diff --git a/docs/content/assets/img/middleware/ipwhitelist.png b/docs/content/assets/img/middleware/ipwhitelist.png deleted file mode 100644 index 8c6b0c97a..000000000 Binary files a/docs/content/assets/img/middleware/ipwhitelist.png and /dev/null differ diff --git a/docs/content/middlewares/http/chain.md b/docs/content/middlewares/http/chain.md index 3fc06d26b..f9768adfb 100644 --- a/docs/content/middlewares/http/chain.md +++ b/docs/content/middlewares/http/chain.md @@ -15,7 +15,7 @@ It makes reusing the same groups easier. ## Configuration Example -Below is an example of a Chain containing `WhiteList`, `BasicAuth`, and `RedirectScheme`. +Below is an example of a Chain containing `AllowList`, `BasicAuth`, and `RedirectScheme`. ```yaml tab="Docker" labels: @@ -25,7 +25,7 @@ labels: - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" + - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.services.service1.loadbalancer.server.port=80" ``` @@ -80,7 +80,7 @@ kind: Middleware metadata: name: known-ips spec: - ipWhiteList: + ipAllowList: sourceRange: - 192.168.1.7 - 127.0.0.1/32 @@ -93,7 +93,7 @@ spec: - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" -- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" +- "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.services.service1.loadbalancer.server.port=80" ``` @@ -105,7 +105,7 @@ spec: "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users", "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "traefik.http.middlewares.https-only.redirectscheme.scheme": "https", - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32", + "traefik.http.middlewares.known-ips.ipallowlist.sourceRange": "192.168.1.7,127.0.0.1/32", "traefik.http.services.service1.loadbalancer.server.port": "80" } ``` @@ -118,7 +118,7 @@ labels: - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" + - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.services.service1.loadbalancer.server.port=80" ``` @@ -150,7 +150,7 @@ http: scheme: https known-ips: - ipWhiteList: + ipAllowList: sourceRange: - "192.168.1.7" - "127.0.0.1/32" @@ -180,7 +180,7 @@ http: [http.middlewares.https-only.redirectScheme] scheme = "https" - [http.middlewares.known-ips.ipWhiteList] + [http.middlewares.known-ips.ipAllowList] sourceRange = ["192.168.1.7", "127.0.0.1/32"] [http.services] diff --git a/docs/content/middlewares/http/ipwhitelist.md b/docs/content/middlewares/http/ipallowlist.md similarity index 68% rename from docs/content/middlewares/http/ipwhitelist.md rename to docs/content/middlewares/http/ipallowlist.md index 3817b54d5..56450d736 100644 --- a/docs/content/middlewares/http/ipwhitelist.md +++ b/docs/content/middlewares/http/ipallowlist.md @@ -1,32 +1,30 @@ --- -title: "Traefik HTTP Middlewares IPWhiteList" -description: "Learn how to use IPWhiteList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." +title: "Traefik HTTP Middlewares IPAllowList" +description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." --- -# IPWhiteList +# IPAllowList Limiting Clients to Specific IPs {: .subtitle } -![IpWhiteList](../../assets/img/middleware/ipwhitelist.png) - -IPWhitelist accepts / refuses requests based on the client IP. +IPAllowList accepts / refuses requests based on the client IP. ## Configuration Examples ```yaml tab="Docker" # Accepts request from defined IP labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: test-ipwhitelist + name: test-ipallowlist spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 - 192.168.1.7 @@ -34,27 +32,27 @@ spec: ```yaml tab="Consul Catalog" # Accepts request from defined IP -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" +- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```json tab="Marathon" "labels": { - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" + "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7" } ``` ```yaml tab="Rancher" # Accepts request from defined IP labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="File (YAML)" # Accepts request from defined IP http: middlewares: - test-ipwhitelist: - ipWhiteList: + test-ipallowlist: + ipAllowList: sourceRange: - "127.0.0.1/32" - "192.168.1.7" @@ -63,7 +61,7 @@ http: ```toml tab="File (TOML)" # Accepts request from defined IP [http.middlewares] - [http.middlewares.test-ipwhitelist.ipWhiteList] + [http.middlewares.test-ipallowlist.ipAllowList] sourceRange = ["127.0.0.1/32", "192.168.1.7"] ``` @@ -86,7 +84,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th !!! example "Examples of Depth & X-Forwarded-For" - If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`). + If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`). | `X-Forwarded-For` | `depth` | clientIP | |-----------------------------------------|---------|--------------| @@ -95,20 +93,20 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | ```yaml tab="Docker" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2" ``` ```yaml tab="Kubernetes" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: test-ipwhitelist + name: test-ipallowlist spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 - 192.168.1.7 @@ -117,31 +115,31 @@ spec: ``` ```yaml tab="Consul Catalog" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" +# Allowlisting Based on `X-Forwarded-For` with `depth=2` +- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" +- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2" ``` ```json tab="Marathon" "labels": { - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7", - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth": "2" + "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7", + "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2" } ``` ```yaml tab="Rancher" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2" ``` ```yaml tab="File (YAML)" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` http: middlewares: - test-ipwhitelist: - ipWhiteList: + test-ipallowlist: + ipAllowList: sourceRange: - "127.0.0.1/32" - "192.168.1.7" @@ -150,11 +148,11 @@ http: ``` ```toml tab="File (TOML)" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` [http.middlewares] - [http.middlewares.test-ipwhitelist.ipWhiteList] + [http.middlewares.test-ipallowlist.ipAllowList] sourceRange = ["127.0.0.1/32", "192.168.1.7"] - [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] + [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy] depth = 2 ``` @@ -177,7 +175,7 @@ http: ```yaml tab="Docker" # Exclude from `X-Forwarded-For` labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="Kubernetes" @@ -185,9 +183,9 @@ labels: apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: test-ipwhitelist + name: test-ipallowlist spec: - ipWhiteList: + ipAllowList: ipStrategy: excludedIPs: - 127.0.0.1/32 @@ -196,27 +194,27 @@ spec: ```yaml tab="Consul Catalog" # Exclude from `X-Forwarded-For` -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" +- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```json tab="Marathon" "labels": { - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" + "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" } ``` ```yaml tab="Rancher" # Exclude from `X-Forwarded-For` labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="File (YAML)" # Exclude from `X-Forwarded-For` http: middlewares: - test-ipwhitelist: - ipWhiteList: + test-ipallowlist: + ipAllowList: ipStrategy: excludedIPs: - "127.0.0.1/32" @@ -226,7 +224,7 @@ http: ```toml tab="File (TOML)" # Exclude from `X-Forwarded-For` [http.middlewares] - [http.middlewares.test-ipwhitelist.ipWhiteList] - [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] + [http.middlewares.test-ipallowlist.ipAllowList] + [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy] excludedIPs = ["127.0.0.1/32", "192.168.1.7"] ``` diff --git a/docs/content/middlewares/http/overview.md b/docs/content/middlewares/http/overview.md index 07096315e..c4a9f9791 100644 --- a/docs/content/middlewares/http/overview.md +++ b/docs/content/middlewares/http/overview.md @@ -142,7 +142,7 @@ http: | [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle | | [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication | | [Headers](headers.md) | Adds / Updates headers | Security | -| [IPWhiteList](ipwhitelist.md) | Limits the allowed client IPs | Security, Request lifecycle | +| [IPAllowList](ipallowlist.md) | Limits the allowed client IPs | Security, Request lifecycle | | [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle | | [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security | | [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle | diff --git a/docs/content/middlewares/tcp/ipwhitelist.md b/docs/content/middlewares/tcp/ipallowlist.md similarity index 66% rename from docs/content/middlewares/tcp/ipwhitelist.md rename to docs/content/middlewares/tcp/ipallowlist.md index 857d72bc7..2cc51fd57 100644 --- a/docs/content/middlewares/tcp/ipwhitelist.md +++ b/docs/content/middlewares/tcp/ipallowlist.md @@ -1,30 +1,30 @@ --- -title: "Traefik TCP Middlewares IPWhiteList" -description: "Learn how to use IPWhiteList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." +title: "Traefik TCP Middlewares IPAllowList" +description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." --- -# IPWhiteList +# IPAllowList Limiting Clients to Specific IPs {: .subtitle } -IPWhitelist accepts / refuses connections based on the client IP. +IPAllowList accepts / refuses connections based on the client IP. ## Configuration Examples ```yaml tab="Docker" # Accepts connections from defined IP labels: - - "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: test-ipwhitelist + name: test-ipallowlist spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 - 192.168.1.7 @@ -32,25 +32,25 @@ spec: ```yaml tab="Consul Catalog" # Accepts request from defined IP -- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" +- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```json tab="Marathon" "labels": { - "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" + "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7" } ``` ```yaml tab="Rancher" # Accepts request from defined IP labels: - - "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```toml tab="File (TOML)" # Accepts request from defined IP [tcp.middlewares] - [tcp.middlewares.test-ipwhitelist.ipWhiteList] + [tcp.middlewares.test-ipallowlist.ipAllowList] sourceRange = ["127.0.0.1/32", "192.168.1.7"] ``` @@ -58,8 +58,8 @@ labels: # Accepts request from defined IP tcp: middlewares: - test-ipwhitelist: - ipWhiteList: + test-ipallowlist: + ipAllowList: sourceRange: - "127.0.0.1/32" - "192.168.1.7" diff --git a/docs/content/middlewares/tcp/overview.md b/docs/content/middlewares/tcp/overview.md index 682dbe0f0..cc1302530 100644 --- a/docs/content/middlewares/tcp/overview.md +++ b/docs/content/middlewares/tcp/overview.md @@ -18,10 +18,10 @@ whoami: # A container that exposes an API to show its IP address image: traefik/whoami labels: - # Create a middleware named `foo-ip-whitelist` - - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - # Apply the middleware named `foo-ip-whitelist` to the router named `router1` - - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@docker" + # Create a middleware named `foo-ip-allowlist` + - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" + # Apply the middleware named `foo-ip-allowlist` to the router named `router1` + - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@docker" ``` ```yaml tab="Kubernetes IngressRoute" @@ -43,9 +43,9 @@ spec: apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: foo-ip-whitelist + name: foo-ip-allowlist spec: - ipWhiteList: + ipAllowList: sourcerange: - 127.0.0.1/32 - 192.168.1.7 @@ -60,30 +60,30 @@ spec: routes: # more fields... middlewares: - - name: foo-ip-whitelist + - name: foo-ip-allowlist ``` ```yaml tab="Consul Catalog" -# Create a middleware named `foo-ip-whitelist` -- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" -# Apply the middleware named `foo-ip-whitelist` to the router named `router1` -- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@consulcatalog" +# Create a middleware named `foo-ip-allowlist` +- "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" +# Apply the middleware named `foo-ip-allowlist` to the router named `router1` +- "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog" ``` ```json tab="Marathon" "labels": { - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7", - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@marathon" + "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7", + "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@marathon" } ``` ```yaml tab="Rancher" # As a Rancher Label labels: - # Create a middleware named `foo-ip-whitelist` - - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - # Apply the middleware named `foo-ip-whitelist` to the router named `router1` - - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@rancher" + # Create a middleware named `foo-ip-allowlist` + - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" + # Apply the middleware named `foo-ip-allowlist` to the router named `router1` + - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@rancher" ``` ```toml tab="File (TOML)" @@ -91,11 +91,11 @@ labels: [tcp.routers] [tcp.routers.router1] service = "myService" - middlewares = ["foo-ip-whitelist"] + middlewares = ["foo-ip-allowlist"] rule = "Host(`example.com`)" [tcp.middlewares] - [tcp.middlewares.foo-ip-whitelist.ipWhiteList] + [tcp.middlewares.foo-ip-allowlist.ipAllowList] sourceRange = ["127.0.0.1/32", "192.168.1.7"] [tcp.services] @@ -114,12 +114,12 @@ tcp: router1: service: myService middlewares: - - "foo-ip-whitelist" + - "foo-ip-allowlist" rule: "Host(`example.com`)" middlewares: - foo-ip-whitelist: - ipWhiteList: + foo-ip-allowlist: + ipAllowList: sourceRange: - "127.0.0.1/32" - "192.168.1.7" @@ -137,4 +137,4 @@ tcp: | Middleware | Purpose | Area | |-------------------------------------------|---------------------------------------------------|-----------------------------| | [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle | -| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs. | Security, Request lifecycle | +| [IPAllowList](ipallowlist.md) | Limit the allowed client IPs. | Security, Request lifecycle | diff --git a/docs/content/migration/v2-to-v3.md b/docs/content/migration/v2-to-v3.md new file mode 100644 index 000000000..2af1d8561 --- /dev/null +++ b/docs/content/migration/v2-to-v3.md @@ -0,0 +1,18 @@ +--- +title: "Traefik V3 Migration Documentation" +description: "Migrate from Traefik Proxy v2 to v3 and update all the necessary configurations to take advantage of all the improvements. Read the technical documentation." +--- + +# Migration Guide: From v2 to v3 + +How to Migrate from Traefik v2 to Traefik v3. +{: .subtitle } + +The version 3 of Traefik introduces a number of breaking changes, +which require one to update their configuration when they migrate from v2 to v3. +The goal of this page is to recapitulate all of these changes, and in particular to give examples, +feature by feature, of how the configuration looked like in v2, and how it now looks like in v3. + +## IPWhiteList + +In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration. diff --git a/docs/content/operations/dashboard.md b/docs/content/operations/dashboard.md index c838f0afd..61e17e742 100644 --- a/docs/content/operations/dashboard.md +++ b/docs/content/operations/dashboard.md @@ -72,7 +72,7 @@ to allow defining: - One or more security features through [middlewares](../middlewares/overview.md) like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md), - [forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md). + [forwardAuth](../middlewares/http/forwardauth.md)) or [allowlisting](../middlewares/http/ipallowlist.md). - A [router rule](#dashboard-router-rule) for accessing the dashboard, through Traefik itself (sometimes referred as "Traefik-ception"). diff --git a/docs/content/providers/file.md b/docs/content/providers/file.md index 8abce45d6..2ac4ee1e5 100644 --- a/docs/content/providers/file.md +++ b/docs/content/providers/file.md @@ -18,7 +18,7 @@ It supports providing configuration through a [single configuration file](#filen !!! tip - The file provider can be a good solution for reusing common elements from other providers (e.g. declaring whitelist middlewares, basic authentication, ...) + The file provider can be a good solution for reusing common elements from other providers (e.g. declaring allowlist middlewares, basic authentication, ...) ## Configuration Examples diff --git a/docs/content/reference/dynamic-configuration/docker-labels.yml b/docs/content/reference/dynamic-configuration/docker-labels.yml index f4ddee380..6d79e63fe 100644 --- a/docs/content/reference/dynamic-configuration/docker-labels.yml +++ b/docs/content/reference/dynamic-configuration/docker-labels.yml @@ -71,9 +71,9 @@ - "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true" - "traefik.http.middlewares.middleware10.headers.stspreload=true" - "traefik.http.middlewares.middleware10.headers.stsseconds=42" -- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42" -- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar" -- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar" +- "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth=42" +- "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips=foobar, foobar" +- "traefik.http.middlewares.middleware11.ipallowlist.sourcerange=foobar, foobar" - "traefik.http.middlewares.middleware12.inflightreq.amount=42" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar" @@ -166,7 +166,7 @@ - "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true" - "traefik.http.services.service01.loadbalancer.server.port=foobar" - "traefik.http.services.service01.loadbalancer.server.scheme=foobar" -- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar" +- "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange=foobar, foobar" - "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42" - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar" - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar" diff --git a/docs/content/reference/dynamic-configuration/file.toml b/docs/content/reference/dynamic-configuration/file.toml index c197e75cb..6c540e5f6 100644 --- a/docs/content/reference/dynamic-configuration/file.toml +++ b/docs/content/reference/dynamic-configuration/file.toml @@ -203,9 +203,9 @@ name0 = "foobar" name1 = "foobar" [http.middlewares.Middleware11] - [http.middlewares.Middleware11.ipWhiteList] + [http.middlewares.Middleware11.ipAllowList] sourceRange = ["foobar", "foobar"] - [http.middlewares.Middleware11.ipWhiteList.ipStrategy] + [http.middlewares.Middleware11.ipAllowList.ipStrategy] depth = 42 excludedIPs = ["foobar", "foobar"] [http.middlewares.Middleware12] @@ -402,7 +402,7 @@ weight = 42 [tcp.middlewares] [tcp.middlewares.TCPMiddleware00] - [tcp.middlewares.TCPMiddleware00.ipWhiteList] + [tcp.middlewares.TCPMiddleware00.ipAllowList] sourceRange = ["foobar", "foobar"] [tcp.middlewares.TCPMiddleware01] [tcp.middlewares.TCPMiddleware01.inFlightConn] diff --git a/docs/content/reference/dynamic-configuration/file.yaml b/docs/content/reference/dynamic-configuration/file.yaml index fc446ec0f..c86e4d167 100644 --- a/docs/content/reference/dynamic-configuration/file.yaml +++ b/docs/content/reference/dynamic-configuration/file.yaml @@ -230,7 +230,7 @@ http: permissionsPolicy: foobar isDevelopment: true Middleware11: - ipWhiteList: + ipAllowList: sourceRange: - foobar - foobar @@ -443,7 +443,7 @@ tcp: weight: 42 middlewares: TCPMiddleware00: - ipWhiteList: + ipAllowList: sourceRange: - foobar - foobar diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 391c23a2c..d54fa537d 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -1149,7 +1149,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1174,14 +1174,14 @@ spec: type: boolean type: object type: object - ipWhiteList: - description: 'IPWhiteList holds the IP whitelist middleware configuration. + ipAllowList: + description: 'IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/' properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1345,7 +1345,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1541,8 +1541,8 @@ spec: format: int64 type: integer type: object - ipWhiteList: - description: IPWhiteList defines the IPWhiteList middleware configuration. + ipAllowList: + description: IPAllowList defines the IPAllowList middleware configuration. properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml index d86a2dd67..9a3d40e1c 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml @@ -148,7 +148,7 @@ spec: - name: whoamitcp port: 8080 middlewares: - - name: ipwhitelist + - name: ipallowlist tls: secretName: foosecret passthrough: false diff --git a/docs/content/reference/dynamic-configuration/kv-ref.md b/docs/content/reference/dynamic-configuration/kv-ref.md index d83a15476..e65b2ec66 100644 --- a/docs/content/reference/dynamic-configuration/kv-ref.md +++ b/docs/content/reference/dynamic-configuration/kv-ref.md @@ -84,11 +84,11 @@ | `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` | +| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/depth` | `42` | +| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` | +| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` | +| `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/0` | `foobar` | +| `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/1` | `foobar` | | `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` | @@ -247,8 +247,8 @@ | `traefik/http/services/Service04/failover/fallback` | `foobar` | | `traefik/http/services/Service04/failover/healthCheck` | `` | | `traefik/http/services/Service04/failover/service` | `foobar` | -| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` | -| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` | +| `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/0` | `foobar` | +| `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/1` | `foobar` | | `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` | | `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` | | `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` | diff --git a/docs/content/reference/dynamic-configuration/marathon-labels.json b/docs/content/reference/dynamic-configuration/marathon-labels.json index 7966f27f7..fdcc74cb3 100644 --- a/docs/content/reference/dynamic-configuration/marathon-labels.json +++ b/docs/content/reference/dynamic-configuration/marathon-labels.json @@ -71,9 +71,9 @@ "traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true", "traefik.http.middlewares.middleware10.headers.stspreload": "true", "traefik.http.middlewares.middleware10.headers.stsseconds": "42", -"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42", -"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar", -"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar", +"traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth": "42", +"traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips": "foobar, foobar", +"traefik.http.middlewares.middleware11.ipallowlist.sourcerange": "foobar, foobar", "traefik.http.middlewares.middleware12.inflightreq.amount": "42", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar", @@ -166,7 +166,7 @@ "traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true", "traefik.http.services.service01.loadbalancer.server.port": "foobar", "traefik.http.services.service01.loadbalancer.server.scheme": "foobar", -"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar", +"traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange": "foobar, foobar", "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42", "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar", "traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar", diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml index d7bd0b82c..85e80aae3 100644 --- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml @@ -572,7 +572,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -597,14 +597,14 @@ spec: type: boolean type: object type: object - ipWhiteList: - description: 'IPWhiteList holds the IP whitelist middleware configuration. + ipAllowList: + description: 'IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/' properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -768,7 +768,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml index 1f6eec940..78a449562 100644 --- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml @@ -47,8 +47,8 @@ spec: format: int64 type: integer type: object - ipWhiteList: - description: IPWhiteList defines the IPWhiteList middleware configuration. + ipAllowList: + description: IPAllowList defines the IPAllowList middleware configuration. properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md index 2fb474dda..f342fc87f 100644 --- a/docs/content/routing/providers/kubernetes-crd.md +++ b/docs/content/routing/providers/kubernetes-crd.md @@ -1287,9 +1287,9 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 - 192.168.1.7 @@ -1305,13 +1305,13 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern entryPoints: - web routes: - - match: Host(`example.com`) && PathPrefix(`/whitelist`) + - match: Host(`example.com`) && PathPrefix(`/allowlist`) kind: Rule services: - name: whoami port: 80 middlewares: - - name: ipwhitelist + - name: ipallowlist namespace: foo ``` diff --git a/docs/content/routing/routers/index.md b/docs/content/routing/routers/index.md index 446857266..00bd82375 100644 --- a/docs/content/routing/routers/index.md +++ b/docs/content/routing/routers/index.md @@ -986,7 +986,7 @@ The middlewares will take effect only if the rule matches, and before connecting [tcp.routers.my-router] rule = "HostSNI(`*`)" # declared elsewhere - middlewares = ["ipwhitelist"] + middlewares = ["ipallowlist"] service = "service-foo" ``` @@ -998,7 +998,7 @@ The middlewares will take effect only if the rule matches, and before connecting rule: "HostSNI(`*`)" # declared elsewhere middlewares: - - ipwhitelist + - ipallowlist service: service-foo ``` diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 549fa367c..2fb3d20be 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -126,7 +126,7 @@ nav: - 'Errors': 'middlewares/http/errorpages.md' - 'ForwardAuth': 'middlewares/http/forwardauth.md' - 'Headers': 'middlewares/http/headers.md' - - 'IpWhitelist': 'middlewares/http/ipwhitelist.md' + - 'IpAllowList': 'middlewares/http/ipallowlist.md' - 'InFlightReq': 'middlewares/http/inflightreq.md' - 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md' - 'RateLimit': 'middlewares/http/ratelimit.md' @@ -140,7 +140,7 @@ nav: - 'TCP': - 'Overview': 'middlewares/tcp/overview.md' - 'InFlightConn': 'middlewares/tcp/inflightconn.md' - - 'IpWhitelist': 'middlewares/tcp/ipwhitelist.md' + - 'IpAllowList': 'middlewares/tcp/ipallowlist.md' - 'Traefik Hub': 'traefik-hub/index.md' - 'Plugins & Plugin Catalog': 'plugins/index.md' - 'Operations': @@ -177,6 +177,7 @@ nav: - 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md' - 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md' - 'Migration': + - 'Traefik v2 to v3': 'migration/v2-to-v3.md' - 'Traefik v2 minor migrations': 'migration/v2.md' - 'Traefik v1 to v2': 'migration/v1-to-v2.md' - 'Contributing': diff --git a/integration/access_log_test.go b/integration/access_log_test.go index 458a491f6..ac00e47a9 100644 --- a/integration/access_log_test.go +++ b/integration/access_log_test.go @@ -435,7 +435,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound(c *check.C) { checkNoOtherTraefikProblems(c) } -func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { +func (s *AccessLogSuite) TestAccessLogFrontendAllowlist(c *check.C) { ensureWorkingDirectoryIsClean() expected := []accessLogValue{ @@ -443,7 +443,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { formatOnly: false, code: "403", user: "-", - routerName: "rt-frontendWhitelist", + routerName: "rt-frontendAllowlist", serviceURL: "-", }, } @@ -458,7 +458,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { checkStatsForLogFile(c) - waitForTraefik(c, "frontendWhitelist") + waitForTraefik(c, "frontendAllowlist") // Verify Traefik started OK checkTraefikStarted(c) @@ -466,7 +466,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { // Test rate limit req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil) c.Assert(err, checker.IsNil) - req.Host = "frontend.whitelist.docker.local" + req.Host = "frontend.allowlist.docker.local" err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusForbidden), try.HasBody()) c.Assert(err, checker.IsNil) diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 391c23a2c..d54fa537d 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -1149,7 +1149,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1174,14 +1174,14 @@ spec: type: boolean type: object type: object - ipWhiteList: - description: 'IPWhiteList holds the IP whitelist middleware configuration. + ipAllowList: + description: 'IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/' properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1345,7 +1345,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1541,8 +1541,8 @@ spec: format: int64 type: integer type: object - ipWhiteList: - description: IPWhiteList defines the IPWhiteList middleware configuration. + ipAllowList: + description: IPAllowList defines the IPAllowList middleware configuration. properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of diff --git a/integration/fixtures/simple_whitelist.toml b/integration/fixtures/simple_allowlist.toml similarity index 100% rename from integration/fixtures/simple_whitelist.toml rename to integration/fixtures/simple_allowlist.toml diff --git a/integration/fixtures/tcp/ip-whitelist.toml b/integration/fixtures/tcp/ipallowlist.toml similarity index 83% rename from integration/fixtures/tcp/ip-whitelist.toml rename to integration/fixtures/tcp/ipallowlist.toml index 2718f0544..2ef8c13f4 100644 --- a/integration/fixtures/tcp/ip-whitelist.toml +++ b/integration/fixtures/tcp/ipallowlist.toml @@ -23,7 +23,7 @@ entryPoints = ["tcp"] rule = "HostSNI(`whoami-a.test`)" service = "whoami-a" - middlewares = ["blocking-ipwhitelist"] + middlewares = ["blocking-ipallowlist"] [tcp.routers.to-whoami-a.tls] passthrough = true @@ -31,7 +31,7 @@ entryPoints = ["tcp"] rule = "HostSNI(`whoami-b.test`)" service = "whoami-b" - middlewares = ["allowing-ipwhitelist"] + middlewares = ["allowing-ipallowlist"] [tcp.routers.to-whoami-b.tls] passthrough = true @@ -45,7 +45,7 @@ address = "{{ .WhoamiB }}" [tcp.middlewares] - [tcp.middlewares.allowing-ipwhitelist.ipWhiteList] + [tcp.middlewares.allowing-ipallowlist.ipAllowList] sourceRange = ["127.0.0.1/32"] - [tcp.middlewares.blocking-ipwhitelist.ipWhiteList] + [tcp.middlewares.blocking-ipallowlist.ipAllowList] sourceRange = ["127.127.127.127/32"] diff --git a/integration/resources/compose/access_log.yml b/integration/resources/compose/access_log.yml index 91b1a0c48..4e0cdbc83 100644 --- a/integration/resources/compose/access_log.yml +++ b/integration/resources/compose/access_log.yml @@ -75,14 +75,14 @@ services: traefik.http.middlewares.rate.ratelimit.burst: 2 traefik.http.services.service3.loadbalancer.server.port: 80 - frontendWhitelist: + frontendAllowlist: image: traefik/whoami labels: traefik.enable: true - traefik.http.routers.rt-frontendWhitelist.entryPoints: web - traefik.http.routers.rt-frontendWhitelist.rule: Host(`frontend.whitelist.docker.local`) - traefik.http.routers.rt-frontendWhitelist.middlewares: wl - traefik.http.middlewares.wl.ipwhitelist.sourcerange: 8.8.8.8/32 + traefik.http.routers.rt-frontendAllowlist.entryPoints: web + traefik.http.routers.rt-frontendAllowlist.rule: Host(`frontend.allowlist.docker.local`) + traefik.http.routers.rt-frontendAllowlist.middlewares: wl + traefik.http.middlewares.wl.ipallowlist.sourcerange: 8.8.8.8/32 traefik.http.services.service3.loadbalancer.server.port: 80 networks: diff --git a/integration/resources/compose/allowlist.yml b/integration/resources/compose/allowlist.yml new file mode 100644 index 000000000..e5f4e0b31 --- /dev/null +++ b/integration/resources/compose/allowlist.yml @@ -0,0 +1,41 @@ +version: "3.8" +services: + noOverrideAllowlist: + image: traefik/whoami + labels: + traefik.enable: true + traefik.http.routers.rt1.rule: Host(`no.override.allowlist.docker.local`) + traefik.http.routers.rt1.middlewares: wl1 + traefik.http.middlewares.wl1.ipallowList.sourceRange: 8.8.8.8 + + overrideIPStrategyRemoteAddrAllowlist: + image: traefik/whoami + labels: + traefik.enable: true + traefik.http.routers.rt2.rule: Host(`override.remoteaddr.allowlist.docker.local`) + traefik.http.routers.rt2.middlewares: wl2 + traefik.http.middlewares.wl2.ipallowlist.sourceRange: 8.8.8.8 + traefik.http.middlewares.wl2.ipallowlist.ipStrategy: true + + overrideIPStrategyDepthAllowlist: + image: traefik/whoami + labels: + traefik.enable: true + traefik.http.routers.rt3.rule: Host(`override.depth.allowlist.docker.local`) + traefik.http.routers.rt3.middlewares: wl3 + traefik.http.middlewares.wl3.ipallowlist.sourceRange: 8.8.8.8 + traefik.http.middlewares.wl3.ipallowlist.ipStrategy.depth: 3 + + overrideIPStrategyExcludedIPsAllowlist: + image: traefik/whoami + labels: + traefik.enable: true + traefik.http.routers.rt4.rule: Host(`override.excludedips.allowlist.docker.local`) + traefik.http.routers.rt4.middlewares: wl4 + traefik.http.middlewares.wl4.ipallowlist.sourceRange: 8.8.8.8 + traefik.http.middlewares.wl4.ipallowlist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2 + +networks: + default: + name: traefik-test-network + external: true diff --git a/integration/resources/compose/whitelist.yml b/integration/resources/compose/whitelist.yml deleted file mode 100644 index dc120903d..000000000 --- a/integration/resources/compose/whitelist.yml +++ /dev/null @@ -1,41 +0,0 @@ -version: "3.8" -services: - noOverrideWhitelist: - image: traefik/whoami - labels: - traefik.enable: true - traefik.http.routers.rt1.rule: Host(`no.override.whitelist.docker.local`) - traefik.http.routers.rt1.middlewares: wl1 - traefik.http.middlewares.wl1.ipwhiteList.sourceRange: 8.8.8.8 - - overrideIPStrategyRemoteAddrWhitelist: - image: traefik/whoami - labels: - traefik.enable: true - traefik.http.routers.rt2.rule: Host(`override.remoteaddr.whitelist.docker.local`) - traefik.http.routers.rt2.middlewares: wl2 - traefik.http.middlewares.wl2.ipwhitelist.sourceRange: 8.8.8.8 - traefik.http.middlewares.wl2.ipwhitelist.ipStrategy: true - - overrideIPStrategyDepthWhitelist: - image: traefik/whoami - labels: - traefik.enable: true - traefik.http.routers.rt3.rule: Host(`override.depth.whitelist.docker.local`) - traefik.http.routers.rt3.middlewares: wl3 - traefik.http.middlewares.wl3.ipwhitelist.sourceRange: 8.8.8.8 - traefik.http.middlewares.wl3.ipwhitelist.ipStrategy.depth: 3 - - overrideIPStrategyExcludedIPsWhitelist: - image: traefik/whoami - labels: - traefik.enable: true - traefik.http.routers.rt4.rule: Host(`override.excludedips.whitelist.docker.local`) - traefik.http.routers.rt4.middlewares: wl4 - traefik.http.middlewares.wl4.ipwhitelist.sourceRange: 8.8.8.8 - traefik.http.middlewares.wl4.ipwhitelist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2 - -networks: - default: - name: traefik-test-network - external: true diff --git a/integration/simple_test.go b/integration/simple_test.go index c939d8f0a..015fa9df6 100644 --- a/integration/simple_test.go +++ b/integration/simple_test.go @@ -397,13 +397,13 @@ func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) { c.Assert(err, checker.IsNil) } -func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { - s.createComposeProject(c, "whitelist") +func (s *SimpleSuite) TestIPStrategyAllowlist(c *check.C) { + s.createComposeProject(c, "allowlist") s.composeUp(c) defer s.composeDown(c) - cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml")) + cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml")) defer output(c) err := cmd.Start() @@ -413,7 +413,7 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override")) c.Assert(err, checker.IsNil) - err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.whitelist.docker.local")) + err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.allowlist.docker.local")) c.Assert(err, checker.IsNil) testCases := []struct { @@ -425,31 +425,31 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { { desc: "override remote addr reject", xForwardedFor: "8.8.8.8,8.8.8.8", - host: "override.remoteaddr.whitelist.docker.local", + host: "override.remoteaddr.allowlist.docker.local", expectedStatusCode: 403, }, { desc: "override depth accept", xForwardedFor: "8.8.8.8,10.0.0.1,127.0.0.1", - host: "override.depth.whitelist.docker.local", + host: "override.depth.allowlist.docker.local", expectedStatusCode: 200, }, { desc: "override depth reject", xForwardedFor: "10.0.0.1,8.8.8.8,127.0.0.1", - host: "override.depth.whitelist.docker.local", + host: "override.depth.allowlist.docker.local", expectedStatusCode: 403, }, { desc: "override excludedIPs reject", xForwardedFor: "10.0.0.3,10.0.0.1,10.0.0.2", - host: "override.excludedips.whitelist.docker.local", + host: "override.excludedips.allowlist.docker.local", expectedStatusCode: 403, }, { desc: "override excludedIPs accept", xForwardedFor: "8.8.8.8,10.0.0.1,10.0.0.2", - host: "override.excludedips.whitelist.docker.local", + host: "override.excludedips.allowlist.docker.local", expectedStatusCode: 200, }, } @@ -468,12 +468,12 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { } func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) { - s.createComposeProject(c, "whitelist") + s.createComposeProject(c, "allowlist") s.composeUp(c) defer s.composeDown(c) - cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml")) + cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml")) defer output(c) err := cmd.Start() @@ -481,13 +481,13 @@ func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) { defer s.killCmd(cmd) err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, - try.BodyContains("override.remoteaddr.whitelist.docker.local")) + try.BodyContains("override.remoteaddr.allowlist.docker.local")) c.Assert(err, checker.IsNil) req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil) c.Assert(err, checker.IsNil) - req.Host = "override.depth.whitelist.docker.local" + req.Host = "override.depth.allowlist.docker.local" req.Header.Set("X-Forwarded-For", "8.8.8.8,10.0.0.1,127.0.0.1") err = try.Request(req, 1*time.Second, diff --git a/integration/tcp_test.go b/integration/tcp_test.go index 52a3813c9..c4da20a27 100644 --- a/integration/tcp_test.go +++ b/integration/tcp_test.go @@ -241,8 +241,8 @@ func (s *TCPSuite) TestCatchAllNoTLSWithHTTPS(c *check.C) { c.Assert(err, checker.IsNil) } -func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) { - file := s.adaptFile(c, "fixtures/tcp/ip-whitelist.toml", struct { +func (s *TCPSuite) TestMiddlewareAllowList(c *check.C) { + file := s.adaptFile(c, "fixtures/tcp/ipallowlist.toml", struct { WhoamiA string WhoamiB string }{ @@ -261,7 +261,7 @@ func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) { err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-a.test`)")) c.Assert(err, checker.IsNil) - // Traefik not passes through, ipWhitelist closes connection + // Traefik not passes through, ipAllowList closes connection _, err = guessWhoTLSPassthrough("127.0.0.1:8093", "whoami-a.test") c.Assert(err, checker.ErrorMatches, "EOF") diff --git a/pkg/api/handler_overview_test.go b/pkg/api/handler_overview_test.go index 8937c0204..b7f96c6b9 100644 --- a/pkg/api/handler_overview_test.go +++ b/pkg/api/handler_overview_test.go @@ -173,24 +173,24 @@ func TestHandler_Overview(t *testing.T) { }, }, TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist1@myprovider": { + "ipallowlist1@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, Status: runtime.StatusEnabled, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, }, - "ipwhitelist3@myprovider": { + "ipallowlist3@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, diff --git a/pkg/api/handler_tcp_test.go b/pkg/api/handler_tcp_test.go index 3e14921fb..18ac7708c 100644 --- a/pkg/api/handler_tcp_test.go +++ b/pkg/api/handler_tcp_test.go @@ -512,25 +512,25 @@ func TestHandler_TCP(t *testing.T) { path: "/api/tcp/middlewares", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist1@myprovider": { + "ipallowlist1@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.2/32"}, }, }, UsedBy: []string{"test@myprovider"}, }, - "ipwhitelist1@anotherprovider": { + "ipallowlist1@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -549,27 +549,27 @@ func TestHandler_TCP(t *testing.T) { path: "/api/tcp/middlewares?status=enabled", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, Status: runtime.StatusEnabled, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.2/32"}, }, }, UsedBy: []string{"test@myprovider"}, Status: runtime.StatusDisabled, }, - "ipwhitelist@anotherprovider": { + "ipallowlist@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -586,30 +586,30 @@ func TestHandler_TCP(t *testing.T) { }, { desc: "middlewares filtered by search", - path: "/api/tcp/middlewares?search=ipwhitelist", + path: "/api/tcp/middlewares?search=ipallowlist", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ "bad@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, Status: runtime.StatusEnabled, }, - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"test@myprovider"}, Status: runtime.StatusDisabled, }, - "ipwhitelist@anotherprovider": { + "ipallowlist@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -629,25 +629,25 @@ func TestHandler_TCP(t *testing.T) { path: "/api/tcp/middlewares?page=2&per_page=1", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.2/32"}, }, }, UsedBy: []string{"test@myprovider"}, }, - "ipwhitelist@anotherprovider": { + "ipallowlist@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -663,28 +663,28 @@ func TestHandler_TCP(t *testing.T) { }, { desc: "one middleware by id", - path: "/api/tcp/middlewares/ipwhitelist@myprovider", + path: "/api/tcp/middlewares/ipallowlist@myprovider", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.2/32"}, }, }, UsedBy: []string{"test@myprovider"}, }, - "ipwhitelist@anotherprovider": { + "ipallowlist@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -694,7 +694,7 @@ func TestHandler_TCP(t *testing.T) { }, expected: expected{ statusCode: http.StatusOK, - jsonFile: "testdata/tcpmiddleware-ipwhitelist.json", + jsonFile: "testdata/tcpmiddleware-ipallowlist.json", }, }, { @@ -702,9 +702,9 @@ func TestHandler_TCP(t *testing.T) { path: "/api/tcp/middlewares/foo@myprovider", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, diff --git a/pkg/api/testdata/tcpmiddleware-ipwhitelist.json b/pkg/api/testdata/tcpmiddleware-ipallowlist.json similarity index 64% rename from pkg/api/testdata/tcpmiddleware-ipwhitelist.json rename to pkg/api/testdata/tcpmiddleware-ipallowlist.json index 95f2540de..e3cf5ff72 100644 --- a/pkg/api/testdata/tcpmiddleware-ipwhitelist.json +++ b/pkg/api/testdata/tcpmiddleware-ipallowlist.json @@ -1,13 +1,13 @@ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@myprovider", + "name": "ipallowlist@myprovider", "provider": "myprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider", "test@myprovider" ] -} \ No newline at end of file +} diff --git a/pkg/api/testdata/tcpmiddlewares-filtered-search.json b/pkg/api/testdata/tcpmiddlewares-filtered-search.json index 5dc58379e..cd8ce0265 100644 --- a/pkg/api/testdata/tcpmiddlewares-filtered-search.json +++ b/pkg/api/testdata/tcpmiddlewares-filtered-search.json @@ -1,26 +1,26 @@ [ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@anotherprovider", + "name": "ipallowlist@anotherprovider", "provider": "anotherprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider" ] }, { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@myprovider", + "name": "ipallowlist@myprovider", "provider": "myprovider", "status": "disabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "test@myprovider" ] } -] \ No newline at end of file +] diff --git a/pkg/api/testdata/tcpmiddlewares-filtered-status.json b/pkg/api/testdata/tcpmiddlewares-filtered-status.json index 906679181..f9a0cf9ae 100644 --- a/pkg/api/testdata/tcpmiddlewares-filtered-status.json +++ b/pkg/api/testdata/tcpmiddlewares-filtered-status.json @@ -1,27 +1,27 @@ [ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@anotherprovider", + "name": "ipallowlist@anotherprovider", "provider": "anotherprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider" ] }, { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@myprovider", + "name": "ipallowlist@myprovider", "provider": "myprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider", "test@myprovider" ] } -] \ No newline at end of file +] diff --git a/pkg/api/testdata/tcpmiddlewares-page2.json b/pkg/api/testdata/tcpmiddlewares-page2.json index 76c516876..4195437e3 100644 --- a/pkg/api/testdata/tcpmiddlewares-page2.json +++ b/pkg/api/testdata/tcpmiddlewares-page2.json @@ -1,14 +1,14 @@ [ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@anotherprovider", + "name": "ipallowlist@anotherprovider", "provider": "anotherprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider" ] } -] \ No newline at end of file +] diff --git a/pkg/api/testdata/tcpmiddlewares.json b/pkg/api/testdata/tcpmiddlewares.json index b1c0cdab1..381ffe658 100644 --- a/pkg/api/testdata/tcpmiddlewares.json +++ b/pkg/api/testdata/tcpmiddlewares.json @@ -1,39 +1,39 @@ [ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist1@anotherprovider", + "name": "ipallowlist1@anotherprovider", "provider": "anotherprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider" ] }, { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist1@myprovider", + "name": "ipallowlist1@myprovider", "provider": "myprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider", "test@myprovider" ] }, { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.2/32"] }, - "name": "ipwhitelist2@myprovider", + "name": "ipallowlist2@myprovider", "provider": "myprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "test@myprovider" ] } -] \ No newline at end of file +] diff --git a/pkg/config/dynamic/fixtures/sample.toml b/pkg/config/dynamic/fixtures/sample.toml index 11e586ea0..4e52c4d03 100644 --- a/pkg/config/dynamic/fixtures/sample.toml +++ b/pkg/config/dynamic/fixtures/sample.toml @@ -358,11 +358,11 @@ [http.middlewares.Middleware5.chain] middlewares = ["foobar", "foobar"] [http.middlewares.Middleware6] - [http.middlewares.Middleware6.ipWhiteList] + [http.middlewares.Middleware6.ipAllowList] sourceRange = ["foobar", "foobar"] [http.middlewares.Middleware7] - [http.middlewares.Middleware7.ipWhiteList] - [http.middlewares.Middleware7.ipWhiteList.ipStrategy] + [http.middlewares.Middleware7.ipAllowList] + [http.middlewares.Middleware7.ipAllowList.ipStrategy] depth = 42 excludedIPs = ["foobar", "foobar"] [http.middlewares.Middleware8] diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index 0d849c273..25eab40fa 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -18,7 +18,7 @@ type Middleware struct { ReplacePath *ReplacePath `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"` ReplacePathRegex *ReplacePathRegex `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"` Chain *Chain `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"` - IPWhiteList *IPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"` + IPAllowList *IPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"` Headers *Headers `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"` Errors *ErrorPage `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"` RateLimit *RateLimit `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"` @@ -346,7 +346,7 @@ func (h *Headers) HasSecureHeadersDefined() bool { // +k8s:deepcopy-gen=true // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. -// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy +// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy type IPStrategy struct { // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"` @@ -385,10 +385,10 @@ func (s *IPStrategy) Get() (ip.Strategy, error) { // +k8s:deepcopy-gen=true -// IPWhiteList holds the IP whitelist middleware configuration. +// IPAllowList holds the IP allowlist middleware configuration. // This middleware accepts / refuses requests based on the client IP. -// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/ -type IPWhiteList struct { +// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/ +type IPAllowList struct { // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"` diff --git a/pkg/config/dynamic/tcp_middlewares.go b/pkg/config/dynamic/tcp_middlewares.go index 620db44b4..a9e191287 100644 --- a/pkg/config/dynamic/tcp_middlewares.go +++ b/pkg/config/dynamic/tcp_middlewares.go @@ -5,7 +5,7 @@ package dynamic // TCPMiddleware holds the TCPMiddleware configuration. type TCPMiddleware struct { InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"` - IPWhiteList *TCPIPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"` + IPAllowList *TCPIPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"` } // +k8s:deepcopy-gen=true @@ -22,9 +22,9 @@ type TCPInFlightConn struct { // +k8s:deepcopy-gen=true -// TCPIPWhiteList holds the TCP IPWhiteList middleware configuration. +// TCPIPAllowList holds the TCP IPAllowList middleware configuration. // This middleware accepts/refuses connections based on the client IP. -type TCPIPWhiteList struct { +type TCPIPAllowList struct { // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` } diff --git a/pkg/config/dynamic/zz_generated.deepcopy.go b/pkg/config/dynamic/zz_generated.deepcopy.go index adba5a4ee..241088ea0 100644 --- a/pkg/config/dynamic/zz_generated.deepcopy.go +++ b/pkg/config/dynamic/zz_generated.deepcopy.go @@ -532,6 +532,32 @@ func (in *HealthCheck) DeepCopy() *HealthCheck { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAllowList) DeepCopyInto(out *IPAllowList) { + *out = *in + if in.SourceRange != nil { + in, out := &in.SourceRange, &out.SourceRange + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IPStrategy != nil { + in, out := &in.IPStrategy, &out.IPStrategy + *out = new(IPStrategy) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAllowList. +func (in *IPAllowList) DeepCopy() *IPAllowList { + if in == nil { + return nil + } + out := new(IPAllowList) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPStrategy) DeepCopyInto(out *IPStrategy) { *out = *in @@ -553,32 +579,6 @@ func (in *IPStrategy) DeepCopy() *IPStrategy { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IPWhiteList) DeepCopyInto(out *IPWhiteList) { - *out = *in - if in.SourceRange != nil { - in, out := &in.SourceRange, &out.SourceRange - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.IPStrategy != nil { - in, out := &in.IPStrategy, &out.IPStrategy - *out = new(IPStrategy) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPWhiteList. -func (in *IPWhiteList) DeepCopy() *IPWhiteList { - if in == nil { - return nil - } - out := new(IPWhiteList) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InFlightReq) DeepCopyInto(out *InFlightReq) { *out = *in @@ -654,9 +654,9 @@ func (in *Middleware) DeepCopyInto(out *Middleware) { *out = new(Chain) (*in).DeepCopyInto(*out) } - if in.IPWhiteList != nil { - in, out := &in.IPWhiteList, &out.IPWhiteList - *out = new(IPWhiteList) + if in.IPAllowList != nil { + in, out := &in.IPAllowList, &out.IPAllowList + *out = new(IPAllowList) (*in).DeepCopyInto(*out) } if in.Headers != nil { @@ -1382,7 +1382,7 @@ func (in *TCPConfiguration) DeepCopy() *TCPConfiguration { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) { +func (in *TCPIPAllowList) DeepCopyInto(out *TCPIPAllowList) { *out = *in if in.SourceRange != nil { in, out := &in.SourceRange, &out.SourceRange @@ -1392,12 +1392,12 @@ func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPWhiteList. -func (in *TCPIPWhiteList) DeepCopy() *TCPIPWhiteList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPAllowList. +func (in *TCPIPAllowList) DeepCopy() *TCPIPAllowList { if in == nil { return nil } - out := new(TCPIPWhiteList) + out := new(TCPIPAllowList) in.DeepCopyInto(out) return out } @@ -1426,9 +1426,9 @@ func (in *TCPMiddleware) DeepCopyInto(out *TCPMiddleware) { *out = new(TCPInFlightConn) **out = **in } - if in.IPWhiteList != nil { - in, out := &in.IPWhiteList, &out.IPWhiteList - *out = new(TCPIPWhiteList) + if in.IPAllowList != nil { + in, out := &in.IPAllowList, &out.IPAllowList + *out = new(TCPIPAllowList) (*in).DeepCopyInto(*out) } return diff --git a/pkg/config/label/label_test.go b/pkg/config/label/label_test.go index d9b40ffb8..e3bb4e609 100644 --- a/pkg/config/label/label_test.go +++ b/pkg/config/label/label_test.go @@ -82,9 +82,9 @@ func TestDecodeConfiguration(t *testing.T) { "traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true", "traefik.http.middlewares.Middleware8.headers.stspreload": "true", "traefik.http.middlewares.Middleware8.headers.stsseconds": "42", - "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth": "42", - "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips": "foobar, fiibar", - "traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.depth": "42", + "traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.excludedips": "foobar, fiibar", + "traefik.http.middlewares.Middleware9.ipallowlist.sourcerange": "foobar, fiibar", "traefik.http.middlewares.Middleware10.inflightreq.amount": "42", "traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth": "42", "traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar", @@ -180,7 +180,7 @@ func TestDecodeConfiguration(t *testing.T) { "traefik.http.services.Service1.loadbalancer.sticky": "false", "traefik.http.services.Service1.loadbalancer.sticky.cookie.name": "fui", - "traefik.tcp.middlewares.Middleware0.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware0.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware2.inflightconn.amount": "42", "traefik.tcp.routers.Router0.rule": "foobar", "traefik.tcp.routers.Router0.priority": "42", @@ -244,7 +244,7 @@ func TestDecodeConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware0": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, @@ -611,7 +611,7 @@ func TestDecodeConfiguration(t *testing.T) { }, }, "Middleware9": { - IPWhiteList: &dynamic.IPWhiteList{ + IPAllowList: &dynamic.IPAllowList{ SourceRange: []string{ "foobar", "fiibar", @@ -741,7 +741,7 @@ func TestEncodeConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware0": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, @@ -1113,7 +1113,7 @@ func TestEncodeConfiguration(t *testing.T) { }, }, "Middleware9": { - IPWhiteList: &dynamic.IPWhiteList{ + IPAllowList: &dynamic.IPAllowList{ SourceRange: []string{ "foobar", "fiibar", @@ -1265,9 +1265,9 @@ func TestEncodeConfiguration(t *testing.T) { "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42", - "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth": "42", - "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs": "foobar, fiibar", - "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange": "foobar, fiibar", + "traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.Depth": "42", + "traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.ExcludedIPs": "foobar, fiibar", + "traefik.HTTP.Middlewares.Middleware9.IPAllowList.SourceRange": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount": "42", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth": "42", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar", @@ -1360,7 +1360,7 @@ func TestEncodeConfiguration(t *testing.T) { "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme": "foobar", "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0": "foobar", - "traefik.TCP.Middlewares.Middleware0.IPWhiteList.SourceRange": "foobar, fiibar", + "traefik.TCP.Middlewares.Middleware0.IPAllowList.SourceRange": "foobar, fiibar", "traefik.TCP.Middlewares.Middleware2.InFlightConn.Amount": "42", "traefik.TCP.Routers.Router0.Rule": "foobar", "traefik.TCP.Routers.Router0.Priority": "42", diff --git a/pkg/ip/checker_test.go b/pkg/ip/checker_test.go index da2f07861..69ab9c1da 100644 --- a/pkg/ip/checker_test.go +++ b/pkg/ip/checker_test.go @@ -11,25 +11,25 @@ import ( func TestIsAuthorized(t *testing.T) { testCases := []struct { desc string - whiteList []string + allowList []string remoteAddr string authorized bool }{ { desc: "remoteAddr not in range", - whiteList: []string{"1.2.3.4/24"}, + allowList: []string{"1.2.3.4/24"}, remoteAddr: "10.2.3.1:123", authorized: false, }, { desc: "remoteAddr in range", - whiteList: []string{"1.2.3.4/24"}, + allowList: []string{"1.2.3.4/24"}, remoteAddr: "1.2.3.1:123", authorized: true, }, { desc: "octal ip in remoteAddr", - whiteList: []string{"127.2.3.4/24"}, + allowList: []string{"127.2.3.4/24"}, remoteAddr: "0127.2.3.1:123", authorized: false, }, @@ -40,7 +40,7 @@ func TestIsAuthorized(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - ipChecker, err := NewChecker(test.whiteList) + ipChecker, err := NewChecker(test.allowList) require.NoError(t, err) err = ipChecker.IsAuthorized(test.remoteAddr) diff --git a/pkg/middlewares/ipwhitelist/ip_whitelist.go b/pkg/middlewares/ipallowlist/ip_allowlist.go similarity index 59% rename from pkg/middlewares/ipwhitelist/ip_whitelist.go rename to pkg/middlewares/ipallowlist/ip_allowlist.go index dde042b42..d700a9279 100644 --- a/pkg/middlewares/ipwhitelist/ip_whitelist.go +++ b/pkg/middlewares/ipallowlist/ip_allowlist.go @@ -1,4 +1,4 @@ -package ipwhitelist +package ipallowlist import ( "context" @@ -15,29 +15,29 @@ import ( ) const ( - typeName = "IPWhiteLister" + typeName = "IPAllowLister" ) -// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists. -type ipWhiteLister struct { +// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists. +type ipAllowLister struct { next http.Handler - whiteLister *ip.Checker + allowLister *ip.Checker strategy ip.Strategy name string } -// New builds a new IPWhiteLister given a list of CIDR-Strings to whitelist. -func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, name string) (http.Handler, error) { +// New builds a new IPAllowLister given a list of CIDR-Strings to allow. +func New(ctx context.Context, next http.Handler, config dynamic.IPAllowList, name string) (http.Handler, error) { logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)) logger.Debug("Creating middleware") if len(config.SourceRange) == 0 { - return nil, errors.New("sourceRange is empty, IPWhiteLister not created") + return nil, errors.New("sourceRange is empty, IPAllowLister not created") } checker, err := ip.NewChecker(config.SourceRange) if err != nil { - return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err) + return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err) } strategy, err := config.IPStrategy.Get() @@ -45,26 +45,26 @@ func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, nam return nil, err } - logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange) + logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange) - return &ipWhiteLister{ + return &ipAllowLister{ strategy: strategy, - whiteLister: checker, + allowLister: checker, next: next, name: name, }, nil } -func (wl *ipWhiteLister) GetTracingInformation() (string, ext.SpanKindEnum) { - return wl.name, tracing.SpanKindNoneEnum +func (al *ipAllowLister) GetTracingInformation() (string, ext.SpanKindEnum) { + return al.name, tracing.SpanKindNoneEnum } -func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) { - ctx := middlewares.GetLoggerCtx(req.Context(), wl.name, typeName) +func (al *ipAllowLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) { + ctx := middlewares.GetLoggerCtx(req.Context(), al.name, typeName) logger := log.FromContext(ctx) - clientIP := wl.strategy.GetIP(req) - err := wl.whiteLister.IsAuthorized(clientIP) + clientIP := al.strategy.GetIP(req) + err := al.allowLister.IsAuthorized(clientIP) if err != nil { msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err) logger.Debug(msg) @@ -74,7 +74,7 @@ func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) { } logger.Debugf("Accepting IP %s", clientIP) - wl.next.ServeHTTP(rw, req) + al.next.ServeHTTP(rw, req) } func reject(ctx context.Context, rw http.ResponseWriter) { diff --git a/pkg/middlewares/ipwhitelist/ip_whitelist_test.go b/pkg/middlewares/ipallowlist/ip_allowlist_test.go similarity index 73% rename from pkg/middlewares/ipwhitelist/ip_whitelist_test.go rename to pkg/middlewares/ipallowlist/ip_allowlist_test.go index 2fabbfae7..df2e49835 100644 --- a/pkg/middlewares/ipwhitelist/ip_whitelist_test.go +++ b/pkg/middlewares/ipallowlist/ip_allowlist_test.go @@ -1,4 +1,4 @@ -package ipwhitelist +package ipallowlist import ( "context" @@ -11,22 +11,22 @@ import ( "github.com/traefik/traefik/v2/pkg/config/dynamic" ) -func TestNewIPWhiteLister(t *testing.T) { +func TestNewIPAllowLister(t *testing.T) { testCases := []struct { desc string - whiteList dynamic.IPWhiteList + allowList dynamic.IPAllowList expectedError bool }{ { desc: "invalid IP", - whiteList: dynamic.IPWhiteList{ + allowList: dynamic.IPAllowList{ SourceRange: []string{"foo"}, }, expectedError: true, }, { desc: "valid IP", - whiteList: dynamic.IPWhiteList{ + allowList: dynamic.IPAllowList{ SourceRange: []string{"10.10.10.10"}, }, }, @@ -38,28 +38,28 @@ func TestNewIPWhiteLister(t *testing.T) { t.Parallel() next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) - whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") + allowLister, err := New(context.Background(), next, test.allowList, "traefikTest") if test.expectedError { assert.Error(t, err) } else { require.NoError(t, err) - assert.NotNil(t, whiteLister) + assert.NotNil(t, allowLister) } }) } } -func TestIPWhiteLister_ServeHTTP(t *testing.T) { +func TestIPAllowLister_ServeHTTP(t *testing.T) { testCases := []struct { desc string - whiteList dynamic.IPWhiteList + allowList dynamic.IPAllowList remoteAddr string expected int }{ { desc: "authorized with remote address", - whiteList: dynamic.IPWhiteList{ + allowList: dynamic.IPAllowList{ SourceRange: []string{"20.20.20.20"}, }, remoteAddr: "20.20.20.20:1234", @@ -67,7 +67,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { }, { desc: "non authorized with remote address", - whiteList: dynamic.IPWhiteList{ + allowList: dynamic.IPAllowList{ SourceRange: []string{"20.20.20.20"}, }, remoteAddr: "20.20.20.21:1234", @@ -81,7 +81,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { t.Parallel() next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) - whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") + allowLister, err := New(context.Background(), next, test.allowList, "traefikTest") require.NoError(t, err) recorder := httptest.NewRecorder() @@ -92,7 +92,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { req.RemoteAddr = test.remoteAddr } - whiteLister.ServeHTTP(recorder, req) + allowLister.ServeHTTP(recorder, req) assert.Equal(t, test.expected, recorder.Code) }) diff --git a/pkg/middlewares/tcp/ipwhitelist/ip_whitelist.go b/pkg/middlewares/tcp/ipallowlist/ip_allowlist.go similarity index 54% rename from pkg/middlewares/tcp/ipwhitelist/ip_whitelist.go rename to pkg/middlewares/tcp/ipallowlist/ip_allowlist.go index 755972e70..7e8dafdc4 100644 --- a/pkg/middlewares/tcp/ipwhitelist/ip_whitelist.go +++ b/pkg/middlewares/tcp/ipallowlist/ip_allowlist.go @@ -1,4 +1,4 @@ -package tcpipwhitelist +package tcpipallowlist import ( "context" @@ -13,46 +13,46 @@ import ( ) const ( - typeName = "IPWhiteListerTCP" + typeName = "IPAllowListerTCP" ) -// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists. -type ipWhiteLister struct { +// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists. +type ipAllowLister struct { next tcp.Handler - whiteLister *ip.Checker + allowLister *ip.Checker name string } -// New builds a new TCP IPWhiteLister given a list of CIDR-Strings to whitelist. -func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPWhiteList, name string) (tcp.Handler, error) { +// New builds a new TCP IPAllowLister given a list of CIDR-Strings to allow. +func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPAllowList, name string) (tcp.Handler, error) { logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)) logger.Debug("Creating middleware") if len(config.SourceRange) == 0 { - return nil, errors.New("sourceRange is empty, IPWhiteLister not created") + return nil, errors.New("sourceRange is empty, IPAllowLister not created") } checker, err := ip.NewChecker(config.SourceRange) if err != nil { - return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err) + return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err) } - logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange) + logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange) - return &ipWhiteLister{ - whiteLister: checker, + return &ipAllowLister{ + allowLister: checker, next: next, name: name, }, nil } -func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) { - ctx := middlewares.GetLoggerCtx(context.Background(), wl.name, typeName) +func (al *ipAllowLister) ServeTCP(conn tcp.WriteCloser) { + ctx := middlewares.GetLoggerCtx(context.Background(), al.name, typeName) logger := log.FromContext(ctx) addr := conn.RemoteAddr().String() - err := wl.whiteLister.IsAuthorized(addr) + err := al.allowLister.IsAuthorized(addr) if err != nil { logger.Errorf("Connection from %s rejected: %v", addr, err) conn.Close() @@ -61,5 +61,5 @@ func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) { logger.Debugf("Connection from %s accepted", addr) - wl.next.ServeTCP(conn) + al.next.ServeTCP(conn) } diff --git a/pkg/middlewares/tcp/ipwhitelist/ip_whitelist_test.go b/pkg/middlewares/tcp/ipallowlist/ip_allowlist_test.go similarity index 76% rename from pkg/middlewares/tcp/ipwhitelist/ip_whitelist_test.go rename to pkg/middlewares/tcp/ipallowlist/ip_allowlist_test.go index 67780dfb6..75bef050d 100644 --- a/pkg/middlewares/tcp/ipwhitelist/ip_whitelist_test.go +++ b/pkg/middlewares/tcp/ipallowlist/ip_allowlist_test.go @@ -1,4 +1,4 @@ -package tcpipwhitelist +package tcpipallowlist import ( "context" @@ -12,27 +12,27 @@ import ( "github.com/traefik/traefik/v2/pkg/tcp" ) -func TestNewIPWhiteLister(t *testing.T) { +func TestNewIPAllowLister(t *testing.T) { testCases := []struct { desc string - whiteList dynamic.TCPIPWhiteList + allowList dynamic.TCPIPAllowList expectedError bool }{ { desc: "Empty config", - whiteList: dynamic.TCPIPWhiteList{}, + allowList: dynamic.TCPIPAllowList{}, expectedError: true, }, { desc: "invalid IP", - whiteList: dynamic.TCPIPWhiteList{ + allowList: dynamic.TCPIPAllowList{ SourceRange: []string{"foo"}, }, expectedError: true, }, { desc: "valid IP", - whiteList: dynamic.TCPIPWhiteList{ + allowList: dynamic.TCPIPAllowList{ SourceRange: []string{"10.10.10.10"}, }, }, @@ -44,28 +44,28 @@ func TestNewIPWhiteLister(t *testing.T) { t.Parallel() next := tcp.HandlerFunc(func(conn tcp.WriteCloser) {}) - whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") + allowLister, err := New(context.Background(), next, test.allowList, "traefikTest") if test.expectedError { assert.Error(t, err) } else { require.NoError(t, err) - assert.NotNil(t, whiteLister) + assert.NotNil(t, allowLister) } }) } } -func TestIPWhiteLister_ServeHTTP(t *testing.T) { +func TestIPAllowLister_ServeHTTP(t *testing.T) { testCases := []struct { desc string - whiteList dynamic.TCPIPWhiteList + allowList dynamic.TCPIPAllowList remoteAddr string expected string }{ { desc: "authorized with remote address", - whiteList: dynamic.TCPIPWhiteList{ + allowList: dynamic.TCPIPAllowList{ SourceRange: []string{"20.20.20.20"}, }, remoteAddr: "20.20.20.20:1234", @@ -73,7 +73,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { }, { desc: "non authorized with remote address", - whiteList: dynamic.TCPIPWhiteList{ + allowList: dynamic.TCPIPAllowList{ SourceRange: []string{"20.20.20.20"}, }, remoteAddr: "20.20.20.21:1234", @@ -94,13 +94,13 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { require.NoError(t, err) }) - whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") + allowLister, err := New(context.Background(), next, test.allowList, "traefikTest") require.NoError(t, err) server, client := net.Pipe() go func() { - whiteLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}}) + allowLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}}) }() read, err := io.ReadAll(server) diff --git a/pkg/provider/consulcatalog/config_test.go b/pkg/provider/consulcatalog/config_test.go index 3d54b5436..bb4653782 100644 --- a/pkg/provider/consulcatalog/config_test.go +++ b/pkg/provider/consulcatalog/config_test.go @@ -2022,7 +2022,7 @@ func Test_buildConfiguration(t *testing.T) { Name: "Test", Labels: map[string]string{ "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.routers.Test.middlewares": "Middleware1", }, Address: "127.0.0.1", @@ -2041,7 +2041,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/docker/config_test.go b/pkg/provider/docker/config_test.go index ed8b58b7c..d5a9dca8c 100644 --- a/pkg/provider/docker/config_test.go +++ b/pkg/provider/docker/config_test.go @@ -2611,7 +2611,7 @@ func Test_buildConfiguration(t *testing.T) { Name: "Test", Labels: map[string]string{ "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.routers.Test.middlewares": "Middleware1", }, NetworkSettings: networkSettings{ @@ -2638,7 +2638,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/ecs/config_test.go b/pkg/provider/ecs/config_test.go index a34a53766..3ab9c477d 100644 --- a/pkg/provider/ecs/config_test.go +++ b/pkg/provider/ecs/config_test.go @@ -2333,7 +2333,7 @@ func Test_buildConfiguration(t *testing.T) { name("Test"), labels(map[string]string{ "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.routers.Test.middlewares": "Middleware1", }), iMachine( @@ -2356,7 +2356,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml index b36e821b2..19f83bd76 100644 --- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml +++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml @@ -1,10 +1,10 @@ apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: default spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 @@ -12,10 +12,10 @@ spec: apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: foo spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 --- @@ -36,6 +36,6 @@ spec: port: 8000 middlewares: - - name: ipwhitelist - - name: ipwhitelist + - name: ipallowlist + - name: ipallowlist namespace: foo diff --git a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml index b672e56e9..731d8aaba 100644 --- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml +++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml @@ -1,10 +1,10 @@ apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: default spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 @@ -12,10 +12,10 @@ spec: apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: foo spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 --- @@ -36,9 +36,9 @@ spec: port: 8000 middlewares: - - name: ipwhitelist - - name: ipwhitelist + - name: ipallowlist + - name: ipallowlist namespace: foo - - name: ipwhitelist@file - - name: ipwhitelist-foo@file + - name: ipallowlist@file + - name: ipallowlist-foo@file namespace: foo diff --git a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml index dc66091c2..ba7aed1c0 100644 --- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml +++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml @@ -4,7 +4,7 @@ metadata: name: multiple---hyphens namespace: default spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 diff --git a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml index af8dd075d..8b631fc98 100644 --- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml +++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml @@ -1,10 +1,10 @@ apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: default spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 @@ -12,10 +12,10 @@ spec: apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: cross-ns spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 --- @@ -36,7 +36,7 @@ spec: port: 8000 middlewares: - - name: ipwhitelist + - name: ipallowlist - match: HostSNI(`bar.com`) services: @@ -44,5 +44,5 @@ spec: port: 8000 middlewares: - - name: ipwhitelist + - name: ipallowlist namespace: cross-ns diff --git a/pkg/provider/kubernetes/crd/kubernetes.go b/pkg/provider/kubernetes/crd/kubernetes.go index ff6c6b588..bc0368179 100644 --- a/pkg/provider/kubernetes/crd/kubernetes.go +++ b/pkg/provider/kubernetes/crd/kubernetes.go @@ -263,7 +263,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client) ReplacePath: middleware.Spec.ReplacePath, ReplacePathRegex: middleware.Spec.ReplacePathRegex, Chain: createChainMiddleware(ctxMid, middleware.Namespace, middleware.Spec.Chain), - IPWhiteList: middleware.Spec.IPWhiteList, + IPAllowList: middleware.Spec.IPAllowList, Headers: middleware.Spec.Headers, Errors: errorPage, RateLimit: rateLimit, @@ -288,7 +288,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client) conf.TCP.Middlewares[id] = &dynamic.TCPMiddleware{ InFlightConn: middlewareTCP.Spec.InFlightConn, - IPWhiteList: middlewareTCP.Spec.IPWhiteList, + IPAllowList: middlewareTCP.Spec.IPAllowList, } } diff --git a/pkg/provider/kubernetes/crd/kubernetes_test.go b/pkg/provider/kubernetes/crd/kubernetes_test.go index 60c079406..1189364e5 100644 --- a/pkg/provider/kubernetes/crd/kubernetes_test.go +++ b/pkg/provider/kubernetes/crd/kubernetes_test.go @@ -119,18 +119,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) { "default-test.route-fdd3e9338e47a45efefc": { EntryPoints: []string{"foo"}, Service: "default-test.route-fdd3e9338e47a45efefc", - Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist"}, + Middlewares: []string{"default-ipallowlist", "foo-ipallowlist"}, Rule: "HostSNI(`foo.com`)", }, }, Middlewares: map[string]*dynamic.TCPMiddleware{ - "default-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "default-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, - "foo-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "foo-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -178,7 +178,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "default-multiple-hyphens": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -220,18 +220,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) { "default-test.route-fdd3e9338e47a45efefc": { EntryPoints: []string{"foo"}, Service: "default-test.route-fdd3e9338e47a45efefc", - Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist", "ipwhitelist@file", "ipwhitelist-foo@file"}, + Middlewares: []string{"default-ipallowlist", "foo-ipallowlist", "ipallowlist@file", "ipallowlist-foo@file"}, Rule: "HostSNI(`foo.com`)", }, }, Middlewares: map[string]*dynamic.TCPMiddleware{ - "default-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "default-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, - "foo-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "foo-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -5459,18 +5459,18 @@ func TestCrossNamespace(t *testing.T) { "default-test.route-fdd3e9338e47a45efefc": { EntryPoints: []string{"foo"}, Service: "default-test.route-fdd3e9338e47a45efefc", - Middlewares: []string{"default-ipwhitelist"}, + Middlewares: []string{"default-ipallowlist"}, Rule: "HostSNI(`foo.com`)", }, }, Middlewares: map[string]*dynamic.TCPMiddleware{ - "default-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "default-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, - "cross-ns-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "cross-ns-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -5513,24 +5513,24 @@ func TestCrossNamespace(t *testing.T) { "default-test.route-fdd3e9338e47a45efefc": { EntryPoints: []string{"foo"}, Service: "default-test.route-fdd3e9338e47a45efefc", - Middlewares: []string{"default-ipwhitelist"}, + Middlewares: []string{"default-ipallowlist"}, Rule: "HostSNI(`foo.com`)", }, "default-test.route-f44ce589164e656d231c": { EntryPoints: []string{"foo"}, Service: "default-test.route-f44ce589164e656d231c", - Middlewares: []string{"cross-ns-ipwhitelist"}, + Middlewares: []string{"cross-ns-ipallowlist"}, Rule: "HostSNI(`bar.com`)", }, }, Middlewares: map[string]*dynamic.TCPMiddleware{ - "default-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "default-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, - "cross-ns-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "cross-ns-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go index b53f5905f..5483b2bdd 100644 --- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go +++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go @@ -32,7 +32,7 @@ type MiddlewareSpec struct { ReplacePath *dynamic.ReplacePath `json:"replacePath,omitempty"` ReplacePathRegex *dynamic.ReplacePathRegex `json:"replacePathRegex,omitempty"` Chain *Chain `json:"chain,omitempty"` - IPWhiteList *dynamic.IPWhiteList `json:"ipWhiteList,omitempty"` + IPAllowList *dynamic.IPAllowList `json:"ipAllowList,omitempty"` Headers *dynamic.Headers `json:"headers,omitempty"` Errors *ErrorPage `json:"errors,omitempty"` RateLimit *RateLimit `json:"rateLimit,omitempty"` diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go index 28fc85d8f..2845b5357 100644 --- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go +++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go @@ -25,8 +25,8 @@ type MiddlewareTCP struct { type MiddlewareTCPSpec struct { // InFlightConn defines the InFlightConn middleware configuration. InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"` - // IPWhiteList defines the IPWhiteList middleware configuration. - IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"` + // IPAllowList defines the IPAllowList middleware configuration. + IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go index 5dbd71621..46d3510cd 100644 --- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go @@ -689,9 +689,9 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) { *out = new(Chain) (*in).DeepCopyInto(*out) } - if in.IPWhiteList != nil { - in, out := &in.IPWhiteList, &out.IPWhiteList - *out = new(dynamic.IPWhiteList) + if in.IPAllowList != nil { + in, out := &in.IPAllowList, &out.IPAllowList + *out = new(dynamic.IPAllowList) (*in).DeepCopyInto(*out) } if in.Headers != nil { @@ -857,9 +857,9 @@ func (in *MiddlewareTCPSpec) DeepCopyInto(out *MiddlewareTCPSpec) { *out = new(dynamic.TCPInFlightConn) **out = **in } - if in.IPWhiteList != nil { - in, out := &in.IPWhiteList, &out.IPWhiteList - *out = new(dynamic.TCPIPWhiteList) + if in.IPAllowList != nil { + in, out := &in.IPAllowList, &out.IPAllowList + *out = new(dynamic.TCPIPAllowList) (*in).DeepCopyInto(*out) } return diff --git a/pkg/provider/kv/kv_test.go b/pkg/provider/kv/kv_test.go index 83cea3ad9..8fbff4cd8 100644 --- a/pkg/provider/kv/kv_test.go +++ b/pkg/provider/kv/kv_test.go @@ -140,11 +140,11 @@ func Test_buildConfiguration(t *testing.T) { "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0": "foobar", "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1": "foobar", "traefik/http/middlewares/Middleware09/headers/browserXssFilter": "true", - "traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/0": "foobar", - "traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/1": "foobar", - "traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/0": "foobar", - "traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/1": "foobar", - "traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/depth": "42", + "traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/0": "foobar", + "traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/1": "foobar", + "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/0": "foobar", + "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/1": "foobar", + "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/depth": "42", "traefik/http/middlewares/Middleware11/inFlightReq/amount": "42", "traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/requestHost": "true", "traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/ipStrategy/depth": "42", @@ -340,7 +340,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.Middleware{ "Middleware10": { - IPWhiteList: &dynamic.IPWhiteList{ + IPAllowList: &dynamic.IPAllowList{ SourceRange: []string{ "foobar", "foobar", diff --git a/pkg/provider/marathon/config_test.go b/pkg/provider/marathon/config_test.go index f49559ab9..038eae0b6 100644 --- a/pkg/provider/marathon/config_test.go +++ b/pkg/provider/marathon/config_test.go @@ -196,14 +196,14 @@ func TestBuildConfiguration(t *testing.T) { }, }, { - desc: "TCP with IP whitelist", + desc: "TCP with IP allowlist", applications: withApplications( application( appID("/app"), appPorts(80), withLabel("traefik.tcp.routers.Test.rule", "HostSNI(`foo.bar`)"), - withLabel("traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange", "foobar, fiibar"), + withLabel("traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange", "foobar, fiibar"), withLabel("traefik.tcp.routers.Test.middlewares", "Middleware1"), withTasks(localhostTask(taskPorts(80))), )), @@ -218,7 +218,7 @@ func TestBuildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/nomad/config_test.go b/pkg/provider/nomad/config_test.go index 9d0aa21b8..653a5d28c 100644 --- a/pkg/provider/nomad/config_test.go +++ b/pkg/provider/nomad/config_test.go @@ -1621,7 +1621,7 @@ func Test_buildConfig(t *testing.T) { Name: "Test", Tags: []string{ "traefik.tcp.routers.Test.rule = HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange = foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange = foobar, fiibar", "traefik.tcp.routers.Test.middlewares = Middleware1", }, Address: "127.0.0.1", @@ -1640,7 +1640,7 @@ func Test_buildConfig(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/rancher/config_test.go b/pkg/provider/rancher/config_test.go index 2f94c559e..29f47a51f 100644 --- a/pkg/provider/rancher/config_test.go +++ b/pkg/provider/rancher/config_test.go @@ -508,7 +508,7 @@ func Test_buildConfiguration(t *testing.T) { Name: "Test", Labels: map[string]string{ "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.routers.Test.middlewares": "Middleware1", }, Port: "80/tcp", @@ -528,7 +528,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/redactor/redactor_config_test.go b/pkg/redactor/redactor_config_test.go index a3f7504aa..fddc3f455 100644 --- a/pkg/redactor/redactor_config_test.go +++ b/pkg/redactor/redactor_config_test.go @@ -191,7 +191,7 @@ func init() { Chain: &dynamic.Chain{ Middlewares: []string{"foo"}, }, - IPWhiteList: &dynamic.IPWhiteList{ + IPAllowList: &dynamic.IPAllowList{ SourceRange: []string{"foo"}, IPStrategy: &dynamic.IPStrategy{ Depth: 42, diff --git a/pkg/redactor/testdata/anonymized-dynamic-config.json b/pkg/redactor/testdata/anonymized-dynamic-config.json index 8339f58c3..6a76c9921 100644 --- a/pkg/redactor/testdata/anonymized-dynamic-config.json +++ b/pkg/redactor/testdata/anonymized-dynamic-config.json @@ -119,7 +119,7 @@ "foo" ] }, - "ipWhiteList": { + "ipAllowList": { "sourceRange": [ "xxxx" ], @@ -475,4 +475,4 @@ } } } -} \ No newline at end of file +} diff --git a/pkg/redactor/testdata/secured-dynamic-config.json b/pkg/redactor/testdata/secured-dynamic-config.json index 352421884..996876708 100644 --- a/pkg/redactor/testdata/secured-dynamic-config.json +++ b/pkg/redactor/testdata/secured-dynamic-config.json @@ -119,7 +119,7 @@ "foo" ] }, - "ipWhiteList": { + "ipAllowList": { "sourceRange": [ "foo" ], @@ -483,4 +483,4 @@ } } } -} \ No newline at end of file +} diff --git a/pkg/server/middleware/middlewares.go b/pkg/server/middleware/middlewares.go index 741c9a4f0..de1571005 100644 --- a/pkg/server/middleware/middlewares.go +++ b/pkg/server/middleware/middlewares.go @@ -19,7 +19,7 @@ import ( "github.com/traefik/traefik/v2/pkg/middlewares/customerrors" "github.com/traefik/traefik/v2/pkg/middlewares/headers" "github.com/traefik/traefik/v2/pkg/middlewares/inflightreq" - "github.com/traefik/traefik/v2/pkg/middlewares/ipwhitelist" + "github.com/traefik/traefik/v2/pkg/middlewares/ipallowlist" "github.com/traefik/traefik/v2/pkg/middlewares/passtlsclientcert" "github.com/traefik/traefik/v2/pkg/middlewares/ratelimiter" "github.com/traefik/traefik/v2/pkg/middlewares/redirect" @@ -229,13 +229,13 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) ( } } - // IPWhiteList - if config.IPWhiteList != nil { + // IPAllowList + if config.IPAllowList != nil { if middleware != nil { return nil, badConf } middleware = func(next http.Handler) (http.Handler, error) { - return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName) + return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName) } } diff --git a/pkg/server/middleware/tcp/middlewares.go b/pkg/server/middleware/tcp/middlewares.go index 7e1ad1e17..739ed3b5b 100644 --- a/pkg/server/middleware/tcp/middlewares.go +++ b/pkg/server/middleware/tcp/middlewares.go @@ -7,7 +7,7 @@ import ( "github.com/traefik/traefik/v2/pkg/config/runtime" inflightconn "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn" - ipwhitelist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipwhitelist" + ipallowlist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipallowlist" "github.com/traefik/traefik/v2/pkg/server/provider" "github.com/traefik/traefik/v2/pkg/tcp" ) @@ -94,10 +94,10 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) ( } } - // IPWhiteList - if config.IPWhiteList != nil { + // IPAllowList + if config.IPAllowList != nil { middleware = func(next tcp.Handler) (tcp.Handler, error) { - return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName) + return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName) } } diff --git a/webui/src/components/_commons/PanelMiddlewares.vue b/webui/src/components/_commons/PanelMiddlewares.vue index ef0a56e0d..9c94cdfcd 100644 --- a/webui/src/components/_commons/PanelMiddlewares.vue +++ b/webui/src/components/_commons/PanelMiddlewares.vue @@ -675,8 +675,8 @@ - - + +
Source Range
@@ -689,8 +689,8 @@
- - + +
IP Strategy
@@ -1076,8 +1076,8 @@ - - + +
Source Range