Deprecate IPWhiteList middleware in favor of IPAllowList

Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2024-01-02 17:04:06 +01:00 · 2024-01-02 17:04:06 +01:00 · 0e92b02474
commit 0e92b02474
parent 9662cdca64
36 changed files with 1268 additions and 50 deletions
--- a/pkg/config/dynamic/middlewares.go
+++ b/pkg/config/dynamic/middlewares.go
@ -19,6 +19,7 @@ type Middleware struct {
 	ReplacePathRegex  *ReplacePathRegex  `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"`
 	Chain             *Chain             `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"`
 	IPWhiteList       *IPWhiteList       `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"`
+	IPAllowList       *IPAllowList       `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
 	Headers           *Headers           `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
 	Errors            *ErrorPage         `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"`
 	RateLimit         *RateLimit         `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"`
@ -346,7 +347,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
 // +k8s:deepcopy-gen=true

 // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
-// More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy
+// More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipallowlist/#ipstrategy
 type IPStrategy struct {
 	// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
 	Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
@ -388,6 +389,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
 // IPWhiteList holds the IP whitelist middleware configuration.
 // This middleware accepts / refuses requests based on the client IP.
 // More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/
+// Deprecated: please use IPAllowList instead.
 type IPWhiteList struct {
 	// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
 	SourceRange []string    `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
@ -396,6 +398,17 @@ type IPWhiteList struct {

 // +k8s:deepcopy-gen=true

+// IPAllowList holds the IP allowlist middleware configuration.
+// This middleware accepts / refuses requests based on the client IP.
+// More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipallowlist/
+type IPAllowList struct {
+	// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
+	SourceRange []string    `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
+	IPStrategy  *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
+}
+
+// +k8s:deepcopy-gen=true
+
 // InFlightReq holds the in-flight request middleware configuration.
 // This middleware limits the number of requests being processed and served concurrently.
 // More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/
--- a/pkg/config/dynamic/tcp_middlewares.go
+++ b/pkg/config/dynamic/tcp_middlewares.go
@ -6,6 +6,7 @@ package dynamic
 type TCPMiddleware struct {
 	InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"`
 	IPWhiteList  *TCPIPWhiteList  `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"`
+	IPAllowList  *TCPIPAllowList  `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
 }

 // +k8s:deepcopy-gen=true
@ -23,8 +24,15 @@ type TCPInFlightConn struct {
 // +k8s:deepcopy-gen=true

 // TCPIPWhiteList holds the TCP IPWhiteList middleware configuration.
-// This middleware accepts/refuses connections based on the client IP.
 type TCPIPWhiteList struct {
 	// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
 	SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
 }
+
+// +k8s:deepcopy-gen=true
+
+// TCPIPAllowList holds the TCP IPAllowList middleware configuration.
+type TCPIPAllowList struct {
+	// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
+	SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
+}
--- a/pkg/config/dynamic/zz_generated.deepcopy.go
+++ b/pkg/config/dynamic/zz_generated.deepcopy.go
@ -532,6 +532,32 @@ func (in *HealthCheck) DeepCopy() *HealthCheck {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *IPAllowList) DeepCopyInto(out *IPAllowList) {
+	*out = *in
+	if in.SourceRange != nil {
+		in, out := &in.SourceRange, &out.SourceRange
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.IPStrategy != nil {
+		in, out := &in.IPStrategy, &out.IPStrategy
+		*out = new(IPStrategy)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAllowList.
+func (in *IPAllowList) DeepCopy() *IPAllowList {
+	if in == nil {
+		return nil
+	}
+	out := new(IPAllowList)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *IPStrategy) DeepCopyInto(out *IPStrategy) {
 	*out = *in
@ -659,6 +685,11 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
 		*out = new(IPWhiteList)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.IPAllowList != nil {
+		in, out := &in.IPAllowList, &out.IPAllowList
+		*out = new(IPAllowList)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Headers != nil {
 		in, out := &in.Headers, &out.Headers
 		*out = new(Headers)
@ -1355,6 +1386,27 @@ func (in *TCPConfiguration) DeepCopy() *TCPConfiguration {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TCPIPAllowList) DeepCopyInto(out *TCPIPAllowList) {
+	*out = *in
+	if in.SourceRange != nil {
+		in, out := &in.SourceRange, &out.SourceRange
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPAllowList.
+func (in *TCPIPAllowList) DeepCopy() *TCPIPAllowList {
+	if in == nil {
+		return nil
+	}
+	out := new(TCPIPAllowList)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) {
 	*out = *in
@ -1405,6 +1457,11 @@ func (in *TCPMiddleware) DeepCopyInto(out *TCPMiddleware) {
 		*out = new(TCPIPWhiteList)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.IPAllowList != nil {
+		in, out := &in.IPAllowList, &out.IPAllowList
+		*out = new(TCPIPAllowList)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }