From: Remi Gacogne Date: Thu, 16 Jan 2025 10:04:17 +0000 (+0100) Subject: dnsdist: Fix the handling of default values for YAML list of strings X-Git-Tag: dnsdist-2.0.0-alpha1~160^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68b8ae9abb4d4dabc4ab64364c0d6cec3ede7da6;p=thirdparty%2Fpdns.git dnsdist: Fix the handling of default values for YAML list of strings --- diff --git a/pdns/dnsdistdist/dnsdist-actions-definitions.yml b/pdns/dnsdistdist/dnsdist-actions-definitions.yml index 3c76f46d34..297d100b6e 100644 --- a/pdns/dnsdistdist/dnsdist-actions-definitions.yml +++ b/pdns/dnsdistdist/dnsdist-actions-definitions.yml @@ -236,7 +236,7 @@ The function will be invoked in a per-thread Lua state, without access to the gl default: "" - name: "export_tags" type: "Vec" - default: true + default: "" - name: "metas" type: "Vec" default: true diff --git a/pdns/dnsdistdist/dnsdist-rust-lib/dnsdist-settings-generator.py b/pdns/dnsdistdist/dnsdist-rust-lib/dnsdist-settings-generator.py index ca7e361df6..92c460afb4 100644 --- a/pdns/dnsdistdist/dnsdist-rust-lib/dnsdist-settings-generator.py +++ b/pdns/dnsdistdist/dnsdist-rust-lib/dnsdist-settings-generator.py @@ -77,8 +77,7 @@ def is_value_rust_default(rust_type, value): if rust_type == 'String': return value == '' if rust_type == 'Vec': - # FIXME - return True + return value == '' return False def get_rust_field_name(name): diff --git a/pdns/dnsdistdist/dnsdist-rust-lib/rust/src/lib.rs b/pdns/dnsdistdist/dnsdist-rust-lib/rust/src/lib.rs index ba0552c4ab..b2af8f006e 100644 --- a/pdns/dnsdistdist/dnsdist-rust-lib/rust/src/lib.rs +++ b/pdns/dnsdistdist/dnsdist-rust-lib/rust/src/lib.rs @@ -1317,7 +1317,7 @@ mod dnsdistsettings { password: String, #[serde(default, skip_serializing_if = "crate::is_default")] api_key: String, - #[serde(default, skip_serializing_if = "crate::is_default")] + #[serde(default = "crate::default_value_webserver_acl", skip_serializing_if = "crate::default_value_equal_webserver_acl")] acl: Vec, #[serde(default = "crate::Bool::::value", skip_serializing_if = "crate::if_true")] api_requires_authentication: bool, @@ -1344,7 +1344,7 @@ mod dnsdistsettings { listen_address: String, #[serde(default, skip_serializing_if = "crate::is_default")] key: String, - #[serde(default, skip_serializing_if = "crate::is_default")] + #[serde(default = "crate::default_value_console_acl", skip_serializing_if = "crate::default_value_equal_console_acl")] acl: Vec, #[serde(default = "crate::U32::<10000000>::value", skip_serializing_if = "crate::U32::<10000000>::is_equal")] maximum_output_size: u32, @@ -1578,7 +1578,7 @@ mod dnsdistsettings { struct IncomingDohConfiguration { #[serde(default = "crate::default_value_incoming_doh_provider", skip_serializing_if = "crate::default_value_equal_incoming_doh_provider")] provider: String, - #[serde(default, skip_serializing_if = "crate::is_default")] + #[serde(default = "crate::default_value_incoming_doh_paths", skip_serializing_if = "crate::default_value_equal_incoming_doh_paths")] paths: Vec, #[serde(default = "crate::U64::<30>::value", skip_serializing_if = "crate::U64::<30>::is_equal")] idle_timeout: u64, @@ -2324,7 +2324,7 @@ impl ResponseRuleConfigurationSerde { #[derive(Deserialize, Serialize, Debug, PartialEq)] #[serde(deny_unknown_fields)] struct GlobalConfigurationSerde { - #[serde(default, skip_serializing_if = "crate::is_default")] + #[serde(default = "crate::default_value_global_acl", skip_serializing_if = "crate::default_value_equal_global_acl")] acl: Vec, #[serde(default, skip_serializing_if = "crate::is_default")] backends: Vec, @@ -2630,6 +2630,19 @@ impl Default for dnsdistsettings::KeyValueStoresConfiguration { } +// DEFAULT HANDLING for webserver_acl +fn default_value_webserver_acl() -> Vec { + vec![ + String::from("127.0.0.1"), + String::from("::1"), + ] +} +fn default_value_equal_webserver_acl(value: &Vec) -> bool { + let def = default_value_webserver_acl(); + &def == value +} + + impl Default for dnsdistsettings::WebserverConfiguration { fn default() -> Self { let deserialized: dnsdistsettings::WebserverConfiguration = serde_yaml::from_str("").unwrap(); @@ -2638,6 +2651,19 @@ impl Default for dnsdistsettings::WebserverConfiguration { } +// DEFAULT HANDLING for console_acl +fn default_value_console_acl() -> Vec { + vec![ + String::from("127.0.0.1"), + String::from("::1"), + ] +} +fn default_value_equal_console_acl(value: &Vec) -> bool { + let def = default_value_console_acl(); + &def == value +} + + impl Default for dnsdistsettings::ConsoleConfiguration { fn default() -> Self { let deserialized: dnsdistsettings::ConsoleConfiguration = serde_yaml::from_str("").unwrap(); @@ -2805,6 +2831,18 @@ fn default_value_equal_incoming_doh_provider(value: &str)-> bool { } +// DEFAULT HANDLING for incoming_doh_paths +fn default_value_incoming_doh_paths() -> Vec { + vec![ + String::from("/dns-query"), + ] +} +fn default_value_equal_incoming_doh_paths(value: &Vec) -> bool { + let def = default_value_incoming_doh_paths(); + &def == value +} + + impl Default for dnsdistsettings::IncomingDohConfiguration { fn default() -> Self { let deserialized: dnsdistsettings::IncomingDohConfiguration = serde_yaml::from_str("").unwrap(); @@ -3144,6 +3182,26 @@ impl Default for dnsdistsettings::XskConfiguration { } +// DEFAULT HANDLING for global_acl +fn default_value_global_acl() -> Vec { + vec![ + String::from("127.0.0.0/8"), + String::from("10.0.0.0/8"), + String::from("100.64.0.0/10"), + String::from("169.254.0.0/16"), + String::from("192.168.0.0/16"), + String::from("172.16.0.0/12"), + String::from("::1/128"), + String::from("fc00::/7"), + String::from("fe80::/10"), + ] +} +fn default_value_equal_global_acl(value: &Vec) -> bool { + let def = default_value_global_acl(); + &def == value +} + + impl Default for GlobalConfigurationSerde { fn default() -> Self { let deserialized: GlobalConfigurationSerde = serde_yaml::from_str("").unwrap(); diff --git a/pdns/dnsdistdist/dnsdist-selectors-definitions.yml b/pdns/dnsdistdist/dnsdist-selectors-definitions.yml index 35a1c96396..b78698c1d1 100644 --- a/pdns/dnsdistdist/dnsdist-selectors-definitions.yml +++ b/pdns/dnsdistdist/dnsdist-selectors-definitions.yml @@ -156,7 +156,7 @@ Set the ``source`` parameter to ``false`` to match against destination address i default: "" - name: "netmasks" type: "Vec" - default: true + default: "" - name: "source" type: "bool" default: "true" diff --git a/pdns/dnsdistdist/dnsdist-settings-definitions.yml b/pdns/dnsdistdist/dnsdist-settings-definitions.yml index e7024b1282..879ef731ce 100644 --- a/pdns/dnsdistdist/dnsdist-settings-definitions.yml +++ b/pdns/dnsdistdist/dnsdist-settings-definitions.yml @@ -667,15 +667,15 @@ dynamic_rules: description: "Number of bits of port to consider over IPv4, for CGNAT deployments. Default is 0 meaning that the port is not taken into account. For example passing ``2`` here, which only makes sense if the IPv4 parameter is set to ``32``, will split a given IPv4 address into four port ranges: ``0-16383``, ``16384-32767``, ``32768-49151`` and ``49152-65535``" - name: "exclude_ranges" type: "Vec" - default: true + default: "" description: "Exclude this list of ranges, meaning that no dynamic block will ever be inserted for clients in that range. Default to empty, meaning rules are applied to all ranges. When used in combination with ``include_ranges`` the more specific entry wins" - name: "include_ranges" type: "Vec" - default: true + default: "" description: "Include this list of ranges, meaning that dynamic rules will be inserted for clients in that range. When used in combination with ``exclude_ranges`` the more specific entry wins" - name: "exclude_domains" type: "Vec" - default: true + default: "" description: "Exclude this list of domains, meaning that no dynamic rules will ever be inserted for this domain via ``suffix-match`` or ``suffix-match-ffi`` rules. Default to empty, meaning rules are applied to all domains" - name: "rules" type: "Vec" @@ -796,7 +796,7 @@ incoming_tls: description: "The maximum number of sessions kept in memory at the same time. Default is 20480. Setting this value to 0 disables stored session entirely" - name: "ocsp_response_files" type: "Vec" - default: true + default: "" description: "List of files containing OCSP responses, in the same order than the certificates and keys, that will be used to provide OCSP stapling responses" - name: "key_log_file" type: "String" @@ -1111,7 +1111,7 @@ bind: description: "DNSCrypt-specific settings" - name: "additional_addresses" type: "Vec" - default: true + default: "" description: "List of additional addresses (with port) to listen on. Using this option instead of creating a new frontend for each address avoids the creation of new thread and Frontend objects, reducing the memory usage. The drawback is that there will be a single set of metrics for all addresses" - name: "xsk" type: "String" @@ -1335,8 +1335,8 @@ backend: description: "The weight of this server, used by the `wrandom`, `whashed` and `chashed` policies, default: 1. Supported values are a minimum of 1, and a maximum of 2147483647" - name: "pools" type: "Vec" - default: true - description: "List of pools to place this backend into. By default a server is place in the default (\"\") pool" + default: "" + description: "List of pools to place this backend into. By default a server is placed in the default (\"\") pool" - name: "tcp" type: "OutgoingTcpConfiguration" default: true @@ -1684,7 +1684,7 @@ general: runtime-configurable: true - name: "capabilities_to_retain" type: "Vec" - default: true + default: "" lua-name: "addCapabilitiesToRetain" runtime-configurable: false @@ -1732,7 +1732,7 @@ packet_cache: default: "0" - name: "options_to_skip" type: "Vec" - default: true + default: "" proxy_protocol: parameters: diff --git a/pdns/dnsdistdist/docs/reference/yaml-actions.rst b/pdns/dnsdistdist/docs/reference/yaml-actions.rst index 1b96b4ac41..03f03ecad7 100644 --- a/pdns/dnsdistdist/docs/reference/yaml-actions.rst +++ b/pdns/dnsdistdist/docs/reference/yaml-actions.rst @@ -324,7 +324,7 @@ Parameters: - **alter_function_file**: String ``("")`` - **server_id**: String ``("")`` - **ip_encrypt_key**: String ``("")`` -- **export_tags**: Sequence of String +- **export_tags**: Sequence of String ``("")`` - **metas**: Sequence of :ref:`ProtoBufMetaConfiguration ` diff --git a/pdns/dnsdistdist/docs/reference/yaml-selectors.rst b/pdns/dnsdistdist/docs/reference/yaml-selectors.rst index 55bbb17960..7f74145b83 100644 --- a/pdns/dnsdistdist/docs/reference/yaml-selectors.rst +++ b/pdns/dnsdistdist/docs/reference/yaml-selectors.rst @@ -277,7 +277,7 @@ Lua equivalent: :func:`NetmaskGroupRule` Parameters: - **netmask_group_name**: String ``("")`` -- **netmasks**: Sequence of String +- **netmasks**: Sequence of String ``("")`` - **source**: Boolean ``(true)`` - **quiet**: Boolean ``(false)`` diff --git a/pdns/dnsdistdist/docs/reference/yaml-settings.rst b/pdns/dnsdistdist/docs/reference/yaml-settings.rst index b81e53c76a..1b6467ae4b 100644 --- a/pdns/dnsdistdist/docs/reference/yaml-settings.rst +++ b/pdns/dnsdistdist/docs/reference/yaml-settings.rst @@ -73,7 +73,7 @@ Generic settings for backends - **queries_per_second**: Unsigned integer ``(0)`` - Limit the number of queries per second to ``number``, when using the ``firstAvailable`` policy - **order**: Unsigned integer ``(1)`` - The order of this server, used by the `leastOutstanding` and `firstAvailable` policies - **weight**: Unsigned integer ``(1)`` - The weight of this server, used by the `wrandom`, `whashed` and `chashed` policies, default: 1. Supported values are a minimum of 1, and a maximum of 2147483647 -- **pools**: Sequence of String - List of pools to place this backend into. By default a server is place in the default ("") pool +- **pools**: Sequence of String ``("")`` - List of pools to place this backend into. By default a server is placed in the default ("") pool - **tcp**: :ref:`OutgoingTcpConfiguration ` - TCP-related settings for a backend - **ip_bind_addr_no_port**: Boolean ``(true)`` - Whether to enable ``IP_BIND_ADDRESS_NO_PORT`` if available - **health_checks**: :ref:`HealthCheckConfiguration ` - Health-check settings @@ -117,7 +117,7 @@ General settings for frontends - **doq**: :ref:`IncomingDoqConfiguration ` - DNS over QUIC-specific settings - **quic**: :ref:`IncomingQuicConfiguration ` - QUIC-specific settings - **dnscrypt**: :ref:`IncomingDnscryptConfiguration ` - DNSCrypt-specific settings -- **additional_addresses**: Sequence of String - List of additional addresses (with port) to listen on. Using this option instead of creating a new frontend for each address avoids the creation of new thread and Frontend objects, reducing the memory usage. The drawback is that there will be a single set of metrics for all addresses +- **additional_addresses**: Sequence of String ``("")`` - List of additional addresses (with port) to listen on. Using this option instead of creating a new frontend for each address avoids the creation of new thread and Frontend objects, reducing the memory usage. The drawback is that there will be a single set of metrics for all addresses - **xsk**: String ``("")`` - The name of an XSK sockets map to attach to this frontend, if any @@ -252,9 +252,9 @@ Group of dynamic rules - **mask_ipv4**: Unsigned integer ``(32)`` - Number of bits to keep for IPv4 addresses - **mask_ipv6**: Unsigned integer ``(64)`` - Number of bits to keep for IPv6 addresses. In some scenarios it might make sense to block a whole /64 IPv6 range instead of a single address, for example - **mask_port**: Unsigned integer ``(0)`` - Number of bits of port to consider over IPv4, for CGNAT deployments. Default is 0 meaning that the port is not taken into account. For example passing ``2`` here, which only makes sense if the IPv4 parameter is set to ``32``, will split a given IPv4 address into four port ranges: ``0-16383``, ``16384-32767``, ``32768-49151`` and ``49152-65535`` -- **exclude_ranges**: Sequence of String - Exclude this list of ranges, meaning that no dynamic block will ever be inserted for clients in that range. Default to empty, meaning rules are applied to all ranges. When used in combination with ``include_ranges`` the more specific entry wins -- **include_ranges**: Sequence of String - Include this list of ranges, meaning that dynamic rules will be inserted for clients in that range. When used in combination with ``exclude_ranges`` the more specific entry wins -- **exclude_domains**: Sequence of String - Exclude this list of domains, meaning that no dynamic rules will ever be inserted for this domain via ``suffix-match`` or ``suffix-match-ffi`` rules. Default to empty, meaning rules are applied to all domains +- **exclude_ranges**: Sequence of String ``("")`` - Exclude this list of ranges, meaning that no dynamic block will ever be inserted for clients in that range. Default to empty, meaning rules are applied to all ranges. When used in combination with ``include_ranges`` the more specific entry wins +- **include_ranges**: Sequence of String ``("")`` - Include this list of ranges, meaning that dynamic rules will be inserted for clients in that range. When used in combination with ``exclude_ranges`` the more specific entry wins +- **exclude_domains**: Sequence of String ``("")`` - Exclude this list of domains, meaning that no dynamic rules will ever be inserted for this domain via ``suffix-match`` or ``suffix-match-ffi`` rules. Default to empty, meaning rules are applied to all domains - **rules**: Sequence of :ref:`DynamicRuleConfiguration ` - List of dynamic rules in this group @@ -320,7 +320,7 @@ GeneralConfiguration - **verbose_health_checks**: Boolean ``(false)`` - **allow_empty_responses**: Boolean ``(false)`` - **drop_empty_queries**: Boolean ``(false)`` -- **capabilities_to_retain**: Sequence of String +- **capabilities_to_retain**: Sequence of String ``("")`` .. _yaml-settings-HealthCheckConfiguration: @@ -482,7 +482,7 @@ TLS parameters for frontends - **session_timeout**: Unsigned integer ``(0)`` - Set the TLS session lifetime in seconds, this is used both for TLS ticket lifetime and for sessions kept in memory - **session_tickets**: Boolean ``(true)`` - Whether session resumption via session tickets is enabled. Default is true, meaning tickets are enabled - **number_of_stored_sessions**: Unsigned integer ``(20480)`` - The maximum number of sessions kept in memory at the same time. Default is 20480. Setting this value to 0 disables stored session entirely -- **ocsp_response_files**: Sequence of String - List of files containing OCSP responses, in the same order than the certificates and keys, that will be used to provide OCSP stapling responses +- **ocsp_response_files**: Sequence of String ``("")`` - List of files containing OCSP responses, in the same order than the certificates and keys, that will be used to provide OCSP stapling responses - **key_log_file**: String ``("")`` - Write the TLS keys in the specified file so that an external program can decrypt TLS exchanges, in the format described in https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. Note that this feature requires OpenSSL >= 1.1.1 - **release_buffers**: Boolean ``(true)`` - Whether OpenSSL should release its I/O buffers when a connection goes idle, saving roughly 35 kB of memory per connection - **enable_renegotiation**: Boolean ``(false)`` - Whether secure TLS renegotiation should be enabled. Disabled by default since it increases the attack surface and is seldom used for DNS @@ -710,7 +710,7 @@ PacketCacheConfiguration - **temporary_failure_ttl**: Unsigned integer ``(60)`` - **cookie_hashing**: Boolean ``(false)`` - **maximum_entry_size**: Unsigned integer ``(0)`` -- **options_to_skip**: Sequence of String +- **options_to_skip**: Sequence of String ``("")`` .. _yaml-settings-PoolConfiguration: