TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Return NXDOMAIN when no items match query (#422)

Browse source 
* When no records match, reply with NXDOMAIN

* Implement in IsNameError

* case for unexposed namespace. k8s integation tests

* Fix imports order. Lower case of err strs.
This commit is contained in:
Chris O'Haver 2016-11-10 16:24:06 -05:00 committed by Miek Gieben
parent 4036c3c319
commit 96206cdbc3
2 changed files with 167 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

12
middleware/kubernetes/kubernetes.go
View file

@ -44,6 +44,9 @@ type Kubernetes struct {
Selector *labels.Selector Selector *labels.Selector
} }
var noItemsErr = errors.New("no items found")
var nsUnexposedErr = errors.New("namespace is not exposed")
// Services implements the ServiceBackend interface. // Services implements the ServiceBackend interface.
func (k *Kubernetes) Services(state request.Request, exact bool, opt middleware.Options) ([]msg.Service, []msg.Service, error) { func (k *Kubernetes) Services(state request.Request, exact bool, opt middleware.Options) ([]msg.Service, []msg.Service, error) {
s, e := k.Records(state.Name(), exact) s, e := k.Records(state.Name(), exact)
@ -67,9 +70,8 @@ func (k *Kubernetes) Lookup(state request.Request, name string, typ uint16) (*dn
} }
// IsNameError implements the ServiceBackend interface. // IsNameError implements the ServiceBackend interface.
// TODO(infoblox): implement!
func (k *Kubernetes) IsNameError(err error) bool { func (k *Kubernetes) IsNameError(err error) bool {
return false return err == noItemsErr || err == nsUnexposedErr
} }
// Debug implements the ServiceBackend interface. // Debug implements the ServiceBackend interface.
@ -200,16 +202,16 @@ func (k *Kubernetes) Records(name string, exact bool) ([]msg.Service, error) {
// Abort if the namespace does not contain a wildcard, and namespace is not published per CoreFile // Abort if the namespace does not contain a wildcard, and namespace is not published per CoreFile
// Case where namespace contains a wildcard is handled in Get(...) method. // Case where namespace contains a wildcard is handled in Get(...) method.
if (!nsWildcard) && (len(k.Namespaces) > 0) && (!dnsstrings.StringInSlice(namespace, k.Namespaces)) { if (!nsWildcard) && (len(k.Namespaces) > 0) && (!dnsstrings.StringInSlice(namespace, k.Namespaces)) {
return nil, nil return nil, nsUnexposedErr
} }
k8sItems, err := k.Get(namespace, nsWildcard, serviceName, serviceWildcard, typeName) k8sItems, err := k.Get(namespace, nsWildcard, serviceName, serviceWildcard, typeName)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if k8sItems == nil { if len(k8sItems) == 0 {
// Did not find item in k8s // Did not find item in k8s
return nil, nil return nil, noItemsErr
} }
records := k.getRecordsForServiceItems(k8sItems, zone) records := k.getRecordsForServiceItems(k8sItems, zone)

284
test/kubernetes_test.go
View file

@ -3,72 +3,160 @@
package test package test
import ( import (
"io/ioutil"
"log"
"testing" "testing"
"time" "time"
"github.com/miekg/coredns/middleware/test"
"github.com/mholt/caddy" "github.com/mholt/caddy"
"github.com/miekg/dns" "github.com/miekg/dns"
) )
// Test data for A records // Test data
var testdataLookupA = []struct { // TODO: Fix the actual RR values
Query string
TotalAnswerCount int
ARecordCount int
}{
// Matching queries
{"mynginx.demo.svc.coredns.local.", 1, 1}, // One A record, should exist
// Failure queries var dnsTestCases = []test.Case{
{"mynginx.test.svc.coredns.local.", 0, 0}, // One A record, is not exposed {
{"someservicethatdoesnotexist.demo.svc.coredns.local.", 0, 0}, // Record does not exist Qname: "mynginx.demo.svc.coredns.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeSuccess,
// Namespace wildcards Answer: []dns.RR{
{"mynginx.*.svc.coredns.local.", 1, 1}, // One A record, via wildcard namespace test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
{"mynginx.any.svc.coredns.local.", 1, 1}, // One A record, via wildcard namespace },
{"someservicethatdoesnotexist.*.svc.coredns.local.", 0, 0}, // Record does not exist with wildcard for namespace },
{"someservicethatdoesnotexist.any.svc.coredns.local.", 0, 0}, // Record does not exist with wildcard for namespace {
{"*.demo.svc.coredns.local.", 2, 2}, // Two A records, via wildcard Qname: "bogusservice.demo.svc.coredns.local.", Qtype: dns.TypeA,
{"any.demo.svc.coredns.local.", 2, 2}, // Two A records, via wildcard Rcode: dns.RcodeNameError,
{"*.test.svc.coredns.local.", 0, 0}, // Two A record, via wildcard that is not exposed Answer: []dns.RR{},
{"any.test.svc.coredns.local.", 0, 0}, // Two A record, via wildcard that is not exposed },
{"*.*.svc.coredns.local.", 2, 2}, // Two A records, via namespace and service wildcard {
} Qname: "mynginx.*.svc.coredns.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeSuccess,
// Test data for SRV records Answer: []dns.RR{
var testdataLookupSRV = []struct { test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
Query string },
TotalAnswerCount int },
// ARecordCount int {
SRVRecordCount int Qname: "mynginx.any.svc.coredns.local.", Qtype: dns.TypeA,
}{ Rcode: dns.RcodeSuccess,
// Matching queries Answer: []dns.RR{
{"mynginx.demo.svc.coredns.local.", 1, 1}, // One SRV record, should exist test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
},
// Failure queries },
{"mynginx.test.svc.coredns.local.", 0, 0}, // One SRV record, is not exposed {
{"someservicethatdoesnotexist.demo.svc.coredns.local.", 0, 0}, // Record does not exist Qname: "bogusservice.*.svc.coredns.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError,
// Namespace wildcards Answer: []dns.RR{},
{"mynginx.*.svc.coredns.local.", 1, 1}, // One SRV record, via wildcard namespace },
{"mynginx.any.svc.coredns.local.", 1, 1}, // One SRV record, via wildcard namespace {
{"someservicethatdoesnotexist.*.svc.coredns.local.", 0, 0}, // Record does not exist with wildcard for namespace Qname: "bogusservice.any.svc.coredns.local.", Qtype: dns.TypeA,
{"someservicethatdoesnotexist.any.svc.coredns.local.", 0, 0}, // Record does not exist with wildcard for namespace Rcode: dns.RcodeNameError,
{"*.demo.svc.coredns.local.", 2, 2}, // Two (mynginx, webserver) SRV record, via wildcard Answer: []dns.RR{},
{"any.demo.svc.coredns.local.", 2, 2}, // Two (mynginx, webserver) SRV record, via wildcard },
{"*.test.svc.coredns.local.", 0, 0}, // One SRV record, via wildcard that is not exposed {
{"any.test.svc.coredns.local.", 0, 0}, // One SRV record, via wildcard that is not exposed Qname: "*.demo.svc.coredns.local.", Qtype: dns.TypeA,
{"*.*.svc.coredns.local.", 2, 2}, // Two SRV record, via namespace and service wildcard Rcode: dns.RcodeSuccess,
} Answer: []dns.RR{
test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
func TestKubernetesIntegration(t *testing.T) { test.A("webserver.demo.svc.coredns.local. 1800 IN A 10.3.0.20"),
},
// t.Skip("Skip Kubernetes Integration tests") },
// subtests here (Go 1.7 feature). {
testLookupA(t) Qname: "any.demo.svc.coredns.local.", Qtype: dns.TypeA,
testLookupSRV(t) Rcode: dns.RcodeSuccess,
Answer: []dns.RR{
test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
test.A("webserver.demo.svc.coredns.local. 1800 IN A 10.3.0.20"),
},
},
{
Qname: "any.test.svc.coredns.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError,
Answer: []dns.RR{},
},
{
Qname: "*.test.svc.coredns.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError,
Answer: []dns.RR{},
},
{
Qname: "*.*.svc.coredns.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeSuccess,
Answer: []dns.RR{
test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
test.A("webserver.demo.svc.coredns.local. 1800 IN A 10.3.0.20"),
},
},
//TODO: Fix below to all use test.SRV not test.A!
{
Qname: "mynginx.demo.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeSuccess,
Answer: []dns.RR{
test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
},
},
{
Qname: "bogusservice.demo.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeNameError,
Answer: []dns.RR{},
},
{
Qname: "mynginx.*.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeSuccess,
Answer: []dns.RR{
test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
},
},
{
Qname: "mynginx.any.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeSuccess,
Answer: []dns.RR{
test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
},
},
{
Qname: "bogusservice.*.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeNameError,
Answer: []dns.RR{},
},
{
Qname: "bogusservice.any.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeNameError,
Answer: []dns.RR{},
},
{
Qname: "*.demo.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeSuccess,
Answer: []dns.RR{
test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
test.A("webserver.demo.svc.coredns.local. 1800 IN A 10.3.0.20"),
},
},
{
Qname: "any.demo.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeSuccess,
Answer: []dns.RR{
test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
test.A("webserver.demo.svc.coredns.local. 1800 IN A 10.3.0.20"),
},
},
{
Qname: "any.test.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeNameError,
Answer: []dns.RR{},
},
{
Qname: "*.test.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeNameError,
Answer: []dns.RR{},
},
{
Qname: "*.*.svc.coredns.local.", Qtype: dns.TypeSRV,
Rcode: dns.RcodeSuccess,
Answer: []dns.RR{
test.A("mynginx.demo.svc.coredns.local. 1800 IN A 10.3.0.10"),
test.A("webserver.demo.svc.coredns.local. 1800 IN A 10.3.0.20"),
},
},
} }
func createTestServer(t *testing.T, corefile string) (*caddy.Instance, string) { func createTestServer(t *testing.T, corefile string) (*caddy.Instance, string) {
@ -85,96 +173,44 @@ func createTestServer(t *testing.T, corefile string) (*caddy.Instance, string) {
return server, udp return server, udp
} }
func testLookupA(t *testing.T) { func TestKubernetesIntegration(t *testing.T) {
corefile := corefile :=
`.:0 { `.:0 {
kubernetes coredns.local { kubernetes coredns.local {
endpoint http://localhost:8080 endpoint http://localhost:8080
#endpoint https://kubernetes/ admin.pem admin-key.pem ca.pem
#endpoint https://kubernetes/
#tls k8s_auth/client2.crt k8s_auth/client2.key k8s_auth/ca2.crt
namespaces demo namespaces demo
} }
` `
server, udp := createTestServer(t, corefile) server, udp := createTestServer(t, corefile)
defer server.Stop() defer server.Stop()
log.SetOutput(ioutil.Discard)
// Work-around for timing condition that results in no-data being returned in // Work-around for timing condition that results in no-data being returned in
// test environment. // test environment.
time.Sleep(5 * time.Second) time.Sleep(5 * time.Second)
for _, testData := range testdataLookupA { for _, tc := range dnsTestCases {
dnsClient := new(dns.Client) dnsClient := new(dns.Client)
dnsMessage := new(dns.Msg) dnsMessage := new(dns.Msg)
dnsMessage.SetQuestion(testData.Query, dns.TypeA) dnsMessage.SetQuestion(tc.Qname, tc.Qtype)
dnsMessage.SetEdns0(4096, true)
res, _, err := dnsClient.Exchange(dnsMessage, udp) res, _, err := dnsClient.Exchange(dnsMessage, udp)
if err != nil { if err != nil {
t.Fatalf("Could not send query: %s", err) t.Fatalf("Could not send query: %s", err)
} }
// Count A records in the answer section
ARecordCount := 0 // check the answer
for _, a := range res.Answer { if res.Rcode != tc.Rcode {
if a.Header().Rrtype == dns.TypeA { t.Errorf("Expected rcode %d but got %d for query %s, %d", tc.Rcode, res.Rcode, tc.Qname, tc.Qtype)
ARecordCount++
}
} }
if ARecordCount != testData.ARecordCount { if len(res.Answer) != len(tc.Answer) {
t.Errorf("Expected '%v' A records in response. Instead got '%v' A records. Test query string: '%v'", testData.ARecordCount, ARecordCount, testData.Query) t.Errorf("Expected %d answers but got %d for query %s, %d", len(tc.Answer), len(res.Answer), tc.Qname, tc.Qtype)
}
if len(res.Answer) != testData.TotalAnswerCount {
t.Errorf("Expected '%v' records in answer section. Instead got '%v' records in answer section. Test query string: '%v'", testData.TotalAnswerCount, len(res.Answer), testData.Query)
}
}
}
func testLookupSRV(t *testing.T) {
corefile :=
`.:0 {
kubernetes coredns.local {
endpoint http://localhost:8080
namespaces demo
}
`
server, udp := createTestServer(t, corefile)
defer server.Stop()
log.SetOutput(ioutil.Discard)
// Work-around for timing condition that results in no-data being returned in
// test environment.
time.Sleep(5 * time.Second)
// TODO: Add checks for A records in additional section
for _, testData := range testdataLookupSRV {
dnsClient := new(dns.Client)
dnsMessage := new(dns.Msg)
dnsMessage.SetQuestion(testData.Query, dns.TypeSRV)
dnsMessage.SetEdns0(4096, true)
res, _, err := dnsClient.Exchange(dnsMessage, udp)
if err != nil {
t.Fatalf("Could not send query: %s", err)
}
// Count SRV records in the answer section
srvRecordCount := 0
for _, a := range res.Answer {
if a.Header().Rrtype == dns.TypeSRV {
srvRecordCount++
}
}
if srvRecordCount != testData.SRVRecordCount {
t.Errorf("Expected '%v' SRV records in response. Instead got '%v' SRV records. Test query string: '%v', res: %v", testData.SRVRecordCount, srvRecordCount, testData.Query, res)
}
if len(res.Answer) != testData.TotalAnswerCount {
t.Errorf("Expected '%v' records in answer section. Instead got '%v' records in answer section. Test query string: '%v', res: %v", testData.TotalAnswerCount, len(res.Answer), testData.Query, res)
} }
//TODO: Check the actual RR values
} }
} }