lib: add validation package + DNS label validation (#12535)

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-03-17 18:31:28 -07:00 · 2022-03-17 18:31:28 -07:00 · 27711fe5c7
parent 3c08843847
commit 27711fe5c7
3 changed files with 80 additions and 0 deletions
--- a/.changelog/12535.txt
+++ b/.changelog/12535.txt
@ -0,0 +1,3 @@
+```release-note:bug
+dns: allow max of 63 character DNS labels instead of 64 per RFC 1123
+```
--- a/agent/dns/validation.go
+++ b/agent/dns/validation.go
@ -0,0 +1,27 @@
+package dns
+
+import (
+	"errors"
+	"regexp"
+)
+
+// matches valid DNS labels according to RFC 1123, should be at most 63
+// characters according to the RFC
+var validLabel = regexp.MustCompile(`^[a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?$`)
+
+// IsValidLabel returns true if the string given is a valid DNS label (RFC 1123).
+// Note: the only difference between RFC 1035 and RFC 1123 labels is that in
+// RFC 1123 labels can begin with a number.
+func IsValidLabel(name string) bool {
+	return validLabel.MatchString(name)
+}
+
+// ValidateLabel is similar to IsValidLabel except it returns an error
+// instead of false when name is not a valid DNS label. The error will contain
+// reference to what constitutes a valid DNS label.
+func ValidateLabel(name string) error {
+	if !IsValidLabel(name) {
+		return errors.New("a valid DNS label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character")
+	}
+	return nil
+}
--- a/agent/dns/validation_test.go
+++ b/agent/dns/validation_test.go
@ -0,0 +1,50 @@
+package dns_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/consul/agent/dns"
+	"github.com/stretchr/testify/require"
+)
+
+func TestValidLabel(t *testing.T) {
+	cases := map[string]bool{
+		"CrEaTeD":           true,
+		"created":           true,
+		"create-deleted":    true,
+		"foo":               true,
+		"":                  false,
+		"_foo_":             false,
+		"-foo":              false,
+		"foo-":              false,
+		"-foo-":             false,
+		"-foo-bar-":         false,
+		"no spaces allowed": false,
+		"thisvaluecontainsalotofcharactersbutnottoomanyandthecaseisatrue":  true,  // 63 chars
+		"thisvaluecontainstoomanycharactersandisthusinvalidandtestisfalse": false, // 64 chars
+	}
+
+	t.Run("*", func(t *testing.T) {
+		t.Run("IsValidLabel", func(t *testing.T) {
+			require.False(t, dns.IsValidLabel("*"))
+		})
+		t.Run("ValidateLabel", func(t *testing.T) {
+			require.Error(t, dns.ValidateLabel("*"))
+		})
+	})
+
+	for name, expect := range cases {
+		t.Run(name, func(t *testing.T) {
+			t.Run("IsValidDNSLabel", func(t *testing.T) {
+				require.Equal(t, expect, dns.IsValidLabel(name))
+			})
+			t.Run("ValidateLabel", func(t *testing.T) {
+				if expect {
+					require.NoError(t, dns.ValidateLabel(name))
+				} else {
+					require.Error(t, dns.ValidateLabel(name))
+				}
+			})
+		})
+	}
+}