homelab/traefik
1
0
Fork 0
Code Activity

Remove deprecated options

Browse source
This commit is contained in:
Simon Delicata 2022-11-25 10:50:06 +01:00 committed by GitHub
parent bee86b5ac7
commit a3e4c85ec0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
62 changed files with 43 additions and 985 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pkg/config/dynamic/fixtures/sample.toml
View file

@ -46,7 +46,6 @@
httpClientTimeout = 42
[providers.docker.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
@ -71,7 +70,6 @@
respectReadinessChecks = true
[providers.marathon.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
@ -182,7 +180,6 @@
sampleRate = 42.0
[tracing.datadog]
localAgentHostPort = "foobar"
globalTag = "foobar"
debug = true
prioritySampling = true
traceIDHeaderName = "foobar"
@ -292,7 +289,6 @@
authRequestHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware15.forwardAuth.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
@ -376,10 +372,6 @@
addVaryHeader = true
allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"]
sslRedirect = true
sslTemporaryRedirect = true
sslHost = "foobar"
sslForceHost = true
stsSeconds = 42
stsIncludeSubdomains = true
stsPreload = true
@ -392,7 +384,6 @@
contentSecurityPolicy = "foobar"
publicKey = "foobar"
referrerPolicy = "foobar"
featurePolicy = "foobar"
isDevelopment = true
[http.middlewares.Middleware8.headers.customRequestHeaders]
name0 = "foobar"

23
pkg/config/dynamic/middlewares.go
View file

@ -260,17 +260,9 @@ type Headers struct {
AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
// HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.
HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"`
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
SSLRedirect bool `json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true"`
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
SSLTemporaryRedirect bool `json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true"`
// Deprecated: use RedirectRegex instead.
SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
// SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
// It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
// Deprecated: use RedirectRegex instead.
SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
// STSSeconds defines the max-age of the Strict-Transport-Security header.
// If set to 0, the header is not set.
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
@ -299,8 +291,6 @@ type Headers struct {
// ReferrerPolicy defines the Referrer-Policy header value.
// This allows sites to control whether browsers forward the Referer header to other sites.
ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
// Deprecated: use PermissionsPolicy instead.
FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
// PermissionsPolicy defines the Permissions-Policy header value.
// This allows sites to control browser features.
PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"`
@ -333,10 +323,6 @@ func (h *Headers) HasCorsHeadersDefined() bool {
func (h *Headers) HasSecureHeadersDefined() bool {
return h != nil && (len(h.AllowedHosts) != 0 ||
len(h.HostsProxyHeaders) != 0 ||
h.SSLRedirect ||
h.SSLTemporaryRedirect ||
h.SSLForceHost ||
h.SSLHost != "" ||
len(h.SSLProxyHeaders) != 0 ||
h.STSSeconds != 0 ||
h.STSIncludeSubdomains ||
@ -350,7 +336,6 @@ func (h *Headers) HasSecureHeadersDefined() bool {
h.ContentSecurityPolicy != "" ||
h.PublicKey != "" ||
h.ReferrerPolicy != "" ||
h.FeaturePolicy != "" ||
h.PermissionsPolicy != "" ||
h.IsDevelopment)
}
@ -553,14 +538,6 @@ type Retry struct {
type StripPrefix struct {
// Prefixes defines the prefixes to strip from the request URL.
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
// ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
// Default: true.
ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated
}
// SetDefaults Default values for a StripPrefix.
func (s *StripPrefix) SetDefaults() {
s.ForceSlash = true
}
// +k8s:deepcopy-gen=true

27
pkg/config/label/label_test.go
View file

@ -42,7 +42,6 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders": "foobar, fiibar",
"traefik.http.middlewares.Middleware7.forwardauth.authrequestheaders": "foobar, fiibar",
"traefik.http.middlewares.Middleware7.forwardauth.tls.ca": "foobar",
"traefik.http.middlewares.Middleware7.forwardauth.tls.caoptional": "true",
"traefik.http.middlewares.Middleware7.forwardauth.tls.cert": "foobar",
"traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify": "true",
"traefik.http.middlewares.Middleware7.forwardauth.tls.key": "foobar",
@ -71,14 +70,9 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware8.headers.isdevelopment": "true",
"traefik.http.middlewares.Middleware8.headers.publickey": "foobar",
"traefik.http.middlewares.Middleware8.headers.referrerpolicy": "foobar",
"traefik.http.middlewares.Middleware8.headers.featurepolicy": "foobar",
"traefik.http.middlewares.Middleware8.headers.permissionspolicy": "foobar",
"traefik.http.middlewares.Middleware8.headers.sslforcehost": "true",
"traefik.http.middlewares.Middleware8.headers.sslhost": "foobar",
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0": "foobar",
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1": "foobar",
"traefik.http.middlewares.Middleware8.headers.sslredirect": "true",
"traefik.http.middlewares.Middleware8.headers.ssltemporaryredirect": "true",
"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.Middleware8.headers.stspreload": "true",
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
@ -462,7 +456,6 @@ func TestDecodeConfiguration(t *testing.T) {
"foobar",
"fiibar",
},
ForceSlash: true,
},
},
"Middleware18": {
@ -530,7 +523,6 @@ func TestDecodeConfiguration(t *testing.T) {
Address: "foobar",
TLS: &types.ClientTLS{
CA: "foobar",
CAOptional: true,
Cert: "foobar",
Key: "foobar",
InsecureSkipVerify: true,
@ -587,14 +579,10 @@ func TestDecodeConfiguration(t *testing.T) {
"foobar",
"fiibar",
},
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLHost: "foobar",
SSLProxyHeaders: map[string]string{
"name0": "foobar",
"name1": "foobar",
},
SSLForceHost: true,
STSSeconds: 42,
STSIncludeSubdomains: true,
STSPreload: true,
@ -607,7 +595,6 @@ func TestDecodeConfiguration(t *testing.T) {
ContentSecurityPolicy: "foobar",
PublicKey: "foobar",
ReferrerPolicy: "foobar",
FeaturePolicy: "foobar",
PermissionsPolicy: "foobar",
IsDevelopment: true,
},
@ -958,7 +945,6 @@ func TestEncodeConfiguration(t *testing.T) {
"foobar",
"fiibar",
},
ForceSlash: true,
},
},
"Middleware18": {
@ -1034,7 +1020,6 @@ func TestEncodeConfiguration(t *testing.T) {
Address: "foobar",
TLS: &types.ClientTLS{
CA: "foobar",
CAOptional: true,
Cert: "foobar",
Key: "foobar",
InsecureSkipVerify: true,
@ -1091,14 +1076,10 @@ func TestEncodeConfiguration(t *testing.T) {
"foobar",
"fiibar",
},
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLHost: "foobar",
SSLProxyHeaders: map[string]string{
"name0": "foobar",
"name1": "foobar",
},
SSLForceHost: true,
STSSeconds: 42,
STSIncludeSubdomains: true,
STSPreload: true,
@ -1111,7 +1092,6 @@ func TestEncodeConfiguration(t *testing.T) {
ContentSecurityPolicy: "foobar",
PublicKey: "foobar",
ReferrerPolicy: "foobar",
FeaturePolicy: "foobar",
PermissionsPolicy: "foobar",
IsDevelopment: true,
},
@ -1231,7 +1211,6 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthRequestHeaders": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA": "foobar",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional": "true",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert": "foobar",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify": "true",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key": "foobar",
@ -1260,14 +1239,9 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.FeaturePolicy": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.PermissionsPolicy": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
@ -1318,7 +1292,6 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware16.Retry.Attempts": "42",
"traefik.HTTP.Middlewares.Middleware16.Retry.InitialInterval": "1000000000",
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.ForceSlash": "true",
"traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware19.Compress.MinResponseBodyBytes": "42",
"traefik.HTTP.Middlewares.Middleware20.Plugin.tomato.aaa": "foo1",

8
pkg/config/static/pilot.go
View file

@ -1,8 +0,0 @@
package static
// Pilot Configuration related to Traefik Pilot.
// Deprecated.
type Pilot struct {
Token string `description:"Traefik Pilot token. (Deprecated)" json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
Dashboard bool `description:"Enable Traefik Pilot in the dashboard. (Deprecated)" json:"dashboard,omitempty" toml:"dashboard,omitempty" yaml:"dashboard,omitempty"`
}

20
pkg/config/static/static_config.go
View file

@ -78,9 +78,6 @@ type Configuration struct {
CertificatesResolvers map[string]CertificateResolver `description:"Certificates resolvers configuration." json:"certificatesResolvers,omitempty" toml:"certificatesResolvers,omitempty" yaml:"certificatesResolvers,omitempty" export:"true"`
// Deprecated.
Pilot *Pilot `description:"Traefik Pilot configuration (Deprecated)." json:"pilot,omitempty" toml:"pilot,omitempty" yaml:"pilot,omitempty" export:"true"`
Hub *hub.Provider `description:"Traefik Hub configuration." json:"hub,omitempty" toml:"hub,omitempty" yaml:"hub,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
Experimental *Experimental `description:"experimental features." json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" export:"true"`
@ -264,11 +261,6 @@ func (c *Configuration) SetEffectiveConfiguration() {
}
}
// Enable anonymous usage when pilot is enabled.
if c.Pilot != nil {
c.Global.SendAnonymousUsage = true
}
// Disable Gateway API provider if not enabled in experimental.
if c.Experimental == nil || !c.Experimental.KubernetesGateway {
c.Providers.KubernetesGateway = nil
@ -346,18 +338,6 @@ func (c *Configuration) ValidateConfiguration() error {
acmeEmail = resolver.ACME.Email
}
if c.Providers.ConsulCatalog != nil && c.Providers.ConsulCatalog.Namespace != "" && len(c.Providers.ConsulCatalog.Namespaces) > 0 {
return fmt.Errorf("Consul Catalog provider cannot have both namespace and namespaces options configured")
}
if c.Providers.Consul != nil && c.Providers.Consul.Namespace != "" && len(c.Providers.Consul.Namespaces) > 0 {
return fmt.Errorf("Consul provider cannot have both namespace and namespaces options configured")
}
if c.Providers.Nomad != nil && c.Providers.Nomad.Namespace != "" && len(c.Providers.Nomad.Namespaces) > 0 {
return fmt.Errorf("Nomad provider cannot have both namespace and namespaces options configured")
}
return nil
}

7
pkg/middlewares/headers/header.go
View file

@ -1,16 +1,13 @@
package headers
import (
"context"
"fmt"
"net/http"
"regexp"
"strconv"
"strings"
"github.com/rs/zerolog/log"
"github.com/traefik/traefik/v2/pkg/config/dynamic"
"github.com/traefik/traefik/v2/pkg/logs"
)
// Header is a middleware that helps setup a few basic security features.
@ -29,10 +26,6 @@ func NewHeader(next http.Handler, cfg dynamic.Headers) (*Header, error) {
hasCustomHeaders := cfg.HasCustomHeadersDefined()
hasCorsHeaders := cfg.HasCorsHeadersDefined()
ctx := log.With().Str(logs.MiddlewareType, typeName).Logger().WithContext(context.Background())
handleDeprecation(ctx, &cfg)
regexes := make([]*regexp.Regexp, len(cfg.AccessControlAllowOriginListRegex))
for i, str := range cfg.AccessControlAllowOriginListRegex {
reg, err := regexp.Compile(str)

25
pkg/middlewares/headers/headers.go
View file

@ -7,7 +7,6 @@ import (
"net/http"
"github.com/opentracing/opentracing-go/ext"
"github.com/rs/zerolog/log"
"github.com/traefik/traefik/v2/pkg/config/dynamic"
"github.com/traefik/traefik/v2/pkg/middlewares"
"github.com/traefik/traefik/v2/pkg/middlewares/connectionheader"
@ -18,26 +17,6 @@ const (
typeName = "Headers"
)
func handleDeprecation(ctx context.Context, cfg *dynamic.Headers) {
logger := log.Ctx(ctx).Warn()
if cfg.SSLRedirect {
logger.Msg("SSLRedirect is deprecated, please use entrypoint redirection instead.")
}
if cfg.SSLTemporaryRedirect {
logger.Msg("SSLTemporaryRedirect is deprecated, please use entrypoint redirection instead.")
}
if cfg.SSLHost != "" {
logger.Msg("SSLHost is deprecated, please use RedirectRegex middleware instead.")
}
if cfg.SSLForceHost {
logger.Msg("SSLForceHost is deprecated, please use RedirectScheme middleware instead.")
}
if cfg.FeaturePolicy != "" {
logger.Msg("FeaturePolicy is deprecated, please use PermissionsPolicy header instead.")
}
}
type headers struct {
name string
handler http.Handler
@ -49,10 +28,6 @@ func New(ctx context.Context, next http.Handler, cfg dynamic.Headers, name strin
logger := middlewares.GetLogger(ctx, name, typeName)
logger.Debug().Msg("Creating middleware")
mCtx := logger.WithContext(ctx)
handleDeprecation(mCtx, &cfg)
hasSecureHeaders := cfg.HasSecureHeadersDefined()
hasCustomHeaders := cfg.HasCustomHeadersDefined()
hasCorsHeaders := cfg.HasCorsHeadersDefined()

5
pkg/middlewares/headers/secure.go
View file

@ -21,9 +21,6 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
ForceSTSHeader: cfg.ForceSTSHeader,
FrameDeny: cfg.FrameDeny,
IsDevelopment: cfg.IsDevelopment,
SSLRedirect: cfg.SSLRedirect,
SSLForceHost: cfg.SSLForceHost,
SSLTemporaryRedirect: cfg.SSLTemporaryRedirect,
STSIncludeSubdomains: cfg.STSIncludeSubdomains,
STSPreload: cfg.STSPreload,
ContentSecurityPolicy: cfg.ContentSecurityPolicy,
@ -31,12 +28,10 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
CustomFrameOptionsValue: cfg.CustomFrameOptionsValue,
PublicKey: cfg.PublicKey,
ReferrerPolicy: cfg.ReferrerPolicy,
SSLHost: cfg.SSLHost,
AllowedHosts: cfg.AllowedHosts,
HostsProxyHeaders: cfg.HostsProxyHeaders,
SSLProxyHeaders: cfg.SSLProxyHeaders,
STSSeconds: cfg.STSSeconds,
FeaturePolicy: cfg.FeaturePolicy,
PermissionsPolicy: cfg.PermissionsPolicy,
SecureContextKey: contextKey,
}

113
pkg/middlewares/headers/secure_test.go
View file

@ -11,125 +11,12 @@ import (
// Middleware tests based on https://github.com/unrolled/secure
func Test_newSecure_sslForceHost(t *testing.T) {
type expected struct {
statusCode int
location string
}
testCases := []struct {
desc string
host string
cfg dynamic.Headers
expected
}{
{
desc: "http should return a 301",
host: "http://powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: true,
SSLHost: "powpow.example.com",
},
expected: expected{
statusCode: http.StatusMovedPermanently,
location: "https://powpow.example.com",
},
},
{
desc: "http sub domain should return a 301",
host: "http://www.powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: true,
SSLHost: "powpow.example.com",
},
expected: expected{
statusCode: http.StatusMovedPermanently,
location: "https://powpow.example.com",
},
},
{
desc: "https should return a 200",
host: "https://powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: true,
SSLHost: "powpow.example.com",
},
expected: expected{statusCode: http.StatusOK},
},
{
desc: "https sub domain should return a 301",
host: "https://www.powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: true,
SSLHost: "powpow.example.com",
},
expected: expected{
statusCode: http.StatusMovedPermanently,
location: "https://powpow.example.com",
},
},
{
desc: "http without force host and sub domain should return a 301",
host: "http://www.powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: false,
SSLHost: "powpow.example.com",
},
expected: expected{
statusCode: http.StatusMovedPermanently,
location: "https://powpow.example.com",
},
},
{
desc: "https without force host and sub domain should return a 301",
host: "https://www.powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: false,
SSLHost: "powpow.example.com",
},
expected: expected{statusCode: http.StatusOK},
},
}
next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
_, _ = rw.Write([]byte("OK"))
})
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
mid := newSecure(next, test.cfg, "mymiddleware")
req := httptest.NewRequest(http.MethodGet, test.host, nil)
rw := httptest.NewRecorder()
mid.ServeHTTP(rw, req)
assert.Equal(t, test.expected.statusCode, rw.Result().StatusCode)
assert.Equal(t, test.expected.location, rw.Header().Get("Location"))
})
}
}
func Test_newSecure_modifyResponse(t *testing.T) {
testCases := []struct {
desc string
cfg dynamic.Headers
expected http.Header
}{
{
desc: "FeaturePolicy",
cfg: dynamic.Headers{
FeaturePolicy: "vibrate 'none';",
},
expected: http.Header{"Feature-Policy": []string{"vibrate 'none';"}},
},
{
desc: "PermissionsPolicy",
cfg: dynamic.Headers{

21
pkg/middlewares/stripprefix/strip_prefix.go
View file

@ -19,20 +19,18 @@ const (
// stripPrefix is a middleware used to strip prefix from an URL request.
type stripPrefix struct {
next http.Handler
prefixes []string
forceSlash bool // TODO Must be removed (breaking), the default behavior must be forceSlash=false
name string
next http.Handler
prefixes []string
name string
}
// New creates a new strip prefix middleware.
func New(ctx context.Context, next http.Handler, config dynamic.StripPrefix, name string) (http.Handler, error) {
middlewares.GetLogger(ctx, name, typeName).Debug().Msg("Creating middleware")
return &stripPrefix{
prefixes: config.Prefixes,
forceSlash: config.ForceSlash,
next: next,
name: name,
prefixes: config.Prefixes,
next: next,
name: name,
}, nil
}
@ -61,13 +59,6 @@ func (s *stripPrefix) serveRequest(rw http.ResponseWriter, req *http.Request, pr
}
func (s *stripPrefix) getPrefixStripped(urlPath, prefix string) string {
if s.forceSlash {
// Only for compatibility reason with the previous behavior,
// but the previous behavior is wrong.
// This needs to be removed in the next breaking version.
return "/" + strings.TrimPrefix(strings.TrimPrefix(urlPath, prefix), "/")
}
return ensureLeadingSlash(strings.TrimPrefix(urlPath, prefix))
}

44
pkg/middlewares/stripprefix/strip_prefix_test.go
View file

@ -31,17 +31,6 @@ func TestStripPrefix(t *testing.T) {
expectedStatusCode: http.StatusOK,
expectedPath: "/noprefixes",
},
{
desc: "wildcard (.*) requests (ForceSlash)",
config: dynamic.StripPrefix{
Prefixes: []string{"/"},
ForceSlash: true,
},
path: "/",
expectedStatusCode: http.StatusOK,
expectedPath: "/",
expectedHeader: "/",
},
{
desc: "wildcard (.*) requests",
config: dynamic.StripPrefix{
@ -52,17 +41,6 @@ func TestStripPrefix(t *testing.T) {
expectedPath: "",
expectedHeader: "/",
},
{
desc: "prefix and path matching (ForceSlash)",
config: dynamic.StripPrefix{
Prefixes: []string{"/stat"},
ForceSlash: true,
},
path: "/stat",
expectedStatusCode: http.StatusOK,
expectedPath: "/",
expectedHeader: "/stat",
},
{
desc: "prefix and path matching",
config: dynamic.StripPrefix{
@ -73,17 +51,6 @@ func TestStripPrefix(t *testing.T) {
expectedPath: "",
expectedHeader: "/stat",
},
{
desc: "path prefix on exactly matching path (ForceSlash)",
config: dynamic.StripPrefix{
Prefixes: []string{"/stat/"},
ForceSlash: true,
},
path: "/stat/",
expectedStatusCode: http.StatusOK,
expectedPath: "/",
expectedHeader: "/stat/",
},
{
desc: "path prefix on exactly matching path",
config: dynamic.StripPrefix{
@ -133,17 +100,6 @@ func TestStripPrefix(t *testing.T) {
expectedPath: "/us",
expectedHeader: "/stat",
},
{
desc: "later prefix matching (ForceSlash)",
config: dynamic.StripPrefix{
Prefixes: []string{"/mismatch", "/stat"},
ForceSlash: true,
},
path: "/stat",
expectedStatusCode: http.StatusOK,
expectedPath: "/",
expectedHeader: "/stat",
},
{
desc: "later prefix matching",
config: dynamic.StripPrefix{

12
pkg/plugins/client.go
View file

@ -35,8 +35,7 @@ const (
const pluginsURL = "https://plugins.traefik.io/public/"
const (
hashHeader = "X-Plugin-Hash"
tokenHeader = "X-Token"
hashHeader = "X-Plugin-Hash"
)
// ClientOptions the options of a Traefik plugins client.
@ -49,7 +48,6 @@ type Client struct {
HTTPClient *http.Client
baseURL *url.URL
token string
archives string
stateFile string
goPath string
@ -158,10 +156,6 @@ func (c *Client) Download(ctx context.Context, pName, pVersion string) (string,
req.Header.Set(hashHeader, hash)
}
if c.token != "" {
req.Header.Set(tokenHeader, c.token)
}
resp, err := c.HTTPClient.Do(req)
if err != nil {
return "", fmt.Errorf("failed to call service: %w", err)
@ -222,10 +216,6 @@ func (c *Client) Check(ctx context.Context, pName, pVersion, hash string) error
req.Header.Set(hashHeader, hash)
}
if c.token != "" {
req.Header.Set(tokenHeader, c.token)
}
resp, err := c.HTTPClient.Do(req)
if err != nil {
return fmt.Errorf("failed to call service: %w", err)

7
pkg/provider/consulcatalog/config_test.go
View file

@ -3070,7 +3070,6 @@ func Test_buildConfiguration(t *testing.T) {
func TestNamespaces(t *testing.T) {
testCases := []struct {
desc string
namespace string
namespaces []string
expectedNamespaces []string
}{
@ -3078,11 +3077,6 @@ func TestNamespaces(t *testing.T) {
desc: "no defined namespaces",
expectedNamespaces: []string{""},
},
{
desc: "deprecated: use of defined namespace",
namespace: "test-ns",
expectedNamespaces: []string{"test-ns"},
},
{
desc: "use of 1 defined namespaces",
namespaces: []string{"test-ns"},
@ -3102,7 +3096,6 @@ func TestNamespaces(t *testing.T) {
t.Parallel()
pb := &ProviderBuilder{
Namespace: test.namespace,
Namespaces: test.namespaces,
}

10
pkg/provider/consulcatalog/consul_catalog.go
View file

@ -49,25 +49,15 @@ type itemData struct {
type ProviderBuilder struct {
Configuration `yaml:",inline" export:"true"`
// Deprecated: use Namespaces option instead.
Namespace string `description:"Sets the namespace used to discover services (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
Namespaces []string `description:"Sets the namespaces used to discover services (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
}
// BuildProviders builds Consul Catalog provider instances for the given namespaces configuration.
func (p *ProviderBuilder) BuildProviders() []*Provider {
// We can warn about that, because we've already made sure before that
// Namespace and Namespaces are mutually exclusive.
if p.Namespace != "" {
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
}
if len(p.Namespaces) == 0 {
return []*Provider{{
Configuration: p.Configuration,
name: providerName,
// p.Namespace could very well be empty.
namespace: p.Namespace,
}}
}

1
pkg/provider/kubernetes/crd/kubernetes.go
View file

@ -623,7 +623,6 @@ func createForwardAuthMiddleware(k8sClient Client, namespace string, auth *v1alp
}
forwardAuth.TLS = &types.ClientTLS{
CAOptional: auth.TLS.CAOptional,
InsecureSkipVerify: auth.TLS.InsecureSkipVerify,
}

6
pkg/provider/kubernetes/crd/kubernetes_test.go
View file

@ -5144,8 +5144,7 @@ func TestCrossNamespace(t *testing.T) {
Middlewares: map[string]*dynamic.Middleware{
"cross-ns-stripprefix": {
StripPrefix: &dynamic.StripPrefix{
Prefixes: []string{"/stripit"},
ForceSlash: false,
Prefixes: []string{"/stripit"},
},
},
},
@ -5215,8 +5214,7 @@ func TestCrossNamespace(t *testing.T) {
Middlewares: map[string]*dynamic.Middleware{
"cross-ns-stripprefix": {
StripPrefix: &dynamic.StripPrefix{
Prefixes: []string{"/stripit"},
ForceSlash: false,
Prefixes: []string{"/stripit"},
},
},
"default-test-errorpage": {

1
pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go
View file

@ -167,7 +167,6 @@ type ClientTLS struct {
CertSecret string `json:"certSecret,omitempty"`
// InsecureSkipVerify defines whether the server certificates should be validated.
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
CAOptional bool `json:"caOptional,omitempty"`
}
// +k8s:deepcopy-gen=true

4
pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
View file

@ -41,10 +41,6 @@ type TLSOptionSpec struct {
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
SniStrict bool `json:"sniStrict,omitempty"`
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
// It is enabled automatically when minVersion or maxVersion is set.
// Deprecated: https://github.com/golang/go/issues/45430
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
// More info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols
ALPNProtocols []string `json:"alpnProtocols,omitempty"`

15
pkg/provider/kv/consul/consul.go
View file

@ -7,7 +7,6 @@ import (
"time"
"github.com/kvtools/consul"
"github.com/rs/zerolog/log"
"github.com/traefik/traefik/v2/pkg/provider"
"github.com/traefik/traefik/v2/pkg/provider/kv"
"github.com/traefik/traefik/v2/pkg/types"
@ -25,8 +24,6 @@ type ProviderBuilder struct {
Token string `description:"Per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
// Deprecated: use Namespaces instead.
Namespace string `description:"Sets the namespace used to discover the configuration (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
Namespaces []string `description:"Sets the namespaces used to discover the configuration (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
}
@ -38,20 +35,12 @@ func (p *ProviderBuilder) SetDefaults() {
// BuildProviders builds Consul provider instances for the given namespaces configuration.
func (p *ProviderBuilder) BuildProviders() []*Provider {
// We can warn about that, because we've already made sure before that
// Namespace and Namespaces are mutually exclusive.
if p.Namespace != "" {
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
}
if len(p.Namespaces) == 0 {
return []*Provider{{
Provider: p.Provider,
name: providerName,
// p.Namespace could very well be empty.
namespace: p.Namespace,
token: p.Token,
tls: p.TLS,
token: p.Token,
tls: p.TLS,
}}
}

7
pkg/provider/kv/consul/consul_test.go
View file

@ -9,7 +9,6 @@ import (
func TestNamespaces(t *testing.T) {
testCases := []struct {
desc string
namespace string
namespaces []string
expectedNamespaces []string
}{
@ -17,11 +16,6 @@ func TestNamespaces(t *testing.T) {
desc: "no defined namespaces",
expectedNamespaces: []string{""},
},
{
desc: "deprecated: use of defined namespace",
namespace: "test-ns",
expectedNamespaces: []string{"test-ns"},
},
{
desc: "use of 1 defined namespaces",
namespaces: []string{"test-ns"},
@ -41,7 +35,6 @@ func TestNamespaces(t *testing.T) {
t.Parallel()
pb := &ProviderBuilder{
Namespace: test.namespace,
Namespaces: test.namespaces,
}

14
pkg/provider/kv/kv_test.go
View file

@ -79,7 +79,6 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware08/forwardAuth/tls/key": "foobar",
"traefik/http/middlewares/Middleware08/forwardAuth/tls/insecureSkipVerify": "true",
"traefik/http/middlewares/Middleware08/forwardAuth/tls/ca": "foobar",
"traefik/http/middlewares/Middleware08/forwardAuth/tls/caOptional": "true",
"traefik/http/middlewares/Middleware08/forwardAuth/tls/cert": "foobar",
"traefik/http/middlewares/Middleware08/forwardAuth/address": "foobar",
"traefik/http/middlewares/Middleware08/forwardAuth/trustForwardHeader": "true",
@ -106,12 +105,8 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware09/headers/accessControlAllowOriginListRegex/1": "foobar",
"traefik/http/middlewares/Middleware09/headers/contentTypeNosniff": "true",
"traefik/http/middlewares/Middleware09/headers/accessControlAllowCredentials": "true",
"traefik/http/middlewares/Middleware09/headers/featurePolicy": "foobar",
"traefik/http/middlewares/Middleware09/headers/permissionsPolicy": "foobar",
"traefik/http/middlewares/Middleware09/headers/forceSTSHeader": "true",
"traefik/http/middlewares/Middleware09/headers/sslRedirect": "true",
"traefik/http/middlewares/Middleware09/headers/sslHost": "foobar",
"traefik/http/middlewares/Middleware09/headers/sslForceHost": "true",
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name1": "foobar",
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name0": "foobar",
"traefik/http/middlewares/Middleware09/headers/allowedHosts/0": "foobar",
@ -130,7 +125,6 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware09/headers/addVaryHeader": "true",
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/0": "foobar",
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/1": "foobar",
"traefik/http/middlewares/Middleware09/headers/sslTemporaryRedirect": "true",
"traefik/http/middlewares/Middleware09/headers/customBrowserXSSValue": "foobar",
"traefik/http/middlewares/Middleware09/headers/referrerPolicy": "foobar",
"traefik/http/middlewares/Middleware09/headers/accessControlExposeHeaders/0": "foobar",
@ -206,7 +200,6 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware18/retry/attempts": "42",
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/0": "foobar",
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/1": "foobar",
"traefik/http/middlewares/Middleware19/stripPrefix/forceSlash": "true",
"traefik/tcp/routers/TCPRouter0/entryPoints/0": "foobar",
"traefik/tcp/routers/TCPRouter0/entryPoints/1": "foobar",
"traefik/tcp/routers/TCPRouter0/service": "foobar",
@ -378,7 +371,6 @@ func Test_buildConfiguration(t *testing.T) {
"foobar",
"foobar",
},
ForceSlash: true,
},
},
"Middleware00": {
@ -413,7 +405,6 @@ func Test_buildConfiguration(t *testing.T) {
Address: "foobar",
TLS: &types.ClientTLS{
CA: "foobar",
CAOptional: true,
Cert: "foobar",
Key: "foobar",
InsecureSkipVerify: true,
@ -589,14 +580,10 @@ func Test_buildConfiguration(t *testing.T) {
"foobar",
"foobar",
},
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLHost: "foobar",
SSLProxyHeaders: map[string]string{
"name1": "foobar",
"name0": "foobar",
},
SSLForceHost: true,
STSSeconds: 42,
STSIncludeSubdomains: true,
STSPreload: true,
@ -609,7 +596,6 @@ func Test_buildConfiguration(t *testing.T) {
ContentSecurityPolicy: "foobar",
PublicKey: "foobar",
ReferrerPolicy: "foobar",
FeaturePolicy: "foobar",
PermissionsPolicy: "foobar",
IsDevelopment: true,
},

7
pkg/provider/nomad/config_test.go
View file

@ -2611,7 +2611,6 @@ func Test_keepItem(t *testing.T) {
func TestNamespaces(t *testing.T) {
testCases := []struct {
desc string
namespace string
namespaces []string
expectedNamespaces []string
}{
@ -2619,11 +2618,6 @@ func TestNamespaces(t *testing.T) {
desc: "no defined namespaces",
expectedNamespaces: []string{""},
},
{
desc: "deprecated: use of defined namespace",
namespace: "test-ns",
expectedNamespaces: []string{"test-ns"},
},
{
desc: "use of 1 defined namespaces",
namespaces: []string{"test-ns"},
@ -2643,7 +2637,6 @@ func TestNamespaces(t *testing.T) {
t.Parallel()
pb := &ProviderBuilder{
Namespace: test.namespace,
Namespaces: test.namespaces,
}

8
pkg/provider/nomad/nomad.go
View file

@ -52,23 +52,15 @@ type item struct {
type ProviderBuilder struct {
Configuration `yaml:",inline" export:"true"`
// Deprecated: Use Namespaces option instead
Namespace string `description:"Sets the Nomad namespace used to discover services." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
Namespaces []string `description:"Sets the Nomad namespaces used to discover services." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
}
// BuildProviders builds Nomad provider instances for the given namespaces configuration.
func (p *ProviderBuilder) BuildProviders() []*Provider {
if p.Namespace != "" {
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
}
if len(p.Namespaces) == 0 {
return []*Provider{{
Configuration: p.Configuration,
name: providerName,
// p.Namespace could be empty
namespace: p.Namespace,
}}
}

20
pkg/redactor/redactor_config_test.go
View file

@ -175,8 +175,7 @@ func init() {
Prefix: "foo",
},
StripPrefix: &dynamic.StripPrefix{
Prefixes: []string{"foo"},
ForceSlash: true,
Prefixes: []string{"foo"},
},
StripPrefixRegex: &dynamic.StripPrefixRegex{
Regex: []string{"foo"},
@ -211,11 +210,7 @@ func init() {
AddVaryHeader: true,
AllowedHosts: []string{"foo"},
HostsProxyHeaders: []string{"foo"},
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLHost: "foo",
SSLProxyHeaders: map[string]string{"foo": "bar"},
SSLForceHost: true,
STSSeconds: 42,
STSIncludeSubdomains: true,
STSPreload: true,
@ -228,7 +223,6 @@ func init() {
ContentSecurityPolicy: "foo",
PublicKey: "foo",
ReferrerPolicy: "foo",
FeaturePolicy: "foo",
PermissionsPolicy: "foo",
IsDevelopment: true,
},
@ -278,7 +272,6 @@ func init() {
Address: "127.0.0.1",
TLS: &types.ClientTLS{
CA: "ca.pem",
CAOptional: true,
Cert: "cert.pem",
Key: "cert.pem",
InsecureSkipVerify: true,
@ -592,7 +585,6 @@ func TestDo_staticConfiguration(t *testing.T) {
DefaultRule: "PathPrefix(`/`)",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
@ -615,7 +607,6 @@ func TestDo_staticConfiguration(t *testing.T) {
DCOSToken: "foobar",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
@ -691,7 +682,6 @@ func TestDo_staticConfiguration(t *testing.T) {
Token: "MyToken",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
@ -710,7 +700,6 @@ func TestDo_staticConfiguration(t *testing.T) {
ExposedByDefault: true,
DefaultRule: "PathPrefix(`/`)",
},
Namespace: "ns",
Namespaces: []string{"ns1", "ns2"},
}
@ -735,12 +724,10 @@ func TestDo_staticConfiguration(t *testing.T) {
Token: "secret",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
},
Namespace: "ns",
Namespaces: []string{"ns1", "ns2"},
}
@ -753,7 +740,6 @@ func TestDo_staticConfiguration(t *testing.T) {
Password: "password",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
@ -778,7 +764,6 @@ func TestDo_staticConfiguration(t *testing.T) {
Password: "password",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
@ -791,7 +776,6 @@ func TestDo_staticConfiguration(t *testing.T) {
PollTimeout: 42,
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
@ -903,7 +887,7 @@ func TestDo_staticConfiguration(t *testing.T) {
},
Datadog: &datadog.Config{
LocalAgentHostPort: "foobar",
GlobalTag: "foobar",
GlobalTags: map[string]string{"foobar": "foobar"},
Debug: true,
PrioritySampling: true,
TraceIDHeaderName: "foobar",

9
pkg/redactor/testdata/anonymized-dynamic-config.json vendored
View file

@ -99,8 +99,7 @@
"stripPrefix": {
"prefixes": [
"foo"
],
"forceSlash": true
]
},
"stripPrefixRegex": {
"regex": [
@ -161,10 +160,6 @@
"hostsProxyHeaders": [
"foo"
],
"sslRedirect": true,
"sslTemporaryRedirect": true,
"sslHost": "xxxx",
"sslForceHost": true,
"stsSeconds": 42,
"stsIncludeSubdomains": true,
"stsPreload": true,
@ -177,7 +172,6 @@
"contentSecurityPolicy": "xxxx",
"publicKey": "xxxx",
"referrerPolicy": "foo",
"featurePolicy": "foo",
"permissionsPolicy": "foo",
"isDevelopment": true
},
@ -235,7 +229,6 @@
"address": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true

13
pkg/redactor/testdata/anonymized-static-config.json vendored
View file

@ -83,7 +83,6 @@
"defaultRule": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
@ -111,7 +110,6 @@
"dcosToken": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
@ -189,7 +187,6 @@
"token": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
@ -207,7 +204,6 @@
"cache": true,
"exposedByDefault": true,
"defaultRule": "xxxx",
"namespace": "xxxx",
"namespaces": [
"xxxx",
"xxxx"
@ -233,12 +229,10 @@
"token": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
},
"namespace": "xxxx",
"namespaces": [
"xxxx",
"xxxx"
@ -248,7 +242,6 @@
"rootKey": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
@ -265,7 +258,6 @@
"rootKey": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
@ -279,7 +271,6 @@
"pollTimeout": "42ns",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
@ -394,7 +385,9 @@
},
"datadog": {
"localAgentHostPort": "xxxx",
"globalTag": "foobar",
"globalTags": {
"foobar": "foobar"
},
"debug": true,
"prioritySampling": true,
"traceIDHeaderName": "foobar",

9
pkg/redactor/testdata/secured-dynamic-config.json vendored
View file

@ -99,8 +99,7 @@
"stripPrefix": {
"prefixes": [
"foo"
],
"forceSlash": true
]
},
"stripPrefixRegex": {
"regex": [
@ -161,13 +160,9 @@
"hostsProxyHeaders": [
"foo"
],
"sslRedirect": true,
"sslTemporaryRedirect": true,
"sslHost": "foo",
"sslProxyHeaders": {
"foo": "bar"
},
"sslForceHost": true,
"stsSeconds": 42,
"stsIncludeSubdomains": true,
"stsPreload": true,
@ -180,7 +175,6 @@
"contentSecurityPolicy": "foo",
"publicKey": "foo",
"referrerPolicy": "foo",
"featurePolicy": "foo",
"permissionsPolicy": "foo",
"isDevelopment": true
},
@ -238,7 +232,6 @@
"address": "127.0.0.1",
"tls": {
"ca": "ca.pem",
"caOptional": true,
"cert": "cert.pem",
"key": "xxxx",
"insecureSkipVerify": true

15
pkg/tls/tls.go
View file

@ -18,14 +18,13 @@ type ClientAuth struct {
// Options configures TLS for an entry point.
type Options struct {
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"`
CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"`
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty" toml:"preferServerCipherSuites,omitempty" yaml:"preferServerCipherSuites,omitempty" export:"true"` // Deprecated: https://github.com/golang/go/issues/45430
ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"`
CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"`
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
}
// SetDefaults sets the default values for an Options struct.

16
pkg/tracing/datadog/datadog.go
View file

@ -4,7 +4,6 @@ import (
"io"
"net"
"os"
"strings"
"github.com/opentracing/opentracing-go"
"github.com/rs/zerolog/log"
@ -18,9 +17,7 @@ const Name = "datadog"
// Config provides configuration settings for a datadog tracer.
type Config struct {
LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"`
// Deprecated: use GlobalTags instead.
GlobalTag string `description:"Sets a key:value tag on all spans." json:"globalTag,omitempty" toml:"globalTag,omitempty" yaml:"globalTag,omitempty" export:"true"`
LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"`
GlobalTags map[string]string `description:"Sets a list of key:value tags on all spans." json:"globalTags,omitempty" toml:"globalTags,omitempty" yaml:"globalTags,omitempty" export:"true"`
Debug bool `description:"Enables Datadog debug." json:"debug,omitempty" toml:"debug,omitempty" yaml:"debug,omitempty" export:"true"`
PrioritySampling bool `description:"Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled." json:"prioritySampling,omitempty" toml:"prioritySampling,omitempty" yaml:"prioritySampling,omitempty" export:"true"`
@ -66,17 +63,6 @@ func (c *Config) Setup(serviceName string) (opentracing.Tracer, io.Closer, error
opts = append(opts, datadog.WithGlobalTag(k, v))
}
if c.GlobalTag != "" {
logger.Warn().Msg(`Datadog: option "globalTag" is deprecated, please use "globalTags" instead.`)
key, value, _ := strings.Cut(c.GlobalTag, ":")
// Don't override a tag already defined with the new option.
if _, ok := c.GlobalTags[key]; !ok {
opts = append(opts, datadog.WithGlobalTag(key, value))
}
}
if c.PrioritySampling {
opts = append(opts, datadog.WithPrioritySampling())
}

8
pkg/types/tls.go
View file

@ -16,9 +16,7 @@ import (
// ClientTLS holds TLS specific configurations as client
// CA, Cert and Key can be either path or file contents.
type ClientTLS struct {
CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"`
// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
CAOptional bool `description:"TLS CA.Optional" json:"caOptional,omitempty" toml:"caOptional,omitempty" yaml:"caOptional,omitempty" export:"true"`
CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"`
Cert string `description:"TLS cert" json:"cert,omitempty" toml:"cert,omitempty" yaml:"cert,omitempty"`
Key string `description:"TLS key" json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty" loggable:"false"`
InsecureSkipVerify bool `description:"TLS insecure skip verify" json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty" export:"true"`
@ -31,10 +29,6 @@ func (c *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, error) {
return nil, nil
}
if c.CAOptional {
log.Ctx(ctx).Warn().Msg("CAOptional is deprecated, TLS client authentication is a server side option.")
}
// Not initialized, to rely on system bundle.
var caPool *x509.CertPool