From 1dee8ecf9afd9c7a5fdfee203adb71325e9d0539 Mon Sep 17 00:00:00 2001 From: Ross McFarland Date: Tue, 18 Jun 2024 10:39:06 -0700 Subject: [PATCH 1/2] validate healthcheck protocols, throw supports exception if not supported --- octodns_route53/provider.py | 8 ++++++- tests/test_octodns_provider_route53.py | 32 ++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/octodns_route53/provider.py b/octodns_route53/provider.py index 959aa3a..b326c80 100644 --- a/octodns_route53/provider.py +++ b/octodns_route53/provider.py @@ -12,7 +12,7 @@ from pycountry_convert import country_alpha2_to_continent_code from octodns.equality import EqualityTupleMixin -from octodns.provider import ProviderException +from octodns.provider import ProviderException, SupportsException from octodns.provider.base import BaseProvider from octodns.record import Create, Record, Update from octodns.record.geo import GeoCodes @@ -1170,6 +1170,12 @@ def _data_for_route53_alias(self, rrsets, zone_name): def _process_desired_zone(self, desired): for record in desired.records: if getattr(record, 'dynamic', False): + protocol = record.healthcheck_protocol + if protocol not in ('HTTP', 'HTTPS', 'TCP'): + msg = f'healthcheck protocol "{protocol}" not supported' + # no workable fallbacks so straight error + raise SupportsException(f'{self.id}: {msg}') + # Make a copy of the record in case we have to muck with it dynamic = record.dynamic rules = [] diff --git a/tests/test_octodns_provider_route53.py b/tests/test_octodns_provider_route53.py index fb31396..478e7e9 100644 --- a/tests/test_octodns_provider_route53.py +++ b/tests/test_octodns_provider_route53.py @@ -8,6 +8,7 @@ from botocore.exceptions import ClientError from botocore.stub import ANY, Stubber +from octodns.provider import SupportsException from octodns.record import Create, Delete, Record, Update from octodns.zone import Zone @@ -842,6 +843,37 @@ def test_process_desired_zone(self, fetch_metadata_token_mock): ) self.assertFalse('geos' in dynamic.dynamic.rules[1].data) + # unsupported healthcheck protocol + desired = Zone('unit.tests.', []) + record = Record.new( + desired, + 'a', + { + 'ttl': 30, + 'type': 'A', + 'value': '1.2.3.4', + 'dynamic': { + 'pools': { + 'one': {'values': [{'value': '1.2.3.4'}]}, + 'two': {'values': [{'value': '2.2.3.4'}]}, + }, + 'rules': [ + {'geos': ['EU', 'NA-CA-NB', 'NA-US-OR'], 'pool': 'two'}, + {'pool': 'one'}, + ], + }, + 'octodns': {'healthcheck': {'protocol': 'ICMP'}}, + }, + lenient=True, + ) + desired.add_record(record) + with self.assertRaises(SupportsException) as ctx: + provider._process_desired_zone(desired) + self.assertEqual( + 'test: healthcheck protocol "ICMP" not supported', + str(ctx.exception), + ) + # with fallback boto makes an unstubbed call to the 169. metadata api, this # stubs that bit out @patch('botocore.credentials.CredentialResolver.load_credentials') From ce6df3a6fddd68be80007bf6970a4bbee078a057 Mon Sep 17 00:00:00 2001 From: Ross McFarland Date: Thu, 20 Jun 2024 09:40:27 -0700 Subject: [PATCH 2/2] changelog entry for healthcheck protocol validation --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 36bf368..1c2ac1c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ## v0.0.? - 2024-??-?? - * Fix CAA rdata parsing to allow values with tags +* Validate that healthcheck protocol is supported (HTTP, HTTPS, TCP) ## v0.0.7 - 2024-04-11 - Helps if you use the actual Session token