TritonDataCenter#22 Want support for reverse proxy zones

eait-itig · May 22, 2020 · eab4d28 · eab4d28
1 parent 60f5fce
commit eab4d28
Show file tree

Hide file tree

Showing 4 changed files with 173 additions and 16 deletions.
diff --git a/bin/cnsadm b/bin/cnsadm
@@ -5,6 +5,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  *
  * Copyright (c) 2018, Joyent, Inc.
+ * Copyright 2016, 2020, The University of Queensland
  */
 
 var dashdash = require('dashdash');
@@ -291,7 +292,17 @@ function do_zones() {
 			return ((v || []).join(','));
 		    }},
 		    {field: 'hidden_primary', title: 'hidden primary',
-			type: 'boolean'}
+			type: 'boolean'},
+		    {field: 'proxy_addr', title: 'proxy address',
+			type: 'string'},
+		    {field: 'proxy_networks', stringify: function (v) {
+			v = v || [];
+			if (v.length === 1 && v[0] === '*')
+				return ('*');
+			if (v.length === 0)
+				return ('');
+			return (sprintf('(%d UUIDs)', v.length));
+		    }}
 		];
 		var objs = Object.keys(config.forward_zones).map(function (z) {
 			var obj = config.forward_zones[z];
@@ -338,7 +349,12 @@ function do_zones() {
 		    type: 'array',
 		    items: {type: 'string'}
 		},
-		'hidden_primary': {type: 'boolean'}
+		'hidden_primary': {type: 'boolean'},
+		'proxy_addr': {type: 'string'},
+		'proxy_networks': {
+		    type: 'array',
+		    items: {type: 'string'}
+		}
 	    }
 	};
 	if (args.length === 0 && !opts['delete']) {

diff --git a/lib/config-schema.json b/lib/config-schema.json
@@ -123,6 +123,17 @@
           },
           "hidden_primary": {
             "type": "boolean"
+          },
+          "proxy_addr": {
+            "type": "string"
+          },
+          "proxy_networks": {
+            "type": "array",
+            "minItems": 1,
+            "items": {
+              "type": "string",
+              "pattern": "^[*]$|^[a-f0-9-]+$"
+            }
           }
         },
         "additionalProperties": false

diff --git a/lib/vm-to-zones.js b/lib/vm-to-zones.js
@@ -4,6 +4,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  *
  * Copyright (c) 2018, Joyent, Inc.
+ * Copyright 2016, 2020, The University of Queensland
  */
 
 module.exports = buildZonesFromVm;
@@ -33,7 +34,8 @@ function buildZonesFromVm(vm, config, log) {
 						type: 'instance',
 						ip: ip,
 						zone: zone,
-						network: nic.network
+						network: nic.network,
+						network_pools: nic.network_pools
 					});
 				}
 				vm.services.forEach(function (svc) {
@@ -42,7 +44,8 @@ function buildZonesFromVm(vm, config, log) {
 						ip: ip,
 						zone: zone,
 						service: svc,
-						network: nic.network
+						network: nic.network,
+						network_pools: nic.network_pools
 					});
 				});
 			});
@@ -151,16 +154,37 @@ function isNetOwned(vm, netw) {
 	return ((netw.owner_uuids || []).indexOf(vm.owner.uuid) !== -1);
 }
 
+function isProxied(ent, config) {
+	var zoneConfig = config.forward_zones[ent.zone];
+	if (!zoneConfig.proxy_networks)
+		return (false);
+	if (zoneConfig.proxy_networks.indexOf(ent.network.uuid) !== -1)
+		return (true);
+	if (zoneConfig.proxy_networks.indexOf('*') !== -1)
+		return (true);
+	var pools = ent.network_pools;
+	if (!pools)
+		return (false);
+	for (var i = 0; i < pools.length; ++i) {
+		if (zoneConfig.proxy_networks.indexOf(pools[i]) !== -1)
+			return (true);
+	}
+	return (false);
+}
+
 function addInstance(zones, vm, ent, config) {
 	function addName(name) {
 		if (!zones[ent.zone])
 			zones[ent.zone] = {};
 		if (!zones[ent.zone][name])
 			zones[ent.zone][name] = [];
 		var recs = zones[ent.zone][name];
+		var ip = ent.ip;
+		if (isProxied(ent, config))
+			ip = config.forward_zones[ent.zone].proxy_addr;
 		recs.push({
 			constructor: ent.addrType,
-			args: [ent.ip]
+			args: [ip]
 		});
 		var hasTxt = false;
 		for (var i = 0; i < recs.length; ++i) {
@@ -254,15 +278,17 @@ function addInstance(zones, vm, ent, config) {
 	if (vm.ptrname)
 		revName = vm.ptrname;
 
-	var rev = utils.reverseZoneIp(ent.ip);
-	if (!zones[rev.zone])
-		zones[rev.zone] = {};
-	var revs = zones[rev.zone][rev.name];
-	if (!revs || revs[0].args[0].length > revName.length) {
-		zones[rev.zone][rev.name] = [ {
-			constructor: 'PTR',
-			args: [revName]
-		} ];
+	if (!isProxied(ent, config)) {
+		var rev = utils.reverseZoneIp(ent.ip);
+		if (!zones[rev.zone])
+			zones[rev.zone] = {};
+		var revs = zones[rev.zone][rev.name];
+		if (!revs || revs[0].args[0].length > revName.length) {
+			zones[rev.zone][rev.name] = [ {
+				constructor: 'PTR',
+				args: [revName]
+			} ];
+		}
 	}
 }
 
@@ -274,6 +300,9 @@ function addService(zones, vm, ent, config) {
 		if (!zones[ent.zone][name])
 			zones[ent.zone][name] = [];
 		var recs = zones[ent.zone][name];
+		var ip = ent.ip;
+		if (isProxied(ent, config))
+			ip = config.forward_zones[ent.zone].proxy_addr;
 		var hasTxt = false;
 		for (var i = 0; i < recs.length; ++i) {
 			if (recs[i].constructor === 'TXT' &&
@@ -285,7 +314,7 @@ function addService(zones, vm, ent, config) {
 		if (vm.listServices) {
 			recs.push({
 				constructor: ent.addrType,
-				args: [ent.ip],
+				args: [ip],
 				src: vm.uuid
 			});
 			if (!hasTxt) {

diff --git a/test/unit/vm-to-zones.test.js b/test/unit/vm-to-zones.test.js
@@ -113,7 +113,11 @@ test('with use_alias', function (t) {
 	var config = {
 	    use_alias: true,
 	    forward_zones: {
-		'foo': { networks: ['*'] }
+		'foo': {
+		    networks: ['*'],
+		    proxy_addr: '9.9.9.9',
+		    proxy_networks: ['aaa1111']
+		}
 	    },
 	    reverse_zones: {}
 	};
@@ -131,6 +135,7 @@ test('with use_alias', function (t) {
 		    ip: '1.2.3.4',
 		    zones: ['foo'],
 		    network: {
+			uuid: 'abcd1234',
 			name: 'SDC-Customer-Public-Pool-72.2.118.0/23',
 			owner_uuids: ['def432']
 		    }
@@ -694,3 +699,99 @@ test('cmon everywhere', function (t) {
 
 	t.end();
 });
+
+test('reverse proxy zone - wildcard', function (t) {
+	var config = {
+	    forward_zones: {
+		'foo': {
+		    networks: ['*'],
+		    proxy_addr: '9.9.9.9',
+		    proxy_networks: ['*']
+		}
+	    },
+	    reverse_zones: {}
+	};
+	var vm = {
+	    uuid: 'abc123',
+	    services: [],
+	    listInstance: true,
+	    listServices: true,
+	    owner: {
+		uuid: 'def432'
+	    },
+	    nics: [
+		{
+		    ip: '1.2.3.4',
+		    zones: ['foo'],
+		    network: { name: 'Default-Fabric', owner_uuids: ['def432'] }
+		}
+	    ]
+	};
+	var zones = buildZonesFromVm(vm, config, log);
+	t.deepEqual(Object.keys(zones), ['foo']);
+
+	t.deepEqual(Object.keys(zones['foo']), ['abc123.inst.def432',
+	    'default-fabric.abc123.inst.def432', 'abc123.cmon']);
+
+	var fwd = zones['foo']['abc123.inst.def432'];
+	t.deepEqual(fwd, [
+	    {constructor: 'A', args: ['9.9.9.9']},
+	    {constructor: 'TXT', args: ['abc123']}
+	]);
+	var cmon = zones['foo']['abc123.cmon'];
+	t.deepEqual(cmon, [
+	    {constructor: 'CNAME', args: ['cmon.foo']}
+	]);
+
+	t.end();
+});
+
+test('reverse proxy zone - specific net', function (t) {
+	var config = {
+	    forward_zones: {
+		'foo': {
+		    networks: ['*'],
+		    proxy_addr: '9.9.9.9',
+		    proxy_networks: ['ddd111']
+		}
+	    },
+	    reverse_zones: {}
+	};
+	var vm = {
+	    uuid: 'abc123',
+	    services: [],
+	    listInstance: true,
+	    listServices: true,
+	    owner: {
+		uuid: 'def432'
+	    },
+	    nics: [
+		{
+		    ip: '1.2.3.4',
+		    zones: ['foo'],
+		    network: {
+			uuid: 'ddd111',
+			name: 'Default-Fabric',
+			owner_uuids: ['def432']
+		    }
+		}
+	    ]
+	};
+	var zones = buildZonesFromVm(vm, config, log);
+	t.deepEqual(Object.keys(zones), ['foo']);
+
+	t.deepEqual(Object.keys(zones['foo']), ['abc123.inst.def432',
+	    'default-fabric.abc123.inst.def432', 'abc123.cmon']);
+
+	var fwd = zones['foo']['abc123.inst.def432'];
+	t.deepEqual(fwd, [
+	    {constructor: 'A', args: ['9.9.9.9']},
+	    {constructor: 'TXT', args: ['abc123']}
+	]);
+	var cmon = zones['foo']['abc123.cmon'];
+	t.deepEqual(cmon, [
+	    {constructor: 'CNAME', args: ['cmon.foo']}
+	]);
+
+	t.end();
+});