diff --git a/Gopkg.lock b/Gopkg.lock index cf6d2a03c..a53d7e83c 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -1769,6 +1769,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "f323b06b4963d6cec0eee5b88dd4e85d6b2e80ea41418154a8a57a0dae574bcd" + inputs-digest = "0b453fff40221eb9d779eeb4ad75fc076e8cbd93c1ecf058f4b9411d4afddf68" solver-name = "gps-cdcl" solver-version = 1 diff --git a/docs/configuration/backends/file.md b/docs/configuration/backends/file.md index beb4e0b5e..03885635e 100644 --- a/docs/configuration/backends/file.md +++ b/docs/configuration/backends/file.md @@ -56,12 +56,6 @@ Træfik can be configured with a file. passTLSCert = true priority = 42 - # Use frontends.frontend1.auth.basic below instead - basicAuth = [ - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", - ] - [frontends.frontend1.auth] headerField = "X-WebAuth-User" [frontends.frontend1.auth.basic] diff --git a/integration/fixtures/tracing/simple.toml b/integration/fixtures/tracing/simple.toml index f7145e212..74b802298 100644 --- a/integration/fixtures/tracing/simple.toml +++ b/integration/fixtures/tracing/simple.toml @@ -62,6 +62,10 @@ debug = true [frontends.frontend3] passHostHeader = true backend = "backend3" - basicAuth = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] + [frontends.frontend3.auth.basic] + users = [ + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", + ] [frontends.frontend3.routes.test_auth] rule = "Path:/auth" diff --git a/middlewares/accesslog/logdata.go b/middlewares/accesslog/logdata.go index 8a144ce0e..e20e753fe 100644 --- a/middlewares/accesslog/logdata.go +++ b/middlewares/accesslog/logdata.go @@ -40,8 +40,6 @@ const ( RequestPath = "RequestPath" // RequestProtocol is the map key used for the version of HTTP requested. RequestProtocol = "RequestProtocol" - // RequestLine is the original request line - RequestLine = "RequestLine" // RequestContentSize is the map key used for the number of bytes in the request entity (a.k.a. body) sent by the client. RequestContentSize = "RequestContentSize" // RequestRefererHeader is the Referer header in the request @@ -55,14 +53,8 @@ const ( // OriginStatus is the map key used for the HTTP status code returned by the origin server. // If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent. OriginStatus = "OriginStatus" - // OriginStatusLine is the map key used for the HTTP status code and corresponding descriptive string. - // If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent. - // Note that the actual message string might be different to what is reported here, depending on server behaviour. - OriginStatusLine = "OriginStatusLine" // DownstreamStatus is the map key used for the HTTP status code returned to the client. DownstreamStatus = "DownstreamStatus" - // DownstreamStatusLine is the map key used for the HTTP status line returned to the client. - DownstreamStatusLine = "DownstreamStatusLine" // DownstreamContentSize is the map key used for the number of bytes in the response entity returned to the client. // This is in addition to the "Content-Length" header, which may be present in the origin response. DownstreamContentSize = "DownstreamContentSize" @@ -110,9 +102,6 @@ func init() { allCoreKeys[BackendAddr] = struct{}{} allCoreKeys[ClientAddr] = struct{}{} allCoreKeys[RequestAddr] = struct{}{} - allCoreKeys[RequestLine] = struct{}{} - allCoreKeys[OriginStatusLine] = struct{}{} - allCoreKeys[DownstreamStatusLine] = struct{}{} allCoreKeys[GzipRatio] = struct{}{} allCoreKeys[StartLocal] = struct{}{} allCoreKeys[Overhead] = struct{}{} diff --git a/middlewares/accesslog/logger.go b/middlewares/accesslog/logger.go index 166bb2bdf..78fd94934 100644 --- a/middlewares/accesslog/logger.go +++ b/middlewares/accesslog/logger.go @@ -167,7 +167,6 @@ func (l *LogHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next h core[RequestMethod] = req.Method core[RequestPath] = urlCopyString core[RequestProtocol] = req.Proto - core[RequestLine] = fmt.Sprintf("%s %s %s", req.Method, urlCopyString, req.Proto) core[ClientAddr] = req.RemoteAddr core[ClientHost], core[ClientPort] = silentSplitHostPort(req.RemoteAddr) @@ -262,7 +261,6 @@ func (l *LogHandler) logTheRoundTrip(logDataTable *LogData, crr *captureRequestR core[Duration] = totalDuration if l.keepAccessLog(crw.Status(), retryAttempts, totalDuration) { - core[DownstreamStatusLine] = fmt.Sprintf("%03d %s", crw.Status(), http.StatusText(crw.Status())) core[DownstreamContentSize] = crw.Size() if original, ok := core[OriginContentSize]; ok { o64 := original.(int64) diff --git a/middlewares/accesslog/logger_test.go b/middlewares/accesslog/logger_test.go index 0657cfffb..107e5ac2f 100644 --- a/middlewares/accesslog/logger_test.go +++ b/middlewares/accesslog/logger_test.go @@ -198,9 +198,7 @@ func TestLoggerJSON(t *testing.T) { RequestPath: assertString(testPath), RequestProtocol: assertString(testProto), RequestPort: assertString("-"), - RequestLine: assertString(fmt.Sprintf("%s %s %s", testMethod, testPath, testProto)), DownstreamStatus: assertFloat64(float64(testStatus)), - DownstreamStatusLine: assertString(fmt.Sprintf("%d ", testStatus)), DownstreamContentSize: assertFloat64(float64(len(testContent))), OriginContentSize: assertFloat64(float64(len(testContent))), OriginStatus: assertFloat64(float64(testStatus)), diff --git a/middlewares/accesslog/save_backend.go b/middlewares/accesslog/save_backend.go index 78b503aea..cd62c65a0 100644 --- a/middlewares/accesslog/save_backend.go +++ b/middlewares/accesslog/save_backend.go @@ -1,7 +1,6 @@ package accesslog import ( - "fmt" "net/http" "time" @@ -58,7 +57,6 @@ func serveSaveBackend(rw http.ResponseWriter, r *http.Request, backendName strin // use UTC to handle switchover of daylight saving correctly table.Core[OriginDuration] = time.Now().UTC().Sub(start) table.Core[OriginStatus] = crw.Status() - table.Core[OriginStatusLine] = fmt.Sprintf("%03d %s", crw.Status(), http.StatusText(crw.Status())) // make copy of headers so we can ensure there is no subsequent mutation during response processing table.OriginResponse = make(http.Header) utils.CopyHeaders(table.OriginResponse, crw.Header()) diff --git a/provider/kubernetes/annotations.go b/provider/kubernetes/annotations.go index e85211b2f..ee78735b9 100644 --- a/provider/kubernetes/annotations.go +++ b/provider/kubernetes/annotations.go @@ -66,22 +66,6 @@ const ( annotationKubernetesProtocol = "ingress.kubernetes.io/protocol" ) -// TODO [breaking] remove label support -var compatibilityMapping = map[string]string{ - annotationKubernetesPreserveHost: "traefik.frontend.passHostHeader", - annotationKubernetesPassTLSCert: "traefik.frontend.passTLSCert", - annotationKubernetesFrontendEntryPoints: "traefik.frontend.entryPoints", - annotationKubernetesPriority: "traefik.frontend.priority", - annotationKubernetesCircuitBreakerExpression: "traefik.backend.circuitbreaker", - annotationKubernetesLoadBalancerMethod: "traefik.backend.loadbalancer.method", - annotationKubernetesAffinity: "traefik.backend.loadbalancer.stickiness", - annotationKubernetesSessionCookieName: "traefik.backend.loadbalancer.stickiness.cookieName", - annotationKubernetesRuleType: "traefik.frontend.rule.type", - annotationKubernetesRedirectEntryPoint: "traefik.frontend.redirect.entrypoint", - annotationKubernetesRedirectRegex: "traefik.frontend.redirect.regex", - annotationKubernetesRedirectReplacement: "traefik.frontend.redirect.replacement", -} - func getAnnotationName(annotations map[string]string, name string) string { if _, ok := annotations[name]; ok { return name @@ -91,13 +75,6 @@ func getAnnotationName(annotations map[string]string, name string) string { return label.Prefix + name } - // TODO [breaking] remove label support - if lbl, compat := compatibilityMapping[name]; compat { - if _, ok := annotations[lbl]; ok { - return lbl - } - } - return name } diff --git a/provider/kubernetes/annotations_test.go b/provider/kubernetes/annotations_test.go index d84e0d272..c53c0fdcd 100644 --- a/provider/kubernetes/annotations_test.go +++ b/provider/kubernetes/annotations_test.go @@ -30,14 +30,6 @@ func TestGetAnnotationName(t *testing.T) { }, expected: label.Prefix + annotationKubernetesPreserveHost, }, - { - desc: "with label", - name: annotationKubernetesPreserveHost, - annotations: map[string]string{ - label.TraefikFrontendPassHostHeader: "true", - }, - expected: label.TraefikFrontendPassHostHeader, - }, } for _, test := range testCases { diff --git a/provider/kv/keynames.go b/provider/kv/keynames.go index b42801d9d..6e2d8537d 100644 --- a/provider/kv/keynames.go +++ b/provider/kv/keynames.go @@ -32,7 +32,6 @@ const ( pathFrontendWhiteListSourceRange = "/whitelist/sourcerange" pathFrontendWhiteListUseXForwardedFor = "/whitelist/usexforwardedfor" - pathFrontendBasicAuth = "/basicauth" // Deprecated pathFrontendAuth = "/auth/" pathFrontendAuthBasic = pathFrontendAuth + "basic/" pathFrontendAuthBasicRemoveHeader = pathFrontendAuthBasic + "removeheader" diff --git a/provider/kv/kv_config.go b/provider/kv/kv_config.go index 49f22d179..0067c5936 100644 --- a/provider/kv/kv_config.go +++ b/provider/kv/kv_config.go @@ -46,7 +46,6 @@ func (p *Provider) buildConfiguration() *types.Configuration { "getPassHostHeader": p.getFuncBool(pathFrontendPassHostHeader, label.DefaultPassHostHeader), "getPassTLSCert": p.getFuncBool(pathFrontendPassTLSCert, label.DefaultPassTLSCert), "getEntryPoints": p.getFuncList(pathFrontendEntryPoints), - "getBasicAuth": p.getFuncList(pathFrontendBasicAuth), // Deprecated "getAuth": p.getAuth, "getRoutes": p.getRoutes, "getRedirect": p.getRedirect, @@ -320,20 +319,14 @@ func (p *Provider) getTLSSection(prefix string) []*tls.Configuration { return tlsSection } -// hasDeprecatedBasicAuth check if the frontend basic auth use the deprecated configuration -func (p *Provider) hasDeprecatedBasicAuth(rootPath string) bool { - return len(p.getList(rootPath, pathFrontendBasicAuth)) > 0 -} - // GetAuth Create auth from path func (p *Provider) getAuth(rootPath string) *types.Auth { - hasDeprecatedBasicAuth := p.hasDeprecatedBasicAuth(rootPath) - if p.hasPrefix(rootPath, pathFrontendAuth) || hasDeprecatedBasicAuth { + if p.hasPrefix(rootPath, pathFrontendAuth) { auth := &types.Auth{ HeaderField: p.get("", rootPath, pathFrontendAuthHeaderField), } - if p.hasPrefix(rootPath, pathFrontendAuthBasic) || hasDeprecatedBasicAuth { + if p.hasPrefix(rootPath, pathFrontendAuthBasic) { auth.Basic = p.getAuthBasic(rootPath) } else if p.hasPrefix(rootPath, pathFrontendAuthDigest) { auth.Digest = p.getAuthDigest(rootPath) @@ -348,20 +341,11 @@ func (p *Provider) getAuth(rootPath string) *types.Auth { // getAuthBasic Create Basic Auth from path func (p *Provider) getAuthBasic(rootPath string) *types.Basic { - basicAuth := &types.Basic{ + return &types.Basic{ UsersFile: p.get("", rootPath, pathFrontendAuthBasicUsersFile), RemoveHeader: p.getBool(false, rootPath, pathFrontendAuthBasicRemoveHeader), + Users: p.getList(rootPath, pathFrontendAuthBasicUsers), } - - // backward compatibility - if p.hasDeprecatedBasicAuth(rootPath) { - basicAuth.Users = p.getList(rootPath, pathFrontendBasicAuth) - log.Warnf("Deprecated configuration found: %s. Please use %s.", pathFrontendBasicAuth, pathFrontendAuthBasic) - } else { - basicAuth.Users = p.getList(rootPath, pathFrontendAuthBasicUsers) - } - - return basicAuth } // getAuthDigest Create Digest Auth from path diff --git a/provider/kv/kv_config_test.go b/provider/kv/kv_config_test.go index bac4c6d30..64ff91eaf 100644 --- a/provider/kv/kv_config_test.go +++ b/provider/kv/kv_config_test.go @@ -130,38 +130,6 @@ func TestProviderBuildConfiguration(t *testing.T) { }, }, }, - { - desc: "basic auth (backward compatibility)", - kvPairs: filler("traefik", - frontend("frontend", - withPair(pathFrontendBackend, "backend"), - withList(pathFrontendBasicAuth, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), - ), - backend("backend"), - ), - expected: &types.Configuration{ - Backends: map[string]*types.Backend{ - "backend": { - LoadBalancer: &types.LoadBalancer{ - Method: "wrr", - }, - }, - }, - Frontends: map[string]*types.Frontend{ - "frontend": { - Backend: "backend", - PassHostHeader: true, - EntryPoints: []string{}, - Auth: &types.Auth{ - Basic: &types.Basic{ - Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"}, - }, - }, - }, - }, - }, - }, { desc: "digest auth", kvPairs: filler("traefik", @@ -281,7 +249,6 @@ func TestProviderBuildConfiguration(t *testing.T) { withList(pathFrontendWhiteListSourceRange, "1.1.1.1/24", "1234:abcd::42/32"), withPair(pathFrontendWhiteListUseXForwardedFor, "true"), - withList(pathFrontendBasicAuth, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), withPair(pathFrontendAuthBasicRemoveHeader, "true"), withList(pathFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), withPair(pathFrontendAuthBasicUsersFile, ".htpasswd"), @@ -2163,20 +2130,6 @@ func TestProviderGetAuth(t *testing.T) { }, }, }, - { - desc: "should return a valid basic auth (backward compatibility)", - rootPath: "traefik/frontends/foo", - kvPairs: filler("traefik", - frontend("foo", - withPair(pathFrontendBasicAuth, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), - )), - expected: &types.Auth{ - Basic: &types.Basic{ - Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"}, - }, - }, - }, { desc: "should return a valid digest auth", rootPath: "traefik/frontends/foo", @@ -2240,61 +2193,6 @@ func TestProviderGetAuth(t *testing.T) { } } -func TestProviderHasDeprecatedBasicAuth(t *testing.T) { - testCases := []struct { - desc string - rootPath string - kvPairs []*store.KVPair - expected bool - }{ - { - desc: "should return nil when no data", - expected: false, - }, - { - desc: "should return a valid basic auth", - rootPath: "traefik/frontends/foo", - kvPairs: filler("traefik", - frontend("foo", - withList(pathFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), - )), - expected: false, - }, - { - desc: "should return a valid basic auth", - rootPath: "traefik/frontends/foo", - kvPairs: filler("traefik", - frontend("foo", - withList(pathFrontendBasicAuth, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), - )), - expected: true, - }, - { - desc: "should return a valid basic auth", - rootPath: "traefik/frontends/foo", - kvPairs: filler("traefik", - frontend("foo", - withList(pathFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), - withList(pathFrontendBasicAuth, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), - )), - expected: true, - }, - } - - for _, test := range testCases { - test := test - t.Run(test.desc, func(t *testing.T) { - t.Parallel() - - p := newProviderMock(test.kvPairs) - - result := p.hasDeprecatedBasicAuth(test.rootPath) - - assert.Equal(t, test.expected, result) - }) - } -} - func TestProviderGetRoutes(t *testing.T) { testCases := []struct { desc string diff --git a/server/server_configuration_test.go b/server/server_configuration_test.go index f15e73713..909a70fd5 100644 --- a/server/server_configuration_test.go +++ b/server/server_configuration_test.go @@ -161,7 +161,6 @@ func TestServerLoadConfigEmptyBasicAuth(t *testing.T) { "frontend": { EntryPoints: []string{"http"}, Backend: "backend", - BasicAuth: []string{""}, }, }, Backends: map[string]*types.Backend{ @@ -248,7 +247,11 @@ func TestReuseBackend(t *testing.T) { th.WithFrontendName("frontend1"), th.WithEntryPoints("http"), th.WithRoutes(th.WithRoute("/unauthorized", "Path: /unauthorized")), - th.WithBasicAuth("foo", "bar")), + th.WithFrontEndAuth(&types.Auth{ + Basic: &types.Basic{ + Users: []string{"foo:bar"}, + }, + })), ), th.WithBackends(th.WithBackendNew("backend", th.WithLBMethod("wrr"), diff --git a/server/server_middlewares.go b/server/server_middlewares.go index cf6bf53d9..af99a5ec9 100644 --- a/server/server_middlewares.go +++ b/server/server_middlewares.go @@ -95,19 +95,6 @@ func (s *Server) buildMiddlewares(frontendName string, frontend *types.Frontend, middle = append(middle, handler) } - // Basic auth - if len(frontend.BasicAuth) > 0 { - log.Debugf("Adding basic authentication for frontend %s", frontendName) - - authMiddleware, err := s.buildBasicAuthMiddleware(frontend.BasicAuth) - if err != nil { - return nil, nil, nil, err - } - - handler := s.wrapNegroniHandlerWithAccessLog(authMiddleware, fmt.Sprintf("Basic Auth for %s", frontendName)) - middle = append(middle, handler) - } - // Authentication if frontend.Auth != nil { authMiddleware, err := mauth.NewAuthenticator(frontend.Auth, s.tracingMiddleware) diff --git a/server/server_middlewares_test.go b/server/server_middlewares_test.go index 06b6a3311..6877c25d9 100644 --- a/server/server_middlewares_test.go +++ b/server/server_middlewares_test.go @@ -265,7 +265,10 @@ func TestServerGenericFrontendAuthFail(t *testing.T) { "frontend": { EntryPoints: []string{"http"}, Backend: "backend", - BasicAuth: []string{""}, + Auth: &types.Auth{ + Basic: &types.Basic{ + Users: []string{""}, + }}, }, }, Backends: map[string]*types.Backend{ diff --git a/testhelpers/config.go b/testhelpers/config.go index b4fe53e80..4b2dd79da 100644 --- a/testhelpers/config.go +++ b/testhelpers/config.go @@ -137,14 +137,6 @@ func WithRoute(name string, rule string) func(*types.Route) string { } } -// WithBasicAuth is a helper to create a configuration -// Deprecated -func WithBasicAuth(username string, password string) func(*types.Frontend) { - return func(fe *types.Frontend) { - fe.BasicAuth = []string{username + ":" + password} - } -} - // WithFrontEndAuth is a helper to create a configuration func WithFrontEndAuth(auth *types.Auth) func(*types.Frontend) { return func(fe *types.Frontend) { diff --git a/types/types.go b/types/types.go index 1d6630cbb..89e43fae1 100644 --- a/types/types.go +++ b/types/types.go @@ -183,7 +183,6 @@ type Frontend struct { PassHostHeader bool `json:"passHostHeader,omitempty"` PassTLSCert bool `json:"passTLSCert,omitempty"` Priority int `json:"priority"` - BasicAuth []string `json:"basicAuth"` // Deprecated WhitelistSourceRange []string `json:"whitelistSourceRange,omitempty"` // Deprecated WhiteList *WhiteList `json:"whiteList,omitempty"` Headers *Headers `json:"headers,omitempty"`