peering: remove validation that forces peering token server addresses to be an IP, allow hostname based addresses (#13874)

agent/rpc/peering/testing.go

@@ -32,6 +32,7 @@ not valid
 `
 
 var validAddress = "1.2.3.4:80"
+var validHostnameAddress = "foo.bar.baz:80"
 
 var validServerName = "server.consul"
 

agent/rpc/peering/validate.go

@@ -3,7 +3,6 @@ package peering
 import (
 	"fmt"
 	"net"
-	"net/netip"
 	"strconv"
 
 	"github.com/hashicorp/consul/agent/connect"
@@ -25,7 +24,7 @@ func validatePeeringToken(tok *structs.PeeringToken) error {
 		return errPeeringTokenEmptyServerAddresses
 	}
 	for _, addr := range tok.ServerAddresses {
-		host, portRaw, err := net.SplitHostPort(addr)
+		_, portRaw, err := net.SplitHostPort(addr)
 		if err != nil {
 			return &errPeeringInvalidServerAddress{addr}
 		}
@@ -37,9 +36,6 @@ func validatePeeringToken(tok *structs.PeeringToken) error {
 		if port < 1 || port > 65535 {
 			return &errPeeringInvalidServerAddress{addr}
 		}
-		if _, err := netip.ParseAddr(host); err != nil {
-			return &errPeeringInvalidServerAddress{addr}
-		}
 	}
 
 	// TODO(peering): validate name matches SNI?

agent/rpc/peering/validate_test.go

@@ -53,16 +53,6 @@ func TestValidatePeeringToken(t *testing.T) {
 				"1.2.3.4",
 			},
 		},
-		{
-			name: "invalid address IP",
-			token: &structs.PeeringToken{
-				CA:              []string{validCA},
-				ServerAddresses: []string{"foo.bar.baz"},
-			},
-			wantErr: &errPeeringInvalidServerAddress{
-				"foo.bar.baz",
-			},
-		},
 		{
 			name: "invalid server name",
 			token: &structs.PeeringToken{
@@ -89,6 +79,15 @@ func TestValidatePeeringToken(t *testing.T) {
 				PeerID:          validPeerID,
 			},
 		},
+		{
+			name: "valid token with hostname address",
+			token: &structs.PeeringToken{
+				CA:              []string{validCA},
+				ServerAddresses: []string{validHostnameAddress},
+				ServerName:      validServerName,
+				PeerID:          validPeerID,
+			},
+		},
 	}
 
 	for _, tc := range tt {