mirror of
https://github.com/outbackdingo/labca.git
synced 2026-01-27 10:19:34 +00:00
Move dns settings from Common to main config
This commit is contained in:
Arjan H
@@ -46,8 +46,10 @@ type config struct {
|
||||
TLS cmd.TLSConfig
|
||||
SAService *cmd.GRPCClientConfig
|
||||
|
||||
DNSTries int
|
||||
DNSResolvers []string
|
||||
DNSTries int
|
||||
DNSResolvers []string
|
||||
DNSTimeout string
|
||||
DNSAllowLoopbackAddresses bool
|
||||
|
||||
// Path to a file containing a list of trusted root certificates for use
|
||||
// during the SMTP connection (as opposed to the gRPC connections).
|
||||
@@ -58,12 +60,6 @@ type config struct {
|
||||
|
||||
Syslog cmd.SyslogConfig
|
||||
Beeline cmd.BeelineConfig
|
||||
|
||||
Common struct {
|
||||
DNSResolver string
|
||||
DNSTimeout string
|
||||
DNSAllowLoopbackAddresses bool
|
||||
}
|
||||
}
|
||||
|
||||
func main() {
|
||||
@@ -93,19 +89,16 @@ func main() {
|
||||
|
||||
clk := cmd.Clock()
|
||||
|
||||
dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
|
||||
dnsTimeout, err := time.ParseDuration(c.Mailer.DNSTimeout)
|
||||
cmd.FailOnError(err, "Couldn't parse DNS timeout")
|
||||
dnsTries := c.Mailer.DNSTries
|
||||
if dnsTries < 1 {
|
||||
dnsTries = 1
|
||||
}
|
||||
var resolver bdns.Client
|
||||
if len(c.Common.DNSResolver) != 0 {
|
||||
c.Mailer.DNSResolvers = append(c.Mailer.DNSResolvers, c.Common.DNSResolver)
|
||||
}
|
||||
servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers)
|
||||
cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
|
||||
if !c.Common.DNSAllowLoopbackAddresses {
|
||||
if !c.Mailer.DNSAllowLoopbackAddresses {
|
||||
r := bdns.New(
|
||||
dnsTimeout,
|
||||
servers,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go
|
||||
index b0b85495..9a21445c 100644
|
||||
index b0b85495..462e7c26 100644
|
||||
--- a/cmd/bad-key-revoker/main.go
|
||||
+++ b/cmd/bad-key-revoker/main.go
|
||||
@@ -19,6 +19,7 @@ import (
|
||||
@@ -10,46 +10,32 @@ index b0b85495..9a21445c 100644
|
||||
"github.com/letsencrypt/boulder/cmd"
|
||||
"github.com/letsencrypt/boulder/config"
|
||||
"github.com/letsencrypt/boulder/core"
|
||||
@@ -393,6 +394,9 @@ type Config struct {
|
||||
@@ -393,6 +394,11 @@ type Config struct {
|
||||
TLS cmd.TLSConfig
|
||||
RAService *cmd.GRPCClientConfig
|
||||
|
||||
+ DNSTries int
|
||||
+ DNSResolvers []string
|
||||
+ DNSTries int
|
||||
+ DNSResolvers []string
|
||||
+ DNSTimeout string
|
||||
+ DNSAllowLoopbackAddresses bool
|
||||
+
|
||||
// MaximumRevocations specifies the maximum number of certificates associated with
|
||||
// a key hash that bad-key-revoker will attempt to revoke. If the number of certificates
|
||||
// is higher than MaximumRevocations bad-key-revoker will error out and refuse to
|
||||
@@ -426,6 +430,12 @@ type Config struct {
|
||||
|
||||
Syslog cmd.SyslogConfig
|
||||
Beeline cmd.BeelineConfig
|
||||
+
|
||||
+ Common struct {
|
||||
+ DNSResolver string
|
||||
+ DNSTimeout string
|
||||
+ DNSAllowLoopbackAddresses bool
|
||||
+ }
|
||||
}
|
||||
|
||||
func main() {
|
||||
@@ -462,6 +472,32 @@ func main() {
|
||||
@@ -462,6 +468,29 @@ func main() {
|
||||
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
|
||||
rac := rapb.NewRegistrationAuthorityClient(conn)
|
||||
|
||||
+ dnsTimeout, err := time.ParseDuration(config.Common.DNSTimeout)
|
||||
+ dnsTimeout, err := time.ParseDuration(config.BadKeyRevoker.DNSTimeout)
|
||||
+ cmd.FailOnError(err, "Couldn't parse DNS timeout")
|
||||
+ dnsTries := config.BadKeyRevoker.DNSTries
|
||||
+ if dnsTries < 1 {
|
||||
+ dnsTries = 1
|
||||
+ }
|
||||
+ var resolver bdns.Client
|
||||
+ if len(config.Common.DNSResolver) != 0 {
|
||||
+ config.BadKeyRevoker.DNSResolvers = append(config.BadKeyRevoker.DNSResolvers, config.Common.DNSResolver)
|
||||
+ }
|
||||
+ servers, err := bdns.NewStaticProvider(config.BadKeyRevoker.DNSResolvers)
|
||||
+ cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
|
||||
+ if !config.Common.DNSAllowLoopbackAddresses {
|
||||
+ if !config.BadKeyRevoker.DNSAllowLoopbackAddresses {
|
||||
+ r := bdns.New(
|
||||
+ dnsTimeout,
|
||||
+ servers,
|
||||
@@ -66,7 +52,7 @@ index b0b85495..9a21445c 100644
|
||||
var smtpRoots *x509.CertPool
|
||||
if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" {
|
||||
pem, err := os.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile)
|
||||
@@ -483,6 +519,7 @@ func main() {
|
||||
@@ -483,6 +512,7 @@ func main() {
|
||||
config.BadKeyRevoker.Mailer.Username,
|
||||
smtpPassword,
|
||||
smtpRoots,
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
diff --git a/test/config/bad-key-revoker.json b/test/config/bad-key-revoker.json
|
||||
index dc8c7da5..8f65f3a0 100644
|
||||
index f4696dc2..b9c19ce3 100644
|
||||
--- a/test/config/bad-key-revoker.json
|
||||
+++ b/test/config/bad-key-revoker.json
|
||||
@@ -5,6 +5,11 @@
|
||||
@@ -5,6 +5,13 @@
|
||||
"maxOpenConns": 10
|
||||
},
|
||||
"debugAddr": ":8020",
|
||||
@@ -11,10 +11,12 @@ index dc8c7da5..8f65f3a0 100644
|
||||
+ "127.0.0.1:8053",
|
||||
+ "127.0.0.1:8054"
|
||||
+ ],
|
||||
+ "dnsTimeout": "3s",
|
||||
+ "dnsAllowLoopbackAddresses": true,
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem",
|
||||
@@ -27,7 +32,7 @@
|
||||
@@ -27,7 +34,7 @@
|
||||
},
|
||||
"maximumRevocations": 15,
|
||||
"findCertificatesBatchSize": 10,
|
||||
@@ -23,13 +25,3 @@ index dc8c7da5..8f65f3a0 100644
|
||||
"backoffIntervalMax": "2s"
|
||||
},
|
||||
"syslog": {
|
||||
@@ -40,5 +45,9 @@
|
||||
"writeKey": {
|
||||
"passwordFile": "test/secrets/honeycomb_fake_password"
|
||||
}
|
||||
+ },
|
||||
+ "common": {
|
||||
+ "dnsTimeout": "3s",
|
||||
+ "dnsAllowLoopbackAddresses": true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
diff --git a/test/config/expiration-mailer.json b/test/config/expiration-mailer.json
|
||||
index 4519fe4d..f52a408c 100644
|
||||
index 3b813060..6c709172 100644
|
||||
--- a/test/config/expiration-mailer.json
|
||||
+++ b/test/config/expiration-mailer.json
|
||||
@@ -13,6 +13,11 @@
|
||||
@@ -13,6 +13,13 @@
|
||||
"nagTimes": ["480h", "240h"],
|
||||
"emailTemplate": "test/config/expiration-mailer.gotmpl",
|
||||
"debugAddr": ":8008",
|
||||
@@ -11,16 +11,8 @@ index 4519fe4d..f52a408c 100644
|
||||
+ "127.0.0.1:8053",
|
||||
+ "127.0.0.1:8054"
|
||||
+ ],
|
||||
+ "dnsTimeout": "3s",
|
||||
+ "dnsAllowLoopbackAddresses": true,
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem",
|
||||
@@ -35,5 +40,9 @@
|
||||
"mute": true,
|
||||
"serviceName": "Test",
|
||||
"writeKey": {"passwordFile": "test/secrets/honeycomb_fake_password"}
|
||||
+ },
|
||||
+ "common": {
|
||||
+ "dnsTimeout": "3s",
|
||||
+ "dnsAllowLoopbackAddresses": true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
|
||||
index d30f0e7d..ce296c61 100644
|
||||
index d30f0e7d..ba22185f 100644
|
||||
--- a/cmd/expiration-mailer/main.go
|
||||
+++ b/cmd/expiration-mailer/main.go
|
||||
@@ -24,6 +24,7 @@ import (
|
||||
@@ -19,46 +19,32 @@ index d30f0e7d..ce296c61 100644
|
||||
)
|
||||
|
||||
type regStore interface {
|
||||
@@ -683,6 +684,9 @@ type Config struct {
|
||||
@@ -683,6 +684,11 @@ type Config struct {
|
||||
TLS cmd.TLSConfig
|
||||
SAService *cmd.GRPCClientConfig
|
||||
|
||||
+ DNSTries int
|
||||
+ DNSResolvers []string
|
||||
+ DNSTries int
|
||||
+ DNSResolvers []string
|
||||
+ DNSTimeout string
|
||||
+ DNSAllowLoopbackAddresses bool
|
||||
+
|
||||
// Path to a file containing a list of trusted root certificates for use
|
||||
// during the SMTP connection (as opposed to the gRPC connections).
|
||||
SMTPTrustedRootFile string
|
||||
@@ -692,6 +696,12 @@ type Config struct {
|
||||
|
||||
Syslog cmd.SyslogConfig
|
||||
Beeline cmd.BeelineConfig
|
||||
+
|
||||
+ Common struct {
|
||||
+ DNSResolver string
|
||||
+ DNSTimeout string
|
||||
+ DNSAllowLoopbackAddresses bool
|
||||
+ }
|
||||
}
|
||||
|
||||
func initStats(stats prometheus.Registerer) mailerStats {
|
||||
@@ -832,6 +842,32 @@ func main() {
|
||||
@@ -832,6 +838,29 @@ func main() {
|
||||
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
|
||||
sac := sapb.NewStorageAuthorityClient(conn)
|
||||
|
||||
+ dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
|
||||
+ dnsTimeout, err := time.ParseDuration(c.Mailer.DNSTimeout)
|
||||
+ cmd.FailOnError(err, "Couldn't parse DNS timeout")
|
||||
+ dnsTries := c.Mailer.DNSTries
|
||||
+ if dnsTries < 1 {
|
||||
+ dnsTries = 1
|
||||
+ }
|
||||
+ var resolver bdns.Client
|
||||
+ if len(c.Common.DNSResolver) != 0 {
|
||||
+ c.Mailer.DNSResolvers = append(c.Mailer.DNSResolvers, c.Common.DNSResolver)
|
||||
+ }
|
||||
+ servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers)
|
||||
+ cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
|
||||
+ if !c.Common.DNSAllowLoopbackAddresses {
|
||||
+ if !c.Mailer.DNSAllowLoopbackAddresses {
|
||||
+ r := bdns.New(
|
||||
+ dnsTimeout,
|
||||
+ servers,
|
||||
@@ -75,7 +61,7 @@ index d30f0e7d..ce296c61 100644
|
||||
var smtpRoots *x509.CertPool
|
||||
if c.Mailer.SMTPTrustedRootFile != "" {
|
||||
pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile)
|
||||
@@ -867,6 +903,7 @@ func main() {
|
||||
@@ -867,6 +896,7 @@ func main() {
|
||||
c.Mailer.Username,
|
||||
smtpPassword,
|
||||
smtpRoots,
|
||||
|
||||
Reference in New Issue
Block a user