Merge 'v1.7.3' into master
This commit is contained in:
Fernandez Ludovic
commit
6dcb51a4bd
187 changed files with 26637 additions and 2091 deletions
|
|
@ -12,7 +12,6 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/BurntSushi/ty/fun"
|
||||
"github.com/cenk/backoff"
|
||||
"github.com/containous/flaeg/parse"
|
||||
"github.com/containous/traefik/log"
|
||||
|
|
@ -762,8 +761,17 @@ func (p *Provider) getValidDomains(domain types.Domain, wildcardAllowed bool) ([
|
|||
}
|
||||
}
|
||||
|
||||
domains = fun.Map(types.CanonicalDomain, domains).([]string)
|
||||
return domains, nil
|
||||
var cleanDomains []string
|
||||
for _, domain := range domains {
|
||||
canonicalDomain := types.CanonicalDomain(domain)
|
||||
cleanDomain := acme.UnFqdn(canonicalDomain)
|
||||
if canonicalDomain != cleanDomain {
|
||||
log.Warnf("FQDN detected, please remove the trailing dot: %s", canonicalDomain)
|
||||
}
|
||||
cleanDomains = append(cleanDomains, cleanDomain)
|
||||
}
|
||||
|
||||
return cleanDomains, nil
|
||||
}
|
||||
|
||||
func isDomainAlreadyChecked(domainToCheck string, existentDomains []string) bool {
|
||||
|
|
|
|||
|
|
@ -329,6 +329,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Attributes: []string{
|
||||
"random.foo=bar",
|
||||
label.TraefikFrontendAuthForwardAddress + "=auth.server",
|
||||
label.TraefikFrontendAuthForwardAuthResponseHeaders + "=X-Auth-User,X-Auth-Token",
|
||||
label.TraefikFrontendAuthForwardTrustForwardHeader + "=true",
|
||||
label.TraefikFrontendAuthForwardTLSCa + "=ca.crt",
|
||||
label.TraefikFrontendAuthForwardTLSCaOptional + "=true",
|
||||
|
|
@ -371,8 +372,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -380,6 +380,8 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Cert: "server.crt",
|
||||
Key: "server.key",
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
EntryPoints: []string{},
|
||||
|
|
@ -443,6 +445,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendAuthDigestUsers + "=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
||||
label.TraefikFrontendAuthDigestUsersFile + "=.htpasswd",
|
||||
label.TraefikFrontendAuthForwardAddress + "=auth.server",
|
||||
label.TraefikFrontendAuthForwardAuthResponseHeaders + "=X-Auth-User,X-Auth-Token",
|
||||
label.TraefikFrontendAuthForwardTrustForwardHeader + "=true",
|
||||
label.TraefikFrontendAuthForwardTLSCa + "=ca.crt",
|
||||
label.TraefikFrontendAuthForwardTLSCaOptional + "=true",
|
||||
|
|
|
|||
|
|
@ -337,21 +337,22 @@ func (p *Provider) getPortBinding(container dockerData) (*nat.PortBinding, error
|
|||
|
||||
func (p *Provider) getIPPort(container dockerData) (string, string, error) {
|
||||
var ip, port string
|
||||
usedBound := false
|
||||
|
||||
if p.UseBindPortIP {
|
||||
portBinding, err := p.getPortBinding(container)
|
||||
if err != nil {
|
||||
return "", "", fmt.Errorf("unable to find a binding for the container %q: ignoring server", container.Name)
|
||||
log.Infof("Unable to find a binding for container %q, falling back on its internal IP/Port.", container.Name)
|
||||
} else if (portBinding.HostIP == "0.0.0.0") || (len(portBinding.HostIP) == 0) {
|
||||
log.Infof("Cannot determine the IP address (got %q) for %q's binding, falling back on its internal IP/Port.", portBinding.HostIP, container.Name)
|
||||
} else {
|
||||
ip = portBinding.HostIP
|
||||
port = portBinding.HostPort
|
||||
usedBound = true
|
||||
}
|
||||
}
|
||||
|
||||
if portBinding.HostIP == "0.0.0.0" {
|
||||
return "", "", fmt.Errorf("cannot determine the IP address (got 0.0.0.0) for the container %q: ignoring server", container.Name)
|
||||
}
|
||||
|
||||
ip = portBinding.HostIP
|
||||
port = portBinding.HostPort
|
||||
|
||||
} else {
|
||||
if !usedBound {
|
||||
ip = p.getIPAddress(container)
|
||||
port = getPort(container)
|
||||
}
|
||||
|
|
@ -359,6 +360,7 @@ func (p *Provider) getIPPort(container dockerData) (string, string, error) {
|
|||
if len(ip) == 0 {
|
||||
return "", "", fmt.Errorf("unable to find the IP address for the container %q: the server is ignored", container.Name)
|
||||
}
|
||||
|
||||
return ip, port, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -63,56 +63,6 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "when frontend basic auth",
|
||||
containers: []docker.ContainerJSON{
|
||||
containerJSON(
|
||||
name("test"),
|
||||
labels(map[string]string{
|
||||
label.TraefikFrontendAuthBasicUsers: "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
||||
label.TraefikFrontendAuthBasicUsersFile: ".htpasswd",
|
||||
label.TraefikFrontendAuthBasicRemoveHeader: "true",
|
||||
label.TraefikFrontendAuthBasicRealm: "myRealm",
|
||||
}),
|
||||
ports(nat.PortMap{
|
||||
"80/tcp": {},
|
||||
}),
|
||||
withNetwork("bridge", ipv4("127.0.0.1")),
|
||||
),
|
||||
},
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-Host-test-docker-localhost-0": {
|
||||
Backend: "backend-test",
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
Auth: &types.Auth{
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Realm: "myRealm",
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
},
|
||||
},
|
||||
Routes: map[string]types.Route{
|
||||
"route-frontend-Host-test-docker-localhost-0": {
|
||||
Rule: "Host:test.docker.localhost",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-test": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-test-842895ca2aca17f6ee36ddb2f621194d": {
|
||||
URL: "http://127.0.0.1:80",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
CircuitBreaker: nil,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "when pass tls client certificate",
|
||||
containers: []docker.ContainerJSON{
|
||||
|
|
@ -175,6 +125,55 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
CircuitBreaker: nil,
|
||||
},
|
||||
},
|
||||
}, {
|
||||
desc: "when frontend basic auth",
|
||||
containers: []docker.ContainerJSON{
|
||||
containerJSON(
|
||||
name("test"),
|
||||
labels(map[string]string{
|
||||
label.TraefikFrontendAuthBasicUsers: "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
||||
label.TraefikFrontendAuthBasicUsersFile: ".htpasswd",
|
||||
label.TraefikFrontendAuthBasicRemoveHeader: "true",
|
||||
label.TraefikFrontendAuthBasicRealm: "myRealm",
|
||||
}),
|
||||
ports(nat.PortMap{
|
||||
"80/tcp": {},
|
||||
}),
|
||||
withNetwork("bridge", ipv4("127.0.0.1")),
|
||||
),
|
||||
},
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-Host-test-docker-localhost-0": {
|
||||
Backend: "backend-test",
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
Auth: &types.Auth{
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Realm: "myRealm",
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
},
|
||||
},
|
||||
Routes: map[string]types.Route{
|
||||
"route-frontend-Host-test-docker-localhost-0": {
|
||||
Rule: "Host:test.docker.localhost",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-test": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-test-842895ca2aca17f6ee36ddb2f621194d": {
|
||||
URL: "http://127.0.0.1:80",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
CircuitBreaker: nil,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "when frontend basic auth backward compatibility",
|
||||
|
|
@ -281,6 +280,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendAuthForwardTLSCert: "server.crt",
|
||||
label.TraefikFrontendAuthForwardTLSKey: "server.key",
|
||||
label.TraefikFrontendAuthForwardTLSInsecureSkipVerify: "true",
|
||||
label.TraefikFrontendAuthForwardAuthResponseHeaders: "X-Auth-User,X-Auth-Token",
|
||||
}),
|
||||
ports(nat.PortMap{
|
||||
"80/tcp": {},
|
||||
|
|
@ -295,8 +295,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
EntryPoints: []string{},
|
||||
Auth: &types.Auth{
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -304,6 +303,8 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
Cert: "server.crt",
|
||||
Key: "server.key",
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
Routes: map[string]types.Route{
|
||||
|
|
@ -1398,6 +1399,31 @@ func TestDockerGetIPPort(t *testing.T) {
|
|||
ip, port string
|
||||
expectsError bool
|
||||
}{
|
||||
{
|
||||
desc: "label traefik.port not set, no binding, falling back on the container's IP/Port",
|
||||
container: containerJSON(
|
||||
ports(nat.PortMap{
|
||||
"8080/tcp": {},
|
||||
}),
|
||||
withNetwork("testnet", ipv4("10.11.12.13"))),
|
||||
ip: "10.11.12.13",
|
||||
port: "8080",
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port not set, single binding with port only, falling back on the container's IP/Port",
|
||||
container: containerJSON(
|
||||
withNetwork("testnet", ipv4("10.11.12.13")),
|
||||
ports(nat.PortMap{
|
||||
"80/tcp": []nat.PortBinding{
|
||||
{
|
||||
HostPort: "8082",
|
||||
},
|
||||
},
|
||||
}),
|
||||
),
|
||||
ip: "10.11.12.13",
|
||||
port: "80",
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port not set, binding with ip:port should create a route to the bound ip:port",
|
||||
container: containerJSON(
|
||||
|
|
@ -1413,6 +1439,52 @@ func TestDockerGetIPPort(t *testing.T) {
|
|||
ip: "1.2.3.4",
|
||||
port: "8081",
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port set, no binding, falling back on the container's IP/traefik.port",
|
||||
container: containerJSON(
|
||||
labels(map[string]string{
|
||||
label.TraefikPort: "80",
|
||||
}),
|
||||
withNetwork("testnet", ipv4("10.11.12.13"))),
|
||||
ip: "10.11.12.13",
|
||||
port: "80",
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port set, single binding with ip:port for the label, creates the route",
|
||||
container: containerJSON(
|
||||
labels(map[string]string{
|
||||
label.TraefikPort: "443",
|
||||
}),
|
||||
ports(nat.PortMap{
|
||||
"443/tcp": []nat.PortBinding{
|
||||
{
|
||||
HostIP: "5.6.7.8",
|
||||
HostPort: "8082",
|
||||
},
|
||||
},
|
||||
}),
|
||||
withNetwork("testnet", ipv4("10.11.12.13"))),
|
||||
ip: "5.6.7.8",
|
||||
port: "8082",
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port set, no binding on the corresponding port, falling back on the container's IP/label.port",
|
||||
container: containerJSON(
|
||||
labels(map[string]string{
|
||||
label.TraefikPort: "80",
|
||||
}),
|
||||
ports(nat.PortMap{
|
||||
"443/tcp": []nat.PortBinding{
|
||||
{
|
||||
HostIP: "5.6.7.8",
|
||||
HostPort: "8082",
|
||||
},
|
||||
},
|
||||
}),
|
||||
withNetwork("testnet", ipv4("10.11.12.13"))),
|
||||
ip: "10.11.12.13",
|
||||
port: "80",
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port set, multiple bindings on different ports, uses the label to select the correct (first) binding",
|
||||
container: containerJSON(
|
||||
|
|
@ -1461,69 +1533,6 @@ func TestDockerGetIPPort(t *testing.T) {
|
|||
ip: "5.6.7.8",
|
||||
port: "8082",
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port set, single binding with ip:port for the label, creates the route",
|
||||
container: containerJSON(
|
||||
labels(map[string]string{
|
||||
label.TraefikPort: "443",
|
||||
}),
|
||||
ports(nat.PortMap{
|
||||
"443/tcp": []nat.PortBinding{
|
||||
{
|
||||
HostIP: "5.6.7.8",
|
||||
HostPort: "8082",
|
||||
},
|
||||
},
|
||||
}),
|
||||
withNetwork("testnet", ipv4("10.11.12.13"))),
|
||||
ip: "5.6.7.8",
|
||||
port: "8082",
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port not set, single binding with port only, server ignored",
|
||||
container: containerJSON(
|
||||
ports(nat.PortMap{
|
||||
"80/tcp": []nat.PortBinding{
|
||||
{
|
||||
HostPort: "8082",
|
||||
},
|
||||
},
|
||||
}),
|
||||
withNetwork("testnet", ipv4("10.11.12.13"))),
|
||||
expectsError: true,
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port not set, no binding, server ignored",
|
||||
container: containerJSON(
|
||||
withNetwork("testnet", ipv4("10.11.12.13"))),
|
||||
expectsError: true,
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port set, no binding on the corresponding port, server ignored",
|
||||
container: containerJSON(
|
||||
labels(map[string]string{
|
||||
label.TraefikPort: "80",
|
||||
}),
|
||||
ports(nat.PortMap{
|
||||
"443/tcp": []nat.PortBinding{
|
||||
{
|
||||
HostIP: "5.6.7.8",
|
||||
HostPort: "8082",
|
||||
},
|
||||
},
|
||||
}),
|
||||
withNetwork("testnet", ipv4("10.11.12.13"))),
|
||||
expectsError: true,
|
||||
},
|
||||
{
|
||||
desc: "label traefik.port set, no binding, server ignored",
|
||||
container: containerJSON(
|
||||
labels(map[string]string{
|
||||
label.TraefikPort: "80",
|
||||
}),
|
||||
withNetwork("testnet", ipv4("10.11.12.13"))),
|
||||
expectsError: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
|
|
@ -1536,7 +1545,7 @@ func TestDockerGetIPPort(t *testing.T) {
|
|||
dData.SegmentLabels = segmentProperties[""]
|
||||
|
||||
provider := &Provider{
|
||||
Network: "webnet",
|
||||
Network: "testnet",
|
||||
UseBindPortIP: true,
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -324,6 +324,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendAuthForwardTLSCert: "server.crt",
|
||||
label.TraefikFrontendAuthForwardTLSKey: "server.key",
|
||||
label.TraefikFrontendAuthForwardTLSInsecureSkipVerify: "true",
|
||||
label.TraefikFrontendAuthForwardAuthResponseHeaders: "X-Auth-User,X-Auth-Token",
|
||||
}),
|
||||
withEndpointSpec(modeVIP),
|
||||
withEndpoint(virtualIP("1", "127.0.0.1/24")),
|
||||
|
|
@ -336,8 +337,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
|
|||
EntryPoints: []string{},
|
||||
Auth: &types.Auth{
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -345,6 +345,8 @@ func TestSwarmBuildConfiguration(t *testing.T) {
|
|||
Key: "server.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
Routes: map[string]types.Route{
|
||||
|
|
|
|||
|
|
@ -298,6 +298,7 @@ func TestSegmentBuildConfiguration(t *testing.T) {
|
|||
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSCert: "server.crt",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSKey: "server.key",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSInsecureSkipVerify: "true",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardAuthResponseHeaders: "X-Auth-User,X-Auth-Token",
|
||||
}),
|
||||
ports(nat.PortMap{
|
||||
"80/tcp": {},
|
||||
|
|
@ -318,8 +319,7 @@ func TestSegmentBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -327,6 +327,8 @@ func TestSegmentBuildConfiguration(t *testing.T) {
|
|||
Key: "server.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -247,6 +247,7 @@ func TestSegmentBuildConfiguration(t *testing.T) {
|
|||
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSCert: "server.crt",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSKey: "server.key",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSInsecureSkipVerify: "true",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardAuthResponseHeaders: "X-Auth-User,X-Auth-Token",
|
||||
}),
|
||||
iMachine(
|
||||
mState(ec2.InstanceStateNameRunning),
|
||||
|
|
@ -270,8 +271,7 @@ func TestSegmentBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -279,6 +279,8 @@ func TestSegmentBuildConfiguration(t *testing.T) {
|
|||
Key: "server.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -278,7 +278,9 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendAuthForwardTLSCaOptional: aws.String("true"),
|
||||
label.TraefikFrontendAuthForwardTLSCert: aws.String("server.crt"),
|
||||
label.TraefikFrontendAuthForwardTLSKey: aws.String("server.key"),
|
||||
label.TraefikFrontendAuthForwardTLSInsecureSkipVerify: aws.String("true"), label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"),
|
||||
label.TraefikFrontendAuthForwardTLSInsecureSkipVerify: aws.String("true"),
|
||||
label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"),
|
||||
label.TraefikFrontendAuthForwardAuthResponseHeaders: aws.String("X-Auth-User,X-Auth-Token"),
|
||||
}),
|
||||
iMachine(
|
||||
mState(ec2.InstanceStateNameRunning),
|
||||
|
|
@ -311,8 +313,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -320,6 +321,8 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
Cert: "server.crt",
|
||||
Key: "server.key",
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@ const (
|
|||
pathFrontendWhiteListIPStrategyExcludedIPs = pathFrontendWhiteListIPStrategy + "/excludedips"
|
||||
|
||||
pathFrontendAuth = "/auth/"
|
||||
pathFrontendAuthHeaderField = pathFrontendAuth + "headerfield"
|
||||
pathFrontendAuthBasic = pathFrontendAuth + "basic/"
|
||||
pathFrontendAuthBasicRemoveHeader = pathFrontendAuthBasic + "removeheader"
|
||||
pathFrontendAuthBasicUsers = pathFrontendAuthBasic + "users"
|
||||
|
|
@ -59,6 +60,7 @@ const (
|
|||
pathFrontendAuthDigestUsersFile = pathFrontendAuthDigest + "usersfile"
|
||||
pathFrontendAuthForward = pathFrontendAuth + "forward/"
|
||||
pathFrontendAuthForwardAddress = pathFrontendAuthForward + "address"
|
||||
pathFrontendAuthForwardAuthResponseHeaders = pathFrontendAuthForward + ".authresponseheaders"
|
||||
pathFrontendAuthForwardTLS = pathFrontendAuthForward + "tls/"
|
||||
pathFrontendAuthForwardTLSCa = pathFrontendAuthForwardTLS + "ca"
|
||||
pathFrontendAuthForwardTLSCaOptional = pathFrontendAuthForwardTLS + "caoptional"
|
||||
|
|
@ -66,7 +68,6 @@ const (
|
|||
pathFrontendAuthForwardTLSInsecureSkipVerify = pathFrontendAuthForwardTLS + "insecureskipverify"
|
||||
pathFrontendAuthForwardTLSKey = pathFrontendAuthForwardTLS + "key"
|
||||
pathFrontendAuthForwardTrustForwardHeader = pathFrontendAuthForward + "trustforwardheader"
|
||||
pathFrontendAuthHeaderField = pathFrontendAuth + "headerfield"
|
||||
|
||||
pathFrontendEntryPoints = "/entrypoints"
|
||||
pathFrontendRedirectEntryPoint = "/redirect/entrypoint"
|
||||
|
|
|
|||
|
|
@ -411,8 +411,9 @@ func (p *Provider) getAuthDigest(rootPath string) *types.Digest {
|
|||
// getAuthForward Create Forward Auth from path
|
||||
func (p *Provider) getAuthForward(rootPath string) *types.Forward {
|
||||
forwardAuth := &types.Forward{
|
||||
Address: p.get("", rootPath, pathFrontendAuthForwardAddress),
|
||||
TrustForwardHeader: p.getBool(false, rootPath, pathFrontendAuthForwardTrustForwardHeader),
|
||||
Address: p.get("", rootPath, pathFrontendAuthForwardAddress),
|
||||
TrustForwardHeader: p.getBool(false, rootPath, pathFrontendAuthForwardTrustForwardHeader),
|
||||
AuthResponseHeaders: p.getList(rootPath, pathFrontendAuthForwardAuthResponseHeaders),
|
||||
}
|
||||
|
||||
// TLS configuration
|
||||
|
|
|
|||
|
|
@ -181,6 +181,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
withPair(pathFrontendAuthForwardTLSCert, "server.crt"),
|
||||
withPair(pathFrontendAuthForwardTLSKey, "server.key"),
|
||||
withPair(pathFrontendAuthForwardTLSInsecureSkipVerify, "true"),
|
||||
withPair(pathFrontendAuthForwardAuthResponseHeaders, "X-Auth-User,X-Auth-Token"),
|
||||
),
|
||||
backend("backend"),
|
||||
),
|
||||
|
|
@ -200,8 +201,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -209,6 +209,8 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Cert: "server.crt",
|
||||
Key: "server.key",
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ const (
|
|||
SuffixFrontendAuthDigestUsersFile = SuffixFrontendAuthDigest + ".usersFile"
|
||||
SuffixFrontendAuthForward = SuffixFrontendAuth + ".forward"
|
||||
SuffixFrontendAuthForwardAddress = SuffixFrontendAuthForward + ".address"
|
||||
SuffixFrontendAuthForwardAuthResponseHeaders = SuffixFrontendAuthForward + ".authResponseHeaders"
|
||||
SuffixFrontendAuthForwardTLS = SuffixFrontendAuthForward + ".tls"
|
||||
SuffixFrontendAuthForwardTLSCa = SuffixFrontendAuthForwardTLS + ".ca"
|
||||
SuffixFrontendAuthForwardTLSCaOptional = SuffixFrontendAuthForwardTLS + ".caOptional"
|
||||
|
|
@ -150,6 +151,7 @@ const (
|
|||
TraefikFrontendAuthDigestUsersFile = Prefix + SuffixFrontendAuthDigestUsersFile
|
||||
TraefikFrontendAuthForward = Prefix + SuffixFrontendAuthForward
|
||||
TraefikFrontendAuthForwardAddress = Prefix + SuffixFrontendAuthForwardAddress
|
||||
TraefikFrontendAuthForwardAuthResponseHeaders = Prefix + SuffixFrontendAuthForwardAuthResponseHeaders
|
||||
TraefikFrontendAuthForwardTLS = Prefix + SuffixFrontendAuthForwardTLS
|
||||
TraefikFrontendAuthForwardTLSCa = Prefix + SuffixFrontendAuthForwardTLSCa
|
||||
TraefikFrontendAuthForwardTLSCaOptional = Prefix + SuffixFrontendAuthForwardTLSCaOptional
|
||||
|
|
|
|||
|
|
@ -147,8 +147,9 @@ func getAuthDigest(labels map[string]string) *types.Digest {
|
|||
// getAuthForward Create Forward Auth from labels
|
||||
func getAuthForward(labels map[string]string) *types.Forward {
|
||||
forwardAuth := &types.Forward{
|
||||
Address: GetStringValue(labels, TraefikFrontendAuthForwardAddress, ""),
|
||||
TrustForwardHeader: GetBoolValue(labels, TraefikFrontendAuthForwardTrustForwardHeader, false),
|
||||
Address: GetStringValue(labels, TraefikFrontendAuthForwardAddress, ""),
|
||||
AuthResponseHeaders: GetSliceStringValue(labels, TraefikFrontendAuthForwardAuthResponseHeaders),
|
||||
TrustForwardHeader: GetBoolValue(labels, TraefikFrontendAuthForwardTrustForwardHeader, false),
|
||||
}
|
||||
|
||||
// TLS configuration
|
||||
|
|
|
|||
370
provider/marathon/config_segment_test.go
Normal file
370
provider/marathon/config_segment_test.go
Normal file
|
|
@ -0,0 +1,370 @@
|
|||
package marathon
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/containous/flaeg/parse"
|
||||
"github.com/containous/traefik/provider/label"
|
||||
"github.com/containous/traefik/types"
|
||||
"github.com/gambol99/go-marathon"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestBuildConfigurationSegments(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
applications *marathon.Applications
|
||||
expectedFrontends map[string]*types.Frontend
|
||||
expectedBackends map[string]*types.Backend
|
||||
}{
|
||||
{
|
||||
desc: "multiple ports with segments",
|
||||
applications: withApplications(
|
||||
application(
|
||||
appID("/app"),
|
||||
appPorts(80, 81),
|
||||
withTasks(localhostTask(taskPorts(80, 81))),
|
||||
|
||||
withLabel(label.TraefikBackendMaxConnAmount, "1000"),
|
||||
withLabel(label.TraefikBackendMaxConnExtractorFunc, "client.ip"),
|
||||
withSegmentLabel(label.TraefikPort, "80", "web"),
|
||||
withSegmentLabel(label.TraefikPort, "81", "admin"),
|
||||
withLabel("traefik..port", "82"), // This should be ignored, as it fails to match the segmentPropertiesRegexp regex.
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:web.app.marathon.localhost", "web"),
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:admin.app.marathon.localhost", "admin"),
|
||||
)),
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-app-service-web": {
|
||||
Backend: "backend-app-service-web",
|
||||
Routes: map[string]types.Route{
|
||||
`route-host-app-service-web`: {
|
||||
Rule: "Host:web.app.marathon.localhost",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
},
|
||||
"frontend-app-service-admin": {
|
||||
Backend: "backend-app-service-admin",
|
||||
Routes: map[string]types.Route{
|
||||
`route-host-app-service-admin`: {
|
||||
Rule: "Host:admin.app.marathon.localhost",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-app-service-web": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-web": {
|
||||
URL: "http://localhost:80",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 1000,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
},
|
||||
"backend-app-service-admin": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-admin": {
|
||||
URL: "http://localhost:81",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 1000,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "when all labels are set",
|
||||
applications: withApplications(
|
||||
application(
|
||||
appID("/app"),
|
||||
appPorts(80, 81),
|
||||
withTasks(localhostTask(taskPorts(80, 81))),
|
||||
|
||||
// withLabel(label.TraefikBackend, "foobar"),
|
||||
|
||||
withLabel(label.TraefikBackendCircuitBreakerExpression, "NetworkErrorRatio() > 0.5"),
|
||||
withLabel(label.TraefikBackendHealthCheckPath, "/health"),
|
||||
withLabel(label.TraefikBackendHealthCheckPort, "880"),
|
||||
withLabel(label.TraefikBackendHealthCheckInterval, "6"),
|
||||
withLabel(label.TraefikBackendHealthCheckTimeout, "3"),
|
||||
withLabel(label.TraefikBackendLoadBalancerMethod, "drr"),
|
||||
withLabel(label.TraefikBackendLoadBalancerStickiness, "true"),
|
||||
withLabel(label.TraefikBackendLoadBalancerStickinessCookieName, "chocolate"),
|
||||
withLabel(label.TraefikBackendMaxConnAmount, "666"),
|
||||
withLabel(label.TraefikBackendMaxConnExtractorFunc, "client.ip"),
|
||||
withLabel(label.TraefikBackendBufferingMaxResponseBodyBytes, "10485760"),
|
||||
withLabel(label.TraefikBackendBufferingMemResponseBodyBytes, "2097152"),
|
||||
withLabel(label.TraefikBackendBufferingMaxRequestBodyBytes, "10485760"),
|
||||
withLabel(label.TraefikBackendBufferingMemRequestBodyBytes, "2097152"),
|
||||
withLabel(label.TraefikBackendBufferingRetryExpression, "IsNetworkError() && Attempts() <= 2"),
|
||||
|
||||
withSegmentLabel(label.TraefikPort, "80", "containous"),
|
||||
withSegmentLabel(label.TraefikProtocol, "https", "containous"),
|
||||
withSegmentLabel(label.TraefikWeight, "12", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertPem, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosNotBefore, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosNotAfter, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSans, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectCommonName, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectCountry, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectLocality, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectOrganization, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectProvince, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectSerialNumber, "true", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasic, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardAddress, "auth.server", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTrustForwardHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCa, "ca.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCaOptional, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCert, "server.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSKey, "server.key", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSInsecureSkipVerify, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthHeaderField, "X-WebAuth-User", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendEntryPoints, "http,https", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassHostHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSCert, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPriority, "666", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectEntryPoint, "https", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectRegex, "nope", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectReplacement, "nope", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectPermanent, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:traefik.io", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendWhiteListSourceRange, "10.10.10.10", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendRequestHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendResponseHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLProxyHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAllowedHosts, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendHostsProxyHeaders, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLForceHost, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLHost, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendCustomFrameOptionsValue, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendContentSecurityPolicy, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPublicKey, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendReferrerPolicy, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSSeconds, "666", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLRedirect, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLTemporaryRedirect, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSIncludeSubdomains, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSPreload, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendForceSTSHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendFrameDeny, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendContentTypeNosniff, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendBrowserXSSFilter, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendIsDevelopment, "true", "containous"),
|
||||
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageStatus, "404"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageBackend, "foobar"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageQuery, "foo_query"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageStatus, "500,600"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageBackend, "foobar"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageQuery, "bar_query"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendRateLimitExtractorFunc, "client.ip", "containous"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitPeriod, "6"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitAverage, "12"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitBurst, "18"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitPeriod, "3"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitAverage, "6"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitBurst, "9"),
|
||||
)),
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-app-service-containous": {
|
||||
EntryPoints: []string{
|
||||
"http",
|
||||
"https",
|
||||
},
|
||||
Backend: "backend-app-service-containous",
|
||||
Routes: map[string]types.Route{
|
||||
"route-host-app-service-containous": {
|
||||
Rule: "Host:traefik.io",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
PassTLSCert: true,
|
||||
Priority: 666,
|
||||
PassTLSClientCert: &types.TLSClientHeaders{
|
||||
PEM: true,
|
||||
Infos: &types.TLSClientCertificateInfos{
|
||||
NotBefore: true,
|
||||
Sans: true,
|
||||
NotAfter: true,
|
||||
Subject: &types.TLSCLientCertificateSubjectInfos{
|
||||
CommonName: true,
|
||||
Country: true,
|
||||
Locality: true,
|
||||
Organization: true,
|
||||
Province: true,
|
||||
SerialNumber: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
},
|
||||
},
|
||||
WhiteList: &types.WhiteList{
|
||||
SourceRange: []string{"10.10.10.10"},
|
||||
},
|
||||
Headers: &types.Headers{
|
||||
CustomRequestHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
CustomResponseHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
AllowedHosts: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
HostsProxyHeaders: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
STSSeconds: 666,
|
||||
STSIncludeSubdomains: true,
|
||||
STSPreload: true,
|
||||
ForceSTSHeader: true,
|
||||
FrameDeny: true,
|
||||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
IsDevelopment: true,
|
||||
},
|
||||
Errors: map[string]*types.ErrorPage{
|
||||
"bar": {
|
||||
Status: []string{
|
||||
"500",
|
||||
"600",
|
||||
},
|
||||
Backend: "backendfoobar",
|
||||
Query: "bar_query",
|
||||
},
|
||||
"foo": {
|
||||
Status: []string{
|
||||
"404",
|
||||
},
|
||||
Backend: "backendfoobar",
|
||||
Query: "foo_query",
|
||||
},
|
||||
},
|
||||
RateLimit: &types.RateLimit{
|
||||
RateSet: map[string]*types.Rate{
|
||||
"bar": {
|
||||
Period: parse.Duration(3 * time.Second),
|
||||
Average: 6,
|
||||
Burst: 9,
|
||||
},
|
||||
"foo": {
|
||||
Period: parse.Duration(6 * time.Second),
|
||||
Average: 12,
|
||||
Burst: 18,
|
||||
},
|
||||
},
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
Redirect: &types.Redirect{
|
||||
EntryPoint: "https",
|
||||
Permanent: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-app-service-containous": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-containous": {
|
||||
URL: "https://localhost:80",
|
||||
Weight: 12,
|
||||
},
|
||||
},
|
||||
CircuitBreaker: &types.CircuitBreaker{
|
||||
Expression: "NetworkErrorRatio() > 0.5",
|
||||
},
|
||||
LoadBalancer: &types.LoadBalancer{
|
||||
Method: "drr",
|
||||
Stickiness: &types.Stickiness{
|
||||
CookieName: "chocolate",
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 666,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
HealthCheck: &types.HealthCheck{
|
||||
Path: "/health",
|
||||
Port: 880,
|
||||
Interval: "6",
|
||||
Timeout: "3",
|
||||
},
|
||||
Buffering: &types.Buffering{
|
||||
MaxResponseBodyBytes: 10485760,
|
||||
MemResponseBodyBytes: 2097152,
|
||||
MaxRequestBodyBytes: 10485760,
|
||||
MemRequestBodyBytes: 2097152,
|
||||
RetryExpression: "IsNetworkError() && Attempts() <= 2",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
test := test
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
p := &Provider{
|
||||
Domain: "marathon.localhost",
|
||||
ExposedByDefault: true,
|
||||
}
|
||||
|
||||
actualConfig := p.buildConfiguration(test.applications)
|
||||
|
||||
assert.NotNil(t, actualConfig)
|
||||
assert.Equal(t, test.expectedBackends, actualConfig.Backends)
|
||||
assert.Equal(t, test.expectedFrontends, actualConfig.Frontends)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
@ -299,6 +299,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendAuthForwardTLSCert, "server.crt"),
|
||||
withLabel(label.TraefikFrontendAuthForwardTLSKey, "server.key"),
|
||||
withLabel(label.TraefikFrontendAuthForwardTLSInsecureSkipVerify, "true"),
|
||||
withLabel(label.TraefikFrontendAuthForwardAuthResponseHeaders, "X-Auth-User,X-Auth-Token"),
|
||||
|
||||
withTasks(localhostTask(taskPorts(80))),
|
||||
)),
|
||||
|
|
@ -313,8 +314,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -322,6 +322,8 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
Cert: "server.crt",
|
||||
Key: "server.key",
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
|
|
@ -695,364 +697,6 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestBuildConfigurationSegments(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
applications *marathon.Applications
|
||||
expectedFrontends map[string]*types.Frontend
|
||||
expectedBackends map[string]*types.Backend
|
||||
}{
|
||||
{
|
||||
desc: "multiple ports with segments",
|
||||
applications: withApplications(
|
||||
application(
|
||||
appID("/app"),
|
||||
appPorts(80, 81),
|
||||
withTasks(localhostTask(taskPorts(80, 81))),
|
||||
|
||||
withLabel(label.TraefikBackendMaxConnAmount, "1000"),
|
||||
withLabel(label.TraefikBackendMaxConnExtractorFunc, "client.ip"),
|
||||
withSegmentLabel(label.TraefikPort, "80", "web"),
|
||||
withSegmentLabel(label.TraefikPort, "81", "admin"),
|
||||
withLabel("traefik..port", "82"), // This should be ignored, as it fails to match the segmentPropertiesRegexp regex.
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:web.app.marathon.localhost", "web"),
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:admin.app.marathon.localhost", "admin"),
|
||||
)),
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-app-service-web": {
|
||||
Backend: "backend-app-service-web",
|
||||
Routes: map[string]types.Route{
|
||||
`route-host-app-service-web`: {
|
||||
Rule: "Host:web.app.marathon.localhost",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
},
|
||||
"frontend-app-service-admin": {
|
||||
Backend: "backend-app-service-admin",
|
||||
Routes: map[string]types.Route{
|
||||
`route-host-app-service-admin`: {
|
||||
Rule: "Host:admin.app.marathon.localhost",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-app-service-web": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-web": {
|
||||
URL: "http://localhost:80",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 1000,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
},
|
||||
"backend-app-service-admin": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-admin": {
|
||||
URL: "http://localhost:81",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 1000,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "when all labels are set",
|
||||
applications: withApplications(
|
||||
application(
|
||||
appID("/app"),
|
||||
appPorts(80, 81),
|
||||
withTasks(localhostTask(taskPorts(80, 81))),
|
||||
|
||||
// withLabel(label.TraefikBackend, "foobar"),
|
||||
|
||||
withLabel(label.TraefikBackendCircuitBreakerExpression, "NetworkErrorRatio() > 0.5"),
|
||||
withLabel(label.TraefikBackendHealthCheckPath, "/health"),
|
||||
withLabel(label.TraefikBackendHealthCheckPort, "880"),
|
||||
withLabel(label.TraefikBackendHealthCheckInterval, "6"),
|
||||
withLabel(label.TraefikBackendHealthCheckTimeout, "3"),
|
||||
withLabel(label.TraefikBackendLoadBalancerMethod, "drr"),
|
||||
withLabel(label.TraefikBackendLoadBalancerStickiness, "true"),
|
||||
withLabel(label.TraefikBackendLoadBalancerStickinessCookieName, "chocolate"),
|
||||
withLabel(label.TraefikBackendMaxConnAmount, "666"),
|
||||
withLabel(label.TraefikBackendMaxConnExtractorFunc, "client.ip"),
|
||||
withLabel(label.TraefikBackendBufferingMaxResponseBodyBytes, "10485760"),
|
||||
withLabel(label.TraefikBackendBufferingMemResponseBodyBytes, "2097152"),
|
||||
withLabel(label.TraefikBackendBufferingMaxRequestBodyBytes, "10485760"),
|
||||
withLabel(label.TraefikBackendBufferingMemRequestBodyBytes, "2097152"),
|
||||
withLabel(label.TraefikBackendBufferingRetryExpression, "IsNetworkError() && Attempts() <= 2"),
|
||||
|
||||
withSegmentLabel(label.TraefikPort, "80", "containous"),
|
||||
withSegmentLabel(label.TraefikProtocol, "https", "containous"),
|
||||
withSegmentLabel(label.TraefikWeight, "12", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertPem, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosNotBefore, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosNotAfter, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSans, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectCommonName, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectCountry, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectLocality, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectOrganization, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectProvince, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectSerialNumber, "true", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasic, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardAddress, "auth.server", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTrustForwardHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCa, "ca.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCaOptional, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCert, "server.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSKey, "server.key", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSInsecureSkipVerify, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthHeaderField, "X-WebAuth-User", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendEntryPoints, "http,https", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassHostHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSCert, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPriority, "666", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectEntryPoint, "https", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectRegex, "nope", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectReplacement, "nope", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectPermanent, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:traefik.io", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendWhiteListSourceRange, "10.10.10.10", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendRequestHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendResponseHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLProxyHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAllowedHosts, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendHostsProxyHeaders, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLForceHost, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLHost, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendCustomFrameOptionsValue, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendContentSecurityPolicy, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPublicKey, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendReferrerPolicy, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSSeconds, "666", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLRedirect, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLTemporaryRedirect, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSIncludeSubdomains, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSPreload, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendForceSTSHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendFrameDeny, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendContentTypeNosniff, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendBrowserXSSFilter, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendIsDevelopment, "true", "containous"),
|
||||
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageStatus, "404"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageBackend, "foobar"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageQuery, "foo_query"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageStatus, "500,600"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageBackend, "foobar"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageQuery, "bar_query"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendRateLimitExtractorFunc, "client.ip", "containous"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitPeriod, "6"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitAverage, "12"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitBurst, "18"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitPeriod, "3"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitAverage, "6"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitBurst, "9"),
|
||||
)),
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-app-service-containous": {
|
||||
EntryPoints: []string{
|
||||
"http",
|
||||
"https",
|
||||
},
|
||||
Backend: "backend-app-service-containous",
|
||||
Routes: map[string]types.Route{
|
||||
"route-host-app-service-containous": {
|
||||
Rule: "Host:traefik.io",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
PassTLSCert: true,
|
||||
Priority: 666,
|
||||
PassTLSClientCert: &types.TLSClientHeaders{
|
||||
PEM: true,
|
||||
Infos: &types.TLSClientCertificateInfos{
|
||||
NotBefore: true,
|
||||
Sans: true,
|
||||
NotAfter: true,
|
||||
Subject: &types.TLSCLientCertificateSubjectInfos{
|
||||
CommonName: true,
|
||||
Country: true,
|
||||
Locality: true,
|
||||
Organization: true,
|
||||
Province: true,
|
||||
SerialNumber: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
},
|
||||
},
|
||||
WhiteList: &types.WhiteList{
|
||||
SourceRange: []string{"10.10.10.10"},
|
||||
},
|
||||
Headers: &types.Headers{
|
||||
CustomRequestHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
CustomResponseHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
AllowedHosts: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
HostsProxyHeaders: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
STSSeconds: 666,
|
||||
STSIncludeSubdomains: true,
|
||||
STSPreload: true,
|
||||
ForceSTSHeader: true,
|
||||
FrameDeny: true,
|
||||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
IsDevelopment: true,
|
||||
},
|
||||
Errors: map[string]*types.ErrorPage{
|
||||
"bar": {
|
||||
Status: []string{
|
||||
"500",
|
||||
"600",
|
||||
},
|
||||
Backend: "backendfoobar",
|
||||
Query: "bar_query",
|
||||
},
|
||||
"foo": {
|
||||
Status: []string{
|
||||
"404",
|
||||
},
|
||||
Backend: "backendfoobar",
|
||||
Query: "foo_query",
|
||||
},
|
||||
},
|
||||
RateLimit: &types.RateLimit{
|
||||
RateSet: map[string]*types.Rate{
|
||||
"bar": {
|
||||
Period: parse.Duration(3 * time.Second),
|
||||
Average: 6,
|
||||
Burst: 9,
|
||||
},
|
||||
"foo": {
|
||||
Period: parse.Duration(6 * time.Second),
|
||||
Average: 12,
|
||||
Burst: 18,
|
||||
},
|
||||
},
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
Redirect: &types.Redirect{
|
||||
EntryPoint: "https",
|
||||
Permanent: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-app-service-containous": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-containous": {
|
||||
URL: "https://localhost:80",
|
||||
Weight: 12,
|
||||
},
|
||||
},
|
||||
CircuitBreaker: &types.CircuitBreaker{
|
||||
Expression: "NetworkErrorRatio() > 0.5",
|
||||
},
|
||||
LoadBalancer: &types.LoadBalancer{
|
||||
Method: "drr",
|
||||
Stickiness: &types.Stickiness{
|
||||
CookieName: "chocolate",
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 666,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
HealthCheck: &types.HealthCheck{
|
||||
Path: "/health",
|
||||
Port: 880,
|
||||
Interval: "6",
|
||||
Timeout: "3",
|
||||
},
|
||||
Buffering: &types.Buffering{
|
||||
MaxResponseBodyBytes: 10485760,
|
||||
MemResponseBodyBytes: 2097152,
|
||||
MaxRequestBodyBytes: 10485760,
|
||||
MemRequestBodyBytes: 2097152,
|
||||
RetryExpression: "IsNetworkError() && Attempts() <= 2",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
test := test
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
p := &Provider{
|
||||
Domain: "marathon.localhost",
|
||||
ExposedByDefault: true,
|
||||
}
|
||||
|
||||
actualConfig := p.buildConfiguration(test.applications)
|
||||
|
||||
assert.NotNil(t, actualConfig)
|
||||
assert.Equal(t, test.expectedBackends, actualConfig.Backends)
|
||||
assert.Equal(t, test.expectedFrontends, actualConfig.Frontends)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestApplicationFilterConstraints(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
|
|
|
|||
392
provider/mesos/config_segment_test.go
Normal file
392
provider/mesos/config_segment_test.go
Normal file
|
|
@ -0,0 +1,392 @@
|
|||
package mesos
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/containous/flaeg/parse"
|
||||
"github.com/containous/traefik/provider/label"
|
||||
"github.com/containous/traefik/types"
|
||||
"github.com/mesosphere/mesos-dns/records/state"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestBuildConfigurationSegments(t *testing.T) {
|
||||
p := &Provider{
|
||||
Domain: "mesos.localhost",
|
||||
ExposedByDefault: true,
|
||||
IPSources: "host",
|
||||
}
|
||||
|
||||
testCases := []struct {
|
||||
desc string
|
||||
tasks []state.Task
|
||||
expectedFrontends map[string]*types.Frontend
|
||||
expectedBackends map[string]*types.Backend
|
||||
}{
|
||||
{
|
||||
desc: "multiple ports with segments",
|
||||
tasks: []state.Task{
|
||||
aTask("app-taskID",
|
||||
withIP("127.0.0.1"),
|
||||
withInfo("/app",
|
||||
withPorts(
|
||||
withPort("TCP", 80, "web"),
|
||||
withPort("TCP", 81, "admin"),
|
||||
),
|
||||
),
|
||||
withStatus(withHealthy(true), withState("TASK_RUNNING")),
|
||||
withLabel(label.TraefikBackendMaxConnAmount, "1000"),
|
||||
withLabel(label.TraefikBackendMaxConnExtractorFunc, "client.ip"),
|
||||
withSegmentLabel(label.TraefikPort, "80", "web"),
|
||||
withSegmentLabel(label.TraefikPort, "81", "admin"),
|
||||
withLabel("traefik..port", "82"), // This should be ignored, as it fails to match the segmentPropertiesRegexp regex.
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:web.app.mesos.localhost", "web"),
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:admin.app.mesos.localhost", "admin"),
|
||||
),
|
||||
},
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-app-taskID-service-web": {
|
||||
Backend: "backend-app-service-web",
|
||||
Routes: map[string]types.Route{
|
||||
`route-host-app-taskID-service-web`: {
|
||||
Rule: "Host:web.app.mesos.localhost",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
},
|
||||
"frontend-app-taskID-service-admin": {
|
||||
Backend: "backend-app-service-admin",
|
||||
Routes: map[string]types.Route{
|
||||
`route-host-app-taskID-service-admin`: {
|
||||
Rule: "Host:admin.app.mesos.localhost",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-app-service-web": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-web": {
|
||||
URL: "http://127.0.0.1:80",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 1000,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
},
|
||||
"backend-app-service-admin": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-admin": {
|
||||
URL: "http://127.0.0.1:81",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 1000,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "when all labels are set",
|
||||
tasks: []state.Task{
|
||||
aTask("app-taskID",
|
||||
withIP("127.0.0.1"),
|
||||
withInfo("/app",
|
||||
withPorts(
|
||||
withPort("TCP", 80, "web"),
|
||||
withPort("TCP", 81, "admin"),
|
||||
),
|
||||
),
|
||||
withStatus(withHealthy(true), withState("TASK_RUNNING")),
|
||||
|
||||
withLabel(label.TraefikBackendCircuitBreakerExpression, "NetworkErrorRatio() > 0.5"),
|
||||
withLabel(label.TraefikBackendHealthCheckScheme, "http"),
|
||||
withLabel(label.TraefikBackendHealthCheckPath, "/health"),
|
||||
withLabel(label.TraefikBackendHealthCheckPort, "880"),
|
||||
withLabel(label.TraefikBackendHealthCheckInterval, "6"),
|
||||
withLabel(label.TraefikBackendHealthCheckTimeout, "3"),
|
||||
withLabel(label.TraefikBackendHealthCheckHostname, "foo.com"),
|
||||
withLabel(label.TraefikBackendHealthCheckHeaders, "Foo:bar || Bar:foo"),
|
||||
withLabel(label.TraefikBackendLoadBalancerMethod, "drr"),
|
||||
withLabel(label.TraefikBackendLoadBalancerStickiness, "true"),
|
||||
withLabel(label.TraefikBackendLoadBalancerStickinessCookieName, "chocolate"),
|
||||
withLabel(label.TraefikBackendMaxConnAmount, "666"),
|
||||
withLabel(label.TraefikBackendMaxConnExtractorFunc, "client.ip"),
|
||||
withLabel(label.TraefikBackendBufferingMaxResponseBodyBytes, "10485760"),
|
||||
withLabel(label.TraefikBackendBufferingMemResponseBodyBytes, "2097152"),
|
||||
withLabel(label.TraefikBackendBufferingMaxRequestBodyBytes, "10485760"),
|
||||
withLabel(label.TraefikBackendBufferingMemRequestBodyBytes, "2097152"),
|
||||
withLabel(label.TraefikBackendBufferingRetryExpression, "IsNetworkError() && Attempts() <= 2"),
|
||||
|
||||
withSegmentLabel(label.TraefikPort, "80", "containous"),
|
||||
withSegmentLabel(label.TraefikPortName, "web", "containous"),
|
||||
withSegmentLabel(label.TraefikProtocol, "https", "containous"),
|
||||
withSegmentLabel(label.TraefikWeight, "12", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertPem, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosNotBefore, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosNotAfter, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSans, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectCommonName, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectCountry, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectLocality, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectOrganization, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectProvince, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectSerialNumber, "true", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasic, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardAddress, "auth.server", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTrustForwardHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCa, "ca.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCaOptional, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCert, "server.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSKey, "server.key", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSInsecureSkipVerify, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthHeaderField, "X-WebAuth-User", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendEntryPoints, "http,https", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassHostHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSCert, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPriority, "666", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectEntryPoint, "https", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectRegex, "nope", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectReplacement, "nope", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectPermanent, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:traefik.io", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendWhiteListSourceRange, "10.10.10.10", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendRequestHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendResponseHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLProxyHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAllowedHosts, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendHostsProxyHeaders, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLForceHost, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLHost, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendCustomFrameOptionsValue, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendContentSecurityPolicy, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPublicKey, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendReferrerPolicy, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSSeconds, "666", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLRedirect, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLTemporaryRedirect, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSIncludeSubdomains, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSPreload, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendForceSTSHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendFrameDeny, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendContentTypeNosniff, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendBrowserXSSFilter, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendIsDevelopment, "true", "containous"),
|
||||
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageStatus, "404"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageBackend, "foobar"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageQuery, "foo_query"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageStatus, "500,600"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageBackend, "foobar"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageQuery, "bar_query"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendRateLimitExtractorFunc, "client.ip", "containous"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitPeriod, "6"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitAverage, "12"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitBurst, "18"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitPeriod, "3"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitAverage, "6"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitBurst, "9"),
|
||||
),
|
||||
},
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-app-taskID-service-containous": {
|
||||
EntryPoints: []string{
|
||||
"http",
|
||||
"https",
|
||||
},
|
||||
Backend: "backend-app-service-containous",
|
||||
Routes: map[string]types.Route{
|
||||
"route-host-app-taskID-service-containous": {
|
||||
Rule: "Host:traefik.io",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
PassTLSCert: true,
|
||||
Priority: 666,
|
||||
PassTLSClientCert: &types.TLSClientHeaders{
|
||||
PEM: true,
|
||||
Infos: &types.TLSClientCertificateInfos{
|
||||
NotBefore: true,
|
||||
Sans: true,
|
||||
NotAfter: true,
|
||||
Subject: &types.TLSCLientCertificateSubjectInfos{
|
||||
CommonName: true,
|
||||
Country: true,
|
||||
Locality: true,
|
||||
Organization: true,
|
||||
Province: true,
|
||||
SerialNumber: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
},
|
||||
},
|
||||
|
||||
WhiteList: &types.WhiteList{
|
||||
SourceRange: []string{"10.10.10.10"},
|
||||
},
|
||||
Headers: &types.Headers{
|
||||
CustomRequestHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
CustomResponseHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
AllowedHosts: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
HostsProxyHeaders: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
STSSeconds: 666,
|
||||
STSIncludeSubdomains: true,
|
||||
STSPreload: true,
|
||||
ForceSTSHeader: true,
|
||||
FrameDeny: true,
|
||||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
IsDevelopment: true,
|
||||
},
|
||||
Errors: map[string]*types.ErrorPage{
|
||||
"bar": {
|
||||
Status: []string{
|
||||
"500",
|
||||
"600",
|
||||
},
|
||||
Backend: "backend-foobar",
|
||||
Query: "bar_query",
|
||||
},
|
||||
"foo": {
|
||||
Status: []string{
|
||||
"404",
|
||||
},
|
||||
Backend: "backend-foobar",
|
||||
Query: "foo_query",
|
||||
},
|
||||
},
|
||||
RateLimit: &types.RateLimit{
|
||||
RateSet: map[string]*types.Rate{
|
||||
"bar": {
|
||||
Period: parse.Duration(3 * time.Second),
|
||||
Average: 6,
|
||||
Burst: 9,
|
||||
},
|
||||
"foo": {
|
||||
Period: parse.Duration(6 * time.Second),
|
||||
Average: 12,
|
||||
Burst: 18,
|
||||
},
|
||||
},
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
Redirect: &types.Redirect{
|
||||
EntryPoint: "https",
|
||||
Permanent: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-app-service-containous": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-containous": {
|
||||
URL: "https://127.0.0.1:80",
|
||||
Weight: 12,
|
||||
},
|
||||
},
|
||||
CircuitBreaker: &types.CircuitBreaker{
|
||||
Expression: "NetworkErrorRatio() > 0.5",
|
||||
},
|
||||
LoadBalancer: &types.LoadBalancer{
|
||||
Method: "drr",
|
||||
Stickiness: &types.Stickiness{
|
||||
CookieName: "chocolate",
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 666,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
HealthCheck: &types.HealthCheck{
|
||||
Scheme: "http",
|
||||
Path: "/health",
|
||||
Port: 880,
|
||||
Interval: "6",
|
||||
Timeout: "3",
|
||||
Hostname: "foo.com",
|
||||
Headers: map[string]string{
|
||||
"Bar": "foo",
|
||||
"Foo": "bar",
|
||||
},
|
||||
},
|
||||
Buffering: &types.Buffering{
|
||||
MaxResponseBodyBytes: 10485760,
|
||||
MemResponseBodyBytes: 2097152,
|
||||
MaxRequestBodyBytes: 10485760,
|
||||
MemRequestBodyBytes: 2097152,
|
||||
RetryExpression: "IsNetworkError() && Attempts() <= 2",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
test := test
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
actualConfig := p.buildConfiguration(test.tasks)
|
||||
|
||||
require.NotNil(t, actualConfig)
|
||||
assert.Equal(t, test.expectedBackends, actualConfig.Backends)
|
||||
assert.Equal(t, test.expectedFrontends, actualConfig.Frontends)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
@ -262,6 +262,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendAuthForwardTLSKey, "server.key"),
|
||||
withLabel(label.TraefikFrontendAuthForwardTLSInsecureSkipVerify, "true"),
|
||||
withLabel(label.TraefikFrontendAuthHeaderField, "X-WebAuth-User"),
|
||||
withLabel(label.TraefikFrontendAuthForwardAuthResponseHeaders, "X-Auth-User,X-Auth-Token"),
|
||||
),
|
||||
},
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
|
|
@ -277,8 +278,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -286,6 +286,8 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
Cert: "server.crt",
|
||||
Key: "server.key",
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -597,385 +599,6 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestBuildConfigurationSegments(t *testing.T) {
|
||||
p := &Provider{
|
||||
Domain: "mesos.localhost",
|
||||
ExposedByDefault: true,
|
||||
IPSources: "host",
|
||||
}
|
||||
|
||||
testCases := []struct {
|
||||
desc string
|
||||
tasks []state.Task
|
||||
expectedFrontends map[string]*types.Frontend
|
||||
expectedBackends map[string]*types.Backend
|
||||
}{
|
||||
{
|
||||
desc: "multiple ports with segments",
|
||||
tasks: []state.Task{
|
||||
aTask("app-taskID",
|
||||
withIP("127.0.0.1"),
|
||||
withInfo("/app",
|
||||
withPorts(
|
||||
withPort("TCP", 80, "web"),
|
||||
withPort("TCP", 81, "admin"),
|
||||
),
|
||||
),
|
||||
withStatus(withHealthy(true), withState("TASK_RUNNING")),
|
||||
withLabel(label.TraefikBackendMaxConnAmount, "1000"),
|
||||
withLabel(label.TraefikBackendMaxConnExtractorFunc, "client.ip"),
|
||||
withSegmentLabel(label.TraefikPort, "80", "web"),
|
||||
withSegmentLabel(label.TraefikPort, "81", "admin"),
|
||||
withLabel("traefik..port", "82"), // This should be ignored, as it fails to match the segmentPropertiesRegexp regex.
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:web.app.mesos.localhost", "web"),
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:admin.app.mesos.localhost", "admin"),
|
||||
),
|
||||
},
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-app-taskID-service-web": {
|
||||
Backend: "backend-app-service-web",
|
||||
Routes: map[string]types.Route{
|
||||
`route-host-app-taskID-service-web`: {
|
||||
Rule: "Host:web.app.mesos.localhost",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
},
|
||||
"frontend-app-taskID-service-admin": {
|
||||
Backend: "backend-app-service-admin",
|
||||
Routes: map[string]types.Route{
|
||||
`route-host-app-taskID-service-admin`: {
|
||||
Rule: "Host:admin.app.mesos.localhost",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
EntryPoints: []string{},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-app-service-web": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-web": {
|
||||
URL: "http://127.0.0.1:80",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 1000,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
},
|
||||
"backend-app-service-admin": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-admin": {
|
||||
URL: "http://127.0.0.1:81",
|
||||
Weight: label.DefaultWeight,
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 1000,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "when all labels are set",
|
||||
tasks: []state.Task{
|
||||
aTask("app-taskID",
|
||||
withIP("127.0.0.1"),
|
||||
withInfo("/app",
|
||||
withPorts(
|
||||
withPort("TCP", 80, "web"),
|
||||
withPort("TCP", 81, "admin"),
|
||||
),
|
||||
),
|
||||
withStatus(withHealthy(true), withState("TASK_RUNNING")),
|
||||
|
||||
withLabel(label.TraefikBackendCircuitBreakerExpression, "NetworkErrorRatio() > 0.5"),
|
||||
withLabel(label.TraefikBackendHealthCheckScheme, "http"),
|
||||
withLabel(label.TraefikBackendHealthCheckPath, "/health"),
|
||||
withLabel(label.TraefikBackendHealthCheckPort, "880"),
|
||||
withLabel(label.TraefikBackendHealthCheckInterval, "6"),
|
||||
withLabel(label.TraefikBackendHealthCheckTimeout, "3"),
|
||||
withLabel(label.TraefikBackendHealthCheckHostname, "foo.com"),
|
||||
withLabel(label.TraefikBackendHealthCheckHeaders, "Foo:bar || Bar:foo"),
|
||||
withLabel(label.TraefikBackendLoadBalancerMethod, "drr"),
|
||||
withLabel(label.TraefikBackendLoadBalancerStickiness, "true"),
|
||||
withLabel(label.TraefikBackendLoadBalancerStickinessCookieName, "chocolate"),
|
||||
withLabel(label.TraefikBackendMaxConnAmount, "666"),
|
||||
withLabel(label.TraefikBackendMaxConnExtractorFunc, "client.ip"),
|
||||
withLabel(label.TraefikBackendBufferingMaxResponseBodyBytes, "10485760"),
|
||||
withLabel(label.TraefikBackendBufferingMemResponseBodyBytes, "2097152"),
|
||||
withLabel(label.TraefikBackendBufferingMaxRequestBodyBytes, "10485760"),
|
||||
withLabel(label.TraefikBackendBufferingMemRequestBodyBytes, "2097152"),
|
||||
withLabel(label.TraefikBackendBufferingRetryExpression, "IsNetworkError() && Attempts() <= 2"),
|
||||
|
||||
withSegmentLabel(label.TraefikPort, "80", "containous"),
|
||||
withSegmentLabel(label.TraefikPortName, "web", "containous"),
|
||||
withSegmentLabel(label.TraefikProtocol, "https", "containous"),
|
||||
withSegmentLabel(label.TraefikWeight, "12", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertPem, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosNotBefore, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosNotAfter, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSans, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectCommonName, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectCountry, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectLocality, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectOrganization, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectProvince, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSClientCertInfosSubjectSerialNumber, "true", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasic, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardAddress, "auth.server", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTrustForwardHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCa, "ca.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCaOptional, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCert, "server.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSKey, "server.key", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSInsecureSkipVerify, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthHeaderField, "X-WebAuth-User", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendEntryPoints, "http,https", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassHostHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSCert, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPriority, "666", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectEntryPoint, "https", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectRegex, "nope", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectReplacement, "nope", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRedirectPermanent, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendRule, "Host:traefik.io", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendWhiteListSourceRange, "10.10.10.10", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendRequestHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendResponseHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLProxyHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAllowedHosts, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendHostsProxyHeaders, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLForceHost, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLHost, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendCustomFrameOptionsValue, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendContentSecurityPolicy, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPublicKey, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendReferrerPolicy, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSSeconds, "666", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLRedirect, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLTemporaryRedirect, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSIncludeSubdomains, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSTSPreload, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendForceSTSHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendFrameDeny, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendContentTypeNosniff, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendBrowserXSSFilter, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendIsDevelopment, "true", "containous"),
|
||||
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageStatus, "404"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageBackend, "foobar"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"foo."+label.SuffixErrorPageQuery, "foo_query"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageStatus, "500,600"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageBackend, "foobar"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendErrorPage+"bar."+label.SuffixErrorPageQuery, "bar_query"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendRateLimitExtractorFunc, "client.ip", "containous"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitPeriod, "6"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitAverage, "12"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"foo."+label.SuffixRateLimitBurst, "18"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitPeriod, "3"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitAverage, "6"),
|
||||
withLabel(label.Prefix+"containous."+label.BaseFrontendRateLimit+"bar."+label.SuffixRateLimitBurst, "9"),
|
||||
),
|
||||
},
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-app-taskID-service-containous": {
|
||||
EntryPoints: []string{
|
||||
"http",
|
||||
"https",
|
||||
},
|
||||
Backend: "backend-app-service-containous",
|
||||
Routes: map[string]types.Route{
|
||||
"route-host-app-taskID-service-containous": {
|
||||
Rule: "Host:traefik.io",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
PassTLSCert: true,
|
||||
Priority: 666,
|
||||
PassTLSClientCert: &types.TLSClientHeaders{
|
||||
PEM: true,
|
||||
Infos: &types.TLSClientCertificateInfos{
|
||||
NotBefore: true,
|
||||
Sans: true,
|
||||
NotAfter: true,
|
||||
Subject: &types.TLSCLientCertificateSubjectInfos{
|
||||
CommonName: true,
|
||||
Country: true,
|
||||
Locality: true,
|
||||
Organization: true,
|
||||
Province: true,
|
||||
SerialNumber: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
},
|
||||
},
|
||||
|
||||
WhiteList: &types.WhiteList{
|
||||
SourceRange: []string{"10.10.10.10"},
|
||||
},
|
||||
Headers: &types.Headers{
|
||||
CustomRequestHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
CustomResponseHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
AllowedHosts: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
HostsProxyHeaders: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
STSSeconds: 666,
|
||||
STSIncludeSubdomains: true,
|
||||
STSPreload: true,
|
||||
ForceSTSHeader: true,
|
||||
FrameDeny: true,
|
||||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
IsDevelopment: true,
|
||||
},
|
||||
Errors: map[string]*types.ErrorPage{
|
||||
"bar": {
|
||||
Status: []string{
|
||||
"500",
|
||||
"600",
|
||||
},
|
||||
Backend: "backend-foobar",
|
||||
Query: "bar_query",
|
||||
},
|
||||
"foo": {
|
||||
Status: []string{
|
||||
"404",
|
||||
},
|
||||
Backend: "backend-foobar",
|
||||
Query: "foo_query",
|
||||
},
|
||||
},
|
||||
RateLimit: &types.RateLimit{
|
||||
RateSet: map[string]*types.Rate{
|
||||
"bar": {
|
||||
Period: parse.Duration(3 * time.Second),
|
||||
Average: 6,
|
||||
Burst: 9,
|
||||
},
|
||||
"foo": {
|
||||
Period: parse.Duration(6 * time.Second),
|
||||
Average: 12,
|
||||
Burst: 18,
|
||||
},
|
||||
},
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
Redirect: &types.Redirect{
|
||||
EntryPoint: "https",
|
||||
Permanent: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-app-service-containous": {
|
||||
Servers: map[string]types.Server{
|
||||
"server-app-taskID-service-containous": {
|
||||
URL: "https://127.0.0.1:80",
|
||||
Weight: 12,
|
||||
},
|
||||
},
|
||||
CircuitBreaker: &types.CircuitBreaker{
|
||||
Expression: "NetworkErrorRatio() > 0.5",
|
||||
},
|
||||
LoadBalancer: &types.LoadBalancer{
|
||||
Method: "drr",
|
||||
Stickiness: &types.Stickiness{
|
||||
CookieName: "chocolate",
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 666,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
HealthCheck: &types.HealthCheck{
|
||||
Scheme: "http",
|
||||
Path: "/health",
|
||||
Port: 880,
|
||||
Interval: "6",
|
||||
Timeout: "3",
|
||||
Hostname: "foo.com",
|
||||
Headers: map[string]string{
|
||||
"Bar": "foo",
|
||||
"Foo": "bar",
|
||||
},
|
||||
},
|
||||
Buffering: &types.Buffering{
|
||||
MaxResponseBodyBytes: 10485760,
|
||||
MemResponseBodyBytes: 2097152,
|
||||
MaxRequestBodyBytes: 10485760,
|
||||
MemRequestBodyBytes: 2097152,
|
||||
RetryExpression: "IsNetworkError() && Attempts() <= 2",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
test := test
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
actualConfig := p.buildConfiguration(test.tasks)
|
||||
|
||||
require.NotNil(t, actualConfig)
|
||||
assert.Equal(t, test.expectedBackends, actualConfig.Backends)
|
||||
assert.Equal(t, test.expectedFrontends, actualConfig.Frontends)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestTaskFilter(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
|
|
|
|||
|
|
@ -683,6 +683,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendAuthForwardTLSKey: "server.key",
|
||||
label.TraefikFrontendAuthForwardTLSInsecureSkipVerify: "true",
|
||||
label.TraefikFrontendAuthHeaderField: "X-WebAuth-User",
|
||||
label.TraefikFrontendAuthForwardAuthResponseHeaders: "X-Auth-User,X-Auth-Token",
|
||||
},
|
||||
Health: "healthy",
|
||||
Containers: []string{"127.0.0.1"},
|
||||
|
|
@ -696,8 +697,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Forward: &types.Forward{
|
||||
Address: "auth.server",
|
||||
TrustForwardHeader: true,
|
||||
Address: "auth.server",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.crt",
|
||||
CAOptional: true,
|
||||
|
|
@ -705,6 +705,8 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Cert: "server.crt",
|
||||
Key: "server.key",
|
||||
},
|
||||
TrustForwardHeader: true,
|
||||
AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
|
||||
},
|
||||
},
|
||||
Priority: 0,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue