From 05828bab07adc26e1360e0e1da52ea9835e42159 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Thu, 23 May 2024 16:24:04 +0200 Subject: [PATCH 01/31] Bump Dockerfile Alpine to v3.20 --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index fea809225..28f5e946a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,7 @@ # syntax=docker/dockerfile:1.2 -FROM alpine:3.19 +FROM alpine:3.20 -RUN apk --no-cache --no-progress add ca-certificates tzdata \ - && rm -rf /var/cache/apk/* +RUN apk add --no-cache --no-progress ca-certificates tzdata ARG TARGETPLATFORM COPY ./dist/$TARGETPLATFORM/traefik / From e33bd6874f41d7943a16fa36802f8d2db74c99b5 Mon Sep 17 00:00:00 2001 From: Landry Benguigui Date: Fri, 24 May 2024 14:24:03 +0200 Subject: [PATCH 02/31] Append to log file if it exists --- cmd/traefik/logger.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/traefik/logger.go b/cmd/traefik/logger.go index 4a3a10893..58b7abbe3 100644 --- a/cmd/traefik/logger.go +++ b/cmd/traefik/logger.go @@ -49,7 +49,7 @@ func getLogWriter(staticConfiguration *static.Configuration) io.Writer { var w io.Writer = os.Stderr if staticConfiguration.Log != nil && len(staticConfiguration.Log.FilePath) > 0 { - _, _ = os.Create(staticConfiguration.Log.FilePath) + _, _ = os.OpenFile(staticConfiguration.Log.FilePath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0o666) w = &lumberjack.Logger{ Filename: staticConfiguration.Log.FilePath, MaxSize: staticConfiguration.Log.MaxSize, From ed10bc5833f2ee43318d84e65393a1cb67c3a48e Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Mon, 27 May 2024 09:46:08 +0200 Subject: [PATCH 03/31] chore: update linter --- .github/workflows/validate.yaml | 2 +- .golangci.yml | 24 ++++++---------- .semaphore/semaphore.yml | 2 +- pkg/middlewares/metrics/metrics.go | 6 ++-- pkg/provider/kubernetes/ingress/kubernetes.go | 28 +++++++++---------- pkg/server/configurationwatcher_test.go | 2 +- 6 files changed, 30 insertions(+), 34 deletions(-) diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 4ed4a3542..2b249da47 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -7,7 +7,7 @@ on: env: GO_VERSION: '1.22' - GOLANGCI_LINT_VERSION: v1.57.0 + GOLANGCI_LINT_VERSION: v1.59.0 MISSSPELL_VERSION: v0.4.1 jobs: diff --git a/.golangci.yml b/.golangci.yml index 743021e87..21151a677 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -153,24 +153,16 @@ linters-settings: - suite-dont-use-pkg - require-error - go-require - + errcheck: + exclude-functions: + - fmt.Fprintln linters: enable-all: true disable: - - deadcode # deprecated - - exhaustivestruct # deprecated - - golint # deprecated - - ifshort # deprecated - - interfacer # deprecated - - maligned # deprecated - - nosnakecase # deprecated - - scopelint # deprecated - - scopelint # deprecated - - structcheck # deprecated - - varcheck # deprecated + - execinquery # deprecated + - gomnd # deprecated - sqlclosecheck # not relevant (SQL) - rowserrcheck # not relevant (SQL) - - execinquery # not relevant (SQL) - cyclop # duplicate of gocyclo - lll # Not relevant - gocyclo # FIXME must be fixed @@ -184,14 +176,14 @@ linters: - gochecknoglobals - wsl # Too strict - nlreturn # Not relevant - - gomnd # Too strict + - mnd # Too strict - stylecheck # skip because report issues related to some generated files. - testpackage # Too strict - tparallel # Not relevant - paralleltest # Not relevant - exhaustive # Not relevant - exhaustruct # Not relevant - - goerr113 # Too strict + - err113 # Too strict - wrapcheck # Too strict - noctx # Too strict - bodyclose # too many false-positive @@ -233,6 +225,8 @@ issues: - goconst - funlen - godot + - canonicalheader + - fatcontext - path: '(.+)_test.go' text: ' always receives ' linters: diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index ede5885d5..4c638d96c 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -25,7 +25,7 @@ global_job_config: - export "PATH=${GOPATH}/bin:${PATH}" - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin" - export GOPROXY=https://proxy.golang.org,direct - - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.57.0 + - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.59.0 - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin" - checkout - cache restore traefik-$(checksum go.sum) diff --git a/pkg/middlewares/metrics/metrics.go b/pkg/middlewares/metrics/metrics.go index 3c278a9d2..f93ea0f8c 100644 --- a/pkg/middlewares/metrics/metrics.go +++ b/pkg/middlewares/metrics/metrics.go @@ -131,10 +131,12 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request) capt, err := capture.FromContext(ctx) if err != nil { + ctxMetrics := req.Context() for i := 0; i < len(m.baseLabels); i += 2 { - ctx = log.With(ctx, log.Str(m.baseLabels[i], m.baseLabels[i+1])) + //nolint:fatcontext // false positive + ctxMetrics = log.With(ctxMetrics, log.Str(m.baseLabels[i], m.baseLabels[i+1])) } - log.FromContext(ctx).WithError(err).Errorf("Could not get Capture") + log.FromContext(ctxMetrics).WithError(err).Errorf("Could not get Capture") return } diff --git a/pkg/provider/kubernetes/ingress/kubernetes.go b/pkg/provider/kubernetes/ingress/kubernetes.go index bc1f9a413..f83b37d45 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes.go +++ b/pkg/provider/kubernetes/ingress/kubernetes.go @@ -230,7 +230,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl certConfigs := make(map[string]*tls.CertAndStores) for _, ingress := range ingresses { - ctx = log.With(ctx, log.Str("ingress", ingress.Name), log.Str("namespace", ingress.Namespace)) + ctxIngress := log.With(ctx, log.Str("ingress", ingress.Name), log.Str("namespace", ingress.Namespace)) if !p.shouldProcessIngress(ingress, ingressClasses) { continue @@ -238,24 +238,24 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl rtConfig, err := parseRouterConfig(ingress.Annotations) if err != nil { - log.FromContext(ctx).Errorf("Failed to parse annotations: %v", err) + log.FromContext(ctxIngress).Errorf("Failed to parse annotations: %v", err) continue } - err = getCertificates(ctx, ingress, client, certConfigs) + err = getCertificates(ctxIngress, ingress, client, certConfigs) if err != nil { - log.FromContext(ctx).Errorf("Error configuring TLS: %v", err) + log.FromContext(ctxIngress).Errorf("Error configuring TLS: %v", err) } if len(ingress.Spec.Rules) == 0 && ingress.Spec.DefaultBackend != nil { if _, ok := conf.HTTP.Services["default-backend"]; ok { - log.FromContext(ctx).Error("The default backend already exists.") + log.FromContext(ctxIngress).Error("The default backend already exists.") continue } service, err := p.loadService(client, ingress.Namespace, *ingress.Spec.DefaultBackend) if err != nil { - log.FromContext(ctx). + log.FromContext(ctxIngress). WithField("serviceName", ingress.Spec.DefaultBackend.Service.Name). WithField("servicePort", ingress.Spec.DefaultBackend.Service.Port.String()). Errorf("Cannot create service: %v", err) @@ -263,7 +263,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl } if len(service.LoadBalancer.Servers) == 0 && !p.AllowEmptyServices { - log.FromContext(ctx). + log.FromContext(ctxIngress). WithField("serviceName", ingress.Spec.DefaultBackend.Service.Name). WithField("servicePort", ingress.Spec.DefaultBackend.Service.Port.String()). Errorf("Skipping service: no endpoints found") @@ -282,7 +282,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl rt.TLS = rtConfig.Router.TLS } - p.applyRouterTransform(ctx, rt, ingress) + p.applyRouterTransform(ctxIngress, rt, ingress) conf.HTTP.Routers["default-router"] = rt conf.HTTP.Services["default-backend"] = service @@ -292,7 +292,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl for _, rule := range ingress.Spec.Rules { if err := p.updateIngressStatus(ingress, client); err != nil { - log.FromContext(ctx).Errorf("Error while updating ingress status: %v", err) + log.FromContext(ctxIngress).Errorf("Error while updating ingress status: %v", err) } if rule.HTTP == nil { @@ -302,7 +302,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl for _, pa := range rule.HTTP.Paths { service, err := p.loadService(client, ingress.Namespace, pa.Backend) if err != nil { - log.FromContext(ctx). + log.FromContext(ctxIngress). WithField("serviceName", pa.Backend.Service.Name). WithField("servicePort", pa.Backend.Service.Port.String()). Errorf("Cannot create service: %v", err) @@ -310,7 +310,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl } if len(service.LoadBalancer.Servers) == 0 && !p.AllowEmptyServices { - log.FromContext(ctx). + log.FromContext(ctxIngress). WithField("serviceName", pa.Backend.Service.Name). WithField("servicePort", pa.Backend.Service.Port.String()). Errorf("Skipping service: no endpoints found") @@ -328,7 +328,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl rt := loadRouter(rule, pa, rtConfig, serviceName) - p.applyRouterTransform(ctx, rt, ingress) + p.applyRouterTransform(ctxIngress, rt, ingress) routerKey := strings.TrimPrefix(provider.Normalize(ingress.Namespace+"-"+ingress.Name+"-"+rule.Host+pa.Path), "-") @@ -342,12 +342,12 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl continue } - log.FromContext(ctx).Debugf("Multiple routers are defined with the same key %q, generating hashes to avoid conflicts", routerKey) + log.FromContext(ctxIngress).Debugf("Multiple routers are defined with the same key %q, generating hashes to avoid conflicts", routerKey) for _, router := range conflictingRouters { key, err := makeRouterKeyWithHash(routerKey, router.Rule) if err != nil { - log.FromContext(ctx).Error(err) + log.FromContext(ctxIngress).Error(err) continue } diff --git a/pkg/server/configurationwatcher_test.go b/pkg/server/configurationwatcher_test.go index cc909c81d..f353c1f90 100644 --- a/pkg/server/configurationwatcher_test.go +++ b/pkg/server/configurationwatcher_test.go @@ -339,7 +339,7 @@ func TestListenProvidersThrottleProviderConfigReload(t *testing.T) { // To load 5 new configs it would require 150ms (5 configs * 30ms). // In 100ms, we should only have time to load 3 configs. assert.LessOrEqual(t, publishedConfigCount, 3, "config was applied too many times") - assert.Greater(t, publishedConfigCount, 0, "config was not applied at least once") + assert.Positive(t, publishedConfigCount, "config was not applied at least once") } func TestListenProvidersSkipsEmptyConfigs(t *testing.T) { From 4406c337d45ab20edbf994a7c2ec84e9f114ba5c Mon Sep 17 00:00:00 2001 From: "R. P. Taylor" <1686627+rptaylor@users.noreply.github.com> Date: Mon, 27 May 2024 06:12:03 -0700 Subject: [PATCH 04/31] fix .com and .org domain in documentation --- .../https/include-acme-multiple-domains-example.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/content/https/include-acme-multiple-domains-example.md b/docs/content/https/include-acme-multiple-domains-example.md index 58aab3fea..858a61961 100644 --- a/docs/content/https/include-acme-multiple-domains-example.md +++ b/docs/content/https/include-acme-multiple-domains-example.md @@ -5,7 +5,7 @@ labels: - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`) - traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls.certresolver=myresolver - - traefik.http.routers.blog.tls.domains[0].main=example.org + - traefik.http.routers.blog.tls.domains[0].main=example.com - traefik.http.routers.blog.tls.domains[0].sans=*.example.org ``` @@ -17,7 +17,7 @@ deploy: - traefik.http.services.blog-svc.loadbalancer.server.port=8080" - traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls.certresolver=myresolver - - traefik.http.routers.blog.tls.domains[0].main=example.org + - traefik.http.routers.blog.tls.domains[0].main=example.com - traefik.http.routers.blog.tls.domains[0].sans=*.example.org ``` @@ -38,7 +38,7 @@ spec: tls: certResolver: myresolver domains: - - main: example.org + - main: example.com sans: - '*.example.org' ``` @@ -49,7 +49,7 @@ labels: { "traefik.http.routers.blog.tls": "true", "traefik.http.routers.blog.tls.certresolver": "myresolver", "traefik.http.routers.blog.tls.domains[0].main": "example.com", - "traefik.http.routers.blog.tls.domains[0].sans": "*.example.com", + "traefik.http.routers.blog.tls.domains[0].sans": "*.example.org", "traefik.http.services.blog-svc.loadbalancer.server.port": "8080" } ``` @@ -60,7 +60,7 @@ labels: - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`) - traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls.certresolver=myresolver - - traefik.http.routers.blog.tls.domains[0].main=example.org + - traefik.http.routers.blog.tls.domains[0].main=example.com - traefik.http.routers.blog.tls.domains[0].sans=*.example.org ``` @@ -73,7 +73,7 @@ http: tls: certResolver: myresolver domains: - - main: "example.org" + - main: "example.com" sans: - "*.example.org" ``` @@ -86,6 +86,6 @@ http: [http.routers.blog.tls] certResolver = "myresolver" # From static configuration [[http.routers.blog.tls.domains]] - main = "example.org" + main = "example.com" sans = ["*.example.org"] ``` From 9250b5937d713356de35c48657a500bf2cb365ed Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Wed, 29 May 2024 09:16:07 +0200 Subject: [PATCH 05/31] Update go-acme/lego to v4.17.3 --- docs/content/https/acme.md | 5 +- go.mod | 150 +++++++++-------- go.sum | 328 +++++++++++++++++++------------------ 3 files changed, 254 insertions(+), 229 deletions(-) diff --git a/docs/content/https/acme.md b/docs/content/https/acme.md index b012263ac..c4eafafd8 100644 --- a/docs/content/https/acme.md +++ b/docs/content/https/acme.md @@ -406,7 +406,7 @@ For complete details, refer to your provider's _Additional configuration_ link. | [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) | | [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) | | [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) | -| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) | +| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`, `OVH_CLIENT_ID`, `OVH_CLIENT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) | | [Plesk](https://www.plesk.com) | `plesk` | `PLESK_SERVER_BASE_URL`, `PLESK_USERNAME`, `PLESK_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/plesk) | | [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) | | [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) | @@ -417,8 +417,9 @@ For complete details, refer to your provider's _Additional configuration_ link. | [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) | | [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) | | [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) | -| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) | +| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCW_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) | | [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) | +| [Selectel v2](https://selectel.ru/en/) | `selectelv2` | `SELECTELV2_ACCOUNT_ID`, `SELECTELV2_PASSWORD`, `SELECTELV2_PROJECT_ID`, `SELECTELV2_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/selectelv2) | | [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) | | [Shellrent](https://www.shellrent.com) | `shellrent` | `SHELLRENT_USERNAME`, `SHELLRENT_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/shellrent) | | [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) | diff --git a/go.mod b/go.mod index 4f8f1c373..56b527c36 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000 github.com/aws/aws-sdk-go v1.44.327 - github.com/cenkalti/backoff/v4 v4.2.1 + github.com/cenkalti/backoff/v4 v4.3.0 github.com/containous/alice v0.0.0-20181107144136-d83ebdd94cbd github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc @@ -18,9 +18,9 @@ require ( github.com/fatih/structs v1.1.0 github.com/fsnotify/fsnotify v1.7.0 github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2 - github.com/go-acme/lego/v4 v4.16.1 + github.com/go-acme/lego/v4 v4.17.3 github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea - github.com/golang/protobuf v1.5.3 + github.com/golang/protobuf v1.5.4 github.com/google/go-github/v28 v28.1.1 github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.5.0 @@ -43,7 +43,7 @@ require ( github.com/mitchellh/copystructure v1.0.0 github.com/mitchellh/hashstructure v1.0.0 github.com/mitchellh/mapstructure v1.5.0 - github.com/opentracing/opentracing-go v1.2.0 + github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 github.com/openzipkin/zipkin-go v0.2.2 github.com/patrickmn/go-cache v2.1.0+incompatible @@ -54,13 +54,13 @@ require ( github.com/quic-go/quic-go v0.42.0 github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac github.com/sirupsen/logrus v1.9.3 - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.9.0 github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 github.com/testcontainers/testcontainers-go v0.27.0 github.com/traefik/paerser v0.2.0 github.com/traefik/yaegi v0.16.1 github.com/uber/jaeger-client-go v2.30.0+incompatible - github.com/uber/jaeger-lib v2.2.0+incompatible + github.com/uber/jaeger-lib v2.4.1+incompatible github.com/unrolled/render v1.0.2 github.com/unrolled/secure v1.0.9 github.com/vulcand/oxy/v2 v2.0.0-20230427132221-be5cf38f3c1c @@ -68,11 +68,11 @@ require ( go.elastic.co/apm/module/apmot/v2 v2.4.8 go.elastic.co/apm/v2 v2.4.8 golang.org/x/mod v0.17.0 - golang.org/x/net v0.24.0 - golang.org/x/text v0.14.0 + golang.org/x/net v0.25.0 + golang.org/x/text v0.15.0 golang.org/x/time v0.5.0 - golang.org/x/tools v0.20.0 - google.golang.org/grpc v1.59.0 + golang.org/x/tools v0.21.0 + google.golang.org/grpc v1.63.1 gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.26.3 @@ -85,16 +85,17 @@ require ( ) require ( - cloud.google.com/go/compute v1.23.0 // indirect + cloud.google.com/go/compute v1.24.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect dario.cat/mergo v1.0.0 // indirect github.com/AdamSLevy/jsonrpc2/v14 v14.1.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.29 // indirect @@ -105,7 +106,7 @@ require ( github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/DataDog/appsec-internal-go v1.0.0 // indirect github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0 // indirect github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.0-devel.0.20230725154044-2549ba9058df // indirect @@ -121,30 +122,30 @@ require ( github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 // indirect github.com/VividCortex/gohistogram v1.0.0 // indirect github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 // indirect - github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect - github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect + github.com/aliyun/alibaba-cloud-sdk-go v1.62.712 // indirect github.com/armon/go-metrics v0.4.1 // indirect github.com/armon/go-radix v1.0.1-0.20221118154546-54df44f2176c // indirect - github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect - github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect - github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0 // indirect - github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect - github.com/aws/smithy-go v1.19.0 // indirect + github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect + github.com/aws/aws-sdk-go-v2/service/lightsail v1.37.0 // indirect + github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect + github.com/aws/smithy-go v1.20.2 // indirect + github.com/benbjohnson/clock v1.3.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/civo/civogo v0.3.11 // indirect - github.com/cloudflare/cloudflare-go v0.86.0 // indirect + github.com/cloudflare/cloudflare-go v0.93.0 // indirect github.com/containerd/containerd v1.7.11 // indirect github.com/containerd/log v0.1.0 // indirect github.com/coreos/go-semver v0.3.0 // indirect @@ -154,7 +155,7 @@ require ( github.com/deepmap/oapi-codegen v1.9.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/dnsimple/dnsimple-go v1.2.0 // indirect + github.com/dnsimple/dnsimple-go v1.7.0 // indirect github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/go-units v0.5.0 // indirect github.com/donovanhide/eventsource v0.0.0-20170630084216-b8f31a59085e // indirect @@ -166,11 +167,13 @@ require ( github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/exoscale/egoscale v0.102.3 // indirect github.com/fatih/color v1.15.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.0.1 // indirect github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect @@ -180,21 +183,23 @@ require ( github.com/go-viper/mapstructure/v2 v2.0.0-alpha.1 // indirect github.com/go-zookeeper/zk v1.0.3 // indirect github.com/goccy/go-json v0.10.2 // indirect + github.com/gofrs/flock v0.8.1 // indirect github.com/gofrs/uuid v4.4.0+incompatible // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect + github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20240402174815-29b9bb013b0f // indirect - github.com/google/s2a-go v0.1.5 // indirect - github.com/google/uuid v1.4.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect - github.com/googleapis/gax-go/v2 v2.11.0 // indirect - github.com/gophercloud/gophercloud v1.0.0 // indirect - github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect + github.com/google/s2a-go v0.1.7 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect + github.com/googleapis/gax-go/v2 v2.12.3 // indirect + github.com/gophercloud/gophercloud v1.11.0 // indirect + github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 // indirect github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect github.com/hashicorp/cronexpr v1.1.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -202,6 +207,7 @@ require ( github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.5 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect + github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/hashicorp/serf v0.10.1 // indirect github.com/huandu/xstrings v1.4.0 // indirect @@ -245,8 +251,8 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect github.com/nrdcg/auroradns v1.1.0 // indirect - github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9 // indirect - github.com/nrdcg/desec v0.7.0 // indirect + github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3 // indirect + github.com/nrdcg/desec v0.8.0 // indirect github.com/nrdcg/dnspod-go v0.4.0 // indirect github.com/nrdcg/freemyip v0.2.0 // indirect github.com/nrdcg/goinwx v0.10.0 // indirect @@ -261,11 +267,11 @@ require ( github.com/opencontainers/image-spec v1.1.0-rc5 // indirect github.com/opencontainers/runc v1.1.7 // indirect github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect - github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect + github.com/oracle/oci-go-sdk/v65 v65.63.1 // indirect github.com/outcaste-io/ristretto v0.2.3 // indirect - github.com/ovh/go-ovh v1.4.3 // indirect + github.com/ovh/go-ovh v1.5.1 // indirect github.com/philhofer/fwd v1.1.2 // indirect - github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect + github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect github.com/pquerna/otp v1.4.0 // indirect @@ -273,24 +279,27 @@ require ( github.com/prometheus/procfs v0.9.0 // indirect github.com/quic-go/qpack v0.4.0 // indirect github.com/redis/go-redis/v9 v9.2.1 // indirect - github.com/sacloud/api-client-go v0.2.8 // indirect - github.com/sacloud/go-http v0.1.6 // indirect - github.com/sacloud/iaas-api-go v1.11.1 // indirect - github.com/sacloud/packages-go v0.0.9 // indirect - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22 // indirect + github.com/sacloud/api-client-go v0.2.10 // indirect + github.com/sacloud/go-http v0.1.8 // indirect + github.com/sacloud/iaas-api-go v1.12.0 // indirect + github.com/sacloud/packages-go v0.0.10 // indirect + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.25 // indirect github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect github.com/segmentio/fasthash v1.0.3 // indirect + github.com/selectel/domains-go v1.0.2 // indirect + github.com/selectel/go-selvpcclient/v3 v3.1.1 // indirect github.com/shirou/gopsutil/v3 v3.23.11 // indirect github.com/shoenig/go-m1cpu v0.1.6 // indirect - github.com/shopspring/decimal v1.2.0 // indirect + github.com/shopspring/decimal v1.3.1 // indirect github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9 // indirect github.com/softlayer/softlayer-go v1.1.3 // indirect github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect + github.com/sony/gobreaker v0.5.0 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/stretchr/objx v0.5.1 // indirect - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect + github.com/stretchr/objx v0.5.2 // indirect + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.898 // indirect + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.898 // indirect github.com/tinylib/msgp v1.1.8 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect github.com/tklauser/numcpus v0.6.1 // indirect @@ -298,8 +307,8 @@ require ( github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a // indirect github.com/vinyldns/go-vinyldns v0.9.16 // indirect github.com/vultr/govultr/v2 v2.17.2 // indirect - github.com/yandex-cloud/go-genproto v0.0.0-20220805142335-27b56ddae16f // indirect - github.com/yandex-cloud/go-sdk v0.0.0-20220805164847-cf028e604997 // indirect + github.com/yandex-cloud/go-genproto v0.0.0-20240318083951-4fe6125f286e // indirect + github.com/yandex-cloud/go-sdk v0.0.0-20240318084659-dfa50323a0b4 // indirect github.com/yusufpapurcu/wmi v1.2.3 // indirect go.elastic.co/apm/module/apmhttp/v2 v2.4.8 // indirect go.elastic.co/fastjson v1.1.0 // indirect @@ -307,30 +316,33 @@ require ( go.etcd.io/etcd/client/pkg/v3 v3.5.6 // indirect go.etcd.io/etcd/client/v3 v3.5.6 // indirect go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect + go.opentelemetry.io/otel v1.24.0 // indirect + go.opentelemetry.io/otel/metric v1.24.0 // indirect + go.opentelemetry.io/otel/trace v1.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/goleak v1.3.0 // indirect go.uber.org/mock v0.4.0 // indirect go.uber.org/multierr v1.8.0 // indirect - go.uber.org/ratelimit v0.2.0 // indirect + go.uber.org/ratelimit v0.3.0 // indirect go.uber.org/zap v1.21.0 // indirect go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect - golang.org/x/crypto v0.22.0 // indirect + golang.org/x/crypto v0.23.0 // indirect golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 // indirect - golang.org/x/oauth2 v0.16.0 // indirect + golang.org/x/oauth2 v0.19.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.128.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect + google.golang.org/api v0.172.0 // indirect + google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/ns1/ns1-go.v2 v2.7.13 // indirect + gopkg.in/ns1/ns1-go.v2 v2.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect diff --git a/go.sum b/go.sum index d2a55c692..a77b9c031 100644 --- a/go.sum +++ b/go.sum @@ -24,8 +24,8 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY= -cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute v1.24.0 h1:phWcR2eWzRJaL/kOiJwfFsPs4BaKq1j6vnpZrc1YlVg= +cloud.google.com/go/compute v1.24.0/go.mod h1:kw1/T+h/+tK2LJK0wiPPx1intgdAM3j/g3hFDlscY40= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= @@ -49,20 +49,22 @@ github.com/AdamSLevy/jsonrpc2/v14 v14.1.0 h1:Dy3M9aegiI7d7PF1LUdjbVigJReo+QOceYs github.com/AdamSLevy/jsonrpc2/v14 v14.1.0/go.mod h1:ZakZtbCXxCz82NJvq7MoREtiQesnDfrtF6RFUGzQfLo= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 h1:8kDqDngH+DmVBiCtIjCFTGa7MBnsIOkF9IccInFEbjk= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0 h1:8iR6OLffWWorFdzL2JFCab5xpD8VKEE2DUBBl+HNTDY= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0/go.mod h1:copqlcjMWc/wgQ1N2fzsJFQxDdqKGg1EQt8T5wJMOGE= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2 h1:mLY+pNLjCUeKhgnAJWAKhEUQM+RJQo2H1fuGSw1Ky1E= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2/go.mod h1:FbdwsQ2EzwvXxOPcMFYO8ogEc9uMMIj3YkmCdXdAFmk= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0 h1:rR8ZW79lE/ppfXTfiYSnMFv5EzmVuY4pfZWIkscIJ64= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0/go.mod h1:y2zXtLSMM/X5Mfawq0lOftpWn3f4V6OCsRdINsvWBPI= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0 h1:ECsQtyERDVz3NP3kvDOTLvbQhqWp/x9EsGKtb4ogUr8= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0/go.mod h1:s1tW/At+xHqjNFvWU4G0c0Qv33KOhvbGNj0RCTQDV8s= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 h1:9Eih8XcEeQnFD0ntMlUDleKMzfeCeUfa+VbnDCI4AZs= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0/go.mod h1:wGPyTi+aURdqPAGMZDQqnNs9IrShADF8w2WZb6bKeq0= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 h1:zLzoX5+W2l95UJoVwiyNS4dX8vHyQ6x2xRLoBBL9wMk= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0/go.mod h1:wVEOJfGTj0oPAUGA1JuRAvz/lxXQsWW16axmHPP47Bk= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 h1:7CBQ+Ei8SP2c6ydQTGCCrS35bDxgTMfoP2miAwK++OU= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1/go.mod h1:c/wcGeGx5FUPbM/JltUYHZcKmigwyVLJlDq+4HdtXaw= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= @@ -94,8 +96,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY= -github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= @@ -157,10 +159,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 h1:J45/QHgrzUdqe/Vco/Vxk0wRvdS2nKUxmf/zLgvfass= -github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU= -github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9orim59UnfUTLRjMpd09C5uEVQ6RPGeCaVI= -github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg= +github.com/aliyun/alibaba-cloud-sdk-go v1.62.712 h1:lM7JnA9dEdDFH9XOgRNQMDTQnOjlLkDTNA7c0aWTQ30= +github.com/aliyun/alibaba-cloud-sdk-go v1.62.712/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= @@ -179,38 +179,39 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.44.327 h1:ZS8oO4+7MOBLhkdwIhgtVeDzCeWOlTfKJS7EgggbIEY= github.com/aws/aws-sdk-go v1.44.327/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= -github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= -github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o= -github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4= -github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8= -github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino= -github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0 h1:LvWkxBi/bsWHqj3bFTUuDLl4OAlbaM1HDZ9YPhj5+jg= -github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0/go.mod h1:35MKNS46RX7Lb9EIFP2bPy3WrJu+bxU6QgLis8K1aa4= -github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0= -github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U= -github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= -github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= +github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA= +github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA= +github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs= +github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk= +github.com/aws/aws-sdk-go-v2/service/lightsail v1.37.0 h1:lfVUMJEGXzi5l8jam/WXLNSn+vM/fpe2dmMYOdRiQ+k= +github.com/aws/aws-sdk-go-v2/service/lightsail v1.37.0/go.mod h1:GSVUed6FJivX6v7Pgrk9iXuRa2NuCtT+nMWGxQHSAXQ= +github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4 h1:ZZKiHm4cN8IDDZ2kh8DTk+YnYBjVsiFdwf5FwVs//IQ= +github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4/go.mod h1:RTfjFUctf+Zyq8e4rgLXmz43+0kIoIXbENvrFtilumI= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= +github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= +github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= +github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -229,8 +230,8 @@ github.com/c-bata/go-prompt v0.2.5/go.mod h1:vFnjEGDIIA/Lib7giyE4E9c50Lvl8j0S+7F github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -245,18 +246,14 @@ github.com/civo/civogo v0.3.11 h1:mON/fyrV946Sbk6paRtOSGsN+asCgCmHCgArf5xmGxM= github.com/civo/civogo v0.3.11/go.mod h1:7+GeeFwc4AYTULaEshpT2vIcl3Qq8HPoxA17viX3l6g= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/cloudflare-go v0.86.0 h1:jEKN5VHNYNYtfDL2lUFLTRo+nOVNPFxpXTstVx0rqHI= -github.com/cloudflare/cloudflare-go v0.86.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw= +github.com/cloudflare/cloudflare-go v0.93.0 h1:rV0eHb42NUewfK5qa2+LKAD4v4oFA0QGDABn/lMyF78= +github.com/cloudflare/cloudflare-go v0.93.0/go.mod h1:N1u1cLZ4lG6NeezGOWi7P6aq1DK2iVYg9ze7GZbUmZE= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd h1:qMd81Ts1T2OTKmB4acZcyKaMtRnY5Y44NuXGX2GFJ1w= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw= github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE= @@ -316,8 +313,8 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/dnsimple/dnsimple-go v1.2.0 h1:ddTGyLVKly5HKb5L65AkLqFqwZlWo3WnR0BlFZlIddM= -github.com/dnsimple/dnsimple-go v1.2.0/go.mod h1:z/cs26v/eiRvUyXsHQBLd8lWF8+cD6GbmkPH84plM4U= +github.com/dnsimple/dnsimple-go v1.7.0 h1:JKu9xJtZ3SqOC+BuYgAWeab7+EEx0sz422vu8j611ZY= +github.com/dnsimple/dnsimple-go v1.7.0/go.mod h1:EKpuihlWizqYafSnQHGCd/gyvy3HkEQJ7ODB4KdV8T8= github.com/docker/cli v24.0.9+incompatible h1:OxbimnP/z+qVjDLpq9wbeFU3Nc30XhSe+LkwYQisD50= github.com/docker/cli v24.0.9+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= @@ -383,8 +380,8 @@ github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= -github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -405,8 +402,8 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= -github.com/go-acme/lego/v4 v4.16.1 h1:JxZ93s4KG0jL27rZ30UsIgxap6VGzKuREsSkkyzeoCQ= -github.com/go-acme/lego/v4 v4.16.1/go.mod h1:AVvwdPned/IWpD/ihHhMsKnveF7HHYAz/CmtXi7OZoE= +github.com/go-acme/lego/v4 v4.17.3 h1:5our7Qdyik0abag40abdmQuytq97iweaNHFMT4pYDnQ= +github.com/go-acme/lego/v4 v4.17.3/go.mod h1:Ol6l04hnmavqVHKYS/ByhXXqE64x8yVYhomha82uAUk= github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs= github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= @@ -430,8 +427,11 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v0.4.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= @@ -476,6 +476,8 @@ github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGF github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= +github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA= github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= @@ -491,6 +493,8 @@ github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -526,8 +530,8 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -582,28 +586,28 @@ github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20240402174815-29b9bb013b0f h1:f00RU+zOX+B3rLAmMMkzHUF2h1z4DeYR9tTCvEq2REY= github.com/google/pprof v0.0.0-20240402174815-29b9bb013b0f/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.5 h1:8IYp3w9nysqv3JH+NJgXJzGbDHzLOTj43BmSkp+O7qg= -github.com/google/s2a-go v0.1.5/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= +github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= +github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM= -github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= +github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4= -github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= +github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= +github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= -github.com/gophercloud/gophercloud v0.15.1-0.20210202035223-633d73521055/go.mod h1:wRtmUelyIIv3CSSDI47aUwbs075O6i+LY+pXsKCBsb4= -github.com/gophercloud/gophercloud v1.0.0 h1:9nTGx0jizmHxDobe4mck89FyQHVyA3CaXLIUSGJjP9k= -github.com/gophercloud/gophercloud v1.0.0/go.mod h1:Q8fZtyi5zZxPS/j9aj3sSxtvj41AdQMDwyo1myduD5c= -github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae h1:Hi3IgB9RQDE15Kfovd8MTZrcana+UlQqNbOif8dLpA0= -github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae/go.mod h1:wx8HMD8oQD0Ryhz6+6ykq75PJ79iPyEqYHfwZ4l7OsA= +github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= +github.com/gophercloud/gophercloud v1.11.0 h1:ls0O747DIq1D8SUHc7r2vI8BFbMLeLFuENaAIfEx7OM= +github.com/gophercloud/gophercloud v1.11.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= +github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 h1:sH7xkTfYzxIEgzq1tDHIMKRh1vThOEOGNsettdEeLbE= +github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56/go.mod h1:VSalo4adEk+3sNkmVJLnhHoOyOYYS8sTWLG4mv5BKto= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= @@ -663,7 +667,6 @@ github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjG github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= @@ -715,8 +718,8 @@ github.com/instana/go-sensor v1.38.3/go.mod h1:E42MelHWFz11qqaLwvgt0j98v2s2O/bq2 github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB0m6XCJNZ65nw09/QIp3T1yXr487D+A= github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65/go.mod h1:nYhEREG/B7HUY7P+LKOrqy53TpIqmJ9JyUShcaEKtGw= github.com/jarcoal/httpmock v1.0.8/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= -github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc= -github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= +github.com/jarcoal/httpmock v1.3.1 h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww= +github.com/jarcoal/httpmock v1.3.1/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= @@ -742,7 +745,6 @@ github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -942,10 +944,10 @@ github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uY github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nrdcg/auroradns v1.1.0 h1:KekGh8kmf2MNwqZVVYo/fw/ZONt8QMEmbMFOeljteWo= github.com/nrdcg/auroradns v1.1.0/go.mod h1:O7tViUZbAcnykVnrGkXzIJTHoQCHcgalgAe6X1mzHfk= -github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9 h1:qpB3wZR4+MPK92cTC9zZPnndkJgDgPvQqPUAgVc1NXU= -github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9/go.mod h1:HUoHXDrFvidN1NK9Wb/mZKNOfDNutKkzF2Pg71M9hHA= -github.com/nrdcg/desec v0.7.0 h1:iuGhi4pstF3+vJWwt292Oqe2+AsSPKDynQna/eu1fDs= -github.com/nrdcg/desec v0.7.0/go.mod h1:e1uRqqKv1mJdd5+SQROAhmy75lKMphLzWIuASLkpeFY= +github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3 h1:ouZ2JWDl8IW5k1qugYbmpbmW8hn85Ig6buSMBRlz3KI= +github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3/go.mod h1:ZwadWt7mVhMHMbAQ1w8IhDqtWO3eWqWq72W7trnaiE8= +github.com/nrdcg/desec v0.8.0 h1:FJbRWUAluTCUi9nHFnhqPhLSIHiNnB9elZVWYgFtIqA= +github.com/nrdcg/desec v0.8.0/go.mod h1:BsnYPtSlBttJL3Gyzv0kDH7zkk60obwThlnqiiKzn+o= github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U= github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ= github.com/nrdcg/freemyip v0.2.0 h1:/GscavT4GVqAY13HExl5UyoB4wlchv6Cg5NYDGsUoJ8= @@ -1005,20 +1007,20 @@ github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= -github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= +github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 h1:ZCnq+JUrvXcDVhX/xRolRBZifmabN1HcS1wrPSvxhrU= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2 h1:nY8Hti+WKaP0cRsSeQ026wU03QsM762XBeCXBb9NAWI= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU= -github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= +github.com/oracle/oci-go-sdk/v65 v65.63.1 h1:dYL7sk9L1+C9LCmoq+zjPMNteuJJfk54YExq/4pV9xQ= +github.com/oracle/oci-go-sdk/v65 v65.63.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/outcaste-io/ristretto v0.2.3 h1:AK4zt/fJ76kjlYObOeNwh4T3asEuaCmp26pOvUOL9w0= github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac= -github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0= -github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY= +github.com/ovh/go-ovh v1.5.1 h1:P8O+7H+NQuFK9P/j4sFW5C0fvSS2DnHYGPwdVCp45wI= +github.com/ovh/go-ovh v1.5.1/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC7c= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= @@ -1040,8 +1042,8 @@ github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pires/go-proxyproto v0.6.1 h1:EBupykFmo22SDjv4fQVQd2J9NOoLPmyZA/15ldOGkPw= github.com/pires/go-proxyproto v0.6.1/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY= -github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= -github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= +github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= +github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -1128,23 +1130,27 @@ github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncj github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/sacloud/api-client-go v0.2.8 h1:tIY6PZNBX900K66TqEPa4d6UIbedUczfCBnPJkzi8kw= -github.com/sacloud/api-client-go v0.2.8/go.mod h1:0CV/kWNYlS1hCNdnk6Wx7Wdg8DPFCnv0zOIzdXjeAeY= -github.com/sacloud/go-http v0.1.6 h1:lJGXDt9xrxJiDszRPaN9NIP8MVj10YKMzmnyzdSfI8w= -github.com/sacloud/go-http v0.1.6/go.mod h1:oLAHoDJRkptf8sq4fE8oERLkdCh0kJWfWu+paoJY7I0= -github.com/sacloud/iaas-api-go v1.11.1 h1:2MsFZ4H1uRdRVx2nVXuERWQ3swoFc3XreIV5hJ3Nsws= -github.com/sacloud/iaas-api-go v1.11.1/go.mod h1:uBDSa06F/V0OnoR66jGdbH0PVnCJw+NeE9RVbVgMfss= -github.com/sacloud/packages-go v0.0.9 h1:GbinkBLC/eirFhHpLjoDW6JV7+95Rnd2d8RWj7Afeks= -github.com/sacloud/packages-go v0.0.9/go.mod h1:k+EEUMF2LlncjbNIJNOqLyZ9wjTESPIWIk1OA7x9j2Q= +github.com/sacloud/api-client-go v0.2.10 h1:+rv3jDohD+pkdYwOTBiB+jZsM0xK3AxadXRzhp3q66c= +github.com/sacloud/api-client-go v0.2.10/go.mod h1:Jj3CTy2+O4bcMedVDXlbHuqqche85HEPuVXoQFhLaRc= +github.com/sacloud/go-http v0.1.8 h1:ynreWA/vnM8G2ksbMlmefBHsXURKPz49qlPRqQ9IQdw= +github.com/sacloud/go-http v0.1.8/go.mod h1:7TL7TN1fnPKHsMifIqURDkGujnKViCgEz5Ei/LQdFK8= +github.com/sacloud/iaas-api-go v1.12.0 h1:kqXFn3HzCiawlX6hVJb1GVqcSJqcmiGHB4Zp14sxiI8= +github.com/sacloud/iaas-api-go v1.12.0/go.mod h1:SZLXeWOdXk3WReIS557sbU1gkOgrE4rseIBQV1B3b7o= +github.com/sacloud/packages-go v0.0.10 h1:UiQGjy8LretewkRhsuna1TBM9Vz/l9FoYpQx+D+AOck= +github.com/sacloud/packages-go v0.0.10/go.mod h1:f8QITBh9z4IZc4yE9j21Q8b0sXEMwRlRmhhjWeDVTYs= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22 h1:wJrcTdddKOI8TFxs8cemnhKP2EmKy3yfUKHj3ZdfzYo= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.25 h1:/8rfZAdFfafRXOgz+ZpMZZWZ5pYggCY9t7e/BvjaBHM= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.25/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg= github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI= github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM= github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY= +github.com/selectel/domains-go v1.0.2 h1:Si6iGaMnTFJxwiJVI50DOdZnwcxc87kqaWrVQYW0a4U= +github.com/selectel/domains-go v1.0.2/go.mod h1:SugRKfq4sTpnOHquslCpzda72wV8u0cMBHx0C0l+bzA= +github.com/selectel/go-selvpcclient/v3 v3.1.1 h1:C1q2LqqosiapoLpnGITGmysg0YCSQYDo2Gh69CioevM= +github.com/selectel/go-selvpcclient/v3 v3.1.1/go.mod h1:NM7IXhh1IzqZ88DOw1Qc5Ez3tULLViXo95l5+rKPuyQ= github.com/shirou/gopsutil/v3 v3.23.11 h1:i3jP9NjCPUz7FiZKxlMnODZkdSIp2gnzfrvsu9CuWEQ= github.com/shirou/gopsutil/v3 v3.23.11/go.mod h1:1FrWgea594Jp7qmjHUUPlJDTPgcsb9mGnXDxavtikzM= github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM= @@ -1152,8 +1158,9 @@ github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k= github.com/shoenig/test v1.7.0 h1:eWcHtTXa6QLnBvm0jgEabMRN/uJ4DMV3M8xUGgRkZmk= github.com/shoenig/test v1.7.0/go.mod h1:UxJ6u/x2v/TNs/LoLxBNJRV9DiwBBKYxXSyczsBHFoI= -github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= +github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= @@ -1175,6 +1182,8 @@ github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPc github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= +github.com/sony/gobreaker v0.5.0 h1:dRCvqm0P490vZPmy7ppEk2qCnCieBooFJ+YoXGYB+yg= +github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -1208,8 +1217,8 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= -github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -1220,16 +1229,16 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 h1:XGopsea1Dw7ecQ8JscCNQXDGYAKDiWjDeXnpN/+BY9g= github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 h1:mmz27tVi2r70JYnm5y0Zk8w0Qzsx+vfUw3oqSyrEfP8= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 h1:g9SWTaTy/rEuhMErC2jWq9Qt5ci+jBYSvXnJsLq4adg= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490/go.mod h1:l9q4vc1QiawUB1m3RU+87yLvrrxe54jc0w/kEl4DbSQ= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.898 h1:ERwcXqhc94L9cFxtiI0pvt7IJtlHl/p/Jayl3mLw+ms= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.898/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.898 h1:LoYv5u+gUoFpU/AmIuTRG/2KiEkdm9gCC0dTvk8WITQ= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.898/go.mod h1:c1j6YQ+vCbeA8kJ59Im4UnMd1GxovlpPBDhGZoewfn8= github.com/testcontainers/testcontainers-go v0.27.0 h1:IeIrJN4twonTDuMuBNQdKZ+K97yd7VrmNGu+lDpYcDk= github.com/testcontainers/testcontainers-go v0.27.0/go.mod h1:+HgYZcd17GshBUZv9b+jKFJ198heWPQq3KQIp2+N+7U= github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0= @@ -1249,8 +1258,8 @@ github.com/transip/gotransip/v6 v6.23.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgs github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o= github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= -github.com/uber/jaeger-lib v2.2.0+incompatible h1:MxZXOiR2JuoANZ3J6DE/U0kSFv/eJ/GfSYVCjK7dyaw= -github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= +github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= +github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= @@ -1280,10 +1289,10 @@ github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/yandex-cloud/go-genproto v0.0.0-20220805142335-27b56ddae16f h1:cG+ehPRJSlqljSufLf1KXeXpUd1dLNjnzA18mZcB/O0= -github.com/yandex-cloud/go-genproto v0.0.0-20220805142335-27b56ddae16f/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20220805164847-cf028e604997 h1:2wzke3JH7OtN20WsNDZx2VH/TCmsbqtDEbXzjF+i05E= -github.com/yandex-cloud/go-sdk v0.0.0-20220805164847-cf028e604997/go.mod h1:2CHKs/YGbCcNn/BPaCkEBwKz/FNCELi+MLILjR9RaTA= +github.com/yandex-cloud/go-genproto v0.0.0-20240318083951-4fe6125f286e h1:jLIqA7M9qY31g/Nw/5htVD0DFbxmLnlFZcHKJiG3osI= +github.com/yandex-cloud/go-genproto v0.0.0-20240318083951-4fe6125f286e/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240318084659-dfa50323a0b4 h1:wtzLQJmghkSUb1YkeFphIh7ST7NNVDaVOJZSAJcjMdw= +github.com/yandex-cloud/go-sdk v0.0.0-20240318084659-dfa50323a0b4/go.mod h1:9d1MV6u4lK715YXnZceKqhP4L0bKBKmv4mSLnVSjJaM= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1325,6 +1334,14 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= +go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= +go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= +go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= +go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= +go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= +go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -1344,8 +1361,8 @@ go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+ go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= -go.uber.org/ratelimit v0.2.0 h1:UQE2Bgi7p2B85uP5dC2bbRtig0C+OeNRnNEafLjsLPA= -go.uber.org/ratelimit v0.2.0/go.mod h1:YYBV4e4naJvhpitQrWJu1vCpgB7CboMe0qhltKt6mUg= +go.uber.org/ratelimit v0.3.0 h1:IdZd9wqvFXnvLvSEBo0KPcGfkoBGNkpTHlrE3Rcjkjw= +go.uber.org/ratelimit v0.3.0/go.mod h1:So5LG7CV1zWpY1sHe+DXTJqQvOx+FFPFaAs2SnoyBaI= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= @@ -1380,15 +1397,14 @@ golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1496,8 +1512,8 @@ golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1510,8 +1526,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= +golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1606,7 +1622,6 @@ golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1630,8 +1645,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1642,8 +1657,8 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1653,14 +1668,13 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1744,8 +1758,8 @@ golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyj golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= -golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1781,8 +1795,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= -google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg= -google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= +google.golang.org/api v0.172.0 h1:/1OcMZGPmW1rX2LCu2CmGUD1KXK1+pfzxotxyRUCCdk= +google.golang.org/api v0.172.0/go.mod h1:+fJZq6QXWfa9pXhnIzsjx4yI22d4aI9ZpLb58gvXjis= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1790,7 +1804,6 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -1837,12 +1850,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= +google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1870,9 +1883,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= -google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= -google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= +google.golang.org/grpc v1.63.1 h1:pNClQmvdlyNUiwFETOux/PYqfhmA7BrswEdGRnib1fA= +google.golang.org/grpc v1.63.1/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1909,12 +1921,11 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/ns1/ns1-go.v2 v2.7.13 h1:r07CLALg18f/L1KIK1ZJdbirBV349UtYT1rDWGjnaTk= -gopkg.in/ns1/ns1-go.v2 v2.7.13/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc= +gopkg.in/ns1/ns1-go.v2 v2.9.1 h1:3/QYzUazRCSE49d3sh1Q+X7IrDp/I7OqR/M7dKA0Oks= +gopkg.in/ns1/ns1-go.v2 v2.9.1/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= @@ -1933,6 +1944,7 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= From 0f0cc420e193960048f08bbe78ccff3130a9bee8 Mon Sep 17 00:00:00 2001 From: Dusty Gutzmann Date: Wed, 29 May 2024 02:40:05 -0600 Subject: [PATCH 06/31] docs(ratelimit requestheader): add note concerning behavior if header is missing Co-authored-by: Romain --- docs/content/middlewares/http/ratelimit.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/content/middlewares/http/ratelimit.md b/docs/content/middlewares/http/ratelimit.md index 3020edbe7..bcedbcb00 100644 --- a/docs/content/middlewares/http/ratelimit.md +++ b/docs/content/middlewares/http/ratelimit.md @@ -432,6 +432,8 @@ http: Name of the header used to group incoming requests. +!!! important "If the header is not present, rate limiting will still be applied, but all requests without the specified header will be grouped together." + ```yaml tab="Docker" labels: - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username" From c0a2e6b4b6511071317c91bc4f922aba1c8a6038 Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Thu, 30 May 2024 09:14:04 +0200 Subject: [PATCH 07/31] Compute HTTPRoute priorities Co-authored-by: Romain --- integration/k8s_conformance_test.go | 4 - integration/testdata/rawdata-gateway.json | 24 +- pkg/provider/kubernetes/gateway/httproute.go | 144 +++++--- .../kubernetes/gateway/httproute_test.go | 287 ++++++++-------- .../kubernetes/gateway/kubernetes_test.go | 317 ++++++++++-------- 5 files changed, 429 insertions(+), 347 deletions(-) diff --git a/integration/k8s_conformance_test.go b/integration/k8s_conformance_test.go index 3ba562b2c..1e0c5d96b 100644 --- a/integration/k8s_conformance_test.go +++ b/integration/k8s_conformance_test.go @@ -199,12 +199,8 @@ func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() { RunTest: *k8sConformanceRunTest, // Until the feature are all supported, following tests are skipped. SkipTests: []string{ - tests.HTTPRouteListenerHostnameMatching.ShortName, tests.HTTPRouteInvalidCrossNamespaceParentRef.ShortName, - tests.HTTPRouteMatchingAcrossRoutes.ShortName, tests.HTTPRoutePartiallyInvalidViaInvalidReferenceGrant.ShortName, - tests.HTTPRoutePathMatchOrder.ShortName, - tests.HTTPRouteHeaderMatching.ShortName, tests.HTTPRouteReferenceGrant.ShortName, }, } diff --git a/integration/testdata/rawdata-gateway.json b/integration/testdata/rawdata-gateway.json index 08bd34802..d321d987f 100644 --- a/integration/testdata/rawdata-gateway.json +++ b/integration/testdata/rawdata-gateway.json @@ -30,27 +30,27 @@ "traefik" ] }, - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06@kubernetesgateway": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27@kubernetesgateway": { "entryPoints": [ "web" ], - "service": "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - "rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)", + "service": "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + "rule": "Host(`foo.com`) \u0026\u0026 (Path(`/bar`))", "ruleSyntax": "v3", - "priority": 31, + "priority": 99997, "status": "enabled", "using": [ "web" ] }, - "default-http-app-1-my-https-gateway-websecure-1c0cf64bde37d9d0df06@kubernetesgateway": { + "default-http-app-1-my-https-gateway-websecure-af4b9876d1fe36359e27@kubernetesgateway": { "entryPoints": [ "websecure" ], - "service": "default-http-app-1-my-https-gateway-websecure-1c0cf64bde37d9d0df06-wrr", - "rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)", + "service": "default-http-app-1-my-https-gateway-websecure-af4b9876d1fe36359e27-wrr", + "rule": "Host(`foo.com`) \u0026\u0026 (Path(`/bar`))", "ruleSyntax": "v3", - "priority": 31, + "priority": 99997, "tls": {}, "status": "enabled", "using": [ @@ -96,7 +96,7 @@ "dashboard@internal" ] }, - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr@kubernetesgateway": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr@kubernetesgateway": { "weighted": { "services": [ { @@ -107,10 +107,10 @@ }, "status": "enabled", "usedBy": [ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06@kubernetesgateway" + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27@kubernetesgateway" ] }, - "default-http-app-1-my-https-gateway-websecure-1c0cf64bde37d9d0df06-wrr@kubernetesgateway": { + "default-http-app-1-my-https-gateway-websecure-af4b9876d1fe36359e27-wrr@kubernetesgateway": { "weighted": { "services": [ { @@ -121,7 +121,7 @@ }, "status": "enabled", "usedBy": [ - "default-http-app-1-my-https-gateway-websecure-1c0cf64bde37d9d0df06@kubernetesgateway" + "default-http-app-1-my-https-gateway-websecure-af4b9876d1fe36359e27@kubernetesgateway" ] }, "default-whoami-80@kubernetesgateway": { diff --git a/pkg/provider/kubernetes/gateway/httproute.go b/pkg/provider/kubernetes/gateway/httproute.go index 3410764d9..86664ee5f 100644 --- a/pkg/provider/kubernetes/gateway/httproute.go +++ b/pkg/provider/kubernetes/gateway/httproute.go @@ -128,12 +128,12 @@ func (p *Provider) loadHTTPRoute(ctx context.Context, client Client, listener ga }, } - hostRule := hostRule(hostnames) - for _, routeRule := range route.Spec.Rules { + rule, priority := buildRouterRule(hostnames, routeRule.Matches) router := dynamic.Router{ RuleSyntax: "v3", - Rule: routerRule(routeRule, hostRule), + Rule: rule, + Priority: priority, EntryPoints: []string{listener.EPName}, } if listener.Protocol == gatev1.HTTPSProtocolType { @@ -418,12 +418,17 @@ func loadHTTPServers(client Client, namespace string, backendRef gatev1.HTTPBack return lb, nil } -func hostRule(hostnames []gatev1.Hostname) string { +func buildHostRule(hostnames []gatev1.Hostname) (string, int) { var rules []string + var priority int for _, hostname := range hostnames { host := string(hostname) + if priority < len(host) { + priority = len(host) + } + wildcard := strings.Count(host, "*") if wildcard == 0 { rules = append(rules, fmt.Sprintf("Host(`%s`)", host)) @@ -436,86 +441,123 @@ func hostRule(hostnames []gatev1.Hostname) string { switch len(rules) { case 0: - return "" + return "", 0 case 1: - return rules[0] + return rules[0], priority default: - return fmt.Sprintf("(%s)", strings.Join(rules, " || ")) + return fmt.Sprintf("(%s)", strings.Join(rules, " || ")), priority } } -func routerRule(routeRule gatev1.HTTPRouteRule, hostRule string) string { - var rule string +// buildRouterRule builds the route rule and computes its priority. +// The current priority computing is rather naive but aims to fulfill Conformance tests suite requirement. +// The priority is computed to match the following precedence order: +// +// * "Exact" path match. (+100000) +// * "Prefix" path match with largest number of characters. (+10000) PathRegex (+1000) +// * Method match. (not implemented) +// * Largest number of header matches. (+100 each) or with PathRegex (+10 each) +// * Largest number of query param matches. (not implemented) +// +// In case of multiple matches for a route, the maximum priority among all matches is retain. +func buildRouterRule(hostnames []gatev1.Hostname, routeMatches []gatev1.HTTPRouteMatch) (string, int) { var matchesRules []string + var maxPriority int - for _, match := range routeRule.Matches { + for _, match := range routeMatches { path := ptr.Deref(match.Path, gatev1.HTTPPathMatch{ Type: ptr.To(gatev1.PathMatchPathPrefix), Value: ptr.To("/"), }) - pathType := ptr.Deref(path.Type, gatev1.PathMatchPathPrefix) - pathValue := ptr.Deref(path.Value, "/") + var priority int var matchRules []string - switch pathType { - case gatev1.PathMatchExact: - matchRules = append(matchRules, fmt.Sprintf("Path(`%s`)", pathValue)) - case gatev1.PathMatchPathPrefix: - matchRules = append(matchRules, buildPathMatchPathPrefixRule(pathValue)) - case gatev1.PathMatchRegularExpression: - matchRules = append(matchRules, fmt.Sprintf("PathRegexp(`%s`)", pathValue)) - } - matchRules = append(matchRules, headerRules(match.Headers)...) + pathRule, pathPriority := buildPathRule(path) + matchRules = append(matchRules, pathRule) + priority += pathPriority + + headerRules, headersPriority := buildHeaderRules(match.Headers) + matchRules = append(matchRules, headerRules...) + priority += headersPriority + matchesRules = append(matchesRules, strings.Join(matchRules, " && ")) - } - // If no matches are specified, the default is a prefix - // path match on "/", which has the effect of matching every - // HTTP request. - if len(routeRule.Matches) == 0 { - matchesRules = append(matchesRules, "PathPrefix(`/`)") - } - - if hostRule != "" { - if len(matchesRules) == 0 { - return hostRule + if priority > maxPriority { + maxPriority = priority } - rule += hostRule + " && " } - if len(matchesRules) == 1 { - return rule + matchesRules[0] + hostRule, hostPriority := buildHostRule(hostnames) + + matchesRulesStr := strings.Join(matchesRules, " || ") + + if hostRule == "" && matchesRulesStr == "" { + return "PathPrefix(`/`)", 1 } - if len(rule) == 0 { - return strings.Join(matchesRules, " || ") + if hostRule != "" && matchesRulesStr == "" { + return hostRule, hostPriority } - return rule + "(" + strings.Join(matchesRules, " || ") + ")" + // Enforce that, at the same priority, + // the route with fewer matches (more specific) matches first. + maxPriority -= len(matchesRules) * 10 + if maxPriority < 1 { + maxPriority = 1 + } + + if hostRule == "" { + return matchesRulesStr, maxPriority + } + + // A route with a host should match over the same route with no host. + maxPriority += hostPriority + return hostRule + " && " + "(" + matchesRulesStr + ")", maxPriority } -func headerRules(headers []gatev1.HTTPHeaderMatch) []string { - var headerRules []string +func buildPathRule(pathMatch gatev1.HTTPPathMatch) (string, int) { + pathType := ptr.Deref(pathMatch.Type, gatev1.PathMatchPathPrefix) + pathValue := ptr.Deref(pathMatch.Value, "/") + + switch pathType { + case gatev1.PathMatchExact: + return fmt.Sprintf("Path(`%s`)", pathValue), 100000 + + case gatev1.PathMatchPathPrefix: + // PathPrefix(`/`) rule is a catch-all, + // here we ensure it would be evaluated last. + if pathValue == "/" { + return "PathPrefix(`/`)", 1 + } + + pv := strings.TrimSuffix(pathValue, "/") + return fmt.Sprintf("(Path(`%[1]s`) || PathPrefix(`%[1]s/`))", pv), 10000 + len(pathValue)*100 + + case gatev1.PathMatchRegularExpression: + return fmt.Sprintf("PathRegexp(`%s`)", pathValue), 1000 + len(pathValue)*100 + + default: + return "PathPrefix(`/`)", 1 + } +} + +func buildHeaderRules(headers []gatev1.HTTPHeaderMatch) ([]string, int) { + var rules []string + var priority int for _, header := range headers { typ := ptr.Deref(header.Type, gatev1.HeaderMatchExact) switch typ { case gatev1.HeaderMatchExact: - headerRules = append(headerRules, fmt.Sprintf("Header(`%s`,`%s`)", header.Name, header.Value)) + rules = append(rules, fmt.Sprintf("Header(`%s`,`%s`)", header.Name, header.Value)) + priority += 100 case gatev1.HeaderMatchRegularExpression: - headerRules = append(headerRules, fmt.Sprintf("HeaderRegexp(`%s`,`%s`)", header.Name, header.Value)) + rules = append(rules, fmt.Sprintf("HeaderRegexp(`%s`,`%s`)", header.Name, header.Value)) + priority += 10 } } - return headerRules -} -func buildPathMatchPathPrefixRule(path string) string { - if path == "/" { - return "PathPrefix(`/`)" - } - - path = strings.TrimSuffix(path, "/") - return fmt.Sprintf("(Path(`%[1]s`) || PathPrefix(`%[1]s/`))", path) + return rules, priority } // createRequestHeaderModifier does not enforce/check the configuration, diff --git a/pkg/provider/kubernetes/gateway/httproute_test.go b/pkg/provider/kubernetes/gateway/httproute_test.go index 2698acfdb..9e9833e40 100644 --- a/pkg/provider/kubernetes/gateway/httproute_test.go +++ b/pkg/provider/kubernetes/gateway/httproute_test.go @@ -8,15 +8,16 @@ import ( gatev1 "sigs.k8s.io/gateway-api/apis/v1" ) -func Test_hostRule(t *testing.T) { +func Test_buildHostRule(t *testing.T) { testCases := []struct { - desc string - hostnames []gatev1.Hostname - expectedRule string - expectErr bool + desc string + hostnames []gatev1.Hostname + expectedRule string + expectedPriority int + expectErr bool }{ { - desc: "Empty rule and matches", + desc: "Empty (should not happen)", expectedRule: "", }, { @@ -24,7 +25,8 @@ func Test_hostRule(t *testing.T) { hostnames: []gatev1.Hostname{ "Foo", }, - expectedRule: "Host(`Foo`)", + expectedRule: "Host(`Foo`)", + expectedPriority: 3, }, { desc: "Multiple Hosts", @@ -33,7 +35,8 @@ func Test_hostRule(t *testing.T) { "Bar", "Bir", }, - expectedRule: "(Host(`Foo`) || Host(`Bar`) || Host(`Bir`))", + expectedRule: "(Host(`Foo`) || Host(`Bar`) || Host(`Bir`))", + expectedPriority: 3, }, { desc: "Several Host and wildcard", @@ -42,14 +45,16 @@ func Test_hostRule(t *testing.T) { "bar.foo", "foo.foo", }, - expectedRule: "(HostRegexp(`^[a-z0-9-\\.]+\\.bar\\.foo$`) || Host(`bar.foo`) || Host(`foo.foo`))", + expectedRule: "(HostRegexp(`^[a-z0-9-\\.]+\\.bar\\.foo$`) || Host(`bar.foo`) || Host(`foo.foo`))", + expectedPriority: 9, }, { desc: "Host with wildcard", hostnames: []gatev1.Hostname{ "*.bar.foo", }, - expectedRule: "HostRegexp(`^[a-z0-9-\\.]+\\.bar\\.foo$`)", + expectedRule: "HostRegexp(`^[a-z0-9-\\.]+\\.bar\\.foo$`)", + expectedPriority: 9, }, } @@ -57,216 +62,209 @@ func Test_hostRule(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - rule := hostRule(test.hostnames) + rule, priority := buildHostRule(test.hostnames) assert.Equal(t, test.expectedRule, rule) + assert.Equal(t, test.expectedPriority, priority) }) } } -func Test_routerRule(t *testing.T) { +func Test_buildRouterRule(t *testing.T) { testCases := []struct { - desc string - routeRule gatev1.HTTPRouteRule - hostRule string - expectedRule string - expectedError bool + desc string + routeMatches []gatev1.HTTPRouteMatch + hostnames []gatev1.Hostname + expectedRule string + expectedPriority int + expectedError bool }{ { - desc: "Empty rule and matches", - expectedRule: "PathPrefix(`/`)", + desc: "Empty rule and matches ", + expectedRule: "PathPrefix(`/`)", + expectedPriority: 1, }, { - desc: "One Host rule without matches", - hostRule: "Host(`foo.com`)", - expectedRule: "Host(`foo.com`) && PathPrefix(`/`)", + desc: "One Host rule without matches", + hostnames: []gatev1.Hostname{"foo.com"}, + expectedRule: "Host(`foo.com`)", + expectedPriority: 7, }, { desc: "One HTTPRouteMatch with nil HTTPHeaderMatch", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: ptr.To(gatev1.HTTPPathMatch{ - Type: ptr.To(gatev1.PathMatchPathPrefix), - Value: ptr.To("/"), - }), - Headers: nil, - }, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: ptr.To(gatev1.HTTPPathMatch{ + Type: ptr.To(gatev1.PathMatchPathPrefix), + Value: ptr.To("/"), + }), + Headers: nil, }, }, - expectedRule: "PathPrefix(`/`)", + expectedRule: "PathPrefix(`/`)", + expectedPriority: 1, }, { desc: "One HTTPRouteMatch with nil HTTPHeaderMatch Type", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: ptr.To(gatev1.HTTPPathMatch{ - Type: ptr.To(gatev1.PathMatchPathPrefix), - Value: ptr.To("/"), - }), - Headers: []gatev1.HTTPHeaderMatch{ - {Name: "foo", Value: "bar"}, - }, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: ptr.To(gatev1.HTTPPathMatch{ + Type: ptr.To(gatev1.PathMatchPathPrefix), + Value: ptr.To("/"), + }), + Headers: []gatev1.HTTPHeaderMatch{ + {Name: "foo", Value: "bar"}, }, }, }, - expectedRule: "PathPrefix(`/`) && Header(`foo`,`bar`)", + expectedRule: "PathPrefix(`/`) && Header(`foo`,`bar`)", + expectedPriority: 91, }, { desc: "One HTTPRouteMatch with nil HTTPPathMatch", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - {Path: nil}, - }, + routeMatches: []gatev1.HTTPRouteMatch{ + {Path: nil}, }, - expectedRule: "PathPrefix(`/`)", + expectedRule: "PathPrefix(`/`)", + expectedPriority: 1, }, { desc: "One HTTPRouteMatch with nil HTTPPathMatch Type", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: &gatev1.HTTPPathMatch{ - Type: nil, - Value: ptr.To("/foo/"), - }, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: &gatev1.HTTPPathMatch{ + Type: nil, + Value: ptr.To("/foo/"), }, }, }, - expectedRule: "(Path(`/foo`) || PathPrefix(`/foo/`))", + expectedRule: "(Path(`/foo`) || PathPrefix(`/foo/`))", + expectedPriority: 10490, }, { desc: "One HTTPRouteMatch with nil HTTPPathMatch Values", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: &gatev1.HTTPPathMatch{ - Type: ptr.To(gatev1.PathMatchExact), - Value: nil, - }, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: &gatev1.HTTPPathMatch{ + Type: ptr.To(gatev1.PathMatchExact), + Value: nil, }, }, }, - expectedRule: "Path(`/`)", + expectedRule: "Path(`/`)", + expectedPriority: 99990, }, { desc: "One Path in matches", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: &gatev1.HTTPPathMatch{ - Type: ptr.To(gatev1.PathMatchExact), - Value: ptr.To("/foo/"), - }, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: &gatev1.HTTPPathMatch{ + Type: ptr.To(gatev1.PathMatchExact), + Value: ptr.To("/foo/"), }, }, }, - expectedRule: "Path(`/foo/`)", + expectedRule: "Path(`/foo/`)", + expectedPriority: 99990, }, { desc: "One Path in matches and another empty", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: &gatev1.HTTPPathMatch{ - Type: ptr.To(gatev1.PathMatchExact), - Value: ptr.To("/foo/"), - }, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: &gatev1.HTTPPathMatch{ + Type: ptr.To(gatev1.PathMatchExact), + Value: ptr.To("/foo/"), }, - {}, }, + {}, }, - expectedRule: "Path(`/foo/`) || PathPrefix(`/`)", + expectedRule: "Path(`/foo/`) || PathPrefix(`/`)", + expectedPriority: 99980, }, { desc: "Path OR Header rules", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: &gatev1.HTTPPathMatch{ - Type: ptr.To(gatev1.PathMatchExact), - Value: ptr.To("/foo/"), - }, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: &gatev1.HTTPPathMatch{ + Type: ptr.To(gatev1.PathMatchExact), + Value: ptr.To("/foo/"), }, - { - Headers: []gatev1.HTTPHeaderMatch{ - { - Type: ptr.To(gatev1.HeaderMatchExact), - Name: "my-header", - Value: "foo", - }, + }, + { + Headers: []gatev1.HTTPHeaderMatch{ + { + Type: ptr.To(gatev1.HeaderMatchExact), + Name: "my-header", + Value: "foo", }, }, }, }, - expectedRule: "Path(`/foo/`) || PathPrefix(`/`) && Header(`my-header`,`foo`)", + expectedRule: "Path(`/foo/`) || PathPrefix(`/`) && Header(`my-header`,`foo`)", + expectedPriority: 99980, }, { desc: "Path && Header rules", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: &gatev1.HTTPPathMatch{ - Type: ptr.To(gatev1.PathMatchExact), - Value: ptr.To("/foo/"), - }, - Headers: []gatev1.HTTPHeaderMatch{ - { - Type: ptr.To(gatev1.HeaderMatchExact), - Name: "my-header", - Value: "foo", - }, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: &gatev1.HTTPPathMatch{ + Type: ptr.To(gatev1.PathMatchExact), + Value: ptr.To("/foo/"), + }, + Headers: []gatev1.HTTPHeaderMatch{ + { + Type: ptr.To(gatev1.HeaderMatchExact), + Name: "my-header", + Value: "foo", }, }, }, }, - expectedRule: "Path(`/foo/`) && Header(`my-header`,`foo`)", + expectedRule: "Path(`/foo/`) && Header(`my-header`,`foo`)", + expectedPriority: 100090, }, { - desc: "Host && Path && Header rules", - hostRule: "Host(`foo.com`)", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: &gatev1.HTTPPathMatch{ - Type: ptr.To(gatev1.PathMatchExact), - Value: ptr.To("/foo/"), - }, - Headers: []gatev1.HTTPHeaderMatch{ - { - Type: ptr.To(gatev1.HeaderMatchExact), - Name: "my-header", - Value: "foo", - }, + desc: "Host && Path && Header rules", + hostnames: []gatev1.Hostname{"foo.com"}, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: &gatev1.HTTPPathMatch{ + Type: ptr.To(gatev1.PathMatchExact), + Value: ptr.To("/foo/"), + }, + Headers: []gatev1.HTTPHeaderMatch{ + { + Type: ptr.To(gatev1.HeaderMatchExact), + Name: "my-header", + Value: "foo", }, }, }, }, - expectedRule: "Host(`foo.com`) && Path(`/foo/`) && Header(`my-header`,`foo`)", + expectedRule: "Host(`foo.com`) && (Path(`/foo/`) && Header(`my-header`,`foo`))", + expectedPriority: 100097, }, { - desc: "Host && (Path || Header) rules", - hostRule: "Host(`foo.com`)", - routeRule: gatev1.HTTPRouteRule{ - Matches: []gatev1.HTTPRouteMatch{ - { - Path: &gatev1.HTTPPathMatch{ - Type: ptr.To(gatev1.PathMatchExact), - Value: ptr.To("/foo/"), - }, + desc: "Host && (Path || Header) rules", + hostnames: []gatev1.Hostname{"foo.com"}, + routeMatches: []gatev1.HTTPRouteMatch{ + { + Path: &gatev1.HTTPPathMatch{ + Type: ptr.To(gatev1.PathMatchExact), + Value: ptr.To("/foo/"), }, - { - Headers: []gatev1.HTTPHeaderMatch{ - { - Type: ptr.To(gatev1.HeaderMatchExact), - Name: "my-header", - Value: "foo", - }, + }, + { + Headers: []gatev1.HTTPHeaderMatch{ + { + Type: ptr.To(gatev1.HeaderMatchExact), + Name: "my-header", + Value: "foo", }, }, }, }, - expectedRule: "Host(`foo.com`) && (Path(`/foo/`) || PathPrefix(`/`) && Header(`my-header`,`foo`))", + expectedRule: "Host(`foo.com`) && (Path(`/foo/`) || PathPrefix(`/`) && Header(`my-header`,`foo`))", + expectedPriority: 99987, }, } @@ -274,8 +272,9 @@ func Test_routerRule(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - rule := routerRule(test.routeRule, test.hostRule) + rule, priority := buildRouterRule(test.hostnames, test.routeMatches) assert.Equal(t, test.expectedRule, rule) + assert.Equal(t, test.expectedPriority, priority) }) } } diff --git a/pkg/provider/kubernetes/gateway/kubernetes_test.go b/pkg/provider/kubernetes/gateway/kubernetes_test.go index 033f19420..0a61618e1 100644 --- a/pkg/provider/kubernetes/gateway/kubernetes_test.go +++ b/pkg/provider/kubernetes/gateway/kubernetes_test.go @@ -198,16 +198,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -566,16 +567,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -626,10 +628,11 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, Service: "api@internal", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, @@ -659,17 +662,18 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-websecure-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-websecure-af4b9876d1fe36359e27": { EntryPoints: []string{"websecure"}, - Service: "default-http-app-1-my-gateway-websecure-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-websecure-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", TLS: &dynamic.RouterTLSConfig{}, }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-websecure-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-websecure-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -729,16 +733,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-66e726cd8903b49727ae": { + "default-http-app-1-my-gateway-web-da59521d735cff97495a": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-66e726cd8903b49727ae-wrr", - Rule: "(Host(`foo.com`) || Host(`bar.com`)) && PathPrefix(`/`)", + Service: "default-http-app-1-my-gateway-web-da59521d735cff97495a-wrr", + Rule: "(Host(`foo.com`) || Host(`bar.com`))", + Priority: 7, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-66e726cd8903b49727ae-wrr": { + "default-http-app-1-my-gateway-web-da59521d735cff97495a-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -789,16 +794,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-baa117c0219e3878749f": { + "default-http-app-1-my-gateway-web-2550b6c946893e8b737a": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-baa117c0219e3878749f-wrr", - Rule: "(Host(`foo.com`) || HostRegexp(`^[a-z0-9-\\.]+\\.bar\\.com$`)) && PathPrefix(`/`)", + Service: "default-http-app-1-my-gateway-web-2550b6c946893e8b737a-wrr", + Rule: "(Host(`foo.com`) || HostRegexp(`^[a-z0-9-\\.]+\\.bar\\.com$`))", + Priority: 9, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-baa117c0219e3878749f-wrr": { + "default-http-app-1-my-gateway-web-2550b6c946893e8b737a-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -849,16 +855,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-45eba2eaf40ac792e036": { + "default-http-app-1-my-gateway-web-0cd7265d0030f02bee3d": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-45eba2eaf40ac792e036-wrr", - Rule: "(Host(`foo.com`) || HostRegexp(`^[a-z0-9-\\.]+\\.foo\\.com$`)) && PathPrefix(`/`)", + Service: "default-http-app-1-my-gateway-web-0cd7265d0030f02bee3d-wrr", + Rule: "(Host(`foo.com`) || HostRegexp(`^[a-z0-9-\\.]+\\.foo\\.com$`))", + Priority: 9, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-45eba2eaf40ac792e036-wrr": { + "default-http-app-1-my-gateway-web-0cd7265d0030f02bee3d-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -909,22 +916,24 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Rule: "Host(`foo.com`) && Path(`/bar`)", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", }, - "default-http-app-1-my-gateway-web-d737b4933fa88e68ab8a": { + "default-http-app-1-my-gateway-web-f37ede0f5aa6cc3e3a16": { EntryPoints: []string{"web"}, - Rule: "Host(`foo.com`) && Path(`/bir`)", + Rule: "Host(`foo.com`) && (Path(`/bir`))", + Priority: 99997, RuleSyntax: "v3", - Service: "default-http-app-1-my-gateway-web-d737b4933fa88e68ab8a-wrr", + Service: "default-http-app-1-my-gateway-web-f37ede0f5aa6cc3e3a16-wrr", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -934,7 +943,7 @@ func TestLoadHTTPRoutes(t *testing.T) { }, }, }, - "default-http-app-1-my-gateway-web-d737b4933fa88e68ab8a-wrr": { + "default-http-app-1-my-gateway-web-f37ede0f5aa6cc3e3a16-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1001,16 +1010,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Rule: "Host(`foo.com`) && Path(`/bar`)", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1086,23 +1096,25 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-http-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-http-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-http-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-http-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, - "default-http-app-1-my-gateway-https-websecure-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-https-websecure-af4b9876d1fe36359e27": { EntryPoints: []string{"websecure"}, - Service: "default-http-app-1-my-gateway-https-websecure-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-https-websecure-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", TLS: &dynamic.RouterTLSConfig{}, }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-http-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-http-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1112,7 +1124,7 @@ func TestLoadHTTPRoutes(t *testing.T) { }, }, }, - "default-http-app-1-my-gateway-https-websecure-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-https-websecure-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1177,23 +1189,25 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, - "default-http-app-1-my-gateway-websecure-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-websecure-af4b9876d1fe36359e27": { EntryPoints: []string{"websecure"}, - Service: "default-http-app-1-my-gateway-websecure-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-websecure-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", TLS: &dynamic.RouterTLSConfig{}, }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1203,7 +1217,7 @@ func TestLoadHTTPRoutes(t *testing.T) { }, }, }, - "default-http-app-1-my-gateway-websecure-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-websecure-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1263,28 +1277,31 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-6cf37fa71907768d925c": { + "default-http-app-1-my-gateway-web-1f099b05db72cebb53a5": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-6cf37fa71907768d925c-wrr", - Rule: "Host(`foo.com`) && (Path(`/bar`) || PathPrefix(`/bar/`)) && Header(`my-header`,`foo`) && Header(`my-header2`,`bar`)", + Service: "default-http-app-1-my-gateway-web-1f099b05db72cebb53a5-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`) && Header(`my-header`,`bar`))", + Priority: 100097, RuleSyntax: "v3", }, - "default-http-app-1-my-gateway-web-aaba0f24fd26e1ca2276": { + "default-http-app-1-my-gateway-web-4863cbd61ecd5b4b0739": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-aaba0f24fd26e1ca2276-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`) && Header(`my-header`,`bar`)", + Service: "default-http-app-1-my-gateway-web-4863cbd61ecd5b4b0739-wrr", + Rule: "Host(`foo.com`) && (PathRegexp(`^/buzz/[0-9]+$`))", + Priority: 2397, RuleSyntax: "v3", }, - "default-http-app-1-my-gateway-web-d23f7039bc8036fb918c": { + "default-http-app-1-my-gateway-web-374af7817bd7c32eba26": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-d23f7039bc8036fb918c-wrr", - Rule: "Host(`foo.com`) && PathRegexp(`^/buzz/[0-9]+$`)", + Service: "default-http-app-1-my-gateway-web-374af7817bd7c32eba26-wrr", + Rule: "Host(`foo.com`) && ((Path(`/bar`) || PathPrefix(`/bar/`)) && Header(`my-header`,`foo`) && Header(`my-header2`,`bar`))", + Priority: 10597, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-6cf37fa71907768d925c-wrr": { + "default-http-app-1-my-gateway-web-1f099b05db72cebb53a5-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1294,7 +1311,7 @@ func TestLoadHTTPRoutes(t *testing.T) { }, }, }, - "default-http-app-1-my-gateway-web-aaba0f24fd26e1ca2276-wrr": { + "default-http-app-1-my-gateway-web-4863cbd61ecd5b4b0739-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1304,7 +1321,7 @@ func TestLoadHTTPRoutes(t *testing.T) { }, }, }, - "default-http-app-1-my-gateway-web-d23f7039bc8036fb918c-wrr": { + "default-http-app-1-my-gateway-web-374af7817bd7c32eba26-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1355,16 +1372,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-default-my-gateway-web-efde1997778109a1f6eb": { + "default-http-app-default-my-gateway-web-a0df3dbe37431caa4485": { EntryPoints: []string{"web"}, - Service: "default-http-app-default-my-gateway-web-efde1997778109a1f6eb-wrr", - Rule: "Host(`foo.com`) && Path(`/foo`)", + Service: "default-http-app-default-my-gateway-web-a0df3dbe37431caa4485-wrr", + Rule: "Host(`foo.com`) && (Path(`/foo`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-default-my-gateway-web-efde1997778109a1f6eb-wrr": { + "default-http-app-default-my-gateway-web-a0df3dbe37431caa4485-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1415,22 +1433,24 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-default-my-gateway-web-efde1997778109a1f6eb": { + "default-http-app-default-my-gateway-web-a0df3dbe37431caa4485": { EntryPoints: []string{"web"}, - Service: "default-http-app-default-my-gateway-web-efde1997778109a1f6eb-wrr", - Rule: "Host(`foo.com`) && Path(`/foo`)", + Service: "default-http-app-default-my-gateway-web-a0df3dbe37431caa4485-wrr", + Rule: "Host(`foo.com`) && (Path(`/foo`))", + Priority: 99997, RuleSyntax: "v3", }, - "bar-http-app-bar-my-gateway-web-66f5c78d03d948e36597": { + "bar-http-app-bar-my-gateway-web-c7f946bee1e5b1751d6a": { EntryPoints: []string{"web"}, - Service: "bar-http-app-bar-my-gateway-web-66f5c78d03d948e36597-wrr", - Rule: "Host(`bar.com`) && Path(`/bar`)", + Service: "bar-http-app-bar-my-gateway-web-c7f946bee1e5b1751d6a-wrr", + Rule: "Host(`bar.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-default-my-gateway-web-efde1997778109a1f6eb-wrr": { + "default-http-app-default-my-gateway-web-a0df3dbe37431caa4485-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1440,7 +1460,7 @@ func TestLoadHTTPRoutes(t *testing.T) { }, }, }, - "bar-http-app-bar-my-gateway-web-66f5c78d03d948e36597-wrr": { + "bar-http-app-bar-my-gateway-web-c7f946bee1e5b1751d6a-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1507,16 +1527,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "bar-http-app-bar-my-gateway-web-66f5c78d03d948e36597": { + "bar-http-app-bar-my-gateway-web-c7f946bee1e5b1751d6a": { EntryPoints: []string{"web"}, - Service: "bar-http-app-bar-my-gateway-web-66f5c78d03d948e36597-wrr", - Rule: "Host(`bar.com`) && Path(`/bar`)", + Service: "bar-http-app-bar-my-gateway-web-c7f946bee1e5b1751d6a-wrr", + Rule: "Host(`bar.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "bar-http-app-bar-my-gateway-web-66f5c78d03d948e36597-wrr": { + "bar-http-app-bar-my-gateway-web-c7f946bee1e5b1751d6a-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1567,16 +1588,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4": { + "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-wrr", - Rule: "Host(`example.org`) && PathPrefix(`/`)", + Service: "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-wrr", + Rule: "Host(`example.org`)", + Priority: 11, RuleSyntax: "v3", - Middlewares: []string{"default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-requestheadermodifier-0"}, + Middlewares: []string{"default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-requestheadermodifier-0"}, }, }, Middlewares: map[string]*dynamic.Middleware{ - "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-requestheadermodifier-0": { + "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-requestheadermodifier-0": { RequestHeaderModifier: &dynamic.RequestHeaderModifier{ Set: map[string]string{"X-Foo": "Bar"}, Add: map[string]string{"X-Bar": "Foo"}, @@ -1585,7 +1607,7 @@ func TestLoadHTTPRoutes(t *testing.T) { }, }, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-wrr": { + "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1636,16 +1658,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4": { + "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-wrr", - Rule: "Host(`example.org`) && PathPrefix(`/`)", + Service: "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-wrr", + Rule: "Host(`example.org`)", + Priority: 11, RuleSyntax: "v3", - Middlewares: []string{"default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-requestredirect-0"}, + Middlewares: []string{"default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-requestredirect-0"}, }, }, Middlewares: map[string]*dynamic.Middleware{ - "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-requestredirect-0": { + "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-requestredirect-0": { RedirectRegex: &dynamic.RedirectRegex{ Regex: "^[a-z]+:\\/\\/(?P.+@)?(?P\\[[\\w:\\.]+\\]|[\\w\\._-]+)(?P:\\d+)?\\/(?P.*)", Replacement: "https://${userinfo}${hostname}${port}/${path}", @@ -1654,7 +1677,7 @@ func TestLoadHTTPRoutes(t *testing.T) { }, }, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-wrr": { + "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1705,16 +1728,17 @@ func TestLoadHTTPRoutes(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4": { + "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-wrr", - Rule: "Host(`example.org`) && PathPrefix(`/`)", + Service: "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-wrr", + Rule: "Host(`example.org`)", + Priority: 11, RuleSyntax: "v3", - Middlewares: []string{"default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-requestredirect-0"}, + Middlewares: []string{"default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-requestredirect-0"}, }, }, Middlewares: map[string]*dynamic.Middleware{ - "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-requestredirect-0": { + "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-requestredirect-0": { RedirectRegex: &dynamic.RedirectRegex{ Regex: "^[a-z]+:\\/\\/(?P.+@)?(?P\\[[\\w:\\.]+\\]|[\\w\\._-]+)(?P:\\d+)?\\/(?P.*)", Replacement: "http://${userinfo}example.com:443/${path}", @@ -1722,7 +1746,7 @@ func TestLoadHTTPRoutes(t *testing.T) { }, }, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-364ce6ec04c3d49b19c4-wrr": { + "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1822,16 +1846,17 @@ func TestLoadHTTPRoutes_backendExtensionRef(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1871,16 +1896,17 @@ func TestLoadHTTPRoutes_backendExtensionRef(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1922,16 +1948,17 @@ func TestLoadHTTPRoutes_backendExtensionRef(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -1972,16 +1999,17 @@ func TestLoadHTTPRoutes_backendExtensionRef(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -2023,16 +2051,17 @@ func TestLoadHTTPRoutes_backendExtensionRef(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -2136,17 +2165,18 @@ func TestLoadHTTPRoutes_filterExtensionRef(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", Middlewares: []string{"default-my-middleware"}, }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -2201,10 +2231,11 @@ func TestLoadHTTPRoutes_filterExtensionRef(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", Middlewares: []string{"default-my-middleware"}, }, @@ -2213,7 +2244,7 @@ func TestLoadHTTPRoutes_filterExtensionRef(t *testing.T) { "default-my-middleware": {Headers: &dynamic.Headers{CustomRequestHeaders: map[string]string{"Test-Header": "Test"}}}, }, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -2263,16 +2294,17 @@ func TestLoadHTTPRoutes_filterExtensionRef(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -2312,16 +2344,17 @@ func TestLoadHTTPRoutes_filterExtensionRef(t *testing.T) { }, HTTP: &dynamic.HTTPConfiguration{ Routers: map[string]*dynamic.Router{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27": { EntryPoints: []string{"web"}, - Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", - Rule: "Host(`foo.com`) && Path(`/bar`)", + Service: "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr", + Rule: "Host(`foo.com`) && (Path(`/bar`))", + Priority: 99997, RuleSyntax: "v3", }, }, Middlewares: map[string]*dynamic.Middleware{}, Services: map[string]*dynamic.Service{ - "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": { + "default-http-app-1-my-gateway-web-af4b9876d1fe36359e27-wrr": { Weighted: &dynamic.WeightedRoundRobin{ Services: []dynamic.WRRService{ { @@ -4489,12 +4522,14 @@ func TestLoadMixedRoutes(t *testing.T) { EntryPoints: []string{"web"}, Service: "default-http-app-1-my-gateway-web-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", }, "default-http-app-1-my-gateway-websecure-a431b128267aabc954fd": { EntryPoints: []string{"websecure"}, Service: "default-http-app-1-my-gateway-websecure-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", TLS: &dynamic.RouterTLSConfig{}, }, @@ -4674,12 +4709,14 @@ func TestLoadMixedRoutes(t *testing.T) { EntryPoints: []string{"web"}, Service: "default-http-app-default-my-gateway-web-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", }, "default-http-app-default-my-gateway-websecure-a431b128267aabc954fd": { EntryPoints: []string{"websecure"}, Service: "default-http-app-default-my-gateway-websecure-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", TLS: &dynamic.RouterTLSConfig{}, }, @@ -4876,12 +4913,14 @@ func TestLoadMixedRoutes(t *testing.T) { EntryPoints: []string{"web"}, Service: "default-http-app-default-my-gateway-web-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", }, "default-http-app-default-my-gateway-websecure-a431b128267aabc954fd": { EntryPoints: []string{"websecure"}, Service: "default-http-app-default-my-gateway-websecure-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", TLS: &dynamic.RouterTLSConfig{}, }, @@ -4889,12 +4928,14 @@ func TestLoadMixedRoutes(t *testing.T) { EntryPoints: []string{"web"}, Service: "bar-http-app-bar-my-gateway-web-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", }, "bar-http-app-bar-my-gateway-websecure-a431b128267aabc954fd": { EntryPoints: []string{"websecure"}, Service: "bar-http-app-bar-my-gateway-websecure-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", TLS: &dynamic.RouterTLSConfig{}, }, @@ -5082,12 +5123,14 @@ func TestLoadMixedRoutes(t *testing.T) { EntryPoints: []string{"web"}, Service: "bar-http-app-bar-my-gateway-web-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", }, "bar-http-app-bar-my-gateway-websecure-a431b128267aabc954fd": { EntryPoints: []string{"websecure"}, Service: "bar-http-app-bar-my-gateway-websecure-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", TLS: &dynamic.RouterTLSConfig{}, }, @@ -5219,12 +5262,14 @@ func TestLoadMixedRoutes(t *testing.T) { EntryPoints: []string{"web"}, Service: "default-http-app-default-my-gateway-web-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", }, "default-http-app-default-my-gateway-websecure-a431b128267aabc954fd": { EntryPoints: []string{"websecure"}, Service: "default-http-app-default-my-gateway-websecure-a431b128267aabc954fd-wrr", Rule: "PathPrefix(`/`)", + Priority: 1, RuleSyntax: "v3", TLS: &dynamic.RouterTLSConfig{}, }, From 7fc56454ea9a2baa004db509a5a644bc199297c6 Mon Sep 17 00:00:00 2001 From: Marc Mognol <8171300+marcmognol@users.noreply.github.com> Date: Thu, 30 May 2024 17:18:05 +0200 Subject: [PATCH 08/31] Add HealthCheck for KubernetesCRD ExternalName services --- .../kubernetes-crd-definition-v1.yml | 201 ++++++++++++++++++ .../traefik.io_ingressroutes.yaml | 41 ++++ .../traefik.io_middlewares.yaml | 40 ++++ .../traefik.io_traefikservices.yaml | 120 +++++++++++ .../routing/providers/kubernetes-crd.md | 48 +++-- integration/fixtures/k8s/01-traefik-crd.yml | 201 ++++++++++++++++++ ..._one_external_service_and_health_check.yml | 22 ++ ...ernal_svc_and_regular_svc_health_check.yml | 27 +++ ...two_external_services_and_health_check.yml | 27 +++ .../kubernetes/crd/kubernetes_http.go | 5 + .../kubernetes/crd/kubernetes_test.go | 168 +++++++++++++++ .../crd/traefikio/v1alpha1/ingressroute.go | 2 + .../v1alpha1/zz_generated.deepcopy.go | 5 + 13 files changed, 885 insertions(+), 22 deletions(-) create mode 100644 pkg/provider/kubernetes/crd/fixtures/with_one_external_service_and_health_check.yml create mode 100644 pkg/provider/kubernetes/crd/fixtures/with_one_external_svc_and_regular_svc_health_check.yml create mode 100644 pkg/provider/kubernetes/crd/fixtures/with_two_external_services_and_health_check.yml diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 93f14adcf..17f1a57e9 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -98,6 +98,47 @@ spec: description: Service defines an upstream HTTP service to proxy traffic to. properties: + healthCheck: + description: Healthcheck defines health checks for the + service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -919,6 +960,46 @@ spec: Service defines the reference to a Kubernetes Service that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -2295,6 +2376,46 @@ spec: mirroring: description: Mirroring defines the Mirroring service configuration. properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -2314,6 +2435,46 @@ spec: items: description: MirrorService holds the mirror configuration. properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -2548,6 +2709,46 @@ spec: description: Service defines an upstream HTTP service to proxy traffic to. properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml index 71d437491..984503f04 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml @@ -98,6 +98,47 @@ spec: description: Service defines an upstream HTTP service to proxy traffic to. properties: + healthCheck: + description: Healthcheck defines health checks for the + service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml index 0a1891ea8..7d695362c 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml @@ -256,6 +256,46 @@ spec: Service defines the reference to a Kubernetes Service that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: diff --git a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml index ee99b7b19..8a6454858 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml @@ -47,6 +47,46 @@ spec: mirroring: description: Mirroring defines the Mirroring service configuration. properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -66,6 +106,46 @@ spec: items: description: MirrorService holds the mirror configuration. properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -300,6 +380,46 @@ spec: description: Service defines an upstream HTTP service to proxy traffic to. properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md index 2d325d204..950053a14 100644 --- a/docs/content/routing/providers/kubernetes-crd.md +++ b/docs/content/routing/providers/kubernetes-crd.md @@ -342,6 +342,9 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne flushInterval: 1ms scheme: https serversTransport: transport # [10] + healthCheck: # [11] + path: /health + interval: 15s sticky: cookie: httpOnly: true @@ -351,17 +354,17 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne maxAge: 42 strategy: RoundRobin weight: 10 - nativeLB: true # [11] - nodePortLB: true # [12] - tls: # [13] - secretName: supersecret # [14] - options: # [15] - name: opt # [16] - namespace: default # [17] - certResolver: foo # [18] - domains: # [19] - - main: example.net # [20] - sans: # [21] + nativeLB: true # [12] + nodePortLB: true # [13] + tls: # [14] + secretName: supersecret # [15] + options: # [16] + name: opt # [17] + namespace: default # [18] + certResolver: foo # [19] + domains: # [20] + - main: example.net # [21] + sans: # [22] - a.example.net - b.example.net ``` @@ -378,17 +381,18 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne | [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) | | [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. | | [10] | `services[n].serversTransport` | Defines the reference to a [ServersTransport](#kind-serverstransport). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). | -| [11] | `services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. | -| [12] | `services[n].nodePortLB` | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. | -| [13] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration | -| [14] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) | -| [15] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) | -| [16] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name | -| [17] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace | -| [18] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) | -| [19] | `tls.domains` | List of [domains](../routers/index.md#domains) | -| [20] | `domains[n].main` | Defines the main domain name | -| [21] | `domains[n].sans` | List of SANs (alternative domains) | +| [11] | `services[n].healthCheck` | Defines the HealthCheck when service references a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName. | +| [12] | `services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. | +| [13] | `services[n].nodePortLB` | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. | +| [14] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration | +| [15] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) | +| [16] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) | +| [17] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name | +| [18] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace | +| [19] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) | +| [20] | `tls.domains` | List of [domains](../routers/index.md#domains) | +| [21] | `domains[n].main` | Defines the main domain name | +| [22] | `domains[n].sans` | List of SANs (alternative domains) | ??? example "Declaring an IngressRoute" diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 93f14adcf..17f1a57e9 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -98,6 +98,47 @@ spec: description: Service defines an upstream HTTP service to proxy traffic to. properties: + healthCheck: + description: Healthcheck defines health checks for the + service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -919,6 +960,46 @@ spec: Service defines the reference to a Kubernetes Service that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -2295,6 +2376,46 @@ spec: mirroring: description: Mirroring defines the Mirroring service configuration. properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -2314,6 +2435,46 @@ spec: items: description: MirrorService holds the mirror configuration. properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: @@ -2548,6 +2709,46 @@ spec: description: Service defines an upstream HTTP service to proxy traffic to. properties: + healthCheck: + description: Healthcheck defines health checks for the service. + properties: + followRedirects: + type: boolean + headers: + additionalProperties: + type: string + type: object + hostname: + type: string + interval: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + method: + type: string + mode: + type: string + path: + type: string + port: + type: integer + scheme: + type: string + status: + type: integer + timeout: + description: |- + Duration is a custom type suitable for parsing duration values. + It supports `time.ParseDuration`-compatible values and suffix-less digits; in + the latter case, seconds are assumed. + format: int64 + type: integer + required: + - followRedirects + type: object kind: description: Kind defines the kind of the Service. enum: diff --git a/pkg/provider/kubernetes/crd/fixtures/with_one_external_service_and_health_check.yml b/pkg/provider/kubernetes/crd/fixtures/with_one_external_service_and_health_check.yml new file mode 100644 index 000000000..b0a56d1d1 --- /dev/null +++ b/pkg/provider/kubernetes/crd/fixtures/with_one_external_service_and_health_check.yml @@ -0,0 +1,22 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: test.route + namespace: default + +spec: + entryPoints: + - foo + + routes: + - match: Host(`foo.com`) && PathPrefix(`/foo`) + kind: Rule + priority: 12 + + services: + - name: external-svc + port: 443 + healthCheck: + path: /health + interval: 15s \ No newline at end of file diff --git a/pkg/provider/kubernetes/crd/fixtures/with_one_external_svc_and_regular_svc_health_check.yml b/pkg/provider/kubernetes/crd/fixtures/with_one_external_svc_and_regular_svc_health_check.yml new file mode 100644 index 000000000..194d04c39 --- /dev/null +++ b/pkg/provider/kubernetes/crd/fixtures/with_one_external_svc_and_regular_svc_health_check.yml @@ -0,0 +1,27 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: test.route + namespace: default + +spec: + entryPoints: + - foo + + routes: + - match: Host(`foo.com`) && PathPrefix(`/foo`) + kind: Rule + priority: 12 + + services: + - name: external-svc + port: 443 + healthCheck: + path: /health1 + interval: 15s + - name: whoami2 + port: 443 + healthCheck: + path: /health3 + interval: 30s \ No newline at end of file diff --git a/pkg/provider/kubernetes/crd/fixtures/with_two_external_services_and_health_check.yml b/pkg/provider/kubernetes/crd/fixtures/with_two_external_services_and_health_check.yml new file mode 100644 index 000000000..10bdf4ee0 --- /dev/null +++ b/pkg/provider/kubernetes/crd/fixtures/with_two_external_services_and_health_check.yml @@ -0,0 +1,27 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: test.route + namespace: default + +spec: + entryPoints: + - foo + + routes: + - match: Host(`foo.com`) && PathPrefix(`/foo`) + kind: Rule + priority: 12 + + services: + - name: external-svc + port: 443 + healthCheck: + path: /health1 + interval: 15s + - name: external-svc-with-https + port: 443 + healthCheck: + path: /health2 + interval: 20s \ No newline at end of file diff --git a/pkg/provider/kubernetes/crd/kubernetes_http.go b/pkg/provider/kubernetes/crd/kubernetes_http.go index 760efb1a8..45018f948 100644 --- a/pkg/provider/kubernetes/crd/kubernetes_http.go +++ b/pkg/provider/kubernetes/crd/kubernetes_http.go @@ -305,6 +305,7 @@ func (c configBuilder) buildServersLB(namespace string, svc traefikv1alpha1.Load lb := &dynamic.ServersLoadBalancer{} lb.SetDefaults() lb.Servers = servers + lb.HealthCheck = svc.HealthCheck conf := svc lb.PassHostHeader = conf.PassHostHeader @@ -380,6 +381,10 @@ func (c configBuilder) loadServers(parentNamespace string, svc traefikv1alpha1.L } var servers []dynamic.Server + if service.Spec.Type != corev1.ServiceTypeExternalName && svc.HealthCheck != nil { + return nil, fmt.Errorf("HealthCheck allowed only for ExternalName services: %s/%s", namespace, sanitizedName) + } + if service.Spec.Type == corev1.ServiceTypeExternalName { if !c.allowExternalNameServices { return nil, fmt.Errorf("externalName services not allowed: %s/%s", namespace, sanitizedName) diff --git a/pkg/provider/kubernetes/crd/kubernetes_test.go b/pkg/provider/kubernetes/crd/kubernetes_test.go index ce7cc9cb4..c224b0c3e 100644 --- a/pkg/provider/kubernetes/crd/kubernetes_test.go +++ b/pkg/provider/kubernetes/crd/kubernetes_test.go @@ -2432,6 +2432,174 @@ func TestLoadIngressRoutes(t *testing.T) { }, }, }, + { + desc: "with one external service and health check", + paths: []string{"services.yml", "with_one_external_service_and_health_check.yml"}, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{}, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{}, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{ + "default-test-route-77c62dfe9517144aeeaa": { + EntryPoints: []string{"foo"}, + Service: "default-test-route-77c62dfe9517144aeeaa", + Rule: "Host(`foo.com`) && PathPrefix(`/foo`)", + Priority: 12, + }, + }, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{ + "default-test-route-77c62dfe9517144aeeaa": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + Servers: []dynamic.Server{ + { + URL: "https://external.domain:443", + }, + }, + PassHostHeader: Bool(true), + ResponseForwarding: &dynamic.ResponseForwarding{ + FlushInterval: ptypes.Duration(100 * time.Millisecond), + }, + HealthCheck: &dynamic.ServerHealthCheck{ + Path: "/health", + Interval: 15000000000, + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, + { + desc: "with two external services and health check", + paths: []string{"services.yml", "with_two_external_services_and_health_check.yml"}, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{}, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{}, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{ + "default-test-route-77c62dfe9517144aeeaa": { + EntryPoints: []string{"foo"}, + Service: "default-test-route-77c62dfe9517144aeeaa", + Rule: "Host(`foo.com`) && PathPrefix(`/foo`)", + Priority: 12, + }, + }, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{ + "default-test-route-77c62dfe9517144aeeaa": { + Weighted: &dynamic.WeightedRoundRobin{ + Services: []dynamic.WRRService{ + { + Name: "default-external-svc-443", + Weight: func(i int) *int { return &i }(1), + }, + { + Name: "default-external-svc-with-https-443", + Weight: func(i int) *int { return &i }(1), + }, + }, + }, + }, + "default-external-svc-443": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + Servers: []dynamic.Server{ + { + URL: "https://external.domain:443", + }, + }, + PassHostHeader: Bool(true), + ResponseForwarding: &dynamic.ResponseForwarding{ + FlushInterval: ptypes.Duration(100 * time.Millisecond), + }, + HealthCheck: &dynamic.ServerHealthCheck{ + Path: "/health1", + Interval: 15000000000, + }, + }, + }, + "default-external-svc-with-https-443": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + Servers: []dynamic.Server{ + { + URL: "https://external.domain:443", + }, + }, + PassHostHeader: Bool(true), + ResponseForwarding: &dynamic.ResponseForwarding{ + FlushInterval: ptypes.Duration(100 * time.Millisecond), + }, + HealthCheck: &dynamic.ServerHealthCheck{ + Path: "/health2", + Interval: 20000000000, + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, + { + desc: "with one external service and one regular service and health check", + paths: []string{"services.yml", "with_one_external_svc_and_regular_svc_health_check.yml"}, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{}, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{}, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{}, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{ + "default-external-svc-443": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + Servers: []dynamic.Server{ + { + URL: "https://external.domain:443", + }, + }, + PassHostHeader: Bool(true), + ResponseForwarding: &dynamic.ResponseForwarding{ + FlushInterval: ptypes.Duration(100 * time.Millisecond), + }, + HealthCheck: &dynamic.ServerHealthCheck{ + Path: "/health1", + Interval: 15000000000, + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, { desc: "services lb, servers lb, and mirror service, all in a wrr with different namespaces", allowCrossNamespace: true, diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go index 33fc9c687..89189e611 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go @@ -131,6 +131,8 @@ type LoadBalancerSpec struct { // It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. // By default, NodePortLB is false. NodePortLB bool `json:"nodePortLB,omitempty"` + // Healthcheck defines health checks for the service. + HealthCheck *dynamic.ServerHealthCheck `json:"healthCheck,omitempty"` } type ResponseForwarding struct { diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go index a17ff5484..a4d9c9074 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go @@ -582,6 +582,11 @@ func (in *LoadBalancerSpec) DeepCopyInto(out *LoadBalancerSpec) { *out = new(bool) **out = **in } + if in.HealthCheck != nil { + in, out := &in.HealthCheck, &out.HealthCheck + *out = new(dynamic.ServerHealthCheck) + (*in).DeepCopyInto(*out) + } return } From bfda5e607f9def330855bd3ae09c9d39edbcdaf0 Mon Sep 17 00:00:00 2001 From: Cornelius Roemer Date: Thu, 30 May 2024 17:46:04 +0200 Subject: [PATCH 09/31] Remove helm default repo warning as repo has been long deprecated --- docs/content/getting-started/install-traefik.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/content/getting-started/install-traefik.md b/docs/content/getting-started/install-traefik.md index b97a8fc32..86057f6a3 100644 --- a/docs/content/getting-started/install-traefik.md +++ b/docs/content/getting-started/install-traefik.md @@ -35,11 +35,6 @@ For more details, go to the [Docker provider documentation](../providers/docker. ## Use the Helm Chart -!!! warning - - The Traefik Chart from - [Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://doc.traefik.io/traefik/v1.7). - Traefik can be installed in Kubernetes using the Helm chart from . Ensure that the following requirements are met: From 8cff718c538662f062925323394639b8aa885358 Mon Sep 17 00:00:00 2001 From: Yevhen Kolomeiko Date: Mon, 3 Jun 2024 15:32:04 +0300 Subject: [PATCH 10/31] Update metrics in traefik-kubernetes.json grafana dashboard --- contrib/grafana/traefik-kubernetes.json | 111 ++---------------------- contrib/grafana/traefik.json | 110 ++--------------------- 2 files changed, 12 insertions(+), 209 deletions(-) diff --git a/contrib/grafana/traefik-kubernetes.json b/contrib/grafana/traefik-kubernetes.json index 4e463b502..fee1f524f 100644 --- a/contrib/grafana/traefik-kubernetes.json +++ b/contrib/grafana/traefik-kubernetes.json @@ -1331,105 +1331,6 @@ "title": "Responses Size", "type": "timeseries" }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 39 - }, - "id": 2, - "options": { - "legend": { - "calcs": [ - "mean", - "max" - ], - "displayMode": "table", - "placement": "right", - "showLegend": true, - "sortBy": "Max", - "sortDesc": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "label_replace(\n sum(traefik_service_open_connections{service=~\"$service.*\"}) by (service),\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")", - "legendFormat": "{{service}}", - "range": true, - "refId": "A" - } - ], - "title": "Connections per Service", - "type": "timeseries" - }, { "datasource": { "type": "prometheus", @@ -1520,7 +1421,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "sum(traefik_entrypoint_open_connections{entrypoint=~\"$entrypoint\"}) by (entrypoint)\n", + "expr": "sum(traefik_open_connections{entrypoint=~\"$entrypoint\"}) by (entrypoint)\n", "legendFormat": "{{entrypoint}}", "range": true, "refId": "A" @@ -1560,14 +1461,14 @@ "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "definition": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "definition": "label_values(traefik_open_connections, entrypoint)", "hide": 0, "includeAll": true, "multi": false, "name": "entrypoint", "options": [], "query": { - "query": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "query": "label_values(traefik_open_connections, entrypoint)", "refId": "StandardVariableQuery" }, "refresh": 1, @@ -1582,14 +1483,14 @@ "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "definition": "label_values(traefik_service_open_connections, service)", + "definition": "label_values(traefik_service_requests_total, service)", "hide": 0, "includeAll": true, "multi": false, "name": "service", "options": [], "query": { - "query": "label_values(traefik_service_open_connections, service)", + "query": "label_values(traefik_service_requests_total, service)", "refId": "StandardVariableQuery" }, "refresh": 2, @@ -1608,6 +1509,6 @@ "timezone": "", "title": "Traefik Official Kubernetes Dashboard", "uid": "n5bu_kv4k", - "version": 6, + "version": 7, "weekStart": "" } diff --git a/contrib/grafana/traefik.json b/contrib/grafana/traefik.json index 5c3d140ee..2cda7d73a 100644 --- a/contrib/grafana/traefik.json +++ b/contrib/grafana/traefik.json @@ -1321,104 +1321,6 @@ "title": "Responses Size", "type": "timeseries" }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 39 - }, - "id": 2, - "options": { - "legend": { - "calcs": [ - "mean", - "max" - ], - "displayMode": "table", - "placement": "right", - "showLegend": true, - "sortBy": "Max", - "sortDesc": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "label_replace(\n sum(traefik_service_open_connections{service=~\"$service.*\"}) by (service),\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")", - "legendFormat": "{{service}}", - "range": true, - "refId": "A" - } - ], - "title": "Connections per Service", - "type": "timeseries" - }, { "datasource": { "type": "prometheus", @@ -1508,7 +1410,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "sum(traefik_entrypoint_open_connections{entrypoint=~\"$entrypoint\"}) by (entrypoint)\n", + "expr": "sum(traefik_open_connections{entrypoint=~\"$entrypoint\"}) by (entrypoint)\n", "legendFormat": "{{entrypoint}}", "range": true, "refId": "A" @@ -1552,14 +1454,14 @@ "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "definition": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "definition": "label_values(traefik_open_connections, entrypoint)", "hide": 0, "includeAll": true, "multi": false, "name": "entrypoint", "options": [], "query": { - "query": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "query": "label_values(traefik_open_connections, entrypoint)", "refId": "StandardVariableQuery" }, "refresh": 1, @@ -1574,14 +1476,14 @@ "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "definition": "label_values(traefik_service_open_connections, service)", + "definition": "label_values(traefik_service_requests_total, service)", "hide": 0, "includeAll": true, "multi": false, "name": "service", "options": [], "query": { - "query": "label_values(traefik_service_open_connections, service)", + "query": "label_values(traefik_service_requests_total, service)", "refId": "StandardVariableQuery" }, "refresh": 2, @@ -1600,6 +1502,6 @@ "timezone": "", "title": "Traefik Official Standalone Dashboard", "uid": "n5bu_kv45", - "version": 6, + "version": 7, "weekStart": "" } From b452f37e0813a814f69d02a5383cfc15e666f0f4 Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Tue, 4 Jun 2024 09:32:04 +0200 Subject: [PATCH 11/31] Fix default value of Healthcheck for ExternalName services --- .../kubernetes-crd-definition-v1.yml | 236 +++++++++++++----- .../traefik.io_ingressroutes.yaml | 48 ++-- .../traefik.io_middlewares.yaml | 47 +++- .../traefik.io_traefikservices.yaml | 141 ++++++++--- integration/fixtures/k8s/01-traefik-crd.yml | 236 +++++++++++++----- pkg/config/dynamic/http_config.go | 2 +- .../kubernetes/crd/kubernetes_http.go | 31 ++- .../kubernetes/crd/kubernetes_test.go | 24 +- .../crd/traefikio/v1alpha1/ingressroute.go | 34 ++- .../v1alpha1/zz_generated.deepcopy.go | 40 ++- 10 files changed, 628 insertions(+), 211 deletions(-) diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 17f1a57e9..e3428961a 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -99,45 +99,65 @@ spec: traffic to. properties: healthCheck: - description: Healthcheck defines health checks for the - service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be + sent to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for + the health check endpoint. type: string port: + description: Port defines the server URL port for + the health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme + for the health check endpoint. type: string status: + description: Status defines the expected HTTP status + code of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -961,44 +981,65 @@ spec: More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent + to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname in + the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the + health check endpoint. type: string port: + description: Port defines the server URL port for the + health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. type: string status: + description: Status defines the expected HTTP status code + of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -2377,44 +2418,65 @@ spec: description: Mirroring defines the Mirroring service configuration. properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent to + the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname in the + Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the health + check endpoint. type: string port: + description: Port defines the server URL port for the health + check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for the + health check endpoint. type: string status: + description: Status defines the expected HTTP status code + of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -2436,44 +2498,65 @@ spec: description: MirrorService holds the mirror configuration. properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent + to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the + health check endpoint. type: string port: + description: Port defines the server URL port for the + health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. type: string status: + description: Status defines the expected HTTP status + code of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -2710,44 +2793,65 @@ spec: traffic to. properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent + to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the + health check endpoint. type: string port: + description: Port defines the server URL port for the + health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. type: string status: + description: Status defines the expected HTTP status + code of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml index 984503f04..7b23dba43 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml @@ -99,45 +99,65 @@ spec: traffic to. properties: healthCheck: - description: Healthcheck defines health checks for the - service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be + sent to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for + the health check endpoint. type: string port: + description: Port defines the server URL port for + the health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme + for the health check endpoint. type: string status: + description: Status defines the expected HTTP status + code of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml index 7d695362c..cecabf43b 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml @@ -257,44 +257,65 @@ spec: More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent + to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname in + the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the + health check endpoint. type: string port: + description: Port defines the server URL port for the + health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. type: string status: + description: Status defines the expected HTTP status code + of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. diff --git a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml index 8a6454858..7a0f7daf3 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml @@ -48,44 +48,65 @@ spec: description: Mirroring defines the Mirroring service configuration. properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent to + the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname in the + Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the health + check endpoint. type: string port: + description: Port defines the server URL port for the health + check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for the + health check endpoint. type: string status: + description: Status defines the expected HTTP status code + of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -107,44 +128,65 @@ spec: description: MirrorService holds the mirror configuration. properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent + to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the + health check endpoint. type: string port: + description: Port defines the server URL port for the + health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. type: string status: + description: Status defines the expected HTTP status + code of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -381,44 +423,65 @@ spec: traffic to. properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent + to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the + health check endpoint. type: string port: + description: Port defines the server URL port for the + health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. type: string status: + description: Status defines the expected HTTP status + code of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 17f1a57e9..e3428961a 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -99,45 +99,65 @@ spec: traffic to. properties: healthCheck: - description: Healthcheck defines health checks for the - service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be + sent to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for + the health check endpoint. type: string port: + description: Port defines the server URL port for + the health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme + for the health check endpoint. type: string status: + description: Status defines the expected HTTP status + code of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -961,44 +981,65 @@ spec: More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent + to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname in + the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the + health check endpoint. type: string port: + description: Port defines the server URL port for the + health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. type: string status: + description: Status defines the expected HTTP status code + of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -2377,44 +2418,65 @@ spec: description: Mirroring defines the Mirroring service configuration. properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent to + the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname in the + Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the health + check endpoint. type: string port: + description: Port defines the server URL port for the health + check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for the + health check endpoint. type: string status: + description: Status defines the expected HTTP status code + of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -2436,44 +2498,65 @@ spec: description: MirrorService holds the mirror configuration. properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent + to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the + health check endpoint. type: string port: + description: Port defines the server URL port for the + health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. type: string status: + description: Status defines the expected HTTP status + code of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. @@ -2710,44 +2793,65 @@ spec: traffic to. properties: healthCheck: - description: Healthcheck defines health checks for the service. + description: Healthcheck defines health checks for ExternalName + services. properties: followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true type: boolean headers: additionalProperties: type: string + description: Headers defines custom headers to be sent + to the health check endpoint. type: object hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. type: string interval: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true method: + description: Method defines the healthcheck method. type: string mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http type: string path: + description: Path defines the server URL path for the + health check endpoint. type: string port: + description: Port defines the server URL port for the + health check endpoint. type: integer scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. type: string status: + description: Status defines the expected HTTP status + code of the response to the health check request. type: integer timeout: + anyOf: + - type: integer + - type: string description: |- - Duration is a custom type suitable for parsing duration values. - It supports `time.ParseDuration`-compatible values and suffix-less digits; in - the latter case, seconds are assumed. - format: int64 - type: integer - required: - - followRedirects + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true type: object kind: description: Kind defines the kind of the Service. diff --git a/pkg/config/dynamic/http_config.go b/pkg/config/dynamic/http_config.go index ecfd68c7e..b91de8413 100644 --- a/pkg/config/dynamic/http_config.go +++ b/pkg/config/dynamic/http_config.go @@ -254,7 +254,7 @@ type ServerHealthCheck struct { Interval ptypes.Duration `json:"interval,omitempty" toml:"interval,omitempty" yaml:"interval,omitempty" export:"true"` Timeout ptypes.Duration `json:"timeout,omitempty" toml:"timeout,omitempty" yaml:"timeout,omitempty" export:"true"` Hostname string `json:"hostname,omitempty" toml:"hostname,omitempty" yaml:"hostname,omitempty"` - FollowRedirects *bool `json:"followRedirects" toml:"followRedirects" yaml:"followRedirects" export:"true"` + FollowRedirects *bool `json:"followRedirects,omitempty" toml:"followRedirects,omitempty" yaml:"followRedirects,omitempty" export:"true"` Headers map[string]string `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"` } diff --git a/pkg/provider/kubernetes/crd/kubernetes_http.go b/pkg/provider/kubernetes/crd/kubernetes_http.go index 45018f948..1d5eab777 100644 --- a/pkg/provider/kubernetes/crd/kubernetes_http.go +++ b/pkg/provider/kubernetes/crd/kubernetes_http.go @@ -305,7 +305,36 @@ func (c configBuilder) buildServersLB(namespace string, svc traefikv1alpha1.Load lb := &dynamic.ServersLoadBalancer{} lb.SetDefaults() lb.Servers = servers - lb.HealthCheck = svc.HealthCheck + + if svc.HealthCheck != nil { + lb.HealthCheck = &dynamic.ServerHealthCheck{ + Scheme: svc.HealthCheck.Scheme, + Path: svc.HealthCheck.Path, + Method: svc.HealthCheck.Method, + Status: svc.HealthCheck.Status, + Port: svc.HealthCheck.Port, + Hostname: svc.HealthCheck.Hostname, + Headers: svc.HealthCheck.Headers, + } + lb.HealthCheck.SetDefaults() + + if svc.HealthCheck.FollowRedirects != nil { + lb.HealthCheck.FollowRedirects = svc.HealthCheck.FollowRedirects + } + if svc.HealthCheck.Mode != "http" { + lb.HealthCheck.Mode = svc.HealthCheck.Mode + } + if svc.HealthCheck.Interval != nil { + if err := lb.HealthCheck.Interval.Set(svc.HealthCheck.Interval.String()); err != nil { + return nil, err + } + } + if svc.HealthCheck.Timeout != nil { + if err := lb.HealthCheck.Timeout.Set(svc.HealthCheck.Timeout.String()); err != nil { + return nil, err + } + } + } conf := svc lb.PassHostHeader = conf.PassHostHeader diff --git a/pkg/provider/kubernetes/crd/kubernetes_test.go b/pkg/provider/kubernetes/crd/kubernetes_test.go index c224b0c3e..4b886b7e8 100644 --- a/pkg/provider/kubernetes/crd/kubernetes_test.go +++ b/pkg/provider/kubernetes/crd/kubernetes_test.go @@ -2469,8 +2469,10 @@ func TestLoadIngressRoutes(t *testing.T) { FlushInterval: ptypes.Duration(100 * time.Millisecond), }, HealthCheck: &dynamic.ServerHealthCheck{ - Path: "/health", - Interval: 15000000000, + Path: "/health", + Timeout: 5000000000, + Interval: 15000000000, + FollowRedirects: Bool(true), }, }, }, @@ -2531,8 +2533,10 @@ func TestLoadIngressRoutes(t *testing.T) { FlushInterval: ptypes.Duration(100 * time.Millisecond), }, HealthCheck: &dynamic.ServerHealthCheck{ - Path: "/health1", - Interval: 15000000000, + Path: "/health1", + Timeout: 5000000000, + Interval: 15000000000, + FollowRedirects: Bool(true), }, }, }, @@ -2548,8 +2552,10 @@ func TestLoadIngressRoutes(t *testing.T) { FlushInterval: ptypes.Duration(100 * time.Millisecond), }, HealthCheck: &dynamic.ServerHealthCheck{ - Path: "/health2", - Interval: 20000000000, + Path: "/health2", + Timeout: 5000000000, + Interval: 20000000000, + FollowRedirects: Bool(true), }, }, }, @@ -2589,8 +2595,10 @@ func TestLoadIngressRoutes(t *testing.T) { FlushInterval: ptypes.Duration(100 * time.Millisecond), }, HealthCheck: &dynamic.ServerHealthCheck{ - Path: "/health1", - Interval: 15000000000, + Path: "/health1", + Timeout: 5000000000, + Interval: 15000000000, + FollowRedirects: Bool(true), }, }, }, diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go index 89189e611..ecc777dfa 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go @@ -131,8 +131,8 @@ type LoadBalancerSpec struct { // It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. // By default, NodePortLB is false. NodePortLB bool `json:"nodePortLB,omitempty"` - // Healthcheck defines health checks for the service. - HealthCheck *dynamic.ServerHealthCheck `json:"healthCheck,omitempty"` + // Healthcheck defines health checks for ExternalName services. + HealthCheck *ServerHealthCheck `json:"healthCheck,omitempty"` } type ResponseForwarding struct { @@ -144,6 +144,36 @@ type ResponseForwarding struct { FlushInterval string `json:"flushInterval,omitempty"` } +type ServerHealthCheck struct { + // Scheme replaces the server URL scheme for the health check endpoint. + Scheme string `json:"scheme,omitempty"` + // Mode defines the health check mode. + // If defined to grpc, will use the gRPC health check protocol to probe the server. + // Default: http + Mode string `json:"mode,omitempty"` + // Path defines the server URL path for the health check endpoint. + Path string `json:"path,omitempty"` + // Method defines the healthcheck method. + Method string `json:"method,omitempty"` + // Status defines the expected HTTP status code of the response to the health check request. + Status int `json:"status,omitempty"` + // Port defines the server URL port for the health check endpoint. + Port int `json:"port,omitempty"` + // Interval defines the frequency of the health check calls. + // Default: 30s + Interval *intstr.IntOrString `json:"interval,omitempty"` + // Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + // Default: 5s + Timeout *intstr.IntOrString `json:"timeout,omitempty"` + // Hostname defines the value of hostname in the Host header of the health check request. + Hostname string `json:"hostname,omitempty"` + // FollowRedirects defines whether redirects should be followed during the health check calls. + // Default: true + FollowRedirects *bool `json:"followRedirects,omitempty"` + // Headers defines custom headers to be sent to the health check endpoint. + Headers map[string]string `json:"headers,omitempty"` +} + // Service defines an upstream HTTP service to proxy traffic to. type Service struct { LoadBalancerSpec `json:",inline"` diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go index a4d9c9074..8ff42f478 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go @@ -584,7 +584,7 @@ func (in *LoadBalancerSpec) DeepCopyInto(out *LoadBalancerSpec) { } if in.HealthCheck != nil { in, out := &in.HealthCheck, &out.HealthCheck - *out = new(dynamic.ServerHealthCheck) + *out = new(ServerHealthCheck) (*in).DeepCopyInto(*out) } return @@ -1115,6 +1115,44 @@ func (in *RouteUDP) DeepCopy() *RouteUDP { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServerHealthCheck) DeepCopyInto(out *ServerHealthCheck) { + *out = *in + if in.Interval != nil { + in, out := &in.Interval, &out.Interval + *out = new(intstr.IntOrString) + **out = **in + } + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(intstr.IntOrString) + **out = **in + } + if in.FollowRedirects != nil { + in, out := &in.FollowRedirects, &out.FollowRedirects + *out = new(bool) + **out = **in + } + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServerHealthCheck. +func (in *ServerHealthCheck) DeepCopy() *ServerHealthCheck { + if in == nil { + return nil + } + out := new(ServerHealthCheck) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServersTransport) DeepCopyInto(out *ServersTransport) { *out = *in From e6b1b05fdf62c76dc42d0870f071da36568829de Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Tue, 4 Jun 2024 11:04:04 +0300 Subject: [PATCH 12/31] bump otel dependencies --- go.mod | 68 ++++----- go.sum | 141 +++++++++--------- pkg/metrics/opentelemetry_test.go | 10 +- pkg/middlewares/auth/forward_test.go | 1 + .../observability/mock_tracing_test.go | 1 + 5 files changed, 108 insertions(+), 113 deletions(-) diff --git a/go.mod b/go.mod index 6e12e68e9..a7bcf34bd 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000 github.com/andybalholm/brotli v1.0.6 github.com/aws/aws-sdk-go v1.44.327 - github.com/cenkalti/backoff/v4 v4.2.1 + github.com/cenkalti/backoff/v4 v4.3.0 github.com/containous/alice v0.0.0-20181107144136-d83ebdd94cbd github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc @@ -19,7 +19,7 @@ require ( github.com/fsnotify/fsnotify v1.7.0 github.com/go-acme/lego/v4 v4.16.1 github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea - github.com/golang/protobuf v1.5.3 + github.com/golang/protobuf v1.5.4 github.com/google/go-github/v28 v28.1.1 github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.5.0 @@ -68,25 +68,25 @@ require ( github.com/vulcand/oxy/v2 v2.0.0-20230427132221-be5cf38f3c1c github.com/vulcand/predicate v1.2.0 go.opentelemetry.io/collector/pdata v1.2.0 - go.opentelemetry.io/contrib/propagators/autoprop v0.49.0 - go.opentelemetry.io/otel v1.24.0 - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.24.0 - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.24.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.24.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 - go.opentelemetry.io/otel/metric v1.24.0 - go.opentelemetry.io/otel/sdk v1.24.0 - go.opentelemetry.io/otel/sdk/metric v1.24.0 - go.opentelemetry.io/otel/trace v1.24.0 + go.opentelemetry.io/contrib/propagators/autoprop v0.52.0 + go.opentelemetry.io/otel v1.27.0 + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0 + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 + go.opentelemetry.io/otel/metric v1.27.0 + go.opentelemetry.io/otel/sdk v1.27.0 + go.opentelemetry.io/otel/sdk/metric v1.27.0 + go.opentelemetry.io/otel/trace v1.27.0 golang.org/x/exp v0.0.0-20231006140011-7918f672742d golang.org/x/mod v0.17.0 - golang.org/x/net v0.24.0 - golang.org/x/sys v0.19.0 - golang.org/x/text v0.14.0 + golang.org/x/net v0.25.0 + golang.org/x/sys v0.20.0 + golang.org/x/text v0.15.0 golang.org/x/time v0.5.0 golang.org/x/tools v0.20.0 - google.golang.org/grpc v1.61.1 + google.golang.org/grpc v1.64.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.2 k8s.io/apiextensions-apiserver v0.28.3 @@ -99,8 +99,7 @@ require ( ) require ( - cloud.google.com/go/compute v1.23.3 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect + cloud.google.com/go/compute/metadata v0.3.0 // indirect dario.cat/mergo v1.0.0 // indirect github.com/AdamSLevy/jsonrpc2/v14 v14.1.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect @@ -201,11 +200,11 @@ require ( github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.0 // indirect + github.com/googleapis/gax-go/v2 v2.12.2 // indirect github.com/gophercloud/gophercloud v1.0.0 // indirect github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/cronexpr v1.1.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -315,27 +314,26 @@ require ( go.etcd.io/etcd/client/v3 v3.5.9 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect - go.opentelemetry.io/contrib/propagators/aws v1.24.0 // indirect - go.opentelemetry.io/contrib/propagators/b3 v1.24.0 // indirect - go.opentelemetry.io/contrib/propagators/jaeger v1.24.0 // indirect - go.opentelemetry.io/contrib/propagators/ot v1.24.0 // indirect - go.opentelemetry.io/proto/otlp v1.1.0 // indirect + go.opentelemetry.io/contrib/propagators/aws v1.27.0 // indirect + go.opentelemetry.io/contrib/propagators/b3 v1.27.0 // indirect + go.opentelemetry.io/contrib/propagators/jaeger v1.27.0 // indirect + go.opentelemetry.io/contrib/propagators/ot v1.27.0 // indirect + go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/mock v0.4.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/ratelimit v0.2.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/arch v0.4.0 // indirect - golang.org/x/crypto v0.22.0 // indirect - golang.org/x/oauth2 v0.16.0 // indirect + golang.org/x/crypto v0.23.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/term v0.19.0 // indirect - google.golang.org/api v0.149.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect - google.golang.org/protobuf v1.33.0 // indirect + golang.org/x/term v0.20.0 // indirect + google.golang.org/api v0.169.0 // indirect + google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/h2non/gock.v1 v1.0.16 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 2e610a138..d179e7552 100644 --- a/go.sum +++ b/go.sum @@ -6,10 +6,8 @@ cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxK cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= @@ -174,8 +172,8 @@ github.com/c-bata/go-prompt v0.2.5/go.mod h1:vFnjEGDIIA/Lib7giyE4E9c50Lvl8j0S+7F github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -453,8 +451,8 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -505,8 +503,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA= +github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/gophercloud/gophercloud v0.15.1-0.20210202035223-633d73521055/go.mod h1:wRtmUelyIIv3CSSDI47aUwbs075O6i+LY+pXsKCBsb4= github.com/gophercloud/gophercloud v1.0.0 h1:9nTGx0jizmHxDobe4mck89FyQHVyA3CaXLIUSGJjP9k= github.com/gophercloud/gophercloud v1.0.0/go.mod h1:Q8fZtyi5zZxPS/j9aj3sSxtvj41AdQMDwyo1myduD5c= @@ -527,8 +525,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= @@ -976,8 +974,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= @@ -1173,39 +1171,39 @@ go.opentelemetry.io/collector/pdata v1.2.0 h1:N6VdyEFYJyoHIKqHd0F372eNVD5b+AbH0Z go.opentelemetry.io/collector/pdata v1.2.0/go.mod h1:mKXb6527Syb8PT4P9CZOJNbkuHOHjjGTZNNwSKESJhc= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= -go.opentelemetry.io/contrib/propagators/autoprop v0.49.0 h1:Jbr/9/jv1QpINge/fvJD4kUkW9/TqRNWU7H2GSK/Vb8= -go.opentelemetry.io/contrib/propagators/autoprop v0.49.0/go.mod h1:aZTdrjEnMOr6ODgjCQ955njFMLRDo1IJdTNS+agSPjA= -go.opentelemetry.io/contrib/propagators/aws v1.24.0 h1:cuwQmy9nGJi99fbwUfZSygCL3d347ddnSCWRuiVjhJ8= -go.opentelemetry.io/contrib/propagators/aws v1.24.0/go.mod h1:7HbFx8Hiiuce72QONjbOtU+3QU+Scs9VOHZIrdmi1rw= -go.opentelemetry.io/contrib/propagators/b3 v1.24.0 h1:n4xwCdTx3pZqZs2CjS/CUZAs03y3dZcGhC/FepKtEUY= -go.opentelemetry.io/contrib/propagators/b3 v1.24.0/go.mod h1:k5wRxKRU2uXx2F8uNJ4TaonuEO/V7/5xoz7kdsDACT8= -go.opentelemetry.io/contrib/propagators/jaeger v1.24.0 h1:CKtIfwSgDvJmaWsZROcHzONZgmQdMYn9mVYWypOWT5o= -go.opentelemetry.io/contrib/propagators/jaeger v1.24.0/go.mod h1:Q5JA/Cfdy/ta+5VeEhrMJRWGyS6UNRwFbl+yS3W1h5I= -go.opentelemetry.io/contrib/propagators/ot v1.24.0 h1:6lf4HoYefKDOTUSCatwkpzliUYihAvlN0omfpOn5IDs= -go.opentelemetry.io/contrib/propagators/ot v1.24.0/go.mod h1:A406hNQ7A0EWsOFzWI1p53YaYQXe12C9f6wGHUxfh0g= -go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= -go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.24.0 h1:f2jriWfOdldanBwS9jNBdeOKAQN7b4ugAMaNu1/1k9g= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.24.0/go.mod h1:B+bcQI1yTY+N0vqMpoZbEN7+XU4tNM0DmUiOwebFJWI= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.24.0 h1:mM8nKi6/iFQ0iqst80wDHU2ge198Ye/TfN0WBS5U24Y= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.24.0/go.mod h1:0PrIIzDteLSmNyxqcGYRL4mDIo8OTuBAOI/Bn1URxac= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0 h1:t6wl9SPayj+c7lEIFgm4ooDBZVb01IhLB4InpomhRw8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0/go.mod h1:iSDOcsnSA5INXzZtwaBPrKp/lWu/V14Dd+llD0oI2EA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.24.0 h1:Mw5xcxMwlqoJd97vwPxA8isEaIoxsta9/Q51+TTJLGE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.24.0/go.mod h1:CQNu9bj7o7mC6U7+CA/schKEYakYXWr79ucDHTMGhCM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 h1:Xw8U6u2f8DK2XAkGRFV7BBLENgnTGX9i4rQRxJf+/vs= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0/go.mod h1:6KW1Fm6R/s6Z3PGXwSJN2K4eT6wQB3vXX6CVnYX9NmM= -go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= -go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= -go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= -go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/sdk/metric v1.24.0 h1:yyMQrPzF+k88/DbH7o4FMAs80puqd+9osbiBrJrz/w8= -go.opentelemetry.io/otel/sdk/metric v1.24.0/go.mod h1:I6Y5FjH6rvEnTTAYQz3Mmv2kl6Ek5IIrmwTLqMrrOE0= -go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= -go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= +go.opentelemetry.io/contrib/propagators/autoprop v0.52.0 h1:xyRih6jMB0vroMSRdBE+uyKx20BclB/bybJt/LaCxmY= +go.opentelemetry.io/contrib/propagators/autoprop v0.52.0/go.mod h1:L67tQgHPIOrZEraNfzidjljS9o+yLha0Y3UY4jXfs5w= +go.opentelemetry.io/contrib/propagators/aws v1.27.0 h1:RJexJi4R0S9CpxzuhhzGlTCIpaaK9SJH9g9BFrCWfPE= +go.opentelemetry.io/contrib/propagators/aws v1.27.0/go.mod h1:bqU5Ma1dEQ7VtRbPMUsH8UDTuTMiLJN4W+eUmyNVayc= +go.opentelemetry.io/contrib/propagators/b3 v1.27.0 h1:IjgxbomVrV9za6bRi8fWCNXENs0co37SZedQilP2hm0= +go.opentelemetry.io/contrib/propagators/b3 v1.27.0/go.mod h1:Dv9obQz25lCisDvvs4dy28UPh974CxkahRDUPsY7y9E= +go.opentelemetry.io/contrib/propagators/jaeger v1.27.0 h1:tJPpZAEsihJgRTnXrPjY3rjED8Av3EJdi1kvKCi1yMc= +go.opentelemetry.io/contrib/propagators/jaeger v1.27.0/go.mod h1:5uPAMHJnlTktQbCCdWSX5PfK8CocD25mycIsZV/iFiU= +go.opentelemetry.io/contrib/propagators/ot v1.27.0 h1:xFPqk7ntRR87dqvl6RfeHiq9UlE8mPSuL6Dtr/zysL8= +go.opentelemetry.io/contrib/propagators/ot v1.27.0/go.mod h1:nVLTPrDlSZPoVdeWRmpWBwxA73TYL6XLkC4bj72jvmg= +go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= +go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0 h1:bFgvUr3/O4PHj3VQcFEuYKvRZJX1SJDQ+11JXuSB3/w= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0/go.mod h1:xJntEd2KL6Qdg5lwp97HMLQDVeAhrYxmzFseAMDPQ8I= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0 h1:CIHWikMsN3wO+wq1Tp5VGdVRTcON+DmOJSfDjXypKOc= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0/go.mod h1:TNupZ6cxqyFEpLXAZW7On+mLFL0/g0TE3unIYL91xWc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 h1:QY7/0NeRPKlzusf40ZE4t1VlMKbqSNT7cJRYzWuja0s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0/go.mod h1:HVkSiDhTM9BoUJU8qE6j2eSWLLXvi1USXjyd2BXT8PY= +go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= +go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= +go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= +go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= +go.opentelemetry.io/otel/sdk/metric v1.27.0 h1:5uGNOlpXi+Hbo/DRoI31BSb1v+OGcpv2NemcCrOL8gI= +go.opentelemetry.io/otel/sdk/metric v1.27.0/go.mod h1:we7jJVrYN2kh3mVBlswtPU22K0SA+769l93J6bsyvqw= +go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= +go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= -go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1257,8 +1255,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1333,14 +1331,14 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1426,8 +1424,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1436,8 +1434,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -1446,13 +1444,12 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1517,15 +1514,13 @@ google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY= -google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI= +google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY= +google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -1540,12 +1535,12 @@ google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 h1:YJ5pD9rF8o9Qtta0Cmy9rdBwkSjrTCT6XTiUQVOtIos= -google.golang.org/genproto v0.0.0-20231212172506-995d672761c0/go.mod h1:l/k7rMz0vFTBPy+tFSGvXEd3z+BcoG1k7EHbqm+YBsY= -google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM= -google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= +google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 h1:P8OJ/WCl/Xo4E4zoe4/bifHpSmmKwARqyqE4nW6J2GQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1566,8 +1561,8 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= -google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= +google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/grpc/examples v0.0.0-20201130180447-c456688b1860/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1583,8 +1578,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/pkg/metrics/opentelemetry_test.go b/pkg/metrics/opentelemetry_test.go index c778f2fec..54b87ce60 100644 --- a/pkg/metrics/opentelemetry_test.go +++ b/pkg/metrics/opentelemetry_test.go @@ -334,8 +334,8 @@ func TestOpenTelemetry(t *testing.T) { // TODO: the len of startUnixNano is no supposed to be 20, it should be 19 expectedConfig := []string{ `({"name":"traefik_config_reloads_total","description":"Config reloads","unit":"1","sum":{"dataPoints":\[{"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`, - `({"name":"traefik_config_last_reload_success","description":"Last config reload success","unit":"ms","gauge":{"dataPoints":\[{"timeUnixNano":"[\d]{19}","asDouble":1}\]}})`, - `({"name":"traefik_open_connections","description":"How many open connections exist, by entryPoint and protocol","unit":"1","gauge":{"dataPoints":\[{"attributes":\[{"key":"entrypoint","value":{"stringValue":"test"}},{"key":"protocol","value":{"stringValue":"TCP"}}\],"timeUnixNano":"[\d]{19}","asDouble":1}\]}})`, + `({"name":"traefik_config_last_reload_success","description":"Last config reload success","unit":"ms","gauge":{"dataPoints":\[{"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`, + `({"name":"traefik_open_connections","description":"How many open connections exist, by entryPoint and protocol","unit":"1","gauge":{"dataPoints":\[{"attributes":\[{"key":"entrypoint","value":{"stringValue":"test"}},{"key":"protocol","value":{"stringValue":"TCP"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`, } registry.ConfigReloadsCounter().Add(1) @@ -345,7 +345,7 @@ func TestOpenTelemetry(t *testing.T) { tryAssertMessage(t, c, expectedConfig) expectedTLSCerts := []string{ - `({"name":"traefik_tls_certs_not_after","description":"Certificate expiration timestamp","unit":"ms","gauge":{"dataPoints":\[{"attributes":\[{"key":"key","value":{"stringValue":"value"}}\],"timeUnixNano":"[\d]{19}","asDouble":1}\]}})`, + `({"name":"traefik_tls_certs_not_after","description":"Certificate expiration timestamp","unit":"ms","gauge":{"dataPoints":\[{"attributes":\[{"key":"key","value":{"stringValue":"value"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`, } registry.TLSCertsNotAfterTimestampGauge().With("key", "value").Set(1) @@ -389,7 +389,7 @@ func TestOpenTelemetry(t *testing.T) { `({"name":"traefik_service_requests_total","description":"How many HTTP requests processed on a service, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1},{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`, `({"name":"traefik_service_requests_tls_total","description":"How many HTTP requests with TLS processed on a service, partitioned by TLS version and TLS cipher.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"service","value":{"stringValue":"test"}},{"key":"tls_cipher","value":{"stringValue":"bar"}},{"key":"tls_version","value":{"stringValue":"foo"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`, `({"name":"traefik_service_request_duration_seconds","description":"How long it took to process the request on a service, partitioned by status code, protocol, and method.","unit":"ms","histogram":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","count":"1","sum":10000,"bucketCounts":\["0","0","0","0","0","0","0","0","0","0","0","0","0","0","1"\],"explicitBounds":\[0.005,0.01,0.025,0.05,0.075,0.1,0.25,0.5,0.75,1,2.5,5,7.5,10\],"min":10000,"max":10000}\],"aggregationTemporality":2}})`, - `({"name":"traefik_service_server_up","description":"service server is up, described by gauge value of 0 or 1.","unit":"1","gauge":{"dataPoints":\[{"attributes":\[{"key":"service","value":{"stringValue":"test"}},{"key":"url","value":{"stringValue":"http://127.0.0.1"}}\],"timeUnixNano":"[\d]{19}","asDouble":1}\]}})`, + `({"name":"traefik_service_server_up","description":"service server is up, described by gauge value of 0 or 1.","unit":"1","gauge":{"dataPoints":\[{"attributes":\[{"key":"service","value":{"stringValue":"test"}},{"key":"url","value":{"stringValue":"http://127.0.0.1"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`, `({"name":"traefik_service_requests_bytes_total","description":"The total size of requests in bytes received by a service, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`, `({"name":"traefik_service_responses_bytes_total","description":"The total size of responses in bytes returned by a service, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`, } @@ -463,7 +463,7 @@ func verifyMessage(msg string, expected []string) []error { re := regexp.MustCompile(pattern) match := re.FindStringSubmatch(msg) if len(match) != 2 { - errs = append(errs, fmt.Errorf("Got %q %v, want %q", msg, match, pattern)) + errs = append(errs, fmt.Errorf("got %q %v, want %q", msg, match, pattern)) } } return errs diff --git a/pkg/middlewares/auth/forward_test.go b/pkg/middlewares/auth/forward_test.go index ed3e2bb2b..e2f197b98 100644 --- a/pkg/middlewares/auth/forward_test.go +++ b/pkg/middlewares/auth/forward_test.go @@ -601,6 +601,7 @@ func (s *mockSpan) SetAttributes(kv ...attribute.KeyValue) { func (s *mockSpan) End(...trace.SpanEndOption) {} func (s *mockSpan) RecordError(_ error, _ ...trace.EventOption) {} func (s *mockSpan) AddEvent(_ string, _ ...trace.EventOption) {} +func (s *mockSpan) AddLink(_ trace.Link) {} func (s *mockSpan) SetName(name string) { s.name = name } diff --git a/pkg/middlewares/observability/mock_tracing_test.go b/pkg/middlewares/observability/mock_tracing_test.go index 31ddbc642..4a70b77bc 100644 --- a/pkg/middlewares/observability/mock_tracing_test.go +++ b/pkg/middlewares/observability/mock_tracing_test.go @@ -58,6 +58,7 @@ func (s *mockSpan) SetAttributes(kv ...attribute.KeyValue) { func (s *mockSpan) End(...trace.SpanEndOption) {} func (s *mockSpan) RecordError(_ error, _ ...trace.EventOption) {} func (s *mockSpan) AddEvent(_ string, _ ...trace.EventOption) {} +func (s *mockSpan) AddLink(_ trace.Link) {} func (s *mockSpan) SetName(name string) { s.name = name } From 7eac92f49c781a37c4322a4e7bda9312013cd9e2 Mon Sep 17 00:00:00 2001 From: Romain Date: Tue, 4 Jun 2024 14:16:04 +0200 Subject: [PATCH 13/31] Support Gateway API reference grant for HTTPRoute backends Co-authored-by: Kevin Pollet --- integration/k8s_conformance_test.go | 16 +- .../fixtures/referencegrant/for_service.yml | 61 +++++ .../referencegrant/for_service_missing.yml | 46 ++++ .../for_service_not_matching_from.yml | 61 +++++ .../for_service_not_matching_to.yml | 62 +++++ pkg/provider/kubernetes/gateway/httproute.go | 145 +++++----- pkg/provider/kubernetes/gateway/kubernetes.go | 99 ++++--- .../kubernetes/gateway/kubernetes_test.go | 258 +++++++++++++++++- pkg/provider/kubernetes/gateway/tcproute.go | 136 +++++---- pkg/provider/kubernetes/gateway/tlsroute.go | 115 ++++---- 10 files changed, 788 insertions(+), 211 deletions(-) create mode 100644 pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service.yml create mode 100644 pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_missing.yml create mode 100644 pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_not_matching_from.yml create mode 100644 pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_not_matching_to.yml diff --git a/integration/k8s_conformance_test.go b/integration/k8s_conformance_test.go index 1e0c5d96b..5e318d562 100644 --- a/integration/k8s_conformance_test.go +++ b/integration/k8s_conformance_test.go @@ -195,13 +195,23 @@ func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() { LatestObservedGenerationSet: 5 * time.Second, RequiredConsecutiveSuccesses: 0, }, + SupportedFeatures: sets.New(ksuite.SupportGateway, ksuite.SupportHTTPRoute). + Union(ksuite.HTTPRouteExtendedFeatures), EnableAllSupportedFeatures: false, RunTest: *k8sConformanceRunTest, // Until the feature are all supported, following tests are skipped. SkipTests: []string{ - tests.HTTPRouteInvalidCrossNamespaceParentRef.ShortName, - tests.HTTPRoutePartiallyInvalidViaInvalidReferenceGrant.ShortName, - tests.HTTPRouteReferenceGrant.ShortName, + tests.HTTPRouteMethodMatching.ShortName, + tests.HTTPRouteQueryParamMatching.ShortName, + tests.HTTPRouteRedirectPath.ShortName, + tests.HTTPRouteRedirectPortAndScheme.ShortName, + tests.HTTPRouteRequestMirror.ShortName, + tests.HTTPRouteRequestMultipleMirrors.ShortName, + tests.HTTPRouteResponseHeaderModifier.ShortName, + tests.HTTPRouteRewriteHost.ShortName, + tests.HTTPRouteRewritePath.ShortName, + tests.HTTPRouteTimeoutBackendRequest.ShortName, + tests.HTTPRouteTimeoutRequest.ShortName, }, } diff --git a/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service.yml b/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service.yml new file mode 100644 index 000000000..0975c9442 --- /dev/null +++ b/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service.yml @@ -0,0 +1,61 @@ +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: backend-from-bar + namespace: bar +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: default + to: + - group: "" + kind: Service + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: my-gateway-class +spec: + controllerName: traefik.io/gateway-controller + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: my-gateway + namespace: default +spec: + gatewayClassName: my-gateway-class + listeners: # Use GatewayClass defaults for listener definition. + - name: http + protocol: HTTP + port: 80 + hostname: foo.example.com + allowedRoutes: + kinds: + - kind: HTTPRoute + group: gateway.networking.k8s.io + namespaces: + from: Same + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-app-1 + namespace: default +spec: + parentRefs: + - name: my-gateway + kind: Gateway + group: gateway.networking.k8s.io + rules: + - backendRefs: + - name: whoami-bar + port: 80 + weight: 1 + kind: Service + group: "" diff --git a/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_missing.yml b/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_missing.yml new file mode 100644 index 000000000..f68163547 --- /dev/null +++ b/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_missing.yml @@ -0,0 +1,46 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: my-gateway-class +spec: + controllerName: traefik.io/gateway-controller + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: my-gateway + namespace: default +spec: + gatewayClassName: my-gateway-class + listeners: # Use GatewayClass defaults for listener definition. + - name: http + protocol: HTTP + port: 80 + hostname: foo.example.com + allowedRoutes: + kinds: + - kind: HTTPRoute + group: gateway.networking.k8s.io + namespaces: + from: Same + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-app-1 + namespace: default +spec: + parentRefs: + - name: my-gateway + kind: Gateway + group: gateway.networking.k8s.io + rules: + - backendRefs: + - name: whoami-bar + port: 80 + weight: 1 + kind: Service + group: "" diff --git a/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_not_matching_from.yml b/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_not_matching_from.yml new file mode 100644 index 000000000..422fca0a5 --- /dev/null +++ b/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_not_matching_from.yml @@ -0,0 +1,61 @@ +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: backend-from-bar + namespace: bar +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: anothernamespce + to: + - group: "" + kind: Service + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: my-gateway-class +spec: + controllerName: traefik.io/gateway-controller + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: my-gateway + namespace: default +spec: + gatewayClassName: my-gateway-class + listeners: # Use GatewayClass defaults for listener definition. + - name: http + protocol: HTTP + port: 80 + hostname: foo.example.com + allowedRoutes: + kinds: + - kind: HTTPRoute + group: gateway.networking.k8s.io + namespaces: + from: Same + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-app-1 + namespace: default +spec: + parentRefs: + - name: my-gateway + kind: Gateway + group: gateway.networking.k8s.io + rules: + - backendRefs: + - name: whoami-bar + port: 80 + weight: 1 + kind: Service + group: "" diff --git a/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_not_matching_to.yml b/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_not_matching_to.yml new file mode 100644 index 000000000..b5cff815e --- /dev/null +++ b/pkg/provider/kubernetes/gateway/fixtures/referencegrant/for_service_not_matching_to.yml @@ -0,0 +1,62 @@ +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: backend-from-bar + namespace: bar +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: default + to: + - group: "" + kind: Service + name: differentservice + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: my-gateway-class +spec: + controllerName: traefik.io/gateway-controller + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: my-gateway + namespace: default +spec: + gatewayClassName: my-gateway-class + listeners: # Use GatewayClass defaults for listener definition. + - name: http + protocol: HTTP + port: 80 + hostname: foo.example.com + allowedRoutes: + kinds: + - kind: HTTPRoute + group: gateway.networking.k8s.io + namespaces: + from: Same + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-app-1 + namespace: default +spec: + parentRefs: + - name: my-gateway + kind: Gateway + group: gateway.networking.k8s.io + rules: + - backendRefs: + - name: whoami-bar + port: 80 + weight: 1 + kind: Service + group: "" diff --git a/pkg/provider/kubernetes/gateway/httproute.go b/pkg/provider/kubernetes/gateway/httproute.go index 86664ee5f..1570a55ea 100644 --- a/pkg/provider/kubernetes/gateway/httproute.go +++ b/pkg/provider/kubernetes/gateway/httproute.go @@ -41,64 +41,45 @@ func (p *Provider) loadHTTPRoutes(ctx context.Context, client Client, gatewayLis Conditions: []metav1.Condition{ { Type: string(gatev1.RouteConditionAccepted), - Status: metav1.ConditionTrue, + Status: metav1.ConditionFalse, ObservedGeneration: route.Generation, LastTransitionTime: metav1.Now(), - Reason: string(gatev1.RouteReasonAccepted), + Reason: string(gatev1.RouteReasonNoMatchingParent), }, }, } - var attachedListeners bool - notAcceptedReason := gatev1.RouteReasonNoMatchingParent for _, listener := range gatewayListeners { if !matchListener(listener, route.Namespace, parentRef) { continue } + accepted := true if !allowRoute(listener, route.Namespace, kindHTTPRoute) { - notAcceptedReason = gatev1.RouteReasonNotAllowedByListeners - continue + parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonNotAllowedByListeners)) + accepted = false } - hostnames, ok := findMatchingHostnames(listener.Hostname, route.Spec.Hostnames) if !ok { - notAcceptedReason = gatev1.RouteReasonNoMatchingListenerHostname - continue + parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonNoMatchingListenerHostname)) + accepted = false } - listener.Status.AttachedRoutes++ - - // TODO should we build the conf if the listener is not attached - // only consider the route attached if the listener is in an "attached" state. - if listener.Attached { - attachedListeners = true + if accepted { + // Gateway listener should have AttachedRoutes set even when Gateway has unresolved refs. + listener.Status.AttachedRoutes++ + // Only consider the route attached if the listener is in an "attached" state. + if listener.Attached { + parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonAccepted)) + } } - resolveConditions := p.loadHTTPRoute(logger.WithContext(ctx), client, listener, route, hostnames, conf) - // TODO: handle more accurately route conditions (in case of multiple listener matching). - for _, condition := range resolveConditions { - parentStatus.Conditions = appendCondition(parentStatus.Conditions, condition) + routeConf, resolveRefCondition := p.loadHTTPRoute(logger.WithContext(ctx), client, listener, route, hostnames) + if accepted && listener.Attached { + mergeHTTPConfiguration(routeConf, conf) } - } - if !attachedListeners { - parentStatus.Conditions = []metav1.Condition{ - { - Type: string(gatev1.RouteConditionAccepted), - Status: metav1.ConditionFalse, - ObservedGeneration: route.Generation, - LastTransitionTime: metav1.Now(), - Reason: string(notAcceptedReason), - }, - { - Type: string(gatev1.RouteConditionResolvedRefs), - Status: metav1.ConditionFalse, - ObservedGeneration: route.Generation, - LastTransitionTime: metav1.Now(), - Reason: string(gatev1.RouteReasonRefNotPermitted), - }, - } + parentStatus.Conditions = upsertRouteConditionResolvedRefs(parentStatus.Conditions, resolveRefCondition) } parentStatuses = append(parentStatuses, *parentStatus) @@ -117,17 +98,24 @@ func (p *Provider) loadHTTPRoutes(ctx context.Context, client Client, gatewayLis } } -func (p *Provider) loadHTTPRoute(ctx context.Context, client Client, listener gatewayListener, route *gatev1.HTTPRoute, hostnames []gatev1.Hostname, conf *dynamic.Configuration) []metav1.Condition { - routeConditions := []metav1.Condition{ - { - Type: string(gatev1.RouteConditionResolvedRefs), - Status: metav1.ConditionTrue, - ObservedGeneration: route.Generation, - LastTransitionTime: metav1.Now(), - Reason: string(gatev1.RouteConditionResolvedRefs), +func (p *Provider) loadHTTPRoute(ctx context.Context, client Client, listener gatewayListener, route *gatev1.HTTPRoute, hostnames []gatev1.Hostname) (*dynamic.Configuration, metav1.Condition) { + routeConf := &dynamic.Configuration{ + HTTP: &dynamic.HTTPConfiguration{ + Routers: make(map[string]*dynamic.Router), + Middlewares: make(map[string]*dynamic.Middleware), + Services: make(map[string]*dynamic.Service), + ServersTransports: make(map[string]*dynamic.ServersTransport), }, } + routeCondition := metav1.Condition{ + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionTrue, + ObservedGeneration: route.Generation, + LastTransitionTime: metav1.Now(), + Reason: string(gatev1.RouteConditionResolvedRefs), + } + for _, routeRule := range route.Spec.Rules { rule, priority := buildRouterRule(hostnames, routeRule.Matches) router := dynamic.Router{ @@ -159,14 +147,14 @@ func (p *Provider) loadHTTPRoute(ctx context.Context, client Client, listener ga Weight: ptr.To(1), }) - conf.HTTP.Services[wrrName] = &dynamic.Service{Weighted: &wrr} + routeConf.HTTP.Services[wrrName] = &dynamic.Service{Weighted: &wrr} router.Service = wrrName } else { for name, middleware := range middlewares { // If the middleware config is nil in the return of the loadMiddlewares function, // it means that we just need a reference to that middleware. if middleware != nil { - conf.HTTP.Middlewares[name] = middleware + routeConf.HTTP.Middlewares[name] = middleware } router.Middlewares = append(router.Middlewares, name) @@ -180,7 +168,7 @@ func (p *Provider) loadHTTPRoute(ctx context.Context, client Client, listener ga name, svc, errCondition := p.loadHTTPService(client, route, backendRef) weight := ptr.To(int(ptr.Deref(backendRef.Weight, 1))) if errCondition != nil { - routeConditions = appendCondition(routeConditions, *errCondition) + routeCondition = *errCondition wrr.Services = append(wrr.Services, dynamic.WRRService{ Name: name, Status: ptr.To(500), @@ -190,7 +178,7 @@ func (p *Provider) loadHTTPRoute(ctx context.Context, client Client, listener ga } if svc != nil { - conf.HTTP.Services[name] = svc + routeConf.HTTP.Services[name] = svc } wrr.Services = append(wrr.Services, dynamic.WRRService{ @@ -199,7 +187,7 @@ func (p *Provider) loadHTTPRoute(ctx context.Context, client Client, listener ga }) } - conf.HTTP.Services[wrrName] = &dynamic.Service{Weighted: &wrr} + routeConf.HTTP.Services[wrrName] = &dynamic.Service{Weighted: &wrr} router.Service = wrrName } } @@ -208,39 +196,42 @@ func (p *Provider) loadHTTPRoute(ctx context.Context, client Client, listener ga p.applyRouterTransform(ctx, rt, route) routerKey = provider.Normalize(routerKey) - conf.HTTP.Routers[routerKey] = rt + routeConf.HTTP.Routers[routerKey] = rt } - return routeConditions + return routeConf, routeCondition } // loadHTTPService returns a dynamic.Service config corresponding to the given gatev1.HTTPBackendRef. // Note that the returned dynamic.Service config can be nil (for cross-provider, internal services, and backendFunc). func (p *Provider) loadHTTPService(client Client, route *gatev1.HTTPRoute, backendRef gatev1.HTTPBackendRef) (string, *dynamic.Service, *metav1.Condition) { + kind := ptr.Deref(backendRef.Kind, "Service") + group := groupCore if backendRef.Group != nil && *backendRef.Group != "" { group = string(*backendRef.Group) } - kind := ptr.Deref(backendRef.Kind, "Service") - namespace := ptr.Deref(backendRef.Namespace, gatev1.Namespace(route.Namespace)) - namespaceStr := string(namespace) - serviceName := provider.Normalize(makeID(namespaceStr, string(backendRef.Name))) + namespace := route.Namespace + if backendRef.Namespace != nil && *backendRef.Namespace != "" { + namespace = string(*backendRef.Namespace) + } - // TODO support cross namespace through ReferenceGrant. - if namespaceStr != route.Namespace { + serviceName := provider.Normalize(makeID(namespace, string(backendRef.Name))) + + if err := isReferenceGranted(client, groupGateway, kindHTTPRoute, route.Namespace, group, string(kind), string(backendRef.Name), namespace); err != nil { return serviceName, nil, &metav1.Condition{ Type: string(gatev1.RouteConditionResolvedRefs), Status: metav1.ConditionFalse, ObservedGeneration: route.Generation, LastTransitionTime: metav1.Now(), Reason: string(gatev1.RouteReasonRefNotPermitted), - Message: fmt.Sprintf("Cannot load HTTPBackendRef %s/%s/%s/%s namespace not allowed", group, kind, namespace, backendRef.Name), + Message: fmt.Sprintf("Cannot load HTTPBackendRef %s/%s/%s/%s: %s", group, kind, namespace, backendRef.Name, err), } } if group != groupCore || kind != "Service" { - name, service, err := p.loadHTTPBackendRef(namespaceStr, backendRef) + name, service, err := p.loadHTTPBackendRef(namespace, backendRef) if err != nil { return serviceName, nil, &metav1.Condition{ Type: string(gatev1.RouteConditionResolvedRefs), @@ -270,7 +261,7 @@ func (p *Provider) loadHTTPService(client Client, route *gatev1.HTTPRoute, backe portStr := strconv.FormatInt(int64(port), 10) serviceName = provider.Normalize(serviceName + "-" + portStr) - lb, err := loadHTTPServers(client, namespaceStr, backendRef) + lb, err := loadHTTPServers(client, namespace, backendRef) if err != nil { return serviceName, nil, &metav1.Condition{ Type: string(gatev1.RouteConditionResolvedRefs), @@ -615,3 +606,35 @@ func getProtocol(portSpec corev1.ServicePort) string { return protocol } + +func mergeHTTPConfiguration(from, to *dynamic.Configuration) { + if from == nil || from.HTTP == nil || to == nil { + return + } + + if to.HTTP == nil { + to.HTTP = from.HTTP + return + } + + if to.HTTP.Routers == nil { + to.HTTP.Routers = map[string]*dynamic.Router{} + } + for routerName, router := range from.HTTP.Routers { + to.HTTP.Routers[routerName] = router + } + + if to.HTTP.Middlewares == nil { + to.HTTP.Middlewares = map[string]*dynamic.Middleware{} + } + for middlewareName, middleware := range from.HTTP.Middlewares { + to.HTTP.Middlewares[middlewareName] = middleware + } + + if to.HTTP.Services == nil { + to.HTTP.Services = map[string]*dynamic.Service{} + } + for serviceName, service := range from.HTTP.Services { + to.HTTP.Services[serviceName] = service + } +} diff --git a/pkg/provider/kubernetes/gateway/kubernetes.go b/pkg/provider/kubernetes/gateway/kubernetes.go index e6cea12a1..55ee9a999 100644 --- a/pkg/provider/kubernetes/gateway/kubernetes.go +++ b/pkg/provider/kubernetes/gateway/kubernetes.go @@ -37,7 +37,8 @@ const ( providerName = "kubernetesgateway" controllerName = "traefik.io/gateway-controller" - groupCore = "core" + groupCore = "core" + groupGateway = "gateway.networking.k8s.io" kindGateway = "Gateway" kindTraefikService = "TraefikService" @@ -564,35 +565,17 @@ func (p *Provider) loadGatewayListeners(ctx context.Context, client Client, gate certificateNamespace = string(*certificateRef.Namespace) } - if certificateNamespace != gateway.Namespace { - referenceGrants, err := client.ListReferenceGrants(certificateNamespace) - if err != nil { - gatewayListeners[i].Status.Conditions = append(gatewayListeners[i].Status.Conditions, metav1.Condition{ - Type: string(gatev1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, - ObservedGeneration: gateway.Generation, - LastTransitionTime: metav1.Now(), - Reason: string(gatev1.ListenerReasonRefNotPermitted), - Message: fmt.Sprintf("Cannot find any ReferenceGrant: %v", err), - }) + if err := isReferenceGranted(client, groupGateway, kindGateway, gateway.Namespace, groupCore, "Secret", string(certificateRef.Name), certificateNamespace); err != nil { + gatewayListeners[i].Status.Conditions = append(gatewayListeners[i].Status.Conditions, metav1.Condition{ + Type: string(gatev1.ListenerConditionResolvedRefs), + Status: metav1.ConditionFalse, + ObservedGeneration: gateway.Generation, + LastTransitionTime: metav1.Now(), + Reason: string(gatev1.ListenerReasonRefNotPermitted), + Message: fmt.Sprintf("Cannot load CertificateRef %s/%s: %s", certificateNamespace, certificateRef.Name, err), + }) - continue - } - - referenceGrants = filterReferenceGrantsFrom(referenceGrants, "gateway.networking.k8s.io", "Gateway", gateway.Namespace) - referenceGrants = filterReferenceGrantsTo(referenceGrants, groupCore, "Secret", string(certificateRef.Name)) - if len(referenceGrants) == 0 { - gatewayListeners[i].Status.Conditions = append(gatewayListeners[i].Status.Conditions, metav1.Condition{ - Type: string(gatev1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, - ObservedGeneration: gateway.Generation, - LastTransitionTime: metav1.Now(), - Reason: string(gatev1.ListenerReasonRefNotPermitted), - Message: "Required ReferenceGrant for cross namespace secret reference is missing", - }) - - continue - } + continue } configKey := certificateNamespace + "/" + string(certificateRef.Name) @@ -1006,8 +989,8 @@ func makeID(namespace, name string) string { return namespace + "-" + name } -func getTLS(k8sClient Client, secretName gatev1.ObjectName, namespace string) (*tls.CertAndStores, error) { - secret, exists, err := k8sClient.GetSecret(namespace, string(secretName)) +func getTLS(client Client, secretName gatev1.ObjectName, namespace string) (*tls.CertAndStores, error) { + secret, exists, err := client.GetSecret(namespace, string(secretName)) if err != nil { return nil, fmt.Errorf("failed to fetch secret %s/%s: %w", namespace, secretName, err) } @@ -1131,6 +1114,25 @@ func makeListenerKey(l gatev1.Listener) string { return fmt.Sprintf("%s|%s|%d", l.Protocol, hostname, l.Port) } +func isReferenceGranted(client Client, fromGroup, fromKind, fromNamespace, toGroup, toKind, toName, toNamespace string) error { + if toNamespace == fromNamespace { + return nil + } + + refGrants, err := client.ListReferenceGrants(toNamespace) + if err != nil { + return fmt.Errorf("listing ReferenceGrant: %w", err) + } + + refGrants = filterReferenceGrantsFrom(refGrants, fromGroup, fromKind, fromNamespace) + refGrants = filterReferenceGrantsTo(refGrants, toGroup, toKind, toName) + if len(refGrants) == 0 { + return errors.New("missing ReferenceGrant") + } + + return nil +} + func filterReferenceGrantsFrom(referenceGrants []*gatev1beta1.ReferenceGrant, group, kind, namespace string) []*gatev1beta1.ReferenceGrant { var matchingReferenceGrants []*gatev1beta1.ReferenceGrant for _, referenceGrant := range referenceGrants { @@ -1193,13 +1195,38 @@ func kindToString(p *gatev1.Kind) string { return string(*p) } -func appendCondition(conditions []metav1.Condition, condition metav1.Condition) []metav1.Condition { - res := []metav1.Condition{condition} +func updateRouteConditionAccepted(conditions []metav1.Condition, reason string) []metav1.Condition { + var conds []metav1.Condition for _, c := range conditions { - if c.Type != condition.Type { - res = append(res, c) + if c.Type == string(gatev1.RouteConditionAccepted) && c.Status != metav1.ConditionTrue { + c.Reason = reason + c.LastTransitionTime = metav1.Now() + + if reason == string(gatev1.RouteReasonAccepted) { + c.Status = metav1.ConditionTrue + } } + + conds = append(conds, c) } - return res + return conds +} + +func upsertRouteConditionResolvedRefs(conditions []metav1.Condition, condition metav1.Condition) []metav1.Condition { + var ( + curr *metav1.Condition + conds []metav1.Condition + ) + for _, c := range conditions { + if c.Type == string(gatev1.RouteConditionResolvedRefs) { + curr = &c + continue + } + conds = append(conds, c) + } + if curr != nil && curr.Status == metav1.ConditionFalse && condition.Status == metav1.ConditionTrue { + return append(conds, *curr) + } + return append(conds, condition) } diff --git a/pkg/provider/kubernetes/gateway/kubernetes_test.go b/pkg/provider/kubernetes/gateway/kubernetes_test.go index 0a61618e1..8a4ce02b5 100644 --- a/pkg/provider/kubernetes/gateway/kubernetes_test.go +++ b/pkg/provider/kubernetes/gateway/kubernetes_test.go @@ -5422,7 +5422,7 @@ func TestLoadRoutesWithReferenceGrants(t *testing.T) { }, }, { - desc: "Empty because ReferenceGrant spec.from does not match", + desc: "Empty because ReferenceGrant spec.from does not match secret", paths: []string{"services.yml", "referencegrant/for_secret_not_matching_from.yml"}, entryPoints: map[string]Entrypoint{ "tls": {Address: ":9000"}, @@ -5448,7 +5448,7 @@ func TestLoadRoutesWithReferenceGrants(t *testing.T) { }, }, { - desc: "Empty because ReferenceGrant spec.to does not match", + desc: "Empty because ReferenceGrant spec.to does not match secret", paths: []string{"services.yml", "referencegrant/for_secret_not_matching_to.yml"}, entryPoints: map[string]Entrypoint{ "tls": {Address: ":9000"}, @@ -5538,6 +5538,130 @@ func TestLoadRoutesWithReferenceGrants(t *testing.T) { }, }, }, + { + desc: "Empty because ReferenceGrant for Service is missing", + paths: []string{"services.yml", "referencegrant/for_secret_missing.yml"}, + entryPoints: map[string]Entrypoint{ + "tls": {Address: ":9000"}, + }, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{}, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{}, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{}, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{}, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, + { + desc: "Empty because ReferenceGrant spec.from does not match service", + paths: []string{"services.yml", "referencegrant/for_service_not_matching_from.yml"}, + entryPoints: map[string]Entrypoint{ + "tls": {Address: ":9000"}, + }, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{}, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{}, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{}, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{}, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, + { + desc: "Empty because ReferenceGrant spec.to does not match service", + paths: []string{"services.yml", "referencegrant/for_service_not_matching_to.yml"}, + entryPoints: map[string]Entrypoint{ + "tls": {Address: ":9000"}, + }, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{}, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{}, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{}, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{}, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, + { + desc: "For Service", + paths: []string{"services.yml", "referencegrant/for_service.yml"}, + entryPoints: map[string]Entrypoint{ + "http": {Address: ":80"}, + }, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{}, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{}, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{ + "default-http-app-1-my-gateway-http-f381ad97110137b4d42c": { + EntryPoints: []string{"http"}, + Rule: "Host(`foo.example.com`)", + Service: "default-http-app-1-my-gateway-http-f381ad97110137b4d42c-wrr", + RuleSyntax: "v3", + Priority: 15, + }, + }, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{ + "default-http-app-1-my-gateway-http-f381ad97110137b4d42c-wrr": { + Weighted: &dynamic.WeightedRoundRobin{ + Services: []dynamic.WRRService{ + { + Name: "default-whoami-bar-80", + Weight: ptr.To(1), + Status: ptr.To(500), + }, + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, } for _, test := range testCases { @@ -6433,6 +6557,136 @@ func Test_gatewayAddresses(t *testing.T) { } } +func Test_upsertRouteConditionResolvedRefs(t *testing.T) { + testCases := []struct { + desc string + conditions []metav1.Condition + condition metav1.Condition + wantConditions []metav1.Condition + }{ + { + desc: "True to False", + conditions: []metav1.Condition{ + { + Type: "foo", + Status: "bar", + Reason: "baz", + Message: "foobarbaz", + }, + { + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionTrue, + Reason: "foo", + Message: "foo", + }, + }, + condition: metav1.Condition{ + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionFalse, + Reason: "bar", + Message: "bar", + }, + wantConditions: []metav1.Condition{ + { + Type: "foo", + Status: "bar", + Reason: "baz", + Message: "foobarbaz", + }, + { + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionFalse, + Reason: "bar", + Message: "bar", + }, + }, + }, + { + desc: "False to False", + conditions: []metav1.Condition{ + { + Type: "foo", + Status: "bar", + Reason: "baz", + Message: "foobarbaz", + }, + { + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionFalse, + Reason: "foo", + Message: "foo", + }, + }, + condition: metav1.Condition{ + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionFalse, + Reason: "bar", + Message: "bar", + }, + wantConditions: []metav1.Condition{ + { + Type: "foo", + Status: "bar", + Reason: "baz", + Message: "foobarbaz", + }, + { + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionFalse, + Reason: "bar", + Message: "bar", + }, + }, + }, + { + desc: "False to True: no upsert", + conditions: []metav1.Condition{ + { + Type: "foo", + Status: "bar", + Reason: "baz", + Message: "foobarbaz", + }, + { + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionFalse, + Reason: "foo", + Message: "foo", + }, + }, + condition: metav1.Condition{ + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionTrue, + Reason: "bar", + Message: "bar", + }, + wantConditions: []metav1.Condition{ + { + Type: "foo", + Status: "bar", + Reason: "baz", + Message: "foobarbaz", + }, + { + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionFalse, + Reason: "foo", + Message: "foo", + }, + }, + }, + } + + for _, test := range testCases { + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + got := upsertRouteConditionResolvedRefs(test.conditions, test.condition) + assert.Equal(t, test.wantConditions, got) + }) + } +} + // We cannot use the gateway-api fake.NewSimpleClientset due to Gateway being pluralized as "gatewaies" instead of "gateways". func newGatewaySimpleClientSet(t *testing.T, objects ...runtime.Object) *gatefake.Clientset { t.Helper() diff --git a/pkg/provider/kubernetes/gateway/tcproute.go b/pkg/provider/kubernetes/gateway/tcproute.go index 118ae8f1d..e0bafe99c 100644 --- a/pkg/provider/kubernetes/gateway/tcproute.go +++ b/pkg/provider/kubernetes/gateway/tcproute.go @@ -22,7 +22,8 @@ func (p *Provider) loadTCPRoutes(ctx context.Context, client Client, gatewayList logger := log.Ctx(ctx) routes, err := client.ListTCPRoutes() if err != nil { - logger.Error().Err(err).Msgf("Get TCPRoutes: %s", err) + logger.Error().Err(err).Msgf("Unable to list TCPRoutes") + return } for _, route := range routes { @@ -34,39 +35,6 @@ func (p *Provider) loadTCPRoutes(ctx context.Context, client Client, gatewayList ParentRef: parentRef, ControllerName: controllerName, Conditions: []metav1.Condition{ - { - Type: string(gatev1.RouteConditionAccepted), - Status: metav1.ConditionTrue, - ObservedGeneration: route.Generation, - LastTransitionTime: metav1.Now(), - Reason: string(gatev1.RouteReasonAccepted), - }, - }, - } - - var attachedListeners bool - for _, listener := range gatewayListeners { - if !matchListener(listener, route.Namespace, parentRef) { - continue - } - - if !allowRoute(listener, route.Namespace, kindTCPRoute) { - continue - } - - listener.Status.AttachedRoutes++ - attachedListeners = true - - resolveConditions := p.loadTCPRoute(client, listener, route, conf) - - // TODO: handle more accurately route conditions (in case of multiple listener matching). - for _, condition := range resolveConditions { - parentStatus.Conditions = appendCondition(parentStatus.Conditions, condition) - } - } - - if !attachedListeners { - parentStatus.Conditions = []metav1.Condition{ { Type: string(gatev1.RouteConditionAccepted), Status: metav1.ConditionFalse, @@ -74,7 +42,33 @@ func (p *Provider) loadTCPRoutes(ctx context.Context, client Client, gatewayList LastTransitionTime: metav1.Now(), Reason: string(gatev1.RouteReasonNoMatchingParent), }, + }, + } + + for _, listener := range gatewayListeners { + if !matchListener(listener, route.Namespace, parentRef) { + continue } + + accepted := true + if !allowRoute(listener, route.Namespace, kindTCPRoute) { + parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonNotAllowedByListeners)) + accepted = false + } + + if accepted { + listener.Status.AttachedRoutes++ + // only consider the route attached if the listener is in an "attached" state. + if listener.Attached { + parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonAccepted)) + } + } + + routeConf, resolveRefCondition := p.loadTCPRoute(client, listener, route) + if accepted && listener.Attached { + mergeTCPConfiguration(routeConf, conf) + } + parentStatus.Conditions = upsertRouteConditionResolvedRefs(parentStatus.Conditions, resolveRefCondition) } parentStatuses = append(parentStatuses, *parentStatus) @@ -93,17 +87,24 @@ func (p *Provider) loadTCPRoutes(ctx context.Context, client Client, gatewayList } } -func (p *Provider) loadTCPRoute(client Client, listener gatewayListener, route *gatev1alpha2.TCPRoute, conf *dynamic.Configuration) []metav1.Condition { - routeConditions := []metav1.Condition{ - { - Type: string(gatev1.RouteConditionResolvedRefs), - Status: metav1.ConditionTrue, - ObservedGeneration: route.Generation, - LastTransitionTime: metav1.Now(), - Reason: string(gatev1.RouteConditionResolvedRefs), +func (p *Provider) loadTCPRoute(client Client, listener gatewayListener, route *gatev1alpha2.TCPRoute) (*dynamic.Configuration, metav1.Condition) { + routeConf := &dynamic.Configuration{ + TCP: &dynamic.TCPConfiguration{ + Routers: make(map[string]*dynamic.TCPRouter), + Middlewares: make(map[string]*dynamic.TCPMiddleware), + Services: make(map[string]*dynamic.TCPService), + ServersTransports: make(map[string]*dynamic.TCPServersTransport), }, } + routeCondition := metav1.Condition{ + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionTrue, + ObservedGeneration: route.Generation, + LastTransitionTime: metav1.Now(), + Reason: string(gatev1.RouteConditionResolvedRefs), + } + router := dynamic.TCPRouter{ Rule: "HostSNI(`*`)", EntryPoints: []string{listener.EPName}, @@ -131,31 +132,30 @@ func (p *Provider) loadTCPRoute(client Client, listener gatewayListener, route * wrrService, subServices, err := loadTCPServices(client, route.Namespace, rule.BackendRefs) if err != nil { - routeConditions = appendCondition(routeConditions, metav1.Condition{ + return routeConf, metav1.Condition{ Type: string(gatev1.RouteConditionResolvedRefs), Status: metav1.ConditionFalse, ObservedGeneration: route.Generation, LastTransitionTime: metav1.Now(), Reason: string(gatev1.RouteReasonBackendNotFound), Message: fmt.Sprintf("Cannot load TCPRoute service %s/%s: %v", route.Namespace, route.Name, err), - }) - return routeConditions + } } for svcName, svc := range subServices { - conf.TCP.Services[svcName] = svc + routeConf.TCP.Services[svcName] = svc } serviceName := fmt.Sprintf("%s-wrr-%d", routerKey, i) - conf.TCP.Services[serviceName] = wrrService + routeConf.TCP.Services[serviceName] = wrrService ruleServiceNames = append(ruleServiceNames, serviceName) } if len(ruleServiceNames) == 1 { router.Service = ruleServiceNames[0] - conf.TCP.Routers[routerKey] = &router - return routeConditions + routeConf.TCP.Routers[routerKey] = &router + return routeConf, routeCondition } routeServiceKey := routerKey + "-wrr" @@ -168,12 +168,12 @@ func (p *Provider) loadTCPRoute(client Client, listener gatewayListener, route * routeService.Weighted.Services = append(routeService.Weighted.Services, service) } - conf.TCP.Services[routeServiceKey] = routeService + routeConf.TCP.Services[routeServiceKey] = routeService router.Service = routeServiceKey - conf.TCP.Routers[routerKey] = &router + routeConf.TCP.Routers[routerKey] = &router - return routeConditions + return routeConf, routeCondition } // loadTCPServices is generating a WRR service, even when there is only one target. @@ -294,3 +294,35 @@ func loadTCPServices(client Client, namespace string, backendRefs []gatev1.Backe return wrrSvc, services, nil } + +func mergeTCPConfiguration(from, to *dynamic.Configuration) { + if from == nil || from.TCP == nil || to == nil { + return + } + + if to.TCP == nil { + to.TCP = from.TCP + return + } + + if to.TCP.Routers == nil { + to.TCP.Routers = map[string]*dynamic.TCPRouter{} + } + for routerName, router := range from.TCP.Routers { + to.TCP.Routers[routerName] = router + } + + if to.TCP.Middlewares == nil { + to.TCP.Middlewares = map[string]*dynamic.TCPMiddleware{} + } + for middlewareName, middleware := range from.TCP.Middlewares { + to.TCP.Middlewares[middlewareName] = middleware + } + + if to.TCP.Services == nil { + to.TCP.Services = map[string]*dynamic.TCPService{} + } + for serviceName, service := range from.TCP.Services { + to.TCP.Services[serviceName] = service + } +} diff --git a/pkg/provider/kubernetes/gateway/tlsroute.go b/pkg/provider/kubernetes/gateway/tlsroute.go index 1eb30c788..62183b82d 100644 --- a/pkg/provider/kubernetes/gateway/tlsroute.go +++ b/pkg/provider/kubernetes/gateway/tlsroute.go @@ -19,7 +19,8 @@ func (p *Provider) loadTLSRoutes(ctx context.Context, client Client, gatewayList logger := log.Ctx(ctx) routes, err := client.ListTLSRoutes() if err != nil { - logger.Error().Err(err).Msgf("Get TLSRoutes: %s", err) + logger.Error().Err(err).Msgf("Unable to list TLSRoute") + return } for _, route := range routes { @@ -31,44 +32,6 @@ func (p *Provider) loadTLSRoutes(ctx context.Context, client Client, gatewayList ParentRef: parentRef, ControllerName: controllerName, Conditions: []metav1.Condition{ - { - Type: string(gatev1.RouteConditionAccepted), - Status: metav1.ConditionTrue, - ObservedGeneration: route.Generation, - LastTransitionTime: metav1.Now(), - Reason: string(gatev1.RouteReasonAccepted), - }, - }, - } - - var attachedListeners bool - for _, listener := range gatewayListeners { - if !matchListener(listener, route.Namespace, parentRef) { - continue - } - - if !allowRoute(listener, route.Namespace, kindTLSRoute) { - continue - } - - hostnames, ok := findMatchingHostnames(listener.Hostname, route.Spec.Hostnames) - if !ok { - continue - } - - listener.Status.AttachedRoutes++ - attachedListeners = true - - resolveConditions := p.loadTLSRoute(client, listener, route, hostnames, conf) - - // TODO: handle more accurately route conditions (in case of multiple listener matching). - for _, condition := range resolveConditions { - parentStatus.Conditions = appendCondition(parentStatus.Conditions, condition) - } - } - - if !attachedListeners { - parentStatus.Conditions = []metav1.Condition{ { Type: string(gatev1.RouteConditionAccepted), Status: metav1.ConditionFalse, @@ -76,7 +39,38 @@ func (p *Provider) loadTLSRoutes(ctx context.Context, client Client, gatewayList LastTransitionTime: metav1.Now(), Reason: string(gatev1.RouteReasonNoMatchingParent), }, + }, + } + + for _, listener := range gatewayListeners { + if !matchListener(listener, route.Namespace, parentRef) { + continue } + + accepted := true + if !allowRoute(listener, route.Namespace, kindTLSRoute) { + parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonNotAllowedByListeners)) + accepted = false + } + hostnames, ok := findMatchingHostnames(listener.Hostname, route.Spec.Hostnames) + if !ok { + parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonNoMatchingListenerHostname)) + accepted = false + } + + if accepted { + listener.Status.AttachedRoutes++ + // only consider the route attached if the listener is in an "attached" state. + if listener.Attached { + parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonAccepted)) + } + } + + routeConf, resolveRefCondition := p.loadTLSRoute(client, listener, route, hostnames) + if accepted && listener.Attached { + mergeTCPConfiguration(routeConf, conf) + } + parentStatus.Conditions = upsertRouteConditionResolvedRefs(parentStatus.Conditions, resolveRefCondition) } parentStatuses = append(parentStatuses, *parentStatus) @@ -95,23 +89,30 @@ func (p *Provider) loadTLSRoutes(ctx context.Context, client Client, gatewayList } } -func (p *Provider) loadTLSRoute(client Client, listener gatewayListener, route *gatev1alpha2.TLSRoute, hostnames []gatev1.Hostname, conf *dynamic.Configuration) []metav1.Condition { - routeConditions := []metav1.Condition{ - { - Type: string(gatev1.RouteConditionResolvedRefs), - Status: metav1.ConditionTrue, - ObservedGeneration: route.Generation, - LastTransitionTime: metav1.Now(), - Reason: string(gatev1.RouteConditionResolvedRefs), +func (p *Provider) loadTLSRoute(client Client, listener gatewayListener, route *gatev1alpha2.TLSRoute, hostnames []gatev1.Hostname) (*dynamic.Configuration, metav1.Condition) { + routeConf := &dynamic.Configuration{ + TCP: &dynamic.TCPConfiguration{ + Routers: make(map[string]*dynamic.TCPRouter), + Middlewares: make(map[string]*dynamic.TCPMiddleware), + Services: make(map[string]*dynamic.TCPService), + ServersTransports: make(map[string]*dynamic.TCPServersTransport), }, } + routeCondition := metav1.Condition{ + Type: string(gatev1.RouteConditionResolvedRefs), + Status: metav1.ConditionTrue, + ObservedGeneration: route.Generation, + LastTransitionTime: metav1.Now(), + Reason: string(gatev1.RouteConditionResolvedRefs), + } + router := dynamic.TCPRouter{ RuleSyntax: "v3", Rule: hostSNIRule(hostnames), EntryPoints: []string{listener.EPName}, TLS: &dynamic.RouterTCPTLSConfig{ - Passthrough: listener.TLS.Mode != nil && *listener.TLS.Mode == gatev1.TLSModePassthrough, + Passthrough: listener.TLS != nil && listener.TLS.Mode != nil && *listener.TLS.Mode == gatev1.TLSModePassthrough, }, } @@ -130,32 +131,32 @@ func (p *Provider) loadTLSRoute(client Client, listener gatewayListener, route * wrrService, subServices, err := loadTCPServices(client, route.Namespace, routeRule.BackendRefs) if err != nil { // update "ResolvedRefs" status true with "InvalidBackendRefs" reason - routeConditions = appendCondition(routeConditions, metav1.Condition{ + routeCondition = metav1.Condition{ Type: string(gatev1.RouteConditionResolvedRefs), Status: metav1.ConditionFalse, ObservedGeneration: route.Generation, LastTransitionTime: metav1.Now(), Reason: string(gatev1.RouteReasonBackendNotFound), Message: fmt.Sprintf("Cannot load TLSRoute service %s/%s: %v", route.Namespace, route.Name, err), - }) + } continue } for svcName, svc := range subServices { - conf.TCP.Services[svcName] = svc + routeConf.TCP.Services[svcName] = svc } serviceName := fmt.Sprintf("%s-wrr-%d", routerKey, i) - conf.TCP.Services[serviceName] = wrrService + routeConf.TCP.Services[serviceName] = wrrService ruleServiceNames = append(ruleServiceNames, serviceName) } if len(ruleServiceNames) == 1 { router.Service = ruleServiceNames[0] - conf.TCP.Routers[routerKey] = &router + routeConf.TCP.Routers[routerKey] = &router - return routeConditions + return routeConf, routeCondition } routeServiceKey := routerKey + "-wrr" @@ -168,12 +169,12 @@ func (p *Provider) loadTLSRoute(client Client, listener gatewayListener, route * routeService.Weighted.Services = append(routeService.Weighted.Services, service) } - conf.TCP.Services[routeServiceKey] = routeService + routeConf.TCP.Services[routeServiceKey] = routeService router.Service = routeServiceKey - conf.TCP.Routers[routerKey] = &router + routeConf.TCP.Routers[routerKey] = &router - return routeConditions + return routeConf, routeCondition } func hostSNIRule(hostnames []gatev1.Hostname) string { From 6155c900be5539d8d5ebe9ba7a4be5f88e9f067f Mon Sep 17 00:00:00 2001 From: Romain Date: Wed, 5 Jun 2024 15:04:04 +0200 Subject: [PATCH 14/31] Passing the correct status code when compression is disabled within the Brotli handler Co-authored-by: Kevin Pollet --- pkg/middlewares/compress/brotli/brotli.go | 2 ++ pkg/middlewares/compress/brotli/brotli_test.go | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/pkg/middlewares/compress/brotli/brotli.go b/pkg/middlewares/compress/brotli/brotli.go index 17225f252..27802b0f6 100644 --- a/pkg/middlewares/compress/brotli/brotli.go +++ b/pkg/middlewares/compress/brotli/brotli.go @@ -160,6 +160,7 @@ func (r *responseWriter) Write(p []byte) (int, error) { } if !found { r.compressionDisabled = true + r.rw.WriteHeader(r.statusCode) return r.rw.Write(p) } } @@ -167,6 +168,7 @@ func (r *responseWriter) Write(p []byte) (int, error) { for _, excludedContentType := range r.excludedContentTypes { if excludedContentType.equals(mediaType, params) { r.compressionDisabled = true + r.rw.WriteHeader(r.statusCode) return r.rw.Write(p) } } diff --git a/pkg/middlewares/compress/brotli/brotli_test.go b/pkg/middlewares/compress/brotli/brotli_test.go index 005587411..67c794c46 100644 --- a/pkg/middlewares/compress/brotli/brotli_test.go +++ b/pkg/middlewares/compress/brotli/brotli_test.go @@ -356,7 +356,7 @@ func Test_ExcludedContentTypes(t *testing.T) { h := mustNewWrapper(t, cfg)(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { rw.Header().Set(contentType, test.contentType) - rw.WriteHeader(http.StatusOK) + rw.WriteHeader(http.StatusAccepted) _, err := rw.Write(bigTestBody) require.NoError(t, err) @@ -368,7 +368,7 @@ func Test_ExcludedContentTypes(t *testing.T) { rw := httptest.NewRecorder() h.ServeHTTP(rw, req) - assert.Equal(t, http.StatusOK, rw.Code) + assert.Equal(t, http.StatusAccepted, rw.Code) if test.expCompression { assert.Equal(t, "br", rw.Header().Get(contentEncoding)) @@ -460,7 +460,7 @@ func Test_IncludedContentTypes(t *testing.T) { h := mustNewWrapper(t, cfg)(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { rw.Header().Set(contentType, test.contentType) - rw.WriteHeader(http.StatusOK) + rw.WriteHeader(http.StatusAccepted) _, err := rw.Write(bigTestBody) require.NoError(t, err) @@ -472,7 +472,7 @@ func Test_IncludedContentTypes(t *testing.T) { rw := httptest.NewRecorder() h.ServeHTTP(rw, req) - assert.Equal(t, http.StatusOK, rw.Code) + assert.Equal(t, http.StatusAccepted, rw.Code) if test.expCompression { assert.Equal(t, "br", rw.Header().Get(contentEncoding)) From dc752c784787f478b534d853c8d03bbb283dbd7f Mon Sep 17 00:00:00 2001 From: Pinghao Wu Date: Wed, 5 Jun 2024 22:38:05 +0800 Subject: [PATCH 15/31] grafana: traefik-kubernetes: fix service name label_replace --- contrib/grafana/traefik-kubernetes.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/contrib/grafana/traefik-kubernetes.json b/contrib/grafana/traefik-kubernetes.json index fee1f524f..7d8f8ba4f 100644 --- a/contrib/grafana/traefik-kubernetes.json +++ b/contrib/grafana/traefik-kubernetes.json @@ -507,7 +507,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "topk(15,\n label_replace(\n traefik_service_request_duration_seconds_sum{service=~\"$service.*\",protocol=\"http\"} / \n traefik_service_request_duration_seconds_count{service=~\"$service.*\",protocol=\"http\"},\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)\n\n", + "expr": "topk(15,\n label_replace(\n traefik_service_request_duration_seconds_sum{service=~\"$service.*\",protocol=\"http\"} / \n traefik_service_request_duration_seconds_count{service=~\"$service.*\",protocol=\"http\"},\n \"service\", \"$1\", \"service\", \"([^@]+)@.*\")\n)\n\n", "legendFormat": "{{method}}[{{code}}] on {{service}}", "range": true, "refId": "A" @@ -606,7 +606,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "topk(15,\n label_replace(\n sum by (service,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "expr": "topk(15,\n label_replace(\n sum by (service,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^@]+)@.*\")\n)", "legendFormat": "[{{code}}] on {{service}}", "range": true, "refId": "A" @@ -711,7 +711,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"1.2\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\"\n)", + "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"1.2\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^@]+)@.*\"\n)", "legendFormat": "{{service}}", "range": true, "refId": "A" @@ -806,7 +806,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"0.3\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\"\n)", + "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"0.3\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^@]+)@.*\"\n)", "legendFormat": "{{service}}", "range": true, "refId": "A" @@ -922,7 +922,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"2..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"2..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^@]+)@.*\")\n)", "legendFormat": "{{method}}[{{code}}] on {{service}}", "range": true, "refId": "A" @@ -1022,7 +1022,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^@]+)@.*\")\n)", "legendFormat": "{{method}}[{{code}}] on {{service}}", "range": true, "refId": "A" @@ -1122,7 +1122,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code!~\"2..|5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code!~\"2..|5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^@]+)@.*\")\n)", "legendFormat": "{{method}}[{{code}}] on {{service}}", "range": true, "refId": "A" @@ -1222,7 +1222,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_requests_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_requests_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^@]+)@.*\")\n)", "legendFormat": "{{method}} on {{service}}", "range": true, "refId": "A" @@ -1322,7 +1322,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_responses_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_responses_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^@]+)@.*\")\n)", "legendFormat": "{{method}} on {{service}}", "range": true, "refId": "A" @@ -1494,7 +1494,7 @@ "refId": "StandardVariableQuery" }, "refresh": 2, - "regex": "/([^-]+-[^-]+).*/", + "regex": "/([^@]+)@.*/", "skipUrlSync": false, "sort": 1, "type": "query" From b368e713379f102ab30f85529d96c5bd8d736343 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Wed, 5 Jun 2024 16:58:05 +0200 Subject: [PATCH 16/31] Bump Docker images use for documentation to Alpine 3.20 --- .github/workflows/test-integration.yaml | 2 +- docs/check.Dockerfile | 2 +- docs/docs.Dockerfile | 8 ++-- docs/requirements.txt | 56 ++++++++----------------- docs/runtime.txt | 1 - 5 files changed, 24 insertions(+), 45 deletions(-) delete mode 100644 docs/runtime.txt diff --git a/.github/workflows/test-integration.yaml b/.github/workflows/test-integration.yaml index 51e2b1ab0..cd157edad 100644 --- a/.github/workflows/test-integration.yaml +++ b/.github/workflows/test-integration.yaml @@ -42,7 +42,7 @@ jobs: fail-fast: true matrix: parallel: [12] - index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 , 11] + index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11] steps: - name: Check out code diff --git a/docs/check.Dockerfile b/docs/check.Dockerfile index d33a46af3..824a97081 100644 --- a/docs/check.Dockerfile +++ b/docs/check.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 as alpine +FROM alpine:3.20 RUN apk --no-cache --no-progress add \ build-base \ diff --git a/docs/docs.Dockerfile b/docs/docs.Dockerfile index ee10a5302..2ed4d0528 100644 --- a/docs/docs.Dockerfile +++ b/docs/docs.Dockerfile @@ -1,10 +1,12 @@ -FROM alpine:3.14 +FROM alpine:3.20 -ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.local/bin +ENV PATH="${PATH}:/venv/bin" COPY requirements.txt /mkdocs/ WORKDIR /mkdocs VOLUME /mkdocs RUN apk --no-cache --no-progress add py3-pip gcc musl-dev python3-dev \ - && pip3 install --user -r requirements.txt + && python3 -m venv /venv \ + && source /venv/bin/activate \ + && pip3 install -r requirements.txt diff --git a/docs/requirements.txt b/docs/requirements.txt index 8274f4d68..68126a411 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,45 +1,23 @@ -mkdocs==1.2.2 +markdown-include==0.5.1 +mkdocs==1.2.4 +mkdocs-exclude==1.0.2 mkdocs-traefiklabs>=100.0.7 -appdirs==1.4.4 -CacheControl==0.12.6 -certifi==2020.12.5 -chardet==4.0.0 -click==8.0.4 -colorama==0.4.4 -contextlib2==0.6.0 -distlib==0.3.1 -distro==1.5.0 -ghp-import==2.0.2 -html5lib==1.1 -idna==3.2 -importlib-metadata==4.11.3 -Jinja2==3.0.0 -lockfile==0.12.2 +click==8.1.7 +colorama==0.4.6 +ghp-import==2.1.0 +importlib_metadata==7.1.0 +Jinja2==3.1.3 Markdown==3.3.6 -markdown-include==0.5.1 -MarkupSafe==2.1.1 +MarkupSafe==2.1.5 mergedeep==1.3.4 -mkdocs-bootswatch==1.0 -mkdocs-exclude==1.0.2 -mkdocs-material-extensions==1.0.3 -msgpack==1.0.2 -ordered-set==4.0.2 -packaging==20.9 -pep517==0.10.0 -progress==1.5 -Pygments==2.11.2 +mkdocs-material-extensions==1.3.1 +packaging==24.0 +Pygments==2.18.0 pymdown-extensions==7.0 -pyparsing==2.4.7 -python-dateutil==2.8.2 +python-dateutil==2.9.0.post0 PyYAML==6.0.1 -pyyaml-env-tag==0.1 -requests==2.25.1 -retrying==1.3.3 -six==1.15.0 -toml==0.10.2 -urllib3==1.26.5 -watchdog==2.1.7 -webencodings==0.5.1 -zipp==3.7.0 - +pyyaml_env_tag==0.1 +six==1.16.0 +watchdog==4.0.0 +zipp==3.18.1 diff --git a/docs/runtime.txt b/docs/runtime.txt deleted file mode 100644 index 475ba515c..000000000 --- a/docs/runtime.txt +++ /dev/null @@ -1 +0,0 @@ -3.7 From 28d40e7f3c189790ef7a635dbe46ec3620f1b999 Mon Sep 17 00:00:00 2001 From: Romain Date: Thu, 6 Jun 2024 10:56:03 +0200 Subject: [PATCH 17/31] Fix HTTPRoute Redirect Filter with port and scheme Co-authored-by: Kevin Pollet --- .../fixtures/k8s-conformance/02-traefik.yml | 15 +- integration/k8s_conformance_test.go | 29 ++- pkg/config/dynamic/middlewares.go | 10 + pkg/config/dynamic/zz_generated.deepcopy.go | 21 ++ .../headermodifier/request_header_modifier.go | 0 .../request_header_modifier_test.go | 0 .../gatewayapi/redirect/request_redirect.go | 134 ++++++++++++ .../redirect/request_redirect_test.go | 203 ++++++++++++++++++ .../httproute/filter_http_to_https.yml | 8 +- ...r_http_to_https_with_hostname_and_port.yml | 8 +- pkg/provider/kubernetes/gateway/httproute.go | 22 +- .../kubernetes/gateway/kubernetes_test.go | 62 +----- pkg/server/middleware/middlewares.go | 12 +- 13 files changed, 431 insertions(+), 93 deletions(-) rename pkg/middlewares/{ => gatewayapi}/headermodifier/request_header_modifier.go (100%) rename pkg/middlewares/{ => gatewayapi}/headermodifier/request_header_modifier_test.go (100%) create mode 100644 pkg/middlewares/gatewayapi/redirect/request_redirect.go create mode 100644 pkg/middlewares/gatewayapi/redirect/request_redirect_test.go diff --git a/integration/fixtures/k8s-conformance/02-traefik.yml b/integration/fixtures/k8s-conformance/02-traefik.yml index becc6dc5c..6f780affb 100644 --- a/integration/fixtures/k8s-conformance/02-traefik.yml +++ b/integration/fixtures/k8s-conformance/02-traefik.yml @@ -48,6 +48,8 @@ spec: - --api.insecure - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 + - --entrypoints.web8080.address=:8080 + - --entrypoints.traefik.address=:9000 - --experimental.kubernetesgateway - --providers.kubernetesgateway.experimentalChannel - --providers.kubernetesgateway.statusaddress.service.namespace=traefik @@ -55,10 +57,12 @@ spec: ports: - name: web containerPort: 80 - - name: admin - containerPort: 8080 - name: websecure containerPort: 443 + - name: web8080 + containerPort: 8080 + - name: traefik + containerPort: 9000 --- apiVersion: v1 @@ -78,5 +82,8 @@ spec: name: websecure targetPort: websecure - port: 8080 - name: admin - targetPort: admin + name: web8080 + targetPort: web8080 + - port: 9000 + name: traefik + targetPort: traefik diff --git a/integration/k8s_conformance_test.go b/integration/k8s_conformance_test.go index 5e318d562..afae520fc 100644 --- a/integration/k8s_conformance_test.go +++ b/integration/k8s_conformance_test.go @@ -166,7 +166,7 @@ func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() { k3sContainerIP, err := s.k3sContainer.ContainerIP(context.Background()) require.NoError(s.T(), err) - err = try.GetRequest("http://"+k3sContainerIP+":8080/api/entrypoints", 10*time.Second, try.BodyContains(`"name":"web"`)) + err = try.GetRequest("http://"+k3sContainerIP+":9000/api/entrypoints", 10*time.Second, try.BodyContains(`"name":"web"`)) require.NoError(s.T(), err) opts := ksuite.Options{ @@ -195,23 +195,32 @@ func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() { LatestObservedGenerationSet: 5 * time.Second, RequiredConsecutiveSuccesses: 0, }, - SupportedFeatures: sets.New(ksuite.SupportGateway, ksuite.SupportHTTPRoute). - Union(ksuite.HTTPRouteExtendedFeatures), + SupportedFeatures: sets.New(ksuite.SupportGateway, + ksuite.SupportGatewayPort8080, + ksuite.SupportHTTPRoute, + ksuite.SupportHTTPRouteQueryParamMatching, + ksuite.SupportHTTPRouteMethodMatching, + ksuite.SupportHTTPRoutePortRedirect, + ksuite.SupportHTTPRouteSchemeRedirect, + ksuite.SupportHTTPRouteHostRewrite, + ksuite.SupportHTTPRoutePathRewrite, + ), + ExemptFeatures: sets.New( + ksuite.SupportHTTPRouteRequestTimeout, + ksuite.SupportHTTPRouteBackendTimeout, + ksuite.SupportHTTPRouteResponseHeaderModification, + ksuite.SupportHTTPRoutePathRedirect, + ksuite.SupportHTTPRouteRequestMirror, + ksuite.SupportHTTPRouteRequestMultipleMirrors, + ), EnableAllSupportedFeatures: false, RunTest: *k8sConformanceRunTest, // Until the feature are all supported, following tests are skipped. SkipTests: []string{ tests.HTTPRouteMethodMatching.ShortName, tests.HTTPRouteQueryParamMatching.ShortName, - tests.HTTPRouteRedirectPath.ShortName, - tests.HTTPRouteRedirectPortAndScheme.ShortName, - tests.HTTPRouteRequestMirror.ShortName, - tests.HTTPRouteRequestMultipleMirrors.ShortName, - tests.HTTPRouteResponseHeaderModifier.ShortName, tests.HTTPRouteRewriteHost.ShortName, tests.HTTPRouteRewritePath.ShortName, - tests.HTTPRouteTimeoutBackendRequest.ShortName, - tests.HTTPRouteTimeoutRequest.ShortName, }, } diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index 59c91814b..e2c9ed177 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -42,6 +42,7 @@ type Middleware struct { // Gateway API HTTPRoute filters middlewares. RequestHeaderModifier *RequestHeaderModifier `json:"requestHeaderModifier,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"` + RequestRedirect *RequestRedirect `json:"requestRedirect,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"` } // +k8s:deepcopy-gen=true @@ -685,3 +686,12 @@ type RequestHeaderModifier struct { Add map[string]string `json:"add,omitempty"` Remove []string `json:"remove,omitempty"` } + +// +k8s:deepcopy-gen=true + +// RequestRedirect holds the request redirect middleware configuration. +type RequestRedirect struct { + Regex string `json:"regex,omitempty"` + Replacement string `json:"replacement,omitempty"` + Permanent bool `json:"permanent,omitempty"` +} diff --git a/pkg/config/dynamic/zz_generated.deepcopy.go b/pkg/config/dynamic/zz_generated.deepcopy.go index 05436088b..fb496fe66 100644 --- a/pkg/config/dynamic/zz_generated.deepcopy.go +++ b/pkg/config/dynamic/zz_generated.deepcopy.go @@ -864,6 +864,11 @@ func (in *Middleware) DeepCopyInto(out *Middleware) { *out = new(RequestHeaderModifier) (*in).DeepCopyInto(*out) } + if in.RequestRedirect != nil { + in, out := &in.RequestRedirect, &out.RequestRedirect + *out = new(RequestRedirect) + **out = **in + } return } @@ -1107,6 +1112,22 @@ func (in *RequestHeaderModifier) DeepCopy() *RequestHeaderModifier { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestRedirect) DeepCopyInto(out *RequestRedirect) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestRedirect. +func (in *RequestRedirect) DeepCopy() *RequestRedirect { + if in == nil { + return nil + } + out := new(RequestRedirect) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResponseForwarding) DeepCopyInto(out *ResponseForwarding) { *out = *in diff --git a/pkg/middlewares/headermodifier/request_header_modifier.go b/pkg/middlewares/gatewayapi/headermodifier/request_header_modifier.go similarity index 100% rename from pkg/middlewares/headermodifier/request_header_modifier.go rename to pkg/middlewares/gatewayapi/headermodifier/request_header_modifier.go diff --git a/pkg/middlewares/headermodifier/request_header_modifier_test.go b/pkg/middlewares/gatewayapi/headermodifier/request_header_modifier_test.go similarity index 100% rename from pkg/middlewares/headermodifier/request_header_modifier_test.go rename to pkg/middlewares/gatewayapi/headermodifier/request_header_modifier_test.go diff --git a/pkg/middlewares/gatewayapi/redirect/request_redirect.go b/pkg/middlewares/gatewayapi/redirect/request_redirect.go new file mode 100644 index 000000000..d1dd984ba --- /dev/null +++ b/pkg/middlewares/gatewayapi/redirect/request_redirect.go @@ -0,0 +1,134 @@ +package redirect + +import ( + "context" + "net/http" + "net/url" + "regexp" + "strings" + + "github.com/traefik/traefik/v3/pkg/config/dynamic" + "github.com/traefik/traefik/v3/pkg/middlewares" + "github.com/vulcand/oxy/v2/utils" + "go.opentelemetry.io/otel/trace" +) + +const ( + schemeHTTP = "http" + schemeHTTPS = "https" + typeName = "RequestRedirect" +) + +var uriRegexp = regexp.MustCompile(`^(https?):\/\/(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`) + +// NewRequestRedirect creates a redirect middleware. +func NewRequestRedirect(ctx context.Context, next http.Handler, conf dynamic.RequestRedirect, name string) (http.Handler, error) { + logger := middlewares.GetLogger(ctx, name, typeName) + logger.Debug().Msg("Creating middleware") + logger.Debug().Msgf("Setting up redirection from %s to %s", conf.Regex, conf.Replacement) + + re, err := regexp.Compile(conf.Regex) + if err != nil { + return nil, err + } + + return &redirect{ + regex: re, + replacement: conf.Replacement, + permanent: conf.Permanent, + errHandler: utils.DefaultHandler, + next: next, + name: name, + rawURL: rawURL, + }, nil +} + +type redirect struct { + next http.Handler + regex *regexp.Regexp + replacement string + permanent bool + errHandler utils.ErrorHandler + name string + rawURL func(*http.Request) string +} + +func rawURL(req *http.Request) string { + scheme := schemeHTTP + host := req.Host + port := "" + uri := req.RequestURI + + if match := uriRegexp.FindStringSubmatch(req.RequestURI); len(match) > 0 { + scheme = match[1] + + if len(match[2]) > 0 { + host = match[2] + } + + if len(match[3]) > 0 { + port = match[3] + } + + uri = match[4] + } + + if req.TLS != nil { + scheme = schemeHTTPS + } + + return strings.Join([]string{scheme, "://", host, port, uri}, "") +} + +func (r *redirect) GetTracingInformation() (string, string, trace.SpanKind) { + return r.name, typeName, trace.SpanKindInternal +} + +func (r *redirect) ServeHTTP(rw http.ResponseWriter, req *http.Request) { + oldURL := r.rawURL(req) + + // If the Regexp doesn't match, skip to the next handler. + if !r.regex.MatchString(oldURL) { + r.next.ServeHTTP(rw, req) + return + } + + // Apply a rewrite regexp to the URL. + newURL := r.regex.ReplaceAllString(oldURL, r.replacement) + + // Parse the rewritten URL and replace request URL with it. + parsedURL, err := url.Parse(newURL) + if err != nil { + r.errHandler.ServeHTTP(rw, req, err) + return + } + + handler := &moveHandler{location: parsedURL, permanent: r.permanent} + handler.ServeHTTP(rw, req) +} + +type moveHandler struct { + location *url.URL + permanent bool +} + +func (m *moveHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) { + rw.Header().Set("Location", m.location.String()) + + status := http.StatusFound + if req.Method != http.MethodGet { + status = http.StatusTemporaryRedirect + } + + if m.permanent { + status = http.StatusMovedPermanently + if req.Method != http.MethodGet { + status = http.StatusPermanentRedirect + } + } + rw.WriteHeader(status) + _, err := rw.Write([]byte(http.StatusText(status))) + if err != nil { + http.Error(rw, err.Error(), http.StatusInternalServerError) + } +} diff --git a/pkg/middlewares/gatewayapi/redirect/request_redirect_test.go b/pkg/middlewares/gatewayapi/redirect/request_redirect_test.go new file mode 100644 index 000000000..6fe9050a5 --- /dev/null +++ b/pkg/middlewares/gatewayapi/redirect/request_redirect_test.go @@ -0,0 +1,203 @@ +package redirect + +import ( + "context" + "crypto/tls" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/traefik/traefik/v3/pkg/config/dynamic" +) + +func TestRequestRedirectHandler(t *testing.T) { + testCases := []struct { + desc string + config dynamic.RequestRedirect + method string + url string + headers map[string]string + secured bool + expectedURL string + expectedStatus int + errorExpected bool + }{ + { + desc: "simple redirection", + config: dynamic.RequestRedirect{ + Regex: `^(?:http?:\/\/)(foo)(\.com)(:\d+)(.*)$`, + Replacement: "https://${1}bar$2:443$4", + }, + url: "http://foo.com:80", + expectedURL: "https://foobar.com:443", + expectedStatus: http.StatusFound, + }, + { + desc: "URL doesn't match regex", + config: dynamic.RequestRedirect{ + Regex: `^(?:http?:\/\/)(foo)(\.com)(:\d+)(.*)$`, + Replacement: "https://${1}bar$2:443$4", + }, + url: "http://bar.com:80", + expectedStatus: http.StatusOK, + }, + { + desc: "invalid rewritten URL", + config: dynamic.RequestRedirect{ + Regex: `^(.*)$`, + Replacement: "http://192.168.0.%31/", + }, + url: "http://foo.com:80", + expectedStatus: http.StatusBadGateway, + }, + { + desc: "invalid regex", + config: dynamic.RequestRedirect{ + Regex: `^(.*`, + Replacement: "$1", + }, + url: "http://foo.com:80", + errorExpected: true, + }, + { + desc: "HTTP to HTTPS permanent", + config: dynamic.RequestRedirect{ + Regex: `^http://`, + Replacement: "https://$1", + Permanent: true, + }, + url: "http://foo", + expectedURL: "https://foo", + expectedStatus: http.StatusMovedPermanently, + }, + { + desc: "HTTPS to HTTP permanent", + config: dynamic.RequestRedirect{ + Regex: `https://foo`, + Replacement: "http://foo", + Permanent: true, + }, + secured: true, + url: "https://foo", + expectedURL: "http://foo", + expectedStatus: http.StatusMovedPermanently, + }, + { + desc: "HTTP to HTTPS", + config: dynamic.RequestRedirect{ + Regex: `http://foo:80`, + Replacement: "https://foo:443", + }, + url: "http://foo:80", + expectedURL: "https://foo:443", + expectedStatus: http.StatusFound, + }, + { + desc: "HTTP to HTTPS, with X-Forwarded-Proto", + config: dynamic.RequestRedirect{ + Regex: `http://foo:80`, + Replacement: "https://foo:443", + }, + url: "http://foo:80", + headers: map[string]string{ + "X-Forwarded-Proto": "https", + }, + expectedURL: "https://foo:443", + expectedStatus: http.StatusFound, + }, + { + desc: "HTTPS to HTTP", + config: dynamic.RequestRedirect{ + Regex: `https://foo:443`, + Replacement: "http://foo:80", + }, + secured: true, + url: "https://foo:443", + expectedURL: "http://foo:80", + expectedStatus: http.StatusFound, + }, + { + desc: "HTTP to HTTP", + config: dynamic.RequestRedirect{ + Regex: `http://foo:80`, + Replacement: "http://foo:88", + }, + url: "http://foo:80", + expectedURL: "http://foo:88", + expectedStatus: http.StatusFound, + }, + { + desc: "HTTP to HTTP POST", + config: dynamic.RequestRedirect{ + Regex: `^http://`, + Replacement: "https://$1", + }, + url: "http://foo", + method: http.MethodPost, + expectedURL: "https://foo", + expectedStatus: http.StatusTemporaryRedirect, + }, + { + desc: "HTTP to HTTP POST permanent", + config: dynamic.RequestRedirect{ + Regex: `^http://`, + Replacement: "https://$1", + Permanent: true, + }, + url: "http://foo", + method: http.MethodPost, + expectedURL: "https://foo", + expectedStatus: http.StatusPermanentRedirect, + }, + } + + for _, test := range testCases { + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) + handler, err := NewRequestRedirect(context.Background(), next, test.config, "traefikTest") + + if test.errorExpected { + require.Error(t, err) + require.Nil(t, handler) + } else { + require.NoError(t, err) + require.NotNil(t, handler) + + recorder := httptest.NewRecorder() + + method := http.MethodGet + if test.method != "" { + method = test.method + } + + req := httptest.NewRequest(method, test.url, nil) + if test.secured { + req.TLS = &tls.ConnectionState{} + } + + for k, v := range test.headers { + req.Header.Set(k, v) + } + + req.Header.Set("X-Foo", "bar") + handler.ServeHTTP(recorder, req) + + assert.Equal(t, test.expectedStatus, recorder.Code) + switch test.expectedStatus { + case http.StatusMovedPermanently, http.StatusFound, http.StatusTemporaryRedirect, http.StatusPermanentRedirect: + location, err := recorder.Result().Location() + require.NoError(t, err) + + assert.Equal(t, test.expectedURL, location.String()) + default: + location, err := recorder.Result().Location() + require.Errorf(t, err, "Location %v", location) + } + } + }) + } +} diff --git a/pkg/provider/kubernetes/gateway/fixtures/httproute/filter_http_to_https.yml b/pkg/provider/kubernetes/gateway/fixtures/httproute/filter_http_to_https.yml index de4cdf9ec..dda03362e 100644 --- a/pkg/provider/kubernetes/gateway/fixtures/httproute/filter_http_to_https.yml +++ b/pkg/provider/kubernetes/gateway/fixtures/httproute/filter_http_to_https.yml @@ -39,13 +39,7 @@ spec: hostnames: - "example.org" rules: - - backendRefs: - - name: whoami - port: 80 - weight: 1 - kind: Service - group: "" - filters: + - filters: - type: RequestRedirect requestRedirect: scheme: https diff --git a/pkg/provider/kubernetes/gateway/fixtures/httproute/filter_http_to_https_with_hostname_and_port.yml b/pkg/provider/kubernetes/gateway/fixtures/httproute/filter_http_to_https_with_hostname_and_port.yml index f1aba4c62..971a0ae81 100644 --- a/pkg/provider/kubernetes/gateway/fixtures/httproute/filter_http_to_https_with_hostname_and_port.yml +++ b/pkg/provider/kubernetes/gateway/fixtures/httproute/filter_http_to_https_with_hostname_and_port.yml @@ -39,13 +39,7 @@ spec: hostnames: - "example.org" rules: - - backendRefs: - - name: whoami - port: 80 - weight: 1 - kind: Service - group: "" - filters: + - filters: - type: RequestRedirect requestRedirect: hostname: example.com diff --git a/pkg/provider/kubernetes/gateway/httproute.go b/pkg/provider/kubernetes/gateway/httproute.go index 1570a55ea..bc5d67160 100644 --- a/pkg/provider/kubernetes/gateway/httproute.go +++ b/pkg/provider/kubernetes/gateway/httproute.go @@ -135,7 +135,7 @@ func (p *Provider) loadHTTPRoute(ctx context.Context, client Client, listener ga var wrr dynamic.WeightedRoundRobin wrrName := provider.Normalize(routerKey + "-wrr") - middlewares, err := p.loadMiddlewares(listener.Protocol, route.Namespace, routerKey, routeRule.Filters) + middlewares, err := p.loadMiddlewares(route.Namespace, routerKey, routeRule.Filters) if err != nil { log.Ctx(ctx).Error(). Err(err). @@ -294,14 +294,14 @@ func (p *Provider) loadHTTPBackendRef(namespace string, backendRef gatev1.HTTPBa return backendFunc(string(backendRef.Name), namespace) } -func (p *Provider) loadMiddlewares(listenerProtocol gatev1.ProtocolType, namespace, prefix string, filters []gatev1.HTTPRouteFilter) (map[string]*dynamic.Middleware, error) { +func (p *Provider) loadMiddlewares(namespace, prefix string, filters []gatev1.HTTPRouteFilter) (map[string]*dynamic.Middleware, error) { middlewares := make(map[string]*dynamic.Middleware) for i, filter := range filters { switch filter.Type { case gatev1.HTTPRouteFilterRequestRedirect: middlewareName := provider.Normalize(fmt.Sprintf("%s-%s-%d", prefix, strings.ToLower(string(filter.Type)), i)) - middlewares[middlewareName] = createRedirectRegexMiddleware(listenerProtocol, filter.RequestRedirect) + middlewares[middlewareName] = createRedirectMiddleware(filter.RequestRedirect) case gatev1.HTTPRouteFilterRequestHeaderModifier: middlewareName := provider.Normalize(fmt.Sprintf("%s-%s-%d", prefix, strings.ToLower(string(filter.Type)), i)) @@ -573,25 +573,27 @@ func createRequestHeaderModifier(filter *gatev1.HTTPHeaderFilter) *dynamic.Middl } } -func createRedirectRegexMiddleware(listenerProtocol gatev1.ProtocolType, filter *gatev1.HTTPRequestRedirectFilter) *dynamic.Middleware { - // The spec allows for an empty string in which case we should use the - // scheme of the request which in this case is the listener scheme. - filterScheme := ptr.Deref(filter.Scheme, strings.ToLower(string(listenerProtocol))) - statusCode := ptr.Deref(filter.StatusCode, http.StatusFound) +func createRedirectMiddleware(filter *gatev1.HTTPRequestRedirectFilter) *dynamic.Middleware { + filterScheme := ptr.Deref(filter.Scheme, "${scheme}") port := "${port}" + if filterScheme == "http" || filterScheme == "https" { + port = "" + } if filter.Port != nil { port = fmt.Sprintf(":%d", *filter.Port) } + statusCode := ptr.Deref(filter.StatusCode, http.StatusFound) + hostname := "${hostname}" if filter.Hostname != nil && *filter.Hostname != "" { hostname = string(*filter.Hostname) } return &dynamic.Middleware{ - RedirectRegex: &dynamic.RedirectRegex{ - Regex: `^[a-z]+:\/\/(?P.+@)?(?P\[[\w:\.]+\]|[\w\._-]+)(?P:\d+)?\/(?P.*)`, + RequestRedirect: &dynamic.RequestRedirect{ + Regex: `^(?P[a-z]+):\/\/(?P.+@)?(?P\[[\w:\.]+\]|[\w\._-]+)(?P:\d+)?\/(?P.*)`, Replacement: fmt.Sprintf("%s://${userinfo}%s%s/${path}", filterScheme, hostname, port), Permanent: statusCode == http.StatusMovedPermanently, }, diff --git a/pkg/provider/kubernetes/gateway/kubernetes_test.go b/pkg/provider/kubernetes/gateway/kubernetes_test.go index 8a4ce02b5..94bb5fe6b 100644 --- a/pkg/provider/kubernetes/gateway/kubernetes_test.go +++ b/pkg/provider/kubernetes/gateway/kubernetes_test.go @@ -1669,39 +1669,16 @@ func TestLoadHTTPRoutes(t *testing.T) { }, Middlewares: map[string]*dynamic.Middleware{ "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-requestredirect-0": { - RedirectRegex: &dynamic.RedirectRegex{ - Regex: "^[a-z]+:\\/\\/(?P.+@)?(?P\\[[\\w:\\.]+\\]|[\\w\\._-]+)(?P:\\d+)?\\/(?P.*)", - Replacement: "https://${userinfo}${hostname}${port}/${path}", + RequestRedirect: &dynamic.RequestRedirect{ + Regex: "^(?P[a-z]+):\\/\\/(?P.+@)?(?P\\[[\\w:\\.]+\\]|[\\w\\._-]+)(?P:\\d+)?\\/(?P.*)", + Replacement: "https://${userinfo}${hostname}/${path}", Permanent: true, }, }, }, Services: map[string]*dynamic.Service{ "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-wrr": { - Weighted: &dynamic.WeightedRoundRobin{ - Services: []dynamic.WRRService{ - { - Name: "default-whoami-80", - Weight: ptr.To(1), - }, - }, - }, - }, - "default-whoami-80": { - LoadBalancer: &dynamic.ServersLoadBalancer{ - Servers: []dynamic.Server{ - { - URL: "http://10.10.0.1:80", - }, - { - URL: "http://10.10.0.2:80", - }, - }, - PassHostHeader: ptr.To(true), - ResponseForwarding: &dynamic.ResponseForwarding{ - FlushInterval: ptypes.Duration(100 * time.Millisecond), - }, - }, + Weighted: &dynamic.WeightedRoundRobin{}, }, }, ServersTransports: map[string]*dynamic.ServersTransport{}, @@ -1739,38 +1716,15 @@ func TestLoadHTTPRoutes(t *testing.T) { }, Middlewares: map[string]*dynamic.Middleware{ "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-requestredirect-0": { - RedirectRegex: &dynamic.RedirectRegex{ - Regex: "^[a-z]+:\\/\\/(?P.+@)?(?P\\[[\\w:\\.]+\\]|[\\w\\._-]+)(?P:\\d+)?\\/(?P.*)", - Replacement: "http://${userinfo}example.com:443/${path}", + RequestRedirect: &dynamic.RequestRedirect{ + Regex: "^(?P[a-z]+):\\/\\/(?P.+@)?(?P\\[[\\w:\\.]+\\]|[\\w\\._-]+)(?P:\\d+)?\\/(?P.*)", + Replacement: "${scheme}://${userinfo}example.com:443/${path}", }, }, }, Services: map[string]*dynamic.Service{ "default-http-app-1-my-gateway-web-fa136e10345bd0e7248d-wrr": { - Weighted: &dynamic.WeightedRoundRobin{ - Services: []dynamic.WRRService{ - { - Name: "default-whoami-80", - Weight: ptr.To(1), - }, - }, - }, - }, - "default-whoami-80": { - LoadBalancer: &dynamic.ServersLoadBalancer{ - Servers: []dynamic.Server{ - { - URL: "http://10.10.0.1:80", - }, - { - URL: "http://10.10.0.2:80", - }, - }, - PassHostHeader: ptr.To(true), - ResponseForwarding: &dynamic.ResponseForwarding{ - FlushInterval: ptypes.Duration(100 * time.Millisecond), - }, - }, + Weighted: &dynamic.WeightedRoundRobin{}, }, }, ServersTransports: map[string]*dynamic.ServersTransport{}, diff --git a/pkg/server/middleware/middlewares.go b/pkg/server/middleware/middlewares.go index 2217dc58a..b5d0447d8 100644 --- a/pkg/server/middleware/middlewares.go +++ b/pkg/server/middleware/middlewares.go @@ -20,8 +20,9 @@ import ( "github.com/traefik/traefik/v3/pkg/middlewares/compress" "github.com/traefik/traefik/v3/pkg/middlewares/contenttype" "github.com/traefik/traefik/v3/pkg/middlewares/customerrors" + "github.com/traefik/traefik/v3/pkg/middlewares/gatewayapi/headermodifier" + gapiredirect "github.com/traefik/traefik/v3/pkg/middlewares/gatewayapi/redirect" "github.com/traefik/traefik/v3/pkg/middlewares/grpcweb" - "github.com/traefik/traefik/v3/pkg/middlewares/headermodifier" "github.com/traefik/traefik/v3/pkg/middlewares/headers" "github.com/traefik/traefik/v3/pkg/middlewares/inflightreq" "github.com/traefik/traefik/v3/pkg/middlewares/ipallowlist" @@ -395,6 +396,15 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) ( } } + if config.RequestRedirect != nil { + if middleware != nil { + return nil, badConf + } + middleware = func(next http.Handler) (http.Handler, error) { + return gapiredirect.NewRequestRedirect(ctx, next, *config.RequestRedirect, middlewareName) + } + } + if middleware == nil { return nil, fmt.Errorf("invalid middleware %q configuration: invalid middleware type or middleware does not exist", middlewareName) } From 359477c5834acf4ceef144400a615cc3a6d2a666 Mon Sep 17 00:00:00 2001 From: Anas <52339355+0anas01@users.noreply.github.com> Date: Thu, 6 Jun 2024 18:52:04 +0530 Subject: [PATCH 18/31] Update v2 > v3 migration guide --- docs/content/migration/v2-to-v3-details.md | 723 +++++++++++++++++++ docs/content/migration/v2-to-v3.md | 771 ++------------------- docs/mkdocs.yml | 4 +- 3 files changed, 782 insertions(+), 716 deletions(-) create mode 100644 docs/content/migration/v2-to-v3-details.md diff --git a/docs/content/migration/v2-to-v3-details.md b/docs/content/migration/v2-to-v3-details.md new file mode 100644 index 000000000..57d221913 --- /dev/null +++ b/docs/content/migration/v2-to-v3-details.md @@ -0,0 +1,723 @@ +--- +title: "Traefik V3 Migration Details" +description: "Configuration changes and their details to successfully migrate from Traefik v2 to v3." +--- + +# Configuration Details for Migrating from Traefik v2 to v3 + +## Static Configuration Changes + +### SwarmMode + +In v3, the provider Docker has been split into 2 providers: + +- Docker provider (without Swarm support) +- Swarm provider (Swarm support only) + +??? example "An example usage of v2 Docker provider with Swarm" + + ```yaml tab="File (YAML)" + providers: + docker: + swarmMode: true + ``` + + ```toml tab="File (TOML)" + [providers.docker] + swarmMode=true + ``` + + ```bash tab="CLI" + --providers.docker.swarmMode=true + ``` + +This configuration is now unsupported and would prevent Traefik to start. + +#### Remediation + +In v3, the `swarmMode` should not be used with the Docker provider, and, to use Swarm, the Swarm provider should be used instead. + +??? example "An example usage of the Swarm provider" + + ```yaml tab="File (YAML)" + providers: + swarm: + endpoint: "tcp://127.0.0.1:2377" + ``` + + ```toml tab="File (TOML)" + [providers.swarm] + endpoint="tcp://127.0.0.1:2377" + ``` + + ```bash tab="CLI" + --providers.swarm.endpoint=tcp://127.0.0.1:2377 + ``` + +#### TLS.CAOptional + +Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). + +??? example "An example usage of the TLS.CAOptional option" + + ```yaml tab="File (YAML)" + providers: + docker: + tls: + caOptional: true + ``` + + ```toml tab="File (TOML)" + [providers.docker.tls] + caOptional=true + ``` + + ```bash tab="CLI" + --providers.docker.tls.caOptional=true + ``` + +##### Remediation + +The `tls.caOptional` option should be removed from the Docker provider static configuration. + +### Kubernetes Gateway API + +#### Experimental Channel Resources (TLSRoute and TCPRoute) + +In v3, the Kubernetes Gateway API provider does not enable support for the experimental channel API resources by default. + +##### Remediation + +The `experimentalChannel` option should be used to enable the support for the experimental channel API resources. + +??? example "An example usage of the Kubernetes Gateway API provider with experimental channel support enabled" + + ```yaml tab="File (YAML)" + providers: + kubernetesGateway: + experimentalChannel: true + ``` + + ```toml tab="File (TOML)" + [providers.kubernetesGateway] + experimentalChannel = true + # ... + ``` + + ```bash tab="CLI" + --providers.kubernetesgateway.experimentalchannel=true + ``` + +### Experimental Configuration + +#### HTTP3 + +In v3, HTTP/3 is no longer an experimental feature. +It can be enabled on entry points without the associated `experimental.http3` option, which is now removed. +It is now unsupported and would prevent Traefik to start. + +??? example "An example usage of v2 Experimental `http3` option" + + ```yaml tab="File (YAML)" + experimental: + http3: true + ``` + + ```toml tab="File (TOML)" + [experimental] + http3=true + ``` + + ```bash tab="CLI" + --experimental.http3=true + ``` + +##### Remediation + +The `http3` option should be removed from the static configuration experimental section. +To configure `http3`, please checkout the [entrypoint configuration documentation](https://doc.traefik.io/traefik/v3.0/routing/entrypoints/#http3_1). + +### Consul provider + +#### namespace + +The Consul provider `namespace` option was deprecated in v2 and is now removed in v3. +It is now unsupported and would prevent Traefik to start. + +??? example "An example usage of v2 Consul `namespace` option" + + ```yaml tab="File (YAML)" + consul: + namespace: foobar + ``` + + ```toml tab="File (TOML)" + [consul] + namespace=foobar + ``` + + ```bash tab="CLI" + --consul.namespace=foobar + ``` + +##### Remediation + +In v3, the `namespaces` option should be used instead of the `namespace` option. + +??? example "An example usage of Consul `namespaces` option" + + ```yaml tab="File (YAML)" + consul: + namespaces: + - foobar + ``` + + ```toml tab="File (TOML)" + [consul] + namespaces=["foobar"] + ``` + + ```bash tab="CLI" + --consul.namespaces=foobar + ``` + +#### TLS.CAOptional + +Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). + +??? example "An example usage of the TLS.CAOptional option" + + ```yaml tab="File (YAML)" + providers: + consul: + tls: + caOptional: true + ``` + + ```toml tab="File (TOML)" + [providers.consul.tls] + caOptional=true + ``` + + ```bash tab="CLI" + --providers.consul.tls.caOptional=true + ``` + +##### Remediation + +The `tls.caOptional` option should be removed from the Consul provider static configuration. + +### ConsulCatalog provider + +#### namespace + +The ConsulCatalog provider `namespace` option was deprecated in v2 and is now removed in v3. +It is now unsupported and would prevent Traefik to start. + +??? example "An example usage of v2 ConsulCatalog `namespace` option" + + ```yaml tab="File (YAML)" + consulCatalog: + namespace: foobar + ``` + + ```toml tab="File (TOML)" + [consulCatalog] + namespace=foobar + ``` + + ```bash tab="CLI" + --consulCatalog.namespace=foobar + ``` + +##### Remediation + +In v3, the `namespaces` option should be used instead of the `namespace` option. + +??? example "An example usage of ConsulCatalog `namespaces` option" + + ```yaml tab="File (YAML)" + consulCatalog: + namespaces: + - foobar + ``` + + ```toml tab="File (TOML)" + [consulCatalog] + namespaces=["foobar"] + ``` + + ```bash tab="CLI" + --consulCatalog.namespaces=foobar + ``` + +#### Endpoint.TLS.CAOptional + +ConsulCatalog provider `endpoint.tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). + +??? example "An example usage of the Endpoint.TLS.CAOptional option" + + ```yaml tab="File (YAML)" + providers: + consulCatalog: + endpoint: + tls: + caOptional: true + ``` + + ```toml tab="File (TOML)" + [providers.consulCatalog.endpoint.tls] + caOptional=true + ``` + + ```bash tab="CLI" + --providers.consulCatalog.endpoint.tls.caOptional=true + ``` + +##### Remediation + +The `endpoint.tls.caOptional` option should be removed from the ConsulCatalog provider static configuration. + +### Nomad provider + +#### namespace + +The Nomad provider `namespace` option was deprecated in v2 and is now removed in v3. +It is now unsupported and would prevent Traefik to start. + +??? example "An example usage of v2 Nomad `namespace` option" + + ```yaml tab="File (YAML)" + nomad: + namespace: foobar + ``` + + ```toml tab="File (TOML)" + [nomad] + namespace=foobar + ``` + + ```bash tab="CLI" + --nomad.namespace=foobar + ``` + +##### Remediation + +In v3, the `namespaces` option should be used instead of the `namespace` option. + +??? example "An example usage of Nomad `namespaces` option" + + ```yaml tab="File (YAML)" + nomad: + namespaces: + - foobar + ``` + + ```toml tab="File (TOML)" + [nomad] + namespaces=["foobar"] + ``` + + ```bash tab="CLI" + --nomad.namespaces=foobar + ``` + +#### Endpoint.TLS.CAOptional + +Nomad provider `endpoint.tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). + +??? example "An example usage of the Endpoint.TLS.CAOptional option" + + ```yaml tab="File (YAML)" + providers: + nomad: + endpoint: + tls: + caOptional: true + ``` + + ```toml tab="File (TOML)" + [providers.nomad.endpoint.tls] + caOptional=true + ``` + + ```bash tab="CLI" + --providers.nomad.endpoint.tls.caOptional=true + ``` + +##### Remediation + +The `endpoint.tls.caOptional` option should be removed from the Nomad provider static configuration. + +### Rancher v1 Provider + +In v3, the Rancher v1 provider has been removed because Rancher v1 is [no longer actively maintained](https://rancher.com/docs/os/v1.x/en/support/), +and Rancher v2 is supported as a standard Kubernetes provider. + +??? example "An example of Traefik v2 Rancher v1 configuration" + + ```yaml tab="File (YAML)" + providers: + rancher: {} + ``` + + ```toml tab="File (TOML)" + [providers.rancher] + ``` + + ```bash tab="CLI" + --providers.rancher=true + ``` + +This configuration is now unsupported and would prevent Traefik to start. + +#### Remediation + +Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query. +As such, Rancher 2.x users should utilize the [Kubernetes CRD provider](../providers/kubernetes-crd.md) directly. + +Also, all Rancher provider related configuration should be removed from the static configuration. + +### Marathon provider + +Marathon maintenance [ended on October 31, 2021](https://github.com/mesosphere/marathon/blob/master/README.md). +In v3, the Marathon provider has been removed. + +??? example "An example of v2 Marathon provider configuration" + + ```yaml tab="File (YAML)" + providers: + marathon: {} + ``` + + ```toml tab="File (TOML)" + [providers.marathon] + ``` + + ```bash tab="CLI" + --providers.marathon=true + ``` + +This configuration is now unsupported and would prevent Traefik to start. + +#### Remediation + +All Marathon provider related configuration should be removed from the static configuration. + +### HTTP Provider + +#### TLS.CAOptional + +HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). + +??? example "An example usage of the TLS.CAOptional option" + + ```yaml tab="File (YAML)" + providers: + http: + tls: + caOptional: true + ``` + + ```toml tab="File (TOML)" + [providers.http.tls] + caOptional=true + ``` + + ```bash tab="CLI" + --providers.http.tls.caOptional=true + ``` + +##### Remediation + +The `tls.caOptional` option should be removed from the HTTP provider static configuration. + +### ETCD Provider + +#### TLS.CAOptional + +ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). + +??? example "An example usage of the TLS.CAOptional option" + + ```yaml tab="File (YAML)" + providers: + etcd: + tls: + caOptional: true + ``` + + ```toml tab="File (TOML)" + [providers.etcd.tls] + caOptional=true + ``` + + ```bash tab="CLI" + --providers.etcd.tls.caOptional=true + ``` + +##### Remediation + +The `tls.caOptional` option should be removed from the ETCD provider static configuration. + +### Redis Provider + +#### TLS.CAOptional + +Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). + +??? example "An example usage of the TLS.CAOptional option" + + ```yaml tab="File (YAML)" + providers: + redis: + tls: + caOptional: true + ``` + + ```toml tab="File (TOML)" + [providers.redis.tls] + caOptional=true + ``` + + ```bash tab="CLI" + --providers.redis.tls.caOptional=true + ``` + +##### Remediation + +The `tls.caOptional` option should be removed from the Redis provider static configuration. + +### InfluxDB v1 + +InfluxDB v1.x maintenance [ended in 2021](https://www.influxdata.com/blog/influxdb-oss-and-enterprise-roadmap-update-from-influxdays-emea/). +In v3, the InfluxDB v1 metrics provider has been removed. + +??? example "An example of Traefik v2 InfluxDB v1 metrics configuration" + + ```yaml tab="File (YAML)" + metrics: + influxDB: {} + ``` + + ```toml tab="File (TOML)" + [metrics.influxDB] + ``` + + ```bash tab="CLI" + --metrics.influxDB=true + ``` + +This configuration is now unsupported and would prevent Traefik to start. + +#### Remediation + +All InfluxDB v1 metrics provider related configuration should be removed from the static configuration. + +### Pilot + +Traefik Pilot is no longer available since October 4th, 2022. + +??? example "An example of v2 Pilot configuration" + + ```yaml tab="File (YAML)" + pilot: + token: foobar + ``` + + ```toml tab="File (TOML)" + [pilot] + token=foobar + ``` + + ```bash tab="CLI" + --pilot.token=foobar + ``` + +In v2, Pilot configuration was deprecated and ineffective, +it is now unsupported and would prevent Traefik to start. + +#### Remediation + +All Pilot related configuration should be removed from the static configuration. + +## Operations Changes + +### Traefik RBAC Update + +In v3, the support of `TCPServersTransport` has been introduced. +When using the KubernetesCRD provider, it is therefore necessary to update [RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-crd.md) manifests. + +### Content-Type Auto-Detection + +In v3, the `Content-Type` header is not auto-detected anymore when it is not set by the backend. +One should use the `ContentType` middleware to enable the `Content-Type` header value auto-detection. + +### Observability + +#### gRPC Metrics + +In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header. + +#### Tracing + +In v3, the tracing feature has been revamped and is now powered exclusively by [OpenTelemetry](https://opentelemetry.io/ "Link to website of OTel") (OTel). +!!! warning "Important" + Traefik v3 **no** longer supports direct output formats for specific vendors such as Instana, Jaeger, Zipkin, Haystack, Datadog, and Elastic. + Instead, it focuses on pure OpenTelemetry implementation, providing a unified and standardized approach for observability. + +Here are two possible transition strategies: + +1. OTLP Ingestion Endpoints: + + Most vendors now offer OpenTelemetry Protocol (OTLP) ingestion endpoints. + You can seamlessly integrate Traefik v3 with these endpoints to continue leveraging tracing capabilities. + +2. Legacy Stack Compatibility: + + For legacy stacks that cannot immediately upgrade to the latest vendor agents supporting OTLP ingestion, + using OpenTelemetry (OTel) collectors with appropriate exporters configuration is a viable solution. + This allows continued compatibility with the existing infrastructure. + +Please check the [OpenTelemetry Tracing provider documention](../observability/tracing/opentelemetry.md) for more information. + +#### Internal Resources Observability + +In v3, observability for internal routers or services (e.g.: `ping@internal`) is disabled by default. +To enable it one should use the new `addInternals` option for AccessLogs, Metrics or Tracing. +Please take a look at the observability documentation for more information: + +- [AccessLogs](../observability/access-logs.md#addinternals) +- [Metrics](../observability/metrics/overview.md#addinternals) +- [Tracing](../observability/tracing/overview.md#addinternals) + +## Dynamic Configuration Changes + +### Router Rule Matchers + +In v3, a new rule matchers syntax has been introduced for HTTP and TCP routers. +The default rule matchers syntax is now the v3 one, but for backward compatibility this can be configured. +The v2 rule matchers syntax is deprecated and its support will be removed in the next major version. +For this reason, we encourage migrating to the new syntax. + +By default, the `defaultRuleSyntax` static option is automatically set to `v3`, meaning that the default rule is the new one. + +#### New V3 Syntax Notable Changes + +The `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively. + +`PathPrefix` no longer uses regular expressions to match path prefixes. + +`QueryRegexp` has been introduced to match query values using a regular expression. + +`HeaderRegexp`, `HostRegexp`, `PathRegexp`, `QueryRegexp`, and `HostSNIRegexp` matchers now uses the [Go regexp syntax](https://golang.org/pkg/regexp/syntax/). + +All matchers now take a single value (except `Header`, `HeaderRegexp`, `Query`, and `QueryRegexp` which take two) +and should be explicitly combined using logical operators to mimic previous behavior. + +`Query` can take a single value to match is the query value that has no value (e.g. `/search?mobile`). + +`HostHeader` has been removed, use `Host` instead. + +#### Remediation + +##### Configure the Default Syntax In Static Configuration + +The default rule matchers syntax is the expected syntax for any router that is not self opt-out from this default value. +It can be configured in the static configuration. + +??? example "An example configuration for the default rule matchers syntax" + + ```yaml tab="File (YAML)" + # static configuration + core: + defaultRuleSyntax: v2 + ``` + + ```toml tab="File (TOML)" + # static configuration + [core] + defaultRuleSyntax="v2" + ``` + + ```bash tab="CLI" + # static configuration + --core.defaultRuleSyntax=v2 + ``` + +##### Configure the Syntax Per Router + +The rule syntax can also be configured on a per-router basis. +This allows to have heterogeneous router configurations and ease migration. + +??? example "An example router with syntax configuration" + +```yaml tab="Docker & Swarm" +labels: + - "traefik.http.routers.test.ruleSyntax=v2" +``` + +```yaml tab="Kubernetes" +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: test.route + namespace: default + +spec: + routes: + - match: PathPrefix(`/foo`, `/bar`) + syntax: v2 + kind: Rule +``` + +```yaml tab="Consul Catalog" +- "traefik.http.routers.test.ruleSyntax=v2" +``` + +```yaml tab="File (YAML)" +http: + routers: + test: + ruleSyntax: v2 +``` + +```toml tab="File (TOML)" +[http.routers] + [http.routers.test] + ruleSyntax = "v2" +``` + +### IPWhiteList + +In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration. + +### Deprecated Options Removal + +- The `tracing.datadog.globaltag` option has been removed. +- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Consul Catalog, and Docker providers. +- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed. +- The `forceSlash` option of the StripPrefix middleware has been removed. +- The `preferServerCipherSuites` option has been removed. + +### TCP LoadBalancer `terminationDelay` option + +The TCP LoadBalancer `terminationDelay` option has been removed. +This option can now be configured directly on the `TCPServersTransport` level, please take a look at this [documentation](../routing/services/index.md#terminationdelay) + +### Kubernetes CRDs API Group `traefik.containo.us` + +In v3, the Kubernetes CRDs API Group `traefik.containo.us` has been removed. +Please use the API Group `traefik.io` instead. + +### Kubernetes Ingress API Group `networking.k8s.io/v1beta1` + +In v3, the Kubernetes Ingress API Group `networking.k8s.io/v1beta1` ([removed since Kubernetes v1.22](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122)) support has been removed. + +Please use the API Group `networking.k8s.io/v1` instead. + +### Traefik CRD API Version `apiextensions.k8s.io/v1beta1` + +In v3, the Traefik CRD API Version `apiextensions.k8s.io/v1beta1` ([removed since Kubernetes v1.22](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#customresourcedefinition-v122)) support has been removed. + +Please use the CRD definition with the API Version `apiextensions.k8s.io/v1` instead. diff --git a/docs/content/migration/v2-to-v3.md b/docs/content/migration/v2-to-v3.md index 6f80b2b15..1c548f7eb 100644 --- a/docs/content/migration/v2-to-v3.md +++ b/docs/content/migration/v2-to-v3.md @@ -8,729 +8,70 @@ description: "Migrate from Traefik Proxy v2 to v3 and update all the necessary c How to Migrate from Traefik v2 to Traefik v3. {: .subtitle } -The version 3 of Traefik introduces a number of breaking changes, -which require one to update their configuration when they migrate from v2 to v3. -The goal of this page is to recapitulate all of these changes, -and in particular to give examples, feature by feature, -of how the configuration looked like in v2, -and how it now looks like in v3. +With Traefik v3, we are introducing a streamlined transition process from v2. Minimal breaking changes have been made to specific options in the [static configuration](./v2-to-v3-details.md#static-configuration-changes "Link to static configuration changes"), and we are ensuring backward compatibility with v2 syntax in the [dynamic configuration](./v2-to-v3-details.md#dynamic-configuration-changes "Link to dynamic configuration changes"). This will offer a gradual path for adopting the v3 syntax, allowing users to progressively migrate their Kubernetes ingress resources, Docker labels, etc., to the new format. -## Static configuration +Here are the steps to progressively migrate from Traefik v2 to v3: -### Docker & Docker Swarm +1. [Prepare configurations and test v3](#step-1-prepare-configurations-and-test-v3) +1. [Migrate production instances to Traefik v3](#step-2-migrate-production-instances-to-traefik-v3) +1. [Progressively migrate dynamic configuration](#step-3-progressively-migrate-dynamic-configuration) -#### SwarmMode +## Step 1: Prepare Configurations and Test v3 -In v3, the provider Docker has been split into 2 providers: +Check the changes in [static configurations](./v2-to-v3-details.md#static-configuration-changes "Link to static configuration changes") and [operations](./v2-to-v3-details.md#operations-changes "Link to operations changes") brought by Traefik v3. +Modify your configurations accordingly. -- Docker provider (without Swarm support) -- Swarm provider (Swarm support only) +Then, add the following snippet to the static configuration: -??? example "An example usage of v2 Docker provider with Swarm" - - ```yaml tab="File (YAML)" - providers: - docker: - swarmMode: true - ``` - - ```toml tab="File (TOML)" - [providers.docker] - swarmMode=true - ``` - - ```bash tab="CLI" - --providers.docker.swarmMode=true - ``` - -This configuration is now unsupported and would prevent Traefik to start. - -##### Remediation - -In v3, the `swarmMode` should not be used with the Docker provider, and, to use Swarm, the Swarm provider should be used instead. - -??? example "An example usage of the Swarm provider" - - ```yaml tab="File (YAML)" - providers: - swarm: - endpoint: "tcp://127.0.0.1:2377" - ``` - - ```toml tab="File (TOML)" - [providers.swarm] - endpoint="tcp://127.0.0.1:2377" - ``` - - ```bash tab="CLI" - --providers.swarm.endpoint=tcp://127.0.0.1:2377 - ``` - -#### TLS.CAOptional - -Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). - -??? example "An example usage of the TLS.CAOptional option" - - ```yaml tab="File (YAML)" - providers: - docker: - tls: - caOptional: true - ``` - - ```toml tab="File (TOML)" - [providers.docker.tls] - caOptional=true - ``` - - ```bash tab="CLI" - --providers.docker.tls.caOptional=true - ``` - -##### Remediation - -The `tls.caOptional` option should be removed from the Docker provider static configuration. - -### Kubernetes Gateway API - -#### Experimental Channel Resources (TLSRoute and TCPRoute) - -In v3, the Kubernetes Gateway API provider does not enable support for the experimental channel API resources by default. - -##### Remediation - -The `experimentalChannel` option should be used to enable the support for the experimental channel API resources. - -??? example "An example usage of the Kubernetes Gateway API provider with experimental channel support enabled" - - ```yaml tab="File (YAML)" - providers: - kubernetesGateway: - experimentalChannel: true - ``` - - ```toml tab="File (TOML)" - [providers.kubernetesGateway] - experimentalChannel = true - # ... - ``` - - ```bash tab="CLI" - --providers.kubernetesgateway.experimentalchannel=true - ``` - -### Experimental Configuration - -#### HTTP3 - -In v3, HTTP/3 is no longer an experimental feature. -It can be enabled on entry points without the associated `experimental.http3` option, which is now removed. -It is now unsupported and would prevent Traefik to start. - -??? example "An example usage of v2 Experimental `http3` option" - - ```yaml tab="File (YAML)" - experimental: - http3: true - ``` - - ```toml tab="File (TOML)" - [experimental] - http3=true - ``` - - ```bash tab="CLI" - --experimental.http3=true - ``` - -##### Remediation - -The `http3` option should be removed from the static configuration experimental section. -To configure `http3`, please checkout the [entrypoint configuration documentation](https://doc.traefik.io/traefik/v3.0/routing/entrypoints/#http3_1). - -### Consul provider - -#### namespace - -The Consul provider `namespace` option was deprecated in v2 and is now removed in v3. -It is now unsupported and would prevent Traefik to start. - -??? example "An example usage of v2 Consul `namespace` option" - - ```yaml tab="File (YAML)" - consul: - namespace: foobar - ``` - - ```toml tab="File (TOML)" - [consul] - namespace=foobar - ``` - - ```bash tab="CLI" - --consul.namespace=foobar - ``` - -##### Remediation - -In v3, the `namespaces` option should be used instead of the `namespace` option. - -??? example "An example usage of Consul `namespaces` option" - - ```yaml tab="File (YAML)" - consul: - namespaces: - - foobar - ``` - - ```toml tab="File (TOML)" - [consul] - namespaces=["foobar"] - ``` - - ```bash tab="CLI" - --consul.namespaces=foobar - ``` - -#### TLS.CAOptional - -Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). - -??? example "An example usage of the TLS.CAOptional option" - - ```yaml tab="File (YAML)" - providers: - consul: - tls: - caOptional: true - ``` - - ```toml tab="File (TOML)" - [providers.consul.tls] - caOptional=true - ``` - - ```bash tab="CLI" - --providers.consul.tls.caOptional=true - ``` - -##### Remediation - -The `tls.caOptional` option should be removed from the Consul provider static configuration. - -### ConsulCatalog provider - -#### namespace - -The ConsulCatalog provider `namespace` option was deprecated in v2 and is now removed in v3. -It is now unsupported and would prevent Traefik to start. - -??? example "An example usage of v2 ConsulCatalog `namespace` option" - - ```yaml tab="File (YAML)" - consulCatalog: - namespace: foobar - ``` - - ```toml tab="File (TOML)" - [consulCatalog] - namespace=foobar - ``` - - ```bash tab="CLI" - --consulCatalog.namespace=foobar - ``` - -##### Remediation - -In v3, the `namespaces` option should be used instead of the `namespace` option. - -??? example "An example usage of ConsulCatalog `namespaces` option" - - ```yaml tab="File (YAML)" - consulCatalog: - namespaces: - - foobar - ``` - - ```toml tab="File (TOML)" - [consulCatalog] - namespaces=["foobar"] - ``` - - ```bash tab="CLI" - --consulCatalog.namespaces=foobar - ``` - -#### Endpoint.TLS.CAOptional - -ConsulCatalog provider `endpoint.tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). - -??? example "An example usage of the Endpoint.TLS.CAOptional option" - - ```yaml tab="File (YAML)" - providers: - consulCatalog: - endpoint: - tls: - caOptional: true - ``` - - ```toml tab="File (TOML)" - [providers.consulCatalog.endpoint.tls] - caOptional=true - ``` - - ```bash tab="CLI" - --providers.consulCatalog.endpoint.tls.caOptional=true - ``` - -##### Remediation - -The `endpoint.tls.caOptional` option should be removed from the ConsulCatalog provider static configuration. - -### Nomad provider - -#### namespace - -The Nomad provider `namespace` option was deprecated in v2 and is now removed in v3. -It is now unsupported and would prevent Traefik to start. - -??? example "An example usage of v2 Nomad `namespace` option" - - ```yaml tab="File (YAML)" - nomad: - namespace: foobar - ``` - - ```toml tab="File (TOML)" - [nomad] - namespace=foobar - ``` - - ```bash tab="CLI" - --nomad.namespace=foobar - ``` - -##### Remediation - -In v3, the `namespaces` option should be used instead of the `namespace` option. - -??? example "An example usage of Nomad `namespaces` option" - - ```yaml tab="File (YAML)" - nomad: - namespaces: - - foobar - ``` - - ```toml tab="File (TOML)" - [nomad] - namespaces=["foobar"] - ``` - - ```bash tab="CLI" - --nomad.namespaces=foobar - ``` - -#### Endpoint.TLS.CAOptional - -Nomad provider `endpoint.tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). - -??? example "An example usage of the Endpoint.TLS.CAOptional option" - - ```yaml tab="File (YAML)" - providers: - nomad: - endpoint: - tls: - caOptional: true - ``` - - ```toml tab="File (TOML)" - [providers.nomad.endpoint.tls] - caOptional=true - ``` - - ```bash tab="CLI" - --providers.nomad.endpoint.tls.caOptional=true - ``` - -##### Remediation - -The `endpoint.tls.caOptional` option should be removed from the Nomad provider static configuration. - -### Rancher v1 Provider - -In v3, the Rancher v1 provider has been removed because Rancher v1 is [no longer actively maintained](https://rancher.com/docs/os/v1.x/en/support/), -and Rancher v2 is supported as a standard Kubernetes provider. - -??? example "An example of Traefik v2 Rancher v1 configuration" - - ```yaml tab="File (YAML)" - providers: - rancher: {} - ``` - - ```toml tab="File (TOML)" - [providers.rancher] - ``` - - ```bash tab="CLI" - --providers.rancher=true - ``` - -This configuration is now unsupported and would prevent Traefik to start. - -#### Remediation - -Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query. -As such, Rancher 2.x users should utilize the [Kubernetes CRD provider](../providers/kubernetes-crd.md) directly. - -Also, all Rancher provider related configuration should be removed from the static configuration. - -### Marathon provider - -Marathon maintenance [ended on October 31, 2021](https://github.com/mesosphere/marathon/blob/master/README.md). -In v3, the Marathon provider has been removed. - -??? example "An example of v2 Marathon provider configuration" - - ```yaml tab="File (YAML)" - providers: - marathon: {} - ``` - - ```toml tab="File (TOML)" - [providers.marathon] - ``` - - ```bash tab="CLI" - --providers.marathon=true - ``` - -This configuration is now unsupported and would prevent Traefik to start. - -#### Remediation - -All Marathon provider related configuration should be removed from the static configuration. - -### HTTP Provider - -#### TLS.CAOptional - -HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). - -??? example "An example usage of the TLS.CAOptional option" - - ```yaml tab="File (YAML)" - providers: - http: - tls: - caOptional: true - ``` - - ```toml tab="File (TOML)" - [providers.http.tls] - caOptional=true - ``` - - ```bash tab="CLI" - --providers.http.tls.caOptional=true - ``` - -##### Remediation - -The `tls.caOptional` option should be removed from the HTTP provider static configuration. - -### ETCD Provider - -#### TLS.CAOptional - -ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). - -??? example "An example usage of the TLS.CAOptional option" - - ```yaml tab="File (YAML)" - providers: - etcd: - tls: - caOptional: true - ``` - - ```toml tab="File (TOML)" - [providers.etcd.tls] - caOptional=true - ``` - - ```bash tab="CLI" - --providers.etcd.tls.caOptional=true - ``` - -##### Remediation - -The `tls.caOptional` option should be removed from the ETCD provider static configuration. - -### Redis Provider - -#### TLS.CAOptional - -Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType). - -??? example "An example usage of the TLS.CAOptional option" - - ```yaml tab="File (YAML)" - providers: - redis: - tls: - caOptional: true - ``` - - ```toml tab="File (TOML)" - [providers.redis.tls] - caOptional=true - ``` - - ```bash tab="CLI" - --providers.redis.tls.caOptional=true - ``` - -##### Remediation - -The `tls.caOptional` option should be removed from the Redis provider static configuration. - -### InfluxDB v1 - -InfluxDB v1.x maintenance [ended in 2021](https://www.influxdata.com/blog/influxdb-oss-and-enterprise-roadmap-update-from-influxdays-emea/). -In v3, the InfluxDB v1 metrics provider has been removed. - -??? example "An example of Traefik v2 InfluxDB v1 metrics configuration" - - ```yaml tab="File (YAML)" - metrics: - influxDB: {} - ``` - - ```toml tab="File (TOML)" - [metrics.influxDB] - ``` - - ```bash tab="CLI" - --metrics.influxDB=true - ``` - -This configuration is now unsupported and would prevent Traefik to start. - -#### Remediation - -All InfluxDB v1 metrics provider related configuration should be removed from the static configuration. - -### Pilot - -Traefik Pilot is no longer available since October 4th, 2022. - -??? example "An example of v2 Pilot configuration" - - ```yaml tab="File (YAML)" - pilot: - token: foobar - ``` - - ```toml tab="File (TOML)" - [pilot] - token=foobar - ``` - - ```bash tab="CLI" - --pilot.token=foobar - ``` - -In v2, Pilot configuration was deprecated and ineffective, -it is now unsupported and would prevent Traefik to start. - -#### Remediation - -All Pilot related configuration should be removed from the static configuration. - -## Dynamic configuration - -### Router Rule Matchers - -In v3, a new rule matchers syntax has been introduced for HTTP and TCP routers. -The default rule matchers syntax is now the v3 one, but for backward compatibility this can be configured. -The v2 rule matchers syntax is deprecated and its support will be removed in the next major version. -For this reason, we encourage migrating to the new syntax. - -By default, the `defaultRuleSyntax` static option is automatically set to `v3`, meaning that the default rule is the new one. - -#### New V3 Syntax Notable Changes - -The `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively. - -`PathPrefix` no longer uses regular expressions to match path prefixes. - -`QueryRegexp` has been introduced to match query values using a regular expression. - -`HeaderRegexp`, `HostRegexp`, `PathRegexp`, `QueryRegexp`, and `HostSNIRegexp` matchers now uses the [Go regexp syntax](https://golang.org/pkg/regexp/syntax/). - -All matchers now take a single value (except `Header`, `HeaderRegexp`, `Query`, and `QueryRegexp` which take two) -and should be explicitly combined using logical operators to mimic previous behavior. - -`Query` can take a single value to match is the query value that has no value (e.g. `/search?mobile`). - -`HostHeader` has been removed, use `Host` instead. - -#### Remediation - -##### Configure the Default Syntax In Static Configuration - -The default rule matchers syntax is the expected syntax for any router that is not self opt-out from this default value. -It can be configured in the static configuration. - -??? example "An example configuration for the default rule matchers syntax" - - ```yaml tab="File (YAML)" - # static configuration - core: - defaultRuleSyntax: v2 - ``` - - ```toml tab="File (TOML)" - # static configuration - [core] - defaultRuleSyntax="v2" - ``` - - ```bash tab="CLI" - # static configuration - --core.defaultRuleSyntax=v2 - ``` - -##### Configure the Syntax Per Router - -The rule syntax can also be configured on a per-router basis. -This allows to have heterogeneous router configurations and ease migration. - -??? example "An example router with syntax configuration" - -```yaml tab="Docker & Swarm" -labels: - - "traefik.http.routers.test.ruleSyntax=v2" +```yaml +# static configuration +core: + defaultRuleSyntax: v2 ``` -```yaml tab="Kubernetes" -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: test.route - namespace: default +This snippet in the static configuration makes the [v2 format](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/?ref=traefik.io#configure-the-default-syntax-in-static-configuration "Link to configure default syntax in static config") the default rule matchers syntax. -spec: - routes: - - match: PathPrefix(`/foo`, `/bar`) - syntax: v2 - kind: Rule +Start Traefik v3 with this new configuration to test it. + +If you don’t get any error logs while testing, you are good to go! +Otherwise, follow the remaining migration options highlighted in the logs. + +Once your Traefik test instances are starting and routing to your applications, proceed to the next step. + +## Step 2: Migrate Production Instances to Traefik v3 + +We strongly advise you to follow a progressive migration strategy ([Kubernetes rolling update mechanism](https://kubernetes.io/docs/tutorials/kubernetes-basics/update/update-intro/ "Link to the Kubernetes rolling update documentation"), for example) to migrate your production instances to v3. + +!!! Warning + Ensure you have a [real-time monitoring solution](https://traefik.io/blog/capture-traefik-metrics-for-apps-on-kubernetes-with-prometheus/ "Link to the blog on capturing Traefik metrics with Prometheus") for your ingress traffic to detect issues instantly. + +During the progressive migration, monitor your ingress traffic for any errors. Be prepared to rollback to a working state in case of any issues. + +If you encounter any issues, leverage debug and access logs provided by Traefik to understand what went wrong and how to fix it. + +Once every Traefik instance is updated, you will be on Traefik v3! + +## Step 3: Progressively Migrate Dynamic Configuration + +!!! info + This step can be done later in the process, as Traefik v3 is compatible with the v2 format for [dynamic configuration](./v2-to-v3-details.md#dynamic-configuration-changes "Link to dynamic configuration changes"). + Enable Traefik logs to get some help if any deprecated option is in use. + +Check the changes in [dynamic configuration](./v2-to-v3-details.md#dynamic-configuration-changes "Link to dynamic configuration changes"). + +Then, progressively [switch each router to the v3 syntax](./v2-to-v3-details.md#configure-the-syntax-per-router "Link to configuring the syntax per router"). + +Test and update each Ingress resource and ensure that ingress traffic is not impacted. + +Once a v3 Ingress resource migration is validated, deploy the resource and delete the v2 Ingress resource. +Repeat it until all Ingress resources are migrated. + +Now, remove the following snippet added to the static configuration in Step 1: + +```yaml +# static configuration +core: + defaultRuleSyntax: v2 ``` -```yaml tab="Consul Catalog" -- "traefik.http.routers.test.ruleSyntax=v2" -``` - -```yaml tab="File (YAML)" -http: - routers: - test: - ruleSyntax: v2 -``` - -```toml tab="File (TOML)" -[http.routers] - [http.routers.test] - ruleSyntax = "v2" -``` - -### IPWhiteList - -In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration. - -### Deprecated Options Removal - -- The `tracing.datadog.globaltag` option has been removed. -- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Consul Catalog, and Docker providers. -- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed. -- The `forceSlash` option of the StripPrefix middleware has been removed. -- The `preferServerCipherSuites` option has been removed. - -### TCP LoadBalancer `terminationDelay` option - -The TCP LoadBalancer `terminationDelay` option has been removed. -This option can now be configured directly on the `TCPServersTransport` level, please take a look at this [documentation](../routing/services/index.md#terminationdelay) - -### Kubernetes CRDs API Group `traefik.containo.us` - -In v3, the Kubernetes CRDs API Group `traefik.containo.us` has been removed. -Please use the API Group `traefik.io` instead. - -### Kubernetes Ingress API Group `networking.k8s.io/v1beta1` - -In v3, the Kubernetes Ingress API Group `networking.k8s.io/v1beta1` ([removed since Kubernetes v1.22](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122)) support has been removed. - -Please use the API Group `networking.k8s.io/v1` instead. - -### Traefik CRD API Version `apiextensions.k8s.io/v1beta1` - -In v3, the Traefik CRD API Version `apiextensions.k8s.io/v1beta1` ([removed since Kubernetes v1.22](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#customresourcedefinition-v122)) support has been removed. - -Please use the CRD definition with the API Version `apiextensions.k8s.io/v1` instead. - -## Operations - -### Traefik RBAC Update - -In v3, the support of `TCPServersTransport` has been introduced. -When using the KubernetesCRD provider, it is therefore necessary to update [RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-crd.md) manifests. - -### Content-Type Auto-Detection - -In v3, the `Content-Type` header is not auto-detected anymore when it is not set by the backend. -One should use the `ContentType` middleware to enable the `Content-Type` header value auto-detection. - -### Observability - -#### gRPC Metrics - -In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header. - -#### Tracing - -In v3, the tracing feature has been revamped and is now powered exclusively by [OpenTelemetry](https://opentelemetry.io/ "Link to website of OTel") (OTel). -!!! warning "Important" - - Traefik v3 **no** longer supports direct output formats for specific vendors such as Instana, Jaeger, Zipkin, Haystack, Datadog, and Elastic. -Instead, it focuses on pure OpenTelemetry implementation, providing a unified and standardized approach for observability. - -Here are two possible transition strategies: - -1. OTLP Ingestion Endpoints: - - Most vendors now offer OpenTelemetry Protocol (OTLP) ingestion endpoints. - You can seamlessly integrate Traefik v3 with these endpoints to continue leveraging tracing capabilities. - -2. Legacy Stack Compatibility: - - For legacy stacks that cannot immediately upgrade to the latest vendor agents supporting OTLP ingestion, - using OpenTelemetry (OTel) collectors with appropriate exporters configuration is a viable solution. - This allows continued compatibility with the existing infrastructure. - -Please check the [OpenTelemetry Tracing provider documention](../observability/tracing/opentelemetry.md) for more information. - -#### Internal Resources Observability - -In v3, observability for internal routers or services (e.g.: `ping@internal`) is disabled by default. -To enable it one should use the new `addInternals` option for AccessLogs, Metrics or Tracing. -Please take a look at the observability documentation for more information: - -- [AccessLogs](../observability/access-logs.md#addinternals) -- [Metrics](../observability/metrics/overview.md#addinternals) -- [Tracing](../observability/tracing/overview.md#addinternals) +You are now fully migrated to Traefik v3 🎉 diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index bbb3751ae..5cac2369f 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -172,7 +172,9 @@ nav: - 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md' - 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md' - 'Migration': - - 'Traefik v2 to v3': 'migration/v2-to-v3.md' + - 'Traefik v2 to v3': + - 'Migration guide': 'migration/v2-to-v3.md' + - 'Configuration changes for v3': 'migration/v2-to-v3-details.md' - 'Traefik v2 minor migrations': 'migration/v2.md' - 'Traefik v1 to v2': 'migration/v1-to-v2.md' - 'Contributing': From cdf0c8b3ecc1dbc4ab343ac9ee261b39fcb8a8bc Mon Sep 17 00:00:00 2001 From: Henrik Norlin Date: Thu, 6 Jun 2024 15:46:03 +0200 Subject: [PATCH 19/31] Add user guides link to getting started --- docs/content/getting-started/quick-start.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/getting-started/quick-start.md b/docs/content/getting-started/quick-start.md index 6ebb1b065..cdae1c45c 100644 --- a/docs/content/getting-started/quick-start.md +++ b/docs/content/getting-started/quick-start.md @@ -119,6 +119,6 @@ IP: 172.27.0.4 !!! question "Where to Go Next?" - Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/) and let Traefik work for you! + Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the user guides](../../user-guides/docker-compose/basic-example/ "Link to the user guides") and [the documentation](/ "Link to the docs landing page") and let Traefik work for you! {!traefik-for-business-applications.md!} From 778dc22e14323abc6c547a7b0bdbb1b6260f3079 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Thu, 6 Jun 2024 16:42:04 +0200 Subject: [PATCH 20/31] Support Accept-Encoding header weights with Compress middleware --- docs/content/middlewares/http/compress.md | 41 +++++ .../dynamic-configuration/docker-labels.yml | 1 + .../reference/dynamic-configuration/file.toml | 1 + .../reference/dynamic-configuration/file.yaml | 1 + .../kubernetes-crd-definition-v1.yml | 5 + .../reference/dynamic-configuration/kv-ref.md | 1 + .../traefik.io_middlewares.yaml | 5 + integration/fixtures/k8s/01-traefik-crd.yml | 5 + pkg/config/dynamic/middlewares.go | 2 + pkg/middlewares/compress/acceptencoding.go | 137 +++++++++++++++++ .../compress/acceptencoding_test.go | 143 ++++++++++++++++++ pkg/middlewares/compress/compress.go | 69 ++++----- pkg/middlewares/compress/compress_test.go | 53 +++---- 13 files changed, 398 insertions(+), 66 deletions(-) create mode 100644 pkg/middlewares/compress/acceptencoding.go create mode 100644 pkg/middlewares/compress/acceptencoding_test.go diff --git a/docs/content/middlewares/http/compress.md b/docs/content/middlewares/http/compress.md index e98954660..d3f2e1085 100644 --- a/docs/content/middlewares/http/compress.md +++ b/docs/content/middlewares/http/compress.md @@ -214,3 +214,44 @@ http: [http.middlewares.test-compress.compress] minResponseBodyBytes = 1200 ``` + +### `defaultEncoding` + +_Optional, Default=""_ + +`defaultEncoding` specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`). + +There is no fallback on the `defaultEncoding` when the header value is empty or unsupported. + +```yaml tab="Docker & Swarm" +labels: + - "traefik.http.middlewares.test-compress.compress.defaultEncoding=gzip" +``` + +```yaml tab="Kubernetes" +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: test-compress +spec: + compress: + defaultEncoding: gzip +``` + +```yaml tab="Consul Catalog" +- "traefik.http.middlewares.test-compress.compress.defaultEncoding=gzip" +``` + +```yaml tab="File (YAML)" +http: + middlewares: + test-compress: + compress: + defaultEncoding: gzip +``` + +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-compress.compress] + defaultEncoding = "gzip" +``` diff --git a/docs/content/reference/dynamic-configuration/docker-labels.yml b/docs/content/reference/dynamic-configuration/docker-labels.yml index 5c21cab3d..319988894 100644 --- a/docs/content/reference/dynamic-configuration/docker-labels.yml +++ b/docs/content/reference/dynamic-configuration/docker-labels.yml @@ -18,6 +18,7 @@ - "traefik.http.middlewares.middleware05.circuitbreaker.recoveryduration=42s" - "traefik.http.middlewares.middleware05.circuitbreaker.responsecode=42" - "traefik.http.middlewares.middleware06.compress=true" +- "traefik.http.middlewares.middleware06.compress.defaultencoding=foobar" - "traefik.http.middlewares.middleware06.compress.excludedcontenttypes=foobar, foobar" - "traefik.http.middlewares.middleware06.compress.includedcontenttypes=foobar, foobar" - "traefik.http.middlewares.middleware06.compress.minresponsebodybytes=42" diff --git a/docs/content/reference/dynamic-configuration/file.toml b/docs/content/reference/dynamic-configuration/file.toml index d3cf0eaf2..a42f9ba17 100644 --- a/docs/content/reference/dynamic-configuration/file.toml +++ b/docs/content/reference/dynamic-configuration/file.toml @@ -143,6 +143,7 @@ excludedContentTypes = ["foobar", "foobar"] includedContentTypes = ["foobar", "foobar"] minResponseBodyBytes = 42 + defaultEncoding = "foobar" [http.middlewares.Middleware07] [http.middlewares.Middleware07.contentType] autoDetect = true diff --git a/docs/content/reference/dynamic-configuration/file.yaml b/docs/content/reference/dynamic-configuration/file.yaml index fdba1c332..6f675e626 100644 --- a/docs/content/reference/dynamic-configuration/file.yaml +++ b/docs/content/reference/dynamic-configuration/file.yaml @@ -152,6 +152,7 @@ http: - foobar - foobar minResponseBodyBytes: 42 + defaultEncoding: foobar Middleware07: contentType: autoDetect: true diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index a7bd8b184..0e42074f9 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -825,6 +825,11 @@ spec: This middleware compresses responses before sending them to the client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ properties: + defaultEncoding: + description: DefaultEncoding specifies the default encoding if + the `Accept-Encoding` header is not in the request or contains + a wildcard (`*`). + type: string excludedContentTypes: description: |- ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. diff --git a/docs/content/reference/dynamic-configuration/kv-ref.md b/docs/content/reference/dynamic-configuration/kv-ref.md index 254801508..cd425b710 100644 --- a/docs/content/reference/dynamic-configuration/kv-ref.md +++ b/docs/content/reference/dynamic-configuration/kv-ref.md @@ -21,6 +21,7 @@ THIS FILE MUST NOT BE EDITED BY HAND | `traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration` | `42s` | | `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` | | `traefik/http/middlewares/Middleware05/circuitBreaker/responseCode` | `42` | +| `traefik/http/middlewares/Middleware06/compress/defaultEncoding` | `foobar` | | `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` | | `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` | | `traefik/http/middlewares/Middleware06/compress/includedContentTypes/0` | `foobar` | diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml index 281e70369..a096d770d 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml @@ -183,6 +183,11 @@ spec: This middleware compresses responses before sending them to the client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ properties: + defaultEncoding: + description: DefaultEncoding specifies the default encoding if + the `Accept-Encoding` header is not in the request or contains + a wildcard (`*`). + type: string excludedContentTypes: description: |- ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index a7bd8b184..0e42074f9 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -825,6 +825,11 @@ spec: This middleware compresses responses before sending them to the client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ properties: + defaultEncoding: + description: DefaultEncoding specifies the default encoding if + the `Accept-Encoding` header is not in the request or contains + a wildcard (`*`). + type: string excludedContentTypes: description: |- ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index 59c91814b..0a6f63ba0 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -174,6 +174,8 @@ type Compress struct { // MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. // Default: 1024. MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"` + // DefaultEncoding specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`). + DefaultEncoding string `json:"defaultEncoding,omitempty" toml:"defaultEncoding,omitempty" yaml:"defaultEncoding,omitempty" export:"true"` } // +k8s:deepcopy-gen=true diff --git a/pkg/middlewares/compress/acceptencoding.go b/pkg/middlewares/compress/acceptencoding.go new file mode 100644 index 000000000..084a8f263 --- /dev/null +++ b/pkg/middlewares/compress/acceptencoding.go @@ -0,0 +1,137 @@ +package compress + +import ( + "slices" + "strconv" + "strings" +) + +const acceptEncodingHeader = "Accept-Encoding" + +const ( + brotliName = "br" + gzipName = "gzip" + identityName = "identity" + wildcardName = "*" + notAcceptable = "not_acceptable" +) + +type Encoding struct { + Type string + Weight *float64 +} + +func getCompressionType(acceptEncoding []string, defaultType string) string { + if defaultType == "" { + // Keeps the pre-existing default inside Traefik. + defaultType = brotliName + } + + encodings, hasWeight := parseAcceptEncoding(acceptEncoding) + + if hasWeight { + if len(encodings) == 0 { + return identityName + } + + encoding := encodings[0] + + if encoding.Type == identityName && encoding.Weight != nil && *encoding.Weight == 0 { + return notAcceptable + } + + if encoding.Type == wildcardName && encoding.Weight != nil && *encoding.Weight == 0 { + return notAcceptable + } + + if encoding.Type == wildcardName { + return defaultType + } + + return encoding.Type + } + + for _, dt := range []string{brotliName, gzipName} { + if slices.ContainsFunc(encodings, func(e Encoding) bool { return e.Type == dt }) { + return dt + } + } + + if slices.ContainsFunc(encodings, func(e Encoding) bool { return e.Type == wildcardName }) { + return defaultType + } + + return identityName +} + +func parseAcceptEncoding(acceptEncoding []string) ([]Encoding, bool) { + var encodings []Encoding + var hasWeight bool + + for _, line := range acceptEncoding { + for _, item := range strings.Split(strings.ReplaceAll(line, " ", ""), ",") { + parsed := strings.SplitN(item, ";", 2) + if len(parsed) == 0 { + continue + } + + switch parsed[0] { + case brotliName, gzipName, identityName, wildcardName: + // supported encoding + default: + continue + } + + var weight *float64 + if len(parsed) > 1 && strings.HasPrefix(parsed[1], "q=") { + w, _ := strconv.ParseFloat(strings.TrimPrefix(parsed[1], "q="), 64) + + weight = &w + hasWeight = true + } + + encodings = append(encodings, Encoding{ + Type: parsed[0], + Weight: weight, + }) + } + } + + slices.SortFunc(encodings, compareEncoding) + + return encodings, hasWeight +} + +func compareEncoding(a, b Encoding) int { + lhs, rhs := a.Weight, b.Weight + + if lhs == nil && rhs == nil { + return 0 + } + + if lhs == nil && *rhs == 0 { + return -1 + } + + if lhs == nil { + return 1 + } + + if rhs == nil && *lhs == 0 { + return 1 + } + + if rhs == nil { + return -1 + } + + if *lhs < *rhs { + return 1 + } + + if *lhs > *rhs { + return -1 + } + + return 0 +} diff --git a/pkg/middlewares/compress/acceptencoding_test.go b/pkg/middlewares/compress/acceptencoding_test.go new file mode 100644 index 000000000..858e6795e --- /dev/null +++ b/pkg/middlewares/compress/acceptencoding_test.go @@ -0,0 +1,143 @@ +package compress + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_getCompressionType(t *testing.T) { + testCases := []struct { + desc string + values []string + defaultType string + expected string + }{ + { + desc: "br > gzip (no weight)", + values: []string{"gzip, br"}, + expected: brotliName, + }, + { + desc: "known compression type (no weight)", + values: []string{"compress, gzip"}, + expected: gzipName, + }, + { + desc: "unknown compression type (no weight), no encoding", + values: []string{"compress, rar"}, + expected: identityName, + }, + { + desc: "wildcard return the default compression type", + values: []string{"*"}, + expected: brotliName, + }, + { + desc: "wildcard return the custom default compression type", + values: []string{"*"}, + defaultType: "foo", + expected: "foo", + }, + { + desc: "follows weight", + values: []string{"br;q=0.8, gzip;q=1.0, *;q=0.1"}, + expected: gzipName, + }, + { + desc: "ignore unknown compression type", + values: []string{"compress;q=1.0, gzip;q=0.5"}, + expected: gzipName, + }, + { + desc: "not acceptable (identity)", + values: []string{"compress;q=1.0, identity;q=0"}, + expected: notAcceptable, + }, + { + desc: "not acceptable (wildcard)", + values: []string{"compress;q=1.0, *;q=0"}, + expected: notAcceptable, + }, + { + desc: "non-zero is higher than 0", + values: []string{"gzip, *;q=0"}, + expected: gzipName, + }, + } + + for _, test := range testCases { + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + encodingType := getCompressionType(test.values, test.defaultType) + + assert.Equal(t, test.expected, encodingType) + }) + } +} + +func Test_parseAcceptEncoding(t *testing.T) { + testCases := []struct { + desc string + values []string + expected []Encoding + assertWeight assert.BoolAssertionFunc + }{ + { + desc: "weight", + values: []string{"br;q=1.0, gzip;q=0.8, *;q=0.1"}, + expected: []Encoding{ + {Type: brotliName, Weight: ptr[float64](1)}, + {Type: gzipName, Weight: ptr(0.8)}, + {Type: wildcardName, Weight: ptr(0.1)}, + }, + assertWeight: assert.True, + }, + { + desc: "mixed", + values: []string{"gzip, br;q=1.0, *;q=0"}, + expected: []Encoding{ + {Type: brotliName, Weight: ptr[float64](1)}, + {Type: gzipName}, + {Type: wildcardName, Weight: ptr[float64](0)}, + }, + assertWeight: assert.True, + }, + { + desc: "no weight", + values: []string{"gzip, br, *"}, + expected: []Encoding{ + {Type: gzipName}, + {Type: brotliName}, + {Type: wildcardName}, + }, + assertWeight: assert.False, + }, + { + desc: "weight and identity", + values: []string{"gzip;q=1.0, identity; q=0.5, *;q=0"}, + expected: []Encoding{ + {Type: gzipName, Weight: ptr[float64](1)}, + {Type: identityName, Weight: ptr(0.5)}, + {Type: wildcardName, Weight: ptr[float64](0)}, + }, + assertWeight: assert.True, + }, + } + + for _, test := range testCases { + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + aes, hasWeight := parseAcceptEncoding(test.values) + + assert.Equal(t, test.expected, aes) + test.assertWeight(t, hasWeight) + }) + } +} + +func ptr[T any](t T) *T { + return &t +} diff --git a/pkg/middlewares/compress/compress.go b/pkg/middlewares/compress/compress.go index bde909978..514fddb2e 100644 --- a/pkg/middlewares/compress/compress.go +++ b/pkg/middlewares/compress/compress.go @@ -7,7 +7,6 @@ import ( "mime" "net/http" "slices" - "strings" "github.com/klauspost/compress/gzhttp" "github.com/traefik/traefik/v3/pkg/config/dynamic" @@ -24,11 +23,12 @@ const DefaultMinSize = 1024 // Compress is a middleware that allows to compress the response. type compress struct { - next http.Handler - name string - excludes []string - includes []string - minSize int + next http.Handler + name string + excludes []string + includes []string + minSize int + defaultEncoding string brotliHandler http.Handler gzipHandler http.Handler @@ -68,11 +68,12 @@ func New(ctx context.Context, next http.Handler, conf dynamic.Compress, name str } c := &compress{ - next: next, - name: name, - excludes: excludes, - includes: includes, - minSize: minSize, + next: next, + name: name, + excludes: excludes, + includes: includes, + minSize: minSize, + defaultEncoding: conf.DefaultEncoding, } var err error @@ -109,25 +110,33 @@ func (c *compress) ServeHTTP(rw http.ResponseWriter, req *http.Request) { return } - // Client doesn't specify a preferred encoding, for compatibility don't encode the request - // See https://github.com/traefik/traefik/issues/9734 - acceptEncoding, ok := req.Header["Accept-Encoding"] + acceptEncoding, ok := req.Header[acceptEncodingHeader] if !ok { + if c.defaultEncoding != "" { + // RFC says: "If no Accept-Encoding header field is in the request, any content coding is considered acceptable by the user agent." + // https://www.rfc-editor.org/rfc/rfc9110#field.accept-encoding + c.chooseHandler(c.defaultEncoding, rw, req) + return + } + + // Client doesn't specify a preferred encoding, for compatibility don't encode the request + // See https://github.com/traefik/traefik/issues/9734 c.next.ServeHTTP(rw, req) return } - if encodingAccepts(acceptEncoding, "br") { + c.chooseHandler(getCompressionType(acceptEncoding, c.defaultEncoding), rw, req) +} + +func (c *compress) chooseHandler(typ string, rw http.ResponseWriter, req *http.Request) { + switch typ { + case brotliName: c.brotliHandler.ServeHTTP(rw, req) - return - } - - if encodingAccepts(acceptEncoding, "gzip") { + case gzipName: c.gzipHandler.ServeHTTP(rw, req) - return + default: + c.next.ServeHTTP(rw, req) } - - c.next.ServeHTTP(rw, req) } func (c *compress) GetTracingInformation() (string, string, trace.SpanKind) { @@ -172,19 +181,3 @@ func (c *compress) newBrotliHandler() (http.Handler, error) { return wrapper(c.next), nil } - -func encodingAccepts(acceptEncoding []string, typ string) bool { - for _, ae := range acceptEncoding { - for _, e := range strings.Split(ae, ",") { - parsed := strings.Split(strings.TrimSpace(e), ";") - if len(parsed) == 0 { - continue - } - if parsed[0] == typ || parsed[0] == "*" { - return true - } - } - } - - return false -} diff --git a/pkg/middlewares/compress/compress_test.go b/pkg/middlewares/compress/compress_test.go index 1ea6afb45..556d9f5fa 100644 --- a/pkg/middlewares/compress/compress_test.go +++ b/pkg/middlewares/compress/compress_test.go @@ -18,12 +18,9 @@ import ( ) const ( - acceptEncodingHeader = "Accept-Encoding" contentEncodingHeader = "Content-Encoding" contentTypeHeader = "Content-Type" varyHeader = "Vary" - gzipValue = "gzip" - brotliValue = "br" ) func TestNegotiation(t *testing.T) { @@ -62,9 +59,9 @@ func TestNegotiation(t *testing.T) { expEncoding: "br", }, { - desc: "multi accept header, prefer br", + desc: "multi accept header, prefer gzip", acceptEncHeader: "gzip;q=1.0, br;q=0.8", - expEncoding: "br", + expEncoding: "gzip", }, { desc: "multi accept header list, prefer br", @@ -98,7 +95,7 @@ func TestNegotiation(t *testing.T) { func TestShouldCompressWhenNoContentEncodingHeader(t *testing.T) { req := testhelpers.MustNewRequest(http.MethodGet, "http://localhost", nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) baseBody := generateBytes(gzhttp.DefaultMinSize) @@ -112,7 +109,7 @@ func TestShouldCompressWhenNoContentEncodingHeader(t *testing.T) { rw := httptest.NewRecorder() handler.ServeHTTP(rw, req) - assert.Equal(t, gzipValue, rw.Header().Get(contentEncodingHeader)) + assert.Equal(t, gzipName, rw.Header().Get(contentEncodingHeader)) assert.Equal(t, acceptEncodingHeader, rw.Header().Get(varyHeader)) gr, err := gzip.NewReader(rw.Body) @@ -125,11 +122,11 @@ func TestShouldCompressWhenNoContentEncodingHeader(t *testing.T) { func TestShouldNotCompressWhenContentEncodingHeader(t *testing.T) { req := testhelpers.MustNewRequest(http.MethodGet, "http://localhost", nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) fakeCompressedBody := generateBytes(gzhttp.DefaultMinSize) next := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - rw.Header().Add(contentEncodingHeader, gzipValue) + rw.Header().Add(contentEncodingHeader, gzipName) rw.Header().Add(varyHeader, acceptEncodingHeader) _, err := rw.Write(fakeCompressedBody) if err != nil { @@ -142,7 +139,7 @@ func TestShouldNotCompressWhenContentEncodingHeader(t *testing.T) { rw := httptest.NewRecorder() handler.ServeHTTP(rw, req) - assert.Equal(t, gzipValue, rw.Header().Get(contentEncodingHeader)) + assert.Equal(t, gzipName, rw.Header().Get(contentEncodingHeader)) assert.Equal(t, acceptEncodingHeader, rw.Header().Get(varyHeader)) assert.EqualValues(t, rw.Body.Bytes(), fakeCompressedBody) @@ -225,7 +222,7 @@ func TestShouldNotCompressWhenEmptyAcceptEncodingHeader(t *testing.T) { func TestShouldNotCompressHeadRequest(t *testing.T) { req := testhelpers.MustNewRequest(http.MethodHead, "http://localhost", nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) fakeBody := generateBytes(gzhttp.DefaultMinSize) next := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { @@ -301,7 +298,7 @@ func TestShouldNotCompressWhenSpecificContentType(t *testing.T) { t.Parallel() req := testhelpers.MustNewRequest(http.MethodGet, "http://localhost", nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) if test.reqContentType != "" { req.Header.Add(contentTypeHeader, test.reqContentType) } @@ -352,7 +349,7 @@ func TestShouldCompressWhenSpecificContentType(t *testing.T) { t.Parallel() req := testhelpers.MustNewRequest(http.MethodGet, "http://localhost", nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) next := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { rw.Header().Set(contentTypeHeader, test.respContentType) @@ -368,7 +365,7 @@ func TestShouldCompressWhenSpecificContentType(t *testing.T) { rw := httptest.NewRecorder() handler.ServeHTTP(rw, req) - assert.Equal(t, gzipValue, rw.Header().Get(contentEncodingHeader)) + assert.Equal(t, gzipName, rw.Header().Get(contentEncodingHeader)) assert.Equal(t, acceptEncodingHeader, rw.Header().Get(varyHeader)) assert.NotEqualValues(t, rw.Body.Bytes(), baseBody) }) @@ -386,7 +383,7 @@ func TestIntegrationShouldNotCompress(t *testing.T) { { name: "when content already compressed", handler: http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - rw.Header().Add(contentEncodingHeader, gzipValue) + rw.Header().Add(contentEncodingHeader, gzipName) rw.Header().Add(varyHeader, acceptEncodingHeader) _, err := rw.Write(fakeCompressedBody) if err != nil { @@ -398,7 +395,7 @@ func TestIntegrationShouldNotCompress(t *testing.T) { { name: "when content already compressed and status code Created", handler: http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - rw.Header().Add(contentEncodingHeader, gzipValue) + rw.Header().Add(contentEncodingHeader, gzipName) rw.Header().Add(varyHeader, acceptEncodingHeader) rw.WriteHeader(http.StatusCreated) _, err := rw.Write(fakeCompressedBody) @@ -419,14 +416,14 @@ func TestIntegrationShouldNotCompress(t *testing.T) { defer ts.Close() req := testhelpers.MustNewRequest(http.MethodGet, ts.URL, nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) resp, err := http.DefaultClient.Do(req) require.NoError(t, err) assert.Equal(t, test.expectedStatusCode, resp.StatusCode) - assert.Equal(t, gzipValue, resp.Header.Get(contentEncodingHeader)) + assert.Equal(t, gzipName, resp.Header.Get(contentEncodingHeader)) assert.Equal(t, acceptEncodingHeader, resp.Header.Get(varyHeader)) body, err := io.ReadAll(resp.Body) @@ -438,7 +435,7 @@ func TestIntegrationShouldNotCompress(t *testing.T) { func TestShouldWriteHeaderWhenFlush(t *testing.T) { next := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - rw.Header().Add(contentEncodingHeader, gzipValue) + rw.Header().Add(contentEncodingHeader, gzipName) rw.Header().Add(varyHeader, acceptEncodingHeader) rw.WriteHeader(http.StatusUnauthorized) rw.(http.Flusher).Flush() @@ -454,14 +451,14 @@ func TestShouldWriteHeaderWhenFlush(t *testing.T) { defer ts.Close() req := testhelpers.MustNewRequest(http.MethodGet, ts.URL, nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) resp, err := http.DefaultClient.Do(req) require.NoError(t, err) assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) - assert.Equal(t, gzipValue, resp.Header.Get(contentEncodingHeader)) + assert.Equal(t, gzipName, resp.Header.Get(contentEncodingHeader)) assert.Equal(t, acceptEncodingHeader, resp.Header.Get(varyHeader)) } @@ -505,14 +502,14 @@ func TestIntegrationShouldCompress(t *testing.T) { defer ts.Close() req := testhelpers.MustNewRequest(http.MethodGet, ts.URL, nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) resp, err := http.DefaultClient.Do(req) require.NoError(t, err) assert.Equal(t, test.expectedStatusCode, resp.StatusCode) - assert.Equal(t, gzipValue, resp.Header.Get(contentEncodingHeader)) + assert.Equal(t, gzipName, resp.Header.Get(contentEncodingHeader)) assert.Equal(t, acceptEncodingHeader, resp.Header.Get(varyHeader)) body, err := io.ReadAll(resp.Body) @@ -547,7 +544,7 @@ func TestMinResponseBodyBytes(t *testing.T) { t.Parallel() req := testhelpers.MustNewRequest(http.MethodGet, "http://localhost", nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) next := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { if _, err := rw.Write(fakeBody); err != nil { @@ -562,7 +559,7 @@ func TestMinResponseBodyBytes(t *testing.T) { handler.ServeHTTP(rw, req) if test.expectedCompression { - assert.Equal(t, gzipValue, rw.Header().Get(contentEncodingHeader)) + assert.Equal(t, gzipName, rw.Header().Get(contentEncodingHeader)) assert.NotEqualValues(t, rw.Body.Bytes(), fakeBody) return } @@ -636,7 +633,7 @@ func Test1xxResponses(t *testing.T) { }, } req, _ := http.NewRequestWithContext(httptrace.WithClientTrace(context.Background(), trace), http.MethodGet, server.URL, nil) - req.Header.Add(acceptEncodingHeader, gzipValue) + req.Header.Add(acceptEncodingHeader, gzipName) res, err := frontendClient.Do(req) assert.NoError(t, err) @@ -648,7 +645,7 @@ func Test1xxResponses(t *testing.T) { } checkLinkHeaders(t, []string{"; rel=preload; as=style", "; rel=preload; as=script", "; rel=preload; as=script"}, res.Header["Link"]) - assert.Equal(t, gzipValue, res.Header.Get(contentEncodingHeader)) + assert.Equal(t, gzipName, res.Header.Get(contentEncodingHeader)) body, _ := io.ReadAll(res.Body) assert.NotEqualValues(t, body, fakeBody) } @@ -730,7 +727,7 @@ func runBenchmark(b *testing.B, req *http.Request, handler http.Handler) { b.Fatalf("Expected 200 but got %d", code) } - assert.Equal(b, gzipValue, res.Header().Get(contentEncodingHeader)) + assert.Equal(b, gzipName, res.Header().Get(contentEncodingHeader)) } func generateBytes(length int) []byte { From b37aaea36d282badab6d34bbd61da79bfc54d88d Mon Sep 17 00:00:00 2001 From: Roman Donchenko Date: Fri, 7 Jun 2024 10:24:04 +0300 Subject: [PATCH 21/31] Headers middleware: support Content-Security-Policy-Report-Only --- docs/content/middlewares/http/headers.md | 4 ++ .../dynamic-configuration/docker-labels.yml | 1 + .../reference/dynamic-configuration/file.toml | 1 + .../reference/dynamic-configuration/file.yaml | 1 + .../kubernetes-crd-definition-v1.yml | 4 ++ .../reference/dynamic-configuration/kv-ref.md | 1 + .../traefik.io_middlewares.yaml | 4 ++ integration/fixtures/k8s/01-traefik-crd.yml | 4 ++ pkg/config/dynamic/fixtures/sample.toml | 1 + pkg/config/dynamic/middlewares.go | 3 + pkg/config/label/label_test.go | 68 ++++++++++--------- pkg/middlewares/headers/secure.go | 37 +++++----- pkg/provider/kv/kv_test.go | 34 +++++----- pkg/redactor/redactor_config_test.go | 1 + .../testdata/anonymized-dynamic-config.json | 1 + .../testdata/secured-dynamic-config.json | 1 + .../components/_commons/PanelMiddlewares.vue | 16 +++++ 17 files changed, 116 insertions(+), 66 deletions(-) diff --git a/docs/content/middlewares/http/headers.md b/docs/content/middlewares/http/headers.md index d0cb63672..afeb6891f 100644 --- a/docs/content/middlewares/http/headers.md +++ b/docs/content/middlewares/http/headers.md @@ -394,6 +394,10 @@ This overrides the `BrowserXssFilter` option. The `contentSecurityPolicy` option allows the `Content-Security-Policy` header value to be set with a custom value. +### `contentSecurityPolicyReportOnly` + +The `contentSecurityPolicyReportOnly` option allows the `Content-Security-Policy-Report-Only` header value to be set with a custom value. + ### `publicKey` The `publicKey` implements HPKP to prevent MITM attacks with forged certificates. diff --git a/docs/content/reference/dynamic-configuration/docker-labels.yml b/docs/content/reference/dynamic-configuration/docker-labels.yml index 319988894..a3e65baa2 100644 --- a/docs/content/reference/dynamic-configuration/docker-labels.yml +++ b/docs/content/reference/dynamic-configuration/docker-labels.yml @@ -55,6 +55,7 @@ - "traefik.http.middlewares.middleware12.headers.allowedhosts=foobar, foobar" - "traefik.http.middlewares.middleware12.headers.browserxssfilter=true" - "traefik.http.middlewares.middleware12.headers.contentsecuritypolicy=foobar" +- "traefik.http.middlewares.middleware12.headers.contentsecuritypolicyreportonly=foobar" - "traefik.http.middlewares.middleware12.headers.contenttypenosniff=true" - "traefik.http.middlewares.middleware12.headers.custombrowserxssvalue=foobar" - "traefik.http.middlewares.middleware12.headers.customframeoptionsvalue=foobar" diff --git a/docs/content/reference/dynamic-configuration/file.toml b/docs/content/reference/dynamic-configuration/file.toml index a42f9ba17..cd0ffde60 100644 --- a/docs/content/reference/dynamic-configuration/file.toml +++ b/docs/content/reference/dynamic-configuration/file.toml @@ -198,6 +198,7 @@ browserXssFilter = true customBrowserXSSValue = "foobar" contentSecurityPolicy = "foobar" + contentSecurityPolicyReportOnly = "foobar" publicKey = "foobar" referrerPolicy = "foobar" permissionsPolicy = "foobar" diff --git a/docs/content/reference/dynamic-configuration/file.yaml b/docs/content/reference/dynamic-configuration/file.yaml index 6f675e626..d0de416ee 100644 --- a/docs/content/reference/dynamic-configuration/file.yaml +++ b/docs/content/reference/dynamic-configuration/file.yaml @@ -242,6 +242,7 @@ http: browserXssFilter: true customBrowserXSSValue: foobar contentSecurityPolicy: foobar + contentSecurityPolicyReportOnly: foobar publicKey: foobar referrerPolicy: foobar permissionsPolicy: foobar diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index fa2baaf1e..761a8f928 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -1309,6 +1309,10 @@ spec: description: ContentSecurityPolicy defines the Content-Security-Policy header value. type: string + contentSecurityPolicyReportOnly: + description: ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only + header value. + type: string contentTypeNosniff: description: ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value. diff --git a/docs/content/reference/dynamic-configuration/kv-ref.md b/docs/content/reference/dynamic-configuration/kv-ref.md index cd425b710..10b9a8d00 100644 --- a/docs/content/reference/dynamic-configuration/kv-ref.md +++ b/docs/content/reference/dynamic-configuration/kv-ref.md @@ -71,6 +71,7 @@ THIS FILE MUST NOT BE EDITED BY HAND | `traefik/http/middlewares/Middleware12/headers/allowedHosts/1` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/browserXssFilter` | `true` | | `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicy` | `foobar` | +| `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicyReportOnly` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/contentTypeNosniff` | `true` | | `traefik/http/middlewares/Middleware12/headers/customBrowserXSSValue` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/customFrameOptionsValue` | `foobar` | diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml index 72b7d69bd..0d005e64d 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml @@ -585,6 +585,10 @@ spec: description: ContentSecurityPolicy defines the Content-Security-Policy header value. type: string + contentSecurityPolicyReportOnly: + description: ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only + header value. + type: string contentTypeNosniff: description: ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value. diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index fa2baaf1e..761a8f928 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -1309,6 +1309,10 @@ spec: description: ContentSecurityPolicy defines the Content-Security-Policy header value. type: string + contentSecurityPolicyReportOnly: + description: ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only + header value. + type: string contentTypeNosniff: description: ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value. diff --git a/pkg/config/dynamic/fixtures/sample.toml b/pkg/config/dynamic/fixtures/sample.toml index f6ab56cf1..c096381aa 100644 --- a/pkg/config/dynamic/fixtures/sample.toml +++ b/pkg/config/dynamic/fixtures/sample.toml @@ -330,6 +330,7 @@ browserXssFilter = true customBrowserXSSValue = "foobar" contentSecurityPolicy = "foobar" + contentSecurityPolicyReportOnly = "foobar" publicKey = "foobar" referrerPolicy = "foobar" isDevelopment = true diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index 568c7f46b..4042ed3eb 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -313,6 +313,8 @@ type Headers struct { CustomBrowserXSSValue string `json:"customBrowserXSSValue,omitempty" toml:"customBrowserXSSValue,omitempty" yaml:"customBrowserXSSValue,omitempty"` // ContentSecurityPolicy defines the Content-Security-Policy header value. ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty" toml:"contentSecurityPolicy,omitempty" yaml:"contentSecurityPolicy,omitempty"` + // ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only header value. + ContentSecurityPolicyReportOnly string `json:"contentSecurityPolicyReportOnly,omitempty" toml:"contentSecurityPolicyReportOnly,omitempty" yaml:"contentSecurityPolicyReportOnly,omitempty"` // PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates. PublicKey string `json:"publicKey,omitempty" toml:"publicKey,omitempty" yaml:"publicKey,omitempty"` // ReferrerPolicy defines the Referrer-Policy header value. @@ -376,6 +378,7 @@ func (h *Headers) HasSecureHeadersDefined() bool { h.BrowserXSSFilter || h.CustomBrowserXSSValue != "" || h.ContentSecurityPolicy != "" || + h.ContentSecurityPolicyReportOnly != "" || h.PublicKey != "" || h.ReferrerPolicy != "" || (h.FeaturePolicy != nil && *h.FeaturePolicy != "") || diff --git a/pkg/config/label/label_test.go b/pkg/config/label/label_test.go index e1c168820..c9989e1e3 100644 --- a/pkg/config/label/label_test.go +++ b/pkg/config/label/label_test.go @@ -63,6 +63,7 @@ func TestDecodeConfiguration(t *testing.T) { "traefik.http.middlewares.Middleware8.headers.addvaryheader": "true", "traefik.http.middlewares.Middleware8.headers.browserxssfilter": "true", "traefik.http.middlewares.Middleware8.headers.contentsecuritypolicy": "foobar", + "traefik.http.middlewares.Middleware8.headers.contentsecuritypolicyreportonly": "foobar", "traefik.http.middlewares.Middleware8.headers.contenttypenosniff": "true", "traefik.http.middlewares.Middleware8.headers.custombrowserxssvalue": "foobar", "traefik.http.middlewares.Middleware8.headers.customframeoptionsvalue": "foobar", @@ -611,22 +612,23 @@ func TestDecodeConfiguration(t *testing.T) { "name0": "foobar", "name1": "foobar", }, - SSLForceHost: Bool(true), - STSSeconds: 42, - STSIncludeSubdomains: true, - STSPreload: true, - ForceSTSHeader: true, - FrameDeny: true, - CustomFrameOptionsValue: "foobar", - ContentTypeNosniff: true, - BrowserXSSFilter: true, - CustomBrowserXSSValue: "foobar", - ContentSecurityPolicy: "foobar", - PublicKey: "foobar", - ReferrerPolicy: "foobar", - FeaturePolicy: String("foobar"), - PermissionsPolicy: "foobar", - IsDevelopment: true, + SSLForceHost: Bool(true), + STSSeconds: 42, + STSIncludeSubdomains: true, + STSPreload: true, + ForceSTSHeader: true, + FrameDeny: true, + CustomFrameOptionsValue: "foobar", + ContentTypeNosniff: true, + BrowserXSSFilter: true, + CustomBrowserXSSValue: "foobar", + ContentSecurityPolicy: "foobar", + ContentSecurityPolicyReportOnly: "foobar", + PublicKey: "foobar", + ReferrerPolicy: "foobar", + FeaturePolicy: String("foobar"), + PermissionsPolicy: "foobar", + IsDevelopment: true, }, }, "Middleware9": { @@ -1134,22 +1136,23 @@ func TestEncodeConfiguration(t *testing.T) { "name0": "foobar", "name1": "foobar", }, - SSLForceHost: Bool(true), - STSSeconds: 42, - STSIncludeSubdomains: true, - STSPreload: true, - ForceSTSHeader: true, - FrameDeny: true, - CustomFrameOptionsValue: "foobar", - ContentTypeNosniff: true, - BrowserXSSFilter: true, - CustomBrowserXSSValue: "foobar", - ContentSecurityPolicy: "foobar", - PublicKey: "foobar", - ReferrerPolicy: "foobar", - FeaturePolicy: String("foobar"), - PermissionsPolicy: "foobar", - IsDevelopment: true, + SSLForceHost: Bool(true), + STSSeconds: 42, + STSIncludeSubdomains: true, + STSPreload: true, + ForceSTSHeader: true, + FrameDeny: true, + CustomFrameOptionsValue: "foobar", + ContentTypeNosniff: true, + BrowserXSSFilter: true, + CustomBrowserXSSValue: "foobar", + ContentSecurityPolicy: "foobar", + ContentSecurityPolicyReportOnly: "foobar", + PublicKey: "foobar", + ReferrerPolicy: "foobar", + FeaturePolicy: String("foobar"), + PermissionsPolicy: "foobar", + IsDevelopment: true, }, }, "Middleware9": { @@ -1299,6 +1302,7 @@ func TestEncodeConfiguration(t *testing.T) { "traefik.HTTP.Middlewares.Middleware8.Headers.AllowedHosts": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware8.Headers.BrowserXSSFilter": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.ContentSecurityPolicy": "foobar", + "traefik.HTTP.Middlewares.Middleware8.Headers.ContentSecurityPolicyReportOnly": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.ContentTypeNosniff": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.CustomBrowserXSSValue": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.CustomFrameOptionsValue": "foobar", diff --git a/pkg/middlewares/headers/secure.go b/pkg/middlewares/headers/secure.go index 1766e6356..9769627d1 100644 --- a/pkg/middlewares/headers/secure.go +++ b/pkg/middlewares/headers/secure.go @@ -17,24 +17,25 @@ type secureHeader struct { // newSecure constructs a new secure instance with supplied options. func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secureHeader { opt := secure.Options{ - BrowserXssFilter: cfg.BrowserXSSFilter, - ContentTypeNosniff: cfg.ContentTypeNosniff, - ForceSTSHeader: cfg.ForceSTSHeader, - FrameDeny: cfg.FrameDeny, - IsDevelopment: cfg.IsDevelopment, - STSIncludeSubdomains: cfg.STSIncludeSubdomains, - STSPreload: cfg.STSPreload, - ContentSecurityPolicy: cfg.ContentSecurityPolicy, - CustomBrowserXssValue: cfg.CustomBrowserXSSValue, - CustomFrameOptionsValue: cfg.CustomFrameOptionsValue, - PublicKey: cfg.PublicKey, - ReferrerPolicy: cfg.ReferrerPolicy, - AllowedHosts: cfg.AllowedHosts, - HostsProxyHeaders: cfg.HostsProxyHeaders, - SSLProxyHeaders: cfg.SSLProxyHeaders, - STSSeconds: cfg.STSSeconds, - PermissionsPolicy: cfg.PermissionsPolicy, - SecureContextKey: contextKey, + BrowserXssFilter: cfg.BrowserXSSFilter, + ContentTypeNosniff: cfg.ContentTypeNosniff, + ForceSTSHeader: cfg.ForceSTSHeader, + FrameDeny: cfg.FrameDeny, + IsDevelopment: cfg.IsDevelopment, + STSIncludeSubdomains: cfg.STSIncludeSubdomains, + STSPreload: cfg.STSPreload, + ContentSecurityPolicy: cfg.ContentSecurityPolicy, + ContentSecurityPolicyReportOnly: cfg.ContentSecurityPolicyReportOnly, + CustomBrowserXssValue: cfg.CustomBrowserXSSValue, + CustomFrameOptionsValue: cfg.CustomFrameOptionsValue, + PublicKey: cfg.PublicKey, + ReferrerPolicy: cfg.ReferrerPolicy, + AllowedHosts: cfg.AllowedHosts, + HostsProxyHeaders: cfg.HostsProxyHeaders, + SSLProxyHeaders: cfg.SSLProxyHeaders, + STSSeconds: cfg.STSSeconds, + PermissionsPolicy: cfg.PermissionsPolicy, + SecureContextKey: contextKey, } return &secureHeader{ diff --git a/pkg/provider/kv/kv_test.go b/pkg/provider/kv/kv_test.go index 438871031..679bb258f 100644 --- a/pkg/provider/kv/kv_test.go +++ b/pkg/provider/kv/kv_test.go @@ -139,6 +139,7 @@ func Test_buildConfiguration(t *testing.T) { "traefik/http/middlewares/Middleware09/headers/accessControlExposeHeaders/0": "foobar", "traefik/http/middlewares/Middleware09/headers/accessControlExposeHeaders/1": "foobar", "traefik/http/middlewares/Middleware09/headers/contentSecurityPolicy": "foobar", + "traefik/http/middlewares/Middleware09/headers/contentSecurityPolicyReportOnly": "foobar", "traefik/http/middlewares/Middleware09/headers/publicKey": "foobar", "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0": "foobar", "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1": "foobar", @@ -601,22 +602,23 @@ func Test_buildConfiguration(t *testing.T) { "name1": "foobar", "name0": "foobar", }, - SSLForceHost: Bool(true), - STSSeconds: 42, - STSIncludeSubdomains: true, - STSPreload: true, - ForceSTSHeader: true, - FrameDeny: true, - CustomFrameOptionsValue: "foobar", - ContentTypeNosniff: true, - BrowserXSSFilter: true, - CustomBrowserXSSValue: "foobar", - ContentSecurityPolicy: "foobar", - PublicKey: "foobar", - ReferrerPolicy: "foobar", - FeaturePolicy: String("foobar"), - PermissionsPolicy: "foobar", - IsDevelopment: true, + SSLForceHost: Bool(true), + STSSeconds: 42, + STSIncludeSubdomains: true, + STSPreload: true, + ForceSTSHeader: true, + FrameDeny: true, + CustomFrameOptionsValue: "foobar", + ContentTypeNosniff: true, + BrowserXSSFilter: true, + CustomBrowserXSSValue: "foobar", + ContentSecurityPolicy: "foobar", + ContentSecurityPolicyReportOnly: "foobar", + PublicKey: "foobar", + ReferrerPolicy: "foobar", + FeaturePolicy: String("foobar"), + PermissionsPolicy: "foobar", + IsDevelopment: true, }, }, "Middleware17": { diff --git a/pkg/redactor/redactor_config_test.go b/pkg/redactor/redactor_config_test.go index ed498721f..ee653b28a 100644 --- a/pkg/redactor/redactor_config_test.go +++ b/pkg/redactor/redactor_config_test.go @@ -214,6 +214,7 @@ func init() { BrowserXSSFilter: true, CustomBrowserXSSValue: "foo", ContentSecurityPolicy: "foo", + ContentSecurityPolicyReportOnly: "foo", PublicKey: "foo", ReferrerPolicy: "foo", PermissionsPolicy: "foo", diff --git a/pkg/redactor/testdata/anonymized-dynamic-config.json b/pkg/redactor/testdata/anonymized-dynamic-config.json index b4afd7aa1..ed3c07c86 100644 --- a/pkg/redactor/testdata/anonymized-dynamic-config.json +++ b/pkg/redactor/testdata/anonymized-dynamic-config.json @@ -170,6 +170,7 @@ "browserXssFilter": true, "customBrowserXSSValue": "xxxx", "contentSecurityPolicy": "xxxx", + "contentSecurityPolicyReportOnly": "xxxx", "publicKey": "xxxx", "referrerPolicy": "foo", "permissionsPolicy": "foo", diff --git a/pkg/redactor/testdata/secured-dynamic-config.json b/pkg/redactor/testdata/secured-dynamic-config.json index 8ff3d0789..75c70ae25 100644 --- a/pkg/redactor/testdata/secured-dynamic-config.json +++ b/pkg/redactor/testdata/secured-dynamic-config.json @@ -173,6 +173,7 @@ "browserXssFilter": true, "customBrowserXSSValue": "foo", "contentSecurityPolicy": "foo", + "contentSecurityPolicyReportOnly": "foo", "publicKey": "foo", "referrerPolicy": "foo", "permissionsPolicy": "foo", diff --git a/webui/src/components/_commons/PanelMiddlewares.vue b/webui/src/components/_commons/PanelMiddlewares.vue index 98eff915a..4921a0b54 100644 --- a/webui/src/components/_commons/PanelMiddlewares.vue +++ b/webui/src/components/_commons/PanelMiddlewares.vue @@ -817,6 +817,22 @@ + + +
+
+
+ Content Security Policy (Report Only) +
+ + {{ exData(middleware).contentSecurityPolicyReportOnly }} + +
+
+
From c23c3e0ed337555cf7f85de136871a6c8534d84b Mon Sep 17 00:00:00 2001 From: Dmitry Romashov Date: Fri, 7 Jun 2024 11:06:05 +0200 Subject: [PATCH 22/31] Run UI tests on the CI --- .github/workflows/test-unit.yaml | 21 +++++++++++++++++++++ Makefile | 9 ++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-unit.yaml b/.github/workflows/test-unit.yaml index 36721ba85..43ea42853 100644 --- a/.github/workflows/test-unit.yaml +++ b/.github/workflows/test-unit.yaml @@ -29,3 +29,24 @@ jobs: - name: Tests run: make test-unit + + test-ui-unit: + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Node.js ${{ env.NODE_VERSION }} + uses: actions/setup-node@v4 + with: + node-version-file: webui/.nvmrc + cache: 'yarn' + cache-dependency-path: webui/yarn.lock + + - name: UI unit tests + run: | + yarn --cwd webui install + yarn --cwd webui test:unit:ci diff --git a/Makefile b/Makefile index 7a810fff8..9204814ab 100644 --- a/Makefile +++ b/Makefile @@ -88,7 +88,7 @@ crossbinary-default: generate generate-webui .PHONY: test #? test: Run the unit and integration tests -test: test-unit test-integration +test: test-ui-unit test-unit test-integration .PHONY: test-unit #? test-unit: Run the unit tests @@ -100,6 +100,13 @@ test-unit: test-integration: binary GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS) +.PHONY: test-ui-unit +#? test-ui-unit: Run the unit tests for the webui +test-ui-unit: + $(MAKE) build-webui-image + docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn --cwd webui install + docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn --cwd webui test:unit:ci + .PHONY: pull-images #? pull-images: Pull all Docker images to avoid timeout during integration tests pull-images: From 5c48e3c96c6f5be65c321e29e7a3063873e73bee Mon Sep 17 00:00:00 2001 From: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com> Date: Fri, 7 Jun 2024 16:56:04 +0200 Subject: [PATCH 23/31] chore(ci): improve webui build and lint --- .github/workflows/build.yaml | 14 +++++++++++++- .github/workflows/experimental.yaml | 11 ++++++++++- webui/Dockerfile | 2 +- webui/package.json | 11 ++++++----- webui/readme.md | 2 +- webui/src/components/_commons/AvatarState.vue | 2 +- webui/src/components/_commons/MainTable.vue | 6 +++--- webui/src/components/_commons/PanelHealthCheck.vue | 2 +- webui/src/components/_commons/PanelMiddlewares.vue | 4 ++-- .../components/_commons/PanelMirroringServices.vue | 2 +- .../src/components/_commons/PanelRouterDetails.vue | 4 ++-- webui/src/components/_commons/PanelServers.vue | 2 +- .../components/_commons/PanelServiceDetails.vue | 2 +- webui/src/components/_commons/PanelTLS.vue | 10 +++++----- .../components/_commons/PanelWeightedServices.vue | 2 +- webui/src/components/_commons/ProviderIcon.vue | 2 +- .../components/_commons/StickyServiceDetails.vue | 2 +- webui/src/components/_commons/ToolBarTable.vue | 5 +++-- webui/src/components/dashboard/PanelChart.vue | 6 +++--- webui/src/components/dashboard/PanelEntry.vue | 8 ++++---- webui/src/components/dashboard/PanelFeature.vue | 5 ++++- webui/src/components/dashboard/PanelProvider.vue | 7 +++++-- webui/src/pages/_commons/MiddlewareDetail.vue | 4 ++-- webui/src/pages/_commons/RouterDetail.vue | 4 ++-- webui/src/pages/_commons/ServiceDetail.vue | 4 ++-- 25 files changed, 76 insertions(+), 47 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ec0c32edb..95e921ebf 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -20,9 +20,21 @@ jobs: with: fetch-depth: 0 + - name: Setup node + uses: actions/setup-node@v4 + with: + node-version-file: webui/.nvmrc + cache: yarn + cache-dependency-path: webui/yarn.lock + - name: Build webui + working-directory: ./webui + run: | + yarn install + yarn build + + - name: Package webui run: | - make clean-webui generate-webui tar czvf webui.tar.gz ./webui/static/ - name: Artifact webui diff --git a/.github/workflows/experimental.yaml b/.github/workflows/experimental.yaml index b20d31124..fa91bfda5 100644 --- a/.github/workflows/experimental.yaml +++ b/.github/workflows/experimental.yaml @@ -25,9 +25,18 @@ jobs: with: fetch-depth: 0 + - name: Setup node + uses: actions/setup-node@v4 + with: + node-version-file: webui/.nvmrc + cache: yarn + cache-dependency-path: webui/yarn.lock + - name: Build webui + working-directory: ./webui run: | - make clean-webui generate-webui + yarn install + yarn build - name: Set up Go ${{ env.GO_VERSION }} uses: actions/setup-go@v5 diff --git a/webui/Dockerfile b/webui/Dockerfile index 3939d56b0..df6ca6167 100644 --- a/webui/Dockerfile +++ b/webui/Dockerfile @@ -1,4 +1,4 @@ -FROM node:20.11 +FROM node:20.14 # Current Active LTS release according to (https://nodejs.org/en/about/releases/) ENV WEBUI_DIR /src/webui diff --git a/webui/package.json b/webui/package.json index f33140de3..f6d7acb42 100644 --- a/webui/package.json +++ b/webui/package.json @@ -8,10 +8,10 @@ "scripts": { "transfer": "node dev/scripts/transfer.js", "lint": "eslint --ext .js,.vue src", - "dev": "export APP_ENV='development' && quasar dev", + "dev": "APP_ENV=development quasar dev", "build-quasar": "quasar build", - "build-staging": "export NODE_ENV='production' && export APP_ENV='development' && yarn build-quasar", - "build": "export NODE_ENV='production' && export APP_ENV='production' && yarn build-quasar && yarn transfer spa", + "build-staging": "NODE_ENV=production APP_ENV=development yarn build-quasar", + "build": "NODE_ENV=production APP_ENV=production yarn build-quasar && yarn transfer spa", "build:nc": "yarn build", "test": "echo \"See package.json => scripts for available tests.\" && exit 0", "test:unit": "vitest", @@ -56,6 +56,7 @@ "engines": { "node": "^20 || ^18 || ^16", "npm": ">= 6.13.4", - "yarn": ">= 1.21.1" - } + "yarn": ">= 1.22.22" + }, + "packageManager": "yarn@1.22.22" } diff --git a/webui/readme.md b/webui/readme.md index e621e4080..812cbdf5a 100644 --- a/webui/readme.md +++ b/webui/readme.md @@ -20,7 +20,7 @@ make clean-webui generate-webui # Generate static contents in `webui/static/` fo ## How to build (only for frontend developer) -- prerequisite: [Node 20.11+](https://nodejs.org) [Yarn 1.22.19](https://yarnpkg.com/) +- prerequisite: [Node 20.14+](https://nodejs.org) [Yarn 1.22.22](https://yarnpkg.com/) - Go to the `webui/` directory diff --git a/webui/src/components/_commons/AvatarState.vue b/webui/src/components/_commons/AvatarState.vue index e74e73104..1b99f976e 100644 --- a/webui/src/components/_commons/AvatarState.vue +++ b/webui/src/components/_commons/AvatarState.vue @@ -24,7 +24,7 @@ import { defineComponent } from 'vue' export default defineComponent({ name: 'AvatarState', props: { - state: String + state: { type: String, default: undefined, required: false } } }) diff --git a/webui/src/components/_commons/MainTable.vue b/webui/src/components/_commons/MainTable.vue index 4b64c8999..100e76ad7 100644 --- a/webui/src/components/_commons/MainTable.vue +++ b/webui/src/components/_commons/MainTable.vue @@ -104,12 +104,12 @@ export default defineComponent({ QPageScroller }, props: { - data: Object, + data: { type: Object, default: undefined, required: false }, columns: Array[Object], loading: Boolean, - onLoadMore: Function, + onLoadMore: { type: Function, default: undefined, required: false }, endReached: Boolean, - onRowClick: Function + onRowClick: { type: Function, default: undefined, required: false } }, methods: { getColumn (columnName) { diff --git a/webui/src/components/_commons/PanelHealthCheck.vue b/webui/src/components/_commons/PanelHealthCheck.vue index 7513cded0..0d1689d0d 100644 --- a/webui/src/components/_commons/PanelHealthCheck.vue +++ b/webui/src/components/_commons/PanelHealthCheck.vue @@ -137,7 +137,7 @@ export default { filters: { }, props: { - data: Object, + data: { type: Object, default: undefined, required: false }, dense: Boolean }, computed: { diff --git a/webui/src/components/_commons/PanelMiddlewares.vue b/webui/src/components/_commons/PanelMiddlewares.vue index 5ef836118..ced92222d 100644 --- a/webui/src/components/_commons/PanelMiddlewares.vue +++ b/webui/src/components/_commons/PanelMiddlewares.vue @@ -75,8 +75,8 @@ ERRORS
{{ errorMsg }} diff --git a/webui/src/components/_commons/PanelMirroringServices.vue b/webui/src/components/_commons/PanelMirroringServices.vue index 3a3fa3319..a526f3f0f 100644 --- a/webui/src/components/_commons/PanelMirroringServices.vue +++ b/webui/src/components/_commons/PanelMirroringServices.vue @@ -70,7 +70,7 @@ export default { name: 'PanelMirroringServices', props: { - data: Object, + data: { type: Object, default: undefined, required: false }, dense: Boolean }, computed: { diff --git a/webui/src/components/_commons/PanelRouterDetails.vue b/webui/src/components/_commons/PanelRouterDetails.vue index 2ae068fa7..25a01e902 100644 --- a/webui/src/components/_commons/PanelRouterDetails.vue +++ b/webui/src/components/_commons/PanelRouterDetails.vue @@ -131,8 +131,8 @@ export default defineComponent({ AvatarState }, props: { - data: Object, - protocol: String + data: { type: Object, default: undefined, required: false }, + protocol: { type: String, default: undefined, required: false } }, computed: { getProviderLogoPath () { diff --git a/webui/src/components/_commons/PanelServers.vue b/webui/src/components/_commons/PanelServers.vue index 5b07eda44..5c3e8f54b 100644 --- a/webui/src/components/_commons/PanelServers.vue +++ b/webui/src/components/_commons/PanelServers.vue @@ -102,7 +102,7 @@ export default defineComponent({ AvatarState }, props: { - data: Object, + data: { type: Object, default: undefined, required: false }, dense: Boolean, hasStatus: Boolean }, diff --git a/webui/src/components/_commons/PanelServiceDetails.vue b/webui/src/components/_commons/PanelServiceDetails.vue index 91708c35c..0f6758e52 100644 --- a/webui/src/components/_commons/PanelServiceDetails.vue +++ b/webui/src/components/_commons/PanelServiceDetails.vue @@ -171,7 +171,7 @@ export default defineComponent({ StickyServiceDetails }, props: { - data: Object, + data: { type: Object, default: undefined, required: false }, dense: Boolean }, computed: { diff --git a/webui/src/components/_commons/PanelTLS.vue b/webui/src/components/_commons/PanelTLS.vue index eb7af91a8..905d8878f 100644 --- a/webui/src/components/_commons/PanelTLS.vue +++ b/webui/src/components/_commons/PanelTLS.vue @@ -77,12 +77,12 @@ {{ domain.main }} - {{ domain }} + {{ sanDomain }} @@ -130,8 +130,8 @@ export default defineComponent({ BooleanState }, props: { - data: Object, - protocol: String + data: { type: Object, default: undefined, required: false }, + protocol: { type: String, default: undefined, required: false } } }) diff --git a/webui/src/components/_commons/PanelWeightedServices.vue b/webui/src/components/_commons/PanelWeightedServices.vue index 178bc8d4b..b8eeaa72a 100644 --- a/webui/src/components/_commons/PanelWeightedServices.vue +++ b/webui/src/components/_commons/PanelWeightedServices.vue @@ -66,7 +66,7 @@ export default defineComponent({ name: 'PanelWeightedServices', components: {}, props: { - data: Object, + data: { type: Object, default: undefined, required: false }, dense: Boolean }, computed: { diff --git a/webui/src/components/_commons/ProviderIcon.vue b/webui/src/components/_commons/ProviderIcon.vue index 9be76c746..4511b696b 100644 --- a/webui/src/components/_commons/ProviderIcon.vue +++ b/webui/src/components/_commons/ProviderIcon.vue @@ -9,7 +9,7 @@ import { defineComponent } from 'vue' export default defineComponent({ props: { - name: String + name: { type: String, default: undefined, required: false } }, computed: { getLogoPath () { diff --git a/webui/src/components/_commons/StickyServiceDetails.vue b/webui/src/components/_commons/StickyServiceDetails.vue index f2e53f4a9..de81f1119 100644 --- a/webui/src/components/_commons/StickyServiceDetails.vue +++ b/webui/src/components/_commons/StickyServiceDetails.vue @@ -55,7 +55,7 @@ export default defineComponent({ BooleanState }, props: { - sticky: Object, + sticky: { type: Object, default: undefined, required: false }, dense: Boolean } }) diff --git a/webui/src/components/_commons/ToolBarTable.vue b/webui/src/components/_commons/ToolBarTable.vue index 03d4b6a52..65a6e3d6b 100644 --- a/webui/src/components/_commons/ToolBarTable.vue +++ b/webui/src/components/_commons/ToolBarTable.vue @@ -42,9 +42,10 @@ import Helps from '../../_helpers/Helps' export default defineComponent({ name: 'ToolBarTable', props: { - status: String, - filter: String + status: { type: String, default: undefined, required: false }, + filter: { type: String, default: undefined, required: false } }, + emits: ['update:status', 'update:filter'], computed: { getStatus: { get () { diff --git a/webui/src/components/dashboard/PanelChart.vue b/webui/src/components/dashboard/PanelChart.vue index 411de01e6..3f2bc0a8f 100644 --- a/webui/src/components/dashboard/PanelChart.vue +++ b/webui/src/components/dashboard/PanelChart.vue @@ -118,9 +118,9 @@ export default defineComponent({ AvatarState }, props: { - name: String, - data: Object, - type: String + name: { type: String, default: undefined, required: false }, + data: { type: Object, default: undefined, required: false }, + type: { type: String, default: undefined, required: false } }, data () { return { diff --git a/webui/src/components/dashboard/PanelEntry.vue b/webui/src/components/dashboard/PanelEntry.vue index 969c321b3..3077ce157 100644 --- a/webui/src/components/dashboard/PanelEntry.vue +++ b/webui/src/components/dashboard/PanelEntry.vue @@ -28,11 +28,11 @@ import { defineComponent } from 'vue' export default defineComponent({ name: 'PanelEntry', props: { - address: String, - name: String, - type: String, + address: { type: String, default: undefined, required: false }, + name: { type: String, default: undefined, required: false }, + type: { type: String, default: undefined, required: false }, focus: Boolean, - exSize: Number + exSize: { type: Number, default: undefined, required: false } } }) diff --git a/webui/src/components/dashboard/PanelFeature.vue b/webui/src/components/dashboard/PanelFeature.vue index 9edff71c8..1b3ee5b64 100644 --- a/webui/src/components/dashboard/PanelFeature.vue +++ b/webui/src/components/dashboard/PanelFeature.vue @@ -28,7 +28,10 @@