diff --git a/.golangci.toml b/.golangci.toml index a7c6ad4e7..35e627aa0 100644 --- a/.golangci.toml +++ b/.golangci.toml @@ -37,6 +37,7 @@ "gochecknoinits", "gochecknoglobals", "bodyclose", # Too many false-positive and panics. + "typecheck", # v1.17.1 and Go1.13 => bug ] [issues] diff --git a/.semaphoreci/golang.sh b/.semaphoreci/golang.sh index ec24aac57..c275de34b 100755 --- a/.semaphoreci/golang.sh +++ b/.semaphoreci/golang.sh @@ -2,19 +2,19 @@ set -e -curl -O https://dl.google.com/go/go1.12.linux-amd64.tar.gz +curl -O https://dl.google.com/go/go"${GO_VERSION}".linux-amd64.tar.gz -tar -xvf go1.12.linux-amd64.tar.gz -rm -rf go1.12.linux-amd64.tar.gz +tar -xvf go"${GO_VERSION}".linux-amd64.tar.gz +rm -rf go"${GO_VERSION}".linux-amd64.tar.gz -sudo mkdir -p /usr/local/golang/1.12/go -sudo mv go /usr/local/golang/1.12/ +sudo mkdir -p /usr/local/golang/"${GO_VERSION}"/go +sudo mv go /usr/local/golang/"${GO_VERSION}"/ sudo rm /usr/local/bin/go -sudo chmod +x /usr/local/golang/1.12/go/bin/go -sudo ln -s /usr/local/golang/1.12/go/bin/go /usr/local/bin/go +sudo chmod +x /usr/local/golang/"${GO_VERSION}"/go/bin/go +sudo ln -s /usr/local/golang/"${GO_VERSION}"/go/bin/go /usr/local/bin/go -export GOROOT="/usr/local/golang/1.12/go" -export GOTOOLDIR="/usr/local/golang/1.12/go/pkg/tool/linux_amd64" +export GOROOT="/usr/local/golang/${GO_VERSION}/go" +export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64" go version diff --git a/.semaphoreci/setup.sh b/.semaphoreci/setup.sh index b79415769..568eea2fc 100755 --- a/.semaphoreci/setup.sh +++ b/.semaphoreci/setup.sh @@ -7,6 +7,7 @@ sudo dd if=/dev/zero of=/swapfile bs=1M count=3072 sudo mkswap /swapfile sudo swapon /swapfile sudo rm -rf /home/runner/.rbenv +sudo rm -rf /usr/local/golang/{1.4.3,1.5.4,1.6.4,1.7.6,1.8.6,1.9.7,1.10.3,1.11} #export DOCKER_VERSION=18.06.3 source .semaphoreci/vars if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R || true); fi @@ -16,12 +17,22 @@ echo ${TEMP_STORAGE} echo ${SHOULD_TEST} #if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi #if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi -if [ -n "$SHOULD_TEST" ]; then docker version; fi +if [ -n "$SHOULD_TEST" ]; then docker version; fi + +export GO_VERSION=1.12 +if [ -f "./go.mod" ]; then GO_VERSION="$(grep '^go .*' go.mod | awk '{print $2}')"; export GO_VERSION; fi +if [ "${GO_VERSION}" == '1.13' ]; then export GO_VERSION=1.13rc1; fi +echo "Selected Go version: ${GO_VERSION}" + if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi -if [ -f "./.semaphoreci/golang.sh" ]; then export GOROOT="/usr/local/golang/1.12/go"; fi -if [ -f "./.semaphoreci/golang.sh" ]; then export GOTOOLDIR="/usr/local/golang/1.12/go/pkg/tool/linux_amd64"; fi +if [ -f "./.semaphoreci/golang.sh" ]; then export GOROOT="/usr/local/golang/${GO_VERSION}/go"; fi +if [ -f "./.semaphoreci/golang.sh" ]; then export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64"; fi +go version + if [ -f "./go.mod" ]; then export GO111MODULE=on; fi if [ -f "./go.mod" ]; then export GOPROXY=https://proxy.golang.org; fi if [ -f "./go.mod" ]; then go mod download; fi -sudo rm -rf /usr/local/golang/1.4.3/ /usr/local/golang/1.5.4/ /usr/local/golang/1.6.4 /usr/local/golang/1.7.6 /usr/local/golang/1.8.6 /usr/local/golang/1.9.7 /usr/local/golang/1.10.3 + df + + diff --git a/build.Dockerfile b/build.Dockerfile index f5b3c4323..27c308562 100644 --- a/build.Dockerfile +++ b/build.Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.12-alpine +FROM golang:1.13rc1-alpine RUN apk --update upgrade \ && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \ diff --git a/cmd/traefik/traefik.go b/cmd/traefik/traefik.go index 6bb59b448..6c46fef78 100644 --- a/cmd/traefik/traefik.go +++ b/cmd/traefik/traefik.go @@ -33,14 +33,6 @@ import ( "github.com/vulcand/oxy/roundrobin" ) -func init() { - goDebug := os.Getenv("GODEBUG") - if len(goDebug) > 0 { - goDebug += "," - } - os.Setenv("GODEBUG", goDebug+"tls13=1") -} - func main() { // traefik config inits tConfig := cmd.NewTraefikConfiguration() diff --git a/docs/content/contributing/building-testing.md b/docs/content/contributing/building-testing.md index 32f97416e..95b713490 100644 --- a/docs/content/contributing/building-testing.md +++ b/docs/content/contributing/building-testing.md @@ -28,7 +28,7 @@ Successfully tagged traefik-webui:latest [...] docker build -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile . Sending build context to Docker daemon 279MB -Step 1/10 : FROM golang:1.12-alpine +Step 1/10 : FROM golang:1.13rc1-alpine ---> f4bfb3d22bda [...] Successfully built 5c3c1a911277 @@ -60,7 +60,7 @@ PRE_TARGET= make test-unit Requirements: -- `go` v1.12+ +- `go` v1.13+ - environment variable `GO111MODULE=on` !!! tip "Source Directory" diff --git a/exp.Dockerfile b/exp.Dockerfile index ecee5414f..6f59b73e3 100644 --- a/exp.Dockerfile +++ b/exp.Dockerfile @@ -12,7 +12,7 @@ RUN yarn install RUN npm run build # BUILD -FROM golang:1.12-alpine as gobuild +FROM golang:1.13rc1-alpine as gobuild RUN apk --update upgrade \ && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \ diff --git a/go.mod b/go.mod index 9c15d4d14..d3304053d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/containous/traefik/v2 -go 1.12 +go 1.13 require ( github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect diff --git a/integration/fixtures/https/clientca/https_2ca1config.toml b/integration/fixtures/https/clientca/https_2ca1config.toml index 34ea565e9..948374c04 100644 --- a/integration/fixtures/https/clientca/https_2ca1config.toml +++ b/integration/fixtures/https/clientca/https_2ca1config.toml @@ -31,12 +31,12 @@ [http.services.service1] [http.services.service1.loadBalancer] [[http.services.service1.loadBalancer.servers]] - url = "http://127.0.0.1:9010" + url = "{{ .Server1 }}" [http.services.service2] [http.services.service2.loadBalancer] [[http.services.service2.loadBalancer.servers]] - url = "http://127.0.0.1:9020" + url = "{{ .Server2 }}" [[tls.certificates]] certFile = "fixtures/https/snitest.com.cert" diff --git a/integration/fixtures/https/clientca/https_2ca2config.toml b/integration/fixtures/https/clientca/https_2ca2config.toml index bec6abde7..5757ac602 100644 --- a/integration/fixtures/https/clientca/https_2ca2config.toml +++ b/integration/fixtures/https/clientca/https_2ca2config.toml @@ -30,12 +30,12 @@ [http.services.service1] [http.services.service1.loadBalancer] [[http.services.service1.loadBalancer.servers]] - url = "http://127.0.0.1:9010" + url = "{{ .Server1 }}" [http.services.service2] [http.services.service2.loadBalancer] [[http.services.service2.loadBalancer.servers]] - url = "http://127.0.0.1:9020" + url = "{{ .Server2 }}" [[tls.certificates]] certFile = "fixtures/https/snitest.com.cert" diff --git a/integration/https_test.go b/integration/https_test.go index 79ee639a6..0d35b9570 100644 --- a/integration/https_test.go +++ b/integration/https_test.go @@ -501,7 +501,21 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthentication(c *check.C) { // TestWithClientCertificateAuthentication // Use two CA:s and test that clients with client signed by either of them can connect func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAs(c *check.C) { - file := s.adaptFile(c, "fixtures/https/clientca/https_2ca1config.toml", struct{}{}) + server1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.Write([]byte("server1")) })) + server2 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.Write([]byte("server2")) })) + defer func() { + server1.Close() + server2.Close() + }() + + file := s.adaptFile(c, "fixtures/https/clientca/https_2ca1config.toml", struct { + Server1 string + Server2 string + }{ + Server1: server1.URL, + Server2: server2.URL, + }) + defer os.Remove(file) cmd, display := s.traefikCmd(withConfigFile(file)) defer display(c) @@ -513,24 +527,32 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAs(c *check err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("Host(`snitest.org`)")) c.Assert(err, checker.IsNil) + req, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:4443", nil) + c.Assert(err, checker.IsNil) + req.Host = "snitest.com" + tlsConfig := &tls.Config{ InsecureSkipVerify: true, ServerName: "snitest.com", Certificates: []tls.Certificate{}, } - // Connection without client certificate should fail - _, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig) - c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server")) - // Connect with client signed by ca1 + client := http.Client{ + Transport: &http.Transport{TLSClientConfig: tlsConfig}, + Timeout: 1 * time.Second, + } + + // Connection without client certificate should fail + _, err = client.Do(req) + c.Assert(err, checker.NotNil) + cert, err := tls.LoadX509KeyPair("fixtures/https/clientca/client1.crt", "fixtures/https/clientca/client1.key") c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key")) tlsConfig.Certificates = append(tlsConfig.Certificates, cert) - conn, err := tls.Dial("tcp", "127.0.0.1:4443", tlsConfig) - c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server")) - - conn.Close() + // Connect with client signed by ca1 + _, err = client.Do(req) + c.Assert(err, checker.IsNil) // Connect with client signed by ca2 tlsConfig = &tls.Config{ @@ -538,14 +560,19 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAs(c *check ServerName: "snitest.com", Certificates: []tls.Certificate{}, } + cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client2.crt", "fixtures/https/clientca/client2.key") c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key")) tlsConfig.Certificates = append(tlsConfig.Certificates, cert) - conn, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig) - c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server")) + client = http.Client{ + Transport: &http.Transport{TLSClientConfig: tlsConfig}, + Timeout: 1 * time.Second, + } - conn.Close() + // Connect with client signed by ca1 + _, err = client.Do(req) + c.Assert(err, checker.IsNil) // Connect with client signed by ca3 should fail tlsConfig = &tls.Config{ @@ -553,18 +580,38 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAs(c *check ServerName: "snitest.com", Certificates: []tls.Certificate{}, } + cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client3.crt", "fixtures/https/clientca/client3.key") c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key")) tlsConfig.Certificates = append(tlsConfig.Certificates, cert) - _, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig) - c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server")) + client = http.Client{ + Transport: &http.Transport{TLSClientConfig: tlsConfig}, + Timeout: 1 * time.Second, + } + + // Connect with client signed by ca1 + _, err = client.Do(req) + c.Assert(err, checker.NotNil) } // TestWithClientCertificateAuthentication // Use two CA:s in two different files and test that clients with client signed by either of them can connect func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAsMultipleFiles(c *check.C) { - file := s.adaptFile(c, "fixtures/https/clientca/https_2ca2config.toml", struct{}{}) + server1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.Write([]byte("server1")) })) + server2 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.Write([]byte("server2")) })) + defer func() { + server1.Close() + server2.Close() + }() + + file := s.adaptFile(c, "fixtures/https/clientca/https_2ca2config.toml", struct { + Server1 string + Server2 string + }{ + Server1: server1.URL, + Server2: server2.URL, + }) defer os.Remove(file) cmd, display := s.traefikCmd(withConfigFile(file)) defer display(c) @@ -576,24 +623,32 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAsMultipleF err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("Host(`snitest.org`)")) c.Assert(err, checker.IsNil) + req, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:4443", nil) + c.Assert(err, checker.IsNil) + req.Host = "snitest.com" + tlsConfig := &tls.Config{ InsecureSkipVerify: true, ServerName: "snitest.com", Certificates: []tls.Certificate{}, } + + client := http.Client{ + Transport: &http.Transport{TLSClientConfig: tlsConfig}, + Timeout: 1 * time.Second, + } + // Connection without client certificate should fail - _, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig) - c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server")) + _, err = client.Do(req) + c.Assert(err, checker.NotNil) // Connect with client signed by ca1 cert, err := tls.LoadX509KeyPair("fixtures/https/clientca/client1.crt", "fixtures/https/clientca/client1.key") c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key")) tlsConfig.Certificates = append(tlsConfig.Certificates, cert) - conn, err := tls.Dial("tcp", "127.0.0.1:4443", tlsConfig) - c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server")) - - conn.Close() + _, err = client.Do(req) + c.Assert(err, checker.IsNil) // Connect with client signed by ca2 tlsConfig = &tls.Config{ @@ -601,13 +656,18 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAsMultipleF ServerName: "snitest.com", Certificates: []tls.Certificate{}, } + cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client2.crt", "fixtures/https/clientca/client2.key") c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key")) tlsConfig.Certificates = append(tlsConfig.Certificates, cert) - conn, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig) - c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server")) - conn.Close() + client = http.Client{ + Transport: &http.Transport{TLSClientConfig: tlsConfig}, + Timeout: 1 * time.Second, + } + + _, err = client.Do(req) + c.Assert(err, checker.IsNil) // Connect with client signed by ca3 should fail tlsConfig = &tls.Config{ @@ -615,12 +675,18 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAsMultipleF ServerName: "snitest.com", Certificates: []tls.Certificate{}, } + cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client3.crt", "fixtures/https/clientca/client3.key") c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key")) tlsConfig.Certificates = append(tlsConfig.Certificates, cert) - _, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig) - c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server")) + client = http.Client{ + Transport: &http.Transport{TLSClientConfig: tlsConfig}, + Timeout: 1 * time.Second, + } + + _, err = client.Do(req) + c.Assert(err, checker.NotNil) } func (s *HTTPSSuite) TestWithRootCAsContentForHTTPSOnBackend(c *check.C) { diff --git a/integration/integration_test.go b/integration/integration_test.go index 934da96d8..47f5f0b4f 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -27,11 +27,6 @@ var host = flag.Bool("host", false, "run host integration tests") var showLog = flag.Bool("tlog", false, "always show Traefik logs") func Test(t *testing.T) { - check.TestingT(t) -} - -func init() { - flag.Parse() if !*integration { log.Info("Integration tests disabled.") return @@ -69,6 +64,8 @@ func init() { check.Suite(&ProxyProtocolSuite{}) check.Suite(&TCPSuite{}) } + + check.TestingT(t) } var traefikBinary = "../dist/traefik"