2018-11-27 17:42:04 +01:00
|
|
|
package static
|
2018-02-08 09:30:06 +01:00
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/containous/traefik/tls"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
func Test_parseEntryPointsConfiguration(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
value string
|
|
|
|
expectedResult map[string]string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "all parameters",
|
|
|
|
value: "Name:foo " +
|
|
|
|
"Address::8000 " +
|
|
|
|
"TLS:goo,gii " +
|
|
|
|
"TLS " +
|
2018-04-04 11:56:04 +02:00
|
|
|
"TLS.MinVersion:VersionTLS11 " +
|
|
|
|
"TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA " +
|
2018-02-08 09:30:06 +01:00
|
|
|
"CA:car " +
|
|
|
|
"CA.Optional:true " +
|
|
|
|
"Redirect.EntryPoint:https " +
|
|
|
|
"Redirect.Regex:http://localhost/(.*) " +
|
|
|
|
"Redirect.Replacement:http://mydomain/$1 " +
|
|
|
|
"Redirect.Permanent:true " +
|
|
|
|
"Compress:true " +
|
|
|
|
"ProxyProtocol.TrustedIPs:192.168.0.1 " +
|
|
|
|
"ForwardedHeaders.TrustedIPs:10.0.0.3/24,20.0.0.3/24 " +
|
2018-10-04 16:46:03 +02:00
|
|
|
"Auth.Basic.Realm:myRealm " +
|
2018-02-08 09:30:06 +01:00
|
|
|
"Auth.Basic.Users:test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0 " +
|
2018-07-16 13:52:03 +02:00
|
|
|
"Auth.Basic.RemoveHeader:true " +
|
2018-02-08 09:30:06 +01:00
|
|
|
"Auth.Digest.Users:test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e " +
|
2018-07-16 13:52:03 +02:00
|
|
|
"Auth.Digest.RemoveHeader:true " +
|
2018-02-08 09:30:06 +01:00
|
|
|
"Auth.HeaderField:X-WebAuth-User " +
|
|
|
|
"Auth.Forward.Address:https://authserver.com/auth " +
|
2018-06-30 01:54:03 -04:00
|
|
|
"Auth.Forward.AuthResponseHeaders:X-Auth,X-Test,X-Secret " +
|
2018-02-08 09:30:06 +01:00
|
|
|
"Auth.Forward.TrustForwardHeader:true " +
|
|
|
|
"Auth.Forward.TLS.CA:path/to/local.crt " +
|
|
|
|
"Auth.Forward.TLS.CAOptional:true " +
|
|
|
|
"Auth.Forward.TLS.Cert:path/to/foo.cert " +
|
|
|
|
"Auth.Forward.TLS.Key:path/to/foo.key " +
|
2018-03-23 17:40:04 +01:00
|
|
|
"Auth.Forward.TLS.InsecureSkipVerify:true " +
|
2018-08-24 16:20:03 +02:00
|
|
|
"WhiteList.SourceRange:10.42.0.0/16,152.89.1.33/32,afed:be44::/16 " +
|
|
|
|
"WhiteList.IPStrategy.depth:3 " +
|
|
|
|
"WhiteList.IPStrategy.ExcludedIPs:10.0.0.3/24,20.0.0.3/24 " +
|
|
|
|
"ClientIPStrategy.depth:3 " +
|
|
|
|
"ClientIPStrategy.ExcludedIPs:10.0.0.3/24,20.0.0.3/24 ",
|
2018-02-08 09:30:06 +01:00
|
|
|
expectedResult: map[string]string{
|
|
|
|
"address": ":8000",
|
2018-10-04 16:46:03 +02:00
|
|
|
"auth_basic_realm": "myRealm",
|
2018-02-08 09:30:06 +01:00
|
|
|
"auth_basic_users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
2018-07-16 13:52:03 +02:00
|
|
|
"auth_basic_removeheader": "true",
|
2018-02-08 09:30:06 +01:00
|
|
|
"auth_digest_users": "test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
|
2018-07-16 13:52:03 +02:00
|
|
|
"auth_digest_removeheader": "true",
|
2018-02-08 09:30:06 +01:00
|
|
|
"auth_forward_address": "https://authserver.com/auth",
|
2018-06-30 01:54:03 -04:00
|
|
|
"auth_forward_authresponseheaders": "X-Auth,X-Test,X-Secret",
|
2018-02-08 09:30:06 +01:00
|
|
|
"auth_forward_tls_ca": "path/to/local.crt",
|
|
|
|
"auth_forward_tls_caoptional": "true",
|
|
|
|
"auth_forward_tls_cert": "path/to/foo.cert",
|
|
|
|
"auth_forward_tls_insecureskipverify": "true",
|
|
|
|
"auth_forward_tls_key": "path/to/foo.key",
|
|
|
|
"auth_forward_trustforwardheader": "true",
|
|
|
|
"auth_headerfield": "X-WebAuth-User",
|
|
|
|
"ca": "car",
|
|
|
|
"ca_optional": "true",
|
|
|
|
"compress": "true",
|
|
|
|
"forwardedheaders_trustedips": "10.0.0.3/24,20.0.0.3/24",
|
2018-09-07 09:40:03 +02:00
|
|
|
"name": "foo",
|
|
|
|
"proxyprotocol_trustedips": "192.168.0.1",
|
|
|
|
"redirect_entrypoint": "https",
|
|
|
|
"redirect_permanent": "true",
|
|
|
|
"redirect_regex": "http://localhost/(.*)",
|
|
|
|
"redirect_replacement": "http://mydomain/$1",
|
|
|
|
"tls": "goo,gii",
|
|
|
|
"tls_acme": "TLS",
|
|
|
|
"tls_ciphersuites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
|
|
|
"tls_minversion": "VersionTLS11",
|
|
|
|
"whitelist_sourcerange": "10.42.0.0/16,152.89.1.33/32,afed:be44::/16",
|
2018-09-07 18:19:32 +02:00
|
|
|
"whitelist_ipstrategy_depth": "3",
|
|
|
|
"whitelist_ipstrategy_excludedips": "10.0.0.3/24,20.0.0.3/24",
|
|
|
|
"clientipstrategy_depth": "3",
|
|
|
|
"clientipstrategy_excludedips": "10.0.0.3/24,20.0.0.3/24",
|
2018-02-08 09:30:06 +01:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "compress on",
|
|
|
|
value: "name:foo Compress:on",
|
|
|
|
expectedResult: map[string]string{
|
|
|
|
"name": "foo",
|
|
|
|
"compress": "on",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "TLS",
|
|
|
|
value: "Name:foo TLS:goo TLS",
|
|
|
|
expectedResult: map[string]string{
|
|
|
|
"name": "foo",
|
|
|
|
"tls": "goo",
|
|
|
|
"tls_acme": "TLS",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
test := test
|
|
|
|
t.Run(test.name, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
conf := parseEntryPointsConfiguration(test.value)
|
|
|
|
|
|
|
|
assert.Len(t, conf, len(test.expectedResult))
|
|
|
|
assert.Equal(t, test.expectedResult, conf)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func Test_toBool(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
value string
|
|
|
|
key string
|
|
|
|
expectedBool bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "on",
|
|
|
|
value: "on",
|
|
|
|
key: "foo",
|
|
|
|
expectedBool: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "true",
|
|
|
|
value: "true",
|
|
|
|
key: "foo",
|
|
|
|
expectedBool: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "enable",
|
|
|
|
value: "enable",
|
|
|
|
key: "foo",
|
|
|
|
expectedBool: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "arbitrary string",
|
|
|
|
value: "bar",
|
|
|
|
key: "foo",
|
|
|
|
expectedBool: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "no existing entry",
|
|
|
|
value: "bar",
|
|
|
|
key: "fii",
|
|
|
|
expectedBool: false,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
test := test
|
|
|
|
t.Run(test.name, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
conf := map[string]string{
|
|
|
|
"foo": test.value,
|
|
|
|
}
|
|
|
|
|
|
|
|
result := toBool(conf, test.key)
|
|
|
|
|
|
|
|
assert.Equal(t, test.expectedBool, result)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestEntryPoints_Set(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
expression string
|
|
|
|
expectedEntryPointName string
|
|
|
|
expectedEntryPoint *EntryPoint
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "all parameters camelcase",
|
|
|
|
expression: "Name:foo " +
|
|
|
|
"Address::8000 " +
|
|
|
|
"TLS " +
|
2018-04-04 11:56:04 +02:00
|
|
|
"TLS.MinVersion:VersionTLS11 " +
|
|
|
|
"TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA " +
|
2018-02-08 09:30:06 +01:00
|
|
|
"CA:car " +
|
|
|
|
"CA.Optional:true " +
|
2018-11-27 17:42:04 +01:00
|
|
|
"ProxyProtocol.TrustedIPs:192.168.0.1 ",
|
2018-02-08 09:30:06 +01:00
|
|
|
expectedEntryPointName: "foo",
|
|
|
|
expectedEntryPoint: &EntryPoint{
|
|
|
|
Address: ":8000",
|
|
|
|
TLS: &tls.TLS{
|
2018-04-04 11:56:04 +02:00
|
|
|
MinVersion: "VersionTLS11",
|
|
|
|
CipherSuites: []string{"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
|
2018-02-08 09:30:06 +01:00
|
|
|
ClientCA: tls.ClientCA{
|
2018-08-29 11:36:03 +02:00
|
|
|
Files: tls.FilesOrContents{"car"},
|
2018-02-08 09:30:06 +01:00
|
|
|
Optional: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
ProxyProtocol: &ProxyProtocol{
|
|
|
|
Insecure: false,
|
|
|
|
TrustedIPs: []string{"192.168.0.1"},
|
|
|
|
},
|
2019-01-15 09:44:03 +01:00
|
|
|
ForwardedHeaders: &ForwardedHeaders{},
|
2018-11-27 17:42:04 +01:00
|
|
|
// FIXME Test ServersTransport
|
2018-02-08 09:30:06 +01:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "all parameters lowercase",
|
|
|
|
expression: "Name:foo " +
|
|
|
|
"address::8000 " +
|
|
|
|
"tls " +
|
2018-04-04 11:56:04 +02:00
|
|
|
"tls.minversion:VersionTLS11 " +
|
|
|
|
"tls.ciphersuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA " +
|
2018-02-08 09:30:06 +01:00
|
|
|
"ca:car " +
|
|
|
|
"ca.Optional:true " +
|
2018-11-27 17:42:04 +01:00
|
|
|
"proxyProtocol.TrustedIPs:192.168.0.1 ",
|
2018-02-08 09:30:06 +01:00
|
|
|
expectedEntryPointName: "foo",
|
|
|
|
expectedEntryPoint: &EntryPoint{
|
|
|
|
Address: ":8000",
|
|
|
|
TLS: &tls.TLS{
|
2018-04-04 11:56:04 +02:00
|
|
|
MinVersion: "VersionTLS11",
|
|
|
|
CipherSuites: []string{"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
|
2018-02-08 09:30:06 +01:00
|
|
|
ClientCA: tls.ClientCA{
|
2018-08-29 11:36:03 +02:00
|
|
|
Files: tls.FilesOrContents{"car"},
|
2018-02-08 09:30:06 +01:00
|
|
|
Optional: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
ProxyProtocol: &ProxyProtocol{
|
|
|
|
Insecure: false,
|
|
|
|
TrustedIPs: []string{"192.168.0.1"},
|
|
|
|
},
|
2019-01-15 09:44:03 +01:00
|
|
|
ForwardedHeaders: &ForwardedHeaders{},
|
2018-11-27 17:42:04 +01:00
|
|
|
// FIXME Test ServersTransport
|
2018-02-08 09:30:06 +01:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "default",
|
|
|
|
expression: "Name:foo",
|
|
|
|
expectedEntryPointName: "foo",
|
2019-01-15 09:44:03 +01:00
|
|
|
expectedEntryPoint: &EntryPoint{
|
|
|
|
ForwardedHeaders: &ForwardedHeaders{},
|
|
|
|
},
|
2018-02-08 09:30:06 +01:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "ProxyProtocol insecure true",
|
2018-08-24 16:20:03 +02:00
|
|
|
expression: "Name:foo ProxyProtocol.insecure:true",
|
2018-02-08 09:30:06 +01:00
|
|
|
expectedEntryPointName: "foo",
|
|
|
|
expectedEntryPoint: &EntryPoint{
|
2019-01-15 09:44:03 +01:00
|
|
|
ProxyProtocol: &ProxyProtocol{Insecure: true},
|
|
|
|
ForwardedHeaders: &ForwardedHeaders{},
|
2018-02-08 09:30:06 +01:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "ProxyProtocol insecure false",
|
2018-08-24 16:20:03 +02:00
|
|
|
expression: "Name:foo ProxyProtocol.insecure:false",
|
2018-02-08 09:30:06 +01:00
|
|
|
expectedEntryPointName: "foo",
|
|
|
|
expectedEntryPoint: &EntryPoint{
|
2019-01-15 09:44:03 +01:00
|
|
|
ProxyProtocol: &ProxyProtocol{},
|
|
|
|
ForwardedHeaders: &ForwardedHeaders{},
|
2018-02-08 09:30:06 +01:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "ProxyProtocol TrustedIPs",
|
|
|
|
expression: "Name:foo ProxyProtocol.TrustedIPs:10.0.0.3/24,20.0.0.3/24",
|
|
|
|
expectedEntryPointName: "foo",
|
|
|
|
expectedEntryPoint: &EntryPoint{
|
|
|
|
ProxyProtocol: &ProxyProtocol{
|
|
|
|
TrustedIPs: []string{"10.0.0.3/24", "20.0.0.3/24"},
|
|
|
|
},
|
2019-01-15 09:44:03 +01:00
|
|
|
ForwardedHeaders: &ForwardedHeaders{},
|
2018-02-08 09:30:06 +01:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
test := test
|
|
|
|
t.Run(test.name, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
eps := EntryPoints{}
|
|
|
|
err := eps.Set(test.expression)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
ep := eps[test.expectedEntryPointName]
|
|
|
|
assert.EqualValues(t, test.expectedEntryPoint, ep)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|