homelab/traefik
1
0
Fork 0
Code Activity

Merge remote-tracking branch 'upstream/v2.2' into mrg-current-v2.2

Browse source
This commit is contained in:
jb doumenjou 2020-07-10 10:46:11 +02:00
commit 73ca7ad0c1
156 changed files with 1768 additions and 892 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/provider/acme/account.go
View file

@ -26,7 +26,7 @@ const (
)
// NewAccount creates an account.
func NewAccount(ctx context.Context, email string, keyTypeValue string) (*Account, error) {
func NewAccount(ctx context.Context, email, keyTypeValue string) (*Account, error) {
keyType := GetKeyType(ctx, keyTypeValue)
// Create a user. New accounts need an email and private key to start

2
pkg/provider/acme/local_store.go
View file

@ -103,7 +103,7 @@ func (s *LocalStore) listenSaveAction() {
logger.Error(err)
}
err = ioutil.WriteFile(s.filename, data, 0600)
err = ioutil.WriteFile(s.filename, data, 0o600)
if err != nil {
logger.Error(err)
}

4
pkg/provider/acme/local_store_unix.go
View file

@ -16,7 +16,7 @@ func CheckFile(name string) (bool, error) {
if err != nil {
return false, err
}
return false, f.Chmod(0600)
return false, f.Chmod(0o600)
}
return false, err
}
@ -27,7 +27,7 @@ func CheckFile(name string) (bool, error) {
return false, err
}
if fi.Mode().Perm()&0077 != 0 {
if fi.Mode().Perm()&0o077 != 0 {
return false, fmt.Errorf("permissions %o for %s are too open, please use 600", fi.Mode().Perm(), name)
}

2
pkg/provider/acme/local_store_windows.go
View file

@ -12,7 +12,7 @@ func CheckFile(name string) (bool, error) {
if err != nil {
return false, err
}
return false, f.Chmod(0600)
return false, f.Chmod(0o600)
}
return false, err
}

39
pkg/provider/acme/provider.go
View file

@ -27,10 +27,8 @@ import (
"github.com/go-acme/lego/v3/registration"
)
var (
// oscpMustStaple enables OSCP stapling as from https://github.com/go-acme/lego/issues/270.
oscpMustStaple = false
)
// oscpMustStaple enables OSCP stapling as from https://github.com/go-acme/lego/issues/270.
var oscpMustStaple = false
// Configuration holds ACME configuration provided by users.
type Configuration struct {
@ -145,7 +143,7 @@ func (p *Provider) Init() error {
return nil
}
func isAccountMatchingCaServer(ctx context.Context, accountURI string, serverURI string) bool {
func isAccountMatchingCaServer(ctx context.Context, accountURI, serverURI string) bool {
logger := log.FromContext(ctx)
aru, err := url.Parse(accountURI)
@ -428,13 +426,11 @@ func (p *Provider) resolveCertificate(ctx context.Context, domain types.Domain,
return nil, err
}
// Check provided certificates
// Check if provided certificates are not already in progress and lock them if needed
uncheckedDomains := p.getUncheckedDomains(ctx, domains, tlsStore)
if len(uncheckedDomains) == 0 {
return nil, nil
}
p.addResolvingDomains(uncheckedDomains)
defer p.removeResolvingDomains(uncheckedDomains)
logger := log.FromContext(ctx)
@ -483,16 +479,7 @@ func (p *Provider) removeResolvingDomains(resolvingDomains []string) {
}
}
func (p *Provider) addResolvingDomains(resolvingDomains []string) {
p.resolvingDomainsMutex.Lock()
defer p.resolvingDomainsMutex.Unlock()
for _, domain := range resolvingDomains {
p.resolvingDomains[domain] = struct{}{}
}
}
func (p *Provider) addCertificateForDomain(domain types.Domain, certificate []byte, key []byte, tlsStore string) {
func (p *Provider) addCertificateForDomain(domain types.Domain, certificate, key []byte, tlsStore string) {
p.certsChan <- &CertAndStore{Certificate: Certificate{Certificate: certificate, Key: key, Domain: domain}, Store: tlsStore}
}
@ -640,7 +627,6 @@ func (p *Provider) renewCertificates(ctx context.Context) {
PrivateKey: cert.Key,
Certificate: cert.Certificate.Certificate,
}, true, oscpMustStaple)
if err != nil {
logger.Errorf("Error renewing certificate from LE: %v, %v", cert.Domain, err)
continue
@ -659,8 +645,8 @@ func (p *Provider) renewCertificates(ctx context.Context) {
// Get provided certificate which check a domains list (Main and SANs)
// from static and dynamic provided certificates.
func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []string, tlsStore string) []string {
p.resolvingDomainsMutex.RLock()
defer p.resolvingDomainsMutex.RUnlock()
p.resolvingDomainsMutex.Lock()
defer p.resolvingDomainsMutex.Unlock()
log.FromContext(ctx).Debugf("Looking for provided certificate(s) to validate %q...", domainsToCheck)
@ -676,10 +662,17 @@ func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []str
allDomains = append(allDomains, domain)
}
return searchUncheckedDomains(ctx, domainsToCheck, allDomains)
uncheckedDomains := searchUncheckedDomains(ctx, domainsToCheck, allDomains)
// Lock domains that will be resolved by this routine
for _, domain := range uncheckedDomains {
p.resolvingDomains[domain] = struct{}{}
}
return uncheckedDomains
}
func searchUncheckedDomains(ctx context.Context, domainsToCheck []string, existentDomains []string) []string {
func searchUncheckedDomains(ctx context.Context, domainsToCheck, existentDomains []string) []string {
var uncheckedDomains []string
for _, domainToCheck := range domainsToCheck {
if !isDomainAlreadyChecked(domainToCheck, existentDomains) {

2
pkg/provider/docker/builder_test.go
View file

@ -95,7 +95,7 @@ func taskSlot(slot int) func(*swarm.Task) {
}
}
func taskNetworkAttachment(id string, name string, driver string, addresses []string) func(*swarm.Task) {
func taskNetworkAttachment(id, name, driver string, addresses []string) func(*swarm.Task) {
return func(task *swarm.Task) {
task.NetworksAttachments = append(task.NetworksAttachments, swarm.NetworkAttachment{
Network: swarm.Network{

1
pkg/provider/docker/config.go
View file

@ -350,7 +350,6 @@ func (p Provider) getIPAddress(ctx context.Context, container dockerData) string
// the network specified on the current container.
containerParsed := parseContainer(containerInspected)
extraConf, err := p.getConfiguration(containerParsed)
if err != nil {
logger.Warnf("Unable to get IP address for container %s : failed to get extra configuration for container %s: %s", container.Name, containerInspected.Name, err)
return ""

2
pkg/provider/docker/label.go
View file

@ -55,7 +55,7 @@ func getStringMultipleStrict(labels map[string]string, labelNames ...string) (ma
}
// getStringValue get string value associated to a label.
func getStringValue(labels map[string]string, labelName string, defaultValue string) string {
func getStringValue(labels map[string]string, labelName, defaultValue string) string {
if value, ok := labels[labelName]; ok && len(value) > 0 {
return value
}

7
pkg/provider/file/file.go
View file

@ -48,7 +48,6 @@ func (p *Provider) Init() error {
// using the given configuration channel.
func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.Pool) error {
configuration, err := p.BuildConfiguration()
if err != nil {
return err
}
@ -356,7 +355,7 @@ func (p *Provider) CreateConfiguration(ctx context.Context, filename string, fun
return nil, fmt.Errorf("error reading configuration file: %s - %w", filename, err)
}
var defaultFuncMap = sprig.TxtFuncMap()
defaultFuncMap := sprig.TxtFuncMap()
defaultFuncMap["normalize"] = provider.Normalize
defaultFuncMap["split"] = strings.Split
for funcID, funcElement := range funcMap {
@ -376,7 +375,7 @@ func (p *Provider) CreateConfiguration(ctx context.Context, filename string, fun
return nil, err
}
var renderedTemplate = buffer.String()
renderedTemplate := buffer.String()
if p.DebugLogGeneratedTemplate {
logger := log.FromContext(ctx)
logger.Debugf("Template content: %s", tmplContent)
@ -396,7 +395,7 @@ func (p *Provider) DecodeConfiguration(filename string) (*dynamic.Configuration,
return p.decodeConfiguration(filename, content)
}
func (p *Provider) decodeConfiguration(filePath string, content string) (*dynamic.Configuration, error) {
func (p *Provider) decodeConfiguration(filePath, content string) (*dynamic.Configuration, error) {
configuration := &dynamic.Configuration{
HTTP: &dynamic.HTTPConfiguration{
Routers: make(map[string]*dynamic.Router),

2
pkg/provider/file/file_test.go
View file

@ -293,7 +293,7 @@ func createTempDir(t *testing.T, dir string) string {
}
func copyFile(srcPath, dstPath string) error {
dst, err := os.OpenFile(dstPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0666)
dst, err := os.OpenFile(dstPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o666)
if err != nil {
return err
}

15
pkg/provider/kubernetes/crd/fixtures/tcp/with_bad_host_rule.yml
View file

@ -1,15 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- web
routes:
- match: HostSNI(`foo.com"0"`)
services:
- name: whoamitcp
port: 8000

17
pkg/provider/kubernetes/crd/fixtures/with_bad_host_rule.yml
View file

@ -1,17 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`foo.com"0"`) && PathPrefix(`/bar`)
kind: Rule
priority: 12
services:
- name: whoami
port: 80

14
pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/register.go
View file

@ -35,12 +35,14 @@ import (
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
)
var scheme = runtime.NewScheme()
var codecs = serializer.NewCodecFactory(scheme)
var parameterCodec = runtime.NewParameterCodec(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
traefikv1alpha1.AddToScheme,
}
var (
scheme = runtime.NewScheme()
codecs = serializer.NewCodecFactory(scheme)
parameterCodec = runtime.NewParameterCodec(scheme)
localSchemeBuilder = runtime.SchemeBuilder{
traefikv1alpha1.AddToScheme,
}
)
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
// of clientsets, like in:

14
pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/register.go
View file

@ -35,12 +35,14 @@ import (
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
)
var Scheme = runtime.NewScheme()
var Codecs = serializer.NewCodecFactory(Scheme)
var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
traefikv1alpha1.AddToScheme,
}
var (
Scheme = runtime.NewScheme()
Codecs = serializer.NewCodecFactory(Scheme)
ParameterCodec = runtime.NewParameterCodec(Scheme)
localSchemeBuilder = runtime.SchemeBuilder{
traefikv1alpha1.AddToScheme,
}
)
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
// of clientsets, like in:

1
pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefik/v1alpha1/fake/fake_ingressroute.go
View file

@ -85,7 +85,6 @@ func (c *FakeIngressRoutes) List(ctx context.Context, opts v1.ListOptions) (resu
func (c *FakeIngressRoutes) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(ingressroutesResource, c.ns, opts))
}
// Create takes the representation of a ingressRoute and creates it. Returns the server's representation of the ingressRoute, and an error, if there is any.

1
pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefik/v1alpha1/fake/fake_ingressroutetcp.go
View file

@ -85,7 +85,6 @@ func (c *FakeIngressRouteTCPs) List(ctx context.Context, opts v1.ListOptions) (r
func (c *FakeIngressRouteTCPs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(ingressroutetcpsResource, c.ns, opts))
}
// Create takes the representation of a ingressRouteTCP and creates it. Returns the server's representation of the ingressRouteTCP, and an error, if there is any.

1
pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefik/v1alpha1/fake/fake_ingressrouteudp.go
View file

@ -85,7 +85,6 @@ func (c *FakeIngressRouteUDPs) List(ctx context.Context, opts v1.ListOptions) (r
func (c *FakeIngressRouteUDPs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(ingressrouteudpsResource, c.ns, opts))
}
// Create takes the representation of a ingressRouteUDP and creates it. Returns the server's representation of the ingressRouteUDP, and an error, if there is any.

1
pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefik/v1alpha1/fake/fake_middleware.go
View file

@ -85,7 +85,6 @@ func (c *FakeMiddlewares) List(ctx context.Context, opts v1.ListOptions) (result
func (c *FakeMiddlewares) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(middlewaresResource, c.ns, opts))
}
// Create takes the representation of a middleware and creates it. Returns the server's representation of the middleware, and an error, if there is any.

1
pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefik/v1alpha1/fake/fake_tlsoption.go
View file

@ -85,7 +85,6 @@ func (c *FakeTLSOptions) List(ctx context.Context, opts v1.ListOptions) (result
func (c *FakeTLSOptions) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(tlsoptionsResource, c.ns, opts))
}
// Create takes the representation of a tLSOption and creates it. Returns the server's representation of the tLSOption, and an error, if there is any.

1
pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefik/v1alpha1/fake/fake_tlsstore.go
View file

@ -85,7 +85,6 @@ func (c *FakeTLSStores) List(ctx context.Context, opts v1.ListOptions) (result *
func (c *FakeTLSStores) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(tlsstoresResource, c.ns, opts))
}
// Create takes the representation of a tLSStore and creates it. Returns the server's representation of the tLSStore, and an error, if there is any.

1
pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefik/v1alpha1/fake/fake_traefikservice.go
View file

@ -85,7 +85,6 @@ func (c *FakeTraefikServices) List(ctx context.Context, opts v1.ListOptions) (re
func (c *FakeTraefikServices) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(traefikservicesResource, c.ns, opts))
}
// Create takes the representation of a traefikService and creates it. Returns the server's representation of the traefikService, and an error, if there is any.

9
pkg/provider/kubernetes/crd/kubernetes.go
View file

@ -9,7 +9,6 @@ import (
"fmt"
"os"
"sort"
"strconv"
"strings"
"time"
@ -102,7 +101,6 @@ func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.
pool.GoCtx(func(ctxPool context.Context) {
operation := func() error {
eventsChan, err := k8sClient.WatchAll(p.Namespaces, ctxPool.Done())
if err != nil {
logger.Errorf("Error watching kubernetes events: %v", err)
timer := time.NewTimer(1 * time.Second)
@ -609,11 +607,6 @@ func buildTLSStores(ctx context.Context, client Client) map[string]tls.Store {
return tlsStores
}
func checkStringQuoteValidity(value string) error {
_, err := strconv.Unquote(`"` + value + `"`)
return err
}
func makeServiceKey(rule, ingressName string) (string, error) {
h := sha256.New()
if _, err := h.Write([]byte(rule)); err != nil {
@ -633,7 +626,7 @@ func makeID(namespace, name string) string {
return namespace + "-" + name
}
func shouldProcessIngress(ingressClass string, ingressClassAnnotation string) bool {
func shouldProcessIngress(ingressClass, ingressClassAnnotation string) bool {
return ingressClass == ingressClassAnnotation ||
(len(ingressClass) == 0 && ingressClassAnnotation == traefikDefaultIngressClass)
}

7
pkg/provider/kubernetes/crd/kubernetes_http.go
View file

@ -58,11 +58,6 @@ func (p *Provider) loadIngressRouteConfiguration(ctx context.Context, client Cli
continue
}
if err := checkStringQuoteValidity(route.Match); err != nil {
logger.Errorf("Invalid syntax for match rule: %s", route.Match)
continue
}
serviceKey, err := makeServiceKey(route.Match, ingressName)
if err != nil {
logger.Error(err)
@ -437,7 +432,7 @@ func getTLSHTTP(ctx context.Context, ingressRoute *v1alpha1.IngressRoute, k8sCli
// parseServiceProtocol parses the scheme, port name, and number to determine the correct protocol.
// an error is returned if the scheme provided is invalid.
func parseServiceProtocol(providedScheme string, portName string, portNumber int32) (string, error) {
func parseServiceProtocol(providedScheme, portName string, portNumber int32) (string, error) {
switch providedScheme {
case httpProtocol, httpsProtocol, "h2c":
return providedScheme, nil

5
pkg/provider/kubernetes/crd/kubernetes_tcp.go
View file

@ -44,11 +44,6 @@ func (p *Provider) loadIngressRouteTCPConfiguration(ctx context.Context, client
continue
}
if err := checkStringQuoteValidity(route.Match); err != nil {
logger.Errorf("Invalid syntax for match rule: %s", route.Match)
continue
}
key, err := makeServiceKey(route.Match, ingressName)
if err != nil {
logger.Error(err)

49
pkg/provider/kubernetes/crd/kubernetes_test.go
View file

@ -372,26 +372,6 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "check rule quoting validity",
paths: []string{"tcp/services.yml", "tcp/with_bad_host_rule.yml"},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Services: map[string]*dynamic.TCPService{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "TLS",
paths: []string{"tcp/services.yml", "tcp/with_tls.yml"},
@ -2149,26 +2129,6 @@ func TestLoadIngressRoutes(t *testing.T) {
},
},
},
{
desc: "check rule quoting validity",
paths: []string{"services.yml", "with_bad_host_rule.yml"},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TLS: &dynamic.TLSConfiguration{},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Services: map[string]*dynamic.TCPService{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
},
},
},
{
desc: "TLS",
paths: []string{"services.yml", "with_tls.yml"},
@ -2980,7 +2940,8 @@ func TestLoadIngressRoutes(t *testing.T) {
EntryPoints: []string{"foo"},
Service: "default-test-route-6f97418635c7e18853da",
Rule: "Host(`foo.com`)",
}},
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-test-route-6f97418635c7e18853da": {
@ -3016,7 +2977,8 @@ func TestLoadIngressRoutes(t *testing.T) {
EntryPoints: []string{"foo"},
Service: "default-test-route-6f97418635c7e18853da",
Rule: "Host(`foo.com`)",
}},
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-test-route-6f97418635c7e18853da": {
@ -3052,7 +3014,8 @@ func TestLoadIngressRoutes(t *testing.T) {
EntryPoints: []string{"foo"},
Service: "default-test-route-6f97418635c7e18853da",
Rule: "Host(`foo.com`)",
}},
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-test-route-6f97418635c7e18853da": {

1
pkg/provider/kubernetes/crd/kubernetes_udp.go
View file

@ -107,6 +107,7 @@ func loadUDPServers(client Client, namespace string, svc v1alpha1.ServiceUDP) ([
var portSpec *corev1.ServicePort
for _, p := range service.Spec.Ports {
p := p
if svc.Port == p.Port {
portSpec = &p
break

10
pkg/provider/kubernetes/ingress/annotations_test.go
View file

@ -105,7 +105,7 @@ func Test_parseServiceConfig(t *testing.T) {
"traefik.ingress.kubernetes.io/foo": "bar",
"traefik.ingress.kubernetes.io/service.serversscheme": "protocol",
"traefik.ingress.kubernetes.io/service.passhostheader": "true",
"traefik.ingress.kubernetes.io/service.sticky": "true",
"traefik.ingress.kubernetes.io/service.sticky.cookie": "true",
"traefik.ingress.kubernetes.io/service.sticky.cookie.httponly": "true",
"traefik.ingress.kubernetes.io/service.sticky.cookie.name": "foobar",
"traefik.ingress.kubernetes.io/service.sticky.cookie.secure": "true",
@ -129,11 +129,11 @@ func Test_parseServiceConfig(t *testing.T) {
{
desc: "simple sticky annotation",
annotations: map[string]string{
"traefik.ingress.kubernetes.io/service.sticky": "true",
"traefik.ingress.kubernetes.io/service.sticky.cookie": "true",
},
expected: &ServiceConfig{
Service: &ServiceIng{
Sticky: &dynamic.Sticky{},
Sticky: &dynamic.Sticky{Cookie: &dynamic.Cookie{}},
PassHostHeader: Bool(true),
},
},
@ -206,7 +206,7 @@ func Test_convertAnnotations(t *testing.T) {
annotations: map[string]string{
"traefik.ingress.kubernetes.io/service.serversscheme": "protocol",
"traefik.ingress.kubernetes.io/service.passhostheader": "true",
"traefik.ingress.kubernetes.io/service.sticky": "true",
"traefik.ingress.kubernetes.io/service.sticky.cookie": "true",
"traefik.ingress.kubernetes.io/service.sticky.cookie.httponly": "true",
"traefik.ingress.kubernetes.io/service.sticky.cookie.name": "foobar",
"traefik.ingress.kubernetes.io/service.sticky.cookie.secure": "true",
@ -214,7 +214,7 @@ func Test_convertAnnotations(t *testing.T) {
expected: map[string]string{
"traefik.service.passhostheader": "true",
"traefik.service.serversscheme": "protocol",
"traefik.service.sticky": "true",
"traefik.service.sticky.cookie": "true",
"traefik.service.sticky.cookie.httponly": "true",
"traefik.service.sticky.cookie.name": "foobar",
"traefik.service.sticky.cookie.secure": "true",

22
pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-bad-host-syntax_ingress.yml
View file

@ -1,22 +0,0 @@
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk"0"
http:
paths:
- path: /foo
backend:
serviceName: service1
servicePort: 80
- host: traefik.courgette
http:
paths:
- path: /carotte
backend:
serviceName: service1
servicePort: 80

23
pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-bad-path-syntax_ingress.yml
View file

@ -1,23 +0,0 @@
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: ""
http:
paths:
- path: /foo
backend:
serviceName: service1
servicePort: 80
- path: /bar-"0"
backend:
serviceName: service1
servicePort: 80
- path: /bar
backend:
serviceName: service1
servicePort: 80

15
pkg/provider/kubernetes/ingress/fixtures/Ingress-with-only-a-bad-host-syntax_ingress.yml
View file

@ -1,15 +0,0 @@
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk"0"
http:
paths:
- path: /foo
backend:
serviceName: service1
servicePort: 80

14
pkg/provider/kubernetes/ingress/fixtures/Ingress-with-only-a-bad-path-syntax_ingress.yml
View file

@ -1,14 +0,0 @@
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- http:
paths:
- path: /bar-"0"
backend:
serviceName: service1
servicePort: 80

18
pkg/provider/kubernetes/ingress/kubernetes.go
View file

@ -7,7 +7,6 @@ import (
"math"
"os"
"sort"
"strconv"
"strings"
"time"
@ -235,11 +234,6 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
}
for _, rule := range ingress.Spec.Rules {
if err := checkStringQuoteValidity(rule.Host); err != nil {
log.FromContext(ctx).Errorf("Invalid syntax for host: %s", rule.Host)
continue
}
if err := p.updateIngressStatus(ingress, client); err != nil {
log.FromContext(ctx).Errorf("Error while updating ingress status: %v", err)
}
@ -249,11 +243,6 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
}
for _, pa := range rule.HTTP.Paths {
if err = checkStringQuoteValidity(pa.Path); err != nil {
log.FromContext(ctx).Errorf("Invalid syntax for path: %s", pa.Path)
continue
}
service, err := loadService(client, ingress.Namespace, pa.Backend)
if err != nil {
log.FromContext(ctx).
@ -330,7 +319,7 @@ func buildHostRule(host string) string {
return "Host(`" + host + "`)"
}
func shouldProcessIngress(ingressClass string, ingressClassAnnotation string) bool {
func shouldProcessIngress(ingressClass, ingressClassAnnotation string) bool {
return ingressClass == ingressClassAnnotation ||
(len(ingressClass) == 0 && ingressClassAnnotation == traefikDefaultIngressClass)
}
@ -559,11 +548,6 @@ func loadRouter(rule v1beta1.IngressRule, pa v1beta1.HTTPIngressPath, rtConfig *
return rt
}
func checkStringQuoteValidity(value string) error {
_, err := strconv.Unquote(`"` + value + `"`)
return err
}
func throttleEvents(ctx context.Context, throttleDuration time.Duration, pool *safe.Pool, eventsChan <-chan interface{}) chan interface{} {
if throttleDuration == 0 {
return nil

86
pkg/provider/kubernetes/ingress/kubernetes_test.go
View file

@ -327,92 +327,6 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
},
},
},
{
desc: "Ingress with a bad path syntax",
expected: &dynamic.Configuration{
TCP: &dynamic.TCPConfiguration{},
HTTP: &dynamic.HTTPConfiguration{
Middlewares: map[string]*dynamic.Middleware{},
Routers: map[string]*dynamic.Router{
"testing-bar": {
Rule: "PathPrefix(`/bar`)",
Service: "testing-service1-80",
},
"testing-foo": {
Rule: "PathPrefix(`/foo`)",
Service: "testing-service1-80",
},
},
Services: map[string]*dynamic.Service{
"testing-service1-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
PassHostHeader: Bool(true),
Servers: []dynamic.Server{
{
URL: "http://10.10.0.1:8080",
},
{
URL: "http://10.21.0.1:8080",
},
},
},
},
},
},
},
},
{
desc: "Ingress with only a bad path syntax",
expected: &dynamic.Configuration{
TCP: &dynamic.TCPConfiguration{},
HTTP: &dynamic.HTTPConfiguration{
Middlewares: map[string]*dynamic.Middleware{},
Routers: map[string]*dynamic.Router{},
Services: map[string]*dynamic.Service{},
},
},
},
{
desc: "Ingress with a bad host syntax",
expected: &dynamic.Configuration{
TCP: &dynamic.TCPConfiguration{},
HTTP: &dynamic.HTTPConfiguration{
Middlewares: map[string]*dynamic.Middleware{},
Routers: map[string]*dynamic.Router{
"testing-traefik-courgette-carotte": {
Rule: "Host(`traefik.courgette`) && PathPrefix(`/carotte`)",
Service: "testing-service1-80",
},
},
Services: map[string]*dynamic.Service{
"testing-service1-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
PassHostHeader: Bool(true),
Servers: []dynamic.Server{
{
URL: "http://10.10.0.1:8080",
},
{
URL: "http://10.21.0.1:8080",
},
},
},
},
},
},
},
},
{
desc: "Ingress with only a bad host syntax",
expected: &dynamic.Configuration{
TCP: &dynamic.TCPConfiguration{},
HTTP: &dynamic.HTTPConfiguration{
Middlewares: map[string]*dynamic.Middleware{},
Routers: map[string]*dynamic.Router{},
Services: map[string]*dynamic.Service{},
},
},
},
{
desc: "Ingress with two services",
expected: &dynamic.Configuration{

8
pkg/provider/marathon/mocks/Marathon.go
View file

@ -129,7 +129,7 @@ func (_m *Marathon) ApplicationBy(name string, opts *marathon.GetAppOpts) (*mara
}
// ApplicationByVersion provides a mock function with given fields: name, version
func (_m *Marathon) ApplicationByVersion(name string, version string) (*marathon.Application, error) {
func (_m *Marathon) ApplicationByVersion(name, version string) (*marathon.Application, error) {
ret := _m.Called(name, version)
var r0 *marathon.Application
@ -394,7 +394,7 @@ func (_m *Marathon) DeletePod(name string, force bool) (*marathon.DeploymentID,
}
// DeletePodInstance provides a mock function with given fields: name, instance
func (_m *Marathon) DeletePodInstance(name string, instance string) (*marathon.PodInstance, error) {
func (_m *Marathon) DeletePodInstance(name, instance string) (*marathon.PodInstance, error) {
ret := _m.Called(name, instance)
var r0 *marathon.PodInstance
@ -583,7 +583,7 @@ func (_m *Marathon) GroupsBy(opts *marathon.GetGroupOpts) (*marathon.Groups, err
}
// HasApplicationVersion provides a mock function with given fields: name, version
func (_m *Marathon) HasApplicationVersion(name string, version string) (bool, error) {
func (_m *Marathon) HasApplicationVersion(name, version string) (bool, error) {
ret := _m.Called(name, version)
var r0 bool
@ -817,7 +817,7 @@ func (_m *Marathon) Pod(name string) (*marathon.Pod, error) {
}
// PodByVersion provides a mock function with given fields: name, version
func (_m *Marathon) PodByVersion(name string, version string) (*marathon.Pod, error) {
func (_m *Marathon) PodByVersion(name, version string) (*marathon.Pod, error) {
ret := _m.Called(name, version)
var r0 *marathon.Pod

2
pkg/provider/traefik/fixtures/api_insecure_with_dashboard.json
View file

@ -25,7 +25,7 @@
"middlewares": {
"dashboard_redirect": {
"redirectRegex": {
"regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
"regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
"replacement": "${1}/dashboard/",
"permanent": true
}

2
pkg/provider/traefik/fixtures/full_configuration.json
View file

@ -57,7 +57,7 @@
"middlewares": {
"dashboard_redirect": {
"redirectRegex": {
"regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
"regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
"replacement": "${1}/dashboard/",
"permanent": true
}

2
pkg/provider/traefik/internal.go
View file

@ -197,7 +197,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {
cfg.HTTP.Middlewares["dashboard_redirect"] = &dynamic.Middleware{
RedirectRegex: &dynamic.RedirectRegex{
Regex: `^(http:\/\/[^:\/]+(:\d+)?)\/$`,
Regex: `^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$`,
Replacement: "${1}/dashboard/",
Permanent: true,
},

5
pkg/provider/traefik/internal_test.go
View file

@ -209,7 +209,8 @@ func Test_createConfiguration(t *testing.T) {
},
},
},
}, {
},
{
desc: "redirection_port.json",
staticCfg: static.Configuration{
EntryPoints: map[string]*static.EntryPoint{
@ -248,7 +249,7 @@ func Test_createConfiguration(t *testing.T) {
newJSON, err := json.MarshalIndent(cfg, "", " ")
require.NoError(t, err)
err = ioutil.WriteFile(filename, newJSON, 0644)
err = ioutil.WriteFile(filename, newJSON, 0o644)
require.NoError(t, err)
}