Remove Common.DNSResolver from VA config (#5355)

This field is not used by any production configs, so we can safely remove it. Also, add config fields for DNSTimeout and DNSAllowLoopbackAddress outside of the Common sub-struct, to allow for its removal later. Part of #5242
2021-03-19 10:02:04 -07:00 · 2021-03-19 10:02:04 -07:00 · 547dbfc93a
parent 35340ff67a
commit 547dbfc93a
4 changed files with 19 additions and 27 deletions
--- a/cmd/boulder-va/main.go
+++ b/cmd/boulder-va/main.go
@ -37,8 +37,10 @@ type config struct {
 		// The number of times to try a DNS query (that has a temporary error)
 		// before giving up. May be short-circuited by deadlines. A zero value
 		// will be turned into 1.
-		DNSTries     int
-		DNSResolvers []string
+		DNSTries                  int
+		DNSResolvers              []string
+		DNSTimeout                string
+		DNSAllowLoopbackAddresses bool

 		RemoteVAs                   []cmd.GRPCClientConfig
 		MaxRemoteValidationFailures int
@ -51,7 +53,6 @@ type config struct {
 	Syslog cmd.SyslogConfig

 	Common struct {
-		DNSResolver               string
 		DNSTimeout                string
 		DNSAllowLoopbackAddresses bool
 	}
@ -100,7 +101,12 @@ func main() {
 		pc.TLSPort = c.VA.PortConfig.TLSPort
 	}

-	dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
+	var dnsTimeout time.Duration
+	if c.VA.DNSTimeout != "" {
+		dnsTimeout, err = time.ParseDuration(c.VA.DNSTimeout)
+	} else {
+		dnsTimeout, err = time.ParseDuration(c.Common.DNSTimeout)
+	}
 	cmd.FailOnError(err, "Couldn't parse DNS timeout")
 	dnsTries := c.VA.DNSTries
 	if dnsTries < 1 {
@ -108,27 +114,22 @@ func main() {
 	}
 	clk := cmd.Clock()
 	var resolver bdns.Client
-	if len(c.Common.DNSResolver) != 0 {
-		c.VA.DNSResolvers = append(c.VA.DNSResolvers, c.Common.DNSResolver)
-	}
-	if !c.Common.DNSAllowLoopbackAddresses {
-		r := bdns.New(
+	if !(c.VA.DNSAllowLoopbackAddresses || c.Common.DNSAllowLoopbackAddresses) {
+		resolver = bdns.New(
 			dnsTimeout,
 			c.VA.DNSResolvers,
 			scope,
 			clk,
 			dnsTries,
 			logger)
-		resolver = r
 	} else {
-		r := bdns.NewTest(
+		resolver = bdns.NewTest(
 			dnsTimeout,
 			c.VA.DNSResolvers,
 			scope,
 			clk,
 			dnsTries,
 			logger)
-		resolver = r
 	}

 	tlsConfig, err := c.VA.TLS.Load()
--- a/test/config-next/va-remote-a.json
+++ b/test/config-next/va-remote-a.json
@ -12,6 +12,8 @@
      "127.0.0.1:8053",
      "127.0.0.1:8054"
    ],
+    "dnsTimeout": "1s",
+    "dnsAllowLoopbackAddresses": true,
    "issuerDomain": "happy-hacker-ca.invalid",
    "tls": {
      "caCertfile": "test/grpc-creds/minica.pem",
@ -39,10 +41,5 @@
  "syslog": {
    "stdoutlevel": 6,
    "sysloglevel": 4
-  },
-
-  "common": {
-    "dnsTimeout": "1s",
-    "dnsAllowLoopbackAddresses": true
  }
 }
--- a/test/config-next/va-remote-b.json
+++ b/test/config-next/va-remote-b.json
@ -12,6 +12,8 @@
      "127.0.0.1:8053",
      "127.0.0.1:8054"
    ],
+    "dnsTimeout": "1s",
+    "dnsAllowLoopbackAddresses": true,
    "issuerDomain": "happy-hacker-ca.invalid",
    "tls": {
      "caCertfile": "test/grpc-creds/minica.pem",
@ -39,10 +41,5 @@
  "syslog": {
    "stdoutlevel": 6,
    "sysloglevel": 4
-  },
-
-  "common": {
-    "dnsTimeout": "1s",
-    "dnsAllowLoopbackAddresses": true
  }
 }
--- a/test/config-next/va.json
+++ b/test/config-next/va.json
@ -12,6 +12,8 @@
      "127.0.0.1:8053",
      "127.0.0.1:8054"
    ],
+    "dnsTimeout": "1s",
+    "dnsAllowLoopbackAddresses": true,
    "issuerDomain": "happy-hacker-ca.invalid",
    "tls": {
      "caCertfile": "test/grpc-creds/minica.pem",
@ -52,10 +54,5 @@
  "syslog": {
    "stdoutlevel": 6,
    "sysloglevel": 6
-  },
-
-  "common": {
-    "dnsTimeout": "1s",
-    "dnsAllowLoopbackAddresses": true
  }
 }