Ability to use "X-Forwarded-For" as a source of IP for white list.

2018-03-23 17:40:04 +01:00 · 2018-03-23 17:40:04 +01:00 · d2766b1b4f
commit d2766b1b4f
parent 4802484729
50 changed files with 1496 additions and 599 deletions
--- a/provider/consulcatalog/consul_catalog_config.go
+++ b/provider/consulcatalog/consul_catalog_config.go
@ -43,20 +43,20 @@ func (p *Provider) buildConfiguration(catalog []catalogUpdate) *types.Configurat
 		"getBuffering":            p.getBuffering,

 		// Frontend functions
-		"getFrontendRule":         p.getFrontendRule,
-		"getBasicAuth":            p.getFuncSliceAttribute(label.SuffixFrontendAuthBasic),
-		"getEntryPoints":          getEntryPoints,                                           // TODO Deprecated [breaking]
-		"getFrontEndEntryPoints":  p.getFuncSliceAttribute(label.SuffixFrontendEntryPoints), // TODO [breaking] rename to getEntryPoints when getEntryPoints will be removed
-		"getPriority":             p.getFuncIntAttribute(label.SuffixFrontendPriority, label.DefaultFrontendPriorityInt),
-		"getPassHostHeader":       p.getFuncBoolAttribute(label.SuffixFrontendPassHostHeader, label.DefaultPassHostHeaderBool),
-		"getPassTLSCert":          p.getFuncBoolAttribute(label.SuffixFrontendPassTLSCert, label.DefaultPassTLSCert),
-		"getWhitelistSourceRange": p.getFuncSliceAttribute(label.SuffixFrontendWhitelistSourceRange),
-		"getRedirect":             p.getRedirect,
-		"hasErrorPages":           p.getFuncHasAttributePrefix(label.BaseFrontendErrorPage),
-		"getErrorPages":           p.getErrorPages,
-		"hasRateLimit":            p.getFuncHasAttributePrefix(label.BaseFrontendRateLimit),
-		"getRateLimit":            p.getRateLimit,
-		"getHeaders":              p.getHeaders,
+		"getFrontendRule":        p.getFrontendRule,
+		"getBasicAuth":           p.getFuncSliceAttribute(label.SuffixFrontendAuthBasic),
+		"getEntryPoints":         getEntryPoints,                                           // TODO Deprecated [breaking]
+		"getFrontEndEntryPoints": p.getFuncSliceAttribute(label.SuffixFrontendEntryPoints), // TODO [breaking] rename to getEntryPoints when getEntryPoints will be removed
+		"getPriority":            p.getFuncIntAttribute(label.SuffixFrontendPriority, label.DefaultFrontendPriorityInt),
+		"getPassHostHeader":      p.getFuncBoolAttribute(label.SuffixFrontendPassHostHeader, label.DefaultPassHostHeaderBool),
+		"getPassTLSCert":         p.getFuncBoolAttribute(label.SuffixFrontendPassTLSCert, label.DefaultPassTLSCert),
+		"getWhiteList":           p.getWhiteList,
+		"getRedirect":            p.getRedirect,
+		"hasErrorPages":          p.getFuncHasAttributePrefix(label.BaseFrontendErrorPage),
+		"getErrorPages":          p.getErrorPages,
+		"hasRateLimit":           p.getFuncHasAttributePrefix(label.BaseFrontendRateLimit),
+		"getRateLimit":           p.getRateLimit,
+		"getHeaders":             p.getHeaders,
 	}

 	var allNodes []*api.ServiceEntry
@ -311,6 +311,19 @@ func (p *Provider) getBuffering(tags []string) *types.Buffering {
 	}
 }

+func (p *Provider) getWhiteList(tags []string) *types.WhiteList {
+	ranges := p.getSliceAttribute(label.SuffixFrontendWhiteListSourceRange, tags)
+
+	if len(ranges) > 0 {
+		return &types.WhiteList{
+			SourceRange:      ranges,
+			UseXForwardedFor: p.getBoolAttribute(label.SuffixFrontendWhiteListUseXForwardedFor, tags, false),
+		}
+	}
+
+	return nil
+}
+
 func (p *Provider) getRedirect(tags []string) *types.Redirect {
 	permanent := p.getBoolAttribute(label.SuffixFrontendRedirectPermanent, tags, false)

--- a/provider/consulcatalog/consul_catalog_config_test.go
+++ b/provider/consulcatalog/consul_catalog_config_test.go
@ -1048,6 +1048,65 @@ func TestProviderGetBuffering(t *testing.T) {
 	}
 }

+func TestProviderWhiteList(t *testing.T) {
+	p := &Provider{
+		Prefix: "traefik",
+	}
+
+	testCases := []struct {
+		desc     string
+		tags     []string
+		expected *types.WhiteList
+	}{
+		{
+			desc:     "should return nil when no white list labels",
+			expected: nil,
+		},
+		{
+			desc: "should return a struct when only range",
+			tags: []string{
+				label.TraefikFrontendWhiteListSourceRange + "=10.10.10.10",
+			},
+			expected: &types.WhiteList{
+				SourceRange: []string{
+					"10.10.10.10",
+				},
+				UseXForwardedFor: false,
+			},
+		},
+		{
+			desc: "should return a struct when range and UseXForwardedFor",
+			tags: []string{
+				label.TraefikFrontendWhiteListSourceRange + "=10.10.10.10",
+				label.TraefikFrontendWhiteListUseXForwardedFor + "=true",
+			},
+			expected: &types.WhiteList{
+				SourceRange: []string{
+					"10.10.10.10",
+				},
+				UseXForwardedFor: true,
+			},
+		},
+		{
+			desc: "should return nil when only UseXForwardedFor",
+			tags: []string{
+				label.TraefikFrontendWhiteListUseXForwardedFor + "=true",
+			},
+			expected: nil,
+		},
+	}
+
+	for _, test := range testCases {
+		test := test
+		t.Run(test.desc, func(t *testing.T) {
+			t.Parallel()
+
+			actual := p.getWhiteList(test.tags)
+			assert.Equal(t, test.expected, actual)
+		})
+	}
+}
+
 func TestProviderGetRedirect(t *testing.T) {
 	p := &Provider{
 		Prefix: "traefik",