teach lua about search and ndots settings in resolv.conf

2019-08-09 15:19:56 -04:00 · 2019-08-09 15:19:56 -04:00 · 7b4655bb39
commit 7b4655bb39
parent adef152db8
7 changed files with 202 additions and 85 deletions
--- a/rootfs/etc/nginx/lua/test/util/dns_test.lua
+++ b/rootfs/etc/nginx/lua/test/util/dns_test.lua
@ -9,45 +9,81 @@ helpers.with_resolv_conf(conf, function()
  require("util.resolv_conf")
 end)

-describe("resolve", function()
-  local dns = require("util.dns")
+describe("dns.lookup", function()
+  local dns, dns_lookup, spy_ngx_log
+
+  before_each(function()
+    spy_ngx_log = spy.on(ngx, "log")
+    dns = require("util.dns")
+    dns_lookup = dns.lookup
+  end)
+
+  after_each(function()
+    package.loaded["util.dns"] = nil
+  end)

  it("sets correct nameservers", function()
    helpers.mock_resty_dns_new(function(self, options)
      assert.are.same({ nameservers = { "1.2.3.4", "4.5.6.7" }, retrans = 5, timeout = 2000 }, options)
      return nil, ""
    end)
-    dns.resolve("example.com")
+    dns_lookup("example.com")
  end)

-  it("returns host when an error happens", function()
-    local s_ngx_log = spy.on(ngx, "log")
+  describe("when there's an error", function()
+    it("returns host when resolver can not be instantiated", function()
+      helpers.mock_resty_dns_new(function(...) return nil, "an error" end)
+      assert.are.same({ "example.com" }, dns_lookup("example.com"))
+      assert.spy(spy_ngx_log).was_called_with(ngx.ERR, "failed to instantiate the resolver: an error")
+    end)

-    helpers.mock_resty_dns_new(function(...) return nil, "an error" end)
-    assert.are.same({ "example.com" }, dns.resolve("example.com"))
-    assert.spy(s_ngx_log).was_called_with(ngx.ERR, "failed to instantiate the resolver: an error")
+    it("returns host when the query returns nil", function()
+      helpers.mock_resty_dns_query(nil, nil, "oops!")
+      assert.are.same({ "example.com" }, dns_lookup("example.com"))    
+      assert.spy(spy_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\noops!\noops!")
+    end)

-    helpers.mock_resty_dns_query(nil, "oops!")
-    assert.are.same({ "example.com" }, dns.resolve("example.com"))    
-    assert.spy(s_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\noops!\noops!")
+    it("returns host when the query returns empty answer", function()
+      helpers.mock_resty_dns_query(nil, {})
+      assert.are.same({ "example.com" }, dns_lookup("example.com"))
+      assert.spy(spy_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\nno A record resolved\nno AAAA record resolved")
+    end)

-    helpers.mock_resty_dns_query({ errcode = 1, errstr = "format error" })
-    assert.are.same({ "example.com" }, dns.resolve("example.com"))
-    assert.spy(s_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\nserver returned error code: 1: format error\nserver returned error code: 1: format error")
+    it("returns host when there's answer but with error", function()
+      helpers.mock_resty_dns_query(nil, { errcode = 1, errstr = "format error" })
+      assert.are.same({ "example.com" }, dns_lookup("example.com"))
+      assert.spy(spy_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\n" ..
+        "server returned error code: 1: format error\nserver returned error code: 1: format error")
+    end)

-    helpers.mock_resty_dns_query({})
-    assert.are.same({ "example.com" }, dns.resolve("example.com"))
-    assert.spy(s_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\nno record resolved\nno record resolved")
+    it("retuns host when there's answer but no A/AAAA record in it", function()
+      helpers.mock_resty_dns_query(nil, { { name = "example.com", cname = "sub.example.com", ttl = 60 } })
+      assert.are.same({ "example.com" }, dns_lookup("example.com"))
+      assert.spy(spy_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\nno A record resolved\nno AAAA record resolved")
+    end)

-    helpers.mock_resty_dns_query({ { name = "example.com", cname = "sub.example.com", ttl = 60 } })
-    assert.are.same({ "example.com" }, dns.resolve("example.com"))
-    assert.spy(s_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\nno record resolved\nno record resolved")
+    it("returns host when the query returns nil and number of dots is not less than configured ndots", function()
+      helpers.mock_resty_dns_query(nil, nil, "oops!")
+      assert.are.same({ "a.b.c.d.example.com" }, dns_lookup("a.b.c.d.example.com"))    
+      assert.spy(spy_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\noops!\noops!")
+    end)
+
+    it("returns host when the query returns nil for a fully qualified domain", function()
+      helpers.mock_resty_dns_query("example.com.", nil, "oops!")
+      assert.are.same({ "example.com." }, dns_lookup("example.com."))
+      assert.spy(spy_ngx_log).was_called_with(ngx.ERR, "failed to query the DNS server:\noops!\noops!")
+    end)
  end)

-  it("resolves all A records of given host, caches them with minimal ttl and returns from cache next time", function()
-    helpers.mock_resty_dns_query({
+  it("returns answer from cache if it exists without doing actual DNS query", function()
+    dns._cache:set("example.com", { "192.168.1.1" })
+    assert.are.same({ "192.168.1.1" }, dns_lookup("example.com"))
+  end)
+
+  it("resolves a fully qualified domain without looking at resolv.conf search and caches result", function()
+    helpers.mock_resty_dns_query("example.com.", {
      {
-        name = "example.com",
+        name = "example.com.",
        address = "192.168.1.1",
        ttl = 3600,
      },
@ -57,28 +93,43 @@ describe("resolve", function()
        ttl = 60,
      }
    })
+    assert.are.same({ "192.168.1.1", "1.2.3.4" }, dns_lookup("example.com."))
+    assert.are.same({ "192.168.1.1", "1.2.3.4" }, dns._cache:get("example.com."))
+  end)

-    local lrucache = require("resty.lrucache")
-    local old_lrucache_new = lrucache.new
-    lrucache.new = function(...)
-      local cache = old_lrucache_new(...)
+  it("starts with host itself when number of dots is not less than configured ndots", function()
+    local host = "a.b.c.d.example.com"
+    helpers.mock_resty_dns_query(host, { { name = host, address = "192.168.1.1", ttl = 3600, } } )

-      local old_set = cache.set
-      cache.set = function(self, key, value, ttl)
-        assert.equal("example.com", key)
-        assert.are.same({ "192.168.1.1", "1.2.3.4" }, value)
-        assert.equal(60, ttl)
-        return old_set(self, key, value, ttl)
-      end
+    assert.are.same({ "192.168.1.1" }, dns_lookup(host))
+    assert.are.same({ "192.168.1.1" }, dns._cache:get(host))
+  end)

-      return cache
-    end
+  it("starts with first search entry when number of dots is less than configured ndots", function()
+    local host = "example.com.ingress-nginx.svc.cluster.local"
+    helpers.mock_resty_dns_query(host, { { name = host, address = "192.168.1.1", ttl = 3600, } } )

-    assert.are.same({ "192.168.1.1", "1.2.3.4" }, dns.resolve("example.com"))
+    assert.are.same({ "192.168.1.1" }, dns_lookup(host))
+    assert.are.same({ "192.168.1.1" }, dns._cache:get(host))
+  end)

-    helpers.mock_resty_dns_new(function(...)
-      error("expected to short-circuit and return response from cache")
-    end)
-    assert.are.same({ "192.168.1.1", "1.2.3.4" }, dns.resolve("example.com"))
+  it("it caches with minimal ttl", function()
+    helpers.mock_resty_dns_query("example.com.", {
+      {
+        name = "example.com.",
+        address = "192.168.1.1",
+        ttl = 3600,
+      },
+      {
+        name = "example.com.",
+        address = "1.2.3.4",
+        ttl = 60,
+      }
+    })
+
+    local spy_cache_set = spy.on(dns._cache, "set")
+
+    assert.are.same({ "192.168.1.1", "1.2.3.4" }, dns_lookup("example.com."))
+    assert.spy(spy_cache_set).was_called_with(match.is_table(), "example.com.", { "192.168.1.1", "1.2.3.4" }, 60)
  end)
 end)