From b2aa10033f821df273f10b8306f7babb7c3f6674 Mon Sep 17 00:00:00 2001
From: Arjan H <github@hakwerk.com>
Date: Sat, 4 Mar 2023 14:22:11 +0100
Subject: [PATCH] Move dns settings from Common to main config

---
 mail-tester.go                         | 19 +++++---------
 patches/bad-key-revoker_main.patch     | 34 ++++++++------------------
 patches/config_bad-key-revoker.patch   | 18 ++++----------
 patches/config_expiration-mailer.patch | 16 +++---------
 patches/expiration-mailer_main.patch   | 34 ++++++++------------------
 5 files changed, 35 insertions(+), 86 deletions(-)

diff --git a/mail-tester.go b/mail-tester.go
index 6843532..f361803 100644
--- a/mail-tester.go
+++ b/mail-tester.go
@@ -46,8 +46,10 @@ type config struct {
 		TLS       cmd.TLSConfig
 		SAService *cmd.GRPCClientConfig
 
-		DNSTries     int
-		DNSResolvers []string
+		DNSTries                  int
+		DNSResolvers              []string
+		DNSTimeout                string
+		DNSAllowLoopbackAddresses bool
 
 		// Path to a file containing a list of trusted root certificates for use
 		// during the SMTP connection (as opposed to the gRPC connections).
@@ -58,12 +60,6 @@ type config struct {
 
 	Syslog  cmd.SyslogConfig
 	Beeline cmd.BeelineConfig
-
-	Common struct {
-		DNSResolver               string
-		DNSTimeout                string
-		DNSAllowLoopbackAddresses bool
-	}
 }
 
 func main() {
@@ -93,19 +89,16 @@ func main() {
 
 	clk := cmd.Clock()
 
-	dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
+	dnsTimeout, err := time.ParseDuration(c.Mailer.DNSTimeout)
 	cmd.FailOnError(err, "Couldn't parse DNS timeout")
 	dnsTries := c.Mailer.DNSTries
 	if dnsTries < 1 {
 		dnsTries = 1
 	}
 	var resolver bdns.Client
-	if len(c.Common.DNSResolver) != 0 {
-		c.Mailer.DNSResolvers = append(c.Mailer.DNSResolvers, c.Common.DNSResolver)
-	}
 	servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers)
 	cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
-	if !c.Common.DNSAllowLoopbackAddresses {
+	if !c.Mailer.DNSAllowLoopbackAddresses {
 		r := bdns.New(
 			dnsTimeout,
 			servers,
diff --git a/patches/bad-key-revoker_main.patch b/patches/bad-key-revoker_main.patch
index e34c4ea..f62f6c0 100644
--- a/patches/bad-key-revoker_main.patch
+++ b/patches/bad-key-revoker_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go
-index b0b85495..9a21445c 100644
+index b0b85495..462e7c26 100644
 --- a/cmd/bad-key-revoker/main.go
 +++ b/cmd/bad-key-revoker/main.go
 @@ -19,6 +19,7 @@ import (
@@ -10,46 +10,32 @@ index b0b85495..9a21445c 100644
  	"github.com/letsencrypt/boulder/cmd"
  	"github.com/letsencrypt/boulder/config"
  	"github.com/letsencrypt/boulder/core"
-@@ -393,6 +394,9 @@ type Config struct {
+@@ -393,6 +394,11 @@ type Config struct {
  		TLS       cmd.TLSConfig
  		RAService *cmd.GRPCClientConfig
  
-+		DNSTries     int
-+		DNSResolvers []string
++		DNSTries                  int
++		DNSResolvers              []string
++		DNSTimeout                string
++		DNSAllowLoopbackAddresses bool
 +
  		// MaximumRevocations specifies the maximum number of certificates associated with
  		// a key hash that bad-key-revoker will attempt to revoke. If the number of certificates
  		// is higher than MaximumRevocations bad-key-revoker will error out and refuse to
-@@ -426,6 +430,12 @@ type Config struct {
- 
- 	Syslog  cmd.SyslogConfig
- 	Beeline cmd.BeelineConfig
-+
-+	Common struct {
-+		DNSResolver               string
-+		DNSTimeout                string
-+		DNSAllowLoopbackAddresses bool
-+	}
- }
- 
- func main() {
-@@ -462,6 +472,32 @@ func main() {
+@@ -462,6 +468,29 @@ func main() {
  	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
  	rac := rapb.NewRegistrationAuthorityClient(conn)
  
-+	dnsTimeout, err := time.ParseDuration(config.Common.DNSTimeout)
++	dnsTimeout, err := time.ParseDuration(config.BadKeyRevoker.DNSTimeout)
 +	cmd.FailOnError(err, "Couldn't parse DNS timeout")
 +	dnsTries := config.BadKeyRevoker.DNSTries
 +	if dnsTries < 1 {
 +		dnsTries = 1
 +	}
 +	var resolver bdns.Client
-+	if len(config.Common.DNSResolver) != 0 {
-+		config.BadKeyRevoker.DNSResolvers = append(config.BadKeyRevoker.DNSResolvers, config.Common.DNSResolver)
-+	}
 +	servers, err := bdns.NewStaticProvider(config.BadKeyRevoker.DNSResolvers)
 +	cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
-+	if !config.Common.DNSAllowLoopbackAddresses {
++	if !config.BadKeyRevoker.DNSAllowLoopbackAddresses {
 +		r := bdns.New(
 +			dnsTimeout,
 +			servers,
@@ -66,7 +52,7 @@ index b0b85495..9a21445c 100644
  	var smtpRoots *x509.CertPool
  	if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" {
  		pem, err := os.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile)
-@@ -483,6 +519,7 @@ func main() {
+@@ -483,6 +512,7 @@ func main() {
  		config.BadKeyRevoker.Mailer.Username,
  		smtpPassword,
  		smtpRoots,
diff --git a/patches/config_bad-key-revoker.patch b/patches/config_bad-key-revoker.patch
index 13d0fdd..ca693bf 100644
--- a/patches/config_bad-key-revoker.patch
+++ b/patches/config_bad-key-revoker.patch
@@ -1,8 +1,8 @@
 diff --git a/test/config/bad-key-revoker.json b/test/config/bad-key-revoker.json
-index dc8c7da5..8f65f3a0 100644
+index f4696dc2..b9c19ce3 100644
 --- a/test/config/bad-key-revoker.json
 +++ b/test/config/bad-key-revoker.json
-@@ -5,6 +5,11 @@
+@@ -5,6 +5,13 @@
        "maxOpenConns": 10
      },
      "debugAddr": ":8020",
@@ -11,10 +11,12 @@ index dc8c7da5..8f65f3a0 100644
 +      "127.0.0.1:8053",
 +      "127.0.0.1:8054"
 +    ],
++    "dnsTimeout": "3s",
++    "dnsAllowLoopbackAddresses": true,
      "tls": {
        "caCertFile": "test/grpc-creds/minica.pem",
        "certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem",
-@@ -27,7 +32,7 @@
+@@ -27,7 +34,7 @@
      },
      "maximumRevocations": 15,
      "findCertificatesBatchSize": 10,
@@ -23,13 +25,3 @@ index dc8c7da5..8f65f3a0 100644
      "backoffIntervalMax": "2s"
    },
    "syslog": {
-@@ -40,5 +45,9 @@
-     "writeKey": {
-       "passwordFile": "test/secrets/honeycomb_fake_password"
-     }
-+  },
-+  "common": {
-+    "dnsTimeout": "3s",
-+    "dnsAllowLoopbackAddresses": true
-   }
- }
diff --git a/patches/config_expiration-mailer.patch b/patches/config_expiration-mailer.patch
index 20d9a4d..f113ea3 100644
--- a/patches/config_expiration-mailer.patch
+++ b/patches/config_expiration-mailer.patch
@@ -1,8 +1,8 @@
 diff --git a/test/config/expiration-mailer.json b/test/config/expiration-mailer.json
-index 4519fe4d..f52a408c 100644
+index 3b813060..6c709172 100644
 --- a/test/config/expiration-mailer.json
 +++ b/test/config/expiration-mailer.json
-@@ -13,6 +13,11 @@
+@@ -13,6 +13,13 @@
      "nagTimes": ["480h", "240h"],
      "emailTemplate": "test/config/expiration-mailer.gotmpl",
      "debugAddr": ":8008",
@@ -11,16 +11,8 @@ index 4519fe4d..f52a408c 100644
 +      "127.0.0.1:8053",
 +      "127.0.0.1:8054"
 +    ],
++    "dnsTimeout": "3s",
++    "dnsAllowLoopbackAddresses": true,
      "tls": {
        "caCertFile": "test/grpc-creds/minica.pem",
        "certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem",
-@@ -35,5 +40,9 @@
-       "mute": true,
-       "serviceName": "Test",
-       "writeKey": {"passwordFile": "test/secrets/honeycomb_fake_password"}
-+  },
-+  "common": {
-+    "dnsTimeout": "3s",
-+    "dnsAllowLoopbackAddresses": true
-   }
- }
diff --git a/patches/expiration-mailer_main.patch b/patches/expiration-mailer_main.patch
index 83a202d..079e0a0 100644
--- a/patches/expiration-mailer_main.patch
+++ b/patches/expiration-mailer_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
-index d30f0e7d..ce296c61 100644
+index d30f0e7d..ba22185f 100644
 --- a/cmd/expiration-mailer/main.go
 +++ b/cmd/expiration-mailer/main.go
 @@ -24,6 +24,7 @@ import (
@@ -19,46 +19,32 @@ index d30f0e7d..ce296c61 100644
  )
  
  type regStore interface {
-@@ -683,6 +684,9 @@ type Config struct {
+@@ -683,6 +684,11 @@ type Config struct {
  		TLS       cmd.TLSConfig
  		SAService *cmd.GRPCClientConfig
  
-+		DNSTries     int
-+		DNSResolvers []string
++		DNSTries                  int
++		DNSResolvers              []string
++		DNSTimeout                string
++		DNSAllowLoopbackAddresses bool
 +
  		// Path to a file containing a list of trusted root certificates for use
  		// during the SMTP connection (as opposed to the gRPC connections).
  		SMTPTrustedRootFile string
-@@ -692,6 +696,12 @@ type Config struct {
- 
- 	Syslog  cmd.SyslogConfig
- 	Beeline cmd.BeelineConfig
-+
-+	Common struct {
-+ 		DNSResolver               string
-+ 		DNSTimeout                string
-+ 		DNSAllowLoopbackAddresses bool
-+ 	}
- }
- 
- func initStats(stats prometheus.Registerer) mailerStats {
-@@ -832,6 +842,32 @@ func main() {
+@@ -832,6 +838,29 @@ func main() {
  	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
  	sac := sapb.NewStorageAuthorityClient(conn)
  
-+	dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
++	dnsTimeout, err := time.ParseDuration(c.Mailer.DNSTimeout)
 +	cmd.FailOnError(err, "Couldn't parse DNS timeout")
 +	dnsTries := c.Mailer.DNSTries
 +	if dnsTries < 1 {
 +		dnsTries = 1
 +	}
 +	var resolver bdns.Client
-+	if len(c.Common.DNSResolver) != 0 {
-+		c.Mailer.DNSResolvers = append(c.Mailer.DNSResolvers, c.Common.DNSResolver)
-+	}
 +	servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers)
 +	cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
-+	if !c.Common.DNSAllowLoopbackAddresses {
++	if !c.Mailer.DNSAllowLoopbackAddresses {
 +		r := bdns.New(
 +			dnsTimeout,
 +			servers,
@@ -75,7 +61,7 @@ index d30f0e7d..ce296c61 100644
  	var smtpRoots *x509.CertPool
  	if c.Mailer.SMTPTrustedRootFile != "" {
  		pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile)
-@@ -867,6 +903,7 @@ func main() {
+@@ -867,6 +896,7 @@ func main() {
  		c.Mailer.Username,
  		smtpPassword,
  		smtpRoots,