diff --git a/.drone-manifest.yml b/.drone-manifest.yml deleted file mode 100644 index 68ee47f..0000000 --- a/.drone-manifest.yml +++ /dev/null @@ -1,22 +0,0 @@ -image: happydomain/checker-authoritative-consistency:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} -{{#if build.tags}} -tags: -{{#each build.tags}} - - {{this}} -{{/each}} -{{/if}} -manifests: - - image: happydomain/checker-authoritative-consistency:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64 - platform: - architecture: amd64 - os: linux - - image: happydomain/checker-authoritative-consistency:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64 - platform: - architecture: arm64 - os: linux - variant: v8 - - image: happydomain/checker-authoritative-consistency:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm - platform: - architecture: arm - os: linux - variant: v7 diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 612db80..0000000 --- a/.drone.yml +++ /dev/null @@ -1,187 +0,0 @@ ---- -kind: pipeline -type: docker -name: build-amd64 - -platform: - os: linux - arch: amd64 - -steps: - - name: checker build - image: golang:1-alpine - commands: - - apk add --no-cache git make - - make - environment: - CHECKER_VERSION: "${DRONE_BRANCH}-${DRONE_COMMIT}" - CGO_ENABLED: 0 - when: - event: - exclude: - - tag - - - name: checker build tag - image: golang:1-alpine - commands: - - apk add --no-cache git make - - make - environment: - CHECKER_VERSION: "${DRONE_SEMVER}" - CGO_ENABLED: 0 - when: - event: - - tag - - - name: publish on Docker Hub - image: plugins/docker - settings: - repo: happydomain/checker-authoritative-consistency - auto_tag: true - auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH} - dockerfile: Dockerfile - build_args: - - CHECKER_VERSION=${DRONE_BRANCH}-${DRONE_COMMIT} - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - event: - exclude: - - tag - - - name: publish on Docker Hub (tag) - image: plugins/docker - settings: - repo: happydomain/checker-authoritative-consistency - auto_tag: true - auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH} - dockerfile: Dockerfile - build_args: - - CHECKER_VERSION=${DRONE_SEMVER} - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - event: - - tag - -trigger: - branch: - exclude: - - renovate/* - event: - - cron - - push - - tag - ---- -kind: pipeline -type: docker -name: build-arm64 - -platform: - os: linux - arch: arm64 - -steps: - - name: checker build - image: golang:1-alpine - commands: - - apk add --no-cache git make - - make - environment: - CHECKER_VERSION: "${DRONE_BRANCH}-${DRONE_COMMIT}" - CGO_ENABLED: 0 - when: - event: - exclude: - - tag - - - name: checker build tag - image: golang:1-alpine - commands: - - apk add --no-cache git make - - make - environment: - CHECKER_VERSION: "${DRONE_SEMVER}" - CGO_ENABLED: 0 - when: - event: - - tag - - - name: publish on Docker Hub - image: plugins/docker - settings: - repo: happydomain/checker-authoritative-consistency - auto_tag: true - auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH} - dockerfile: Dockerfile - build_args: - - CHECKER_VERSION=${DRONE_BRANCH}-${DRONE_COMMIT} - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - event: - exclude: - - tag - - - name: publish on Docker Hub (tag) - image: plugins/docker - settings: - repo: happydomain/checker-authoritative-consistency - auto_tag: true - auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH} - dockerfile: Dockerfile - build_args: - - CHECKER_VERSION=${DRONE_SEMVER} - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - event: - - tag - -trigger: - event: - - cron - - push - - tag - ---- -kind: pipeline -name: docker-manifest - -platform: - os: linux - arch: arm64 - -steps: - - name: publish on Docker Hub - image: plugins/manifest - settings: - auto_tag: true - ignore_missing: true - spec: .drone-manifest.yml - username: - from_secret: docker_username - password: - from_secret: docker_password - -trigger: - branch: - exclude: - - renovate/* - event: - - cron - - push - - tag - -depends_on: - - build-amd64 - - build-arm64 diff --git a/checker/collect.go b/checker/collect.go index c0a1887..05134da 100644 --- a/checker/collect.go +++ b/checker/collect.go @@ -32,7 +32,7 @@ func (p *authoritativeConsistencyProvider) Collect(ctx context.Context, opts sdk data := &ObservationData{ Zone: dns.Fqdn(zone), HasSOA: svc.SOA != nil, - DeclaredNS: normalizeNSList(svc.NameServers, zone), + DeclaredNS: normalizeNSList(svc.NameServers), Results: map[string]*NSResult{}, } if svc.SOA != nil { @@ -167,17 +167,13 @@ func loadZone(opts sdk.CheckerOptions, svc *originService) (string, error) { return "", fmt.Errorf("no zone name provided (missing 'domain_name' option and SOA header)") } -func normalizeNSList(ns []*dns.NS, origin string) []string { +func normalizeNSList(ns []*dns.NS) []string { out := make([]string, 0, len(ns)) for _, n := range ns { if n == nil { continue } - name := n.Ns - if !strings.HasSuffix(name, ".") { - name = sdk.JoinRelative(name, strings.TrimSuffix(origin, ".")) - } - out = append(out, strings.ToLower(dns.Fqdn(name))) + out = append(out, strings.ToLower(dns.Fqdn(n.Ns))) } sort.Strings(out) return out diff --git a/checker/collect_test.go b/checker/collect_test.go index e9b8bed..94db089 100644 --- a/checker/collect_test.go +++ b/checker/collect_test.go @@ -80,15 +80,13 @@ func TestDiffStringSets_Equal(t *testing.T) { } func TestNormalizeNSList(t *testing.T) { - // Relative labels (no trailing dot) are joined with the zone origin. - // Absolute FQDNs (trailing dot) are kept as-is. in := []*dns.NS{ - {Ns: "ns2"}, + {Ns: "NS2.Example.COM"}, nil, {Ns: "ns1.example.com."}, - {Ns: "ns1"}, + {Ns: "NS1.example.com"}, } - got := normalizeNSList(in, "example.com.") + got := normalizeNSList(in) want := []string{"ns1.example.com.", "ns1.example.com.", "ns2.example.com."} if !reflect.DeepEqual(got, want) { t.Errorf("got %v, want %v", got, want) diff --git a/checker/definition.go b/checker/definition.go index 29a339f..32798e9 100644 --- a/checker/definition.go +++ b/checker/definition.go @@ -110,11 +110,6 @@ func (p *authoritativeConsistencyProvider) Definition() *sdk.CheckerDefinition { Label: "Origin service", AutoFill: sdk.AutoFillService, }, - { - Id: "domain_name", - Label: "Zone name", - AutoFill: sdk.AutoFillDomainName, - }, }, }, Rules: Rules(), diff --git a/checker/types.go b/checker/types.go index 444bd2c..c4d7bdc 100644 --- a/checker/types.go +++ b/checker/types.go @@ -3,7 +3,6 @@ package checker import ( "encoding/json" "fmt" - "slices" "github.com/miekg/dns" ) @@ -78,8 +77,10 @@ type NSResult struct { // Dedupes identical messages and caps the list with a sentinel summary. func (n *NSResult) appendError(format string, args ...any) { msg := fmt.Sprintf(format, args...) - if slices.Contains(n.Errors, msg) { - return + for _, e := range n.Errors { + if e == msg { + return + } } if len(n.Errors) >= maxNSResultErrors { n.suppressedErrors++ @@ -105,8 +106,9 @@ type ObservationData struct { ParentNS []string `json:"parent_ns,omitempty"` ParentQueryError string `json:"parent_query_error,omitempty"` // Union of DeclaredNS and ParentNS, de-duplicated. - Probed []string `json:"probed,omitempty"` - Results map[string]*NSResult `json:"results,omitempty"` + Probed []string `json:"probed,omitempty"` + Results map[string]*NSResult `json:"results,omitempty"` + Findings []Finding `json:"findings"` } // Local mirror of happyDomain's services/abstract.Origin. Duplicated on