return an error for multiple use of some plugins (#1559)

* plugins: Return error for multiple use of some Return plugin.ErrOnce when a plugin that doesn't support it, is called mutliple times. This now adds it for: cache, dnssec, errors, forward, hosts, nsid. And changes it slightly in kubernetes, pprof, reload, root. * more tests
2025-11-27 14:14:02 -05:00 · 2018-02-28 18:16:05 -08:00
parent 5faa9e7bc1
commit f697b33283
27 changed files with 150 additions and 95 deletions
--- a/plugin/dnssec/README.md
+++ b/plugin/dnssec/README.md
@@ -10,6 +10,8 @@ With *dnssec* any reply that doesn't (or can't) do DNSSEC will get signed on the
 denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm is preferred as
 this leads to smaller signatures (compared to RSA). NSEC3 is *not* supported.

+This plugin can only be used once per Server Block.
+
 ## Syntax

 ~~~
@@ -74,20 +76,3 @@ cluster.local {
    }
 }
 ~~~
-
-## Bugs
-
-Multiple *dnssec* plugins inside one server stanza will silently overwrite earlier ones, here
-`example.org` will overwrite the one for `cluster.local`.
-
-~~~
-. {
-    kubernetes cluster.local
-    dnssec cluster.local {
-      key file Kcluster.local+013+45129
-    }
-    dnssec example.org {
-      key file Kexample.org.+013+45330
-    }
-}
-~~~
--- a/plugin/dnssec/setup.go
+++ b/plugin/dnssec/setup.go
@@ -59,7 +59,14 @@ func dnssecParse(c *caddy.Controller) ([]string, []*DNSKEY, int, error) {
 	keys := []*DNSKEY{}

 	capacity := defaultCap
+
+	i := 0
 	for c.Next() {
+		if i > 0 {
+			return nil, nil, 0, plugin.ErrOnce
+		}
+		i++
+
 		// dnssec [zones...]
 		zones = make([]string, len(c.ServerBlockKeys))
 		copy(zones, c.ServerBlockKeys)
@@ -69,7 +76,8 @@ func dnssecParse(c *caddy.Controller) ([]string, []*DNSKEY, int, error) {
 		}

 		for c.NextBlock() {
-			switch c.Val() {
+
+			switch x := c.Val(); x {
 			case "key":
 				k, e := keyParse(c)
 				if e != nil {
@@ -86,6 +94,8 @@ func dnssecParse(c *caddy.Controller) ([]string, []*DNSKEY, int, error) {
 					return nil, nil, 0, err
 				}
 				capacity = cacheCap
+			default:
+				return nil, nil, 0, c.Errf("unknown property '%s'", x)
 			}

 		}
--- a/plugin/dnssec/setup_test.go
+++ b/plugin/dnssec/setup_test.go
@@ -61,6 +61,8 @@ func TestSetupDnssec(t *testing.T) {
 				key file
 			}`, true, []string{"example.org."}, nil, defaultCap, "argument count",
 		},
+		{`dnssec
+		  dnssec`, true, nil, nil, defaultCap, ""},
 	}

 	for i, test := range tests {