From df73211d56f23ca47995c9ece12d17a22f16d2a1 Mon Sep 17 00:00:00 2001 From: Fernandez Ludovic Date: Mon, 26 Mar 2018 16:20:37 +0200 Subject: [PATCH] feature: Service Fabric white list. --- Gopkg.lock | 7 ++- Gopkg.toml | 2 +- .../servicefabric_config.go | 55 +++++++++++++------ .../servicefabric_tmpl.go | 25 ++++++--- 4 files changed, 62 insertions(+), 27 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 6d55659e5..ed124f4f4 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -247,8 +247,8 @@ [[projects]] name = "github.com/containous/traefik-extra-service-fabric" packages = ["."] - revision = "a0b20089e99069884b060875fc015c13a23e7953" - version = "v1.1.0" + revision = "29a6d70ad0f15175efbaa5fd93d8afdd8b373b93" + version = "v1.1.1" [[projects]] name = "github.com/coreos/bbolt" @@ -745,6 +745,7 @@ version = "v1.3.7" [[projects]] + branch = "master" name = "github.com/jjcollinge/servicefabric" packages = ["."] revision = "8eebe170fa1ba25d3dfb928b3f86a7313b13b9fe" @@ -1643,6 +1644,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "5643c4ca177618882a194021e8894c3dc32950da646048883151bee925416771" + inputs-digest = "593d67272ac35ca0fa59df7f2ac077a81ea842b3181b00acffa20553bfe6f2e0" solver-name = "gps-cdcl" solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml index 4db5fc2ed..1383e2927 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -66,7 +66,7 @@ [[constraint]] name = "github.com/containous/traefik-extra-service-fabric" - version = "1.1.0" + version = "1.1.1" [[constraint]] name = "github.com/coreos/go-systemd" diff --git a/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_config.go b/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_config.go index e05ec4ea7..a2bf65c3d 100644 --- a/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_config.go +++ b/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_config.go @@ -15,8 +15,12 @@ import ( ) func (p *Provider) buildConfiguration(sfClient sfClient) (*types.Configuration, error) { - var sfFuncMap = template.FuncMap{ + services, err := getClusterServices(sfClient) + if err != nil { + return nil, err + } + var sfFuncMap = template.FuncMap{ // Services "getServices": getServices, "hasLabel": hasService, @@ -42,27 +46,21 @@ func (p *Provider) buildConfiguration(sfClient sfClient) (*types.Configuration, "getLoadBalancer": getLoadBalancer, // Frontend Functions - "getPriority": getFuncServiceStringLabel(label.TraefikFrontendPriority, label.DefaultFrontendPriority), - "getPassHostHeader": getFuncServiceStringLabel(label.TraefikFrontendPassHostHeader, label.DefaultPassHostHeader), - "getPassTLSCert": getFuncBoolLabel(label.TraefikFrontendPassTLSCert, false), - "getEntryPoints": getFuncServiceSliceStringLabel(label.TraefikFrontendEntryPoints), - "getBasicAuth": getFuncServiceSliceStringLabel(label.TraefikFrontendAuthBasic), - "getWhitelistSourceRange": getFuncServiceSliceStringLabel(label.TraefikFrontendWhitelistSourceRange), - "getFrontendRules": getFuncServiceLabelWithPrefix(label.TraefikFrontendRule), - - "getHeaders": getHeaders, - "getRedirect": getRedirect, + "getPriority": getFuncServiceStringLabel(label.TraefikFrontendPriority, label.DefaultFrontendPriority), + "getPassHostHeader": getFuncServiceStringLabel(label.TraefikFrontendPassHostHeader, label.DefaultPassHostHeader), + "getPassTLSCert": getFuncBoolLabel(label.TraefikFrontendPassTLSCert, false), + "getEntryPoints": getFuncServiceSliceStringLabel(label.TraefikFrontendEntryPoints), + "getBasicAuth": getFuncServiceSliceStringLabel(label.TraefikFrontendAuthBasic), + "getFrontendRules": getFuncServiceLabelWithPrefix(label.TraefikFrontendRule), + "getWhiteList": getWhiteList, + "getHeaders": getHeaders, + "getRedirect": getRedirect, // SF Service Grouping "getGroupedServices": getFuncServicesGroupedByLabel(traefikSFGroupName), "getGroupedWeight": getFuncServiceStringLabel(traefikSFGroupWeight, "1"), } - services, err := getClusterServices(sfClient) - if err != nil { - return nil, err - } - templateObjects := struct { Services []ServiceItemExtended }{ @@ -229,6 +227,31 @@ func getHeaders(service ServiceItemExtended) *types.Headers { return headers } +func getWhiteList(service ServiceItemExtended) *types.WhiteList { + if label.Has(service.Labels, label.TraefikFrontendWhitelistSourceRange) { + log.Warnf("Deprecated configuration found: %s. Please use %s.", label.TraefikFrontendWhitelistSourceRange, label.TraefikFrontendWhiteListSourceRange) + } + + ranges := label.GetSliceStringValue(service.Labels, label.TraefikFrontendWhiteListSourceRange) + if len(ranges) > 0 { + return &types.WhiteList{ + SourceRange: ranges, + UseXForwardedFor: label.GetBoolValue(service.Labels, label.TraefikFrontendWhiteListUseXForwardedFor, false), + } + } + + // TODO: Deprecated + values := label.GetSliceStringValue(service.Labels, label.TraefikFrontendWhitelistSourceRange) + if len(values) > 0 { + return &types.WhiteList{ + SourceRange: values, + UseXForwardedFor: false, + } + } + + return nil +} + func getRedirect(service ServiceItemExtended) *types.Redirect { permanent := label.GetBoolValue(service.Labels, label.TraefikFrontendRedirectPermanent, false) diff --git a/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_tmpl.go b/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_tmpl.go index 078d32fdb..40615291a 100644 --- a/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_tmpl.go +++ b/vendor/github.com/containous/traefik-extra-service-fabric/servicefabric_tmpl.go @@ -115,13 +115,6 @@ const tmpl = ` {{end}}] {{end}} - {{ $whitelistSourceRange := getWhitelistSourceRange $service }} - {{if $whitelistSourceRange }} - whitelistSourceRange = [{{range $whitelistSourceRange }} - "{{.}}", - {{end}}] - {{end}} - {{ $basicAuth := getBasicAuth $service }} {{if $basicAuth }} basicAuth = [{{range $basicAuth }} @@ -129,6 +122,24 @@ const tmpl = ` {{end}}] {{end}} + {{ $whitelist := getWhiteList $service }} + {{if $whitelist }} + [frontends."frontend-{{ $frontendName }}".whiteList] + sourceRange = [{{range $whitelist.SourceRange }} + "{{.}}", + {{end}}] + useXForwardedFor = {{ $whitelist.UseXForwardedFor }} + {{end}} + + {{ $redirect := getRedirect $service }} + {{if $redirect }} + [frontends."frontend-{{ $frontendName }}".redirect] + entryPoint = "{{ $redirect.EntryPoint }}" + regex = "{{ $redirect.Regex }}" + replacement = "{{ $redirect.Replacement }}" + permanent = {{ $redirect.Permanent }} + {{end}} + {{ $headers := getHeaders $service }} {{if $headers }} [frontends."frontend-{{ $frontendName }}".headers]