Add segment support for ECS

This commit is contained in:
Michael 2018-08-27 16:32:05 +02:00 committed by Traefiker Bot
parent ef753838e7
commit a302731cd1
9 changed files with 1559 additions and 438 deletions

View file

@ -887,13 +887,13 @@ var _templatesEcsTmpl = []byte(`[backends]
{{range $serviceName, $instances := .Services }} {{range $serviceName, $instances := .Services }}
{{ $firstInstance := index $instances 0 }} {{ $firstInstance := index $instances 0 }}
{{ $circuitBreaker := getCircuitBreaker $firstInstance.TraefikLabels }} {{ $circuitBreaker := getCircuitBreaker $firstInstance.SegmentLabels }}
{{if $circuitBreaker }} {{if $circuitBreaker }}
[backends."backend-{{ $serviceName }}".circuitBreaker] [backends."backend-{{ $serviceName }}".circuitBreaker]
expression = "{{ $circuitBreaker.Expression }}" expression = "{{ $circuitBreaker.Expression }}"
{{end}} {{end}}
{{ $loadBalancer := getLoadBalancer $firstInstance.TraefikLabels }} {{ $loadBalancer := getLoadBalancer $firstInstance.SegmentLabels }}
{{if $loadBalancer }} {{if $loadBalancer }}
[backends."backend-{{ $serviceName }}".loadBalancer] [backends."backend-{{ $serviceName }}".loadBalancer]
method = "{{ $loadBalancer.Method }}" method = "{{ $loadBalancer.Method }}"
@ -904,14 +904,14 @@ var _templatesEcsTmpl = []byte(`[backends]
{{end}} {{end}}
{{end}} {{end}}
{{ $maxConn := getMaxConn $firstInstance.TraefikLabels }} {{ $maxConn := getMaxConn $firstInstance.SegmentLabels }}
{{if $maxConn }} {{if $maxConn }}
[backends."backend-{{ $serviceName }}".maxConn] [backends."backend-{{ $serviceName }}".maxConn]
extractorFunc = "{{ $maxConn.ExtractorFunc }}" extractorFunc = "{{ $maxConn.ExtractorFunc }}"
amount = {{ $maxConn.Amount }} amount = {{ $maxConn.Amount }}
{{end}} {{end}}
{{ $healthCheck := getHealthCheck $firstInstance.TraefikLabels }} {{ $healthCheck := getHealthCheck $firstInstance.SegmentLabels }}
{{if $healthCheck }} {{if $healthCheck }}
[backends."backend-{{ $serviceName }}".healthCheck] [backends."backend-{{ $serviceName }}".healthCheck]
scheme = "{{ $healthCheck.Scheme }}" scheme = "{{ $healthCheck.Scheme }}"
@ -927,7 +927,7 @@ var _templatesEcsTmpl = []byte(`[backends]
{{end}} {{end}}
{{end}} {{end}}
{{ $buffering := getBuffering $firstInstance.TraefikLabels }} {{ $buffering := getBuffering $firstInstance.SegmentLabels }}
{{if $buffering }} {{if $buffering }}
[backends."backend-{{ $serviceName }}".buffering] [backends."backend-{{ $serviceName }}".buffering]
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }} maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
@ -949,28 +949,30 @@ var _templatesEcsTmpl = []byte(`[backends]
{{range $serviceName, $instances := .Services }} {{range $serviceName, $instances := .Services }}
{{range $instance := filterFrontends $instances }} {{range $instance := filterFrontends $instances }}
[frontends."frontend-{{ $serviceName }}"] {{ $frontendName := getFrontendName $instance }}
backend = "backend-{{ $serviceName }}"
priority = {{ getPriority $instance.TraefikLabels }}
passHostHeader = {{ getPassHostHeader $instance.TraefikLabels }}
passTLSCert = {{ getPassTLSCert $instance.TraefikLabels }}
entryPoints = [{{range getEntryPoints $instance.TraefikLabels }} [frontends."frontend-{{ $frontendName }}"]
backend = "backend-{{ $serviceName }}"
priority = {{ getPriority $instance.SegmentLabels }}
passHostHeader = {{ getPassHostHeader $instance.SegmentLabels }}
passTLSCert = {{ getPassTLSCert $instance.SegmentLabels }}
entryPoints = [{{range getEntryPoints $instance.SegmentLabels }}
"{{.}}", "{{.}}",
{{end}}] {{end}}]
{{ $auth := getAuth $instance.TraefikLabels }} {{ $auth := getAuth $instance.SegmentLabels }}
{{if $auth }} {{if $auth }}
[frontends."frontend-{{ $serviceName }}".auth] [frontends."frontend-{{ $frontendName }}".auth]
headerField = "{{ $auth.HeaderField }}" headerField = "{{ $auth.HeaderField }}"
{{if $auth.Forward }} {{if $auth.Forward }}
[frontends."frontend-{{ $serviceName }}".auth.forward] [frontends."frontend-{{ $frontendName }}".auth.forward]
address = "{{ $auth.Forward.Address }}" address = "{{ $auth.Forward.Address }}"
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }} trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
{{if $auth.Forward.TLS }} {{if $auth.Forward.TLS }}
[frontends."frontend-{{ $serviceName }}".auth.forward.tls] [frontends."frontend-{{ $frontendName }}".auth.forward.tls]
ca = "{{ $auth.Forward.TLS.CA }}" ca = "{{ $auth.Forward.TLS.CA }}"
caOptional = {{ $auth.Forward.TLS.CAOptional }} caOptional = {{ $auth.Forward.TLS.CAOptional }}
cert = """{{ $auth.Forward.TLS.Cert }}""" cert = """{{ $auth.Forward.TLS.Cert }}"""
@ -980,7 +982,7 @@ var _templatesEcsTmpl = []byte(`[backends]
{{end}} {{end}}
{{if $auth.Basic }} {{if $auth.Basic }}
[frontends."frontend-{{ $serviceName }}".auth.basic] [frontends."frontend-{{ $frontendName }}".auth.basic]
removeHeader = {{ $auth.Basic.RemoveHeader }} removeHeader = {{ $auth.Basic.RemoveHeader }}
{{if $auth.Basic.Users }} {{if $auth.Basic.Users }}
users = [{{range $auth.Basic.Users }} users = [{{range $auth.Basic.Users }}
@ -991,7 +993,7 @@ var _templatesEcsTmpl = []byte(`[backends]
{{end}} {{end}}
{{if $auth.Digest }} {{if $auth.Digest }}
[frontends."frontend-{{ $serviceName }}".auth.digest] [frontends."frontend-{{ $frontendName }}".auth.digest]
removeHeader = {{ $auth.Digest.RemoveHeader }} removeHeader = {{ $auth.Digest.RemoveHeader }}
{{if $auth.Digest.Users }} {{if $auth.Digest.Users }}
users = [{{range $auth.Digest.Users }} users = [{{range $auth.Digest.Users }}
@ -1002,29 +1004,29 @@ var _templatesEcsTmpl = []byte(`[backends]
{{end}} {{end}}
{{end}} {{end}}
{{ $whitelist := getWhiteList $instance.TraefikLabels }} {{ $whitelist := getWhiteList $instance.SegmentLabels }}
{{if $whitelist }} {{if $whitelist }}
[frontends."frontend-{{ $serviceName }}".whiteList] [frontends."frontend-{{ $frontendName }}".whiteList]
sourceRange = [{{range $whitelist.SourceRange }} sourceRange = [{{range $whitelist.SourceRange }}
"{{.}}", "{{.}}",
{{end}}] {{end}}]
useXForwardedFor = {{ $whitelist.UseXForwardedFor }} useXForwardedFor = {{ $whitelist.UseXForwardedFor }}
{{end}} {{end}}
{{ $redirect := getRedirect $instance.TraefikLabels }} {{ $redirect := getRedirect $instance.SegmentLabels }}
{{if $redirect }} {{if $redirect }}
[frontends."frontend-{{ $serviceName }}".redirect] [frontends."frontend-{{ $frontendName }}".redirect]
entryPoint = "{{ $redirect.EntryPoint }}" entryPoint = "{{ $redirect.EntryPoint }}"
regex = "{{ $redirect.Regex }}" regex = "{{ $redirect.Regex }}"
replacement = "{{ $redirect.Replacement }}" replacement = "{{ $redirect.Replacement }}"
permanent = {{ $redirect.Permanent }} permanent = {{ $redirect.Permanent }}
{{end}} {{end}}
{{ $errorPages := getErrorPages $instance.TraefikLabels }} {{ $errorPages := getErrorPages $instance.SegmentLabels }}
{{if $errorPages }} {{if $errorPages }}
[frontends."frontend-{{ $serviceName }}".errors] [frontends."frontend-{{ $frontendName }}".errors]
{{range $pageName, $page := $errorPages }} {{range $pageName, $page := $errorPages }}
[frontends."frontend-{{ $serviceName }}".errors."{{ $pageName }}"] [frontends."frontend-{{ $frontendName }}".errors."{{ $pageName }}"]
status = [{{range $page.Status }} status = [{{range $page.Status }}
"{{.}}", "{{.}}",
{{end}}] {{end}}]
@ -1033,22 +1035,22 @@ var _templatesEcsTmpl = []byte(`[backends]
{{end}} {{end}}
{{end}} {{end}}
{{ $rateLimit := getRateLimit $instance.TraefikLabels }} {{ $rateLimit := getRateLimit $instance.SegmentLabels }}
{{if $rateLimit }} {{if $rateLimit }}
[frontends."frontend-{{ $serviceName }}".rateLimit] [frontends."frontend-{{ $frontendName }}".rateLimit]
extractorFunc = "{{ $rateLimit.ExtractorFunc }}" extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
[frontends."frontend-{{ $serviceName }}".rateLimit.rateSet] [frontends."frontend-{{ $frontendName }}".rateLimit.rateSet]
{{ range $limitName, $limit := $rateLimit.RateSet }} {{ range $limitName, $limit := $rateLimit.RateSet }}
[frontends."frontend-{{ $serviceName }}".rateLimit.rateSet."{{ $limitName }}"] [frontends."frontend-{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
period = "{{ $limit.Period }}" period = "{{ $limit.Period }}"
average = {{ $limit.Average }} average = {{ $limit.Average }}
burst = {{ $limit.Burst }} burst = {{ $limit.Burst }}
{{end}} {{end}}
{{end}} {{end}}
{{ $headers := getHeaders $instance.TraefikLabels }} {{ $headers := getHeaders $instance.SegmentLabels }}
{{if $headers }} {{if $headers }}
[frontends."frontend-{{ $serviceName }}".headers] [frontends."frontend-{{ $frontendName }}".headers]
SSLRedirect = {{ $headers.SSLRedirect }} SSLRedirect = {{ $headers.SSLRedirect }}
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }} SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
SSLHost = "{{ $headers.SSLHost }}" SSLHost = "{{ $headers.SSLHost }}"
@ -1080,28 +1082,28 @@ var _templatesEcsTmpl = []byte(`[backends]
{{end}} {{end}}
{{if $headers.CustomRequestHeaders }} {{if $headers.CustomRequestHeaders }}
[frontends."frontend-{{ $serviceName }}".headers.customRequestHeaders] [frontends."frontend-{{ $frontendName }}".headers.customRequestHeaders]
{{range $k, $v := $headers.CustomRequestHeaders }} {{range $k, $v := $headers.CustomRequestHeaders }}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if $headers.CustomResponseHeaders }} {{if $headers.CustomResponseHeaders }}
[frontends."frontend-{{ $serviceName }}".headers.customResponseHeaders] [frontends."frontend-{{ $frontendName }}".headers.customResponseHeaders]
{{range $k, $v := $headers.CustomResponseHeaders }} {{range $k, $v := $headers.CustomResponseHeaders }}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if $headers.SSLProxyHeaders }} {{if $headers.SSLProxyHeaders }}
[frontends."frontend-{{ $serviceName }}".headers.SSLProxyHeaders] [frontends."frontend-{{ $frontendName }}".headers.SSLProxyHeaders]
{{range $k, $v := $headers.SSLProxyHeaders }} {{range $k, $v := $headers.SSLProxyHeaders }}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{end}} {{end}}
[frontends."frontend-{{ $serviceName }}".routes."route-frontend-{{ $serviceName }}"] [frontends."frontend-{{ $frontendName }}".routes."route-frontend-{{ $frontendName }}"]
rule = "{{ getFrontendRule $instance }}" rule = "{{ getFrontendRule $instance }}"
{{end}} {{end}}

View file

@ -228,3 +228,85 @@ Labels can be used on task containers to override default behaviour:
| `traefik.frontend.headers.STSSeconds=315360000` | Sets the max-age of the STS header. | | `traefik.frontend.headers.STSSeconds=315360000` | Sets the max-age of the STS header. |
| `traefik.frontend.headers.STSIncludeSubdomains=true` | Adds the `IncludeSubdomains` section of the STS header. | | `traefik.frontend.headers.STSIncludeSubdomains=true` | Adds the `IncludeSubdomains` section of the STS header. |
| `traefik.frontend.headers.STSPreload=true` | Adds the preload flag to the STS header. | | `traefik.frontend.headers.STSPreload=true` | Adds the preload flag to the STS header. |
### Containers with Multiple Ports (segment labels)
Segment labels are used to define routes to an application exposing multiple ports.
A segment is a group of labels that apply to a port exposed by an application.
You can define as many segments as ports exposed in an application.
Segment labels override the default behavior.
| Label | Description |
|---------------------------------------------------------------------------|----------------------------------------------------------------|
| `traefik.<segment_name>.backend=BACKEND` | Same as `traefik.backend` |
| `traefik.<segment_name>.domain=DOMAIN` | Same as `traefik.domain` |
| `traefik.<segment_name>.port=PORT` | Same as `traefik.port` |
| `traefik.<segment_name>.protocol=http` | Same as `traefik.protocol` |
| `traefik.<segment_name>.weight=10` | Same as `traefik.weight` |
| `traefik.<segment_name>.frontend.auth.basic=EXPR` | Same as `traefik.frontend.auth.basic` |
| `traefik.<segment_name>.frontend.auth.basic.removeHeader=true` | Same as `traefik.frontend.auth.basic.removeHeader` |
| `traefik.<segment_name>.frontend.auth.basic.users=EXPR` | Same as `traefik.frontend.auth.basic.users` |
| `traefik.<segment_name>.frontend.auth.basic.usersFile=/path/.htpasswd` | Same as `traefik.frontend.auth.basic.usersFile` |
| `traefik.<segment_name>.frontend.auth.digest.removeHeader=true` | Same as `traefik.frontend.auth.digest.removeHeader` |
| `traefik.<segment_name>.frontend.auth.digest.users=EXPR` | Same as `traefik.frontend.auth.digest.users` |
| `traefik.<segment_name>.frontend.auth.digest.usersFile=/path/.htdigest` | Same as `traefik.frontend.auth.digest.usersFile` |
| `traefik.<segment_name>.frontend.auth.forward.address=https://example.com`| Same as `traefik.frontend.auth.forward.address` |
| `traefik.<segment_name>.frontend.auth.forward.tls.ca=/path/ca.pem` | Same as `traefik.frontend.auth.forward.tls.ca` |
| `traefik.<segment_name>.frontend.auth.forward.tls.caOptional=true` | Same as `traefik.frontend.auth.forward.tls.caOptional` |
| `traefik.<segment_name>.frontend.auth.forward.tls.cert=/path/server.pem` | Same as `traefik.frontend.auth.forward.tls.cert` |
| `traefik.<segment_name>.frontend.auth.forward.tls.insecureSkipVerify=true`| Same as `traefik.frontend.auth.forward.tls.insecureSkipVerify` |
| `traefik.<segment_name>.frontend.auth.forward.tls.key=/path/server.key` | Same as `traefik.frontend.auth.forward.tls.key` |
| `traefik.<segment_name>.frontend.auth.forward.trustForwardHeader=true` | Same as `traefik.frontend.auth.forward.trustForwardHeader` |
| `traefik.<segment_name>.frontend.auth.headerField=X-WebAuth-User` | Same as `traefik.frontend.auth.headerField` |
| `traefik.<segment_name>.frontend.auth.removeHeader=true` | Same as `traefik.frontend.auth.removeHeader` |
| `traefik.<segment_name>.frontend.entryPoints=https` | Same as `traefik.frontend.entryPoints` |
| `traefik.<segment_name>.frontend.errors.<name>.backend=NAME` | Same as `traefik.frontend.errors.<name>.backend` |
| `traefik.<segment_name>.frontend.errors.<name>.query=PATH` | Same as `traefik.frontend.errors.<name>.query` |
| `traefik.<segment_name>.frontend.errors.<name>.status=RANGE` | Same as `traefik.frontend.errors.<name>.status` |
| `traefik.<segment_name>.frontend.passHostHeader=true` | Same as `traefik.frontend.passHostHeader` |
| `traefik.<segment_name>.frontend.passTLSCert=true` | Same as `traefik.frontend.passTLSCert` |
| `traefik.<segment_name>.frontend.priority=10` | Same as `traefik.frontend.priority` |
| `traefik.<segment_name>.frontend.rateLimit.extractorFunc=EXP` | Same as `traefik.frontend.rateLimit.extractorFunc` |
| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.period=6` | Same as `traefik.frontend.rateLimit.rateSet.<name>.period` |
| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.average=6` | Same as `traefik.frontend.rateLimit.rateSet.<name>.average` |
| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.burst=6` | Same as `traefik.frontend.rateLimit.rateSet.<name>.burst` |
| `traefik.<segment_name>.frontend.redirect.entryPoint=https` | Same as `traefik.frontend.redirect.entryPoint` |
| `traefik.<segment_name>.frontend.redirect.regex=^http://localhost/(.*)` | Same as `traefik.frontend.redirect.regex` |
| `traefik.<segment_name>.frontend.redirect.replacement=http://mydomain/$1` | Same as `traefik.frontend.redirect.replacement` |
| `traefik.<segment_name>.frontend.redirect.permanent=true` | Same as `traefik.frontend.redirect.permanent` |
| `traefik.<segment_name>.frontend.rule=EXP` | Same as `traefik.frontend.rule` |
| `traefik.<segment_name>.frontend.whiteList.sourceRange=RANGE` | Same as `traefik.frontend.whiteList.sourceRange` |
| `traefik.<segment_name>.frontend.whiteList.useXForwardedFor=true` | Same as `traefik.frontend.whiteList.useXForwardedFor` |
#### Custom Headers
| Label | Description |
|----------------------------------------------------------------------|----------------------------------------------------------|
| `traefik.<segment_name>.frontend.headers.customRequestHeaders=EXPR ` | Same as `traefik.frontend.headers.customRequestHeaders` |
| `traefik.<segment_name>.frontend.headers.customResponseHeaders=EXPR` | Same as `traefik.frontend.headers.customResponseHeaders` |
#### Security Headers
| Label | Description |
|-------------------------------------------------------------------------|--------------------------------------------------------------|
| `traefik.<segment_name>.frontend.headers.allowedHosts=EXPR` | Same as `traefik.frontend.headers.allowedHosts` |
| `traefik.<segment_name>.frontend.headers.browserXSSFilter=true` | Same as `traefik.frontend.headers.browserXSSFilter` |
| `traefik.<segment_name>.frontend.headers.contentSecurityPolicy=VALUE` | Same as `traefik.frontend.headers.contentSecurityPolicy` |
| `traefik.<segment_name>.frontend.headers.contentTypeNosniff=true` | Same as `traefik.frontend.headers.contentTypeNosniff` |
| `traefik.<segment_name>.frontend.headers.customBrowserXSSValue=VALUE` | Same as `traefik.frontend.headers.customBrowserXSSValue` |
| `traefik.<segment_name>.frontend.headers.customFrameOptionsValue=VALUE` | Same as `traefik.frontend.headers.customFrameOptionsValue` |
| `traefik.<segment_name>.frontend.headers.forceSTSHeader=false` | Same as `traefik.frontend.headers.forceSTSHeader` |
| `traefik.<segment_name>.frontend.headers.frameDeny=false` | Same as `traefik.frontend.headers.frameDeny` |
| `traefik.<segment_name>.frontend.headers.hostsProxyHeaders=EXPR` | Same as `traefik.frontend.headers.hostsProxyHeaders` |
| `traefik.<segment_name>.frontend.headers.isDevelopment=false` | Same as `traefik.frontend.headers.isDevelopment` |
| `traefik.<segment_name>.frontend.headers.publicKey=VALUE` | Same as `traefik.frontend.headers.publicKey` |
| `traefik.<segment_name>.frontend.headers.referrerPolicy=VALUE` | Same as `traefik.frontend.headers.referrerPolicy` |
| `traefik.<segment_name>.frontend.headers.SSLRedirect=true` | Same as `traefik.frontend.headers.SSLRedirect` |
| `traefik.<segment_name>.frontend.headers.SSLTemporaryRedirect=true` | Same as `traefik.frontend.headers.SSLTemporaryRedirect` |
| `traefik.<segment_name>.frontend.headers.SSLHost=HOST` | Same as `traefik.frontend.headers.SSLHost` |
| `traefik.<segment_name>.frontend.headers.SSLForceHost=true` | Same as `traefik.frontend.headers.SSLForceHost` |
| `traefik.<segment_name>.frontend.headers.SSLProxyHeaders=EXPR` | Same as `traefik.frontend.headers.SSLProxyHeaders=EXPR` |
| `traefik.<segment_name>.frontend.headers.STSSeconds=315360000` | Same as `traefik.frontend.headers.STSSeconds=315360000` |
| `traefik.<segment_name>.frontend.headers.STSIncludeSubdomains=true` | Same as `traefik.frontend.headers.STSIncludeSubdomains=true` |
| `traefik.<segment_name>.frontend.headers.STSPreload=true` | Same as `traefik.frontend.headers.STSPreload=true` |

View file

@ -0,0 +1,85 @@
package ecs
import (
"github.com/aws/aws-sdk-go/service/ecs"
)
func instance(ops ...func(*ecsInstance)) ecsInstance {
e := &ecsInstance{
containerDefinition: &ecs.ContainerDefinition{},
}
for _, op := range ops {
op(e)
}
return *e
}
func name(name string) func(*ecsInstance) {
return func(e *ecsInstance) {
e.Name = name
}
}
func ID(ID string) func(*ecsInstance) {
return func(e *ecsInstance) {
e.ID = ID
}
}
func iMachine(opts ...func(*machine)) func(*ecsInstance) {
return func(e *ecsInstance) {
e.machine = &machine{}
for _, opt := range opts {
opt(e.machine)
}
}
}
func mState(state string) func(*machine) {
return func(m *machine) {
m.state = state
}
}
func mName(name string) func(*machine) {
return func(m *machine) {
m.name = name
}
}
func mPrivateIP(ip string) func(*machine) {
return func(m *machine) {
m.privateIP = ip
}
}
func mPorts(opts ...func(*portMapping)) func(*machine) {
return func(m *machine) {
for _, opt := range opts {
p := &portMapping{}
opt(p)
m.ports = append(m.ports, *p)
}
}
}
func mPort(containerPort int32, hostPort int32) func(*portMapping) {
return func(pm *portMapping) {
pm.containerPort = int64(containerPort)
pm.hostPort = int64(hostPort)
}
}
func labels(labels map[string]string) func(*ecsInstance) {
return func(c *ecsInstance) {
c.TraefikLabels = labels
}
}
func dockerLabels(labels map[string]*string) func(*ecsInstance) {
return func(c *ecsInstance) {
c.containerDefinition.DockerLabels = labels
}
}

View file

@ -1,6 +1,8 @@
package ecs package ecs
import ( import (
"crypto/md5"
"encoding/hex"
"fmt" "fmt"
"net" "net"
"strconv" "strconv"
@ -17,18 +19,6 @@ import (
// buildConfiguration fills the config template with the given instances // buildConfiguration fills the config template with the given instances
func (p *Provider) buildConfigurationV2(instances []ecsInstance) (*types.Configuration, error) { func (p *Provider) buildConfigurationV2(instances []ecsInstance) (*types.Configuration, error) {
services := make(map[string][]ecsInstance)
for _, instance := range instances {
backendName := getBackendName(instance)
if p.filterInstance(instance) {
if serviceInstances, ok := services[backendName]; ok {
services[backendName] = append(serviceInstances, instance)
} else {
services[backendName] = []ecsInstance{instance}
}
}
}
var ecsFuncMap = template.FuncMap{ var ecsFuncMap = template.FuncMap{
// Backend functions // Backend functions
"getHost": getHost, "getHost": getHost,
@ -43,6 +33,7 @@ func (p *Provider) buildConfigurationV2(instances []ecsInstance) (*types.Configu
// Frontend functions // Frontend functions
"filterFrontends": filterFrontends, "filterFrontends": filterFrontends,
"getFrontendRule": p.getFrontendRule, "getFrontendRule": p.getFrontendRule,
"getFrontendName": p.getFrontendName,
"getPassHostHeader": label.GetFuncBool(label.TraefikFrontendPassHostHeader, label.DefaultPassHostHeader), "getPassHostHeader": label.GetFuncBool(label.TraefikFrontendPassHostHeader, label.DefaultPassHostHeader),
"getPassTLSCert": label.GetFuncBool(label.TraefikFrontendPassTLSCert, label.DefaultPassTLSCert), "getPassTLSCert": label.GetFuncBool(label.TraefikFrontendPassTLSCert, label.DefaultPassTLSCert),
"getPriority": label.GetFuncInt(label.TraefikFrontendPriority, label.DefaultFrontendPriority), "getPriority": label.GetFuncInt(label.TraefikFrontendPriority, label.DefaultFrontendPriority),
@ -56,6 +47,25 @@ func (p *Provider) buildConfigurationV2(instances []ecsInstance) (*types.Configu
"getWhiteList": label.GetWhiteList, "getWhiteList": label.GetWhiteList,
} }
services := make(map[string][]ecsInstance)
for _, instance := range instances {
segmentProperties := label.ExtractTraefikLabels(instance.TraefikLabels)
for segmentName, labels := range segmentProperties {
instance.SegmentLabels = labels
instance.SegmentName = segmentName
backendName := getBackendName(instance)
if p.filterInstance(instance) {
if serviceInstances, ok := services[backendName]; ok {
services[backendName] = append(serviceInstances, instance)
} else {
services[backendName] = []ecsInstance{instance}
}
}
}
}
return p.GetConfiguration("templates/ecs.tmpl", ecsFuncMap, struct { return p.GetConfiguration("templates/ecs.tmpl", ecsFuncMap, struct {
Services map[string][]ecsInstance Services map[string][]ecsInstance
}{ }{
@ -101,25 +111,61 @@ func (p *Provider) filterInstance(i ecsInstance) bool {
} }
func getBackendName(i ecsInstance) string { func getBackendName(i ecsInstance) string {
if value := label.GetStringValue(i.TraefikLabels, label.TraefikBackend, ""); len(value) > 0 { if len(i.SegmentName) > 0 {
return value return getSegmentBackendName(i)
} }
return i.Name
return getDefaultBackendName(i)
}
func getSegmentBackendName(i ecsInstance) string {
if value := label.GetStringValue(i.SegmentLabels, label.TraefikBackend, ""); len(value) > 0 {
return provider.Normalize(i.Name + "-" + value)
}
return provider.Normalize(i.Name + "-" + i.SegmentName)
}
func getDefaultBackendName(i ecsInstance) string {
if value := label.GetStringValue(i.SegmentLabels, label.TraefikBackend, ""); len(value) != 0 {
return provider.Normalize(value)
}
return provider.Normalize(i.Name)
} }
func (p *Provider) getFrontendRule(i ecsInstance) string { func (p *Provider) getFrontendRule(i ecsInstance) string {
domain := label.GetStringValue(i.TraefikLabels, label.TraefikDomain, p.Domain) if value := label.GetStringValue(i.SegmentLabels, label.TraefikFrontendRule, ""); len(value) != 0 {
return value
}
domain := label.GetStringValue(i.SegmentLabels, label.TraefikDomain, p.Domain)
defaultRule := "Host:" + strings.ToLower(strings.Replace(i.Name, "_", "-", -1)) + "." + domain defaultRule := "Host:" + strings.ToLower(strings.Replace(i.Name, "_", "-", -1)) + "." + domain
return label.GetStringValue(i.TraefikLabels, label.TraefikFrontendRule, defaultRule) return label.GetStringValue(i.TraefikLabels, label.TraefikFrontendRule, defaultRule)
} }
func (p *Provider) getFrontendName(instance ecsInstance) string {
name := getBackendName(instance)
if len(instance.SegmentName) > 0 {
name = instance.SegmentName + "-" + name
}
return provider.Normalize(name)
}
func getHost(i ecsInstance) string { func getHost(i ecsInstance) string {
return i.machine.privateIP return i.machine.privateIP
} }
func getPort(i ecsInstance) string { func getPort(i ecsInstance) string {
if value := label.GetStringValue(i.TraefikLabels, label.TraefikPort, ""); len(value) > 0 { value := label.GetStringValue(i.SegmentLabels, label.TraefikPort, "")
if len(value) == 0 {
value = label.GetStringValue(i.TraefikLabels, label.TraefikPort, "")
}
if len(value) > 0 {
port, err := strconv.ParseInt(value, 10, 64) port, err := strconv.ParseInt(value, 10, 64)
if err == nil { if err == nil {
for _, mapping := range i.machine.ports { for _, mapping := range i.machine.ports {
@ -138,6 +184,11 @@ func filterFrontends(instances []ecsInstance) []ecsInstance {
return fun.Filter(func(i ecsInstance) bool { return fun.Filter(func(i ecsInstance) bool {
backendName := getBackendName(i) backendName := getBackendName(i)
if len(i.SegmentName) > 0 {
backendName = backendName + "-" + i.SegmentName
}
_, found := byName[backendName] _, found := byName[backendName]
if !found { if !found {
byName[backendName] = struct{}{} byName[backendName] = struct{}{}
@ -154,14 +205,21 @@ func getServers(instances []ecsInstance) map[string]types.Server {
servers = make(map[string]types.Server) servers = make(map[string]types.Server)
} }
protocol := label.GetStringValue(instance.TraefikLabels, label.TraefikProtocol, label.DefaultProtocol) protocol := label.GetStringValue(instance.SegmentLabels, label.TraefikProtocol, label.DefaultProtocol)
host := getHost(instance) host := getHost(instance)
port := getPort(instance) port := getPort(instance)
serverName := provider.Normalize(fmt.Sprintf("server-%s-%s", instance.Name, instance.ID)) serverURL := fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(host, port))
serverName := getServerName(instance, serverURL)
if _, exist := servers[serverName]; exist {
log.Debugf("Skipping server %q with the same URL.", serverName)
continue
}
servers[serverName] = types.Server{ servers[serverName] = types.Server{
URL: fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(host, port)), URL: serverURL,
Weight: label.GetIntValue(instance.TraefikLabels, label.TraefikWeight, label.DefaultWeight), Weight: label.GetIntValue(instance.SegmentLabels, label.TraefikWeight, label.DefaultWeight),
} }
} }
@ -171,3 +229,18 @@ func getServers(instances []ecsInstance) map[string]types.Server {
func isEnabled(i ecsInstance, exposedByDefault bool) bool { func isEnabled(i ecsInstance, exposedByDefault bool) bool {
return label.GetBoolValue(i.TraefikLabels, label.TraefikEnable, exposedByDefault) return label.GetBoolValue(i.TraefikLabels, label.TraefikEnable, exposedByDefault)
} }
func getServerName(instance ecsInstance, url string) string {
hash := md5.New()
_, err := hash.Write([]byte(url))
if err != nil {
// Impossible case
log.Errorf("Fail to hash server URL %q", url)
}
if len(instance.SegmentName) > 0 {
return provider.Normalize(fmt.Sprintf("server-%s-%s-%s", instance.Name, instance.ID, hex.EncodeToString(hash.Sum(nil))))
}
return provider.Normalize(fmt.Sprintf("server-%s-%s", instance.Name, instance.ID))
}

View file

@ -0,0 +1,859 @@
package ecs
import (
"testing"
"time"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/containous/flaeg/parse"
"github.com/containous/traefik/provider/label"
"github.com/containous/traefik/types"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestSegmentBuildConfiguration(t *testing.T) {
testCases := []struct {
desc string
instanceInfo []ecsInstance
expectedFrontends map[string]*types.Frontend
expectedBackends map[string]*types.Backend
}{
{
desc: "when no container",
instanceInfo: []ecsInstance{},
expectedFrontends: map[string]*types.Frontend{},
expectedBackends: map[string]*types.Backend{},
},
{
desc: "simple configuration",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("foo"),
labels(map[string]string{
"traefik.sauternes.port": "2503",
"traefik.sauternes.frontend.entryPoints": "http,https",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 2503),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-foo-sauternes": {
Backend: "backend-foo-sauternes",
PassHostHeader: true,
EntryPoints: []string{"http", "https"},
Routes: map[string]types.Route{
"route-frontend-sauternes-foo-sauternes": {
Rule: "Host:foo.ecs.localhost",
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-foo-sauternes": {
Servers: map[string]types.Server{
"server-foo-123456789abc-863563a2e23c95502862016417ee95ea": {
URL: "http://127.0.0.1:2503",
Weight: label.DefaultWeight,
},
},
CircuitBreaker: nil,
},
},
},
{
desc: "auth basic",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("foo"),
labels(map[string]string{
"traefik.sauternes.port": "2503",
"traefik.sauternes.frontend.entryPoints": "http,https",
label.Prefix + "sauternes." + label.SuffixFrontendAuthHeaderField: "X-WebAuth-User",
label.Prefix + "sauternes." + label.SuffixFrontendAuthBasicUsers: "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
label.Prefix + "sauternes." + label.SuffixFrontendAuthBasicUsersFile: ".htpasswd",
label.Prefix + "sauternes." + label.SuffixFrontendAuthBasicRemoveHeader: "true",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 2503),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-foo-sauternes": {
Backend: "backend-foo-sauternes",
PassHostHeader: true,
EntryPoints: []string{"http", "https"},
Routes: map[string]types.Route{
"route-frontend-sauternes-foo-sauternes": {
Rule: "Host:foo.ecs.localhost",
},
},
Auth: &types.Auth{
HeaderField: "X-WebAuth-User",
Basic: &types.Basic{
RemoveHeader: true,
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
UsersFile: ".htpasswd",
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-foo-sauternes": {
Servers: map[string]types.Server{
"server-foo-123456789abc-863563a2e23c95502862016417ee95ea": {
URL: "http://127.0.0.1:2503",
Weight: label.DefaultWeight,
},
},
CircuitBreaker: nil,
},
},
},
{
desc: "auth basic backward compatibility",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("foo"),
labels(map[string]string{
"traefik.sauternes.port": "2503",
"traefik.sauternes.frontend.entryPoints": "http,https",
label.Prefix + "sauternes." + label.SuffixFrontendAuthBasic: "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 2503),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-foo-sauternes": {
Backend: "backend-foo-sauternes",
PassHostHeader: true,
EntryPoints: []string{"http", "https"},
Routes: map[string]types.Route{
"route-frontend-sauternes-foo-sauternes": {
Rule: "Host:foo.ecs.localhost",
},
},
Auth: &types.Auth{
Basic: &types.Basic{
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-foo-sauternes": {
Servers: map[string]types.Server{
"server-foo-123456789abc-863563a2e23c95502862016417ee95ea": {
URL: "http://127.0.0.1:2503",
Weight: label.DefaultWeight,
},
},
CircuitBreaker: nil,
},
},
},
{
desc: "auth digest",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("foo"),
labels(map[string]string{
"traefik.sauternes.port": "2503",
"traefik.sauternes.frontend.entryPoints": "http,https",
label.Prefix + "sauternes." + label.SuffixFrontendAuthHeaderField: "X-WebAuth-User",
label.Prefix + "sauternes." + label.SuffixFrontendAuthDigestUsers: "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
label.Prefix + "sauternes." + label.SuffixFrontendAuthDigestUsersFile: ".htpasswd",
label.Prefix + "sauternes." + label.SuffixFrontendAuthDigestRemoveHeader: "true",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 2503),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-foo-sauternes": {
Backend: "backend-foo-sauternes",
PassHostHeader: true,
EntryPoints: []string{"http", "https"},
Routes: map[string]types.Route{
"route-frontend-sauternes-foo-sauternes": {
Rule: "Host:foo.ecs.localhost",
},
},
Auth: &types.Auth{
HeaderField: "X-WebAuth-User",
Digest: &types.Digest{
RemoveHeader: true,
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
UsersFile: ".htpasswd",
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-foo-sauternes": {
Servers: map[string]types.Server{
"server-foo-123456789abc-863563a2e23c95502862016417ee95ea": {
URL: "http://127.0.0.1:2503",
Weight: label.DefaultWeight,
},
},
CircuitBreaker: nil,
},
},
},
{
desc: "auth forward",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("foo"),
labels(map[string]string{
"traefik.sauternes.port": "2503",
"traefik.sauternes.frontend.entryPoints": "http,https",
label.Prefix + "sauternes." + label.SuffixFrontendAuthHeaderField: "X-WebAuth-User",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardAddress: "auth.server",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTrustForwardHeader: "true",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSCa: "ca.crt",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSCaOptional: "true",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSCert: "server.crt",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSKey: "server.key",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSInsecureSkipVerify: "true",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 2503),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-foo-sauternes": {
Backend: "backend-foo-sauternes",
PassHostHeader: true,
EntryPoints: []string{"http", "https"},
Routes: map[string]types.Route{
"route-frontend-sauternes-foo-sauternes": {
Rule: "Host:foo.ecs.localhost",
},
},
Auth: &types.Auth{
HeaderField: "X-WebAuth-User",
Forward: &types.Forward{
Address: "auth.server",
TrustForwardHeader: true,
TLS: &types.ClientTLS{
CA: "ca.crt",
CAOptional: true,
Cert: "server.crt",
Key: "server.key",
InsecureSkipVerify: true,
},
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-foo-sauternes": {
Servers: map[string]types.Server{
"server-foo-123456789abc-863563a2e23c95502862016417ee95ea": {
URL: "http://127.0.0.1:2503",
Weight: label.DefaultWeight,
},
},
CircuitBreaker: nil,
},
},
},
{
desc: "when all labels are set",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("foo"),
labels(map[string]string{
label.Prefix + "sauternes." + label.SuffixPort: "666",
label.Prefix + "sauternes." + label.SuffixProtocol: "https",
label.Prefix + "sauternes." + label.SuffixWeight: "12",
label.Prefix + "sauternes." + label.SuffixFrontendAuthBasicRemoveHeader: "true",
label.Prefix + "sauternes." + label.SuffixFrontendAuthBasicUsers: "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
label.Prefix + "sauternes." + label.SuffixFrontendAuthBasicUsersFile: ".htpasswd",
label.Prefix + "sauternes." + label.SuffixFrontendAuthDigestRemoveHeader: "true",
label.Prefix + "sauternes." + label.SuffixFrontendAuthDigestUsers: "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
label.Prefix + "sauternes." + label.SuffixFrontendAuthDigestUsersFile: ".htpasswd",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardAddress: "auth.server",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTrustForwardHeader: "true",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSCa: "ca.crt",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSCaOptional: "true",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSCert: "server.crt",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSKey: "server.key",
label.Prefix + "sauternes." + label.SuffixFrontendAuthForwardTLSInsecureSkipVerify: "true",
label.Prefix + "sauternes." + label.SuffixFrontendAuthHeaderField: "X-WebAuth-User",
label.Prefix + "sauternes." + label.SuffixFrontendAuthBasic: "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
label.Prefix + "sauternes." + label.SuffixFrontendEntryPoints: "http,https",
label.Prefix + "sauternes." + label.SuffixFrontendPassHostHeader: "true",
label.Prefix + "sauternes." + label.SuffixFrontendPassTLSCert: "true",
label.Prefix + "sauternes." + label.SuffixFrontendPriority: "666",
label.Prefix + "sauternes." + label.SuffixFrontendRedirectEntryPoint: "https",
label.Prefix + "sauternes." + label.SuffixFrontendRedirectRegex: "nope",
label.Prefix + "sauternes." + label.SuffixFrontendRedirectReplacement: "nope",
label.Prefix + "sauternes." + label.SuffixFrontendRedirectPermanent: "true",
label.Prefix + "sauternes." + label.SuffixFrontendWhiteListSourceRange: "10.10.10.10",
label.Prefix + "sauternes." + label.SuffixFrontendWhiteListUseXForwardedFor: "true",
label.Prefix + "sauternes." + label.SuffixFrontendRequestHeaders: "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8",
label.Prefix + "sauternes." + label.SuffixFrontendResponseHeaders: "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLProxyHeaders: "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersAllowedHosts: "foo,bar,bor",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersHostsProxyHeaders: "foo,bar,bor",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLHost: "foo",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersCustomFrameOptionsValue: "foo",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersContentSecurityPolicy: "foo",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersPublicKey: "foo",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersReferrerPolicy: "foo",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersCustomBrowserXSSValue: "foo",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSTSSeconds: "666",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLForceHost: "true",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLRedirect: "true",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSTSIncludeSubdomains: "true",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSTSPreload: "true",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersForceSTSHeader: "true",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersFrameDeny: "true",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersContentTypeNosniff: "true",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersBrowserXSSFilter: "true",
label.Prefix + "sauternes." + label.SuffixFrontendHeadersIsDevelopment: "true",
label.Prefix + "sauternes." + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageStatus: "404",
label.Prefix + "sauternes." + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageBackend: "foobar",
label.Prefix + "sauternes." + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageQuery: "foo_query",
label.Prefix + "sauternes." + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageStatus: "500,600",
label.Prefix + "sauternes." + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageBackend: "foobar",
label.Prefix + "sauternes." + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageQuery: "bar_query",
label.Prefix + "sauternes." + label.SuffixFrontendRateLimitExtractorFunc: "client.ip",
label.Prefix + "sauternes." + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitPeriod: "6",
label.Prefix + "sauternes." + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitAverage: "12",
label.Prefix + "sauternes." + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitBurst: "18",
label.Prefix + "sauternes." + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: "3",
label.Prefix + "sauternes." + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: "6",
label.Prefix + "sauternes." + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: "9",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 666),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-foo-sauternes": {
Backend: "backend-foo-sauternes",
EntryPoints: []string{
"http",
"https",
},
PassHostHeader: true,
PassTLSCert: true,
Priority: 666,
Auth: &types.Auth{
HeaderField: "X-WebAuth-User",
Basic: &types.Basic{
RemoveHeader: true,
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
UsersFile: ".htpasswd",
},
},
WhiteList: &types.WhiteList{
SourceRange: []string{"10.10.10.10"},
UseXForwardedFor: true,
},
Headers: &types.Headers{
CustomRequestHeaders: map[string]string{
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
"Content-Type": "application/json; charset=utf-8",
},
CustomResponseHeaders: map[string]string{
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
"Content-Type": "application/json; charset=utf-8",
},
AllowedHosts: []string{
"foo",
"bar",
"bor",
},
HostsProxyHeaders: []string{
"foo",
"bar",
"bor",
},
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLForceHost: true,
SSLHost: "foo",
SSLProxyHeaders: map[string]string{
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
"Content-Type": "application/json; charset=utf-8",
},
STSSeconds: 666,
STSIncludeSubdomains: true,
STSPreload: true,
ForceSTSHeader: true,
FrameDeny: true,
CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true,
BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo",
PublicKey: "foo",
ReferrerPolicy: "foo",
IsDevelopment: true,
},
Errors: map[string]*types.ErrorPage{
"foo": {
Status: []string{"404"},
Query: "foo_query",
Backend: "backend-foobar",
},
"bar": {
Status: []string{"500", "600"},
Query: "bar_query",
Backend: "backend-foobar",
},
},
RateLimit: &types.RateLimit{
ExtractorFunc: "client.ip",
RateSet: map[string]*types.Rate{
"foo": {
Period: parse.Duration(6 * time.Second),
Average: 12,
Burst: 18,
},
"bar": {
Period: parse.Duration(3 * time.Second),
Average: 6,
Burst: 9,
},
},
},
Redirect: &types.Redirect{
EntryPoint: "https",
Regex: "",
Replacement: "",
Permanent: true,
},
Routes: map[string]types.Route{
"route-frontend-sauternes-foo-sauternes": {
Rule: "Host:foo.ecs.localhost",
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-foo-sauternes": {
Servers: map[string]types.Server{
"server-foo-123456789abc-7f6444e0dff3330c8b0ad2bbbd383b0f": {
URL: "https://127.0.0.1:666",
Weight: 12,
},
},
CircuitBreaker: nil,
},
},
},
{
desc: "several containers",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("test1"),
labels(map[string]string{
"traefik.sauternes.port": "2503",
"traefik.sauternes.protocol": "https",
"traefik.sauternes.weight": "80",
"traefik.sauternes.backend": "foobar",
"traefik.sauternes.frontend.passHostHeader": "false",
"traefik.sauternes.frontend.rule": "Path:/mypath",
"traefik.sauternes.frontend.priority": "5000",
"traefik.sauternes.frontend.entryPoints": "http,https,ws",
"traefik.sauternes.frontend.auth.basic": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
"traefik.sauternes.frontend.redirect.entryPoint": "https",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 2503),
),
),
),
instance(
ID("abc987654321"),
name("test2"),
labels(map[string]string{
"traefik.anothersauternes.port": "8079",
"traefik.anothersauternes.weight": "33",
"traefik.anothersauternes.frontend.rule": "Path:/anotherpath",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.2"),
mPorts(
mPort(80, 8079),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-test1-foobar": {
Backend: "backend-test1-foobar",
PassHostHeader: false,
Priority: 5000,
EntryPoints: []string{"http", "https", "ws"},
Auth: &types.Auth{
Basic: &types.Basic{
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
},
},
Redirect: &types.Redirect{
EntryPoint: "https",
},
Routes: map[string]types.Route{
"route-frontend-sauternes-test1-foobar": {
Rule: "Path:/mypath",
},
},
},
"frontend-anothersauternes-test2-anothersauternes": {
Backend: "backend-test2-anothersauternes",
PassHostHeader: true,
EntryPoints: []string{},
Routes: map[string]types.Route{
"route-frontend-anothersauternes-test2-anothersauternes": {
Rule: "Path:/anotherpath",
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-test1-foobar": {
Servers: map[string]types.Server{
"server-test1-123456789abc-79533a101142718f0fdf84c42593c41e": {
URL: "https://127.0.0.1:2503",
Weight: 80,
},
},
CircuitBreaker: nil,
},
"backend-test2-anothersauternes": {
Servers: map[string]types.Server{
"server-test2-abc987654321-045e3e4aa5a744a325c099b803700a93": {
URL: "http://127.0.0.2:8079",
Weight: 33,
},
},
CircuitBreaker: nil,
},
},
},
{
desc: "several segments with the same backend name and same port",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("test1"),
labels(map[string]string{
"traefik.port": "2503",
"traefik.protocol": "https",
"traefik.weight": "80",
"traefik.frontend.entryPoints": "http,https",
"traefik.frontend.redirect.entryPoint": "https",
"traefik.sauternes.backend": "foobar",
"traefik.sauternes.frontend.rule": "Path:/sauternes",
"traefik.sauternes.frontend.priority": "5000",
"traefik.arbois.backend": "foobar",
"traefik.arbois.frontend.rule": "Path:/arbois",
"traefik.arbois.frontend.priority": "3000",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 2503),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-test1-foobar": {
Backend: "backend-test1-foobar",
PassHostHeader: true,
Priority: 5000,
EntryPoints: []string{"http", "https"},
Redirect: &types.Redirect{
EntryPoint: "https",
},
Routes: map[string]types.Route{
"route-frontend-sauternes-test1-foobar": {
Rule: "Path:/sauternes",
},
},
},
"frontend-arbois-test1-foobar": {
Backend: "backend-test1-foobar",
PassHostHeader: true,
Priority: 3000,
EntryPoints: []string{"http", "https"},
Redirect: &types.Redirect{
EntryPoint: "https",
},
Routes: map[string]types.Route{
"route-frontend-arbois-test1-foobar": {
Rule: "Path:/arbois",
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-test1-foobar": {
Servers: map[string]types.Server{
"server-test1-123456789abc-79533a101142718f0fdf84c42593c41e": {
URL: "https://127.0.0.1:2503",
Weight: 80,
},
},
CircuitBreaker: nil,
},
},
},
{
desc: "several segments with the same backend name and different port (wrong behavior)",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("test1"),
labels(map[string]string{
"traefik.protocol": "https",
"traefik.frontend.entryPoints": "http,https",
"traefik.frontend.redirect.entryPoint": "https",
"traefik.sauternes.port": "2503",
"traefik.sauternes.weight": "80",
"traefik.sauternes.backend": "foobar",
"traefik.sauternes.frontend.rule": "Path:/sauternes",
"traefik.sauternes.frontend.priority": "5000",
"traefik.arbois.port": "2504",
"traefik.arbois.weight": "90",
"traefik.arbois.backend": "foobar",
"traefik.arbois.frontend.rule": "Path:/arbois",
"traefik.arbois.frontend.priority": "3000",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 2503),
mPort(80, 2504),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-test1-foobar": {
Backend: "backend-test1-foobar",
PassHostHeader: true,
Priority: 5000,
EntryPoints: []string{"http", "https"},
Redirect: &types.Redirect{
EntryPoint: "https",
},
Routes: map[string]types.Route{
"route-frontend-sauternes-test1-foobar": {
Rule: "Path:/sauternes",
},
},
},
"frontend-arbois-test1-foobar": {
Backend: "backend-test1-foobar",
PassHostHeader: true,
Priority: 3000,
EntryPoints: []string{"http", "https"},
Redirect: &types.Redirect{
EntryPoint: "https",
},
Routes: map[string]types.Route{
"route-frontend-arbois-test1-foobar": {
Rule: "Path:/arbois",
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-test1-foobar": {
Servers: map[string]types.Server{
"server-test1-123456789abc-79533a101142718f0fdf84c42593c41e": {
URL: "https://127.0.0.1:2503",
Weight: 80,
},
"server-test1-123456789abc-315a41140f1bd825b066e39686c18482": {
URL: "https://127.0.0.1:2504",
Weight: 90,
},
},
CircuitBreaker: nil,
},
},
},
{
desc: "several segments with the same backend name and different port binding",
instanceInfo: []ecsInstance{
instance(
ID("123456789abc"),
name("test1"),
labels(map[string]string{
"traefik.protocol": "https",
"traefik.frontend.entryPoints": "http,https",
"traefik.frontend.redirect.entryPoint": "https",
"traefik.sauternes.port": "2503",
"traefik.sauternes.weight": "80",
"traefik.sauternes.backend": "foobar",
"traefik.sauternes.frontend.rule": "Path:/sauternes",
"traefik.sauternes.frontend.priority": "5000",
"traefik.arbois.port": "8080",
"traefik.arbois.weight": "90",
"traefik.arbois.backend": "foobar",
"traefik.arbois.frontend.rule": "Path:/arbois",
"traefik.arbois.frontend.priority": "3000",
}),
iMachine(
mName("machine1"),
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 2503),
mPort(8080, 2504),
),
),
),
},
expectedFrontends: map[string]*types.Frontend{
"frontend-sauternes-test1-foobar": {
Backend: "backend-test1-foobar",
PassHostHeader: true,
Priority: 5000,
EntryPoints: []string{"http", "https"},
Redirect: &types.Redirect{
EntryPoint: "https",
},
Routes: map[string]types.Route{
"route-frontend-sauternes-test1-foobar": {
Rule: "Path:/sauternes",
},
},
},
"frontend-arbois-test1-foobar": {
Backend: "backend-test1-foobar",
PassHostHeader: true,
Priority: 3000,
EntryPoints: []string{"http", "https"},
Redirect: &types.Redirect{
EntryPoint: "https",
},
Routes: map[string]types.Route{
"route-frontend-arbois-test1-foobar": {
Rule: "Path:/arbois",
},
},
},
},
expectedBackends: map[string]*types.Backend{
"backend-test1-foobar": {
Servers: map[string]types.Server{
"server-test1-123456789abc-79533a101142718f0fdf84c42593c41e": {
URL: "https://127.0.0.1:2503",
Weight: 80,
},
"server-test1-123456789abc-315a41140f1bd825b066e39686c18482": {
URL: "https://127.0.0.1:2504",
Weight: 90,
},
},
CircuitBreaker: nil,
},
},
},
}
provider := &Provider{
Domain: "ecs.localhost",
ExposedByDefault: true,
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
actualConfig, err := provider.buildConfiguration(test.instanceInfo)
assert.NoError(t, err)
require.NotNil(t, actualConfig, "actualConfig")
assert.EqualValues(t, test.expectedBackends, actualConfig.Backends)
assert.EqualValues(t, test.expectedFrontends, actualConfig.Frontends)
})
}
}

View file

@ -23,18 +23,18 @@ func TestBuildConfiguration(t *testing.T) {
{ {
desc: "config parsed successfully", desc: "config parsed successfully",
instances: []ecsInstance{ instances: []ecsInstance{
{ instance(
Name: "instance", name("instance"),
ID: "1", ID("1"),
containerDefinition: &ecs.ContainerDefinition{ dockerLabels(map[string]*string{}),
DockerLabels: map[string]*string{}, iMachine(
}, mState(ec2.InstanceStateNameRunning),
machine: &machine{ mPrivateIP("10.0.0.1"),
state: ec2.InstanceStateNameRunning, mPorts(
privateIP: "10.0.0.1", mPort(0, 1337),
ports: []portMapping{{hostPort: 1337}}, ),
}, ),
}, ),
}, },
expected: &types.Configuration{ expected: &types.Configuration{
Backends: map[string]*types.Backend{ Backends: map[string]*types.Backend{
@ -63,20 +63,21 @@ func TestBuildConfiguration(t *testing.T) {
{ {
desc: "config parsed successfully with health check labels", desc: "config parsed successfully with health check labels",
instances: []ecsInstance{ instances: []ecsInstance{
{ instance(
Name: "instance", name("instance"),
ID: "1", ID("1"),
containerDefinition: &ecs.ContainerDefinition{ dockerLabels(map[string]*string{
DockerLabels: map[string]*string{
label.TraefikBackendHealthCheckPath: aws.String("/health"), label.TraefikBackendHealthCheckPath: aws.String("/health"),
label.TraefikBackendHealthCheckInterval: aws.String("1s"), label.TraefikBackendHealthCheckInterval: aws.String("1s"),
}}, }),
machine: &machine{ iMachine(
state: ec2.InstanceStateNameRunning, mState(ec2.InstanceStateNameRunning),
privateIP: "10.0.0.1", mPrivateIP("10.0.0.1"),
ports: []portMapping{{hostPort: 1337}}, mPorts(
}, mPort(0, 1337),
}, ),
),
),
}, },
expected: &types.Configuration{ expected: &types.Configuration{
Backends: map[string]*types.Backend{ Backends: map[string]*types.Backend{
@ -109,22 +110,23 @@ func TestBuildConfiguration(t *testing.T) {
{ {
desc: "config parsed successfully with basic auth labels", desc: "config parsed successfully with basic auth labels",
instances: []ecsInstance{ instances: []ecsInstance{
{ instance(
Name: "instance", name("instance"),
ID: "1", ID("1"),
containerDefinition: &ecs.ContainerDefinition{ dockerLabels(map[string]*string{
DockerLabels: map[string]*string{
label.TraefikFrontendAuthBasicUsers: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), label.TraefikFrontendAuthBasicUsers: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
label.TraefikFrontendAuthBasicUsersFile: aws.String(".htpasswd"), label.TraefikFrontendAuthBasicUsersFile: aws.String(".htpasswd"),
label.TraefikFrontendAuthBasicRemoveHeader: aws.String("true"), label.TraefikFrontendAuthBasicRemoveHeader: aws.String("true"),
label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"), label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"),
}}, }),
machine: &machine{ iMachine(
state: ec2.InstanceStateNameRunning, mState(ec2.InstanceStateNameRunning),
privateIP: "10.0.0.1", mPrivateIP("10.0.0.1"),
ports: []portMapping{{hostPort: 1337}}, mPorts(
}, mPort(0, 1337),
}, ),
),
),
}, },
expected: &types.Configuration{ expected: &types.Configuration{
Backends: map[string]*types.Backend{ Backends: map[string]*types.Backend{
@ -162,19 +164,20 @@ func TestBuildConfiguration(t *testing.T) {
{ {
desc: "config parsed successfully with basic auth (backward compatibility) labels", desc: "config parsed successfully with basic auth (backward compatibility) labels",
instances: []ecsInstance{ instances: []ecsInstance{
{ instance(
Name: "instance", name("instance"),
ID: "1", ID("1"),
containerDefinition: &ecs.ContainerDefinition{ dockerLabels(map[string]*string{
DockerLabels: map[string]*string{
label.TraefikFrontendAuthBasic: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), label.TraefikFrontendAuthBasic: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
}}, }),
machine: &machine{ iMachine(
state: ec2.InstanceStateNameRunning, mState(ec2.InstanceStateNameRunning),
privateIP: "10.0.0.1", mPrivateIP("10.0.0.1"),
ports: []portMapping{{hostPort: 1337}}, mPorts(
}, mPort(0, 1337),
}, ),
),
),
}, },
expected: &types.Configuration{ expected: &types.Configuration{
Backends: map[string]*types.Backend{ Backends: map[string]*types.Backend{
@ -209,22 +212,23 @@ func TestBuildConfiguration(t *testing.T) {
{ {
desc: "config parsed successfully with digest auth labels", desc: "config parsed successfully with digest auth labels",
instances: []ecsInstance{ instances: []ecsInstance{
{ instance(
Name: "instance", name("instance"),
ID: "1", ID("1"),
containerDefinition: &ecs.ContainerDefinition{ dockerLabels(map[string]*string{
DockerLabels: map[string]*string{
label.TraefikFrontendAuthDigestRemoveHeader: aws.String("true"), label.TraefikFrontendAuthDigestRemoveHeader: aws.String("true"),
label.TraefikFrontendAuthDigestUsers: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"), label.TraefikFrontendAuthDigestUsers: aws.String("test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
label.TraefikFrontendAuthDigestUsersFile: aws.String(".htpasswd"), label.TraefikFrontendAuthDigestUsersFile: aws.String(".htpasswd"),
label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"), label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"),
}}, }),
machine: &machine{ iMachine(
state: ec2.InstanceStateNameRunning, mState(ec2.InstanceStateNameRunning),
privateIP: "10.0.0.1", mPrivateIP("10.0.0.1"),
ports: []portMapping{{hostPort: 1337}}, mPorts(
}, mPort(0, 1337),
}, ),
),
),
}, },
expected: &types.Configuration{ expected: &types.Configuration{
Backends: map[string]*types.Backend{ Backends: map[string]*types.Backend{
@ -262,11 +266,10 @@ func TestBuildConfiguration(t *testing.T) {
{ {
desc: "config parsed successfully with forward auth labels", desc: "config parsed successfully with forward auth labels",
instances: []ecsInstance{ instances: []ecsInstance{
{ instance(
Name: "instance", name("instance"),
ID: "1", ID("1"),
containerDefinition: &ecs.ContainerDefinition{ dockerLabels(map[string]*string{
DockerLabels: map[string]*string{
label.TraefikFrontendAuthForwardAddress: aws.String("auth.server"), label.TraefikFrontendAuthForwardAddress: aws.String("auth.server"),
label.TraefikFrontendAuthForwardTrustForwardHeader: aws.String("true"), label.TraefikFrontendAuthForwardTrustForwardHeader: aws.String("true"),
label.TraefikFrontendAuthForwardTLSCa: aws.String("ca.crt"), label.TraefikFrontendAuthForwardTLSCa: aws.String("ca.crt"),
@ -274,13 +277,15 @@ func TestBuildConfiguration(t *testing.T) {
label.TraefikFrontendAuthForwardTLSCert: aws.String("server.crt"), label.TraefikFrontendAuthForwardTLSCert: aws.String("server.crt"),
label.TraefikFrontendAuthForwardTLSKey: aws.String("server.key"), label.TraefikFrontendAuthForwardTLSKey: aws.String("server.key"),
label.TraefikFrontendAuthForwardTLSInsecureSkipVerify: aws.String("true"), label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"), label.TraefikFrontendAuthForwardTLSInsecureSkipVerify: aws.String("true"), label.TraefikFrontendAuthHeaderField: aws.String("X-WebAuth-User"),
}}, }),
machine: &machine{ iMachine(
state: ec2.InstanceStateNameRunning, mState(ec2.InstanceStateNameRunning),
privateIP: "10.0.0.1", mPrivateIP("10.0.0.1"),
ports: []portMapping{{hostPort: 1337}}, mPorts(
}, mPort(0, 1337),
}, ),
),
),
}, },
expected: &types.Configuration{ expected: &types.Configuration{
Backends: map[string]*types.Backend{ Backends: map[string]*types.Backend{
@ -323,11 +328,10 @@ func TestBuildConfiguration(t *testing.T) {
{ {
desc: "when all labels are set", desc: "when all labels are set",
instances: []ecsInstance{ instances: []ecsInstance{
{ instance(
Name: "testing-instance", name("testing-instance"),
ID: "6", ID("6"),
containerDefinition: &ecs.ContainerDefinition{ dockerLabels(map[string]*string{
DockerLabels: map[string]*string{
label.TraefikPort: aws.String("666"), label.TraefikPort: aws.String("666"),
label.TraefikProtocol: aws.String("https"), label.TraefikProtocol: aws.String("https"),
label.TraefikWeight: aws.String("12"), label.TraefikWeight: aws.String("12"),
@ -418,13 +422,15 @@ func TestBuildConfiguration(t *testing.T) {
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: aws.String("3"), label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: aws.String("3"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: aws.String("6"), label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: aws.String("6"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: aws.String("9"), label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: aws.String("9"),
}}, }),
machine: &machine{ iMachine(
state: ec2.InstanceStateNameRunning, mState(ec2.InstanceStateNameRunning),
privateIP: "10.0.0.1", mPrivateIP("10.0.0.1"),
ports: []portMapping{{hostPort: 1337}}, mPorts(
}, mPort(0, 1337),
}, ),
),
),
}, },
expected: &types.Configuration{ expected: &types.Configuration{
Backends: map[string]*types.Backend{ Backends: map[string]*types.Backend{
@ -583,11 +589,10 @@ func TestBuildConfiguration(t *testing.T) {
{ {
desc: "Containers with same backend name", desc: "Containers with same backend name",
instances: []ecsInstance{ instances: []ecsInstance{
{ instance(
Name: "testing-instance-v1", name("testing-instance-v1"),
ID: "6", ID("6"),
containerDefinition: &ecs.ContainerDefinition{ dockerLabels(map[string]*string{
DockerLabels: map[string]*string{
label.TraefikPort: aws.String("666"), label.TraefikPort: aws.String("666"),
label.TraefikProtocol: aws.String("https"), label.TraefikProtocol: aws.String("https"),
label.TraefikWeight: aws.String("12"), label.TraefikWeight: aws.String("12"),
@ -663,18 +668,19 @@ func TestBuildConfiguration(t *testing.T) {
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: aws.String("3"), label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: aws.String("3"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: aws.String("6"), label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: aws.String("6"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: aws.String("9"), label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: aws.String("9"),
}}, }),
machine: &machine{ iMachine(
state: ec2.InstanceStateNameRunning, mState(ec2.InstanceStateNameRunning),
privateIP: "10.0.0.1", mPrivateIP("10.0.0.1"),
ports: []portMapping{{hostPort: 1337}}, mPorts(
}, mPort(0, 1337),
}, ),
{ ),
Name: "testing-instance-v2", ),
ID: "6", instance(
containerDefinition: &ecs.ContainerDefinition{ name("testing-instance-v2"),
DockerLabels: map[string]*string{ ID("6"),
dockerLabels(map[string]*string{
label.TraefikPort: aws.String("555"), label.TraefikPort: aws.String("555"),
label.TraefikProtocol: aws.String("https"), label.TraefikProtocol: aws.String("https"),
label.TraefikWeight: aws.String("15"), label.TraefikWeight: aws.String("15"),
@ -750,13 +756,15 @@ func TestBuildConfiguration(t *testing.T) {
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: aws.String("3"), label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod: aws.String("3"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: aws.String("6"), label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage: aws.String("6"),
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: aws.String("9"), label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst: aws.String("9"),
}}, }),
machine: &machine{ iMachine(
state: ec2.InstanceStateNameRunning, mState(ec2.InstanceStateNameRunning),
privateIP: "10.2.2.1", mPrivateIP("10.2.2.1"),
ports: []portMapping{{hostPort: 1337}}, mPorts(
}, mPort(0, 1337),
}, ),
),
),
}, },
expected: &types.Configuration{ expected: &types.Configuration{
Backends: map[string]*types.Backend{ Backends: map[string]*types.Backend{

View file

@ -45,7 +45,7 @@ func (p *Provider) buildConfigurationV1(instances []ecsInstance) (*types.Configu
// Frontend functions // Frontend functions
"filterFrontends": filterFrontendsV1, "filterFrontends": filterFrontendsV1,
"getFrontendRule": p.getFrontendRule, "getFrontendRule": p.getFrontendRuleV1,
"getPassHostHeader": getFuncBoolValueV1(label.TraefikFrontendPassHostHeader, label.DefaultPassHostHeader), "getPassHostHeader": getFuncBoolValueV1(label.TraefikFrontendPassHostHeader, label.DefaultPassHostHeader),
"getPassTLSCert": getFuncBoolValueV1(label.TraefikFrontendPassTLSCert, label.DefaultPassTLSCert), "getPassTLSCert": getFuncBoolValueV1(label.TraefikFrontendPassTLSCert, label.DefaultPassTLSCert),
"getPriority": getFuncIntValueV1(label.TraefikFrontendPriority, label.DefaultFrontendPriority), "getPriority": getFuncIntValueV1(label.TraefikFrontendPriority, label.DefaultFrontendPriority),
@ -70,7 +70,7 @@ func filterFrontendsV1(instances []ecsInstance) []ecsInstance {
byName := make(map[string]struct{}) byName := make(map[string]struct{})
return fun.Filter(func(i ecsInstance) bool { return fun.Filter(func(i ecsInstance) bool {
backendName := getBackendName(i) backendName := getBackendNameV1(i)
_, found := byName[backendName] _, found := byName[backendName]
if !found { if !found {
byName[backendName] = struct{}{} byName[backendName] = struct{}{}
@ -79,6 +79,14 @@ func filterFrontendsV1(instances []ecsInstance) []ecsInstance {
}, instances).([]ecsInstance) }, instances).([]ecsInstance)
} }
// Deprecated
func (p *Provider) getFrontendRuleV1(i ecsInstance) string {
domain := label.GetStringValue(i.TraefikLabels, label.TraefikDomain, p.Domain)
defaultRule := "Host:" + strings.ToLower(strings.Replace(i.Name, "_", "-", -1)) + "." + domain
return label.GetStringValue(i.TraefikLabels, label.TraefikFrontendRule, defaultRule)
}
// Deprecated // Deprecated
func (p *Provider) filterInstanceV1(i ecsInstance) bool { func (p *Provider) filterInstanceV1(i ecsInstance) bool {
if i.machine == nil { if i.machine == nil {

View file

@ -46,6 +46,8 @@ type ecsInstance struct {
containerDefinition *ecs.ContainerDefinition containerDefinition *ecs.ContainerDefinition
machine *machine machine *machine
TraefikLabels map[string]string TraefikLabels map[string]string
SegmentLabels map[string]string
SegmentName string
} }
type portMapping struct { type portMapping struct {

View file

@ -2,13 +2,13 @@
{{range $serviceName, $instances := .Services }} {{range $serviceName, $instances := .Services }}
{{ $firstInstance := index $instances 0 }} {{ $firstInstance := index $instances 0 }}
{{ $circuitBreaker := getCircuitBreaker $firstInstance.TraefikLabels }} {{ $circuitBreaker := getCircuitBreaker $firstInstance.SegmentLabels }}
{{if $circuitBreaker }} {{if $circuitBreaker }}
[backends."backend-{{ $serviceName }}".circuitBreaker] [backends."backend-{{ $serviceName }}".circuitBreaker]
expression = "{{ $circuitBreaker.Expression }}" expression = "{{ $circuitBreaker.Expression }}"
{{end}} {{end}}
{{ $loadBalancer := getLoadBalancer $firstInstance.TraefikLabels }} {{ $loadBalancer := getLoadBalancer $firstInstance.SegmentLabels }}
{{if $loadBalancer }} {{if $loadBalancer }}
[backends."backend-{{ $serviceName }}".loadBalancer] [backends."backend-{{ $serviceName }}".loadBalancer]
method = "{{ $loadBalancer.Method }}" method = "{{ $loadBalancer.Method }}"
@ -19,14 +19,14 @@
{{end}} {{end}}
{{end}} {{end}}
{{ $maxConn := getMaxConn $firstInstance.TraefikLabels }} {{ $maxConn := getMaxConn $firstInstance.SegmentLabels }}
{{if $maxConn }} {{if $maxConn }}
[backends."backend-{{ $serviceName }}".maxConn] [backends."backend-{{ $serviceName }}".maxConn]
extractorFunc = "{{ $maxConn.ExtractorFunc }}" extractorFunc = "{{ $maxConn.ExtractorFunc }}"
amount = {{ $maxConn.Amount }} amount = {{ $maxConn.Amount }}
{{end}} {{end}}
{{ $healthCheck := getHealthCheck $firstInstance.TraefikLabels }} {{ $healthCheck := getHealthCheck $firstInstance.SegmentLabels }}
{{if $healthCheck }} {{if $healthCheck }}
[backends."backend-{{ $serviceName }}".healthCheck] [backends."backend-{{ $serviceName }}".healthCheck]
scheme = "{{ $healthCheck.Scheme }}" scheme = "{{ $healthCheck.Scheme }}"
@ -42,7 +42,7 @@
{{end}} {{end}}
{{end}} {{end}}
{{ $buffering := getBuffering $firstInstance.TraefikLabels }} {{ $buffering := getBuffering $firstInstance.SegmentLabels }}
{{if $buffering }} {{if $buffering }}
[backends."backend-{{ $serviceName }}".buffering] [backends."backend-{{ $serviceName }}".buffering]
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }} maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
@ -64,28 +64,30 @@
{{range $serviceName, $instances := .Services }} {{range $serviceName, $instances := .Services }}
{{range $instance := filterFrontends $instances }} {{range $instance := filterFrontends $instances }}
[frontends."frontend-{{ $serviceName }}"] {{ $frontendName := getFrontendName $instance }}
backend = "backend-{{ $serviceName }}"
priority = {{ getPriority $instance.TraefikLabels }}
passHostHeader = {{ getPassHostHeader $instance.TraefikLabels }}
passTLSCert = {{ getPassTLSCert $instance.TraefikLabels }}
entryPoints = [{{range getEntryPoints $instance.TraefikLabels }} [frontends."frontend-{{ $frontendName }}"]
backend = "backend-{{ $serviceName }}"
priority = {{ getPriority $instance.SegmentLabels }}
passHostHeader = {{ getPassHostHeader $instance.SegmentLabels }}
passTLSCert = {{ getPassTLSCert $instance.SegmentLabels }}
entryPoints = [{{range getEntryPoints $instance.SegmentLabels }}
"{{.}}", "{{.}}",
{{end}}] {{end}}]
{{ $auth := getAuth $instance.TraefikLabels }} {{ $auth := getAuth $instance.SegmentLabels }}
{{if $auth }} {{if $auth }}
[frontends."frontend-{{ $serviceName }}".auth] [frontends."frontend-{{ $frontendName }}".auth]
headerField = "{{ $auth.HeaderField }}" headerField = "{{ $auth.HeaderField }}"
{{if $auth.Forward }} {{if $auth.Forward }}
[frontends."frontend-{{ $serviceName }}".auth.forward] [frontends."frontend-{{ $frontendName }}".auth.forward]
address = "{{ $auth.Forward.Address }}" address = "{{ $auth.Forward.Address }}"
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }} trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
{{if $auth.Forward.TLS }} {{if $auth.Forward.TLS }}
[frontends."frontend-{{ $serviceName }}".auth.forward.tls] [frontends."frontend-{{ $frontendName }}".auth.forward.tls]
ca = "{{ $auth.Forward.TLS.CA }}" ca = "{{ $auth.Forward.TLS.CA }}"
caOptional = {{ $auth.Forward.TLS.CAOptional }} caOptional = {{ $auth.Forward.TLS.CAOptional }}
cert = """{{ $auth.Forward.TLS.Cert }}""" cert = """{{ $auth.Forward.TLS.Cert }}"""
@ -95,7 +97,7 @@
{{end}} {{end}}
{{if $auth.Basic }} {{if $auth.Basic }}
[frontends."frontend-{{ $serviceName }}".auth.basic] [frontends."frontend-{{ $frontendName }}".auth.basic]
removeHeader = {{ $auth.Basic.RemoveHeader }} removeHeader = {{ $auth.Basic.RemoveHeader }}
{{if $auth.Basic.Users }} {{if $auth.Basic.Users }}
users = [{{range $auth.Basic.Users }} users = [{{range $auth.Basic.Users }}
@ -106,7 +108,7 @@
{{end}} {{end}}
{{if $auth.Digest }} {{if $auth.Digest }}
[frontends."frontend-{{ $serviceName }}".auth.digest] [frontends."frontend-{{ $frontendName }}".auth.digest]
removeHeader = {{ $auth.Digest.RemoveHeader }} removeHeader = {{ $auth.Digest.RemoveHeader }}
{{if $auth.Digest.Users }} {{if $auth.Digest.Users }}
users = [{{range $auth.Digest.Users }} users = [{{range $auth.Digest.Users }}
@ -117,29 +119,29 @@
{{end}} {{end}}
{{end}} {{end}}
{{ $whitelist := getWhiteList $instance.TraefikLabels }} {{ $whitelist := getWhiteList $instance.SegmentLabels }}
{{if $whitelist }} {{if $whitelist }}
[frontends."frontend-{{ $serviceName }}".whiteList] [frontends."frontend-{{ $frontendName }}".whiteList]
sourceRange = [{{range $whitelist.SourceRange }} sourceRange = [{{range $whitelist.SourceRange }}
"{{.}}", "{{.}}",
{{end}}] {{end}}]
useXForwardedFor = {{ $whitelist.UseXForwardedFor }} useXForwardedFor = {{ $whitelist.UseXForwardedFor }}
{{end}} {{end}}
{{ $redirect := getRedirect $instance.TraefikLabels }} {{ $redirect := getRedirect $instance.SegmentLabels }}
{{if $redirect }} {{if $redirect }}
[frontends."frontend-{{ $serviceName }}".redirect] [frontends."frontend-{{ $frontendName }}".redirect]
entryPoint = "{{ $redirect.EntryPoint }}" entryPoint = "{{ $redirect.EntryPoint }}"
regex = "{{ $redirect.Regex }}" regex = "{{ $redirect.Regex }}"
replacement = "{{ $redirect.Replacement }}" replacement = "{{ $redirect.Replacement }}"
permanent = {{ $redirect.Permanent }} permanent = {{ $redirect.Permanent }}
{{end}} {{end}}
{{ $errorPages := getErrorPages $instance.TraefikLabels }} {{ $errorPages := getErrorPages $instance.SegmentLabels }}
{{if $errorPages }} {{if $errorPages }}
[frontends."frontend-{{ $serviceName }}".errors] [frontends."frontend-{{ $frontendName }}".errors]
{{range $pageName, $page := $errorPages }} {{range $pageName, $page := $errorPages }}
[frontends."frontend-{{ $serviceName }}".errors."{{ $pageName }}"] [frontends."frontend-{{ $frontendName }}".errors."{{ $pageName }}"]
status = [{{range $page.Status }} status = [{{range $page.Status }}
"{{.}}", "{{.}}",
{{end}}] {{end}}]
@ -148,22 +150,22 @@
{{end}} {{end}}
{{end}} {{end}}
{{ $rateLimit := getRateLimit $instance.TraefikLabels }} {{ $rateLimit := getRateLimit $instance.SegmentLabels }}
{{if $rateLimit }} {{if $rateLimit }}
[frontends."frontend-{{ $serviceName }}".rateLimit] [frontends."frontend-{{ $frontendName }}".rateLimit]
extractorFunc = "{{ $rateLimit.ExtractorFunc }}" extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
[frontends."frontend-{{ $serviceName }}".rateLimit.rateSet] [frontends."frontend-{{ $frontendName }}".rateLimit.rateSet]
{{ range $limitName, $limit := $rateLimit.RateSet }} {{ range $limitName, $limit := $rateLimit.RateSet }}
[frontends."frontend-{{ $serviceName }}".rateLimit.rateSet."{{ $limitName }}"] [frontends."frontend-{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
period = "{{ $limit.Period }}" period = "{{ $limit.Period }}"
average = {{ $limit.Average }} average = {{ $limit.Average }}
burst = {{ $limit.Burst }} burst = {{ $limit.Burst }}
{{end}} {{end}}
{{end}} {{end}}
{{ $headers := getHeaders $instance.TraefikLabels }} {{ $headers := getHeaders $instance.SegmentLabels }}
{{if $headers }} {{if $headers }}
[frontends."frontend-{{ $serviceName }}".headers] [frontends."frontend-{{ $frontendName }}".headers]
SSLRedirect = {{ $headers.SSLRedirect }} SSLRedirect = {{ $headers.SSLRedirect }}
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }} SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
SSLHost = "{{ $headers.SSLHost }}" SSLHost = "{{ $headers.SSLHost }}"
@ -195,28 +197,28 @@
{{end}} {{end}}
{{if $headers.CustomRequestHeaders }} {{if $headers.CustomRequestHeaders }}
[frontends."frontend-{{ $serviceName }}".headers.customRequestHeaders] [frontends."frontend-{{ $frontendName }}".headers.customRequestHeaders]
{{range $k, $v := $headers.CustomRequestHeaders }} {{range $k, $v := $headers.CustomRequestHeaders }}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if $headers.CustomResponseHeaders }} {{if $headers.CustomResponseHeaders }}
[frontends."frontend-{{ $serviceName }}".headers.customResponseHeaders] [frontends."frontend-{{ $frontendName }}".headers.customResponseHeaders]
{{range $k, $v := $headers.CustomResponseHeaders }} {{range $k, $v := $headers.CustomResponseHeaders }}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if $headers.SSLProxyHeaders }} {{if $headers.SSLProxyHeaders }}
[frontends."frontend-{{ $serviceName }}".headers.SSLProxyHeaders] [frontends."frontend-{{ $frontendName }}".headers.SSLProxyHeaders]
{{range $k, $v := $headers.SSLProxyHeaders }} {{range $k, $v := $headers.SSLProxyHeaders }}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{end}} {{end}}
[frontends."frontend-{{ $serviceName }}".routes."route-frontend-{{ $serviceName }}"] [frontends."frontend-{{ $frontendName }}".routes."route-frontend-{{ $frontendName }}"]
rule = "{{ getFrontendRule $instance }}" rule = "{{ getFrontendRule $instance }}"
{{end}} {{end}}