gitlab!1085: 1912 performance issues with bind9 large config parsing

backend/agent/bind9.go

@@ -520,6 +520,10 @@ func parseNamedDefaultPath(output []byte) string {
 //
 // It returns the BIND 9 app instance or an error if the BIND 9 is not
 // recognized or any error occurs.
+//
+// ToDo: Enable the linter check after splitting this function in #1991.
+//
+//nolint:gocyclo
 func detectBind9App(p supportedProcess, executor storkutil.CommandExecutor, explicitConfigPath string, parser bind9FileParser) (App, error) {
 	cmdline, err := p.getCmdline()
 	if err != nil {
@@ -657,6 +661,13 @@ func detectBind9App(p supportedProcess, executor storkutil.CommandExecutor, expl
 		return nil, errors.Wrapf(err, "failed to parse BIND 9 config file %s", prefixedBind9ConfPath)
 	}
 
+	if bind9Config.HasNoParse() {
+		// If some of the configuration parts are elided, it may cause issues with
+		// interactions of the Stork agent with BIND 9. The user should be warned.
+		log.Warn("BIND 9 config file contains @stork:no-parse directives. Skipping parsing selected config parts improves performance but may cause issues with interactions of the Stork agent with BIND 9.")
+		log.Warn("Make sure that you understand the implications of eliding selected config parts, e.g., allow-transfer statements in zones.")
+	}
+
 	// look for control address in config
 	ctrlAddress, ctrlPort, ctrlKey := getCtrlAddressFromBind9Config(cfgText)
 	if ctrlPort == 0 || len(ctrlAddress) == 0 {

backend/appcfg/bind9/addressmatchlist.go

@@ -3,9 +3,9 @@ package bind9config
 // Checks if the address match list excludes the specified IP address.
 func (aml *AddressMatchList) ExcludesIPAddress(ipAddress string) bool {
 	for _, element := range aml.Elements {
-		if (element.IPAddress == ipAddress && element.Negation) ||
-			(element.ACLName == "none" && !element.Negation) ||
-			(element.ACLName == "any" && element.Negation) {
+		if (element.IPAddressOrACLName == ipAddress && element.Negation) ||
+			(element.IPAddressOrACLName == "none" && !element.Negation) ||
+			(element.IPAddressOrACLName == "any" && element.Negation) {
 			return true
 		}
 	}

backend/appcfg/bind9/addressmatchlist_test.go

@@ -10,8 +10,8 @@ import (
 func TestAddressMatchListExcludesIPAddress(t *testing.T) {
 	aml := &AddressMatchList{
 		Elements: []*AddressMatchListElement{
-			{IPAddress: "127.0.0.1", Negation: true},
-			{IPAddress: "::1", Negation: false},
+			{IPAddressOrACLName: "127.0.0.1", Negation: true},
+			{IPAddressOrACLName: "::1", Negation: false},
 		},
 	}
 	require.True(t, aml.ExcludesIPAddress("127.0.0.1"))
@@ -24,7 +24,7 @@ func TestAddressMatchListExcludesIPAddress(t *testing.T) {
 func TestAddressMatchListExcludesIPAddressWithNone(t *testing.T) {
 	aml := &AddressMatchList{
 		Elements: []*AddressMatchListElement{
-			{ACLName: "none"},
+			{IPAddressOrACLName: "none"},
 		},
 	}
 	require.True(t, aml.ExcludesIPAddress("127.0.0.1"))
@@ -37,7 +37,7 @@ func TestAddressMatchListExcludesIPAddressWithNone(t *testing.T) {
 func TestAddressMatchListExcludesIPAddressWithAny(t *testing.T) {
 	aml := &AddressMatchList{
 		Elements: []*AddressMatchListElement{
-			{ACLName: "any"},
+			{IPAddressOrACLName: "any"},
 		},
 	}
 	require.False(t, aml.ExcludesIPAddress("127.0.0.1"))

backend/appcfg/bind9/allowtransfer.go

@@ -7,6 +7,6 @@ func (at *AllowTransfer) IsDisabled() bool {
 	// By default, the transfer is disabled. It is also disabled when it is none.
 	// If any of the elements is not none, the transfer is enabled.
 	return len(at.AddressMatchList.Elements) == 0 || !slices.ContainsFunc(at.AddressMatchList.Elements, func(ame *AddressMatchListElement) bool {
-		return ame.ACLName != "none"
+		return ame.IPAddressOrACLName != "none"
 	})
 }

backend/appcfg/bind9/allowtransfer_test.go

@@ -22,7 +22,7 @@ func TestAllowTransferIsDisabledNone(t *testing.T) {
 		AddressMatchList: &AddressMatchList{
 			Elements: []*AddressMatchListElement{
 				{
-					ACLName: "none",
+					IPAddressOrACLName: "none",
 				},
 			},
 		},
@@ -37,10 +37,10 @@ func TestAllowTransferIsNotDisabled(t *testing.T) {
 		AddressMatchList: &AddressMatchList{
 			Elements: []*AddressMatchListElement{
 				{
-					ACLName: "none",
+					IPAddressOrACLName: "none",
 				},
 				{
-					IPAddress: "127.0.0.1",
+					IPAddressOrACLName: "127.0.0.1",
 				},
 			},
 		},

backend/appcfg/bind9/config.go

@@ -10,6 +10,17 @@ import (
 
 const DefaultViewName = "_default"
 
+// Checks if the configuration contains no-parse directives.
+func (c *Config) HasNoParse() bool {
+	for _, statement := range c.Statements {
+		if statement.HasNoParse() {
+			return true
+		}
+	}
+	return false
+}
+
+// Returns the options or nil if the options are not found.
 func (c *Config) GetOptions() *Options {
 	for _, statement := range c.Statements {
 		if statement.Options != nil {
@@ -78,9 +89,9 @@ func (c *Config) getKeyFromAddressMatchList(level int, addressMatchList *Address
 		case element.ACL != nil:
 			// Recursively search for a key in the inline ACL.
 			return c.getKeyFromAddressMatchList(level+1, element.ACL.AddressMatchList)
-		case element.ACLName != "":
+		case element.IPAddressOrACLName != "":
 			// Recursively search for a key in the referenced ACL.
-			acl := c.GetACL(element.ACLName)
+			acl := c.GetACL(element.IPAddressOrACLName)
 			if acl != nil {
 				return c.getKeyFromAddressMatchList(level+1, acl.AddressMatchList)
 			}

backend/appcfg/bind9/config_test.go

@@ -7,6 +7,25 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+// Test checking if the configuration contains no-parse directives.
+func TestConfigHasNoParse(t *testing.T) {
+	cfg := &Config{
+		Statements: []*Statement{
+			{Options: &Options{
+				Clauses: []*OptionClause{},
+			}},
+			{NoParse: &NoParse{}},
+		},
+	}
+	require.True(t, cfg.HasNoParse())
+}
+
+// Test checking if the configuration does not contain no-parse directives.
+func TestConfigHasNoParseNone(t *testing.T) {
+	cfg := &Config{}
+	require.False(t, cfg.HasNoParse())
+}
+
 // Tests that GetView returns expected view.
 func TestGetView(t *testing.T) {
 	cfg, err := NewParser().ParseFile("testdata/named.conf")

backend/appcfg/bind9/listenon.go

@@ -16,7 +16,7 @@ func GetDefaultListenOnClauses() *ListenOnClauses {
 			AddressMatchList: &AddressMatchList{
 				Elements: []*AddressMatchListElement{
 					{
-						IPAddress: "127.0.0.1",
+						IPAddressOrACLName: "127.0.0.1",
 					},
 				},
 			},
@@ -67,8 +67,8 @@ func (l *ListenOn) GetPreferredIPAddress(allowTransferMatchList *AddressMatchLis
 		return "::1"
 	}
 	for _, element := range l.AddressMatchList.Elements {
-		if element.IPAddress != "" && !element.Negation && !allowTransferMatchList.ExcludesIPAddress(element.IPAddress) {
-			return element.IPAddress
+		if element.IPAddressOrACLName != "" && !element.Negation && !allowTransferMatchList.ExcludesIPAddress(element.IPAddressOrACLName) {
+			return element.IPAddressOrACLName
 		}
 	}
 	return ""
@@ -86,7 +86,7 @@ func (l *ListenOn) GetPort() int64 {
 // Checks if the listen-on clause includes the specified IP address.
 func (l *ListenOn) IncludesIPAddress(ipAddress string) bool {
 	for _, element := range l.AddressMatchList.Elements {
-		if element.IPAddress == ipAddress && !element.Negation {
+		if element.IPAddressOrACLName == ipAddress && !element.Negation {
 			return true
 		}
 	}

backend/appcfg/bind9/listenon_test.go

@@ -13,7 +13,7 @@ func TestGetDefaultListenOnClauses(t *testing.T) {
 	listenOnClauses := GetDefaultListenOnClauses()
 	require.Len(t, *listenOnClauses, 1)
 	require.Len(t, (*listenOnClauses)[0].AddressMatchList.Elements, 1)
-	require.Equal(t, "127.0.0.1", (*listenOnClauses)[0].AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "127.0.0.1", (*listenOnClauses)[0].AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), (*listenOnClauses)[0].GetPort())
 	require.True(t, (*listenOnClauses)[0].IncludesIPAddress("127.0.0.1"))
 	require.False(t, (*listenOnClauses)[0].IncludesIPAddress("0.0.0.0"))
@@ -28,7 +28,7 @@ func TestGetMatchingListenOnDefault(t *testing.T) {
 	require.NotNil(t, listenOn)
 	require.Len(t, *listenOnClauses, 1)
 	require.Len(t, (*listenOnClauses)[0].AddressMatchList.Elements, 1)
-	require.Equal(t, "127.0.0.1", (*listenOnClauses)[0].AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "127.0.0.1", (*listenOnClauses)[0].AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -38,19 +38,19 @@ func TestGetMatchingListenOnMultipleZeroAddress(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "192.0.2.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "192.0.2.1"}},
 			},
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "0.0.0.0"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "0.0.0.0"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(53)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "0.0.0.0", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "0.0.0.0", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -60,19 +60,19 @@ func TestGetMatchingListenOnMultipleLoopbackAddress(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "192.0.2.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "192.0.2.1"}},
 			},
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "127.0.0.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "127.0.0.1"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(53)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "127.0.0.1", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "127.0.0.1", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -82,20 +82,20 @@ func TestGetMatchingListenOnMultipleLoopbackAddressPortNumber(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "192.0.2.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "192.0.2.1"}},
 			},
 			Port: storkutil.Ptr(int64(853)),
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "127.0.0.1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "127.0.0.1"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(853)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "192.0.2.1", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "192.0.2.1", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(853), listenOn.GetPort())
 }
 
@@ -105,19 +105,19 @@ func TestGetMatchingListenOnMultipleZeroAddressIPv6(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "2001:db8:1::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "2001:db8:1::1"}},
 			},
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "::"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "::"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(53)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "::", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "::", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -127,19 +127,19 @@ func TestGetMatchingListenOnMultipleLoopbackAddressIPv6(t *testing.T) {
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "2001:db8:1::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "2001:db8:1::1"}},
 			},
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "::1"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(53)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "::1", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "::1", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(53), listenOn.GetPort())
 }
 
@@ -148,19 +148,19 @@ func TestGetMatchingListenOnMultipleLoopbackAddressPortNumberIPv6(t *testing.T)
 	listenOnClauses := ListenOnClauses{
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "2001:db8:1::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "2001:db8:1::1"}},
 			},
 			Port: storkutil.Ptr(int64(853)),
 		},
 		&ListenOn{
 			AddressMatchList: &AddressMatchList{
-				Elements: []*AddressMatchListElement{{IPAddress: "::1"}},
+				Elements: []*AddressMatchListElement{{IPAddressOrACLName: "::1"}},
 			},
 		},
 	}
 	listenOn := listenOnClauses.GetMatchingListenOn(853)
 	require.NotNil(t, listenOn)
 	require.Len(t, listenOn.AddressMatchList.Elements, 1)
-	require.Equal(t, "2001:db8:1::1", listenOn.AddressMatchList.Elements[0].IPAddress)
+	require.Equal(t, "2001:db8:1::1", listenOn.AddressMatchList.Elements[0].IPAddressOrACLName)
 	require.Equal(t, int64(853), listenOn.GetPort())
 }

backend/appcfg/bind9/options.go

@@ -1,5 +1,15 @@
 package bind9config
 
+// Checks if the options contain no-parse directives.
+func (o *Options) HasNoParse() bool {
+	for _, clause := range o.Clauses {
+		if clause.NoParse != nil {
+			return true
+		}
+	}
+	return false
+}
+
 // Gets the allow-transfer clause from options.
 func (o *Options) GetAllowTransfer() *AllowTransfer {
 	for _, clause := range o.Clauses {

backend/appcfg/bind9/options_test.go

@@ -7,6 +7,22 @@ import (
 	storkutil "isc.org/stork/util"
 )
 
+// Test checking if the options contains no-parse directives.
+func TestOptionsHasNoParse(t *testing.T) {
+	options := &Options{
+		Clauses: []*OptionClause{
+			{NoParse: &NoParse{}},
+		},
+	}
+	require.True(t, options.HasNoParse())
+}
+
+// Test checking if the options does not contain no-parse directives.
+func TestOptionsHasNoParseNone(t *testing.T) {
+	options := &Options{}
+	require.False(t, options.HasNoParse())
+}
+
 // Test getting the allow-transfer clause from options.
 func TestOptionsGetAllowTransferPort(t *testing.T) {
 	options := &Options{