Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: add ability to update webserver credentials #7117

Merged
merged 4 commits into from Oct 31, 2018

Conversation

@chbruyand
Copy link
Member

@chbruyand chbruyand commented Oct 30, 2018

Short description

This PR adds setWebserverConfig lua funciton to update webserver credentials and custom headers.

Fix #7112

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
@@ -631,7 +631,8 @@ void setupLuaConfig(bool client)
SBind(sock, local);
SListen(sock, 5);
auto launch=[sock, local, password, apiKey, customHeaders]() {
thread t(dnsdistWebserverThread, sock, local, password, apiKey ? *apiKey : "", customHeaders);
setWebserverConfig(password, apiKey, customHeaders);
thread t(dnsdistWebserverThread, sock, local);
t.detach();

This comment has been minimized.

@rgacogne

rgacogne Oct 30, 2018
Member

Just a nit but indentation seems off.

This comment has been minimized.

@chbruyand

chbruyand Oct 30, 2018
Author Member

The file has been partially indented with tabs :/

@rgacogne rgacogne added this to the dnsdist-1.3.x milestone Oct 30, 2018
@@ -446,6 +446,7 @@ const std::vector<ConsoleKeyword> g_consoleKeywords{
{ "setUDPMultipleMessagesVectorSize", true, "n", "set the size of the vector passed to recvmmsg() to receive UDP messages. Default to 1 which means that the feature is disabled and recvmsg() is used instead" },
{ "setUDPTimeout", true, "n", "set the maximum time dnsdist will wait for a response from a backend over UDP, in seconds" },
{ "setVerboseHealthChecks", true, "bool", "set whether health check errors will be logged" },
{ "setWebserverConfig", true, "password [, apiKey [, customHeaders ]]", "Updates webserver configuration" },

This comment has been minimized.

@pieterlexis

pieterlexis Oct 30, 2018
Member

Perhaps this function should take a table? A user could then update one of the items without updating the others. e.g.

setWebserverConfig({password: "hello"})
setWebserverConfig({apiKey: "hello2"})

This comment has been minimized.

@chbruyand

chbruyand Oct 30, 2018
Author Member

this means using setWebserverConfig({apiKey: ""}) to disable apiKey authentication. Is that something we want ? Otherwise I agree.

@chbruyand
Copy link
Member Author

@chbruyand chbruyand commented Oct 30, 2018

I followed pieter's remark and added two basic tests about custom headers

setWebserverPassword(password);
}
if(vars->count("apiKey")) {
// allows setting apiKey: nil to disable access with it

This comment has been minimized.

@rgacogne

rgacogne Oct 31, 2018
Member

does nil really work? It looks like we only test for an empty string?

This comment has been minimized.

@chbruyand

chbruyand Oct 31, 2018
Author Member

indeed

@rgacogne rgacogne merged commit 2aa5488 into PowerDNS:master Oct 31, 2018
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@chbruyand chbruyand deleted the chbruyand:dnsdist-webserver-creds branch Oct 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants