hashicorp:main ← maxb:ipv6-retry-join-auto-encrypt
opened 10:08PM - 15 Apr 23 UTC
Fixes #11847
Owing to confusion between hosts, and addresses (hosts with an o…ptional
colon-separated port), Go's net.SplitHostPort was being called twice on
the contents of `retry_join`. This is doomed to failure with IPv6
addresses as they must be enclosed in square brackets when part of
a host-port string.
### Testing & Reproduction steps
Attempt to start a Consul client agent with
```
auto_encrypt {
tls = true
}
retry_join = [
"[fe80::]:1234",
]
```
(You don't actually need any working server agent to reproduce this.)
Logs show:
```
2023-04-15T18:40:56.391+0100 [WARN] agent.auto_config: error splitting host address into IP and port: address=fe80:: error="address fe80::: too many colons in address"
2023-04-15T18:40:56.391+0100 [ERROR] agent.auto_config: No servers successfully responded to the auto-encrypt request
```
This is incorrect - the address was appropriately enclosed in the config file.
With the fix applied, you get a valid attempt to actually connect to the
specified IP address:
```
2023-04-15T23:05:46.901+0100 [ERROR] agent.auto_config: AutoEncrypt.Sign RPC failed: addr=[fe80::]:8300 error="rpcinsecure: error establishing connection: dial tcp <nil>->[fe80::]:8300: connect: invalid argument"
```
### Links
https://discuss.hashicorp.com/t/ipv6-agent-auto-config-error-splitting-host-address-into-ip-and-port-address-x-error-address-x-too-many-colons-in-address/52754
### PR Checklist
* [x] updated test coverage
* N/A external facing docs updated
* [ ] appropriate backport labels added
* [x] not a security concern