New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: add ability to update webserver credentials #7117

Merged
merged 4 commits into from Oct 31, 2018

Conversation

Projects
None yet
3 participants
@chbruyand
Member

chbruyand commented Oct 30, 2018

Short description

This PR adds setWebserverConfig lua funciton to update webserver credentials and custom headers.

Fix #7112

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
@@ -631,7 +631,8 @@ void setupLuaConfig(bool client)
SBind(sock, local);
SListen(sock, 5);
auto launch=[sock, local, password, apiKey, customHeaders]() {
thread t(dnsdistWebserverThread, sock, local, password, apiKey ? *apiKey : "", customHeaders);
setWebserverConfig(password, apiKey, customHeaders);
thread t(dnsdistWebserverThread, sock, local);
t.detach();

This comment has been minimized.

@rgacogne

rgacogne Oct 30, 2018

Member

Just a nit but indentation seems off.

This comment has been minimized.

@chbruyand

chbruyand Oct 30, 2018

Member

The file has been partially indented with tabs :/

@rgacogne rgacogne added this to the dnsdist-1.3.x milestone Oct 30, 2018

@@ -446,6 +446,7 @@ const std::vector<ConsoleKeyword> g_consoleKeywords{
{ "setUDPMultipleMessagesVectorSize", true, "n", "set the size of the vector passed to recvmmsg() to receive UDP messages. Default to 1 which means that the feature is disabled and recvmsg() is used instead" },
{ "setUDPTimeout", true, "n", "set the maximum time dnsdist will wait for a response from a backend over UDP, in seconds" },
{ "setVerboseHealthChecks", true, "bool", "set whether health check errors will be logged" },
{ "setWebserverConfig", true, "password [, apiKey [, customHeaders ]]", "Updates webserver configuration" },

This comment has been minimized.

@pieterlexis

pieterlexis Oct 30, 2018

Member

Perhaps this function should take a table? A user could then update one of the items without updating the others. e.g.

setWebserverConfig({password: "hello"})
setWebserverConfig({apiKey: "hello2"})

This comment has been minimized.

@chbruyand

chbruyand Oct 30, 2018

Member

this means using setWebserverConfig({apiKey: ""}) to disable apiKey authentication. Is that something we want ? Otherwise I agree.

@chbruyand

This comment has been minimized.

Member

chbruyand commented Oct 30, 2018

I followed pieter's remark and added two basic tests about custom headers

setWebserverPassword(password);
}
if(vars->count("apiKey")) {
// allows setting apiKey: nil to disable access with it

This comment has been minimized.

@rgacogne

rgacogne Oct 31, 2018

Member

does nil really work? It looks like we only test for an empty string?

This comment has been minimized.

@chbruyand

@rgacogne rgacogne merged commit 2aa5488 into PowerDNS:master Oct 31, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@chbruyand chbruyand deleted the chbruyand:dnsdist-webserver-creds branch Oct 31, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment