[apisix] branch master updated: feat(ops): check dns resolver address is valid (#7079)

Tue, 24 May 2022 20:15:13 -0700 

This is an automated email from the ASF dual-hosted git repository.

spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new d6f8b2a36 feat(ops):   check dns resolver address is valid (#7079)
d6f8b2a36 is described below

commit d6f8b2a369d9129b08b829e2aa4edb6ce756998e
Author: tzssangglass <[email protected]>
AuthorDate: Wed May 25 11:14:56 2022 +0800

    feat(ops):   check dns resolver address is valid (#7079)
---
 apisix/cli/ops.lua |  9 +++++++++
 t/cli/test_dns.sh  | 27 +++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua
index c7af4e622..4a384c037 100644
--- a/apisix/cli/ops.lua
+++ b/apisix/cli/ops.lua
@@ -41,6 +41,7 @@ local execute = os.execute
 local os_rename = os.rename
 local os_remove = os.remove
 local table_insert = table.insert
+local table_remove = table.remove
 local getenv = os.getenv
 local max = math.max
 local floor = math.floor
@@ -612,6 +613,14 @@ Please modify "admin_key" in conf/config.yaml .
                 sys_conf["dns_resolver"][i] = "[" .. r .. "]"
             end
         end
+
+        -- check if the dns_resolver is ipv6 address with zone_id
+        -- Nginx does not support this form
+        if r:find("%%") then
+            stderr:write("unsupported DNS resolver: " .. r ..
+                         ", would ignore this item\n")
+            table_remove(sys_conf["dns_resolver"], i)
+        end
     end
 
     local env_worker_processes = getenv("APISIX_WORKER_PROCESSES")
diff --git a/t/cli/test_dns.sh b/t/cli/test_dns.sh
index 38a2e9d1f..7c656f72f 100755
--- a/t/cli/test_dns.sh
+++ b/t/cli/test_dns.sh
@@ -96,3 +96,30 @@ if ! grep "resolver 127.0.0.1 valid=30 ipv6=off;" 
conf/nginx.conf > /dev/null; t
     echo "failed: ipv6 config doesn't take effect"
     exit 1
 fi
+
+# check dns resolver address
+echo '
+apisix:
+  dns_resolver:
+    - 127.0.0.1
+    - "fe80::21c:42ff:fe00:18%eth0"
+' > conf/config.yaml
+
+out=$(make init 2>&1 || true)
+
+if ! echo "$out" | grep "unsupported DNS resolver"; then
+    echo "failed: should check dns resolver is unsupported"
+    exit 1
+fi
+
+if ! grep "resolver 127.0.0.1 ipv6=on;" conf/nginx.conf > /dev/null; then
+    echo "failed: should skip unsupported DNS resolver"
+    exit 1
+fi
+
+if grep "fe80::21c:42ff:fe00:18%eth0" conf/nginx.conf > /dev/null; then
+    echo "failed: should skip unsupported DNS resolver"
+    exit 1
+fi
+
+echo "passed: check dns resolver"

Reply via email to