From 5afc8f2b1205b1d6ec6b44223e06a35ac22004d1 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Fri, 13 Jul 2018 17:24:03 +0200 Subject: [PATCH] KV and authentication --- provider/kv/kv_config.go | 23 +++++++++++++++++++---- provider/kv/kv_config_test.go | 35 +++++++++++++++++++++++++++++++++-- 2 files changed, 52 insertions(+), 6 deletions(-) diff --git a/provider/kv/kv_config.go b/provider/kv/kv_config.go index a2242ac6b..d08878318 100644 --- a/provider/kv/kv_config.go +++ b/provider/kv/kv_config.go @@ -377,16 +377,16 @@ func (p *Provider) hasDeprecatedBasicAuth(rootPath string) bool { // GetAuth Create auth from path func (p *Provider) getAuth(rootPath string) *types.Auth { hasDeprecatedBasicAuth := p.hasDeprecatedBasicAuth(rootPath) - if len(p.getList(rootPath, pathFrontendAuth)) > 0 || hasDeprecatedBasicAuth { + if p.hasPrefix(rootPath, pathFrontendAuth) || hasDeprecatedBasicAuth { auth := &types.Auth{ HeaderField: p.get("", rootPath, pathFrontendAuthHeaderField), } - if len(p.getList(rootPath, pathFrontendAuthBasic)) > 0 || hasDeprecatedBasicAuth { + if p.hasPrefix(rootPath, pathFrontendAuthBasic) || hasDeprecatedBasicAuth { auth.Basic = p.getAuthBasic(rootPath) - } else if len(p.getList(rootPath, pathFrontendAuthDigest)) > 0 { + } else if p.hasPrefix(rootPath, pathFrontendAuthDigest) { auth.Digest = p.getAuthDigest(rootPath) - } else if len(p.getList(rootPath, pathFrontendAuthForward)) > 0 { + } else if p.hasPrefix(rootPath, pathFrontendAuthForward) { auth.Forward = p.getAuthForward(rootPath) } @@ -588,6 +588,21 @@ func (p *Provider) has(keyParts ...string) bool { return len(value) > 0 } +func (p *Provider) hasPrefix(keyParts ...string) bool { + baseKey := strings.Join(keyParts, "") + if !strings.HasSuffix(baseKey, "/") { + baseKey += "/" + } + + listKeys, err := p.kvClient.List(baseKey, nil) + if err != nil { + log.Debugf("Cannot list keys under %q: %v", baseKey, err) + return false + } + + return len(listKeys) > 0 +} + func (p *Provider) getInt(defaultValue int, keyParts ...string) int { rawValue := p.get("", keyParts...) diff --git a/provider/kv/kv_config_test.go b/provider/kv/kv_config_test.go index bc8bb4e88..b259ec5b7 100644 --- a/provider/kv/kv_config_test.go +++ b/provider/kv/kv_config_test.go @@ -62,13 +62,12 @@ func TestProviderBuildConfiguration(t *testing.T) { }, }, { - desc: "basic auth", + desc: "basic auth Users", kvPairs: filler("traefik", frontend("frontend", withPair(pathFrontendBackend, "backend"), withPair(pathFrontendAuthHeaderField, "X-WebAuth-User"), withList(pathFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), - withPair(pathFrontendAuthBasicUsersFile, ".htpasswd"), ), backend("backend"), ), @@ -90,6 +89,38 @@ func TestProviderBuildConfiguration(t *testing.T) { Basic: &types.Basic{ Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"}, + }, + }, + }, + }, + }, + }, + { + desc: "basic auth UsersFile", + kvPairs: filler("traefik", + frontend("frontend", + withPair(pathFrontendBackend, "backend"), + withPair(pathFrontendAuthHeaderField, "X-WebAuth-User"), + withPair(pathFrontendAuthBasicUsersFile, ".htpasswd"), + ), + backend("backend"), + ), + expected: &types.Configuration{ + Backends: map[string]*types.Backend{ + "backend": { + LoadBalancer: &types.LoadBalancer{ + Method: "wrr", + }, + }, + }, + Frontends: map[string]*types.Frontend{ + "frontend": { + Backend: "backend", + PassHostHeader: true, + EntryPoints: []string{}, + Auth: &types.Auth{ + HeaderField: "X-WebAuth-User", + Basic: &types.Basic{ UsersFile: ".htpasswd", }, },