Renaming IPWhiteList to IPAllowList

integration/access_log_test.go

@@ -435,7 +435,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound(c *check.C) {
 	checkNoOtherTraefikProblems(c)
 }
 
-func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
+func (s *AccessLogSuite) TestAccessLogFrontendAllowlist(c *check.C) {
 	ensureWorkingDirectoryIsClean()
 
 	expected := []accessLogValue{
@@ -443,7 +443,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
 			formatOnly: false,
 			code:       "403",
 			user:       "-",
-			routerName: "rt-frontendWhitelist",
+			routerName: "rt-frontendAllowlist",
 			serviceURL: "-",
 		},
 	}
@@ -458,7 +458,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
 
 	checkStatsForLogFile(c)
 
-	waitForTraefik(c, "frontendWhitelist")
+	waitForTraefik(c, "frontendAllowlist")
 
 	// Verify Traefik started OK
 	checkTraefikStarted(c)
@@ -466,7 +466,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
 	// Test rate limit
 	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
 	c.Assert(err, checker.IsNil)
-	req.Host = "frontend.whitelist.docker.local"
+	req.Host = "frontend.allowlist.docker.local"
 
 	err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusForbidden), try.HasBody())
 	c.Assert(err, checker.IsNil)

integration/fixtures/k8s/01-traefik-crd.yml

@@ -1149,7 +1149,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -1174,14 +1174,14 @@ spec:
                         type: boolean
                     type: object
                 type: object
-              ipWhiteList:
-                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+              ipAllowList:
+                description: 'IPAllowList holds the IP allowlist middleware configuration.
                   This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
                 properties:
                   ipStrategy:
                     description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -1345,7 +1345,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -1541,8 +1541,8 @@ spec:
                     format: int64
                     type: integer
                 type: object
-              ipWhiteList:
-                description: IPWhiteList defines the IPWhiteList middleware configuration.
+              ipAllowList:
+                description: IPAllowList defines the IPAllowList middleware configuration.
                 properties:
                   sourceRange:
                     description: SourceRange defines the allowed IPs (or ranges of

integration/fixtures/tcp/ipallowlist.toml

@@ -23,7 +23,7 @@
       entryPoints = ["tcp"]
       rule = "HostSNI(`whoami-a.test`)"
       service = "whoami-a"
-      middlewares = ["blocking-ipwhitelist"]
+      middlewares = ["blocking-ipallowlist"]
       [tcp.routers.to-whoami-a.tls]
         passthrough = true
 
@@ -31,7 +31,7 @@
       entryPoints = ["tcp"]
       rule = "HostSNI(`whoami-b.test`)"
       service = "whoami-b"
-      middlewares = ["allowing-ipwhitelist"]
+      middlewares = ["allowing-ipallowlist"]
       [tcp.routers.to-whoami-b.tls]
         passthrough = true
 
@@ -45,7 +45,7 @@
         address = "{{ .WhoamiB }}"
 
   [tcp.middlewares]
-    [tcp.middlewares.allowing-ipwhitelist.ipWhiteList]
+    [tcp.middlewares.allowing-ipallowlist.ipAllowList]
       sourceRange = ["127.0.0.1/32"]
-    [tcp.middlewares.blocking-ipwhitelist.ipWhiteList]
+    [tcp.middlewares.blocking-ipallowlist.ipAllowList]
       sourceRange = ["127.127.127.127/32"]

integration/resources/compose/access_log.yml

@@ -75,14 +75,14 @@ services:
       traefik.http.middlewares.rate.ratelimit.burst: 2
       traefik.http.services.service3.loadbalancer.server.port: 80
 
-  frontendWhitelist:
+  frontendAllowlist:
     image: traefik/whoami
     labels:
       traefik.enable: true
-      traefik.http.routers.rt-frontendWhitelist.entryPoints: web
-      traefik.http.routers.rt-frontendWhitelist.rule: Host(`frontend.whitelist.docker.local`)
-      traefik.http.routers.rt-frontendWhitelist.middlewares: wl
-      traefik.http.middlewares.wl.ipwhitelist.sourcerange: 8.8.8.8/32
+      traefik.http.routers.rt-frontendAllowlist.entryPoints: web
+      traefik.http.routers.rt-frontendAllowlist.rule: Host(`frontend.allowlist.docker.local`)
+      traefik.http.routers.rt-frontendAllowlist.middlewares: wl
+      traefik.http.middlewares.wl.ipallowlist.sourcerange: 8.8.8.8/32
       traefik.http.services.service3.loadbalancer.server.port: 80
 
 networks:

integration/resources/compose/allowlist.yml

@@ -0,0 +1,41 @@
+version: "3.8"
+services:
+  noOverrideAllowlist:
+    image: traefik/whoami
+    labels:
+      traefik.enable: true
+      traefik.http.routers.rt1.rule: Host(`no.override.allowlist.docker.local`)
+      traefik.http.routers.rt1.middlewares: wl1
+      traefik.http.middlewares.wl1.ipallowList.sourceRange: 8.8.8.8
+
+  overrideIPStrategyRemoteAddrAllowlist:
+    image: traefik/whoami
+    labels:
+      traefik.enable: true
+      traefik.http.routers.rt2.rule: Host(`override.remoteaddr.allowlist.docker.local`)
+      traefik.http.routers.rt2.middlewares: wl2
+      traefik.http.middlewares.wl2.ipallowlist.sourceRange: 8.8.8.8
+      traefik.http.middlewares.wl2.ipallowlist.ipStrategy: true
+
+  overrideIPStrategyDepthAllowlist:
+    image: traefik/whoami
+    labels:
+      traefik.enable: true
+      traefik.http.routers.rt3.rule: Host(`override.depth.allowlist.docker.local`)
+      traefik.http.routers.rt3.middlewares: wl3
+      traefik.http.middlewares.wl3.ipallowlist.sourceRange: 8.8.8.8
+      traefik.http.middlewares.wl3.ipallowlist.ipStrategy.depth: 3
+
+  overrideIPStrategyExcludedIPsAllowlist:
+    image: traefik/whoami
+    labels:
+      traefik.enable: true
+      traefik.http.routers.rt4.rule: Host(`override.excludedips.allowlist.docker.local`)
+      traefik.http.routers.rt4.middlewares: wl4
+      traefik.http.middlewares.wl4.ipallowlist.sourceRange: 8.8.8.8
+      traefik.http.middlewares.wl4.ipallowlist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
+
+networks:
+  default:
+    name: traefik-test-network
+    external: true

integration/resources/compose/whitelist.yml

@@ -1,41 +0,0 @@
-version: "3.8"
-services:
-  noOverrideWhitelist:
-    image: traefik/whoami
-    labels:
-      traefik.enable: true
-      traefik.http.routers.rt1.rule: Host(`no.override.whitelist.docker.local`)
-      traefik.http.routers.rt1.middlewares: wl1
-      traefik.http.middlewares.wl1.ipwhiteList.sourceRange: 8.8.8.8
-
-  overrideIPStrategyRemoteAddrWhitelist:
-    image: traefik/whoami
-    labels:
-      traefik.enable: true
-      traefik.http.routers.rt2.rule: Host(`override.remoteaddr.whitelist.docker.local`)
-      traefik.http.routers.rt2.middlewares: wl2
-      traefik.http.middlewares.wl2.ipwhitelist.sourceRange: 8.8.8.8
-      traefik.http.middlewares.wl2.ipwhitelist.ipStrategy: true
-
-  overrideIPStrategyDepthWhitelist:
-    image: traefik/whoami
-    labels:
-      traefik.enable: true
-      traefik.http.routers.rt3.rule: Host(`override.depth.whitelist.docker.local`)
-      traefik.http.routers.rt3.middlewares: wl3
-      traefik.http.middlewares.wl3.ipwhitelist.sourceRange: 8.8.8.8
-      traefik.http.middlewares.wl3.ipwhitelist.ipStrategy.depth: 3
-
-  overrideIPStrategyExcludedIPsWhitelist:
-    image: traefik/whoami
-    labels:
-      traefik.enable: true
-      traefik.http.routers.rt4.rule: Host(`override.excludedips.whitelist.docker.local`)
-      traefik.http.routers.rt4.middlewares: wl4
-      traefik.http.middlewares.wl4.ipwhitelist.sourceRange: 8.8.8.8
-      traefik.http.middlewares.wl4.ipwhitelist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
-
-networks:
-  default:
-    name: traefik-test-network
-    external: true

integration/simple_test.go

@@ -397,13 +397,13 @@ func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) {
 	c.Assert(err, checker.IsNil)
 }
 
-func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
-	s.createComposeProject(c, "whitelist")
+func (s *SimpleSuite) TestIPStrategyAllowlist(c *check.C) {
+	s.createComposeProject(c, "allowlist")
 
 	s.composeUp(c)
 	defer s.composeDown(c)
 
-	cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml"))
+	cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
 	defer output(c)
 
 	err := cmd.Start()
@@ -413,7 +413,7 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override"))
 	c.Assert(err, checker.IsNil)
 
-	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.whitelist.docker.local"))
+	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.allowlist.docker.local"))
 	c.Assert(err, checker.IsNil)
 
 	testCases := []struct {
@@ -425,31 +425,31 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
 		{
 			desc:               "override remote addr reject",
 			xForwardedFor:      "8.8.8.8,8.8.8.8",
-			host:               "override.remoteaddr.whitelist.docker.local",
+			host:               "override.remoteaddr.allowlist.docker.local",
 			expectedStatusCode: 403,
 		},
 		{
 			desc:               "override depth accept",
 			xForwardedFor:      "8.8.8.8,10.0.0.1,127.0.0.1",
-			host:               "override.depth.whitelist.docker.local",
+			host:               "override.depth.allowlist.docker.local",
 			expectedStatusCode: 200,
 		},
 		{
 			desc:               "override depth reject",
 			xForwardedFor:      "10.0.0.1,8.8.8.8,127.0.0.1",
-			host:               "override.depth.whitelist.docker.local",
+			host:               "override.depth.allowlist.docker.local",
 			expectedStatusCode: 403,
 		},
 		{
 			desc:               "override excludedIPs reject",
 			xForwardedFor:      "10.0.0.3,10.0.0.1,10.0.0.2",
-			host:               "override.excludedips.whitelist.docker.local",
+			host:               "override.excludedips.allowlist.docker.local",
 			expectedStatusCode: 403,
 		},
 		{
 			desc:               "override excludedIPs accept",
 			xForwardedFor:      "8.8.8.8,10.0.0.1,10.0.0.2",
-			host:               "override.excludedips.whitelist.docker.local",
+			host:               "override.excludedips.allowlist.docker.local",
 			expectedStatusCode: 200,
 		},
 	}
@@ -468,12 +468,12 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
 }
 
 func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
-	s.createComposeProject(c, "whitelist")
+	s.createComposeProject(c, "allowlist")
 
 	s.composeUp(c)
 	defer s.composeDown(c)
 
-	cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml"))
+	cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
 	defer output(c)
 
 	err := cmd.Start()
@@ -481,13 +481,13 @@ func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
 	defer s.killCmd(cmd)
 
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second,
-		try.BodyContains("override.remoteaddr.whitelist.docker.local"))
+		try.BodyContains("override.remoteaddr.allowlist.docker.local"))
 	c.Assert(err, checker.IsNil)
 
 	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
 	c.Assert(err, checker.IsNil)
 
-	req.Host = "override.depth.whitelist.docker.local"
+	req.Host = "override.depth.allowlist.docker.local"
 	req.Header.Set("X-Forwarded-For", "8.8.8.8,10.0.0.1,127.0.0.1")
 
 	err = try.Request(req, 1*time.Second,

integration/tcp_test.go

@@ -241,8 +241,8 @@ func (s *TCPSuite) TestCatchAllNoTLSWithHTTPS(c *check.C) {
 	c.Assert(err, checker.IsNil)
 }
 
-func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) {
-	file := s.adaptFile(c, "fixtures/tcp/ip-whitelist.toml", struct {
+func (s *TCPSuite) TestMiddlewareAllowList(c *check.C) {
+	file := s.adaptFile(c, "fixtures/tcp/ipallowlist.toml", struct {
 		WhoamiA string
 		WhoamiB string
 	}{
@@ -261,7 +261,7 @@ func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) {
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-a.test`)"))
 	c.Assert(err, checker.IsNil)
 
-	// Traefik not passes through, ipWhitelist closes connection
+	// Traefik not passes through, ipAllowList closes connection
 	_, err = guessWhoTLSPassthrough("127.0.0.1:8093", "whoami-a.test")
 	c.Assert(err, checker.ErrorMatches, "EOF")