Address: "127.0.0.1",
|
||||
Service: &structs.NodeService{
|
||||
Service: "foo",
|
||||
Port: 12345,
|
||||
},
|
||||
WriteRequest: structs.WriteRequest{Token: "root"},
|
||||
}
|
||||
var out struct{}
|
||||
if err := srv.agent.RPC("Catalog.Register", args, &out); err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
// Set up the DNS query
|
||||
c := new(dns.Client)
|
||||
addr, _ := srv.agent.config.ClientListener("", srv.agent.config.Ports.DNS)
|
||||
m := new(dns.Msg)
|
||||
m.SetQuestion("foo.service.consul.", dns.TypeA)
|
||||
|
||||
// Query with the root token. Should get results.
|
||||
srv.agent.config.ACLToken = "root"
|
||||
in, _, err := c.Exchange(m, addr.String())
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if len(in.Answer) != 1 {
|
||||
t.Fatalf("Bad: %#v", in)
|
||||
}
|
||||
|
||||
// Query with a non-root token without access. Should get nothing.
|
||||
srv.agent.config.ACLToken = "anonymous"
|
||||
in, _, err = c.Exchange(m, addr.String())
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if len(in.Answer) != 0 {
|
||||
t.Fatalf("Bad: %#v", in)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue