feat(service-provider-server): use OS DNS for SRV records MONGOSH-733 (#862)

addaleax · web-flow · commit 332cbe5c9752 · 2021-05-26T17:20:40.000+02:00
diff --git a/packages/build/src/compile/signable-compiler.ts b/packages/build/src/compile/signable-compiler.ts
@@ -66,6 +66,10 @@ export class SignableCompiler {
       path: await findModulePath('service-provider-server', 'mongodb-client-encryption'),
       requireRegexp: /\bmongocrypt\.node$/
     };
+    const osDnsAddon = {
+      path: await findModulePath('service-provider-server', 'os-dns-native'),
+      requireRegexp: /\bos_dns_native\.node$/
+    };
     const winCAAddon = process.platform === 'win32' ? {
       path: await findModulePath('cli-repl', 'win-export-certificate-and-key'),
       requireRegexp: /\bwin_export_cert\.node$/
@@ -93,7 +97,8 @@ export class SignableCompiler {
         AWS_SECRET_ACCESS_KEY: process.env.DEVTOOLS_CI_AWS_SECRET
       },
       addons: [
-        fleAddon
+        fleAddon,
+        osDnsAddon
       ].concat(winCAAddon ? [
         winCAAddon
       ] : []).concat(macKeychainAddon ? [
diff --git a/packages/connectivity-tests/test/atlas.sh b/packages/connectivity-tests/test/atlas.sh
@@ -129,11 +129,24 @@ function test_data_lake() {
   check_failed
 }
 
+function test_srv_without_nodejs_dns() {
+  printf "test_srv_without_nodejs_dns ... "
+
+  CONNECTION_STRING="mongodb+srv://${ATLAS_USERNAME}:${ATLAS_PASSWORD}@${ATLAS_HOSTNAME}/admin"
+
+  echo "${CONNECTION_STATUS_COMMAND}" | NODE_OPTIONS="-r ${MONGOSH_ROOT_DIR}/testing/disable-dns-srv.js" mongosh "${CONNECTION_STRING}" |
+    grep -Fq "${CONNECTION_STATUS_CHECK_STRING}" ||
+    FAILED="Can't connect to Atlas using connection string without Node.js SRV/TXT DNS support"
+
+  check_failed
+}
+
 test_connection_string
 test_atlas_in_logs
 test_credentials_masking
 test_cli_args
 test_password_prompt
 test_data_lake
+test_srv_without_nodejs_dns
 
 echo "All Atlas tests are passing"
diff --git a/packages/service-provider-server/package-lock.json b/packages/service-provider-server/package-lock.json
diff --git a/packages/service-provider-server/package.json b/packages/service-provider-server/package.json
@@ -50,6 +50,8 @@
     "@types/bl": "^2.1.0"
   },
   "optionalDependencies": {
-    "mongodb-client-encryption": "^1.2.3"
+    "mongodb-client-encryption": "^1.2.3",
+    "os-dns-native": "^1.0.3",
+    "resolve-mongodb-srv": "^1.0.1"
   }
 }
diff --git a/packages/service-provider-server/src/cli-service-provider.ts b/packages/service-provider-server/src/cli-service-provider.ts
@@ -159,6 +159,28 @@ async function connectWithFailFast(client: MongoClient): Promise<void> {
   }
 }
 
+let resolveDnsHelpers: {
+  resolve: typeof import('resolve-mongodb-srv'),
+  osDns: typeof import('os-dns-native')
+} | undefined = undefined;
+
+async function resolveMongodbSrv(uri: string): Promise<string> {
+  if (uri.startsWith('mongodb+srv://')) {
+    try {
+      resolveDnsHelpers ??= {
+        resolve: require('resolve-mongodb-srv'),
+        osDns: require('os-dns-native')
+      };
+    } catch { /* ignore */ }
+    if (resolveDnsHelpers !== undefined) {
+      return await resolveDnsHelpers.resolve(uri, {
+        dns: resolveDnsHelpers.osDns.withNodeFallback
+      });
+    }
+  }
+  return uri;
+}
+
 /**
  * Connect a MongoClient. If AutoEncryption is requested, first connect without the encryption options and verify that
  * the connection is to an enterprise cluster. If not, then error, otherwise close the connection and reconnect with the
@@ -186,6 +208,7 @@ export async function connectMongoClient(uri: string, clientOptions: MongoClient
     }
     await client.close();
   }
+  uri = await resolveMongodbSrv(uri);
   const client = new MClient(uri, clientOptions);
   await connectWithFailFast(client);
   return client;
diff --git a/testing/disable-dns-srv.js b/testing/disable-dns-srv.js
@@ -0,0 +1,26 @@
+'use strict';
+const dns = require('dns');
+console.log('!!! Disabling SRV and TXT DNS queries through the Node.js API !!!');
+
+const origResolve = dns.resolve;
+const origPromiseResolve = dns.promises.resolve;
+const err = Object.assign(new Error('SRV and TXT not available'), { code: 'ENODATA' });
+
+dns.resolve = (hostname, type, cb) => {
+  if (type === 'SRV' || type === 'TXT')
+    return process.nextTick(cb, err);
+  return origResolve(hostname, type, cb);
+};
+dns.resolveSrv = (hostname, cb) => {
+  return process.nextTick(cb, err);
+};
+dns.resolveTxt = (hostname, cb) => {
+  return process.nextTick(cb, err);
+};
+dns.promises.resolve = async(hostname, type) => {
+  if (type === 'SRV' || type === 'TXT')
+    throw err;
+  await origPromiseResolve;
+};
+dns.promises.resolveSrv = () => Promise.reject(err);
+dns.promises.resolveTxt = () => Promise.reject(err);

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,8 @@`
`50`	`50`	`"@types/bl": "^2.1.0"`
`51`	`51`	`},`
`52`	`52`	`"optionalDependencies": {`
`53`		`- "mongodb-client-encryption": "^1.2.3"`
	`53`	`+ "mongodb-client-encryption": "^1.2.3",`
	`54`	`+ "os-dns-native": "^1.0.3",`
	`55`	`+ "resolve-mongodb-srv": "^1.0.1"`
`54`	`56`	`}`
`55`	`57`	`}`