Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auto-encrypt: Fix port resolution and fallback to default port #6205

Merged
merged 2 commits into from
Jul 24, 2019
Merged

auto-encrypt: Fix port resolution and fallback to default port #6205

merged 2 commits into from
Jul 24, 2019

Conversation

freddygv
Copy link
Contributor

Fixes: #6098

Auto-encrypt meant to fallback to the default port when it wasn't provided, but it hadn't been because of an issue with the error handling. We were checking against an incomplete error value here:

consul/agent/consul/auto_encrypt.go

Line 119 in d86efb8

if err != nil && err.Error() != "missing port in address" {

"missing port in address" vs "address $HOST: missing port in address", as set here.

Additionally, all RPCs to AutoEncrypt.Sign were using a.config.ServerPort, so those were updated to use ports resolved by resolveAddrs, if they are available.

@freddygv freddygv requested a review from a team July 24, 2019 01:39
banks
banks approved these changes Jul 24, 2019
View reviewed changes
Copy link
Member

@banks banks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job @freddygv.

I wonder if we can validate this with AWS cloud join manually just to be sure but it looks right to me.

agent/consul/auto_encrypt.go
}

// If TCP didn't yield anything then use the normal Go resolver which
// will try UDP, then might possibly try TCP again if the UDP response
// indicates it was truncated.
return net.LookupIP(host)
ips, err := net.LookupIP(host)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Heh not your code but the logic here seems odd - manually try TCP DNS first but then net.LookupIP will try it anyway if response is truncated? I guess in case TCP works and there are more IPs than fit in a UDP packet we save a UDP round trip first to discover that but that seems like a micro-optimization 😄.

Ah well. No point changing it in this PR.

@pearkes pearkes added this to the 1.5.3 milestone Jul 24, 2019
@freddygv
Copy link
Contributor Author

Verified the fix works on AWS, merging.

@freddygv freddygv merged commit 89158c7 into master Jul 24, 2019
@freddygv freddygv deleted the bugfix/autoencrypt-resolve-addr branch July 24, 2019 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@banks banks banks approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.5.3
Development

Successfully merging this pull request may close these issues.

AutoEncrypt missing port in address
3 participants
@freddygv @banks @pearkes