Renaming IPWhiteList to IPAllowList

2022-10-26 18:16:05 +03:00 · 2022-10-26 18:16:05 +03:00 · 1b9873cae9
commit 1b9873cae9
parent e86f21ae7b
69 changed files with 523 additions and 506 deletions
--- a/pkg/middlewares/ipwhitelist/ip_whitelist.go
+++ b/pkg/middlewares/ipwhitelist/ip_whitelist.go
@ -1,88 +0,0 @@
-package ipwhitelist
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/opentracing/opentracing-go/ext"
-	"github.com/traefik/traefik/v2/pkg/config/dynamic"
-	"github.com/traefik/traefik/v2/pkg/ip"
-	"github.com/traefik/traefik/v2/pkg/log"
-	"github.com/traefik/traefik/v2/pkg/middlewares"
-	"github.com/traefik/traefik/v2/pkg/tracing"
-)
-
-const (
-	typeName = "IPWhiteLister"
-)
-
-// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists.
-type ipWhiteLister struct {
-	next        http.Handler
-	whiteLister *ip.Checker
-	strategy    ip.Strategy
-	name        string
-}
-
-// New builds a new IPWhiteLister given a list of CIDR-Strings to whitelist.
-func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, name string) (http.Handler, error) {
-	logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
-	logger.Debug("Creating middleware")
-
-	if len(config.SourceRange) == 0 {
-		return nil, errors.New("sourceRange is empty, IPWhiteLister not created")
-	}
-
-	checker, err := ip.NewChecker(config.SourceRange)
-	if err != nil {
-		return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err)
-	}
-
-	strategy, err := config.IPStrategy.Get()
-	if err != nil {
-		return nil, err
-	}
-
-	logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange)
-
-	return &ipWhiteLister{
-		strategy:    strategy,
-		whiteLister: checker,
-		next:        next,
-		name:        name,
-	}, nil
-}
-
-func (wl *ipWhiteLister) GetTracingInformation() (string, ext.SpanKindEnum) {
-	return wl.name, tracing.SpanKindNoneEnum
-}
-
-func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
-	ctx := middlewares.GetLoggerCtx(req.Context(), wl.name, typeName)
-	logger := log.FromContext(ctx)
-
-	clientIP := wl.strategy.GetIP(req)
-	err := wl.whiteLister.IsAuthorized(clientIP)
-	if err != nil {
-		msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err)
-		logger.Debug(msg)
-		tracing.SetErrorWithEvent(req, msg)
-		reject(ctx, rw)
-		return
-	}
-	logger.Debugf("Accepting IP %s", clientIP)
-
-	wl.next.ServeHTTP(rw, req)
-}
-
-func reject(ctx context.Context, rw http.ResponseWriter) {
-	statusCode := http.StatusForbidden
-
-	rw.WriteHeader(statusCode)
-	_, err := rw.Write([]byte(http.StatusText(statusCode)))
-	if err != nil {
-		log.FromContext(ctx).Error(err)
-	}
-}
--- a/pkg/middlewares/ipwhitelist/ip_whitelist_test.go
+++ b/pkg/middlewares/ipwhitelist/ip_whitelist_test.go
@ -1,100 +0,0 @@
-package ipwhitelist
-
-import (
-	"context"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/traefik/traefik/v2/pkg/config/dynamic"
-)
-
-func TestNewIPWhiteLister(t *testing.T) {
-	testCases := []struct {
-		desc          string
-		whiteList     dynamic.IPWhiteList
-		expectedError bool
-	}{
-		{
-			desc: "invalid IP",
-			whiteList: dynamic.IPWhiteList{
-				SourceRange: []string{"foo"},
-			},
-			expectedError: true,
-		},
-		{
-			desc: "valid IP",
-			whiteList: dynamic.IPWhiteList{
-				SourceRange: []string{"10.10.10.10"},
-			},
-		},
-	}
-
-	for _, test := range testCases {
-		test := test
-		t.Run(test.desc, func(t *testing.T) {
-			t.Parallel()
-
-			next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-			whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
-
-			if test.expectedError {
-				assert.Error(t, err)
-			} else {
-				require.NoError(t, err)
-				assert.NotNil(t, whiteLister)
-			}
-		})
-	}
-}
-
-func TestIPWhiteLister_ServeHTTP(t *testing.T) {
-	testCases := []struct {
-		desc       string
-		whiteList  dynamic.IPWhiteList
-		remoteAddr string
-		expected   int
-	}{
-		{
-			desc: "authorized with remote address",
-			whiteList: dynamic.IPWhiteList{
-				SourceRange: []string{"20.20.20.20"},
-			},
-			remoteAddr: "20.20.20.20:1234",
-			expected:   200,
-		},
-		{
-			desc: "non authorized with remote address",
-			whiteList: dynamic.IPWhiteList{
-				SourceRange: []string{"20.20.20.20"},
-			},
-			remoteAddr: "20.20.20.21:1234",
-			expected:   403,
-		},
-	}
-
-	for _, test := range testCases {
-		test := test
-		t.Run(test.desc, func(t *testing.T) {
-			t.Parallel()
-
-			next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-			whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
-			require.NoError(t, err)
-
-			recorder := httptest.NewRecorder()
-
-			req := httptest.NewRequest(http.MethodGet, "http://10.10.10.10", nil)
-
-			if len(test.remoteAddr) > 0 {
-				req.RemoteAddr = test.remoteAddr
-			}
-
-			whiteLister.ServeHTTP(recorder, req)
-
-			assert.Equal(t, test.expected, recorder.Code)
-		})
-	}
-}