use absolute path for binary checksum verification (#20487)

internal/config/dns/dns_path.go

@@ -0,0 +1,58 @@
+// Copyright (c) 2015-2024 MinIO, Inc.
+//
+// This file is part of MinIO Object Storage stack
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package dns
+
+import (
+	"path"
+	"strings"
+
+	"github.com/miekg/dns"
+)
+
+// msgPath converts a domainname to an etcd path. If s looks like service.staging.skydns.local.,
+// the resulting key will be /skydns/local/skydns/staging/service .
+func msgPath(s, prefix string) string {
+	l := dns.SplitDomainName(s)
+	for i, j := 0, len(l)-1; i < j; i, j = i+1, j-1 {
+		l[i], l[j] = l[j], l[i]
+	}
+	return path.Join(append([]string{etcdPathSeparator + prefix + etcdPathSeparator}, l...)...)
+}
+
+// dnsJoin joins labels to form a fully qualified domain name. If the last label is
+// the root label it is ignored. Not other syntax checks are performed.
+func dnsJoin(labels ...string) string {
+	ll := len(labels)
+	if labels[ll-1] == "." {
+		return strings.Join(labels[:ll-1], ".") + "."
+	}
+	return dns.Fqdn(strings.Join(labels, "."))
+}
+
+// msgUnPath converts a etcd path to domainName.
+func msgUnPath(s string) string {
+	l := strings.Split(s, etcdPathSeparator)
+	if l[len(l)-1] == "" {
+		l = l[:len(l)-1]
+	}
+	// start with 1, to strip /skydns
+	for i, j := 1, len(l)-1; i < j; i, j = i+1, j-1 {
+		l[i], l[j] = l[j], l[i]
+	}
+	return dnsJoin(l[1 : len(l)-1]...)
+}

internal/config/dns/etcd_dns.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2015-2021 MinIO, Inc.
+// Copyright (c) 2015-2024 MinIO, Inc.
 //
 // This file is part of MinIO Object Storage stack
 //
@@ -27,7 +27,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/coredns/coredns/plugin/etcd/msg"
 	"github.com/minio/minio-go/v7/pkg/set"
 	clientv3 "go.etcd.io/etcd/client/v3"
 )
@@ -60,7 +59,7 @@ func (c *CoreDNS) Close() error {
 func (c *CoreDNS) List() (map[string][]SrvRecord, error) {
 	srvRecords := map[string][]SrvRecord{}
 	for _, domainName := range c.domainNames {
-		key := msg.Path(fmt.Sprintf("%s.", domainName), c.prefixPath)
+		key := msgPath(fmt.Sprintf("%s.", domainName), c.prefixPath)
 		records, err := c.list(key+etcdPathSeparator, true)
 		if err != nil {
 			return srvRecords, err
@@ -79,7 +78,7 @@ func (c *CoreDNS) List() (map[string][]SrvRecord, error) {
 func (c *CoreDNS) Get(bucket string) ([]SrvRecord, error) {
 	var srvRecords []SrvRecord
 	for _, domainName := range c.domainNames {
-		key := msg.Path(fmt.Sprintf("%s.%s.", bucket, domainName), c.prefixPath)
+		key := msgPath(fmt.Sprintf("%s.%s.", bucket, domainName), c.prefixPath)
 		records, err := c.list(key, false)
 		if err != nil {
 			return nil, err
@@ -102,15 +101,6 @@ func (c *CoreDNS) Get(bucket string) ([]SrvRecord, error) {
 	return srvRecords, nil
 }
 
-// msgUnPath converts a etcd path to domainname.
-func msgUnPath(s string) string {
-	ks := strings.Split(strings.Trim(s, etcdPathSeparator), etcdPathSeparator)
-	for i, j := 0, len(ks)-1; i < j; i, j = i+1, j-1 {
-		ks[i], ks[j] = ks[j], ks[i]
-	}
-	return strings.Join(ks, ".")
-}
-
 // Retrieves list of entries under the key passed.
 // Note that this method fetches entries upto only two levels deep.
 func (c *CoreDNS) list(key string, domain bool) ([]SrvRecord, error) {
@@ -172,7 +162,7 @@ func (c *CoreDNS) Put(bucket string) error {
 			return err
 		}
 		for _, domainName := range c.domainNames {
-			key := msg.Path(fmt.Sprintf("%s.%s", bucket, domainName), c.prefixPath)
+			key := msgPath(fmt.Sprintf("%s.%s", bucket, domainName), c.prefixPath)
 			key = key + etcdPathSeparator + ip
 			ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
 			_, err = c.etcdClient.Put(ctx, key, string(bucketMsg))
@@ -191,7 +181,7 @@ func (c *CoreDNS) Put(bucket string) error {
 // Delete - Removes DNS entries added in Put().
 func (c *CoreDNS) Delete(bucket string) error {
 	for _, domainName := range c.domainNames {
-		key := msg.Path(fmt.Sprintf("%s.%s.", bucket, domainName), c.prefixPath)
+		key := msgPath(fmt.Sprintf("%s.%s.", bucket, domainName), c.prefixPath)
 		ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
 		_, err := c.etcdClient.Delete(ctx, key+etcdPathSeparator, clientv3.WithPrefix())
 		cancel()
@@ -205,7 +195,7 @@ func (c *CoreDNS) Delete(bucket string) error {
 // DeleteRecord - Removes a specific DNS entry
 func (c *CoreDNS) DeleteRecord(record SrvRecord) error {
 	for _, domainName := range c.domainNames {
-		key := msg.Path(fmt.Sprintf("%s.%s.", record.Key, domainName), c.prefixPath)
+		key := msgPath(fmt.Sprintf("%s.%s.", record.Key, domainName), c.prefixPath)
 
 		ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
 		_, err := c.etcdClient.Delete(ctx, key+etcdPathSeparator+record.Host)

internal/config/dns/etcd_dns_test.go

@@ -0,0 +1,59 @@
+// Copyright (c) 2015-2024 MinIO, Inc.
+//
+// This file is part of MinIO Object Storage stack
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package dns
+
+import "testing"
+
+func TestDNSJoin(t *testing.T) {
+	tests := []struct {
+		in  []string
+		out string
+	}{
+		{[]string{"bla", "bliep", "example", "org"}, "bla.bliep.example.org."},
+		{[]string{"example", "."}, "example."},
+		{[]string{"example", "org."}, "example.org."}, // technically we should not be called like this.
+		{[]string{"."}, "."},
+	}
+
+	for i, tc := range tests {
+		if x := dnsJoin(tc.in...); x != tc.out {
+			t.Errorf("Test %d, expected %s, got %s", i, tc.out, x)
+		}
+	}
+}
+
+func TestPath(t *testing.T) {
+	for _, path := range []string{"mydns", "skydns"} {
+		result := msgPath("service.staging.skydns.local.", path)
+		if result != etcdPathSeparator+path+"/local/skydns/staging/service" {
+			t.Errorf("Failure to get domain's path with prefix: %s", result)
+		}
+	}
+}
+
+func TestUnPath(t *testing.T) {
+	result1 := msgUnPath("/skydns/local/cluster/staging/service/")
+	if result1 != "service.staging.cluster.local." {
+		t.Errorf("Failure to get domain from etcd key (with a trailing '/'), expect: 'service.staging.cluster.local.', actually get: '%s'", result1)
+	}
+
+	result2 := msgUnPath("/skydns/local/cluster/staging/service")
+	if result2 != "service.staging.cluster.local." {
+		t.Errorf("Failure to get domain from etcd key (without trailing '/'), expect: 'service.staging.cluster.local.' actually get: '%s'", result2)
+	}
+}