agent: testing dns when acls are in use

This commit is contained in:
Ryan Uber 2015-06-12 15:59:18 -07:00
parent fb3938d88e
commit f7f7c4695e
1 changed files with 129 additions and 50 deletions

View File

@ -13,22 +13,38 @@ import (
"github.com/miekg/dns"
)
func makeDNSServer(t *testing.T, config *DNSConfig, recursor *dns.Server) (string, *DNSServer) {
if config == nil {
config = &DNSConfig{}
func makeDNSServer(t *testing.T) (string, *DNSServer) {
return makeDNSServerConfig(t, nil, nil)
}
func makeDNSServerConfig(
t *testing.T,
agentFn func(c *Config),
dnsFn func(*DNSConfig)) (string, *DNSServer) {
// Create the configs and apply the functions
agentConf := nextConfig()
if agentFn != nil {
agentFn(agentConf)
}
recursors := []string{}
if recursor != nil {
recursors = append(recursors, recursor.Addr)
dnsConf := &DNSConfig{}
if dnsFn != nil {
dnsFn(dnsConf)
}
conf := nextConfig()
addr, _ := conf.ClientListener(conf.Addresses.DNS, conf.Ports.DNS)
dir, agent := makeAgent(t, conf)
server, err := NewDNSServer(agent, config, agent.logOutput,
conf.Domain, addr.String(), recursors)
// Add in the recursor if any
if r := agentConf.DNSRecursor; r != "" {
agentConf.DNSRecursors = append(agentConf.DNSRecursors, r)
}
// Start the server
addr, _ := agentConf.ClientListener(agentConf.Addresses.DNS, agentConf.Ports.DNS)
dir, agent := makeAgent(t, agentConf)
server, err := NewDNSServer(agent, dnsConf, agent.logOutput,
agentConf.Domain, addr.String(), agentConf.DNSRecursors)
if err != nil {
t.Fatalf("err: %v", err)
}
return dir, server
}
@ -90,7 +106,7 @@ func TestRecursorAddr(t *testing.T) {
}
func TestDNS_NodeLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -160,7 +176,7 @@ func TestDNS_NodeLookup(t *testing.T) {
}
func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -194,7 +210,7 @@ func TestDNS_CaseInsensitiveNodeLookup(t *testing.T) {
}
func TestDNS_NodeLookup_PeriodName(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -236,7 +252,7 @@ func TestDNS_NodeLookup_PeriodName(t *testing.T) {
}
func TestDNS_NodeLookup_AAAA(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -287,7 +303,9 @@ func TestDNS_NodeLookup_CNAME(t *testing.T) {
})
defer recursor.Shutdown()
dir, srv := makeDNSServer(t, nil, recursor)
dir, srv := makeDNSServerConfig(t, func(c *Config) {
c.DNSRecursor = recursor.Addr
}, nil)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -333,7 +351,7 @@ func TestDNS_NodeLookup_CNAME(t *testing.T) {
}
func TestDNS_ReverseLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -375,7 +393,7 @@ func TestDNS_ReverseLookup(t *testing.T) {
}
func TestDNS_ReverseLookup_CustomDomain(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
srv.domain = dns.Fqdn("custom")
@ -418,7 +436,7 @@ func TestDNS_ReverseLookup_CustomDomain(t *testing.T) {
}
func TestDNS_ReverseLookup_IPV6(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -460,7 +478,7 @@ func TestDNS_ReverseLookup_IPV6(t *testing.T) {
}
func TestDNS_ServiceLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -527,7 +545,7 @@ func TestDNS_ServiceLookup(t *testing.T) {
}
func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -595,7 +613,7 @@ func TestDNS_ServiceLookup_ServiceAddress(t *testing.T) {
}
func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -634,7 +652,7 @@ func TestDNS_CaseInsensitiveServiceLookup(t *testing.T) {
}
func TestDNS_ServiceLookup_TagPeriod(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -695,7 +713,7 @@ func TestDNS_ServiceLookup_TagPeriod(t *testing.T) {
}
func TestDNS_ServiceLookup_Dedup(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -772,7 +790,7 @@ func TestDNS_ServiceLookup_Dedup(t *testing.T) {
}
func TestDNS_ServiceLookup_Dedup_SRV(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -880,7 +898,9 @@ func TestDNS_Recurse(t *testing.T) {
recursor := makeRecursor(t, []dns.RR{dnsA("apple.com", "1.2.3.4")})
defer recursor.Shutdown()
dir, srv := makeDNSServer(t, nil, recursor)
dir, srv := makeDNSServerConfig(t, func(c *Config) {
c.DNSRecursor = recursor.Addr
}, nil)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -903,7 +923,7 @@ func TestDNS_Recurse(t *testing.T) {
}
func TestDNS_ServiceLookup_FilterCritical(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -1034,7 +1054,9 @@ func TestDNS_ServiceLookup_FilterCritical(t *testing.T) {
}
func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) {
dir, srv := makeDNSServer(t, &DNSConfig{OnlyPassing: true}, nil)
dir, srv := makeDNSServerConfig(t, nil, func(c *DNSConfig) {
c.OnlyPassing = true
})
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -1150,7 +1172,7 @@ func TestDNS_ServiceLookup_OnlyPassing(t *testing.T) {
}
func TestDNS_ServiceLookup_Randomize(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -1218,10 +1240,9 @@ func TestDNS_ServiceLookup_Randomize(t *testing.T) {
}
func TestDNS_ServiceLookup_Truncate(t *testing.T) {
config := &DNSConfig{
EnableTruncate: true,
}
dir, srv := makeDNSServer(t, config, nil)
dir, srv := makeDNSServerConfig(t, nil, func(c *DNSConfig) {
c.EnableTruncate = true
})
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -1269,7 +1290,9 @@ func TestDNS_ServiceLookup_CNAME(t *testing.T) {
})
defer recursor.Shutdown()
dir, srv := makeDNSServer(t, nil, recursor)
dir, srv := makeDNSServerConfig(t, func(c *Config) {
c.DNSRecursor = recursor.Addr
}, nil)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -1337,13 +1360,13 @@ func TestDNS_NodeLookup_TTL(t *testing.T) {
})
defer recursor.Shutdown()
config := &DNSConfig{
NodeTTL: 10 * time.Second,
AllowStale: true,
MaxStale: time.Second,
}
dir, srv := makeDNSServer(t, config, recursor)
dir, srv := makeDNSServerConfig(t, func(c *Config) {
c.DNSRecursor = recursor.Addr
}, func(c *DNSConfig) {
c.NodeTTL = 10 * time.Second
c.AllowStale = true
c.MaxStale = time.Second
})
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -1456,16 +1479,16 @@ func TestDNS_NodeLookup_TTL(t *testing.T) {
}
func TestDNS_ServiceLookup_TTL(t *testing.T) {
config := &DNSConfig{
ServiceTTL: map[string]time.Duration{
confFn := func(c *DNSConfig) {
c.ServiceTTL = map[string]time.Duration{
"db": 10 * time.Second,
"*": 5 * time.Second,
},
AllowStale: true,
MaxStale: time.Second,
}
c.AllowStale = true
c.MaxStale = time.Second
dir, srv := makeDNSServer(t, config, nil)
}
dir, srv := makeDNSServerConfig(t, nil, confFn)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -1560,7 +1583,7 @@ func TestDNS_ServiceLookup_TTL(t *testing.T) {
}
func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -1627,7 +1650,7 @@ func TestDNS_ServiceLookup_SRV_RFC(t *testing.T) {
}
func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) {
dir, srv := makeDNSServer(t, nil, nil)
dir, srv := makeDNSServer(t)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
@ -1692,3 +1715,59 @@ func TestDNS_ServiceLookup_SRV_RFC_TCP_Default(t *testing.T) {
t.Fatalf("Bad: %#v", in.Extra[0])
}
}
func TestDNS_ServiceLookup_FilterACL(t *testing.T) {
confFn := func(c *Config) {
c.ACLMasterToken = "root"
c.ACLDatacenter = "dc1"
c.ACLDownPolicy = "deny"
c.ACLDefaultPolicy = "deny"
}
dir, srv := makeDNSServerConfig(t, confFn, nil)
defer os.RemoveAll(dir)
defer srv.agent.Shutdown()
testutil.WaitForLeader(t, srv.agent.RPC, "dc1")
// Register a service
args := &structs.RegisterRequest{
Datacenter: "dc1",
Node: "foo",
Address: "127.0.0.1",
Service: &structs.NodeService{
Service: "foo",
Port: 12345,
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
var out struct{}
if err := srv.agent.RPC("Catalog.Register", args, &out); err != nil {
t.Fatalf("err: %v", err)
}
// Set up the DNS query
c := new(dns.Client)
addr, _ := srv.agent.config.ClientListener("", srv.agent.config.Ports.DNS)
m := new(dns.Msg)
m.SetQuestion("foo.service.consul.", dns.TypeA)
// Query with the root token. Should get results.
srv.agent.config.ACLToken = "root"
in, _, err := c.Exchange(m, addr.String())
if err != nil {
t.Fatalf("err: %v", err)
}
if len(in.Answer) != 1 {
t.Fatalf("Bad: %#v", in)
}
// Query with a non-root token without access. Should get nothing.
srv.agent.config.ACLToken = "anonymous"
in, _, err = c.Exchange(m, addr.String())
if err != nil {
t.Fatalf("err: %v", err)
}
if len(in.Answer) != 0 {
t.Fatalf("Bad: %#v", in)
}
}