core/setup/etcd.go

package setup

import (
	"crypto/tls"
	"crypto/x509"
	"io/ioutil"
	"net"
	"net/http"
	"time"

	"github.com/miekg/coredns/middleware"
	"github.com/miekg/coredns/middleware/etcd"
	"github.com/miekg/coredns/middleware/etcd/singleflight"
	"github.com/miekg/coredns/middleware/proxy"

	etcdc "github.com/coreos/etcd/client"
	"golang.org/x/net/context"
)

const defaultEndpoint = "http://127.0.0.1:2379"

// Etcd sets up the etcd middleware.
func Etcd(c *Controller) (middleware.Middleware, error) {
	etcd, stubzones, err := etcdParse(c)
	if err != nil {
		return nil, err
	}
	if stubzones {
		c.Startup = append(c.Startup, func() error {
			etcd.UpdateStubZones()
			return nil
		})
	}

	return func(next middleware.Handler) middleware.Handler {
		etcd.Next = next
		return etcd
	}, nil
}

func etcdParse(c *Controller) (etcd.Etcd, bool, error) {
	stub := make(map[string]proxy.Proxy)
	etc := etcd.Etcd{
		Proxy:      proxy.New([]string{"8.8.8.8:53", "8.8.4.4:53"}),
		PathPrefix: "skydns",
		Ctx:        context.Background(),
		Inflight:   &singleflight.Group{},
		Stubmap:    &stub,
	}
	var (
		client        etcdc.KeysAPI
		tlsCertFile   = ""
		tlsKeyFile    = ""
		tlsCAcertFile = ""
		endpoints     = []string{defaultEndpoint}
		stubzones     = false
	)
	for c.Next() {
		if c.Val() == "etcd" {
			etc.Client = client
			etc.Zones = c.RemainingArgs()
			if len(etc.Zones) == 0 {
				etc.Zones = c.ServerBlockHosts
			}
			middleware.Zones(etc.Zones).FullyQualify()
			if c.NextBlock() {
				// TODO(miek): 2 switches?
				switch c.Val() {
				case "stubzones":
					stubzones = true
				case "path":
					if !c.NextArg() {
						return etcd.Etcd{}, false, c.ArgErr()
					}
					etc.PathPrefix = c.Val()
				case "endpoint":
					args := c.RemainingArgs()
					if len(args) == 0 {
						return etcd.Etcd{}, false, c.ArgErr()
					}
					endpoints = args
				case "upstream":
					args := c.RemainingArgs()
					if len(args) == 0 {
						return etcd.Etcd{}, false, c.ArgErr()
					}
					for i := 0; i < len(args); i++ {
						h, p, e := net.SplitHostPort(args[i])
						if e != nil && p == "" {
							args[i] = h + ":53"
						}
					}
					endpoints = args
					etc.Proxy = proxy.New(args)
				case "tls": // cert key cacertfile
					args := c.RemainingArgs()
					if len(args) != 3 {
						return etcd.Etcd{}, false, c.ArgErr()
					}
					tlsCertFile, tlsKeyFile, tlsCAcertFile = args[0], args[1], args[2]
				}
				for c.Next() {
					switch c.Val() {
					case "stubzones":
						stubzones = true
					case "path":
						if !c.NextArg() {
							return etcd.Etcd{}, false, c.ArgErr()
						}
						etc.PathPrefix = c.Val()
					case "endpoint":
						args := c.RemainingArgs()
						if len(args) == 0 {
							return etcd.Etcd{}, false, c.ArgErr()
						}
						endpoints = args
					case "upstream":
						args := c.RemainingArgs()
						if len(args) == 0 {
							return etcd.Etcd{}, false, c.ArgErr()
						}
						for i := 0; i < len(args); i++ {
							h, p, e := net.SplitHostPort(args[i])
							if e != nil && p == "" {
								args[i] = h + ":53"
							}
						}
						endpoints = args
						etc.Proxy = proxy.New(args)
					case "tls": // cert key cacertfile
						args := c.RemainingArgs()
						if len(args) != 3 {
							return etcd.Etcd{}, false, c.ArgErr()
						}
						tlsCertFile, tlsKeyFile, tlsCAcertFile = args[0], args[1], args[2]
					}
				}
			}
			client, err := newEtcdClient(endpoints, tlsCertFile, tlsKeyFile, tlsCAcertFile)
			if err != nil {
				return etcd.Etcd{}, false, err
			}
			etc.Client = client
			return etc, stubzones, nil
		}
	}
	return etcd.Etcd{}, false, nil
}

func newEtcdClient(endpoints []string, tlsCert, tlsKey, tlsCACert string) (etcdc.KeysAPI, error) {
	etcdCfg := etcdc.Config{
		Endpoints: endpoints,
		Transport: newHTTPSTransport(tlsCert, tlsKey, tlsCACert),
	}
	cli, err := etcdc.New(etcdCfg)
	if err != nil {
		return nil, err
	}
	return etcdc.NewKeysAPI(cli), nil
}

func newHTTPSTransport(tlsCertFile, tlsKeyFile, tlsCACertFile string) etcdc.CancelableTransport {
	var cc *tls.Config = nil

	if tlsCertFile != "" && tlsKeyFile != "" {
		var rpool *x509.CertPool
		if tlsCACertFile != "" {
			if pemBytes, err := ioutil.ReadFile(tlsCACertFile); err == nil {
				rpool = x509.NewCertPool()
				rpool.AppendCertsFromPEM(pemBytes)
			}
		}

		if tlsCert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile); err == nil {
			cc = &tls.Config{
				RootCAs:            rpool,
				Certificates:       []tls.Certificate{tlsCert},
				InsecureSkipVerify: true,
			}
		}
	}

	tr := &http.Transport{
		Proxy: http.ProxyFromEnvironment,
		Dial: (&net.Dialer{
			Timeout:   30 * time.Second,
			KeepAlive: 30 * time.Second,
		}).Dial,
		TLSHandshakeTimeout: 10 * time.Second,
		TLSClientConfig:     cc,
	}

	return tr
}
more 2016-03-20 17:54:21 +00:00			`package setup`

			`import (`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`"crypto/tls"`
			`"crypto/x509"`
			`"io/ioutil"`
			`"net"`
			`"net/http"`
			`"time"`
more 2016-03-20 17:54:21 +00:00
			`"github.com/miekg/coredns/middleware"`
more etcd stuff 2016-03-20 21:36:55 +00:00			`"github.com/miekg/coredns/middleware/etcd"`
more 2016-03-22 22:44:50 +00:00			`"github.com/miekg/coredns/middleware/etcd/singleflight"`
			`"github.com/miekg/coredns/middleware/proxy"`
more etcd stuff 2016-03-20 21:36:55 +00:00
			`etcdc "github.com/coreos/etcd/client"`
more 2016-03-22 22:44:50 +00:00			`"golang.org/x/net/context"`
more 2016-03-20 17:54:21 +00:00			`)`

more etcd stuff 2016-03-20 21:36:55 +00:00			`const defaultEndpoint = "http://127.0.0.1:2379"`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00
			`// Etcd sets up the etcd middleware.`
			`func Etcd(c *Controller) (middleware.Middleware, error) {`
Support SkyDNS' stubzones This implements stubzones in the same way as SkyDNS. This also works with multiple configured domains and has tests. Also add more configuration parameters for TLS and path prefix and enabling stubzones. Run StubUpdates as a startup command to keep up to date with the list in etcd. 2016-03-25 20:26:42 +00:00			`etcd, stubzones, err := etcdParse(c)`
more 2016-03-20 17:54:21 +00:00			`if err != nil {`
			`return nil, err`
			`}`
Support SkyDNS' stubzones This implements stubzones in the same way as SkyDNS. This also works with multiple configured domains and has tests. Also add more configuration parameters for TLS and path prefix and enabling stubzones. Run StubUpdates as a startup command to keep up to date with the list in etcd. 2016-03-25 20:26:42 +00:00			`if stubzones {`
			`c.Startup = append(c.Startup, func() error {`
			`etcd.UpdateStubZones()`
			`return nil`
			`})`
			`}`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00
more 2016-03-20 17:54:21 +00:00			`return func(next middleware.Handler) middleware.Handler {`
more 2016-03-22 22:44:50 +00:00			`etcd.Next = next`
			`return etcd`
more 2016-03-20 17:54:21 +00:00			`}, nil`
			`}`

Support SkyDNS' stubzones This implements stubzones in the same way as SkyDNS. This also works with multiple configured domains and has tests. Also add more configuration parameters for TLS and path prefix and enabling stubzones. Run StubUpdates as a startup command to keep up to date with the list in etcd. 2016-03-25 20:26:42 +00:00			`func etcdParse(c *Controller) (etcd.Etcd, bool, error) {`
			`stub := make(map[string]proxy.Proxy)`
more 2016-03-22 22:44:50 +00:00			`etc := etcd.Etcd{`
All (non etcd) tests are now local (#105) We don't need to network to do tests, we up enough local servers to we don't need to forward to,s say 8.8.8.8 2016-04-11 15:56:22 +01:00			`Proxy: proxy.New([]string{"8.8.8.8:53", "8.8.4.4:53"}),`
more 2016-03-22 22:44:50 +00:00			`PathPrefix: "skydns",`
			`Ctx: context.Background(),`
			`Inflight: &singleflight.Group{},`
Support SkyDNS' stubzones This implements stubzones in the same way as SkyDNS. This also works with multiple configured domains and has tests. Also add more configuration parameters for TLS and path prefix and enabling stubzones. Run StubUpdates as a startup command to keep up to date with the list in etcd. 2016-03-25 20:26:42 +00:00			`Stubmap: &stub,`
more 2016-03-22 22:44:50 +00:00			`}`
Support SkyDNS' stubzones This implements stubzones in the same way as SkyDNS. This also works with multiple configured domains and has tests. Also add more configuration parameters for TLS and path prefix and enabling stubzones. Run StubUpdates as a startup command to keep up to date with the list in etcd. 2016-03-25 20:26:42 +00:00			`var (`
			`client etcdc.KeysAPI`
			`tlsCertFile = ""`
			`tlsKeyFile = ""`
			`tlsCAcertFile = ""`
			`endpoints = []string{defaultEndpoint}`
			`stubzones = false`
			`)`
more 2016-03-20 17:54:21 +00:00			`for c.Next() {`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`if c.Val() == "etcd" {`
more 2016-03-22 22:44:50 +00:00			`etc.Client = client`
			`etc.Zones = c.RemainingArgs()`
			`if len(etc.Zones) == 0 {`
			`etc.Zones = c.ServerBlockHosts`
more 2016-03-20 17:54:21 +00:00			`}`
more 2016-03-22 22:44:50 +00:00			`middleware.Zones(etc.Zones).FullyQualify()`
Support SkyDNS' stubzones This implements stubzones in the same way as SkyDNS. This also works with multiple configured domains and has tests. Also add more configuration parameters for TLS and path prefix and enabling stubzones. Run StubUpdates as a startup command to keep up to date with the list in etcd. 2016-03-25 20:26:42 +00:00			`if c.NextBlock() {`
			`// TODO(miek): 2 switches?`
			`switch c.Val() {`
			`case "stubzones":`
			`stubzones = true`
			`case "path":`
			`if !c.NextArg() {`
			`return etcd.Etcd{}, false, c.ArgErr()`
			`}`
			`etc.PathPrefix = c.Val()`
			`case "endpoint":`
			`args := c.RemainingArgs()`
			`if len(args) == 0 {`
			`return etcd.Etcd{}, false, c.ArgErr()`
			`}`
			`endpoints = args`
			`case "upstream":`
			`args := c.RemainingArgs()`
			`if len(args) == 0 {`
			`return etcd.Etcd{}, false, c.ArgErr()`
			`}`
			`for i := 0; i < len(args); i++ {`
			`h, p, e := net.SplitHostPort(args[i])`
			`if e != nil && p == "" {`
			`args[i] = h + ":53"`
			`}`
			`}`
			`endpoints = args`
			`etc.Proxy = proxy.New(args)`
			`case "tls": // cert key cacertfile`
			`args := c.RemainingArgs()`
			`if len(args) != 3 {`
			`return etcd.Etcd{}, false, c.ArgErr()`
			`}`
			`tlsCertFile, tlsKeyFile, tlsCAcertFile = args[0], args[1], args[2]`
			`}`
			`for c.Next() {`
			`switch c.Val() {`
			`case "stubzones":`
			`stubzones = true`
			`case "path":`
			`if !c.NextArg() {`
			`return etcd.Etcd{}, false, c.ArgErr()`
			`}`
			`etc.PathPrefix = c.Val()`
			`case "endpoint":`
			`args := c.RemainingArgs()`
			`if len(args) == 0 {`
			`return etcd.Etcd{}, false, c.ArgErr()`
			`}`
			`endpoints = args`
			`case "upstream":`
			`args := c.RemainingArgs()`
			`if len(args) == 0 {`
			`return etcd.Etcd{}, false, c.ArgErr()`
			`}`
			`for i := 0; i < len(args); i++ {`
			`h, p, e := net.SplitHostPort(args[i])`
			`if e != nil && p == "" {`
			`args[i] = h + ":53"`
			`}`
			`}`
			`endpoints = args`
			`etc.Proxy = proxy.New(args)`
			`case "tls": // cert key cacertfile`
			`args := c.RemainingArgs()`
			`if len(args) != 3 {`
			`return etcd.Etcd{}, false, c.ArgErr()`
			`}`
			`tlsCertFile, tlsKeyFile, tlsCAcertFile = args[0], args[1], args[2]`
			`}`
			`}`
			`}`
			`client, err := newEtcdClient(endpoints, tlsCertFile, tlsKeyFile, tlsCAcertFile)`
			`if err != nil {`
			`return etcd.Etcd{}, false, err`
			`}`
			`etc.Client = client`
			`return etc, stubzones, nil`
more 2016-03-20 17:54:21 +00:00			`}`
			`}`
Support SkyDNS' stubzones This implements stubzones in the same way as SkyDNS. This also works with multiple configured domains and has tests. Also add more configuration parameters for TLS and path prefix and enabling stubzones. Run StubUpdates as a startup command to keep up to date with the list in etcd. 2016-03-25 20:26:42 +00:00			`return etcd.Etcd{}, false, nil`
more 2016-03-20 17:54:21 +00:00			`}`

more etcd stuff 2016-03-20 21:36:55 +00:00			`func newEtcdClient(endpoints []string, tlsCert, tlsKey, tlsCACert string) (etcdc.KeysAPI, error) {`
			`etcdCfg := etcdc.Config{`
			`Endpoints: endpoints,`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`Transport: newHTTPSTransport(tlsCert, tlsKey, tlsCACert),`
			`}`
more etcd stuff 2016-03-20 21:36:55 +00:00			`cli, err := etcdc.New(etcdCfg)`
more 2016-03-20 17:54:21 +00:00			`if err != nil {`
			`return nil, err`
			`}`
more etcd stuff 2016-03-20 21:36:55 +00:00			`return etcdc.NewKeysAPI(cli), nil`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`}`

more etcd stuff 2016-03-20 21:36:55 +00:00			`func newHTTPSTransport(tlsCertFile, tlsKeyFile, tlsCACertFile string) etcdc.CancelableTransport {`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`var cc *tls.Config = nil`

			`if tlsCertFile != "" && tlsKeyFile != "" {`
			`var rpool *x509.CertPool`
			`if tlsCACertFile != "" {`
			`if pemBytes, err := ioutil.ReadFile(tlsCACertFile); err == nil {`
			`rpool = x509.NewCertPool()`
			`rpool.AppendCertsFromPEM(pemBytes)`
			`}`
			`}`

			`if tlsCert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile); err == nil {`
			`cc = &tls.Config{`
			`RootCAs: rpool,`
			`Certificates: []tls.Certificate{tlsCert},`
			`InsecureSkipVerify: true,`
			`}`
more 2016-03-20 17:54:21 +00:00			`}`
			`}`

More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`tr := &http.Transport{`
			`Proxy: http.ProxyFromEnvironment,`
			`Dial: (&net.Dialer{`
			`Timeout: 30 * time.Second,`
			`KeepAlive: 30 * time.Second,`
			`}).Dial,`
			`TLSHandshakeTimeout: 10 * time.Second,`
			`TLSClientConfig: cc,`
			`}`

			`return tr`
			`}`