1
0
mirror of https://github.com/containous/traefik.git synced 2025-01-25 06:03:49 +03:00
traefik/provider/ecs/config_test.go
Jean-Baptiste Doumenjou 79bf19c897 Auth support in frontends
2018-07-06 16:52:04 +02:00

1293 lines
48 KiB
Go

package ecs
import (
"testing"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/ecs"
"github.com/containous/flaeg"
"github.com/containous/traefik/provider/label"
"github.com/containous/traefik/types"
"github.com/stretchr/testify/assert"
)
func TestBuildConfiguration(t *testing.T) {
testCases := []struct {
desc string
instances []ecsInstance
expected *types.Configuration
err error
}{
{
desc: "config parsed successfully",
instances: []ecsInstance{
{
Name: "instance",
ID: "1",
containerDefinition: &ecs.ContainerDefinition{
DockerLabels: map[string]*string{},
},
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.0.0.1",
ports: []portMapping{{hostPort: 1337}},
},
},
},
expected: &types.Configuration{
Backends: map[string]*types.Backend{
"backend-instance": {
Servers: map[string]types.Server{
"server-instance-1": {
URL: "http://10.0.0.1:1337",
Weight: label.DefaultWeight,
}},
},
},
Frontends: map[string]*types.Frontend{
"frontend-instance": {
EntryPoints: []string{},
Backend: "backend-instance",
Routes: map[string]types.Route{
"route-frontend-instance": {
Rule: "Host:instance.",
},
},
PassHostHeader: true,
},
},
},
},
{
desc: "config parsed successfully with health check labels",
instances: []ecsInstance{
{
Name: "instance",
ID: "1",
containerDefinition: &ecs.ContainerDefinition{
DockerLabels: map[string]*string{
label.TraefikBackendHealthCheckPath: aws.String("/health"),
label.TraefikBackendHealthCheckInterval: aws.String("1s"),
}},
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.0.0.1",
ports: []portMapping{{hostPort: 1337}},
},
},
},
expected: &types.Configuration{
Backends: map[string]*types.Backend{
"backend-instance": {
HealthCheck: &types.HealthCheck{
Path: "/health",
Interval: "1s",
},
Servers: map[string]types.Server{
"server-instance-1": {
URL: "http://10.0.0.1:1337",
Weight: label.DefaultWeight,
}},
},
},
Frontends: map[string]*types.Frontend{
"frontend-instance": {
EntryPoints: []string{},
Backend: "backend-instance",
Routes: map[string]types.Route{
"route-frontend-instance": {
Rule: "Host:instance.",
},
},
PassHostHeader: true,
},
},
},
},
{
desc: "config parsed successfully with basic auth labels",
instances: []ecsInstance{
{
Name: "instance",
ID: "1",
containerDefinition: &ecs.ContainerDefinition{
DockerLabels: map[string]*string{
label.TraefikFrontendAuthBasicUsers: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
label.TraefikFrontendAuthBasicUsersFile: aws.String(".htpasswd"),
label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"),
}},
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.0.0.1",
ports: []portMapping{{hostPort: 1337}},
},
},
},
expected: &types.Configuration{
Backends: map[string]*types.Backend{
"backend-instance": {
Servers: map[string]types.Server{
"server-instance-1": {
URL: "http://10.0.0.1:1337",
Weight: label.DefaultWeight,
}},
},
},
Frontends: map[string]*types.Frontend{
"frontend-instance": {
EntryPoints: []string{},
Backend: "backend-instance",
Routes: map[string]types.Route{
"route-frontend-instance": {
Rule: "Host:instance.",
},
},
Auth: &types.Auth{
HeaderField: "X-WebAuth-User",
Basic: &types.Basic{
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
UsersFile: ".htpasswd",
},
},
PassHostHeader: true,
},
},
},
},
{
desc: "config parsed successfully with basic auth (backward compatibility) labels",
instances: []ecsInstance{
{
Name: "instance",
ID: "1",
containerDefinition: &ecs.ContainerDefinition{
DockerLabels: map[string]*string{
label.TraefikFrontendAuthBasic: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
}},
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.0.0.1",
ports: []portMapping{{hostPort: 1337}},
},
},
},
expected: &types.Configuration{
Backends: map[string]*types.Backend{
"backend-instance": {
Servers: map[string]types.Server{
"server-instance-1": {
URL: "http://10.0.0.1:1337",
Weight: label.DefaultWeight,
}},
},
},
Frontends: map[string]*types.Frontend{
"frontend-instance": {
EntryPoints: []string{},
Backend: "backend-instance",
Routes: map[string]types.Route{
"route-frontend-instance": {
Rule: "Host:instance.",
},
},
Auth: &types.Auth{
Basic: &types.Basic{
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
},
},
PassHostHeader: true,
},
},
},
},
{
desc: "config parsed successfully with digest auth labels",
instances: []ecsInstance{
{
Name: "instance",
ID: "1",
containerDefinition: &ecs.ContainerDefinition{
DockerLabels: map[string]*string{
label.TraefikFrontendAuthDigestUsers: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
label.TraefikFrontendAuthDigestUsersFile: aws.String(".htpasswd"),
label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"),
}},
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.0.0.1",
ports: []portMapping{{hostPort: 1337}},
},
},
},
expected: &types.Configuration{
Backends: map[string]*types.Backend{
"backend-instance": {
Servers: map[string]types.Server{
"server-instance-1": {
URL: "http://10.0.0.1:1337",
Weight: label.DefaultWeight,
}},
},
},
Frontends: map[string]*types.Frontend{
"frontend-instance": {
EntryPoints: []string{},
Backend: "backend-instance",
Routes: map[string]types.Route{
"route-frontend-instance": {
Rule: "Host:instance.",
},
},
Auth: &types.Auth{
HeaderField: "X-WebAuth-User",
Digest: &types.Digest{
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
UsersFile: ".htpasswd",
},
},
PassHostHeader: true,
},
},
},
},
{
desc: "config parsed successfully with forward auth labels",
instances: []ecsInstance{
{
Name: "instance",
ID: "1",
containerDefinition: &ecs.ContainerDefinition{
DockerLabels: map[string]*string{
label.TraefikFrontendAuthForwardAddress: aws.String("auth.server"),
label.TraefikFrontendAuthForwardTrustForwardHeader: aws.String("true"),
label.TraefikFrontendAuthForwardTLSCa: aws.String("ca.crt"),
label.TraefikFrontendAuthForwardTLSCaOptional: aws.String("true"),
label.TraefikFrontendAuthForwardTLSCert: aws.String("server.crt"),
label.TraefikFrontendAuthForwardTLSKey: aws.String("server.key"),
label.TraefikFrontendAuthForwardTLSInsecureSkipVerify: aws.String("true"), label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"),
}},
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.0.0.1",
ports: []portMapping{{hostPort: 1337}},
},
},
},
expected: &types.Configuration{
Backends: map[string]*types.Backend{
"backend-instance": {
Servers: map[string]types.Server{
"server-instance-1": {
URL: "http://10.0.0.1:1337",
Weight: label.DefaultWeight,
}},
},
},
Frontends: map[string]*types.Frontend{
"frontend-instance": {
EntryPoints: []string{},
Backend: "backend-instance",
Routes: map[string]types.Route{
"route-frontend-instance": {
Rule: "Host:instance.",
},
},
Auth: &types.Auth{
HeaderField: "X-WebAuth-User",
Forward: &types.Forward{
Address: "auth.server",
TrustForwardHeader: true,
TLS: &types.ClientTLS{
CA: "ca.crt",
CAOptional: true,
InsecureSkipVerify: true,
Cert: "server.crt",
Key: "server.key",
},
},
},
PassHostHeader: true,
},
},
},
},
{
desc: "when all labels are set",
instances: []ecsInstance{
{
Name: "testing-instance",
ID: "6",
containerDefinition: &ecs.ContainerDefinition{
DockerLabels: map[string]*string{
label.TraefikPort: aws.String("666"),
label.TraefikProtocol: aws.String("https"),
label.TraefikWeight: aws.String("12"),
label.TraefikBackend: aws.String("foobar"),
label.TraefikBackendCircuitBreakerExpression: aws.String("NetworkErrorRatio() > 0.5"),
label.TraefikBackendHealthCheckScheme: aws.String("http"),
label.TraefikBackendHealthCheckPath: aws.String("/health"),
label.TraefikBackendHealthCheckPort: aws.String("880"),
label.TraefikBackendHealthCheckInterval: aws.String("6"),
label.TraefikBackendHealthCheckHostname: aws.String("foo.com"),
label.TraefikBackendHealthCheckHeaders: aws.String("Foo:bar || Bar:foo"),
label.TraefikBackendLoadBalancerMethod: aws.String("drr"),
label.TraefikBackendLoadBalancerSticky: aws.String("true"),
label.TraefikBackendLoadBalancerStickiness: aws.String("true"),
label.TraefikBackendLoadBalancerStickinessCookieName: aws.String("chocolate"),
label.TraefikBackendMaxConnAmount: aws.String("666"),
label.TraefikBackendMaxConnExtractorFunc: aws.String("client.ip"),
label.TraefikBackendBufferingMaxResponseBodyBytes: aws.String("10485760"),
label.TraefikBackendBufferingMemResponseBodyBytes: aws.String("2097152"),
label.TraefikBackendBufferingMaxRequestBodyBytes: aws.String("10485760"),
label.TraefikBackendBufferingMemRequestBodyBytes: aws.String("2097152"),
label.TraefikBackendBufferingRetryExpression: aws.String("IsNetworkError() && Attempts() <= 2"),
label.TraefikFrontendAuthBasic: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
label.TraefikFrontendAuthBasicUsers: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
label.TraefikFrontendAuthBasicUsersFile: aws.String(".htpasswd"),
label.TraefikFrontendAuthDigestUsers: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
label.TraefikFrontendAuthDigestUsersFile: aws.String(".htpasswd"),
label.TraefikFrontendAuthForwardAddress: aws.String("auth.server"),
label.TraefikFrontendAuthForwardTrustForwardHeader: aws.String("true"),
label.TraefikFrontendAuthForwardTLSCa: aws.String("ca.crt"),
label.TraefikFrontendAuthForwardTLSCaOptional: aws.String("true"),
label.TraefikFrontendAuthForwardTLSCert: aws.String("server.crt"),
label.TraefikFrontendAuthForwardTLSKey: aws.String("server.key"),
label.TraefikFrontendAuthForwardTLSInsecureSkipVerify: aws.String("true"),
label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"),
label.TraefikFrontendEntryPoints: aws.String("http,https"),
label.TraefikFrontendPassHostHeader: aws.String("true"),
label.TraefikFrontendPassTLSCert: aws.String("true"),
label.TraefikFrontendPriority: aws.String("666"),
label.TraefikFrontendRedirectEntryPoint: aws.String("https"),
label.TraefikFrontendRedirectRegex: aws.String("nope"),
label.TraefikFrontendRedirectReplacement: aws.String("nope"),
label.TraefikFrontendRedirectPermanent: aws.String("true"),
label.TraefikFrontendRule: aws.String("Host:traefik.io"),
label.TraefikFrontendWhiteListSourceRange: aws.String("10.10.10.10"),
label.TraefikFrontendWhiteListUseXForwardedFor: aws.String("true"),
label.TraefikFrontendRequestHeaders: aws.String("Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
label.TraefikFrontendResponseHeaders: aws.String("Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
label.TraefikFrontendSSLProxyHeaders: aws.String("Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
label.TraefikFrontendAllowedHosts: aws.String("foo,bar,bor"),
label.TraefikFrontendHostsProxyHeaders: aws.String("foo,bar,bor"),
label.TraefikFrontendSSLHost: aws.String("foo"),
label.TraefikFrontendCustomFrameOptionsValue: aws.String("foo"),
label.TraefikFrontendContentSecurityPolicy: aws.String("foo"),
label.TraefikFrontendPublicKey: aws.String("foo"),
label.TraefikFrontendReferrerPolicy: aws.String("foo"),
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
label.TraefikFrontendSTSSeconds: aws.String("666"),
label.TraefikFrontendSSLForceHost: aws.String("true"),
label.TraefikFrontendSSLRedirect: aws.String("true"),
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
label.TraefikFrontendSTSIncludeSubdomains: aws.String("true"),
label.TraefikFrontendSTSPreload: aws.String("true"),
label.TraefikFrontendForceSTSHeader: aws.String("true"),
label.TraefikFrontendFrameDeny: aws.String("true"),
label.TraefikFrontendContentTypeNosniff: aws.String("true"),
label.TraefikFrontendBrowserXSSFilter: aws.String("true"),
label.TraefikFrontendIsDevelopment: aws.String("true"),
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageStatus: aws.String("404"),
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageBackend: aws.String("foobar"),
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageQuery: aws.String("foo_query"),
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageStatus: aws.String("500,600"),
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageBackend: aws.String("foobar"),
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageQuery: aws.String("bar_query"),
label.TraefikFrontendRateLimitExtractorFunc: aws.String("client.ip"),
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitPeriod: aws.String("6"),
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitAverage: aws.String("12"),
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitBurst: aws.String("18"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: aws.String("3"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: aws.String("6"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: aws.String("9"),
}},
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.0.0.1",
ports: []portMapping{{hostPort: 1337}},
},
},
},
expected: &types.Configuration{
Backends: map[string]*types.Backend{
"backend-foobar": {
Servers: map[string]types.Server{
"server-testing-instance-6": {
URL: "https://10.0.0.1:666",
Weight: 12,
},
},
CircuitBreaker: &types.CircuitBreaker{
Expression: "NetworkErrorRatio() > 0.5",
},
LoadBalancer: &types.LoadBalancer{
Method: "drr",
Sticky: true,
Stickiness: &types.Stickiness{
CookieName: "chocolate",
},
},
MaxConn: &types.MaxConn{
Amount: 666,
ExtractorFunc: "client.ip",
},
HealthCheck: &types.HealthCheck{
Scheme: "http",
Path: "/health",
Port: 880,
Interval: "6",
Hostname: "foo.com",
Headers: map[string]string{
"Foo": "bar",
"Bar": "foo",
},
},
Buffering: &types.Buffering{
MaxResponseBodyBytes: 10485760,
MemResponseBodyBytes: 2097152,
MaxRequestBodyBytes: 10485760,
MemRequestBodyBytes: 2097152,
RetryExpression: "IsNetworkError() && Attempts() <= 2",
},
},
},
Frontends: map[string]*types.Frontend{
"frontend-foobar": {
EntryPoints: []string{
"http",
"https",
},
Backend: "backend-foobar",
Routes: map[string]types.Route{
"route-frontend-foobar": {
Rule: "Host:traefik.io",
},
},
PassHostHeader: true,
PassTLSCert: true,
Priority: 666,
Auth: &types.Auth{
HeaderField: "X-WebAuth-User",
Basic: &types.Basic{
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
UsersFile: ".htpasswd",
},
},
WhiteList: &types.WhiteList{
SourceRange: []string{"10.10.10.10"},
UseXForwardedFor: true,
},
Headers: &types.Headers{
CustomRequestHeaders: map[string]string{
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
"Content-Type": "application/json; charset=utf-8",
},
CustomResponseHeaders: map[string]string{
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
"Content-Type": "application/json; charset=utf-8",
},
AllowedHosts: []string{
"foo",
"bar",
"bor",
},
HostsProxyHeaders: []string{
"foo",
"bar",
"bor",
},
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLForceHost: true,
SSLHost: "foo",
SSLProxyHeaders: map[string]string{
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
"Content-Type": "application/json; charset=utf-8",
},
STSSeconds: 666,
STSIncludeSubdomains: true,
STSPreload: true,
ForceSTSHeader: true,
FrameDeny: true,
CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true,
BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo",
PublicKey: "foo",
ReferrerPolicy: "foo",
IsDevelopment: true,
},
Errors: map[string]*types.ErrorPage{
"bar": {
Status: []string{
"500",
"600",
},
Backend: "backend-foobar",
Query: "bar_query",
},
"foo": {
Status: []string{
"404",
},
Backend: "backend-foobar",
Query: "foo_query",
},
},
RateLimit: &types.RateLimit{
RateSet: map[string]*types.Rate{
"bar": {
Period: flaeg.Duration(3 * time.Second),
Average: 6,
Burst: 9,
},
"foo": {
Period: flaeg.Duration(6 * time.Second),
Average: 12,
Burst: 18,
},
},
ExtractorFunc: "client.ip",
},
Redirect: &types.Redirect{
EntryPoint: "https",
Regex: "",
Replacement: "",
Permanent: true,
},
},
},
},
},
{
desc: "Containers with same backend name",
instances: []ecsInstance{
{
Name: "testing-instance-v1",
ID: "6",
containerDefinition: &ecs.ContainerDefinition{
DockerLabels: map[string]*string{
label.TraefikPort: aws.String("666"),
label.TraefikProtocol: aws.String("https"),
label.TraefikWeight: aws.String("12"),
label.TraefikBackend: aws.String("foobar"),
label.TraefikBackendCircuitBreakerExpression: aws.String("NetworkErrorRatio() > 0.5"),
label.TraefikBackendHealthCheckScheme: aws.String("http"),
label.TraefikBackendHealthCheckPath: aws.String("/health"),
label.TraefikBackendHealthCheckPort: aws.String("880"),
label.TraefikBackendHealthCheckInterval: aws.String("6"),
label.TraefikBackendHealthCheckHostname: aws.String("foo.com"),
label.TraefikBackendHealthCheckHeaders: aws.String("Foo:bar || Bar:foo"),
label.TraefikBackendLoadBalancerMethod: aws.String("drr"),
label.TraefikBackendLoadBalancerSticky: aws.String("true"),
label.TraefikBackendLoadBalancerStickiness: aws.String("true"),
label.TraefikBackendLoadBalancerStickinessCookieName: aws.String("chocolate"),
label.TraefikBackendMaxConnAmount: aws.String("666"),
label.TraefikBackendMaxConnExtractorFunc: aws.String("client.ip"),
label.TraefikBackendBufferingMaxResponseBodyBytes: aws.String("10485760"),
label.TraefikBackendBufferingMemResponseBodyBytes: aws.String("2097152"),
label.TraefikBackendBufferingMaxRequestBodyBytes: aws.String("10485760"),
label.TraefikBackendBufferingMemRequestBodyBytes: aws.String("2097152"),
label.TraefikBackendBufferingRetryExpression: aws.String("IsNetworkError() && Attempts() <= 2"),
label.TraefikFrontendAuthBasicUsers: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
label.TraefikFrontendEntryPoints: aws.String("http,https"),
label.TraefikFrontendPassHostHeader: aws.String("true"),
label.TraefikFrontendPassTLSCert: aws.String("true"),
label.TraefikFrontendPriority: aws.String("666"),
label.TraefikFrontendRedirectEntryPoint: aws.String("https"),
label.TraefikFrontendRedirectRegex: aws.String("nope"),
label.TraefikFrontendRedirectReplacement: aws.String("nope"),
label.TraefikFrontendRedirectPermanent: aws.String("true"),
label.TraefikFrontendRule: aws.String("Host:traefik.io"),
label.TraefikFrontendWhiteListSourceRange: aws.String("10.10.10.10"),
label.TraefikFrontendWhiteListUseXForwardedFor: aws.String("true"),
label.TraefikFrontendRequestHeaders: aws.String("Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
label.TraefikFrontendResponseHeaders: aws.String("Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
label.TraefikFrontendSSLProxyHeaders: aws.String("Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
label.TraefikFrontendAllowedHosts: aws.String("foo,bar,bor"),
label.TraefikFrontendHostsProxyHeaders: aws.String("foo,bar,bor"),
label.TraefikFrontendSSLHost: aws.String("foo"),
label.TraefikFrontendCustomFrameOptionsValue: aws.String("foo"),
label.TraefikFrontendContentSecurityPolicy: aws.String("foo"),
label.TraefikFrontendPublicKey: aws.String("foo"),
label.TraefikFrontendReferrerPolicy: aws.String("foo"),
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
label.TraefikFrontendSTSSeconds: aws.String("666"),
label.TraefikFrontendSSLForceHost: aws.String("true"),
label.TraefikFrontendSSLRedirect: aws.String("true"),
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
label.TraefikFrontendSTSIncludeSubdomains: aws.String("true"),
label.TraefikFrontendSTSPreload: aws.String("true"),
label.TraefikFrontendForceSTSHeader: aws.String("true"),
label.TraefikFrontendFrameDeny: aws.String("true"),
label.TraefikFrontendContentTypeNosniff: aws.String("true"),
label.TraefikFrontendBrowserXSSFilter: aws.String("true"),
label.TraefikFrontendIsDevelopment: aws.String("true"),
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageStatus: aws.String("404"),
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageBackend: aws.String("foobar"),
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageQuery: aws.String("foo_query"),
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageStatus: aws.String("500,600"),
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageBackend: aws.String("foobar"),
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageQuery: aws.String("bar_query"),
label.TraefikFrontendRateLimitExtractorFunc: aws.String("client.ip"),
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitPeriod: aws.String("6"),
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitAverage: aws.String("12"),
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitBurst: aws.String("18"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: aws.String("3"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: aws.String("6"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: aws.String("9"),
}},
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.0.0.1",
ports: []portMapping{{hostPort: 1337}},
},
},
{
Name: "testing-instance-v2",
ID: "6",
containerDefinition: &ecs.ContainerDefinition{
DockerLabels: map[string]*string{
label.TraefikPort: aws.String("555"),
label.TraefikProtocol: aws.String("https"),
label.TraefikWeight: aws.String("15"),
label.TraefikBackend: aws.String("foobar"),
label.TraefikBackendCircuitBreakerExpression: aws.String("NetworkErrorRatio() > 0.5"),
label.TraefikBackendHealthCheckScheme: aws.String("http"),
label.TraefikBackendHealthCheckPath: aws.String("/health"),
label.TraefikBackendHealthCheckPort: aws.String("880"),
label.TraefikBackendHealthCheckInterval: aws.String("6"),
label.TraefikBackendHealthCheckHostname: aws.String("bar.com"),
label.TraefikBackendHealthCheckHeaders: aws.String("Foo:bar || Bar:foo"),
label.TraefikBackendLoadBalancerMethod: aws.String("drr"),
label.TraefikBackendLoadBalancerSticky: aws.String("true"),
label.TraefikBackendLoadBalancerStickiness: aws.String("true"),
label.TraefikBackendLoadBalancerStickinessCookieName: aws.String("chocolate"),
label.TraefikBackendMaxConnAmount: aws.String("666"),
label.TraefikBackendMaxConnExtractorFunc: aws.String("client.ip"),
label.TraefikBackendBufferingMaxResponseBodyBytes: aws.String("10485760"),
label.TraefikBackendBufferingMemResponseBodyBytes: aws.String("2097152"),
label.TraefikBackendBufferingMaxRequestBodyBytes: aws.String("10485760"),
label.TraefikBackendBufferingMemRequestBodyBytes: aws.String("2097152"),
label.TraefikBackendBufferingRetryExpression: aws.String("IsNetworkError() && Attempts() <= 2"),
label.TraefikFrontendAuthBasic: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
label.TraefikFrontendEntryPoints: aws.String("http,https"),
label.TraefikFrontendPassHostHeader: aws.String("true"),
label.TraefikFrontendPassTLSCert: aws.String("true"),
label.TraefikFrontendPriority: aws.String("666"),
label.TraefikFrontendRedirectEntryPoint: aws.String("https"),
label.TraefikFrontendRedirectRegex: aws.String("nope"),
label.TraefikFrontendRedirectReplacement: aws.String("nope"),
label.TraefikFrontendRedirectPermanent: aws.String("true"),
label.TraefikFrontendRule: aws.String("Host:traefik.io"),
label.TraefikFrontendWhiteListSourceRange: aws.String("10.10.10.10"),
label.TraefikFrontendWhiteListUseXForwardedFor: aws.String("true"),
label.TraefikFrontendRequestHeaders: aws.String("Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
label.TraefikFrontendResponseHeaders: aws.String("Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
label.TraefikFrontendSSLProxyHeaders: aws.String("Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
label.TraefikFrontendAllowedHosts: aws.String("foo,bar,bor"),
label.TraefikFrontendHostsProxyHeaders: aws.String("foo,bar,bor"),
label.TraefikFrontendSSLHost: aws.String("foo"),
label.TraefikFrontendCustomFrameOptionsValue: aws.String("foo"),
label.TraefikFrontendContentSecurityPolicy: aws.String("foo"),
label.TraefikFrontendPublicKey: aws.String("foo"),
label.TraefikFrontendReferrerPolicy: aws.String("foo"),
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
label.TraefikFrontendSTSSeconds: aws.String("666"),
label.TraefikFrontendSSLForceHost: aws.String("true"),
label.TraefikFrontendSSLRedirect: aws.String("true"),
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
label.TraefikFrontendSTSIncludeSubdomains: aws.String("true"),
label.TraefikFrontendSTSPreload: aws.String("true"),
label.TraefikFrontendForceSTSHeader: aws.String("true"),
label.TraefikFrontendFrameDeny: aws.String("true"),
label.TraefikFrontendContentTypeNosniff: aws.String("true"),
label.TraefikFrontendBrowserXSSFilter: aws.String("true"),
label.TraefikFrontendIsDevelopment: aws.String("true"),
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageStatus: aws.String("404"),
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageBackend: aws.String("foobar"),
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageQuery: aws.String("foo_query"),
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageStatus: aws.String("500,600"),
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageBackend: aws.String("foobar"),
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageQuery: aws.String("bar_query"),
label.TraefikFrontendRateLimitExtractorFunc: aws.String("client.ip"),
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitPeriod: aws.String("6"),
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitAverage: aws.String("12"),
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitBurst: aws.String("18"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: aws.String("3"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: aws.String("6"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: aws.String("9"),
}},
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.2.2.1",
ports: []portMapping{{hostPort: 1337}},
},
},
},
expected: &types.Configuration{
Backends: map[string]*types.Backend{
"backend-foobar": {
Servers: map[string]types.Server{
"server-testing-instance-v1-6": {
URL: "https://10.0.0.1:666",
Weight: 12,
},
"server-testing-instance-v2-6": {
URL: "https://10.2.2.1:555",
Weight: 15,
},
},
CircuitBreaker: &types.CircuitBreaker{
Expression: "NetworkErrorRatio() > 0.5",
},
LoadBalancer: &types.LoadBalancer{
Method: "drr",
Sticky: true,
Stickiness: &types.Stickiness{
CookieName: "chocolate",
},
},
MaxConn: &types.MaxConn{
Amount: 666,
ExtractorFunc: "client.ip",
},
HealthCheck: &types.HealthCheck{
Scheme: "http",
Path: "/health",
Port: 880,
Interval: "6",
Hostname: "foo.com",
Headers: map[string]string{
"Foo": "bar",
"Bar": "foo",
},
},
Buffering: &types.Buffering{
MaxResponseBodyBytes: 10485760,
MemResponseBodyBytes: 2097152,
MaxRequestBodyBytes: 10485760,
MemRequestBodyBytes: 2097152,
RetryExpression: "IsNetworkError() && Attempts() <= 2",
},
},
},
Frontends: map[string]*types.Frontend{
"frontend-foobar": {
EntryPoints: []string{
"http",
"https",
},
Backend: "backend-foobar",
Routes: map[string]types.Route{
"route-frontend-foobar": {
Rule: "Host:traefik.io",
},
},
PassHostHeader: true,
PassTLSCert: true,
Priority: 666,
Auth: &types.Auth{
Basic: &types.Basic{
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
},
},
WhiteList: &types.WhiteList{
SourceRange: []string{"10.10.10.10"},
UseXForwardedFor: true,
},
Headers: &types.Headers{
CustomRequestHeaders: map[string]string{
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
"Content-Type": "application/json; charset=utf-8",
},
CustomResponseHeaders: map[string]string{
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
"Content-Type": "application/json; charset=utf-8",
},
AllowedHosts: []string{
"foo",
"bar",
"bor",
},
HostsProxyHeaders: []string{
"foo",
"bar",
"bor",
},
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLForceHost: true,
SSLHost: "foo",
SSLProxyHeaders: map[string]string{
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
"Content-Type": "application/json; charset=utf-8",
},
STSSeconds: 666,
STSIncludeSubdomains: true,
STSPreload: true,
ForceSTSHeader: true,
FrameDeny: true,
CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true,
BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo",
PublicKey: "foo",
ReferrerPolicy: "foo",
IsDevelopment: true,
},
Errors: map[string]*types.ErrorPage{
"bar": {
Status: []string{
"500",
"600",
},
Backend: "backend-foobar",
Query: "bar_query",
},
"foo": {
Status: []string{
"404",
},
Backend: "backend-foobar",
Query: "foo_query",
},
},
RateLimit: &types.RateLimit{
RateSet: map[string]*types.Rate{
"bar": {
Period: flaeg.Duration(3 * time.Second),
Average: 6,
Burst: 9,
},
"foo": {
Period: flaeg.Duration(6 * time.Second),
Average: 12,
Burst: 18,
},
},
ExtractorFunc: "client.ip",
},
Redirect: &types.Redirect{
EntryPoint: "https",
Regex: "",
Replacement: "",
Permanent: true,
},
},
},
},
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
p := &Provider{ExposedByDefault: true}
instances := fakeLoadTraefikLabels(test.instances)
got, err := p.buildConfiguration(instances)
assert.Equal(t, test.err, err) // , err.Error()
assert.Equal(t, test.expected, got, test.desc)
})
}
}
func TestFilterInstance(t *testing.T) {
testCases := []struct {
desc string
instanceInfo ecsInstance
exposedByDefault bool
expected bool
constrain bool
}{
{
desc: "Instance without enable label and exposed by default enabled should be not filtered",
instanceInfo: simpleEcsInstance(map[string]*string{}),
exposedByDefault: true,
expected: true,
},
{
desc: "Instance without enable label and exposed by default disabled should be filtered",
instanceInfo: simpleEcsInstance(map[string]*string{}),
exposedByDefault: false,
expected: false,
},
{
desc: "Instance with enable label set to false and exposed by default enabled should be filtered",
instanceInfo: simpleEcsInstance(map[string]*string{
label.TraefikEnable: aws.String("false"),
}),
exposedByDefault: true,
expected: false,
},
{
desc: "Instance with enable label set to true and exposed by default disabled should be not filtered",
instanceInfo: simpleEcsInstance(map[string]*string{
label.TraefikEnable: aws.String("true"),
}),
exposedByDefault: false,
expected: true,
},
{
desc: "Instance with empty private ip and exposed by default enabled should be filtered",
instanceInfo: func() ecsInstance {
nilPrivateIP := simpleEcsInstance(map[string]*string{})
nilPrivateIP.machine.privateIP = ""
return nilPrivateIP
}(),
exposedByDefault: true,
expected: false,
},
{
desc: "Instance with nil machine and exposed by default enabled should be filtered",
instanceInfo: func() ecsInstance {
nilMachine := simpleEcsInstance(map[string]*string{})
nilMachine.machine = nil
return nilMachine
}(),
exposedByDefault: true,
expected: false,
},
{
desc: "Instance with empty machine state and exposed by default enabled should be filtered",
instanceInfo: func() ecsInstance {
nilMachineState := simpleEcsInstance(map[string]*string{})
nilMachineState.machine.state = ""
return nilMachineState
}(),
exposedByDefault: true,
expected: false,
},
{
desc: "Instance with invalid machine state and exposed by default enabled should be filtered",
instanceInfo: func() ecsInstance {
invalidMachineState := simpleEcsInstance(map[string]*string{})
invalidMachineState.machine.state = ec2.InstanceStateNameStopped
return invalidMachineState
}(),
exposedByDefault: true,
expected: false,
},
{
desc: "Instance with no port mappings should be filtered",
instanceInfo: simpleEcsInstanceNoNetwork(map[string]*string{}),
exposedByDefault: true,
expected: false,
},
{
desc: "Instance with no port mapping and with label should not be filtered",
instanceInfo: simpleEcsInstanceNoNetwork(map[string]*string{
label.TraefikPort: aws.String("80"),
}),
exposedByDefault: true,
expected: true,
},
{
desc: "Instance with failing constraint should be filtered",
instanceInfo: simpleEcsInstance(map[string]*string{
label.TraefikTags: aws.String("private"),
}),
exposedByDefault: true,
expected: false,
constrain: true,
},
{
desc: "Instance with passing constraint should not be filtered",
instanceInfo: simpleEcsInstance(map[string]*string{
label.TraefikTags: aws.String("public"),
}),
exposedByDefault: true,
expected: true,
constrain: true,
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
prov := &Provider{
ExposedByDefault: test.exposedByDefault,
}
if test.constrain {
constraints := types.Constraints{}
assert.NoError(t, constraints.Set("tag==public"))
prov.Constraints = constraints
}
actual := prov.filterInstance(test.instanceInfo)
assert.Equal(t, test.expected, actual)
})
}
}
func TestGetHost(t *testing.T) {
testCases := []struct {
desc string
expected string
instanceInfo ecsInstance
}{
{
desc: "Default host should be 10.0.0.0",
expected: "10.0.0.0",
instanceInfo: simpleEcsInstance(map[string]*string{}),
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
actual := getHost(test.instanceInfo)
assert.Equal(t, test.expected, actual)
})
}
}
func TestGetPort(t *testing.T) {
testCases := []struct {
desc string
expected string
instanceInfo ecsInstance
}{
{
desc: "Default port should be 80",
expected: "80",
instanceInfo: simpleEcsInstance(map[string]*string{}),
},
{
desc: "Label should override network port",
expected: "4242",
instanceInfo: simpleEcsInstance(map[string]*string{
label.TraefikPort: aws.String("4242"),
}),
},
{
desc: "Label should provide exposed port",
expected: "80",
instanceInfo: simpleEcsInstanceNoNetwork(map[string]*string{
label.TraefikPort: aws.String("80"),
}),
},
{
desc: "Container label should provide exposed port",
expected: "6536",
instanceInfo: simpleEcsInstanceDynamicPorts(map[string]*string{
label.TraefikPort: aws.String("8080"),
}),
},
{
desc: "Wrong port container label should provide default exposed port",
expected: "9000",
instanceInfo: simpleEcsInstanceDynamicPorts(map[string]*string{
label.TraefikPort: aws.String("9000"),
}),
},
{
desc: "Invalid port container label should provide default exposed port",
expected: "6535",
instanceInfo: simpleEcsInstanceDynamicPorts(map[string]*string{
label.TraefikPort: aws.String("foo"),
}),
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
actual := getPort(test.instanceInfo)
assert.Equal(t, test.expected, actual)
})
}
}
func TestGetFuncStringValue(t *testing.T) {
testCases := []struct {
desc string
expected string
instanceInfo ecsInstance
}{
{
desc: "Protocol label is not set should return a string equals to http",
expected: "http",
instanceInfo: simpleEcsInstance(map[string]*string{}),
},
{
desc: "Protocol label is set to http should return a string equals to http",
expected: "http",
instanceInfo: simpleEcsInstance(map[string]*string{
label.TraefikProtocol: aws.String("http"),
}),
},
{
desc: "Protocol label is set to https should return a string equals to https",
expected: "https",
instanceInfo: simpleEcsInstance(map[string]*string{
label.TraefikProtocol: aws.String("https"),
}),
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
actual := getFuncStringValueV1(label.TraefikProtocol, label.DefaultProtocol)(test.instanceInfo)
assert.Equal(t, test.expected, actual)
})
}
}
func TestGetFuncSliceString(t *testing.T) {
testCases := []struct {
desc string
expected []string
instanceInfo ecsInstance
}{
{
desc: "Frontend entrypoints label not set should return empty array",
expected: nil,
instanceInfo: simpleEcsInstance(map[string]*string{}),
},
{
desc: "Frontend entrypoints label set to http should return a string array of 1 element",
expected: []string{"http"},
instanceInfo: simpleEcsInstance(map[string]*string{
label.TraefikFrontendEntryPoints: aws.String("http"),
}),
},
{
desc: "Frontend entrypoints label set to http,https should return a string array of 2 elements",
expected: []string{"http", "https"},
instanceInfo: simpleEcsInstance(map[string]*string{
label.TraefikFrontendEntryPoints: aws.String("http,https"),
}),
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
actual := getFuncSliceStringV1(label.TraefikFrontendEntryPoints)(test.instanceInfo)
assert.Equal(t, test.expected, actual)
})
}
}
func makeEcsInstance(containerDef *ecs.ContainerDefinition) ecsInstance {
container := &ecs.Container{
Name: containerDef.Name,
NetworkBindings: make([]*ecs.NetworkBinding, len(containerDef.PortMappings)),
}
for i, pm := range containerDef.PortMappings {
container.NetworkBindings[i] = &ecs.NetworkBinding{
HostPort: pm.HostPort,
ContainerPort: pm.ContainerPort,
Protocol: pm.Protocol,
BindIP: aws.String("0.0.0.0"),
}
}
instance := ecsInstance{
Name: "foo-http",
ID: "123456789abc",
containerDefinition: containerDef,
machine: &machine{
state: ec2.InstanceStateNameRunning,
privateIP: "10.0.0.0",
ports: []portMapping{{hostPort: 1337}},
},
}
if containerDef != nil {
instance.TraefikLabels = aws.StringValueMap(containerDef.DockerLabels)
}
return instance
}
func simpleEcsInstance(labels map[string]*string) ecsInstance {
instance := makeEcsInstance(&ecs.ContainerDefinition{
Name: aws.String("http"),
DockerLabels: labels,
})
instance.machine.ports = []portMapping{{hostPort: 80}}
return instance
}
func simpleEcsInstanceNoNetwork(labels map[string]*string) ecsInstance {
instance := makeEcsInstance(&ecs.ContainerDefinition{
Name: aws.String("http"),
DockerLabels: labels,
})
instance.machine.ports = []portMapping{}
return instance
}
func simpleEcsInstanceDynamicPorts(labels map[string]*string) ecsInstance {
instance := makeEcsInstance(&ecs.ContainerDefinition{
Name: aws.String("http"),
DockerLabels: labels,
})
instance.machine.ports = []portMapping{
{
containerPort: 80,
hostPort: 6535,
},
{
containerPort: 8080,
hostPort: 6536,
},
}
return instance
}
func fakeLoadTraefikLabels(instances []ecsInstance) []ecsInstance {
var result []ecsInstance
for _, instance := range instances {
instance.TraefikLabels = aws.StringValueMap(instance.containerDefinition.DockerLabels)
result = append(result, instance)
}
return result
}