datamodel: management: reverting to absolute path for unix-socket

Warning that the unix-socket is not located in rundir.

Author: alesmrazek

doc/_static/config.schema.json

@@ -54,7 +54,7 @@
             "default": 256
         },
         "management": {
-            "description": "Configuration of management HTTP API. By default, unix-socket is located in 'rundir'.",
+            "description": "Configuration of management HTTP API.",
             "type": "object",
             "properties": {
                 "unix-socket": {
@@ -75,7 +75,7 @@
                 }
             },
             "default": {
-                "unix_socket": "kres-api.sock",
+                "unix_socket": "/run/knot-resolver/kres-api.sock",
                 "interface": null
             }
         },

python/knot_resolver/client/command.py

@@ -4,8 +4,8 @@
 from typing import Dict, List, Optional, Set, Tuple, Type, TypeVar
 from urllib.parse import quote
 
-from knot_resolver.constants import API_SOCK_FILE, API_SOCK_NAME, CONFIG_FILE, RUN_DIR
-from knot_resolver.datamodel.types import IPAddressPort
+from knot_resolver.constants import API_SOCK_FILE, CONFIG_FILE
+from knot_resolver.datamodel.types import IPAddressPort, WritableFilePath
 from knot_resolver.utils.modeling import parsing
 from knot_resolver.utils.modeling.exceptions import DataValidationError
 from knot_resolver.utils.requests import SocketDesc
@@ -155,37 +155,25 @@ def get_socket_from_config(config: Path, optional_file: bool) -> Optional[Socket
         with open(config, "r", encoding="utf8") as f:
             data = parsing.try_to_parse(f.read())
 
-        rkey = "rundir"
-        rundir = Path(data[rkey]) if rkey in data else RUN_DIR
-
         mkey = "management"
         if mkey in data:
             management = data[mkey]
 
+            skey = "unix-socket"
+            if skey in management:
+                sock = WritableFilePath(management[skey], object_path=f"/{mkey}/{skey}")
+                return SocketDesc(
+                    f'http+unix://{quote(str(sock), safe="")}/',
+                    f'Key "/management/unix-socket" in "{config}" file',
+                )
             ikey = "interface"
             if ikey in data[mkey]:
-                ip = IPAddressPort(data[mkey][ikey], object_path=f"/{mkey}/{ikey}")
+                ip = IPAddressPort(management[ikey], object_path=f"/{mkey}/{ikey}")
                 return SocketDesc(
                     f"http://{ip.addr}:{ip.port}",
                     f'Key "/management/interface" in "{config}" file',
                 )
-
-            skey = "unix-socket"
-            if skey in management:
-                socket = Path(management[skey])
-                if not socket.is_absolute():
-                    socket = rundir / socket
-                return SocketDesc(
-                    f'http+unix://{quote(str(socket), safe="")}/',
-                    f'Key "/management/unix-socket" in "{config}" file',
-                )
-
-        socket = rundir / API_SOCK_NAME
-        return SocketDesc(
-            f'http+unix://{quote(str(socket), safe="")}/',
-            f'Key "/rundir" in "{config}" file',
-        )
-
+        return None
     except ValueError as e:
         raise DataValidationError(*e.args) from e  # pylint: disable=no-value-for-parameter
     except OSError as e:

python/knot_resolver/constants.py

@@ -5,9 +5,6 @@
 USER = "knot-resolver"
 GROUP = "knot-resolver"
 
-# default files names
-API_SOCK_NAME = "kres-api.sock"
-
 # default dirs paths
 RUN_DIR = Path("/run/knot-resolver")
 ETC_DIR = Path("/etc/knot-resolver")
@@ -16,7 +13,7 @@
 
 # default files paths
 CONFIG_FILE = ETC_DIR / "config.yaml"
-API_SOCK_FILE = RUN_DIR / API_SOCK_NAME
+API_SOCK_FILE = RUN_DIR / "kres-api.sock"
 
 # executables paths
 KRESD_EXECUTABLE = SBIN_DIR / "kresd"

python/knot_resolver/constants.py.in

@@ -5,9 +5,6 @@ VERSION = "@version@"
 USER = "@user@"
 GROUP = "@group@"
 
-# default files names
-API_SOCK_NAME = "kres-api.sock"
-
 # default dirs paths
 RUN_DIR = Path("@run_dir@")
 ETC_DIR = Path("@etc_dir@")
@@ -16,7 +13,7 @@ CACHE_DIR = Path("@cache_dir@")
 
 # default files paths
 CONFIG_FILE = ETC_DIR / "config.yaml"
-API_SOCK_FILE = RUN_DIR / API_SOCK_NAME
+API_SOCK_FILE = RUN_DIR / "kres-api.sock"
 
 # executables paths
 KRESD_EXECUTABLE = SBIN_DIR / "kresd"

python/knot_resolver/datamodel/config_schema.py

@@ -1,10 +1,9 @@
 import logging
 import os
 import socket
-from pathlib import Path
 from typing import Any, Dict, List, Literal, Optional, Tuple, Union
 
-from knot_resolver.constants import API_SOCK_NAME, RUN_DIR, VERSION
+from knot_resolver.constants import API_SOCK_FILE, RUN_DIR, VERSION
 from knot_resolver.datamodel.cache_schema import CacheSchema
 from knot_resolver.datamodel.defer_schema import DeferSchema
 from knot_resolver.datamodel.dns64_schema import Dns64Schema
@@ -96,7 +95,7 @@ class Raw(ConfigSchema):
         rundir: Directory where the resolver can create files and which will be it's cwd.
         workers: The number of running kresd (Knot Resolver daemon) workers. If set to 'auto', it is equal to number of CPUs available.
         max_workers: The maximum number of workers allowed. Cannot be changed in runtime.
-        management: Configuration of management HTTP API. By default, unix-socket is located in 'rundir'.
+        management: Configuration of management HTTP API.
         webmgmt: Configuration of legacy web management endpoint.
         options: Fine-tuning global parameters of DNS resolver operation.
         network: Network connections and protocols configuration.
@@ -119,7 +118,7 @@ class Raw(ConfigSchema):
         rundir: WritableDir = lazy_default(WritableDir, str(RUN_DIR))
         workers: Union[Literal["auto"], IntPositive] = IntPositive(1)
         max_workers: IntPositive = IntPositive(WORKERS_MAX)
-        management: ManagementSchema = lazy_default(ManagementSchema, {"unix-socket": str(API_SOCK_NAME)})
+        management: ManagementSchema = lazy_default(ManagementSchema, {"unix-socket": str(API_SOCK_FILE)})
         webmgmt: Optional[WebmgmtSchema] = None
         options: OptionsSchema = OptionsSchema()
         network: NetworkSchema = NetworkSchema()
@@ -174,14 +173,6 @@ def _workers(self, obj: Raw) -> Any:
             )
         return obj.workers
 
-    def _management(self, obj: Raw) -> Any:
-        if obj.management.unix_socket:
-            soc = Path(obj.management.unix_socket.serialize())
-            if soc.is_absolute():
-                return obj.management
-            return ManagementSchema({"unix-socket": str(obj.rundir.to_path() / soc)})
-        return obj.management
-
     def _dnssec(self, obj: Raw) -> Any:
         if obj.dnssec is True:
             return DnssecSchema()
@@ -193,6 +184,14 @@ def _dns64(self, obj: Raw) -> Any:
         return obj.dns64
 
     def _validate(self) -> None:
+        # warn about '/management/unix-socket' not located in '/rundir'
+        if self.management.unix_socket and self.management.unix_socket.to_path().parent != self.rundir.to_path():
+            logger.warning(
+                f"The management API unix-socket '{self.management.unix_socket}'"
+                f" is not located in the resolver's rundir '{self.rundir}'."
+                " This can lead to permissions issues."
+            )
+
         # enforce max-workers config
         workers_max = _workers_max_count()
         if int(self.workers) > workers_max:

tests/manager/datamodel/test_config_schema.py

@@ -3,7 +3,7 @@
 import os
 from typing import Any, Dict, Type, cast
 
-from knot_resolver.constants import API_SOCK_FILE, API_SOCK_NAME, RUN_DIR
+from knot_resolver.constants import API_SOCK_FILE
 from knot_resolver.datamodel import KresConfig
 from knot_resolver.datamodel.lua_schema import LuaSchema
 from knot_resolver.utils.modeling import BaseSchema
@@ -58,16 +58,6 @@ def test_config_defaults():
     assert config.dns64 == False
 
 
-def test_management_unix_socket():
-    cwd = os.getcwd()
-    config = KresConfig({"rundir": cwd})
-    assert str(config.management.unix_socket) == f"{cwd}/{API_SOCK_NAME}"
-
-    my_soc = "my-new.soc"
-    config = KresConfig({"management": {"unix-socket": my_soc}})
-    assert str(config.management.unix_socket) == f"{RUN_DIR}/{my_soc}"
-
-
 def test_management_interface():
     cwd = os.getcwd()
     config = KresConfig({"rundir": cwd, "management": {"interface": "127.0.0.1@5000"}})