Initial implementation of ForwardCRD plugin (#4512)

* Add forwardcrd plugin README.md

Co-authored-by: Aidan Obley <aobley@vmware.com>

Signed-off-by: Christian Ang <angc@vmware.com>

* Create forwardcrd plugin

- Place forwardcrd before forward plugin in plugin list. This will avoid
forward from preventing the forwardcrd plugin from handling any queries
in the case of having a default upstream forwarder in a server block (as
is the case in the default kubernetes Corefile).

Co-authored-by: Aidan Obley <aobley@vmware.com>

Signed-off-by: Christian Ang <angc@vmware.com>

* Add Forward CRD

Signed-off-by: Christian Ang <angc@vmware.com>

* Add NewWithConfig to forward plugin

- allows external packages to instanciate forward plugins

Co-authored-by: Aidan Obley <aobley@vmware.com>

Signed-off-by: Christian Ang <angc@vmware.com>

* ForwardCRD plugin handles requests for Forward CRs

- add a Kubernetes controller that can read Forward CRs
- instances of the forward plugin are created based on Forward CRs from
the Kubernetes controller
- DNS requests are handled by calling matching Forward plugin instances
based on zone name
- Defaults to the kube-system namespace to align with Corefile RBAC

Signed-off-by: Christian Ang <angc@vmware.com>

Use klog v2 in forwardcrd plugin

* Refactor forward setup to use NewWithConfig

Co-authored-by: Christian Ang <angc@vmware.com>

Signed-off-by: Edwin Xie <exie@vmware.com>

* Use ParseInt instead of Atoi

- to ensure that the bitsize is 32 for later casting to uint32

Signed-off-by: Christian Ang <angc@vmware.com>

* Add @christianang to CODEOWNERS for forwardcrd

Signed-off-by: Christian Ang <angc@vmware.com>

Co-authored-by: Edwin Xie <exie@vmware.com>

1 files changed, 194 insertions, 0 deletions

diff --git a/plugin/forwardcrd/setup_test.go b/plugin/forwardcrd/setup_test.go
new file mode 100644
index 000000000..e5c7cb592
--- /dev/null
+++ b/plugin/forwardcrd/setup_test.go
@@ -0,0 +1,194 @@
+package forwardcrd
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/coredns/caddy"
+	"github.com/coredns/coredns/plugin"
+)
+
+func TestForwardCRDParse(t *testing.T) {
+	c := caddy.NewTestController("dns", `forwardcrd`)
+	k, err := parseForwardCRD(c)
+	if err != nil {
+		t.Fatalf("Expected no errors, but got: %v", err)
+	}
+	if k.Namespace != "kube-system" {
+		t.Errorf("Expected Namespace to be: %s\n but was: %s\n", "kube-system", k.Namespace)
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		endpoint http://localhost:9090
+	}`)
+	k, err = parseForwardCRD(c)
+	if err != nil {
+		t.Fatalf("Expected no errors, but got: %v", err)
+	}
+	if k.APIServerEndpoint != "http://localhost:9090" {
+		t.Errorf("Expected APIServerEndpoint to be: %s\n but was: %s\n", "http://localhost:9090", k.APIServerEndpoint)
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		tls cert.crt key.key cacert.crt
+	}`)
+	k, err = parseForwardCRD(c)
+	if err != nil {
+		t.Fatalf("Expected no errors, but got: %v", err)
+	}
+	if k.APIClientCert != "cert.crt" {
+		t.Errorf("Expected APIClientCert to be: %s\n but was: %s\n", "cert.crt", k.APIClientCert)
+	}
+	if k.APIClientKey != "key.key" {
+		t.Errorf("Expected APIClientCert to be: %s\n but was: %s\n", "key.key", k.APIClientKey)
+	}
+	if k.APICertAuth != "cacert.crt" {
+		t.Errorf("Expected APICertAuth to be: %s\n but was: %s\n", "cacert.crt", k.APICertAuth)
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		kubeconfig foo.kubeconfig
+	}`)
+	_, err = parseForwardCRD(c)
+	if err != nil {
+		t.Fatalf("Expected no errors, but got: %v", err)
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		kubeconfig foo.kubeconfig context
+	}`)
+	_, err = parseForwardCRD(c)
+	if err != nil {
+		t.Fatalf("Expected no errors, but got: %v", err)
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd example.org`)
+	k, err = parseForwardCRD(c)
+	if err != nil {
+		t.Fatalf("Expected no errors, but got: %v", err)
+	}
+	if len(k.Zones) != 1 || k.Zones[0] != "example.org." {
+		t.Fatalf("Expected Zones to consist of \"example.org.\" but was %v", k.Zones)
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd`)
+	c.ServerBlockKeys = []string{"example.org"}
+	k, err = parseForwardCRD(c)
+	if err != nil {
+		t.Fatalf("Expected no errors, but got: %v", err)
+	}
+	if len(k.Zones) != 1 || k.Zones[0] != "example.org." {
+		t.Fatalf("Expected Zones to consist of \"example.org.\" but was %v", k.Zones)
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		namespace
+	}`)
+	k, err = parseForwardCRD(c)
+	if err != nil {
+		t.Fatalf("Expected no errors, but got: %v", err)
+	}
+	if k.Namespace != "" {
+		t.Errorf("Expected Namespace to be: %q\n but was: %q\n", "", k.Namespace)
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		namespace dns-system
+	}`)
+	k, err = parseForwardCRD(c)
+	if err != nil {
+		t.Fatalf("Expected no errors, but got: %v", err)
+	}
+	if k.Namespace != "dns-system" {
+		t.Errorf("Expected Namespace to be: %s\n but was: %s\n", "dns-system", k.Namespace)
+	}
+
+	// negative
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		endpoint http://localhost:9090 http://foo.bar:1024
+	}`)
+	_, err = parseForwardCRD(c)
+	if err == nil {
+		t.Fatalf("Expected errors, but got nil")
+	}
+	if !strings.Contains(err.Error(), "Wrong argument count") {
+		t.Fatalf("Expected error containing \"Wrong argument count\", but got: %v", err.Error())
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		endpoint
+	}`)
+	_, err = parseForwardCRD(c)
+	if err == nil {
+		t.Fatalf("Expected errors, but got nil")
+	}
+	if !strings.Contains(err.Error(), "Wrong argument count") {
+		t.Fatalf("Expected error containing \"Wrong argument count\", but got: %v", err.Error())
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		tls foo bar
+	}`)
+	_, err = parseForwardCRD(c)
+	if err == nil {
+		t.Fatalf("Expected errors, but got nil")
+	}
+	if !strings.Contains(err.Error(), "Wrong argument count") {
+		t.Fatalf("Expected error containing \"Wrong argument count\", but got: %v", err.Error())
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		kubeconfig
+	}`)
+	_, err = parseForwardCRD(c)
+	if err == nil {
+		t.Fatalf("Expected errors, but got nil")
+	}
+	if !strings.Contains(err.Error(), "Wrong argument count") {
+		t.Fatalf("Expected error containing \"Wrong argument count\", but got: %v", err.Error())
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		kubeconfig too many args
+	}`)
+	_, err = parseForwardCRD(c)
+	if err == nil {
+		t.Fatalf("Expected errors, but got nil")
+	}
+	if !strings.Contains(err.Error(), "Wrong argument count") {
+		t.Fatalf("Expected error containing \"Wrong argument count\", but got: %v", err.Error())
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		namespace too many args
+	}`)
+	_, err = parseForwardCRD(c)
+	if err == nil {
+		t.Fatalf("Expected errors, but got nil")
+	}
+	if !strings.Contains(err.Error(), "Wrong argument count") {
+		t.Fatalf("Expected error containing \"Wrong argument count\", but got: %v", err.Error())
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd {
+		invalid
+	}`)
+	_, err = parseForwardCRD(c)
+	if err == nil {
+		t.Fatalf("Expected errors, but got nil")
+	}
+	if !strings.Contains(err.Error(), "unknown property") {
+		t.Fatalf("Expected error containing \"unknown property\", but got: %v", err.Error())
+	}
+
+	c = caddy.NewTestController("dns", `forwardcrd
+forwardcrd`)
+	_, err = parseForwardCRD(c)
+	if err == nil {
+		t.Fatalf("Expected errors, but got nil")
+	}
+	if !strings.Contains(err.Error(), plugin.ErrOnce.Error()) {
+		t.Fatalf("Expected error containing \"%s\", but got: %v", plugin.ErrOnce.Error(), err.Error())
+	}
+}