Reintroduce dropped v2 dynamic config

Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>
2024-01-29 17:32:05 +01:00 · 2024-01-29 17:32:05 +01:00 · 40de310927
commit 40de310927
parent 18203f57d2
53 changed files with 880 additions and 392 deletions
--- a/pkg/config/dynamic/middlewares.go
+++ b/pkg/config/dynamic/middlewares.go
@ -6,7 +6,6 @@ import (

 	ptypes "github.com/traefik/paerser/types"
 	"github.com/traefik/traefik/v3/pkg/ip"
-	"github.com/traefik/traefik/v3/pkg/types"
 )

 // +k8s:deepcopy-gen=true
@ -55,9 +54,13 @@ type GrpcWeb struct {
 // +k8s:deepcopy-gen=true

 // ContentType holds the content-type middleware configuration.
-// This middleware sets the `Content-Type` header value to the media type detected from the response content,
-// when it is not set by the backend.
-type ContentType struct{}
+// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
+type ContentType struct {
+	// AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
+	// be automatically set to a value derived from the contents of the response.
+	// Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
+	AutoDetect *bool `json:"autoDetect,omitempty" toml:"autoDetect,omitempty" yaml:"autoDetect,omitempty" export:"true"`
+}

 // +k8s:deepcopy-gen=true

@ -218,7 +221,7 @@ type ForwardAuth struct {
 	// Address defines the authentication server address.
 	Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
 	// TLS defines the configuration used to secure the connection to the authentication server.
-	TLS *types.ClientTLS `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
+	TLS *ClientTLS `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
 	// TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.
 	TrustForwardHeader bool `json:"trustForwardHeader,omitempty" toml:"trustForwardHeader,omitempty" yaml:"trustForwardHeader,omitempty" export:"true"`
 	// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
@ -235,6 +238,20 @@ type ForwardAuth struct {

 // +k8s:deepcopy-gen=true

+// ClientTLS holds TLS specific configurations as client
+// CA, Cert and Key can be either path or file contents.
+// TODO: remove this struct when CAOptional option will be removed.
+type ClientTLS struct {
+	CA                 string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"`
+	Cert               string `description:"TLS cert" json:"cert,omitempty" toml:"cert,omitempty" yaml:"cert,omitempty"`
+	Key                string `description:"TLS key" json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty" loggable:"false"`
+	InsecureSkipVerify bool   `description:"TLS insecure skip verify" json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty" export:"true"`
+	// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
+	CAOptional *bool `description:"TLS CA.Optional" json:"caOptional,omitempty" toml:"caOptional,omitempty" yaml:"caOptional,omitempty" export:"true"`
+}
+
+// +k8s:deepcopy-gen=true
+
 // Headers holds the headers middleware configuration.
 // This middleware manages the requests and responses headers.
 // More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
@ -303,6 +320,17 @@ type Headers struct {
 	// If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
 	// and STS headers, leave this as false.
 	IsDevelopment bool `json:"isDevelopment,omitempty" toml:"isDevelopment,omitempty" yaml:"isDevelopment,omitempty" export:"true"`
+
+	// Deprecated: FeaturePolicy option is deprecated, please use PermissionsPolicy instead.
+	FeaturePolicy *string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
+	// Deprecated: SSLRedirect option is deprecated, please use EntryPoint redirection or RedirectScheme instead.
+	SSLRedirect *bool `json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true"`
+	// Deprecated: SSLTemporaryRedirect option is deprecated, please use EntryPoint redirection or RedirectScheme instead.
+	SSLTemporaryRedirect *bool `json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true"`
+	// Deprecated: SSLHost option is deprecated, please use RedirectRegex instead.
+	SSLHost *string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
+	// Deprecated: SSLForceHost option is deprecated, please use RedirectRegex instead.
+	SSLForceHost *bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
 }

 // HasCustomHeadersDefined checks to see if any of the custom header elements have been set.
@ -327,6 +355,10 @@ func (h *Headers) HasCorsHeadersDefined() bool {
 func (h *Headers) HasSecureHeadersDefined() bool {
 	return h != nil && (len(h.AllowedHosts) != 0 ||
 		len(h.HostsProxyHeaders) != 0 ||
+		(h.SSLRedirect != nil && *h.SSLRedirect) ||
+		(h.SSLTemporaryRedirect != nil && *h.SSLTemporaryRedirect) ||
+		(h.SSLForceHost != nil && *h.SSLForceHost) ||
+		(h.SSLHost != nil && *h.SSLHost != "") ||
 		len(h.SSLProxyHeaders) != 0 ||
 		h.STSSeconds != 0 ||
 		h.STSIncludeSubdomains ||
@ -340,6 +372,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
 		h.ContentSecurityPolicy != "" ||
 		h.PublicKey != "" ||
 		h.ReferrerPolicy != "" ||
+		(h.FeaturePolicy != nil && *h.FeaturePolicy != "") ||
 		h.PermissionsPolicy != "" ||
 		h.IsDevelopment)
 }
@ -557,6 +590,11 @@ type Retry struct {
 type StripPrefix struct {
 	// Prefixes defines the prefixes to strip from the request URL.
 	Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
+
+	// Deprecated: ForceSlash option is deprecated, please remove any usage of this option.
+	// ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
+	// Default: true.
+	ForceSlash *bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"`
 }

 // +k8s:deepcopy-gen=true
--- a/pkg/config/dynamic/tcp_config.go
+++ b/pkg/config/dynamic/tcp_config.go
@ -86,6 +86,14 @@ type TCPServersLoadBalancer struct {
 	ProxyProtocol    *ProxyProtocol `json:"proxyProtocol,omitempty" toml:"proxyProtocol,omitempty" yaml:"proxyProtocol,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
 	Servers          []TCPServer    `json:"servers,omitempty" toml:"servers,omitempty" yaml:"servers,omitempty" label-slice-as-struct:"server" export:"true"`
 	ServersTransport string         `json:"serversTransport,omitempty" toml:"serversTransport,omitempty" yaml:"serversTransport,omitempty" export:"true"`
+
+	// TerminationDelay, corresponds to the deadline that the proxy sets, after one
+	// of its connected peers indicates it has closed the writing capability of its
+	// connection, to close the reading capability as well, hence fully terminating the
+	// connection. It is a duration in milliseconds, defaulting to 100. A negative value
+	// means an infinite deadline (i.e. the reading capability is never closed).
+	// Deprecated: use ServersTransport to configure the TerminationDelay instead.
+	TerminationDelay *int `json:"terminationDelay,omitempty" toml:"terminationDelay,omitempty" yaml:"terminationDelay,omitempty" export:"true"`
 }

 // Mergeable tells if the given service is mergeable.
--- a/pkg/config/dynamic/zz_generated.deepcopy.go
+++ b/pkg/config/dynamic/zz_generated.deepcopy.go
@ -124,6 +124,27 @@ func (in *CircuitBreaker) DeepCopy() *CircuitBreaker {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientTLS) DeepCopyInto(out *ClientTLS) {
+	*out = *in
+	if in.CAOptional != nil {
+		in, out := &in.CAOptional, &out.CAOptional
+		*out = new(bool)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLS.
+func (in *ClientTLS) DeepCopy() *ClientTLS {
+	if in == nil {
+		return nil
+	}
+	out := new(ClientTLS)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Compress) DeepCopyInto(out *Compress) {
 	*out = *in
@ -219,6 +240,11 @@ func (in Configurations) DeepCopy() Configurations {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ContentType) DeepCopyInto(out *ContentType) {
 	*out = *in
+	if in.AutoDetect != nil {
+		in, out := &in.AutoDetect, &out.AutoDetect
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

@ -316,8 +342,8 @@ func (in *ForwardAuth) DeepCopyInto(out *ForwardAuth) {
 	*out = *in
 	if in.TLS != nil {
 		in, out := &in.TLS, &out.TLS
-		*out = new(types.ClientTLS)
-		**out = **in
+		*out = new(ClientTLS)
+		(*in).DeepCopyInto(*out)
 	}
 	if in.AuthResponseHeaders != nil {
 		in, out := &in.AuthResponseHeaders, &out.AuthResponseHeaders
@ -534,6 +560,31 @@ func (in *Headers) DeepCopyInto(out *Headers) {
 			(*out)[key] = val
 		}
 	}
+	if in.FeaturePolicy != nil {
+		in, out := &in.FeaturePolicy, &out.FeaturePolicy
+		*out = new(string)
+		**out = **in
+	}
+	if in.SSLRedirect != nil {
+		in, out := &in.SSLRedirect, &out.SSLRedirect
+		*out = new(bool)
+		**out = **in
+	}
+	if in.SSLTemporaryRedirect != nil {
+		in, out := &in.SSLTemporaryRedirect, &out.SSLTemporaryRedirect
+		*out = new(bool)
+		**out = **in
+	}
+	if in.SSLHost != nil {
+		in, out := &in.SSLHost, &out.SSLHost
+		*out = new(string)
+		**out = **in
+	}
+	if in.SSLForceHost != nil {
+		in, out := &in.SSLForceHost, &out.SSLForceHost
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

@ -794,7 +845,7 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
 	if in.ContentType != nil {
 		in, out := &in.ContentType, &out.ContentType
 		*out = new(ContentType)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	if in.GrpcWeb != nil {
 		in, out := &in.GrpcWeb, &out.GrpcWeb
@ -1360,6 +1411,11 @@ func (in *StripPrefix) DeepCopyInto(out *StripPrefix) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.ForceSlash != nil {
+		in, out := &in.ForceSlash, &out.ForceSlash
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

@ -1650,6 +1706,11 @@ func (in *TCPServersLoadBalancer) DeepCopyInto(out *TCPServersLoadBalancer) {
 		*out = make([]TCPServer, len(*in))
 		copy(*out, *in)
 	}
+	if in.TerminationDelay != nil {
+		in, out := &in.TerminationDelay, &out.TerminationDelay
+		*out = new(int)
+		**out = **in
+	}
 	return
 }