feature: Service Fabric white list.

2018-03-26 16:20:37 +02:00 · 2018-03-26 16:20:37 +02:00 · df73211d56
commit df73211d56
parent e3a4ddcd08
4 changed files with 62 additions and 27 deletions
--- a/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_config.go
+++ b/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_config.go
@ -15,8 +15,12 @@ import (
 )

 func (p *Provider) buildConfiguration(sfClient sfClient) (*types.Configuration, error) {
-	var sfFuncMap = template.FuncMap{
+	services, err := getClusterServices(sfClient)
+	if err != nil {
+		return nil, err
+	}

+	var sfFuncMap = template.FuncMap{
 		// Services
 		"getServices":                getServices,
 		"hasLabel":                   hasService,
@ -42,27 +46,21 @@ func (p *Provider) buildConfiguration(sfClient sfClient) (*types.Configuration,
 		"getLoadBalancer":   getLoadBalancer,

 		// Frontend Functions
-		"getPriority":             getFuncServiceStringLabel(label.TraefikFrontendPriority, label.DefaultFrontendPriority),
-		"getPassHostHeader":       getFuncServiceStringLabel(label.TraefikFrontendPassHostHeader, label.DefaultPassHostHeader),
-		"getPassTLSCert":          getFuncBoolLabel(label.TraefikFrontendPassTLSCert, false),
-		"getEntryPoints":          getFuncServiceSliceStringLabel(label.TraefikFrontendEntryPoints),
-		"getBasicAuth":            getFuncServiceSliceStringLabel(label.TraefikFrontendAuthBasic),
-		"getWhitelistSourceRange": getFuncServiceSliceStringLabel(label.TraefikFrontendWhitelistSourceRange),
-		"getFrontendRules":        getFuncServiceLabelWithPrefix(label.TraefikFrontendRule),
-
-		"getHeaders":  getHeaders,
-		"getRedirect": getRedirect,
+		"getPriority":       getFuncServiceStringLabel(label.TraefikFrontendPriority, label.DefaultFrontendPriority),
+		"getPassHostHeader": getFuncServiceStringLabel(label.TraefikFrontendPassHostHeader, label.DefaultPassHostHeader),
+		"getPassTLSCert":    getFuncBoolLabel(label.TraefikFrontendPassTLSCert, false),
+		"getEntryPoints":    getFuncServiceSliceStringLabel(label.TraefikFrontendEntryPoints),
+		"getBasicAuth":      getFuncServiceSliceStringLabel(label.TraefikFrontendAuthBasic),
+		"getFrontendRules":  getFuncServiceLabelWithPrefix(label.TraefikFrontendRule),
+		"getWhiteList":      getWhiteList,
+		"getHeaders":        getHeaders,
+		"getRedirect":       getRedirect,

 		// SF Service Grouping
 		"getGroupedServices": getFuncServicesGroupedByLabel(traefikSFGroupName),
 		"getGroupedWeight":   getFuncServiceStringLabel(traefikSFGroupWeight, "1"),
 	}

-	services, err := getClusterServices(sfClient)
-	if err != nil {
-		return nil, err
-	}
-
 	templateObjects := struct {
 		Services []ServiceItemExtended
 	}{
@ -229,6 +227,31 @@ func getHeaders(service ServiceItemExtended) *types.Headers {
 	return headers
 }

+func getWhiteList(service ServiceItemExtended) *types.WhiteList {
+	if label.Has(service.Labels, label.TraefikFrontendWhitelistSourceRange) {
+		log.Warnf("Deprecated configuration found: %s. Please use %s.", label.TraefikFrontendWhitelistSourceRange, label.TraefikFrontendWhiteListSourceRange)
+	}
+
+	ranges := label.GetSliceStringValue(service.Labels, label.TraefikFrontendWhiteListSourceRange)
+	if len(ranges) > 0 {
+		return &types.WhiteList{
+			SourceRange:      ranges,
+			UseXForwardedFor: label.GetBoolValue(service.Labels, label.TraefikFrontendWhiteListUseXForwardedFor, false),
+		}
+	}
+
+	// TODO: Deprecated
+	values := label.GetSliceStringValue(service.Labels, label.TraefikFrontendWhitelistSourceRange)
+	if len(values) > 0 {
+		return &types.WhiteList{
+			SourceRange:      values,
+			UseXForwardedFor: false,
+		}
+	}
+
+	return nil
+}
+
 func getRedirect(service ServiceItemExtended) *types.Redirect {
 	permanent := label.GetBoolValue(service.Labels, label.TraefikFrontendRedirectPermanent, false)

--- a/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_tmpl.go
+++ b/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_tmpl.go
@ -115,13 +115,6 @@ const tmpl = `
          {{end}}]
        {{end}}
  
-        {{ $whitelistSourceRange := getWhitelistSourceRange $service }}
-        {{if $whitelistSourceRange }}
-        whitelistSourceRange = [{{range $whitelistSourceRange }}
-          "{{.}}",
-          {{end}}]
-        {{end}}
-  
        {{ $basicAuth := getBasicAuth $service }}
        {{if $basicAuth }}
         basicAuth = [{{range $basicAuth }}
@ -129,6 +122,24 @@ const tmpl = `
          {{end}}]
        {{end}}

+        {{ $whitelist := getWhiteList $service }}
+        {{if $whitelist }}
+        [frontends."frontend-{{ $frontendName }}".whiteList]
+          sourceRange = [{{range $whitelist.SourceRange }}
+            "{{.}}",
+            {{end}}]
+          useXForwardedFor = {{ $whitelist.UseXForwardedFor }}
+        {{end}}
+
+        {{ $redirect := getRedirect $service }}
+        {{if $redirect }}
+        [frontends."frontend-{{ $frontendName }}".redirect]
+          entryPoint = "{{ $redirect.EntryPoint }}"
+          regex = "{{ $redirect.Regex }}"
+          replacement = "{{ $redirect.Replacement }}"
+          permanent = {{ $redirect.Permanent }}
+        {{end}}
+
        {{ $headers := getHeaders $service }}
        {{if $headers }}
        [frontends."frontend-{{ $frontendName }}".headers]