Ability to use "X-Forwarded-For" as a source of IP for white list.

2018-03-23 17:40:04 +01:00 · 2018-03-23 17:40:04 +01:00 · d2766b1b4f
commit d2766b1b4f
parent 4802484729
50 changed files with 1496 additions and 599 deletions
--- a/provider/mesos/config_test.go
+++ b/provider/mesos/config_test.go
@ -148,7 +148,8 @@ func TestBuildConfiguration(t *testing.T) {
 					withLabel(label.TraefikFrontendRedirectReplacement, "nope"),
 					withLabel(label.TraefikFrontendRedirectPermanent, "true"),
 					withLabel(label.TraefikFrontendRule, "Host:traefik.io"),
-					withLabel(label.TraefikFrontendWhitelistSourceRange, "10.10.10.10"),
+					withLabel(label.TraefikFrontendWhiteListSourceRange, "10.10.10.10"),
+					withLabel(label.TraefikFrontendWhiteListUseXForwardedFor, "true"),

 					withLabel(label.TraefikFrontendRequestHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type:application/json; charset=utf-8"),
 					withLabel(label.TraefikFrontendResponseHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type:application/json; charset=utf-8"),
@ -212,8 +213,9 @@ func TestBuildConfiguration(t *testing.T) {
 						"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
 						"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
 					},
-					WhitelistSourceRange: []string{
-						"10.10.10.10",
+					WhiteList: &types.WhiteList{
+						SourceRange:      []string{"10.10.10.10"},
+						UseXForwardedFor: true,
 					},
 					Headers: &types.Headers{
 						CustomRequestHeaders: map[string]string{
@ -953,6 +955,75 @@ func TestGetServers(t *testing.T) {
 	}
 }

+func TestWhiteList(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		task     state.Task
+		expected *types.WhiteList
+	}{
+		{
+			desc: "should return nil when no white list labels",
+			task: aTask("ID1",
+				withIP("10.10.10.10"),
+				withInfo("name1", withPorts(withPort("TCP", 80, "WEB"))),
+				withDefaultStatus(),
+			),
+			expected: nil,
+		},
+		{
+			desc: "should return a struct when only range",
+			task: aTask("ID1",
+				withLabel(label.TraefikFrontendWhiteListSourceRange, "10.10.10.10"),
+				withIP("10.10.10.10"),
+				withInfo("name1", withPorts(withPort("TCP", 80, "WEB"))),
+				withDefaultStatus(),
+			),
+			expected: &types.WhiteList{
+				SourceRange: []string{
+					"10.10.10.10",
+				},
+				UseXForwardedFor: false,
+			},
+		},
+		{
+			desc: "should return a struct when range and UseXForwardedFor",
+			task: aTask("ID1",
+				withLabel(label.TraefikFrontendWhiteListSourceRange, "10.10.10.10"),
+				withLabel(label.TraefikFrontendWhiteListUseXForwardedFor, "true"),
+				withIP("10.10.10.10"),
+				withInfo("name1", withPorts(withPort("TCP", 80, "WEB"))),
+				withDefaultStatus(),
+			),
+			expected: &types.WhiteList{
+				SourceRange: []string{
+					"10.10.10.10",
+				},
+				UseXForwardedFor: true,
+			},
+		},
+		{
+			desc: "should return nil when only UseXForwardedFor",
+			task: aTask("ID1",
+				withLabel(label.TraefikFrontendWhiteListUseXForwardedFor, "true"),
+				withIP("10.10.10.10"),
+				withInfo("name1", withPorts(withPort("TCP", 80, "WEB"))),
+				withDefaultStatus(),
+			),
+			expected: nil,
+		},
+	}
+
+	for _, test := range testCases {
+		test := test
+		t.Run(test.desc, func(t *testing.T) {
+			t.Parallel()
+
+			actual := getWhiteList(test.task)
+			assert.Equal(t, test.expected, actual)
+		})
+	}
+}
+
 func TestGetRedirect(t *testing.T) {
 	testCases := []struct {
 		desc     string