diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 82f6dd462..ce21d35ee 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -6,12 +6,14 @@ body: attributes: label: Welcome! description: | - The issue tracker is for reporting bugs and feature requests only. For end-user related support questions, please refer to one of the following: - - the Traefik community forum: https://community.traefik.io/ + The issue tracker is for reporting bugs and feature requests only. + For end-user related support questions, please use the [Traefik community forum](https://community.traefik.io/). - The configurations between 1.X and 2.X are NOT compatible. Please have a look [here](https://doc.traefik.io/traefik/getting-started/configuration-overview/). + All new/updated issues are triaged regularly by the maintainers. + All issues closed by a bot are subsequently double-checked by the maintainers. DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS. + options: - label: Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any. required: true diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 68d56b505..9cb143d8b 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -7,8 +7,8 @@ on: env: GO_VERSION: 1.19 - GOLANGCI_LINT_VERSION: v1.49.0 - MISSSPELL_VERSION: v0.3.4 + GOLANGCI_LINT_VERSION: v1.50.0 + MISSSPELL_VERSION: v0.4.0 IN_DOCKER: "" jobs: @@ -45,7 +45,7 @@ jobs: run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION} - name: Install missspell ${{ env.MISSSPELL_VERSION }} - run: curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION} + run: curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION} - name: Avoid generating webui run: touch webui/static/index.html diff --git a/.golangci.toml b/.golangci.toml deleted file mode 100644 index 6b0ed0abe..000000000 --- a/.golangci.toml +++ /dev/null @@ -1,254 +0,0 @@ -[run] - timeout = "10m" - skip-files = [] - skip-dirs = [ - "pkg/provider/kubernetes/crd/generated/", - ] - -[linters-settings] - - [linters-settings.govet] - check-shadowing = false - - [linters-settings.golint] - min-confidence = 0.0 - - [linters-settings.gocyclo] - min-complexity = 14.0 - - [linters-settings.goconst] - min-len = 3.0 - min-occurrences = 4.0 - - [linters-settings.misspell] - locale = "US" - - [linters-settings.funlen] - lines = 230 # default 60 - statements = 120 # default 40 - - [linters-settings.forbidigo] - forbid = [ - '^print(ln)?$', - '^spew\.Print(f|ln)?$', - '^spew\.Dump$', - ] - - [linters-settings.depguard] - list-type = "blacklist" - include-go-root = false - packages = ["github.com/pkg/errors"] - - [linters-settings.godox] - keywords = ["FIXME"] - - [linters-settings.importas] - corev1 = "k8s.io/api/core/v1" - networkingv1beta1 = "k8s.io/api/networking/v1beta1" - extensionsv1beta1 = "k8s.io/api/extensions/v1beta1" - metav1 = "k8s.io/apimachinery/pkg/apis/meta/v1" - kubeerror = "k8s.io/apimachinery/pkg/api/errors" - composeapi = "github.com/docker/compose/v2/pkg/api" - - [linters-settings.revive] - [[linters-settings.revive.rules]] - name = "struct-tag" - [[linters-settings.rules]] - name = "blank-imports" - [[linters-settings.rules]] - name = "context-as-argument" - [[linters-settings.rules]] - name = "context-keys-type" - [[linters-settings.rules]] - name = "dot-imports" - [[linters-settings.rules]] - name = "error-return" - [[linters-settings.rules]] - name = "error-strings" - [[linters-settings.rules]] - name = "error-naming" - [[linters-settings.rules]] - name = "exported" - [[linters-settings.rules]] - name = "if-return" - [[linters-settings.rules]] - name = "increment-decrement" - [[linters-settings.rules]] - name = "var-naming" - [[linters-settings.rules]] - name = "var-declaration" - [[linters-settings.rules]] - name = "package-comments" - [[linters-settings.rules]] - name = "range" - [[linters-settings.rules]] - name = "receiver-naming" - [[linters-settings.rules]] - name = "time-naming" - [[linters-settings.rules]] - name = "unexported-return" - [[linters-settings.rules]] - name = "indent-error-flow" - [[linters-settings.rules]] - name = "errorf" - [[linters-settings.rules]] - name = "empty-block" - [[linters-settings.rules]] - name = "superfluous-else" - [[linters-settings.rules]] - name = "unused-parameter" - [[linters-settings.rules]] - name = "unreachable-code" - [[linters-settings.rules]] - name = "redefines-builtin-id" - - [linters-settings.gomoddirectives] - replace-allow-list = [ - "github.com/abbot/go-http-auth", - "github.com/go-check/check", - "github.com/gorilla/mux", - "github.com/mailgun/minheap", - "github.com/mailgun/multibuf", - "github.com/jaguilar/vt100", - "github.com/BurntSushi/toml", - ] - -[linters] - enable-all = true - disable = [ - "scopelint", # Deprecated - "interfacer", # Deprecated - "maligned", # Deprecated - "golint", # Deprecated - "exhaustivestruct",# Deprecated - "nosnakecase", # Deprecated - "ifshort", # Deprecated - "structcheck", # Deprecated - "varcheck", # Deprecated - "deadcode", # Deprecated - "execinquery", # Not relevant (SQL) - "sqlclosecheck", # Not relevant (SQL) - "rowserrcheck", # Not relevant (SQL) - "lll", # Not relevant - "gocyclo", # FIXME must be fixed - "cyclop", # Duplicate of gocyclo - "gocognit", # Too strict - "nestif", # Too many false-positive. - "prealloc", # Too many false-positive. - "makezero", # Not relevant - "dupl", # Too strict - "gosec", # Too strict - "gochecknoinits", - "gochecknoglobals", - "wsl", # Too strict - "nlreturn", # Not relevant - "gomnd", # Too strict - "stylecheck", # skip because report issues related to some generated files. - "testpackage", # Too strict - "tparallel", # Not relevant - "paralleltest", # Not relevant - "exhaustive", # Not relevant - "exhaustruct", # duplicate of exhaustivestruct - "goerr113", # Too strict - "wrapcheck", # Too strict - "noctx", # Too strict - "bodyclose", # Too many false-positive and panics. - "forcetypeassert", # Too strict - "tagliatelle", # Not compatible with current tags. - "varnamelen", # not relevant - "nilnil", # not relevant - "ireturn", # not relevant - "contextcheck", # too many false-positive - "containedctx", # too many false-positive - "maintidx", # kind of duplicate of gocyclo - "nonamedreturns", # not relevant - ] - -[issues] - exclude-use-default = false - max-per-linter = 0 - max-same-issues = 0 - exclude = [ - "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked", - "should have a package comment, unless it's in another file for this package", - "SA1019: http.CloseNotifier has been deprecated", # FIXME must be fixed - "SA1019: cfg.SSLRedirect is deprecated", - "SA1019: cfg.SSLTemporaryRedirect is deprecated", - "SA1019: cfg.SSLHost is deprecated", - "SA1019: cfg.SSLForceHost is deprecated", - "SA1019: cfg.FeaturePolicy is deprecated", - "SA1019: c.Providers.ConsulCatalog.Namespace is deprecated", - "SA1019: c.Providers.Consul.Namespace is deprecated", - "SA1019: c.Providers.Nomad.Namespace is deprecated", - ] - [[issues.exclude-rules]] - path = "(.+)_test.go" - linters = ["goconst", "funlen", "godot", "nosnakecase"] - [[issues.exclude-rules]] - path = "(.+)_test.go" - text = " always receives " - linters = [ "unparam" ] - [[issues.exclude-rules]] - path = "integration/.+_test.go" - text = "Error return value of `cmd\\.Process\\.Kill` is not checked" - [[issues.exclude-rules]] - path = "integration/(consul_catalog_test|constraint_test).go" - text = "Error return value of `(s.deregisterService|s.deregisterAgentService)` is not checked" - [[issues.exclude-rules]] - path = "integration/grpc_test.go" - text = "Error return value of `closer` is not checked" - [[issues.exclude-rules]] - path = "pkg/h2c/h2c.go" - text = "Error return value of `rw.Write` is not checked" - [[issues.exclude-rules]] - path = "pkg/provider/docker/builder_test.go" - text = "(U1000: func )?`(.+)` is unused" - [[issues.exclude-rules]] - path = "pkg/provider/kubernetes/builder_(endpoint|service)_test.go" - text = "(U1000: func )?`(.+)` is unused" - [[issues.exclude-rules]] - path = "pkg/server/service/bufferpool.go" - text = "SA6002: argument should be pointer-like to avoid allocations" - [[issues.exclude-rules]] - path = "cmd/configuration.go" - text = "string `traefik` has (\\d) occurrences, make it a constant" - [[issues.exclude-rules]] - path = "pkg/server/middleware/middlewares.go" - text = "Function 'buildConstructor' has too many statements" - [[issues.exclude-rules]] - path = "pkg/tracing/haystack/logger.go" - linters = ["goprintffuncname"] - [[issues.exclude-rules]] - path = "pkg/tracing/tracing.go" - text = "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'" - [[issues.exclude-rules]] - path = "pkg/log/deprecated.go" - linters = ["godot"] - [[issues.exclude-rules]] - path = "(.+)\\.go" - text = "struct-tag: unknown option 'inline' in JSON tag" - [[issues.exclude-rules]] - path = "pkg/server/router/tcp/manager.go" - text = "Function 'buildEntryPointHandler' is too long (.+)" - [[issues.exclude-rules]] - path = "pkg/tls/tlsmanager_test.go" - text = "SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18" - [[issues.exclude-rules]] - path = "pkg/types/tls_test.go" - text = "SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18" - [[issues.exclude-rules]] - path = "pkg/provider/kubernetes/(crd|gateway)/client.go" - linters = ["interfacebloat"] - [[issues.exclude-rules]] - path = "pkg/metrics/metrics.go" - linters = ["interfacebloat"] - [[issues.exclude-rules]] - path = "pkg/provider/acme/provider.go" - text = "\\(\\*Provider\\)\\.resolveCertificate - result 0 \\(\\*github.com/go-acme/lego/v4/certificate.Resource\\) is never used" - [[issues.exclude-rules]] - path = "integration/healthcheck_test.go" - text = "Duplicate words \\(wsp2,\\) found" - [[issues.exclude-rules]] - path = "pkg/types/domain_test.go" - text = "Duplicate words \\(sub\\) found" - diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 000000000..79d1c6ad0 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,191 @@ +run: + timeout: 10m + skip-files: [] + skip-dirs: + - pkg/provider/kubernetes/crd/generated/ + +linters-settings: + govet: + check-shadowing: false + golint: + min-confidence: 0 + gocyclo: + min-complexity: 14 + goconst: + min-len: 3 + min-occurrences: 4 + misspell: + locale: US + funlen: + lines: -1 + statements: 120 + forbidigo: + forbid: + - ^print(ln)?$ + - ^spew\.Print(f|ln)?$ + - ^spew\.Dump$ + depguard: + list-type: denylist + include-go-root: false + packages: + - github.com/pkg/errors + godox: + keywords: + - FIXME + importas: + corev1: k8s.io/api/core/v1 + networkingv1beta1: k8s.io/api/networking/v1beta1 + extensionsv1beta1: k8s.io/api/extensions/v1beta1 + metav1: k8s.io/apimachinery/pkg/apis/meta/v1 + kubeerror: k8s.io/apimachinery/pkg/api/errors + composeapi: github.com/docker/compose/v2/pkg/api + revive: + rules: + - name: struct-tag + rules: + - name: blank-imports + - name: context-as-argument + - name: context-keys-type + - name: dot-imports + - name: error-return + - name: error-strings + - name: error-naming + - name: exported + - name: if-return + - name: increment-decrement + - name: var-naming + - name: var-declaration + - name: package-comments + - name: range + - name: receiver-naming + - name: time-naming + - name: unexported-return + - name: indent-error-flow + - name: errorf + - name: empty-block + - name: superfluous-else + - name: unused-parameter + - name: unreachable-code + - name: redefines-builtin-id + gomoddirectives: + replace-allow-list: + - github.com/abbot/go-http-auth + - github.com/go-check/check + - github.com/gorilla/mux + - github.com/mailgun/minheap + - github.com/mailgun/multibuf + - github.com/jaguilar/vt100 + - github.com/BurntSushi/toml + +linters: + enable-all: true + disable: + - deadcode # deprecated + - exhaustivestruct # deprecated + - golint # deprecated + - ifshort # deprecated + - interfacer # deprecated + - maligned # deprecated + - nosnakecase # deprecated + - scopelint # deprecated + - scopelint # deprecated + - structcheck # deprecated + - varcheck # deprecated + - sqlclosecheck # not relevant (SQL) + - rowserrcheck # not relevant (SQL) + - execinquery # not relevant (SQL) + - cyclop # duplicate of gocyclo + - lll # Not relevant + - gocyclo # FIXME must be fixed + - gocognit # Too strict + - nestif # Too many false-positive. + - prealloc # Too many false-positive. + - makezero # Not relevant + - dupl # Too strict + - gosec # Too strict + - gochecknoinits + - gochecknoglobals + - wsl # Too strict + - nlreturn # Not relevant + - gomnd # Too strict + - stylecheck # skip because report issues related to some generated files. + - testpackage # Too strict + - tparallel # Not relevant + - paralleltest # Not relevant + - exhaustive # Not relevant + - exhaustruct # Not relevant + - goerr113 # Too strict + - wrapcheck # Too strict + - noctx # Too strict + - bodyclose # too many false-positive + - forcetypeassert # Too strict + - tagliatelle # Too strict + - varnamelen # Not relevant + - nilnil # Not relevant + - ireturn # Not relevant + - contextcheck # too many false-positive + - containedctx # too many false-positive + - maintidx # kind of duplicate of gocyclo + - nonamedreturns # Too strict + +issues: + exclude-use-default: false + max-per-linter: 0 + max-same-issues: 0 + exclude: + - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked' + - "should have a package comment, unless it's in another file for this package" + - 'SA1019: http.CloseNotifier has been deprecated' # FIXME must be fixed + - 'SA1019: cfg.SSLRedirect is deprecated' + - 'SA1019: cfg.SSLTemporaryRedirect is deprecated' + - 'SA1019: cfg.SSLHost is deprecated' + - 'SA1019: cfg.SSLForceHost is deprecated' + - 'SA1019: cfg.FeaturePolicy is deprecated' + - 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated' + - 'SA1019: c.Providers.Consul.Namespace is deprecated' + - 'SA1019: c.Providers.Nomad.Namespace is deprecated' + exclude-rules: + - path: '(.+)_test.go' + linters: + - goconst + - funlen + - godot + - path: '(.+)_test.go' + text: ' always receives ' + linters: + - unparam + - path: '(.+)\.go' + text: 'struct-tag: unknown option ''inline'' in JSON tag' + linters: + - revive + - path: pkg/server/service/bufferpool.go + text: 'SA6002: argument should be pointer-like to avoid allocations' + - path: pkg/server/middleware/middlewares.go + text: "Function 'buildConstructor' has too many statements" + linters: + - funlen + - path: pkg/tracing/haystack/logger.go + linters: + - goprintffuncname + - path: pkg/tracing/tracing.go + text: "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'" + linters: + - goprintffuncname + - path: pkg/tls/tlsmanager_test.go + text: 'SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18' + - path: pkg/types/tls_test.go + text: 'SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18' + - path: pkg/provider/kubernetes/(crd|gateway)/client.go + linters: + - interfacebloat + - path: pkg/metrics/metrics.go + linters: + - interfacebloat + - path: integration/healthcheck_test.go + text: 'Duplicate words \(wsp2,\) found' + linters: + - dupword + - path: pkg/types/domain_test.go + text: 'Duplicate words \(sub\) found' + linters: + - dupword diff --git a/build.Dockerfile b/build.Dockerfile index f1ed59da6..cf4ab8608 100644 --- a/build.Dockerfile +++ b/build.Dockerfile @@ -16,7 +16,7 @@ RUN mkdir -p /usr/local/bin \ RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.50.0 # Download misspell binary to bin folder in $GOPATH -RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4 +RUN curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.4.0 # Download goreleaser binary to bin folder in $GOPATH RUN curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | sh diff --git a/docs/content/deprecation/releases.md b/docs/content/deprecation/releases.md index f95e325a1..6d23f06c0 100644 --- a/docs/content/deprecation/releases.md +++ b/docs/content/deprecation/releases.md @@ -6,16 +6,17 @@ Below is a non-exhaustive list of versions and their maintenance status: | Version | Release Date | Active Support | Security Support | |---------|--------------|--------------------|------------------| -| 2.8 | Jun 29, 2022 | Yes | Yes | -| 2.7 | May 24, 2022 | Ended Jun 29, 2022 | No | -| 2.6 | Jan 24, 2022 | Ended May 24, 2022 | No | -| 2.5 | Aug 17, 2021 | Ended Jan 24, 2022 | No | -| 2.4 | Jan 19, 2021 | Ended Aug 17, 2021 | No | -| 2.3 | Sep 23, 2020 | Ended Jan 19, 2021 | No | -| 2.2 | Mar 25, 2020 | Ended Sep 23, 2020 | No | -| 2.1 | Dec 11, 2019 | Ended Mar 25, 2020 | No | -| 2.0 | Sep 16, 2019 | Ended Dec 11, 2019 | No | -| 1.7 | Sep 24, 2018 | Ended Dec 31, 2021 | Contact Support | +| 2.9 | Oct 03, 2022 | Yes | Yes | +| 2.8 | Jun 29, 2022 | Ended Oct 03, 2022 | No | +| 2.7 | May 24, 2022 | Ended Jun 29, 2022 | No | +| 2.6 | Jan 24, 2022 | Ended May 24, 2022 | No | +| 2.5 | Aug 17, 2021 | Ended Jan 24, 2022 | No | +| 2.4 | Jan 19, 2021 | Ended Aug 17, 2021 | No | +| 2.3 | Sep 23, 2020 | Ended Jan 19, 2021 | No | +| 2.2 | Mar 25, 2020 | Ended Sep 23, 2020 | No | +| 2.1 | Dec 11, 2019 | Ended Mar 25, 2020 | No | +| 2.0 | Sep 16, 2019 | Ended Dec 11, 2019 | No | +| 1.7 | Sep 24, 2018 | Ended Dec 31, 2021 | Contact Support | ??? example "Active Support / Security Support" diff --git a/docs/content/middlewares/http/passtlsclientcert.md b/docs/content/middlewares/http/passtlsclientcert.md index 39a1a9ef5..28c5f7fff 100644 --- a/docs/content/middlewares/http/passtlsclientcert.md +++ b/docs/content/middlewares/http/passtlsclientcert.md @@ -16,10 +16,10 @@ PassTLSClientCert adds the selected data from the passed client TLS certificate ## Configuration Examples -Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. +Pass the pem in the `X-Forwarded-Tls-Client-Cert` header. ```yaml tab="Docker" -# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. +# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header. labels: - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" ``` @@ -35,7 +35,7 @@ spec: ``` ```yaml tab="Consul Catalog" -# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header +# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" ``` @@ -46,13 +46,13 @@ spec: ``` ```yaml tab="Rancher" -# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. +# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header. labels: - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" ``` ```yaml tab="File (YAML)" -# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. +# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header. http: middlewares: test-passtlsclientcert: @@ -61,13 +61,13 @@ http: ``` ```toml tab="File (TOML)" -# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. +# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header. [http.middlewares] [http.middlewares.test-passtlsclientcert.passTLSClientCert] pem = true ``` -??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header" +??? example "Pass the pem in the `X-Forwarded-Tls-Client-Cert` header" ```yaml tab="Docker" # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header @@ -254,12 +254,12 @@ http: PassTLSClientCert can add two headers to the request: -- `X-Forwarded-Tls-Client-Cert` that contains the escaped pem. +- `X-Forwarded-Tls-Client-Cert` that contains the pem. - `X-Forwarded-Tls-Client-Cert-Info` that contains all the selected certificate information in an escaped string. !!! info - * Each header value is a string that has been escaped in order to be a valid URL query. + * `X-Forwarded-Tls-Client-Cert-Info` header value is a string that has been escaped in order to be a valid URL query. * These options only work accordingly to the [MutualTLS configuration](../../https/tls.md#client-authentication-mtls). That is to say, only the certificates that match the `clientAuth.clientAuthType` policy are passed. @@ -371,7 +371,7 @@ The following example shows a complete certificate and explains each of the midd ### `pem` -The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the escaped certificate. +The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the certificate. In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters: diff --git a/docs/content/migration/v2.md b/docs/content/migration/v2.md index d76910753..85634a0d9 100644 --- a/docs/content/migration/v2.md +++ b/docs/content/migration/v2.md @@ -444,7 +444,7 @@ To enable HTTP/3 on an EntryPoint, please check out the [HTTP/3 configuration](. ### Kubernetes Gateway API Provider -In `v2.6`, the [Kubernetes Gateway API provider](../providers/kubernetes-gateway.md) now only supports the version [v1alpha2](https://gateway-api.sigs.k8s.io/v1alpha2/guides/getting-started/) of the specification and +In `v2.6`, the [Kubernetes Gateway API provider](../providers/kubernetes-gateway.md) now only supports the version [v1alpha2](https://gateway-api.sigs.k8s.io/v1alpha2/guides/) of the specification and [route namespaces](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1beta1.RouteNamespaces) selectors, which requires Traefik to fetch and watch the cluster namespaces. Therefore, the [RBAC](../reference/dynamic-configuration/kubernetes-gateway.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-gateway.md#definitions) definitions must be updated. diff --git a/docs/content/providers/kubernetes-gateway.md b/docs/content/providers/kubernetes-gateway.md index 187586820..759ca989e 100644 --- a/docs/content/providers/kubernetes-gateway.md +++ b/docs/content/providers/kubernetes-gateway.md @@ -78,7 +78,7 @@ This provider is proposed as an experimental feature and partially supports the The Kubernetes Gateway API project provides several guides on how to use the APIs. These guides can help you to go further than the example above. -The [getting started guide](https://gateway-api.sigs.k8s.io/v1alpha2/guides/getting-started/) details how to install the CRDs from their repository. +The [getting started guide](https://gateway-api.sigs.k8s.io/v1alpha2/guides/) details how to install the CRDs from their repository. !!! note "" diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 983a678b8..391c23a2c 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -1300,7 +1300,7 @@ spec: type: object pem: description: PEM sets the X-Forwarded-Tls-Client-Cert header with - the escaped certificate. + the certificate. type: boolean type: object plugin: diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml index 26cb51d2e..d7bd0b82c 100644 --- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml @@ -723,7 +723,7 @@ spec: type: object pem: description: PEM sets the X-Forwarded-Tls-Client-Cert header with - the escaped certificate. + the certificate. type: boolean type: object plugin: diff --git a/go.mod b/go.mod index 6377a2a2c..b81231230 100644 --- a/go.mod +++ b/go.mod @@ -36,11 +36,11 @@ require ( github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d github.com/instana/go-sensor v1.38.3 github.com/klauspost/compress v1.14.2 - github.com/kvtools/consul v1.0.1 - github.com/kvtools/etcdv3 v1.0.1 - github.com/kvtools/redis v1.0.1 + github.com/kvtools/consul v1.0.2 + github.com/kvtools/etcdv3 v1.0.2 + github.com/kvtools/redis v1.0.2 github.com/kvtools/valkeyrie v1.0.0 - github.com/kvtools/zookeeper v1.0.1 + github.com/kvtools/zookeeper v1.0.2 github.com/lucas-clemente/quic-go v0.28.1 github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f github.com/miekg/dns v1.1.50 diff --git a/go.sum b/go.sum index 9ae168cae..9748b61aa 100644 --- a/go.sum +++ b/go.sum @@ -1305,16 +1305,16 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kvtools/consul v1.0.1 h1:RHwW0qTPL8Gwb+ueH6kpAIZ3fuNnSdAZaydfKjMIr/4= -github.com/kvtools/consul v1.0.1/go.mod h1:bFnzfGJ5ZIRRXCBGBmwhJlLdEWOlrjOcS1WjyAQzaJA= -github.com/kvtools/etcdv3 v1.0.1 h1:Ugr5ryI+FIeZQh0RCmtGFJptgSlbrVGjAnJWk9r//WI= -github.com/kvtools/etcdv3 v1.0.1/go.mod h1:Xr6DbwqjuCEcXAIWmXxw0DX+N5BhuvablXgN90XeqMM= -github.com/kvtools/redis v1.0.1 h1:vtLE3D3xfMbXfenRGuclDU8pe64OiqcBMmKm2RY4Wuo= -github.com/kvtools/redis v1.0.1/go.mod h1:wuUNwwKOHi2TYxDxj1sGF74Jdg0jywydnatXtnOR3hA= +github.com/kvtools/consul v1.0.2 h1:ltPgs4Ld09Xaa7zrOJ/TewBYKAsr11/LRFpErdkb8AA= +github.com/kvtools/consul v1.0.2/go.mod h1:bFnzfGJ5ZIRRXCBGBmwhJlLdEWOlrjOcS1WjyAQzaJA= +github.com/kvtools/etcdv3 v1.0.2 h1:EB0mAtzqe1folE7m7Q6wnCXcGwaOmrYmsVmF3hNsTKI= +github.com/kvtools/etcdv3 v1.0.2/go.mod h1:Xr6DbwqjuCEcXAIWmXxw0DX+N5BhuvablXgN90XeqMM= +github.com/kvtools/redis v1.0.2 h1:D3GjGGtssJF2w8mniWtIxcT/YX9YnRc4jNCm0hrVygQ= +github.com/kvtools/redis v1.0.2/go.mod h1:wuUNwwKOHi2TYxDxj1sGF74Jdg0jywydnatXtnOR3hA= github.com/kvtools/valkeyrie v1.0.0 h1:LAITop2wPoYCMitR24GZZsW0b57hmI+ePD18VRTtOf0= github.com/kvtools/valkeyrie v1.0.0/go.mod h1:bDi/OdhJCSbGPMsCgUQl881yuEweKCSItAtTBI+ZjpU= -github.com/kvtools/zookeeper v1.0.1 h1:CBKNOuesj4CgW5PisK2jVx1+XP+T51bVgYHrZPQL5OM= -github.com/kvtools/zookeeper v1.0.1/go.mod h1:6TfxUwJ7IuBk5srgnoe528W0ftanNECHgOiShx/t0Aw= +github.com/kvtools/zookeeper v1.0.2 h1:uK0CzQa+mtKGxDDH+DeqXo2HC1Kx4hWXZ7pX/zS4aTo= +github.com/kvtools/zookeeper v1.0.2/go.mod h1:6TfxUwJ7IuBk5srgnoe528W0ftanNECHgOiShx/t0Aw= github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28/go.mod h1:T/T7jsxVqf9k/zYOqbgNAsANsjxTd1Yq3htjDhQ1H0c= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/labbsr0x/bindman-dns-webhook v1.0.2 h1:I7ITbmQPAVwrDdhd6dHKi+MYJTJqPCK0jE6YNBAevnk= diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 983a678b8..391c23a2c 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -1300,7 +1300,7 @@ spec: type: object pem: description: PEM sets the X-Forwarded-Tls-Client-Cert header with - the escaped certificate. + the certificate. type: boolean type: object plugin: diff --git a/integration/tls_client_headers_test.go b/integration/tls_client_headers_test.go index d9c158efb..3bc587acd 100644 --- a/integration/tls_client_headers_test.go +++ b/integration/tls_client_headers_test.go @@ -65,6 +65,6 @@ func (s *TLSClientHeadersSuite) TestTLSClientHeaders(c *check.C) { }, } - err = try.RequestWithTransport(request, 2*time.Second, tr, try.BodyContains("Forwarded-Tls-Client-Cert: MIIDNTCCAh0CFD0QQcHXUJuKwMBYDA%2BbBExVSP26MA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazENMAsGA1UEAwwEcm9vdDAeFw0yMTAxMDgxNzQ0MjRaFw0zMTAxMDYxNzQ0MjRaMFgxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYK2z8gLPOfFLgXNWP2460aeJ9vrH47x%2FlhKLlv4amSDHDx8Cmz%2F6blOUM8XOfMRW1xx%2B%2BAgChWN9dx%2Fkf7G2xlA5grZxRvUQ6xj7AvFG9TQUA3muNh2hvm9c3IjaZBNKH27bRKuDIBvZBvXdX4NL%2FaaFy7w7v7IKxk8j4WkfB23sgyH43g4b7NqKHJugZiedFu5GALmtLbShVOFbjWcre7Wvatdw8dIBmiFJqZQT3UjIuGAgqczIShtLxo4V%2BXyVkIPmzfPrRV%2B4zoMFIFOIaj3syyxb4krPBtxhe7nz2cWvvq0wePB2y4YbAAoVY8NYpd5JsMFwZtG6Uk59ygv4QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDaPg69wNeFNFisfBJTrscqVCTW%2BB80gMhpLdxXD%2BKO0%2FWgc5xpB%2FwLSirNtRQyxAa3%2BEEcIwJv%2Fwdh8EyjlDLSpFm%2F8ghntrKhkOfIOPDFE41M5HNfx%2FFuh5btKEenOL%2FXdapqtNUt2ZE4RrsfbL79sPYepa9kDUVi2mCbeH5ollZ0MDU68HpB2YwHbCEuQNk5W3pjYK2NaDkVnxTkfEDM1k%2B3QydO1lqB5JJmcrs59BEveTqaJ3eeh%2F0I4OOab6OkTTZ0JNjJp1573oxO%2Bfce%2FbfGud8xHY5gSN9huU7U6RsgvO7Dhmal%2FsDNl8XC8oU90hVDVXZdA7ewh4jjaoIv")) + err = try.RequestWithTransport(request, 2*time.Second, tr, try.BodyContains("Forwarded-Tls-Client-Cert: MIIDNTCCAh0CFD0QQcHXUJuKwMBYDA+bBExVSP26MA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazENMAsGA1UEAwwEcm9vdDAeFw0yMTAxMDgxNzQ0MjRaFw0zMTAxMDYxNzQ0MjRaMFgxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYK2z8gLPOfFLgXNWP2460aeJ9vrH47x/lhKLlv4amSDHDx8Cmz/6blOUM8XOfMRW1xx++AgChWN9dx/kf7G2xlA5grZxRvUQ6xj7AvFG9TQUA3muNh2hvm9c3IjaZBNKH27bRKuDIBvZBvXdX4NL/aaFy7w7v7IKxk8j4WkfB23sgyH43g4b7NqKHJugZiedFu5GALmtLbShVOFbjWcre7Wvatdw8dIBmiFJqZQT3UjIuGAgqczIShtLxo4V+XyVkIPmzfPrRV+4zoMFIFOIaj3syyxb4krPBtxhe7nz2cWvvq0wePB2y4YbAAoVY8NYpd5JsMFwZtG6Uk59ygv4QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDaPg69wNeFNFisfBJTrscqVCTW+B80gMhpLdxXD+KO0/Wgc5xpB/wLSirNtRQyxAa3+EEcIwJv/wdh8EyjlDLSpFm/8ghntrKhkOfIOPDFE41M5HNfx/Fuh5btKEenOL/XdapqtNUt2ZE4RrsfbL79sPYepa9kDUVi2mCbeH5ollZ0MDU68HpB2YwHbCEuQNk5W3pjYK2NaDkVnxTkfEDM1k+3QydO1lqB5JJmcrs59BEveTqaJ3eeh/0I4OOab6OkTTZ0JNjJp1573oxO+fce/bfGud8xHY5gSN9huU7U6RsgvO7Dhmal/sDNl8XC8oU90hVDVXZdA7ewh4jjaoIv")) c.Assert(err, checker.IsNil) } diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index cddc7409e..0d849c273 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -416,7 +416,7 @@ type InFlightReq struct { // This middleware adds the selected data from the passed client TLS certificate to a header. // More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/ type PassTLSClientCert struct { - // PEM sets the X-Forwarded-Tls-Client-Cert header with the escaped certificate. + // PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate. PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"` // Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header. Info *TLSClientCertificateInfo `json:"info,omitempty" toml:"info,omitempty" yaml:"info,omitempty" export:"true"` diff --git a/pkg/log/deprecated.go b/pkg/log/deprecated.go index 12bb51176..3bde3f841 100644 --- a/pkg/log/deprecated.go +++ b/pkg/log/deprecated.go @@ -9,67 +9,67 @@ import ( ) // Debug logs a message at level Debug on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Debug(...) instead. func Debug(args ...interface{}) { mainLogger.Debug(args...) } // Debugf logs a message at level Debug on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Debugf(...) instead. func Debugf(format string, args ...interface{}) { mainLogger.Debugf(format, args...) } // Info logs a message at level Info on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Info(...) instead. func Info(args ...interface{}) { mainLogger.Info(args...) } // Infof logs a message at level Info on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Infof(...) instead. func Infof(format string, args ...interface{}) { mainLogger.Infof(format, args...) } // Warn logs a message at level Warn on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Warn(...) instead. func Warn(args ...interface{}) { mainLogger.Warn(args...) } // Warnf logs a message at level Warn on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Warnf(...) instead. func Warnf(format string, args ...interface{}) { mainLogger.Warnf(format, args...) } // Error logs a message at level Error on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Error(...) instead. func Error(args ...interface{}) { mainLogger.Error(args...) } // Errorf logs a message at level Error on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Errorf(...) instead. func Errorf(format string, args ...interface{}) { mainLogger.Errorf(format, args...) } // Panic logs a message at level Panic on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Panic(...) instead. func Panic(args ...interface{}) { mainLogger.Panic(args...) } // Fatal logs a message at level Fatal on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Fatal(...) instead. func Fatal(args ...interface{}) { mainLogger.Fatal(args...) } // Fatalf logs a message at level Fatal on the standard logger. -// Deprecated +// Deprecated: use log.FromContext(ctx).Fatalf(...) instead. func Fatalf(format string, args ...interface{}) { mainLogger.Fatalf(format, args...) } diff --git a/pkg/middlewares/passtlsclientcert/pass_tls_client_cert.go b/pkg/middlewares/passtlsclientcert/pass_tls_client_cert.go index 099446745..cddf0ad32 100644 --- a/pkg/middlewares/passtlsclientcert/pass_tls_client_cert.go +++ b/pkg/middlewares/passtlsclientcert/pass_tls_client_cert.go @@ -325,13 +325,11 @@ func writePart(ctx context.Context, content io.StringWriter, entry, prefix strin // sanitize As we pass the raw certificates, remove the useless data and make it http request compliant. func sanitize(cert []byte) string { - cleaned := strings.NewReplacer( + return strings.NewReplacer( "-----BEGIN CERTIFICATE-----", "", "-----END CERTIFICATE-----", "", "\n", "", ).Replace(string(cert)) - - return url.QueryEscape(cleaned) } // getCertificates Build a string with the client certificates. diff --git a/pkg/middlewares/passtlsclientcert/pass_tls_client_cert_test.go b/pkg/middlewares/passtlsclientcert/pass_tls_client_cert_test.go index 6aca1c189..96c1bdffa 100644 --- a/pkg/middlewares/passtlsclientcert/pass_tls_client_cert_test.go +++ b/pkg/middlewares/passtlsclientcert/pass_tls_client_cert_test.go @@ -610,7 +610,7 @@ WqeUSNGYV//RunTeuRDAf5OxehERb1srzBXhRZ3cZdzXbgR/`, content := sanitize(test.toSanitize) - expected := url.QueryEscape(strings.ReplaceAll(test.expected, "\n", "")) + expected := strings.ReplaceAll(test.expected, "\n", "") assert.Equal(t, expected, content, "The sanitized certificates should be equal") }) } diff --git a/pkg/provider/docker/builder_test.go b/pkg/provider/docker/builder_test.go index 424dc7a3e..b952fdce3 100644 --- a/pkg/provider/docker/builder_test.go +++ b/pkg/provider/docker/builder_test.go @@ -47,12 +47,6 @@ func nodeIP(ip string) func(*docker.ContainerJSON) { } } -func labels(labels map[string]string) func(*docker.ContainerJSON) { - return func(c *docker.ContainerJSON) { - c.Config.Labels = labels - } -} - func ports(portMap nat.PortMap) func(*docker.ContainerJSON) { return func(c *docker.ContainerJSON) { c.NetworkSettings.NetworkSettingsBase.Ports = portMap diff --git a/pkg/provider/kv/redis/redis.go b/pkg/provider/kv/redis/redis.go index 546c93d94..23f432bb1 100644 --- a/pkg/provider/kv/redis/redis.go +++ b/pkg/provider/kv/redis/redis.go @@ -30,7 +30,7 @@ func (p *Provider) SetDefaults() { // Init the provider. func (p *Provider) Init() error { - config := redis.Config{ + config := &redis.Config{ Username: p.Username, Password: p.Password, DB: p.DB,