From 422435f505bf0c6c0e00dc85e0bfd2860b79100e Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 4 Oct 2017 13:10:59 -0400 Subject: avoid propagating non-alias DNS info from container to host * When the ipv4 and ipv6 properties are used with a container, avoid propagating the address out to the host. * DnsInfo has been replaced with DnsInfoPropagated and DnsInfoUnpropagated. (API change) * Code that used fromDnsInfo . fromInfo changes to use getDnsInfo. * addDNS takes an additional Bool parameter to control whether the DNS info should propagate out of containers. (API change) This commit was sponsored by Trenton Cronholm on Patreon. --- src/Propellor/Types/Dns.hs | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) (limited to 'src/Propellor/Types/Dns.hs') diff --git a/src/Propellor/Types/Dns.hs b/src/Propellor/Types/Dns.hs index 87756d81..513f162a 100644 --- a/src/Propellor/Types/Dns.hs +++ b/src/Propellor/Types/Dns.hs @@ -1,4 +1,5 @@ {-# LANGUAGE DeriveDataTypeable, GeneralizedNewtypeDeriving #-} +{-# LANGUAGE FlexibleInstances #-} module Propellor.Types.Dns where @@ -36,17 +37,37 @@ toAliasesInfo l = AliasesInfo (S.fromList l) fromAliasesInfo :: AliasesInfo -> [HostName] fromAliasesInfo (AliasesInfo s) = S.toList s -newtype DnsInfo = DnsInfo { fromDnsInfo :: S.Set Record } +-- | Use this for DNS Info that should propagate from a container to a +-- host. For example, this can be used for CNAME to make aliases +-- of the containers in the host be reflected in the DNS. +newtype DnsInfoPropagated = DnsInfoPropagated + { fromDnsInfoPropagated :: S.Set Record } deriving (Show, Eq, Ord, Monoid, Typeable) -toDnsInfo :: S.Set Record -> DnsInfo -toDnsInfo = DnsInfo +toDnsInfoPropagated :: S.Set Record -> DnsInfoPropagated +toDnsInfoPropagated = DnsInfoPropagated --- | DNS Info is propagated, so that eg, aliases of a container --- are reflected in the dns for the host where it runs. -instance IsInfo DnsInfo where +instance IsInfo DnsInfoPropagated where propagateInfo _ = PropagateInfo True +-- | Use this for DNS Info that should not propagate from a container to a +-- host. For example, an IP address of a container should not influence +-- the host. +newtype DnsInfoUnpropagated = DnsInfoUnpropagated + { fromDnsInfoUnpropagated :: S.Set Record } + deriving (Show, Eq, Ord, Monoid, Typeable) + +toDnsInfoUnpropagated :: S.Set Record -> DnsInfoUnpropagated +toDnsInfoUnpropagated = DnsInfoUnpropagated + +-- | Get all DNS Info. +getDnsInfo :: Info -> S.Set Record +getDnsInfo i = fromDnsInfoUnpropagated (fromInfo i) + `S.union` fromDnsInfoPropagated (fromInfo i) + +instance IsInfo DnsInfoUnpropagated where + propagateInfo _ = PropagateInfo False + -- | Represents a bind 9 named.conf file. data NamedConf = NamedConf { confDomain :: Domain -- cgit v1.2.3