Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing support for /etc/resolver DNS resolution configuration on macOS #1940

Closed
pziggo opened this issue Jul 13, 2023 · 0 comments · Fixed by #1941
Closed

Missing support for /etc/resolver DNS resolution configuration on macOS #1940

pziggo opened this issue Jul 13, 2023 · 0 comments · Fixed by #1941
Labels
dependencies

Comments

@pziggo
Copy link
Contributor

pziggo commented Jul 13, 2023
edited
Loading

The current version of the provider is built using Go version 1.19.4. With Go version < 1.20, Go is using the internal Go DNS resolver by default which only considers the file /etc/resolv.conf similar to glibc's behaviour. But macOS also supports additional configurations under /etc/resolver which is often used for local development to use proper name resolution.
The behaviour has been changed beginning with Go version 1.20 (see also golang/go#12524)

Upgrading the Go version used to build the provider, will solve this issue.

Terraform Version

$ terraform --version
Terraform v1.5.2
on darwin_amd64
...
+ provider registry.terraform.io/hashicorp/vault v3.17.0

Terraform Configuration Files

provider "vault" {
  address = "http://vault.minikube.test"
  ...
}

Debug Output

Resolver used if built with Go version 1.19.4

[DEBUG] provider.terraform-provider-vault: go package net: confVal.netCgo = false  netGo = true
[DEBUG] provider.terraform-provider-vault: go package net: built with netgo build tag; using Go's DNS resolver
[DEBUG] provider.terraform-provider-vault: go package net: hostLookupOrder(vault.minikube.test) = files,dns

Resolver used if built with Go version 1.20.6

[DEBUG] provider.terraform-provider-vault: go package net: confVal.netCgo = false  netGo = false
[DEBUG] provider.terraform-provider-vault: go package net: using cgo DNS resolver
[DEBUG] provider.terraform-provider-vault: go package net: hostLookupOrder(vault.minikube.test) = cgo

Expected Behavior

The provider should lookup the host address using cgo DNS resolver on macOS in order to correctly resolve the address with the local resolver.

Actual Behavior

The provider is using Go's DNS resolver and thus fails to resolve the local host:

│ Error: failed to lookup token, err=Get "http://vault.minikube.test/v1/auth/token/lookup-self": dial tcp: lookup vault.minikube.test on 192.168.178.1:53: no such host
│ 
│   with provider["registry.terraform.io/hashicorp/vault"],
│   on provider.tf line 31, in provider "vault":
│   31: provider "vault" {
│

... while the name resolution actually works with other utils:

$ dscacheutil -q host -a name vault.minikube.test
name: vault.minikube.test
ip_address: 192.168.64.18

Steps to Reproduce

  1. Start minikube with addon ingress-dns on macOS
  2. Create a vault application using a custom ingress configuration with a local host configured
  3. Configure a custom domain resolution configuration under /etc/resolver
  4. Try to connect to the vault instance with the previously configured hostname

References
@pziggo pziggo mentioned this issue Jul 13, 2023
Merged
pziggo pushed a commit to pziggo/terraform-provider-vault that referenced this issue Jul 13, 2023
Bump Go version to fix macOS resolver issue
e678f54 
With Go version < 1.20, Go is using the internal Go DNS resolver by default
which only considers the file /etc/resolv.conf similar to glibc's behaviour.
But macOS also supports additional configurations under /etc/resolver which
is often used for local development to use proper name resolution.

The behaviour has been changed beginning with Go version 1.20
(see also https://go-review.googlesource.com/c/go/+/446178)

Fixes hashicorp#1940
fairclothjm pushed a commit that referenced this issue Jul 14, 2023
@pziggo
Bump Go version to fix macOS resolver issue (#1941)
79c81c9 
With Go version < 1.20, Go is using the internal Go DNS resolver by default
which only considers the file /etc/resolv.conf similar to glibc's behaviour.
But macOS also supports additional configurations under /etc/resolver which
is often used for local development to use proper name resolution.

The behaviour has been changed beginning with Go version 1.20
(see also https://go-review.googlesource.com/c/go/+/446178)

Fixes #1940
@danielskowronski danielskowronski mentioned this issue Jun 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump Go version to fix macOS resolver issue pziggo/terraform-provider-vault
2 participants
@pziggo @heatherezell