From 16d7b89cb19ef5887e53da1d2ffc71665f42774f Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Thu, 24 Mar 2022 21:40:08 +0100 Subject: [PATCH 1/6] Fixing dependency to build doc --- docs/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/requirements.txt b/docs/requirements.txt index c9c00839c..25c7ff97f 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,3 +4,4 @@ mkdocs-bootswatch==1.0 mkdocs-traefiklabs>=100.0.7 markdown-include==0.5.1 mkdocs-exclude==1.0.2 +Jinja2==3.0.0 From b6bfa905db9ba329b2e766c3aaafc1da232e4a45 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Mon, 28 Mar 2022 15:24:08 +0200 Subject: [PATCH 2/6] Fix slice parsing for plugins --- pkg/plugins/middlewares.go | 2 +- pkg/plugins/plugins.go | 24 +++++++++++++++ pkg/plugins/plugins_test.go | 60 +++++++++++++++++++++++++++++++++++++ pkg/plugins/providers.go | 2 +- 4 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 pkg/plugins/plugins_test.go diff --git a/pkg/plugins/middlewares.go b/pkg/plugins/middlewares.go index 09edbc954..8e476cce3 100644 --- a/pkg/plugins/middlewares.go +++ b/pkg/plugins/middlewares.go @@ -86,7 +86,7 @@ func (p middlewareBuilder) createConfig(config map[string]interface{}) (reflect. vConfig := results[0] cfg := &mapstructure.DecoderConfig{ - DecodeHook: mapstructure.StringToSliceHookFunc(","), + DecodeHook: stringToSliceHookFunc, WeaklyTypedInput: true, Result: vConfig.Interface(), } diff --git a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go index fdfb9fbce..63b513ae8 100644 --- a/pkg/plugins/plugins.go +++ b/pkg/plugins/plugins.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "reflect" "strings" "github.com/hashicorp/go-multierror" @@ -166,3 +167,26 @@ func checkLocalPluginManifest(descriptor LocalDescriptor) error { return errs.ErrorOrNil() } + +func stringToSliceHookFunc(f reflect.Kind, t reflect.Kind, data interface{}) (interface{}, error) { + if f != reflect.String || t != reflect.Slice { + return data, nil + } + + raw := data.(string) + if raw == "" { + return []string{}, nil + } + + if strings.Contains(raw, "║") { + values := strings.Split(raw, "║") + // Removes the first value if the slice has a length of 2 and a first value empty. + // It's a workaround to escape the parsing on `,`. + if len(values) == 2 && values[0] == "" { + return values[1:], nil + } + return values, nil + } + + return strings.Split(raw, ","), nil +} diff --git a/pkg/plugins/plugins_test.go b/pkg/plugins/plugins_test.go new file mode 100644 index 000000000..57d3d3235 --- /dev/null +++ b/pkg/plugins/plugins_test.go @@ -0,0 +1,60 @@ +package plugins + +import ( + "reflect" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_stringToSliceHookFunc(t *testing.T) { + testCases := []struct { + desc string + data string + expected []string + }{ + { + desc: "without separator", + data: "abc", + expected: []string{"abc"}, + }, + { + desc: "with the file separator", + data: "a║b║c", + expected: []string{"a", "b", "c"}, + }, + { + desc: "with the label separator", + data: "a,b,c", + expected: []string{"a", "b", "c"}, + }, + { + desc: "with the file separator and values with commas", + data: "a,z║b,w║c,x,y", + expected: []string{"a,z", "b,w", "c,x,y"}, + }, + { + desc: "escaping workaround", + data: "║a,z", + expected: []string{"a,z"}, + }, + { + desc: "with the file separator and empty item", + data: "║a║z", + expected: []string{"", "a", "z"}, + }, + } + + for _, test := range testCases { + test := test + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + values, err := stringToSliceHookFunc(reflect.String, reflect.Slice, test.data) + require.NoError(t, err) + + assert.EqualValues(t, test.expected, values) + }) + } +} diff --git a/pkg/plugins/providers.go b/pkg/plugins/providers.go index abec8d1b8..ac9aa296f 100644 --- a/pkg/plugins/providers.go +++ b/pkg/plugins/providers.go @@ -93,7 +93,7 @@ func newProvider(builder providerBuilder, config map[string]interface{}, provide } cfg := &mapstructure.DecoderConfig{ - DecodeHook: mapstructure.StringToSliceHookFunc(","), + DecodeHook: stringToSliceHookFunc, WeaklyTypedInput: true, Result: vConfig.Interface(), } From 81f88dd9985d5342555f656299a08c3c7fcf4b4c Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Mon, 28 Mar 2022 16:22:10 +0200 Subject: [PATCH 3/6] Freeze python dependencies --- docs/requirements.txt | 46 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 4 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 25c7ff97f..3c638f98c 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,7 +1,45 @@ mkdocs==1.2.2 -pymdown-extensions==7.0 -mkdocs-bootswatch==1.0 mkdocs-traefiklabs>=100.0.7 -markdown-include==0.5.1 -mkdocs-exclude==1.0.2 + +appdirs==1.4.4 +CacheControl==0.12.6 +certifi==2020.12.5 +chardet==4.0.0 +click==8.0.4 +colorama==0.4.4 +contextlib2==0.6.0 +distlib==0.3.1 +distro==1.5.0 +ghp-import==2.0.2 +html5lib==1.1 +idna==3.2 +importlib-metadata==4.11.3 Jinja2==3.0.0 +lockfile==0.12.2 +Markdown==3.3.6 +markdown-include==0.5.1 +MarkupSafe==2.1.1 +mergedeep==1.3.4 +mkdocs-bootswatch==1.0 +mkdocs-exclude==1.0.2 +mkdocs-material-extensions==1.0.3 +msgpack==1.0.2 +ordered-set==4.0.2 +packaging==20.9 +pep517==0.10.0 +progress==1.5 +Pygments==2.11.2 +pymdown-extensions==7.0 +pyparsing==2.4.7 +python-dateutil==2.8.2 +PyYAML==6.0 +pyyaml-env-tag==0.1 +requests==2.25.1 +retrying==1.3.3 +six==1.15.0 +toml==0.10.2 +urllib3==1.26.5 +watchdog==2.1.7 +webencodings==0.5.1 +zipp==3.7.0 + From e3adf93a7413684cfe4ab457b765fc10ce1b2bb2 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 28 Mar 2022 17:36:07 +0200 Subject: [PATCH 4/6] fix: CI release --- .goreleaser.yml | 3 ++- .semaphore/semaphore.yml | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 77186c309..b46259a56 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -12,7 +12,8 @@ builds: - CGO_ENABLED=0 ldflags: - -s -w -X github.com/traefik/traefik/v2/pkg/version.Version={{.Version}} -X github.com/traefik/traefik/v2/pkg/version.Codename={{.Env.CODENAME}} -X github.com/traefik/traefik/v2/pkg/version.BuildDate={{.Date}} - + flags: + - -trimpath goos: - linux - darwin diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 65e89b9b2..593d162b9 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -73,6 +73,8 @@ blocks: - curl -sSL -o /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz - tar -zxvf /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz -C /tmp - sudo mv /tmp/gh_${GH_VERSION}_linux_amd64/bin/gh /usr/local/bin/gh + - sudo rm -rf ~/.phpbrew ~/.kerl ~/.sbt ~/.nvm ~/.npm ~/.kiex /usr/lib/jvm /opt/az /opt/firefox # Remove unnecessary data. + - sudo service docker stop && sudo umount /var/lib/docker && sudo service docker start # Unmounts the docker disk and the whole system disk is usable. jobs: - name: Release commands: From 0f29e893f4b0f9b64634910e47abcf0caf92ea29 Mon Sep 17 00:00:00 2001 From: Romain Date: Mon, 28 Mar 2022 18:18:08 +0200 Subject: [PATCH 5/6] Return TLS unrecognized_name error when no certificate is available --- pkg/tls/tlsmanager.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/pkg/tls/tlsmanager.go b/pkg/tls/tlsmanager.go index 35ba50fac..50e809e8a 100644 --- a/pkg/tls/tlsmanager.go +++ b/pkg/tls/tlsmanager.go @@ -143,7 +143,18 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) { if isACMETLS(clientHello) { certificate := acmeTLSStore.GetBestCertificate(clientHello) if certificate == nil { - return nil, fmt.Errorf("no certificate for TLSALPN challenge: %s", domainToCheck) + log.WithoutContext().Debugf("TLS: no certificate for TLSALPN challenge: %s", domainToCheck) + // We want the user to eventually get the (alertUnrecognizedName) "unrecognized + // name" error. + // Unfortunately, if we returned an error here, since we can't use + // the unexported error (errNoCertificates) that our caller (config.getCertificate + // in crypto/tls) uses as a sentinel, it would report an (alertInternalError) + // "internal error" instead of an alertUnrecognizedName. + // Which is why we return no error, and we let the caller detect that there's + // actually no certificate, and fall back into the flow that will report + // the desired error. + // https://cs.opensource.google/go/go/+/dev.boringcrypto.go1.17:src/crypto/tls/common.go;l=1058 + return nil, nil } return certificate, nil @@ -155,7 +166,9 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) { } if sniStrict { - return nil, fmt.Errorf("strict SNI enabled - No certificate found for domain: %q, closing connection", domainToCheck) + log.WithoutContext().Debugf("TLS: strict SNI enabled - No certificate found for domain: %q, closing connection", domainToCheck) + // Same comment as above, as in the isACMETLS case. + return nil, nil } log.WithoutContext().Debugf("Serving default certificate for request: %q", domainToCheck) From 4b755dc58df61e9ca0ce23794a1cc6f4df464a68 Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Tue, 29 Mar 2022 15:00:09 +0200 Subject: [PATCH 6/6] Prepare release v2.6.3 --- CHANGELOG.md | 7 +++++++ script/gcg/traefik-bugfix.toml | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2ef6b140..2f16af8e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## [v2.6.3](https://github.com/traefik/traefik/tree/v2.6.3) (2022-03-28) +[All Commits](https://github.com/traefik/traefik/compare/v2.6.2...v2.6.3) + +**Bug fixes:** +- **[plugins]** Fix slice parsing for plugins ([#8886](https://github.com/traefik/traefik/pull/8886) by [ldez](https://github.com/ldez)) +- **[tls]** Return TLS unrecognized_name error when no certificate is available ([#8893](https://github.com/traefik/traefik/pull/8893) by [rtribotte](https://github.com/rtribotte)) + ## [v2.6.2](https://github.com/traefik/traefik/tree/v2.6.2) (2022-03-24) [All Commits](https://github.com/traefik/traefik/compare/v2.6.1...v2.6.2) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index 299bc5f31..7ce934ea3 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.6.2 +# example new bugfix v2.6.3 CurrentRef = "v2.6" -PreviousRef = "v2.6.1" +PreviousRef = "v2.6.2" BaseBranch = "v2.6" -FutureCurrentRefName = "v2.6.2" +FutureCurrentRefName = "v2.6.3" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10