homelab/traefik
1
0
Fork 0
Code Activity

Renaming IPWhiteList to IPAllowList

Browse source
This commit is contained in:
Wambugu 2022-10-26 18:16:05 +03:00 committed by GitHub
parent e86f21ae7b
commit 1b9873cae9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
69 changed files with 523 additions and 506 deletions
Download patch file Download diff file Expand all files Collapse all files

12
pkg/api/handler_overview_test.go
View file

@ -173,24 +173,24 @@ func TestHandler_Overview(t *testing.T) {
},
},
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist1@myprovider": {
"ipallowlist1@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
Status: runtime.StatusEnabled,
},
"ipwhitelist2@myprovider": {
"ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
},
"ipwhitelist3@myprovider": {
"ipallowlist3@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},

68
pkg/api/handler_tcp_test.go
View file

@ -512,25 +512,25 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares",
conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist1@myprovider": {
"ipallowlist1@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
UsedBy: []string{"bar@myprovider", "test@myprovider"},
},
"ipwhitelist2@myprovider": {
"ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"},
},
},
UsedBy: []string{"test@myprovider"},
},
"ipwhitelist1@anotherprovider": {
"ipallowlist1@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
@ -549,27 +549,27 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares?status=enabled",
conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": {
"ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
UsedBy: []string{"bar@myprovider", "test@myprovider"},
Status: runtime.StatusEnabled,
},
"ipwhitelist2@myprovider": {
"ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"},
},
},
UsedBy: []string{"test@myprovider"},
Status: runtime.StatusDisabled,
},
"ipwhitelist@anotherprovider": {
"ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
@ -586,30 +586,30 @@ func TestHandler_TCP(t *testing.T) {
},
{
desc: "middlewares filtered by search",
path: "/api/tcp/middlewares?search=ipwhitelist",
path: "/api/tcp/middlewares?search=ipallowlist",
conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"bad@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
UsedBy: []string{"bar@myprovider", "test@myprovider"},
Status: runtime.StatusEnabled,
},
"ipwhitelist@myprovider": {
"ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
UsedBy: []string{"test@myprovider"},
Status: runtime.StatusDisabled,
},
"ipwhitelist@anotherprovider": {
"ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
@ -629,25 +629,25 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares?page=2&per_page=1",
conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": {
"ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
UsedBy: []string{"bar@myprovider", "test@myprovider"},
},
"ipwhitelist2@myprovider": {
"ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"},
},
},
UsedBy: []string{"test@myprovider"},
},
"ipwhitelist@anotherprovider": {
"ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
@ -663,28 +663,28 @@ func TestHandler_TCP(t *testing.T) {
},
{
desc: "one middleware by id",
path: "/api/tcp/middlewares/ipwhitelist@myprovider",
path: "/api/tcp/middlewares/ipallowlist@myprovider",
conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": {
"ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
UsedBy: []string{"bar@myprovider", "test@myprovider"},
},
"ipwhitelist2@myprovider": {
"ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"},
},
},
UsedBy: []string{"test@myprovider"},
},
"ipwhitelist@anotherprovider": {
"ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
@ -694,7 +694,7 @@ func TestHandler_TCP(t *testing.T) {
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/tcpmiddleware-ipwhitelist.json",
jsonFile: "testdata/tcpmiddleware-ipallowlist.json",
},
},
{
@ -702,9 +702,9 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares/foo@myprovider",
conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": {
"ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},

8
pkg/api/testdata/tcpmiddleware-ipwhitelist.json → pkg/api/testdata/tcpmiddleware-ipallowlist.json vendored
View file

@ -1,13 +1,13 @@
{
"ipWhiteList": {
"ipAllowList": {
"sourceRange": ["127.0.0.1/32"]
},
"name": "ipwhitelist@myprovider",
"name": "ipallowlist@myprovider",
"provider": "myprovider",
"status": "enabled",
"type": "ipwhitelist",
"type": "ipallowlist",
"usedBy": [
"bar@myprovider",
"test@myprovider"
]
}
}

14
pkg/api/testdata/tcpmiddlewares-filtered-search.json vendored
View file

@ -1,26 +1,26 @@
[
{
"ipWhiteList": {
"ipAllowList": {
"sourceRange": ["127.0.0.1/32"]
},
"name": "ipwhitelist@anotherprovider",
"name": "ipallowlist@anotherprovider",
"provider": "anotherprovider",
"status": "enabled",
"type": "ipwhitelist",
"type": "ipallowlist",
"usedBy": [
"bar@myprovider"
]
},
{
"ipWhiteList": {
"ipAllowList": {
"sourceRange": ["127.0.0.1/32"]
},
"name": "ipwhitelist@myprovider",
"name": "ipallowlist@myprovider",
"provider": "myprovider",
"status": "disabled",
"type": "ipwhitelist",
"type": "ipallowlist",
"usedBy": [
"test@myprovider"
]
}
]
]

14
pkg/api/testdata/tcpmiddlewares-filtered-status.json vendored
View file

@ -1,27 +1,27 @@
[
{
"ipWhiteList": {
"ipAllowList": {
"sourceRange": ["127.0.0.1/32"]
},
"name": "ipwhitelist@anotherprovider",
"name": "ipallowlist@anotherprovider",
"provider": "anotherprovider",
"status": "enabled",
"type": "ipwhitelist",
"type": "ipallowlist",
"usedBy": [
"bar@myprovider"
]
},
{
"ipWhiteList": {
"ipAllowList": {
"sourceRange": ["127.0.0.1/32"]
},
"name": "ipwhitelist@myprovider",
"name": "ipallowlist@myprovider",
"provider": "myprovider",
"status": "enabled",
"type": "ipwhitelist",
"type": "ipallowlist",
"usedBy": [
"bar@myprovider",
"test@myprovider"
]
}
]
]

8
pkg/api/testdata/tcpmiddlewares-page2.json vendored
View file

@ -1,14 +1,14 @@
[
{
"ipWhiteList": {
"ipAllowList": {
"sourceRange": ["127.0.0.1/32"]
},
"name": "ipwhitelist@anotherprovider",
"name": "ipallowlist@anotherprovider",
"provider": "anotherprovider",
"status": "enabled",
"type": "ipwhitelist",
"type": "ipallowlist",
"usedBy": [
"bar@myprovider"
]
}
]
]

20
pkg/api/testdata/tcpmiddlewares.json vendored
View file

@ -1,39 +1,39 @@
[
{
"ipWhiteList": {
"ipAllowList": {
"sourceRange": ["127.0.0.1/32"]
},
"name": "ipwhitelist1@anotherprovider",
"name": "ipallowlist1@anotherprovider",
"provider": "anotherprovider",
"status": "enabled",
"type": "ipwhitelist",
"type": "ipallowlist",
"usedBy": [
"bar@myprovider"
]
},
{
"ipWhiteList": {
"ipAllowList": {
"sourceRange": ["127.0.0.1/32"]
},
"name": "ipwhitelist1@myprovider",
"name": "ipallowlist1@myprovider",
"provider": "myprovider",
"status": "enabled",
"type": "ipwhitelist",
"type": "ipallowlist",
"usedBy": [
"bar@myprovider",
"test@myprovider"
]
},
{
"ipWhiteList": {
"ipAllowList": {
"sourceRange": ["127.0.0.2/32"]
},
"name": "ipwhitelist2@myprovider",
"name": "ipallowlist2@myprovider",
"provider": "myprovider",
"status": "enabled",
"type": "ipwhitelist",
"type": "ipallowlist",
"usedBy": [
"test@myprovider"
]
}
]
]

6
pkg/config/dynamic/fixtures/sample.toml
View file

@ -358,11 +358,11 @@
[http.middlewares.Middleware5.chain]
middlewares = ["foobar", "foobar"]
[http.middlewares.Middleware6]
[http.middlewares.Middleware6.ipWhiteList]
[http.middlewares.Middleware6.ipAllowList]
sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware7]
[http.middlewares.Middleware7.ipWhiteList]
[http.middlewares.Middleware7.ipWhiteList.ipStrategy]
[http.middlewares.Middleware7.ipAllowList]
[http.middlewares.Middleware7.ipAllowList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware8]

10
pkg/config/dynamic/middlewares.go
View file

@ -18,7 +18,7 @@ type Middleware struct {
ReplacePath *ReplacePath `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"`
ReplacePathRegex *ReplacePathRegex `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"`
Chain *Chain `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"`
IPWhiteList *IPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"`
IPAllowList *IPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
Headers *Headers `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
Errors *ErrorPage `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"`
RateLimit *RateLimit `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"`
@ -346,7 +346,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// +k8s:deepcopy-gen=true
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy
type IPStrategy struct {
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
@ -385,10 +385,10 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
// +k8s:deepcopy-gen=true
// IPWhiteList holds the IP whitelist middleware configuration.
// IPAllowList holds the IP allowlist middleware configuration.
// This middleware accepts / refuses requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/
type IPWhiteList struct {
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/
type IPAllowList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`

6
pkg/config/dynamic/tcp_middlewares.go
View file

@ -5,7 +5,7 @@ package dynamic
// TCPMiddleware holds the TCPMiddleware configuration.
type TCPMiddleware struct {
InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"`
IPWhiteList *TCPIPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"`
IPAllowList *TCPIPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
@ -22,9 +22,9 @@ type TCPInFlightConn struct {
// +k8s:deepcopy-gen=true
// TCPIPWhiteList holds the TCP IPWhiteList middleware configuration.
// TCPIPAllowList holds the TCP IPAllowList middleware configuration.
// This middleware accepts/refuses connections based on the client IP.
type TCPIPWhiteList struct {
type TCPIPAllowList struct {
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
}

72
pkg/config/dynamic/zz_generated.deepcopy.go
View file

@ -532,6 +532,32 @@ func (in *HealthCheck) DeepCopy() *HealthCheck {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPAllowList) DeepCopyInto(out *IPAllowList) {
*out = *in
if in.SourceRange != nil {
in, out := &in.SourceRange, &out.SourceRange
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPStrategy != nil {
in, out := &in.IPStrategy, &out.IPStrategy
*out = new(IPStrategy)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAllowList.
func (in *IPAllowList) DeepCopy() *IPAllowList {
if in == nil {
return nil
}
out := new(IPAllowList)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPStrategy) DeepCopyInto(out *IPStrategy) {
*out = *in
@ -553,32 +579,6 @@ func (in *IPStrategy) DeepCopy() *IPStrategy {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPWhiteList) DeepCopyInto(out *IPWhiteList) {
*out = *in
if in.SourceRange != nil {
in, out := &in.SourceRange, &out.SourceRange
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPStrategy != nil {
in, out := &in.IPStrategy, &out.IPStrategy
*out = new(IPStrategy)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPWhiteList.
func (in *IPWhiteList) DeepCopy() *IPWhiteList {
if in == nil {
return nil
}
out := new(IPWhiteList)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *InFlightReq) DeepCopyInto(out *InFlightReq) {
*out = *in
@ -654,9 +654,9 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
*out = new(Chain)
(*in).DeepCopyInto(*out)
}
if in.IPWhiteList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList
*out = new(IPWhiteList)
if in.IPAllowList != nil {
in, out := &in.IPAllowList, &out.IPAllowList
*out = new(IPAllowList)
(*in).DeepCopyInto(*out)
}
if in.Headers != nil {
@ -1382,7 +1382,7 @@ func (in *TCPConfiguration) DeepCopy() *TCPConfiguration {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) {
func (in *TCPIPAllowList) DeepCopyInto(out *TCPIPAllowList) {
*out = *in
if in.SourceRange != nil {
in, out := &in.SourceRange, &out.SourceRange
@ -1392,12 +1392,12 @@ func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) {
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPWhiteList.
func (in *TCPIPWhiteList) DeepCopy() *TCPIPWhiteList {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPAllowList.
func (in *TCPIPAllowList) DeepCopy() *TCPIPAllowList {
if in == nil {
return nil
}
out := new(TCPIPWhiteList)
out := new(TCPIPAllowList)
in.DeepCopyInto(out)
return out
}
@ -1426,9 +1426,9 @@ func (in *TCPMiddleware) DeepCopyInto(out *TCPMiddleware) {
*out = new(TCPInFlightConn)
**out = **in
}
if in.IPWhiteList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList
*out = new(TCPIPWhiteList)
if in.IPAllowList != nil {
in, out := &in.IPAllowList, &out.IPAllowList
*out = new(TCPIPAllowList)
(*in).DeepCopyInto(*out)
}
return

24
pkg/config/label/label_test.go
View file

@ -82,9 +82,9 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.Middleware8.headers.stspreload": "true",
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips": "foobar, fiibar",
"traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange": "foobar, fiibar",
"traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.excludedips": "foobar, fiibar",
"traefik.http.middlewares.Middleware9.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.http.middlewares.Middleware10.inflightreq.amount": "42",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar",
@ -180,7 +180,7 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.services.Service1.loadbalancer.sticky": "false",
"traefik.http.services.Service1.loadbalancer.sticky.cookie.name": "fui",
"traefik.tcp.middlewares.Middleware0.ipwhitelist.sourcerange": "foobar, fiibar",
"traefik.tcp.middlewares.Middleware0.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.middlewares.Middleware2.inflightconn.amount": "42",
"traefik.tcp.routers.Router0.rule": "foobar",
"traefik.tcp.routers.Router0.priority": "42",
@ -244,7 +244,7 @@ func TestDecodeConfiguration(t *testing.T) {
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware0": {
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"},
},
},
@ -611,7 +611,7 @@ func TestDecodeConfiguration(t *testing.T) {
},
},
"Middleware9": {
IPWhiteList: &dynamic.IPWhiteList{
IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{
"foobar",
"fiibar",
@ -741,7 +741,7 @@ func TestEncodeConfiguration(t *testing.T) {
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware0": {
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"},
},
},
@ -1113,7 +1113,7 @@ func TestEncodeConfiguration(t *testing.T) {
},
},
"Middleware9": {
IPWhiteList: &dynamic.IPWhiteList{
IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{
"foobar",
"fiibar",
@ -1265,9 +1265,9 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.ExcludedIPs": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.SourceRange": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount": "42",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar",
@ -1360,7 +1360,7 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme": "foobar",
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0": "foobar",
"traefik.TCP.Middlewares.Middleware0.IPWhiteList.SourceRange": "foobar, fiibar",
"traefik.TCP.Middlewares.Middleware0.IPAllowList.SourceRange": "foobar, fiibar",
"traefik.TCP.Middlewares.Middleware2.InFlightConn.Amount": "42",
"traefik.TCP.Routers.Router0.Rule": "foobar",
"traefik.TCP.Routers.Router0.Priority": "42",

10
pkg/ip/checker_test.go
View file

@ -11,25 +11,25 @@ import (
func TestIsAuthorized(t *testing.T) {
testCases := []struct {
desc string
whiteList []string
allowList []string
remoteAddr string
authorized bool
}{
{
desc: "remoteAddr not in range",
whiteList: []string{"1.2.3.4/24"},
allowList: []string{"1.2.3.4/24"},
remoteAddr: "10.2.3.1:123",
authorized: false,
},
{
desc: "remoteAddr in range",
whiteList: []string{"1.2.3.4/24"},
allowList: []string{"1.2.3.4/24"},
remoteAddr: "1.2.3.1:123",
authorized: true,
},
{
desc: "octal ip in remoteAddr",
whiteList: []string{"127.2.3.4/24"},
allowList: []string{"127.2.3.4/24"},
remoteAddr: "0127.2.3.1:123",
authorized: false,
},
@ -40,7 +40,7 @@ func TestIsAuthorized(t *testing.T) {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
ipChecker, err := NewChecker(test.whiteList)
ipChecker, err := NewChecker(test.allowList)
require.NoError(t, err)
err = ipChecker.IsAuthorized(test.remoteAddr)

38
pkg/middlewares/ipwhitelist/ip_whitelist.go → pkg/middlewares/ipallowlist/ip_allowlist.go
View file

@ -1,4 +1,4 @@
package ipwhitelist
package ipallowlist
import (
"context"
@ -15,29 +15,29 @@ import (
)
const (
typeName = "IPWhiteLister"
typeName = "IPAllowLister"
)
// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists.
type ipWhiteLister struct {
// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
type ipAllowLister struct {
next http.Handler
whiteLister *ip.Checker
allowLister *ip.Checker
strategy ip.Strategy
name string
}
// New builds a new IPWhiteLister given a list of CIDR-Strings to whitelist.
func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, name string) (http.Handler, error) {
// New builds a new IPAllowLister given a list of CIDR-Strings to allow.
func New(ctx context.Context, next http.Handler, config dynamic.IPAllowList, name string) (http.Handler, error) {
logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
logger.Debug("Creating middleware")
if len(config.SourceRange) == 0 {
return nil, errors.New("sourceRange is empty, IPWhiteLister not created")
return nil, errors.New("sourceRange is empty, IPAllowLister not created")
}
checker, err := ip.NewChecker(config.SourceRange)
if err != nil {
return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err)
return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
}
strategy, err := config.IPStrategy.Get()
@ -45,26 +45,26 @@ func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, nam
return nil, err
}
logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange)
logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
return &ipWhiteLister{
return &ipAllowLister{
strategy: strategy,
whiteLister: checker,
allowLister: checker,
next: next,
name: name,
}, nil
}
func (wl *ipWhiteLister) GetTracingInformation() (string, ext.SpanKindEnum) {
return wl.name, tracing.SpanKindNoneEnum
func (al *ipAllowLister) GetTracingInformation() (string, ext.SpanKindEnum) {
return al.name, tracing.SpanKindNoneEnum
}
func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
ctx := middlewares.GetLoggerCtx(req.Context(), wl.name, typeName)
func (al *ipAllowLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
ctx := middlewares.GetLoggerCtx(req.Context(), al.name, typeName)
logger := log.FromContext(ctx)
clientIP := wl.strategy.GetIP(req)
err := wl.whiteLister.IsAuthorized(clientIP)
clientIP := al.strategy.GetIP(req)
err := al.allowLister.IsAuthorized(clientIP)
if err != nil {
msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err)
logger.Debug(msg)
@ -74,7 +74,7 @@ func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
}
logger.Debugf("Accepting IP %s", clientIP)
wl.next.ServeHTTP(rw, req)
al.next.ServeHTTP(rw, req)
}
func reject(ctx context.Context, rw http.ResponseWriter) {

26
pkg/middlewares/ipwhitelist/ip_whitelist_test.go → pkg/middlewares/ipallowlist/ip_allowlist_test.go
View file

@ -1,4 +1,4 @@
package ipwhitelist
package ipallowlist
import (
"context"
@ -11,22 +11,22 @@ import (
"github.com/traefik/traefik/v2/pkg/config/dynamic"
)
func TestNewIPWhiteLister(t *testing.T) {
func TestNewIPAllowLister(t *testing.T) {
testCases := []struct {
desc string
whiteList dynamic.IPWhiteList
allowList dynamic.IPAllowList
expectedError bool
}{
{
desc: "invalid IP",
whiteList: dynamic.IPWhiteList{
allowList: dynamic.IPAllowList{
SourceRange: []string{"foo"},
},
expectedError: true,
},
{
desc: "valid IP",
whiteList: dynamic.IPWhiteList{
allowList: dynamic.IPAllowList{
SourceRange: []string{"10.10.10.10"},
},
},
@ -38,28 +38,28 @@ func TestNewIPWhiteLister(t *testing.T) {
t.Parallel()
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
if test.expectedError {
assert.Error(t, err)
} else {
require.NoError(t, err)
assert.NotNil(t, whiteLister)
assert.NotNil(t, allowLister)
}
})
}
}
func TestIPWhiteLister_ServeHTTP(t *testing.T) {
func TestIPAllowLister_ServeHTTP(t *testing.T) {
testCases := []struct {
desc string
whiteList dynamic.IPWhiteList
allowList dynamic.IPAllowList
remoteAddr string
expected int
}{
{
desc: "authorized with remote address",
whiteList: dynamic.IPWhiteList{
allowList: dynamic.IPAllowList{
SourceRange: []string{"20.20.20.20"},
},
remoteAddr: "20.20.20.20:1234",
@ -67,7 +67,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
},
{
desc: "non authorized with remote address",
whiteList: dynamic.IPWhiteList{
allowList: dynamic.IPAllowList{
SourceRange: []string{"20.20.20.20"},
},
remoteAddr: "20.20.20.21:1234",
@ -81,7 +81,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
t.Parallel()
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
require.NoError(t, err)
recorder := httptest.NewRecorder()
@ -92,7 +92,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
req.RemoteAddr = test.remoteAddr
}
whiteLister.ServeHTTP(recorder, req)
allowLister.ServeHTTP(recorder, req)
assert.Equal(t, test.expected, recorder.Code)
})

32
pkg/middlewares/tcp/ipwhitelist/ip_whitelist.go → pkg/middlewares/tcp/ipallowlist/ip_allowlist.go
View file

@ -1,4 +1,4 @@
package tcpipwhitelist
package tcpipallowlist
import (
"context"
@ -13,46 +13,46 @@ import (
)
const (
typeName = "IPWhiteListerTCP"
typeName = "IPAllowListerTCP"
)
// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists.
type ipWhiteLister struct {
// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
type ipAllowLister struct {
next tcp.Handler
whiteLister *ip.Checker
allowLister *ip.Checker
name string
}
// New builds a new TCP IPWhiteLister given a list of CIDR-Strings to whitelist.
func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPWhiteList, name string) (tcp.Handler, error) {
// New builds a new TCP IPAllowLister given a list of CIDR-Strings to allow.
func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPAllowList, name string) (tcp.Handler, error) {
logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
logger.Debug("Creating middleware")
if len(config.SourceRange) == 0 {
return nil, errors.New("sourceRange is empty, IPWhiteLister not created")
return nil, errors.New("sourceRange is empty, IPAllowLister not created")
}
checker, err := ip.NewChecker(config.SourceRange)
if err != nil {
return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err)
return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
}
logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange)
logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
return &ipWhiteLister{
whiteLister: checker,
return &ipAllowLister{
allowLister: checker,
next: next,
name: name,
}, nil
}
func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) {
ctx := middlewares.GetLoggerCtx(context.Background(), wl.name, typeName)
func (al *ipAllowLister) ServeTCP(conn tcp.WriteCloser) {
ctx := middlewares.GetLoggerCtx(context.Background(), al.name, typeName)
logger := log.FromContext(ctx)
addr := conn.RemoteAddr().String()
err := wl.whiteLister.IsAuthorized(addr)
err := al.allowLister.IsAuthorized(addr)
if err != nil {
logger.Errorf("Connection from %s rejected: %v", addr, err)
conn.Close()
@ -61,5 +61,5 @@ func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) {
logger.Debugf("Connection from %s accepted", addr)
wl.next.ServeTCP(conn)
al.next.ServeTCP(conn)
}

28
pkg/middlewares/tcp/ipwhitelist/ip_whitelist_test.go → pkg/middlewares/tcp/ipallowlist/ip_allowlist_test.go
View file

@ -1,4 +1,4 @@
package tcpipwhitelist
package tcpipallowlist
import (
"context"
@ -12,27 +12,27 @@ import (
"github.com/traefik/traefik/v2/pkg/tcp"
)
func TestNewIPWhiteLister(t *testing.T) {
func TestNewIPAllowLister(t *testing.T) {
testCases := []struct {
desc string
whiteList dynamic.TCPIPWhiteList
allowList dynamic.TCPIPAllowList
expectedError bool
}{
{
desc: "Empty config",
whiteList: dynamic.TCPIPWhiteList{},
allowList: dynamic.TCPIPAllowList{},
expectedError: true,
},
{
desc: "invalid IP",
whiteList: dynamic.TCPIPWhiteList{
allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"foo"},
},
expectedError: true,
},
{
desc: "valid IP",
whiteList: dynamic.TCPIPWhiteList{
allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"10.10.10.10"},
},
},
@ -44,28 +44,28 @@ func TestNewIPWhiteLister(t *testing.T) {
t.Parallel()
next := tcp.HandlerFunc(func(conn tcp.WriteCloser) {})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
if test.expectedError {
assert.Error(t, err)
} else {
require.NoError(t, err)
assert.NotNil(t, whiteLister)
assert.NotNil(t, allowLister)
}
})
}
}
func TestIPWhiteLister_ServeHTTP(t *testing.T) {
func TestIPAllowLister_ServeHTTP(t *testing.T) {
testCases := []struct {
desc string
whiteList dynamic.TCPIPWhiteList
allowList dynamic.TCPIPAllowList
remoteAddr string
expected string
}{
{
desc: "authorized with remote address",
whiteList: dynamic.TCPIPWhiteList{
allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"20.20.20.20"},
},
remoteAddr: "20.20.20.20:1234",
@ -73,7 +73,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
},
{
desc: "non authorized with remote address",
whiteList: dynamic.TCPIPWhiteList{
allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"20.20.20.20"},
},
remoteAddr: "20.20.20.21:1234",
@ -94,13 +94,13 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
require.NoError(t, err)
})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
require.NoError(t, err)
server, client := net.Pipe()
go func() {
whiteLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}})
allowLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}})
}()
read, err := io.ReadAll(server)

4
pkg/provider/consulcatalog/config_test.go
View file

@ -2022,7 +2022,7 @@ func Test_buildConfiguration(t *testing.T) {
Name: "Test",
Labels: map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1",
},
Address: "127.0.0.1",
@ -2041,7 +2041,7 @@ func Test_buildConfiguration(t *testing.T) {
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"},
},
},

4
pkg/provider/docker/config_test.go
View file

@ -2611,7 +2611,7 @@ func Test_buildConfiguration(t *testing.T) {
Name: "Test",
Labels: map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1",
},
NetworkSettings: networkSettings{
@ -2638,7 +2638,7 @@ func Test_buildConfiguration(t *testing.T) {
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"},
},
},

4
pkg/provider/ecs/config_test.go
View file

@ -2333,7 +2333,7 @@ func Test_buildConfiguration(t *testing.T) {
name("Test"),
labels(map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1",
}),
iMachine(
@ -2356,7 +2356,7 @@ func Test_buildConfiguration(t *testing.T) {
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"},
},
},

12
pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml
View file

@ -1,10 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP
metadata:
name: ipwhitelist
name: ipallowlist
namespace: default
spec:
ipWhiteList:
ipAllowList:
sourceRange:
- 127.0.0.1/32
@ -12,10 +12,10 @@ spec:
apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP
metadata:
name: ipwhitelist
name: ipallowlist
namespace: foo
spec:
ipWhiteList:
ipAllowList:
sourceRange:
- 127.0.0.1/32
---
@ -36,6 +36,6 @@ spec:
port: 8000
middlewares:
- name: ipwhitelist
- name: ipwhitelist
- name: ipallowlist
- name: ipallowlist
namespace: foo

16
pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml
View file

@ -1,10 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP
metadata:
name: ipwhitelist
name: ipallowlist
namespace: default
spec:
ipWhiteList:
ipAllowList:
sourceRange:
- 127.0.0.1/32
@ -12,10 +12,10 @@ spec:
apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP
metadata:
name: ipwhitelist
name: ipallowlist
namespace: foo
spec:
ipWhiteList:
ipAllowList:
sourceRange:
- 127.0.0.1/32
---
@ -36,9 +36,9 @@ spec:
port: 8000
middlewares:
- name: ipwhitelist
- name: ipwhitelist
- name: ipallowlist
- name: ipallowlist
namespace: foo
- name: ipwhitelist@file
- name: ipwhitelist-foo@file
- name: ipallowlist@file
- name: ipallowlist-foo@file
namespace: foo

2
pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml
View file

@ -4,7 +4,7 @@ metadata:
name: multiple---hyphens
namespace: default
spec:
ipWhiteList:
ipAllowList:
sourceRange:
- 127.0.0.1/32

12
pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml
View file

@ -1,10 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP
metadata:
name: ipwhitelist
name: ipallowlist
namespace: default
spec:
ipWhiteList:
ipAllowList:
sourceRange:
- 127.0.0.1/32
@ -12,10 +12,10 @@ spec:
apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP
metadata:
name: ipwhitelist
name: ipallowlist
namespace: cross-ns
spec:
ipWhiteList:
ipAllowList:
sourceRange:
- 127.0.0.1/32
---
@ -36,7 +36,7 @@ spec:
port: 8000
middlewares:
- name: ipwhitelist
- name: ipallowlist
- match: HostSNI(`bar.com`)
services:
@ -44,5 +44,5 @@ spec:
port: 8000
middlewares:
- name: ipwhitelist
- name: ipallowlist
namespace: cross-ns

4
pkg/provider/kubernetes/crd/kubernetes.go
View file

@ -263,7 +263,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
ReplacePath: middleware.Spec.ReplacePath,
ReplacePathRegex: middleware.Spec.ReplacePathRegex,
Chain: createChainMiddleware(ctxMid, middleware.Namespace, middleware.Spec.Chain),
IPWhiteList: middleware.Spec.IPWhiteList,
IPAllowList: middleware.Spec.IPAllowList,
Headers: middleware.Spec.Headers,
Errors: errorPage,
RateLimit: rateLimit,
@ -288,7 +288,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
conf.TCP.Middlewares[id] = &dynamic.TCPMiddleware{
InFlightConn: middlewareTCP.Spec.InFlightConn,
IPWhiteList: middlewareTCP.Spec.IPWhiteList,
IPAllowList: middlewareTCP.Spec.IPAllowList,
}
}

44
pkg/provider/kubernetes/crd/kubernetes_test.go
View file

@ -119,18 +119,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist"},
Middlewares: []string{"default-ipallowlist", "foo-ipallowlist"},
Rule: "HostSNI(`foo.com`)",
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": {
IPWhiteList: &dynamic.TCPIPWhiteList{
"default-ipallowlist": {
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
"foo-ipwhitelist": {
IPWhiteList: &dynamic.TCPIPWhiteList{
"foo-ipallowlist": {
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
@ -178,7 +178,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"default-multiple-hyphens": {
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
@ -220,18 +220,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist", "ipwhitelist@file", "ipwhitelist-foo@file"},
Middlewares: []string{"default-ipallowlist", "foo-ipallowlist", "ipallowlist@file", "ipallowlist-foo@file"},
Rule: "HostSNI(`foo.com`)",
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": {
IPWhiteList: &dynamic.TCPIPWhiteList{
"default-ipallowlist": {
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
"foo-ipwhitelist": {
IPWhiteList: &dynamic.TCPIPWhiteList{
"foo-ipallowlist": {
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
@ -5459,18 +5459,18 @@ func TestCrossNamespace(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist"},
Middlewares: []string{"default-ipallowlist"},
Rule: "HostSNI(`foo.com`)",
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": {
IPWhiteList: &dynamic.TCPIPWhiteList{
"default-ipallowlist": {
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
"cross-ns-ipwhitelist": {
IPWhiteList: &dynamic.TCPIPWhiteList{
"cross-ns-ipallowlist": {
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
@ -5513,24 +5513,24 @@ func TestCrossNamespace(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist"},
Middlewares: []string{"default-ipallowlist"},
Rule: "HostSNI(`foo.com`)",
},
"default-test.route-f44ce589164e656d231c": {
EntryPoints: []string{"foo"},
Service: "default-test.route-f44ce589164e656d231c",
Middlewares: []string{"cross-ns-ipwhitelist"},
Middlewares: []string{"cross-ns-ipallowlist"},
Rule: "HostSNI(`bar.com`)",
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": {
IPWhiteList: &dynamic.TCPIPWhiteList{
"default-ipallowlist": {
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},
"cross-ns-ipwhitelist": {
IPWhiteList: &dynamic.TCPIPWhiteList{
"cross-ns-ipallowlist": {
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"},
},
},

2
pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go
View file

@ -32,7 +32,7 @@ type MiddlewareSpec struct {
ReplacePath *dynamic.ReplacePath `json:"replacePath,omitempty"`
ReplacePathRegex *dynamic.ReplacePathRegex `json:"replacePathRegex,omitempty"`
Chain *Chain `json:"chain,omitempty"`
IPWhiteList *dynamic.IPWhiteList `json:"ipWhiteList,omitempty"`
IPAllowList *dynamic.IPAllowList `json:"ipAllowList,omitempty"`
Headers *dynamic.Headers `json:"headers,omitempty"`
Errors *ErrorPage `json:"errors,omitempty"`
RateLimit *RateLimit `json:"rateLimit,omitempty"`

4
pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go
View file

@ -25,8 +25,8 @@ type MiddlewareTCP struct {
type MiddlewareTCPSpec struct {
// InFlightConn defines the InFlightConn middleware configuration.
InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"`
// IPWhiteList defines the IPWhiteList middleware configuration.
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
// IPAllowList defines the IPAllowList middleware configuration.
IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

12
pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
View file

@ -689,9 +689,9 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) {
*out = new(Chain)
(*in).DeepCopyInto(*out)
}
if in.IPWhiteList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList
*out = new(dynamic.IPWhiteList)
if in.IPAllowList != nil {
in, out := &in.IPAllowList, &out.IPAllowList
*out = new(dynamic.IPAllowList)
(*in).DeepCopyInto(*out)
}
if in.Headers != nil {
@ -857,9 +857,9 @@ func (in *MiddlewareTCPSpec) DeepCopyInto(out *MiddlewareTCPSpec) {
*out = new(dynamic.TCPInFlightConn)
**out = **in
}
if in.IPWhiteList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList
*out = new(dynamic.TCPIPWhiteList)
if in.IPAllowList != nil {
in, out := &in.IPAllowList, &out.IPAllowList
*out = new(dynamic.TCPIPAllowList)
(*in).DeepCopyInto(*out)
}
return

12
pkg/provider/kv/kv_test.go
View file

@ -140,11 +140,11 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0": "foobar",
"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1": "foobar",
"traefik/http/middlewares/Middleware09/headers/browserXssFilter": "true",
"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/0": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/1": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/0": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/1": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/depth": "42",
"traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/0": "foobar",
"traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/1": "foobar",
"traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/0": "foobar",
"traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/1": "foobar",
"traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/depth": "42",
"traefik/http/middlewares/Middleware11/inFlightReq/amount": "42",
"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/requestHost": "true",
"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/ipStrategy/depth": "42",
@ -340,7 +340,7 @@ func Test_buildConfiguration(t *testing.T) {
},
Middlewares: map[string]*dynamic.Middleware{
"Middleware10": {
IPWhiteList: &dynamic.IPWhiteList{
IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{
"foobar",
"foobar",

6
pkg/provider/marathon/config_test.go
View file

@ -196,14 +196,14 @@ func TestBuildConfiguration(t *testing.T) {
},
},
{
desc: "TCP with IP whitelist",
desc: "TCP with IP allowlist",
applications: withApplications(
application(
appID("/app"),
appPorts(80),
withLabel("traefik.tcp.routers.Test.rule", "HostSNI(`foo.bar`)"),
withLabel("traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange", "foobar, fiibar"),
withLabel("traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange", "foobar, fiibar"),
withLabel("traefik.tcp.routers.Test.middlewares", "Middleware1"),
withTasks(localhostTask(taskPorts(80))),
)),
@ -218,7 +218,7 @@ func TestBuildConfiguration(t *testing.T) {
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"},
},
},

4
pkg/provider/nomad/config_test.go
View file

@ -1621,7 +1621,7 @@ func Test_buildConfig(t *testing.T) {
Name: "Test",
Tags: []string{
"traefik.tcp.routers.Test.rule = HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange = foobar, fiibar",
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange = foobar, fiibar",
"traefik.tcp.routers.Test.middlewares = Middleware1",
},
Address: "127.0.0.1",
@ -1640,7 +1640,7 @@ func Test_buildConfig(t *testing.T) {
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"},
},
},

4
pkg/provider/rancher/config_test.go
View file

@ -508,7 +508,7 @@ func Test_buildConfiguration(t *testing.T) {
Name: "Test",
Labels: map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1",
},
Port: "80/tcp",
@ -528,7 +528,7 @@ func Test_buildConfiguration(t *testing.T) {
},
Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{
IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"},
},
},

2
pkg/redactor/redactor_config_test.go
View file

@ -191,7 +191,7 @@ func init() {
Chain: &dynamic.Chain{
Middlewares: []string{"foo"},
},
IPWhiteList: &dynamic.IPWhiteList{
IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{"foo"},
IPStrategy: &dynamic.IPStrategy{
Depth: 42,

4
pkg/redactor/testdata/anonymized-dynamic-config.json vendored
View file

@ -119,7 +119,7 @@
"foo"
]
},
"ipWhiteList": {
"ipAllowList": {
"sourceRange": [
"xxxx"
],
@ -475,4 +475,4 @@
}
}
}
}
}

4
pkg/redactor/testdata/secured-dynamic-config.json vendored
View file

@ -119,7 +119,7 @@
"foo"
]
},
"ipWhiteList": {
"ipAllowList": {
"sourceRange": [
"foo"
],
@ -483,4 +483,4 @@
}
}
}
}
}

8
pkg/server/middleware/middlewares.go
View file

@ -19,7 +19,7 @@ import (
"github.com/traefik/traefik/v2/pkg/middlewares/customerrors"
"github.com/traefik/traefik/v2/pkg/middlewares/headers"
"github.com/traefik/traefik/v2/pkg/middlewares/inflightreq"
"github.com/traefik/traefik/v2/pkg/middlewares/ipwhitelist"
"github.com/traefik/traefik/v2/pkg/middlewares/ipallowlist"
"github.com/traefik/traefik/v2/pkg/middlewares/passtlsclientcert"
"github.com/traefik/traefik/v2/pkg/middlewares/ratelimiter"
"github.com/traefik/traefik/v2/pkg/middlewares/redirect"
@ -229,13 +229,13 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
}
}
// IPWhiteList
if config.IPWhiteList != nil {
// IPAllowList
if config.IPAllowList != nil {
if middleware != nil {
return nil, badConf
}
middleware = func(next http.Handler) (http.Handler, error) {
return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName)
return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
}
}

8
pkg/server/middleware/tcp/middlewares.go
View file

@ -7,7 +7,7 @@ import (
"github.com/traefik/traefik/v2/pkg/config/runtime"
inflightconn "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn"
ipwhitelist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipwhitelist"
ipallowlist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipallowlist"
"github.com/traefik/traefik/v2/pkg/server/provider"
"github.com/traefik/traefik/v2/pkg/tcp"
)
@ -94,10 +94,10 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
}
}
// IPWhiteList
if config.IPWhiteList != nil {
// IPAllowList
if config.IPAllowList != nil {
middleware = func(next tcp.Handler) (tcp.Handler, error) {
return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName)
return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
}
}