plugin/tls: respect the path specified by root plugin (#5944)

Signed-off-by: Marius Kimmina <mar.kimmina@gmail.com>
2025-10-27 08:14:18 -04:00 · 2023-06-01 14:56:57 +02:00
parent cf87aa92bd
commit d0375bc026
5 changed files with 27 additions and 3 deletions
--- a/plugin.cfg
+++ b/plugin.cfg
@@ -19,6 +19,7 @@
 # Local plugin example:
 # log:log

+root:root
 metadata:metadata
 geoip:geoip
 cancel:cancel
@@ -27,7 +28,6 @@ timeouts:timeouts
 reload:reload
 nsid:nsid
 bufsize:bufsize
-root:root
 bind:bind
 debug:debug
 trace:trace
--- a/plugin/etcd/setup.go
+++ b/plugin/etcd/setup.go
@@ -2,6 +2,7 @@ package etcd

 import (
 	"crypto/tls"
+	"path/filepath"

 	"github.com/coredns/caddy"
 	"github.com/coredns/coredns/core/dnsserver"
@@ -29,6 +30,7 @@ func setup(c *caddy.Controller) error {
 }

 func etcdParse(c *caddy.Controller) (*Etcd, error) {
+	config := dnsserver.GetConfig(c)
 	etc := Etcd{PathPrefix: "skydns"}
 	var (
 		tlsConfig *tls.Config
@@ -66,6 +68,11 @@ func etcdParse(c *caddy.Controller) (*Etcd, error) {
 				c.RemainingArgs()
 			case "tls": // cert key cacertfile
 				args := c.RemainingArgs()
+				for i := range args {
+					if !filepath.IsAbs(args[i]) && config.Root != "" {
+						args[i] = filepath.Join(config.Root, args[i])
+					}
+				}
 				tlsConfig, err = mwtls.NewTLSConfigFromArgs(args...)
 				if err != nil {
 					return &Etcd{}, err
--- a/plugin/forward/setup.go
+++ b/plugin/forward/setup.go
@@ -4,6 +4,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	"path/filepath"
 	"strconv"
 	"time"

@@ -165,6 +166,7 @@ func parseStanza(c *caddy.Controller) (*Forward, error) {
 }

 func parseBlock(c *caddy.Controller, f *Forward) error {
+	config := dnsserver.GetConfig(c)
 	switch c.Val() {
 	case "except":
 		ignore := c.RemainingArgs()
@@ -230,7 +232,11 @@ func parseBlock(c *caddy.Controller, f *Forward) error {
 		if len(args) > 3 {
 			return c.ArgErr()
 		}
-
+		for i := range args {
+			if !filepath.IsAbs(args[i]) && config.Root != "" {
+				args[i] = filepath.Join(config.Root, args[i])
+			}
+		}
 		tlsConfig, err := pkgtls.NewTLSConfigFromArgs(args...)
 		if err != nil {
 			return err
--- a/plugin/grpc/setup.go
+++ b/plugin/grpc/setup.go
@@ -3,6 +3,7 @@ package grpc
 import (
 	"crypto/tls"
 	"fmt"
+	"path/filepath"

 	"github.com/coredns/caddy"
 	"github.com/coredns/coredns/core/dnsserver"
@@ -110,7 +111,11 @@ func parseBlock(c *caddy.Controller, g *GRPC) error {
 		if len(args) > 3 {
 			return c.ArgErr()
 		}
-
+		for i := range args {
+			if !filepath.IsAbs(args[i]) && dnsserver.GetConfig(c).Root != "" {
+				args[i] = filepath.Join(dnsserver.GetConfig(c).Root, args[i])
+			}
+		}
 		tlsConfig, err := pkgtls.NewTLSConfigFromArgs(args...)
 		if err != nil {
 			return err
--- a/plugin/tls/tls.go
+++ b/plugin/tls/tls.go
@@ -2,6 +2,7 @@ package tls

 import (
 	ctls "crypto/tls"
+	"path/filepath"

 	"github.com/coredns/caddy"
 	"github.com/coredns/coredns/core/dnsserver"
@@ -57,6 +58,11 @@ func parseTLS(c *caddy.Controller) error {
 				return c.Errf("unknown option '%s'", c.Val())
 			}
 		}
+		for i := range args {
+			if !filepath.IsAbs(args[i]) && config.Root != "" {
+				args[i] = filepath.Join(config.Root, args[i])
+			}
+		}
 		tls, err := tls.NewTLSConfigFromArgs(args...)
 		if err != nil {
 			return err