2015-11-01 15:35:01 +00:00
|
|
|
package provider
|
|
|
|
|
|
2015-11-13 10:50:32 +00:00
|
|
|
import (
|
|
|
|
|
"bytes"
|
2016-06-27 14:14:56 +00:00
|
|
|
"crypto/tls"
|
|
|
|
|
"crypto/x509"
|
|
|
|
|
"fmt"
|
2016-12-30 08:21:13 +00:00
|
|
|
"io/ioutil"
|
2016-08-13 16:55:15 +00:00
|
|
|
"os"
|
2016-12-30 08:21:13 +00:00
|
|
|
"strings"
|
|
|
|
|
"text/template"
|
|
|
|
|
"unicode"
|
2016-08-13 16:55:15 +00:00
|
|
|
|
2015-11-13 10:50:32 +00:00
|
|
|
"github.com/BurntSushi/toml"
|
2016-02-24 15:43:39 +00:00
|
|
|
"github.com/containous/traefik/autogen"
|
2016-09-23 16:27:01 +00:00
|
|
|
"github.com/containous/traefik/log"
|
2016-04-13 18:36:23 +00:00
|
|
|
"github.com/containous/traefik/safe"
|
2016-02-24 15:43:39 +00:00
|
|
|
"github.com/containous/traefik/types"
|
2015-11-13 10:50:32 +00:00
|
|
|
)
|
2015-11-01 15:35:01 +00:00
|
|
|
|
2015-11-01 18:29:47 +00:00
|
|
|
// Provider defines methods of a provider.
|
2015-11-01 15:35:01 +00:00
|
|
|
type Provider interface {
|
2015-11-01 18:29:47 +00:00
|
|
|
// Provide allows the provider to provide configurations to traefik
|
|
|
|
|
// using the given configuration channel.
|
2016-11-09 18:27:04 +00:00
|
|
|
Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool, constraints types.Constraints) error
|
2015-11-01 15:35:01 +00:00
|
|
|
}
|
2015-11-13 10:50:32 +00:00
|
|
|
|
2016-01-13 21:46:44 +00:00
|
|
|
// BaseProvider should be inherited by providers
|
|
|
|
|
type BaseProvider struct {
|
2016-06-02 13:17:04 +00:00
|
|
|
Watch bool `description:"Watch provider"`
|
|
|
|
|
Filename string `description:"Override default configuration template. For advanced users :)"`
|
|
|
|
|
Constraints types.Constraints `description:"Filter services by constraint, matching with Traefik tags."`
|
2016-05-30 13:05:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// MatchConstraints must match with EVERY single contraint
|
|
|
|
|
// returns first constraint that do not match or nil
|
2016-05-20 15:17:38 +00:00
|
|
|
func (p *BaseProvider) MatchConstraints(tags []string) (bool, *types.Constraint) {
|
2016-05-30 13:05:58 +00:00
|
|
|
// if there is no tags and no contraints, filtering is disabled
|
|
|
|
|
if len(tags) == 0 && len(p.Constraints) == 0 {
|
2016-05-20 15:17:38 +00:00
|
|
|
return true, nil
|
2016-05-30 13:05:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, constraint := range p.Constraints {
|
2016-05-20 15:17:38 +00:00
|
|
|
// xor: if ok and constraint.MustMatch are equal, then no tag is currently matching with the constraint
|
|
|
|
|
if ok := constraint.MatchConstraintWithAtLeastOneTag(tags); ok != constraint.MustMatch {
|
2016-11-09 18:27:04 +00:00
|
|
|
return false, constraint
|
2016-05-30 13:05:58 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If no constraint or every constraints matching
|
2016-05-20 15:17:38 +00:00
|
|
|
return true, nil
|
2015-11-13 10:50:32 +00:00
|
|
|
}
|
|
|
|
|
|
2016-01-13 21:46:44 +00:00
|
|
|
func (p *BaseProvider) getConfiguration(defaultTemplateFile string, funcMap template.FuncMap, templateObjects interface{}) (*types.Configuration, error) {
|
2015-11-13 10:50:32 +00:00
|
|
|
var (
|
|
|
|
|
buf []byte
|
|
|
|
|
err error
|
|
|
|
|
)
|
|
|
|
|
configuration := new(types.Configuration)
|
2016-12-03 09:12:22 +00:00
|
|
|
var defaultFuncMap = template.FuncMap{
|
|
|
|
|
"replace": replace,
|
|
|
|
|
"tolower": strings.ToLower,
|
|
|
|
|
"normalize": normalize,
|
|
|
|
|
"split": split,
|
|
|
|
|
"contains": contains,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for funcID, funcElement := range funcMap {
|
|
|
|
|
defaultFuncMap[funcID] = funcElement
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmpl := template.New(p.Filename).Funcs(defaultFuncMap)
|
2015-11-13 10:50:32 +00:00
|
|
|
if len(p.Filename) > 0 {
|
|
|
|
|
buf, err = ioutil.ReadFile(p.Filename)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
buf, err = autogen.Asset(defaultTemplateFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
_, err = tmpl.Parse(string(buf))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var buffer bytes.Buffer
|
|
|
|
|
err = tmpl.Execute(&buffer, templateObjects)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-13 16:55:15 +00:00
|
|
|
var renderedTemplate = buffer.String()
|
|
|
|
|
// log.Debugf("Rendering results of %s:\n%s", defaultTemplateFile, renderedTemplate)
|
|
|
|
|
if _, err := toml.Decode(renderedTemplate, configuration); err != nil {
|
2015-11-13 10:50:32 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return configuration, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func replace(s1 string, s2 string, s3 string) string {
|
|
|
|
|
return strings.Replace(s3, s1, s2, -1)
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-03 09:12:22 +00:00
|
|
|
func contains(substr, s string) bool {
|
|
|
|
|
return strings.Contains(s, substr)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func split(sep, s string) []string {
|
|
|
|
|
return strings.Split(s, sep)
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-27 00:05:17 +00:00
|
|
|
func normalize(name string) string {
|
|
|
|
|
fargs := func(c rune) bool {
|
|
|
|
|
return !unicode.IsLetter(c) && !unicode.IsNumber(c)
|
|
|
|
|
}
|
|
|
|
|
// get function
|
|
|
|
|
return strings.Join(strings.FieldsFunc(name, fargs), "-")
|
|
|
|
|
}
|
2016-06-27 14:14:56 +00:00
|
|
|
|
2016-11-28 13:59:08 +00:00
|
|
|
func reverseStringSlice(slice *[]string) {
|
|
|
|
|
for i, j := 0, len(*slice)-1; i < j; i, j = i+1, j-1 {
|
|
|
|
|
(*slice)[i], (*slice)[j] = (*slice)[j], (*slice)[i]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-27 14:14:56 +00:00
|
|
|
// ClientTLS holds TLS specific configurations as client
|
|
|
|
|
// CA, Cert and Key can be either path or file contents
|
|
|
|
|
type ClientTLS struct {
|
|
|
|
|
CA string `description:"TLS CA"`
|
|
|
|
|
Cert string `description:"TLS cert"`
|
|
|
|
|
Key string `description:"TLS key"`
|
|
|
|
|
InsecureSkipVerify bool `description:"TLS insecure skip verify"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CreateTLSConfig creates a TLS config from ClientTLS structures
|
|
|
|
|
func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) {
|
|
|
|
|
var err error
|
2016-08-14 02:05:43 +00:00
|
|
|
if clientTLS == nil {
|
|
|
|
|
log.Warnf("clientTLS is nil")
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
2016-06-27 14:14:56 +00:00
|
|
|
caPool := x509.NewCertPool()
|
|
|
|
|
if clientTLS.CA != "" {
|
|
|
|
|
var ca []byte
|
|
|
|
|
if _, errCA := os.Stat(clientTLS.CA); errCA == nil {
|
|
|
|
|
ca, err = ioutil.ReadFile(clientTLS.CA)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Failed to read CA. %s", err)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ca = []byte(clientTLS.CA)
|
|
|
|
|
}
|
|
|
|
|
caPool.AppendCertsFromPEM(ca)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cert := tls.Certificate{}
|
|
|
|
|
_, errKeyIsFile := os.Stat(clientTLS.Key)
|
|
|
|
|
|
|
|
|
|
if _, errCertIsFile := os.Stat(clientTLS.Cert); errCertIsFile == nil {
|
|
|
|
|
if errKeyIsFile == nil {
|
|
|
|
|
cert, err = tls.LoadX509KeyPair(clientTLS.Cert, clientTLS.Key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Failed to load TLS keypair: %v", err)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return nil, fmt.Errorf("tls cert is a file, but tls key is not")
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if errKeyIsFile != nil {
|
|
|
|
|
cert, err = tls.X509KeyPair([]byte(clientTLS.Cert), []byte(clientTLS.Key))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Failed to load TLS keypair: %v", err)
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return nil, fmt.Errorf("tls key is a file, but tls cert is not")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TLSConfig := &tls.Config{
|
|
|
|
|
Certificates: []tls.Certificate{cert},
|
|
|
|
|
RootCAs: caPool,
|
|
|
|
|
InsecureSkipVerify: clientTLS.InsecureSkipVerify,
|
|
|
|
|
}
|
|
|
|
|
return TLSConfig, nil
|
|
|
|
|
}
|
