3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-24 06:27:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

controlplane: only enable STATIC dns when all adresses are IP addresses (#1822)

Browse source
This commit is contained in:
Caleb Doxsey 2021-01-25 15:49:58 -07:00 committed by GitHub
parent 979e8f9cec
commit bcc8c17855
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

26
internal/controlplane/xds_cluster_test.go
View file

@ -211,7 +211,7 @@ func Test_buildCluster(t *testing.T) {
rootCA := srv.filemgr.FileDataSource(rootCAPath).GetFilename() rootCA := srv.filemgr.FileDataSource(rootCAPath).GetFilename()
t.Run("insecure", func(t *testing.T) { t.Run("insecure", func(t *testing.T) {
endpoints := srv.buildPolicyEndpoints(&config.Policy{ endpoints := srv.buildPolicyEndpoints(&config.Policy{
Destinations: mustParseURLs("http://example.com"), Destinations: mustParseURLs("http://example.com", "http://1.2.3.4"),
}) })
cluster := newDefaultEnvoyClusterConfig() cluster := newDefaultEnvoyClusterConfig()
cluster.DnsLookupFamily = envoy_config_cluster_v3.Cluster_V4_ONLY cluster.DnsLookupFamily = envoy_config_cluster_v3.Cluster_V4_ONLY
@ -240,6 +240,16 @@ func Test_buildCluster(t *testing.T) {
} }
} }
} }
}, {
"endpoint": {
"address": {
"socketAddress": {
"address": "1.2.3.4",
"ipv4Compat": true,
"portValue": 80
}
}
}
}] }]
}] }]
} }
@ -340,9 +350,9 @@ func Test_buildCluster(t *testing.T) {
} }
`, cluster) `, cluster)
}) })
t.Run("ip address", func(t *testing.T) { t.Run("ip addresses", func(t *testing.T) {
endpoints := srv.buildPolicyEndpoints(&config.Policy{ endpoints := srv.buildPolicyEndpoints(&config.Policy{
Destinations: mustParseURLs("http://127.0.0.1"), Destinations: mustParseURLs("http://127.0.0.1", "http://127.0.0.2"),
}) })
cluster := newDefaultEnvoyClusterConfig() cluster := newDefaultEnvoyClusterConfig()
err := buildCluster(cluster, "example", endpoints, true) err := buildCluster(cluster, "example", endpoints, true)
@ -369,6 +379,16 @@ func Test_buildCluster(t *testing.T) {
} }
} }
} }
},{
"endpoint": {
"address": {
"socketAddress": {
"address": "127.0.0.2",
"ipv4Compat": true,
"portValue": 80
}
}
}
}] }]
}] }]
} }

8
internal/controlplane/xds_clusters.go
View file

@ -292,13 +292,13 @@ func buildCluster(
} }
// for IPs we use a static discovery type, otherwise we use DNS // for IPs we use a static discovery type, otherwise we use DNS
isIP := false allIP := true
for _, lbe := range lbEndpoints { for _, lbe := range lbEndpoints {
if net.ParseIP(urlutil.StripPort(lbe.GetEndpoint().GetAddress().GetSocketAddress().GetAddress())) != nil { if net.ParseIP(urlutil.StripPort(lbe.GetEndpoint().GetAddress().GetSocketAddress().GetAddress())) == nil {
isIP = true allIP = false
} }
} }
if isIP { if allIP {
cluster.ClusterDiscoveryType = &envoy_config_cluster_v3.Cluster_Type{Type: envoy_config_cluster_v3.Cluster_STATIC} cluster.ClusterDiscoveryType = &envoy_config_cluster_v3.Cluster_Type{Type: envoy_config_cluster_v3.Cluster_STATIC}
} else { } else {
cluster.ClusterDiscoveryType = &envoy_config_cluster_v3.Cluster_Type{Type: envoy_config_cluster_v3.Cluster_STRICT_DNS} cluster.ClusterDiscoveryType = &envoy_config_cluster_v3.Cluster_Type{Type: envoy_config_cluster_v3.Cluster_STRICT_DNS}