Merge github.com:traefik/traefik
This commit is contained in:
commit
f6ee1b343a
95 changed files with 1075 additions and 638 deletions
2
.github/workflows/build.yaml
vendored
2
.github/workflows/build.yaml
vendored
|
@ -56,7 +56,7 @@ jobs:
|
|||
fetch-depth: 0
|
||||
|
||||
- name: Cache Go modules
|
||||
uses: actions/cache@v2
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: |
|
||||
~/go/pkg/mod
|
||||
|
|
2
.github/workflows/test-unit.yaml
vendored
2
.github/workflows/test-unit.yaml
vendored
|
@ -31,7 +31,7 @@ jobs:
|
|||
fetch-depth: 0
|
||||
|
||||
- name: Cache Go modules
|
||||
uses: actions/cache@v2
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: |
|
||||
~/go/pkg/mod
|
||||
|
|
4
.github/workflows/validate.yaml
vendored
4
.github/workflows/validate.yaml
vendored
|
@ -33,7 +33,7 @@ jobs:
|
|||
fetch-depth: 0
|
||||
|
||||
- name: Cache Go modules
|
||||
uses: actions/cache@v2
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: |
|
||||
~/go/pkg/mod
|
||||
|
@ -73,7 +73,7 @@ jobs:
|
|||
fetch-depth: 0
|
||||
|
||||
- name: Cache Go modules
|
||||
uses: actions/cache@v2
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: |
|
||||
~/go/pkg/mod
|
||||
|
|
|
@ -75,7 +75,6 @@ linters-settings:
|
|||
- github.com/mailgun/minheap
|
||||
- github.com/mailgun/multibuf
|
||||
- github.com/jaguilar/vt100
|
||||
- github.com/BurntSushi/toml
|
||||
|
||||
linters:
|
||||
enable-all: true
|
||||
|
|
|
@ -22,22 +22,23 @@ builds:
|
|||
- openbsd
|
||||
goarch:
|
||||
- amd64
|
||||
- 386
|
||||
- '386'
|
||||
- arm
|
||||
- arm64
|
||||
- ppc64le
|
||||
- s390x
|
||||
goarm:
|
||||
- 7
|
||||
- 6
|
||||
- 5
|
||||
- '7'
|
||||
- '6'
|
||||
ignore:
|
||||
- goos: darwin
|
||||
goarch: 386
|
||||
goarch: '386'
|
||||
- goos: openbsd
|
||||
goarch: arm
|
||||
- goos: openbsd
|
||||
goarch: arm64
|
||||
- goos: freebsd
|
||||
goarch: arm
|
||||
- goos: freebsd
|
||||
goarch: arm64
|
||||
- goos: windows
|
||||
|
|
26
CHANGELOG.md
26
CHANGELOG.md
|
@ -1,3 +1,29 @@
|
|||
## [v2.9.4](https://github.com/traefik/traefik/tree/v2.9.4) (2022-10-27)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.4)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[acme]** Update go-acme/lego to v4.9.0 ([#9413](https://github.com/traefik/traefik/pull/9413) by [tony-defa](https://github.com/tony-defa))
|
||||
- **[kv,redis]** Fix Redis configuration type ([#9435](https://github.com/traefik/traefik/pull/9435) by [ldez](https://github.com/ldez))
|
||||
- **[logs,middleware,metrics]** Handle capture on redefined http.responseWriters ([#9440](https://github.com/traefik/traefik/pull/9440) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[middleware,k8s]** Remove raw cert escape in PassTLSClientCert middleware ([#9412](https://github.com/traefik/traefik/pull/9412) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[plugins]** Update Yaegi to v0.14.3 ([#9468](https://github.com/traefik/traefik/pull/9468) by [ldez](https://github.com/ldez))
|
||||
- Remove side effect on default transport tests ([#9460](https://github.com/traefik/traefik/pull/9460) by [sdelicata](https://github.com/sdelicata))
|
||||
|
||||
**Documentation:**
|
||||
- **[k8s]** Fix links to gateway API guides ([#9445](https://github.com/traefik/traefik/pull/9445) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- Simplify dashboard rule example ([#9454](https://github.com/traefik/traefik/pull/9454) by [sosoba](https://github.com/sosoba))
|
||||
- Add v2.9 to release page ([#9438](https://github.com/traefik/traefik/pull/9438) by [kevinpollet](https://github.com/kevinpollet))
|
||||
|
||||
## [v2.9.3](https://github.com/traefik/traefik/tree/v2.9.3) (2022-10-27)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.3)
|
||||
|
||||
Release canceled.
|
||||
|
||||
## [v2.9.2](https://github.com/traefik/traefik/tree/v2.9.2) (2022-10-27)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.2)
|
||||
|
||||
Release canceled.
|
||||
|
||||
## [v2.9.1](https://github.com/traefik/traefik/tree/v2.9.1) (2022-10-03)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v2.9.1)
|
||||
|
||||
|
|
2
Makefile
2
Makefile
|
@ -189,7 +189,7 @@ generate-genconf:
|
|||
.PHONY: release-packages
|
||||
release-packages: generate-webui build-dev-image
|
||||
rm -rf dist
|
||||
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish --timeout="90m"
|
||||
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 4 --timeout="90m"
|
||||
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \
|
||||
--exclude-vcs \
|
||||
--exclude .idea \
|
||||
|
|
|
@ -32,7 +32,6 @@ import (
|
|||
"github.com/traefik/traefik/v2/pkg/log"
|
||||
"github.com/traefik/traefik/v2/pkg/metrics"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/accesslog"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/capture"
|
||||
"github.com/traefik/traefik/v2/pkg/provider/acme"
|
||||
"github.com/traefik/traefik/v2/pkg/provider/aggregator"
|
||||
"github.com/traefik/traefik/v2/pkg/provider/hub"
|
||||
|
@ -287,9 +286,8 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
|||
|
||||
accessLog := setupAccessLog(staticConfiguration.AccessLog)
|
||||
tracer := setupTracing(staticConfiguration.Tracing)
|
||||
captureMiddleware := setupCapture(staticConfiguration)
|
||||
|
||||
chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer, captureMiddleware)
|
||||
chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer)
|
||||
routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry)
|
||||
|
||||
// Watcher
|
||||
|
@ -638,13 +636,6 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing {
|
|||
return tracer
|
||||
}
|
||||
|
||||
func setupCapture(staticConfiguration *static.Configuration) *capture.Handler {
|
||||
if staticConfiguration.AccessLog == nil && staticConfiguration.Metrics == nil {
|
||||
return nil
|
||||
}
|
||||
return &capture.Handler{}
|
||||
}
|
||||
|
||||
func configureLogging(staticConfiguration *static.Configuration) {
|
||||
// configure default log flags
|
||||
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 58 KiB |
|
@ -15,7 +15,7 @@ It makes reusing the same groups easier.
|
|||
|
||||
## Configuration Example
|
||||
|
||||
Below is an example of a Chain containing `WhiteList`, `BasicAuth`, and `RedirectScheme`.
|
||||
Below is an example of a Chain containing `AllowList`, `BasicAuth`, and `RedirectScheme`.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
|
@ -25,7 +25,7 @@ labels:
|
|||
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
|
||||
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "traefik.http.services.service1.loadbalancer.server.port=80"
|
||||
```
|
||||
|
||||
|
@ -80,7 +80,7 @@ kind: Middleware
|
|||
metadata:
|
||||
name: known-ips
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 192.168.1.7
|
||||
- 127.0.0.1/32
|
||||
|
@ -93,7 +93,7 @@ spec:
|
|||
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
|
||||
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "traefik.http.services.service1.loadbalancer.server.port=80"
|
||||
```
|
||||
|
||||
|
@ -105,7 +105,7 @@ spec:
|
|||
"traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
|
||||
"traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
|
||||
"traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32",
|
||||
"traefik.http.middlewares.known-ips.ipallowlist.sourceRange": "192.168.1.7,127.0.0.1/32",
|
||||
"traefik.http.services.service1.loadbalancer.server.port": "80"
|
||||
}
|
||||
```
|
||||
|
@ -118,7 +118,7 @@ labels:
|
|||
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
|
||||
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "traefik.http.services.service1.loadbalancer.server.port=80"
|
||||
```
|
||||
|
||||
|
@ -150,7 +150,7 @@ http:
|
|||
scheme: https
|
||||
|
||||
known-ips:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
|
@ -180,7 +180,7 @@ http:
|
|||
[http.middlewares.https-only.redirectScheme]
|
||||
scheme = "https"
|
||||
|
||||
[http.middlewares.known-ips.ipWhiteList]
|
||||
[http.middlewares.known-ips.ipAllowList]
|
||||
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
|
||||
|
||||
[http.services]
|
||||
|
|
77
docs/content/middlewares/http/grpcweb.md
Normal file
77
docs/content/middlewares/http/grpcweb.md
Normal file
|
@ -0,0 +1,77 @@
|
|||
---
|
||||
title: "Traefik GrpcWeb Documentation"
|
||||
description: "In Traefik Proxy's HTTP middleware, GrpcWeb converts a gRPC Web requests to HTTP/2 gRPC requests. Read the technical documentation."
|
||||
---
|
||||
|
||||
# GrpcWeb
|
||||
|
||||
Converting gRPC Web requests to HTTP/2 gRPC requests.
|
||||
{: .subtitle }
|
||||
|
||||
The GrpcWeb middleware converts gRPC Web requests to HTTP/2 gRPC requests before forwarding them to the backends.
|
||||
|
||||
!!! tip
|
||||
|
||||
Please note, that Traefik needs to communicate using gRPC with the backends (h2c or HTTP/2 over TLS).
|
||||
Check out the [gRPC](../../user-guides/grpc.md) user guide for more details.
|
||||
|
||||
## Configuration Examples
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-grpcweb.grpcweb.allowOrigins=*"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: test-grpcweb
|
||||
spec:
|
||||
grpcWeb:
|
||||
allowOrigins:
|
||||
- "*"
|
||||
```
|
||||
|
||||
```yaml tab="Consul Catalog"
|
||||
- "traefik.http.middlewares.test-grpcweb.grpcWeb.allowOrigins=*"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins": "*"
|
||||
}
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins=*"
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
http:
|
||||
middlewares:
|
||||
test-grpcweb:
|
||||
grpcWeb:
|
||||
allowOrigins:
|
||||
- "*"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[http.middlewares]
|
||||
[http.middlewares.test-grpcweb.grpcWeb]
|
||||
allowOrigins = ["*"]
|
||||
```
|
||||
|
||||
## Configuration Options
|
||||
|
||||
### `allowOrigins`
|
||||
|
||||
The `allowOrigins` contains the list of allowed origins.
|
||||
A wildcard origin `*` can also be configured to match all requests.
|
||||
|
||||
More information including how to use the settings can be found at:
|
||||
|
||||
- [Mozilla.org](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin)
|
||||
- [w3](https://fetch.spec.whatwg.org/#http-access-control-allow-origin)
|
||||
- [IETF](https://tools.ietf.org/html/rfc6454#section-7.1)
|
|
@ -1,32 +1,30 @@
|
|||
---
|
||||
title: "Traefik HTTP Middlewares IPWhiteList"
|
||||
description: "Learn how to use IPWhiteList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
|
||||
title: "Traefik HTTP Middlewares IPAllowList"
|
||||
description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
|
||||
---
|
||||
|
||||
# IPWhiteList
|
||||
# IPAllowList
|
||||
|
||||
Limiting Clients to Specific IPs
|
||||
{: .subtitle }
|
||||
|
||||
![IpWhiteList](../../assets/img/middleware/ipwhitelist.png)
|
||||
|
||||
IPWhitelist accepts / refuses requests based on the client IP.
|
||||
IPAllowList accepts / refuses requests based on the client IP.
|
||||
|
||||
## Configuration Examples
|
||||
|
||||
```yaml tab="Docker"
|
||||
# Accepts request from defined IP
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: test-ipwhitelist
|
||||
name: test-ipallowlist
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
|
@ -34,27 +32,27 @@ spec:
|
|||
|
||||
```yaml tab="Consul Catalog"
|
||||
# Accepts request from defined IP
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7"
|
||||
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
|
||||
}
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
# Accepts request from defined IP
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
# Accepts request from defined IP
|
||||
http:
|
||||
middlewares:
|
||||
test-ipwhitelist:
|
||||
ipWhiteList:
|
||||
test-ipallowlist:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
|
@ -63,7 +61,7 @@ http:
|
|||
```toml tab="File (TOML)"
|
||||
# Accepts request from defined IP
|
||||
[http.middlewares]
|
||||
[http.middlewares.test-ipwhitelist.ipWhiteList]
|
||||
[http.middlewares.test-ipallowlist.ipAllowList]
|
||||
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
|
||||
```
|
||||
|
||||
|
@ -86,7 +84,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
|||
|
||||
!!! example "Examples of Depth & X-Forwarded-For"
|
||||
|
||||
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`).
|
||||
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
|
||||
|
||||
| `X-Forwarded-For` | `depth` | clientIP |
|
||||
|-----------------------------------------|---------|--------------|
|
||||
|
@ -95,20 +93,20 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
|||
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
|
||||
|
||||
```yaml tab="Docker"
|
||||
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: test-ipwhitelist
|
||||
name: test-ipallowlist
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
|
@ -117,31 +115,31 @@ spec:
|
|||
```
|
||||
|
||||
```yaml tab="Consul Catalog"
|
||||
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2"
|
||||
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
|
||||
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth": "2"
|
||||
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
|
||||
"traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
|
||||
}
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
|
||||
http:
|
||||
middlewares:
|
||||
test-ipwhitelist:
|
||||
ipWhiteList:
|
||||
test-ipallowlist:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
|
@ -150,11 +148,11 @@ http:
|
|||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
|
||||
[http.middlewares]
|
||||
[http.middlewares.test-ipwhitelist.ipWhiteList]
|
||||
[http.middlewares.test-ipallowlist.ipAllowList]
|
||||
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
|
||||
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
|
||||
[http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
|
||||
depth = 2
|
||||
```
|
||||
|
||||
|
@ -177,7 +175,7 @@ http:
|
|||
```yaml tab="Docker"
|
||||
# Exclude from `X-Forwarded-For`
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
|
@ -185,9 +183,9 @@ labels:
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: test-ipwhitelist
|
||||
name: test-ipallowlist
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
ipStrategy:
|
||||
excludedIPs:
|
||||
- 127.0.0.1/32
|
||||
|
@ -196,27 +194,27 @@ spec:
|
|||
|
||||
```yaml tab="Consul Catalog"
|
||||
# Exclude from `X-Forwarded-For`
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
|
||||
"traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
|
||||
}
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
# Exclude from `X-Forwarded-For`
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
# Exclude from `X-Forwarded-For`
|
||||
http:
|
||||
middlewares:
|
||||
test-ipwhitelist:
|
||||
ipWhiteList:
|
||||
test-ipallowlist:
|
||||
ipAllowList:
|
||||
ipStrategy:
|
||||
excludedIPs:
|
||||
- "127.0.0.1/32"
|
||||
|
@ -226,7 +224,7 @@ http:
|
|||
```toml tab="File (TOML)"
|
||||
# Exclude from `X-Forwarded-For`
|
||||
[http.middlewares]
|
||||
[http.middlewares.test-ipwhitelist.ipWhiteList]
|
||||
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
|
||||
[http.middlewares.test-ipallowlist.ipAllowList]
|
||||
[http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
|
||||
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
|
||||
```
|
|
@ -142,7 +142,7 @@ http:
|
|||
| [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle |
|
||||
| [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication |
|
||||
| [Headers](headers.md) | Adds / Updates headers | Security |
|
||||
| [IPWhiteList](ipwhitelist.md) | Limits the allowed client IPs | Security, Request lifecycle |
|
||||
| [IPAllowList](ipallowlist.md) | Limits the allowed client IPs | Security, Request lifecycle |
|
||||
| [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle |
|
||||
| [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security |
|
||||
| [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle |
|
||||
|
|
|
@ -1,30 +1,30 @@
|
|||
---
|
||||
title: "Traefik TCP Middlewares IPWhiteList"
|
||||
description: "Learn how to use IPWhiteList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
|
||||
title: "Traefik TCP Middlewares IPAllowList"
|
||||
description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
|
||||
---
|
||||
|
||||
# IPWhiteList
|
||||
# IPAllowList
|
||||
|
||||
Limiting Clients to Specific IPs
|
||||
{: .subtitle }
|
||||
|
||||
IPWhitelist accepts / refuses connections based on the client IP.
|
||||
IPAllowList accepts / refuses connections based on the client IP.
|
||||
|
||||
## Configuration Examples
|
||||
|
||||
```yaml tab="Docker"
|
||||
# Accepts connections from defined IP
|
||||
labels:
|
||||
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: test-ipwhitelist
|
||||
name: test-ipallowlist
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
|
@ -32,25 +32,25 @@ spec:
|
|||
|
||||
```yaml tab="Consul Catalog"
|
||||
# Accepts request from defined IP
|
||||
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7"
|
||||
"traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
|
||||
}
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
# Accepts request from defined IP
|
||||
labels:
|
||||
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
# Accepts request from defined IP
|
||||
[tcp.middlewares]
|
||||
[tcp.middlewares.test-ipwhitelist.ipWhiteList]
|
||||
[tcp.middlewares.test-ipallowlist.ipAllowList]
|
||||
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
|
||||
```
|
||||
|
||||
|
@ -58,8 +58,8 @@ labels:
|
|||
# Accepts request from defined IP
|
||||
tcp:
|
||||
middlewares:
|
||||
test-ipwhitelist:
|
||||
ipWhiteList:
|
||||
test-ipallowlist:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
|
@ -18,10 +18,10 @@ whoami:
|
|||
# A container that exposes an API to show its IP address
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
# Create a middleware named `foo-ip-whitelist`
|
||||
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
# Apply the middleware named `foo-ip-whitelist` to the router named `router1`
|
||||
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@docker"
|
||||
# Create a middleware named `foo-ip-allowlist`
|
||||
- "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
# Apply the middleware named `foo-ip-allowlist` to the router named `router1`
|
||||
- "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@docker"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes IngressRoute"
|
||||
|
@ -43,9 +43,9 @@ spec:
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: foo-ip-whitelist
|
||||
name: foo-ip-allowlist
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourcerange:
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
|
@ -60,30 +60,30 @@ spec:
|
|||
routes:
|
||||
# more fields...
|
||||
middlewares:
|
||||
- name: foo-ip-whitelist
|
||||
- name: foo-ip-allowlist
|
||||
```
|
||||
|
||||
```yaml tab="Consul Catalog"
|
||||
# Create a middleware named `foo-ip-whitelist`
|
||||
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
# Apply the middleware named `foo-ip-whitelist` to the router named `router1`
|
||||
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@consulcatalog"
|
||||
# Create a middleware named `foo-ip-allowlist`
|
||||
- "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
# Apply the middleware named `foo-ip-allowlist` to the router named `router1`
|
||||
- "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7",
|
||||
"traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@marathon"
|
||||
"traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7",
|
||||
"traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@marathon"
|
||||
}
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
# As a Rancher Label
|
||||
labels:
|
||||
# Create a middleware named `foo-ip-whitelist`
|
||||
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
# Apply the middleware named `foo-ip-whitelist` to the router named `router1`
|
||||
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@rancher"
|
||||
# Create a middleware named `foo-ip-allowlist`
|
||||
- "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
# Apply the middleware named `foo-ip-allowlist` to the router named `router1`
|
||||
- "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@rancher"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -91,11 +91,11 @@ labels:
|
|||
[tcp.routers]
|
||||
[tcp.routers.router1]
|
||||
service = "myService"
|
||||
middlewares = ["foo-ip-whitelist"]
|
||||
middlewares = ["foo-ip-allowlist"]
|
||||
rule = "Host(`example.com`)"
|
||||
|
||||
[tcp.middlewares]
|
||||
[tcp.middlewares.foo-ip-whitelist.ipWhiteList]
|
||||
[tcp.middlewares.foo-ip-allowlist.ipAllowList]
|
||||
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
|
||||
|
||||
[tcp.services]
|
||||
|
@ -114,12 +114,12 @@ tcp:
|
|||
router1:
|
||||
service: myService
|
||||
middlewares:
|
||||
- "foo-ip-whitelist"
|
||||
- "foo-ip-allowlist"
|
||||
rule: "Host(`example.com`)"
|
||||
|
||||
middlewares:
|
||||
foo-ip-whitelist:
|
||||
ipWhiteList:
|
||||
foo-ip-allowlist:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
|
@ -137,4 +137,4 @@ tcp:
|
|||
| Middleware | Purpose | Area |
|
||||
|-------------------------------------------|---------------------------------------------------|-----------------------------|
|
||||
| [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle |
|
||||
| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs. | Security, Request lifecycle |
|
||||
| [IPAllowList](ipallowlist.md) | Limit the allowed client IPs. | Security, Request lifecycle |
|
||||
|
|
18
docs/content/migration/v2-to-v3.md
Normal file
18
docs/content/migration/v2-to-v3.md
Normal file
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
title: "Traefik V3 Migration Documentation"
|
||||
description: "Migrate from Traefik Proxy v2 to v3 and update all the necessary configurations to take advantage of all the improvements. Read the technical documentation."
|
||||
---
|
||||
|
||||
# Migration Guide: From v2 to v3
|
||||
|
||||
How to Migrate from Traefik v2 to Traefik v3.
|
||||
{: .subtitle }
|
||||
|
||||
The version 3 of Traefik introduces a number of breaking changes,
|
||||
which require one to update their configuration when they migrate from v2 to v3.
|
||||
The goal of this page is to recapitulate all of these changes, and in particular to give examples,
|
||||
feature by feature, of how the configuration looked like in v2, and how it now looks like in v3.
|
||||
|
||||
## IPWhiteList
|
||||
|
||||
In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration.
|
|
@ -72,7 +72,7 @@ to allow defining:
|
|||
|
||||
- One or more security features through [middlewares](../middlewares/overview.md)
|
||||
like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md),
|
||||
[forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md).
|
||||
[forwardAuth](../middlewares/http/forwardauth.md)) or [allowlisting](../middlewares/http/ipallowlist.md).
|
||||
|
||||
- A [router rule](#dashboard-router-rule) for accessing the dashboard,
|
||||
through Traefik itself (sometimes referred as "Traefik-ception").
|
||||
|
@ -93,12 +93,12 @@ rule = "Host(`traefik.example.com`)"
|
|||
|
||||
```bash tab="Path Prefix Rule"
|
||||
# The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
|
||||
rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
|
||||
rule = "PathPrefix(`/api`, `/dashboard`)"
|
||||
```
|
||||
|
||||
```bash tab="Combination of Rules"
|
||||
# The dashboard can be accessed on http://traefik.example.com/dashboard/
|
||||
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||
rule = "Host(`traefik.example.com`) && PathPrefix(`/api`, `/dashboard`)"
|
||||
```
|
||||
|
||||
??? example "Dashboard Dynamic Configuration Examples"
|
||||
|
|
|
@ -18,7 +18,7 @@ It supports providing configuration through a [single configuration file](#filen
|
|||
|
||||
!!! tip
|
||||
|
||||
The file provider can be a good solution for reusing common elements from other providers (e.g. declaring whitelist middlewares, basic authentication, ...)
|
||||
The file provider can be a good solution for reusing common elements from other providers (e.g. declaring allowlist middlewares, basic authentication, ...)
|
||||
|
||||
## Configuration Examples
|
||||
|
||||
|
|
|
@ -71,9 +71,9 @@
|
|||
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
|
||||
- "traefik.http.middlewares.middleware10.headers.stspreload=true"
|
||||
- "traefik.http.middlewares.middleware10.headers.stsseconds=42"
|
||||
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42"
|
||||
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth=42"
|
||||
- "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware11.ipallowlist.sourcerange=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware12.inflightreq.amount=42"
|
||||
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
|
||||
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
|
||||
|
@ -121,6 +121,7 @@
|
|||
- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
|
||||
- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar"
|
||||
- "traefik.http.routers.router0.entrypoints=foobar, foobar"
|
||||
- "traefik.http.routers.router0.middlewares=foobar, foobar"
|
||||
- "traefik.http.routers.router0.priority=42"
|
||||
|
@ -166,7 +167,7 @@
|
|||
- "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
|
||||
- "traefik.http.services.service01.loadbalancer.server.port=foobar"
|
||||
- "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
|
||||
- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar"
|
||||
- "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange=foobar, foobar"
|
||||
- "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42"
|
||||
- "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
|
||||
- "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"
|
||||
|
|
|
@ -203,9 +203,9 @@
|
|||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[http.middlewares.Middleware11]
|
||||
[http.middlewares.Middleware11.ipWhiteList]
|
||||
[http.middlewares.Middleware11.ipAllowList]
|
||||
sourceRange = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware11.ipWhiteList.ipStrategy]
|
||||
[http.middlewares.Middleware11.ipAllowList.ipStrategy]
|
||||
depth = 42
|
||||
excludedIPs = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware12]
|
||||
|
@ -285,6 +285,9 @@
|
|||
[http.middlewares.Middleware22]
|
||||
[http.middlewares.Middleware22.stripPrefixRegex]
|
||||
regex = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware23]
|
||||
[http.middlewares.Middleware23.grpcWeb]
|
||||
allowOrigins = ["foobar", "foobar"]
|
||||
[http.serversTransports]
|
||||
[http.serversTransports.ServersTransport0]
|
||||
serverName = "foobar"
|
||||
|
@ -402,7 +405,7 @@
|
|||
weight = 42
|
||||
[tcp.middlewares]
|
||||
[tcp.middlewares.TCPMiddleware00]
|
||||
[tcp.middlewares.TCPMiddleware00.ipWhiteList]
|
||||
[tcp.middlewares.TCPMiddleware00.ipAllowList]
|
||||
sourceRange = ["foobar", "foobar"]
|
||||
[tcp.middlewares.TCPMiddleware01]
|
||||
[tcp.middlewares.TCPMiddleware01.inFlightConn]
|
||||
|
|
|
@ -230,7 +230,7 @@ http:
|
|||
permissionsPolicy: foobar
|
||||
isDevelopment: true
|
||||
Middleware11:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- foobar
|
||||
- foobar
|
||||
|
@ -324,6 +324,11 @@ http:
|
|||
regex:
|
||||
- foobar
|
||||
- foobar
|
||||
Middleware23:
|
||||
grpcWeb:
|
||||
allowOrigins:
|
||||
- foobar
|
||||
- foobar
|
||||
serversTransports:
|
||||
ServersTransport0:
|
||||
serverName: foobar
|
||||
|
@ -443,7 +448,7 @@ tcp:
|
|||
weight: 42
|
||||
middlewares:
|
||||
TCPMiddleware00:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- foobar
|
||||
- foobar
|
||||
|
|
|
@ -967,6 +967,17 @@ spec:
|
|||
forward) all X-Forwarded-* headers.'
|
||||
type: boolean
|
||||
type: object
|
||||
grpcWeb:
|
||||
description: GrpcWeb holds the gRPC web middleware configuration.
|
||||
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
|
||||
properties:
|
||||
allowOrigins:
|
||||
description: AllowOrigins is a list of allowable origins. Can
|
||||
also be a wildcard origin "*".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
headers:
|
||||
description: 'Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers. More
|
||||
|
@ -1149,7 +1160,7 @@ spec:
|
|||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1174,14 +1185,14 @@ spec:
|
|||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: 'IPWhiteList holds the IP whitelist middleware configuration.
|
||||
ipAllowList:
|
||||
description: 'IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware accepts / refuses requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration used
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1345,7 +1356,7 @@ spec:
|
|||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1541,8 +1552,8 @@ spec:
|
|||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
ipAllowList:
|
||||
description: IPAllowList defines the IPAllowList middleware configuration.
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
|
|
@ -148,7 +148,7 @@ spec:
|
|||
- name: whoamitcp
|
||||
port: 8080
|
||||
middlewares:
|
||||
- name: ipwhitelist
|
||||
- name: ipallowlist
|
||||
tls:
|
||||
secretName: foosecret
|
||||
passthrough: false
|
||||
|
|
|
@ -84,11 +84,11 @@
|
|||
| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
|
||||
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` |
|
||||
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/depth` | `42` |
|
||||
| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` |
|
||||
| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
|
||||
| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
|
||||
|
@ -140,6 +140,8 @@
|
|||
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware23/grpcWeb/allowOrigins/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware23/grpcWeb/allowOrigins/1` | `foobar` |
|
||||
| `traefik/http/routers/Router0/entryPoints/0` | `foobar` |
|
||||
| `traefik/http/routers/Router0/entryPoints/1` | `foobar` |
|
||||
| `traefik/http/routers/Router0/middlewares/0` | `foobar` |
|
||||
|
@ -247,8 +249,8 @@
|
|||
| `traefik/http/services/Service04/failover/fallback` | `foobar` |
|
||||
| `traefik/http/services/Service04/failover/healthCheck` | `` |
|
||||
| `traefik/http/services/Service04/failover/service` | `foobar` |
|
||||
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` |
|
||||
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` |
|
||||
| `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/0` | `foobar` |
|
||||
| `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/1` | `foobar` |
|
||||
| `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` |
|
||||
| `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |
|
||||
|
|
|
@ -71,9 +71,9 @@
|
|||
"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
|
||||
"traefik.http.middlewares.middleware10.headers.stspreload": "true",
|
||||
"traefik.http.middlewares.middleware10.headers.stsseconds": "42",
|
||||
"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42",
|
||||
"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
|
||||
"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar",
|
||||
"traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth": "42",
|
||||
"traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips": "foobar, foobar",
|
||||
"traefik.http.middlewares.middleware11.ipallowlist.sourcerange": "foobar, foobar",
|
||||
"traefik.http.middlewares.middleware12.inflightreq.amount": "42",
|
||||
"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42",
|
||||
"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
|
||||
|
@ -121,6 +121,7 @@
|
|||
"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
|
||||
"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
|
||||
"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
|
||||
"traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar",
|
||||
"traefik.http.routers.router0.entrypoints": "foobar, foobar",
|
||||
"traefik.http.routers.router0.middlewares": "foobar, foobar",
|
||||
"traefik.http.routers.router0.priority": "42",
|
||||
|
@ -166,7 +167,7 @@
|
|||
"traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
|
||||
"traefik.http.services.service01.loadbalancer.server.port": "foobar",
|
||||
"traefik.http.services.service01.loadbalancer.server.scheme": "foobar",
|
||||
"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar",
|
||||
"traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange": "foobar, foobar",
|
||||
"traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42",
|
||||
"traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
|
||||
"traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar",
|
||||
|
|
|
@ -390,6 +390,17 @@ spec:
|
|||
forward) all X-Forwarded-* headers.'
|
||||
type: boolean
|
||||
type: object
|
||||
grpcWeb:
|
||||
description: GrpcWeb holds the gRPC web middleware configuration.
|
||||
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
|
||||
properties:
|
||||
allowOrigins:
|
||||
description: AllowOrigins is a list of allowable origins. Can
|
||||
also be a wildcard origin "*".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
headers:
|
||||
description: 'Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers. More
|
||||
|
@ -572,7 +583,7 @@ spec:
|
|||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -597,14 +608,14 @@ spec:
|
|||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: 'IPWhiteList holds the IP whitelist middleware configuration.
|
||||
ipAllowList:
|
||||
description: 'IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware accepts / refuses requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration used
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -768,7 +779,7 @@ spec:
|
|||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
|
|
@ -47,8 +47,8 @@ spec:
|
|||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
ipAllowList:
|
||||
description: IPAllowList defines the IPAllowList middleware configuration.
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
|
|
@ -1287,9 +1287,9 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: ipwhitelist
|
||||
name: ipallowlist
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
|
@ -1305,13 +1305,13 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
|
|||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`example.com`) && PathPrefix(`/whitelist`)
|
||||
- match: Host(`example.com`) && PathPrefix(`/allowlist`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
middlewares:
|
||||
- name: ipwhitelist
|
||||
- name: ipallowlist
|
||||
namespace: foo
|
||||
```
|
||||
|
||||
|
|
|
@ -986,7 +986,7 @@ The middlewares will take effect only if the rule matches, and before connecting
|
|||
[tcp.routers.my-router]
|
||||
rule = "HostSNI(`*`)"
|
||||
# declared elsewhere
|
||||
middlewares = ["ipwhitelist"]
|
||||
middlewares = ["ipallowlist"]
|
||||
service = "service-foo"
|
||||
```
|
||||
|
||||
|
@ -998,7 +998,7 @@ The middlewares will take effect only if the rule matches, and before connecting
|
|||
rule: "HostSNI(`*`)"
|
||||
# declared elsewhere
|
||||
middlewares:
|
||||
- ipwhitelist
|
||||
- ipallowlist
|
||||
service: service-foo
|
||||
```
|
||||
|
||||
|
|
|
@ -125,8 +125,9 @@ nav:
|
|||
- 'DigestAuth': 'middlewares/http/digestauth.md'
|
||||
- 'Errors': 'middlewares/http/errorpages.md'
|
||||
- 'ForwardAuth': 'middlewares/http/forwardauth.md'
|
||||
- 'GrpcWeb': 'middlewares/http/grpcweb.md'
|
||||
- 'Headers': 'middlewares/http/headers.md'
|
||||
- 'IpWhitelist': 'middlewares/http/ipwhitelist.md'
|
||||
- 'IpAllowList': 'middlewares/http/ipallowlist.md'
|
||||
- 'InFlightReq': 'middlewares/http/inflightreq.md'
|
||||
- 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md'
|
||||
- 'RateLimit': 'middlewares/http/ratelimit.md'
|
||||
|
@ -140,7 +141,7 @@ nav:
|
|||
- 'TCP':
|
||||
- 'Overview': 'middlewares/tcp/overview.md'
|
||||
- 'InFlightConn': 'middlewares/tcp/inflightconn.md'
|
||||
- 'IpWhitelist': 'middlewares/tcp/ipwhitelist.md'
|
||||
- 'IpAllowList': 'middlewares/tcp/ipallowlist.md'
|
||||
- 'Traefik Hub': 'traefik-hub/index.md'
|
||||
- 'Plugins & Plugin Catalog': 'plugins/index.md'
|
||||
- 'Operations':
|
||||
|
@ -177,6 +178,7 @@ nav:
|
|||
- 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md'
|
||||
- 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md'
|
||||
- 'Migration':
|
||||
- 'Traefik v2 to v3': 'migration/v2-to-v3.md'
|
||||
- 'Traefik v2 minor migrations': 'migration/v2.md'
|
||||
- 'Traefik v1 to v2': 'migration/v1-to-v2.md'
|
||||
- 'Contributing':
|
||||
|
|
13
go.mod
13
go.mod
|
@ -3,7 +3,7 @@ module github.com/traefik/traefik/v2
|
|||
go 1.19
|
||||
|
||||
require (
|
||||
github.com/BurntSushi/toml v1.2.0
|
||||
github.com/BurntSushi/toml v1.2.1
|
||||
github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61
|
||||
github.com/Masterminds/sprig/v3 v3.2.2
|
||||
github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000
|
||||
|
@ -32,6 +32,7 @@ require (
|
|||
github.com/hashicorp/go-multierror v1.1.1
|
||||
github.com/hashicorp/go-version v1.6.0
|
||||
github.com/hashicorp/nomad/api v0.0.0-20220506174431-b5665129cd1f
|
||||
github.com/improbable-eng/grpc-web v0.15.0
|
||||
github.com/influxdata/influxdb-client-go/v2 v2.7.0
|
||||
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
|
||||
github.com/instana/go-sensor v1.38.3
|
||||
|
@ -62,7 +63,7 @@ require (
|
|||
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
|
||||
github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2
|
||||
github.com/traefik/paerser v0.1.9
|
||||
github.com/traefik/yaegi v0.14.2
|
||||
github.com/traefik/yaegi v0.14.3
|
||||
github.com/uber/jaeger-client-go v2.30.0+incompatible
|
||||
github.com/uber/jaeger-lib v2.2.0+incompatible
|
||||
github.com/unrolled/render v1.0.2
|
||||
|
@ -143,6 +144,7 @@ require (
|
|||
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
|
||||
github.com/cpu/goacmedns v0.1.1 // indirect
|
||||
github.com/deepmap/oapi-codegen v1.9.1 // indirect
|
||||
github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect
|
||||
github.com/dgraph-io/ristretto v0.1.0 // indirect
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
||||
github.com/dimchansky/utfbom v1.1.1 // indirect
|
||||
|
@ -190,7 +192,7 @@ require (
|
|||
github.com/gophercloud/gophercloud v1.0.0 // indirect
|
||||
github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect
|
||||
github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.2.0 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 // indirect
|
||||
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
|
||||
github.com/hashicorp/consul/sdk v0.10.0 // indirect
|
||||
github.com/hashicorp/cronexpr v1.1.1 // indirect
|
||||
|
@ -281,6 +283,7 @@ require (
|
|||
github.com/pquerna/otp v1.3.0 // indirect
|
||||
github.com/prometheus/common v0.35.0 // indirect
|
||||
github.com/prometheus/procfs v0.7.3 // indirect
|
||||
github.com/rs/cors v1.7.0 // indirect
|
||||
github.com/sacloud/api-client-go v0.2.1 // indirect
|
||||
github.com/sacloud/go-http v0.1.2 // indirect
|
||||
github.com/sacloud/iaas-api-go v1.3.2 // indirect
|
||||
|
@ -343,6 +346,7 @@ require (
|
|||
howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect
|
||||
k8s.io/klog/v2 v2.10.0 // indirect
|
||||
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect
|
||||
nhooyr.io/websocket v1.8.7 // indirect
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
|
||||
sigs.k8s.io/yaml v1.2.0 // indirect
|
||||
)
|
||||
|
@ -358,9 +362,6 @@ replace (
|
|||
// https://github.com/docker/compose/blob/e44222664abd07ce1d1fe6796d84d93cbc7468c3/go.mod#L131
|
||||
replace github.com/jaguilar/vt100 => github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305
|
||||
|
||||
// https://github.com/BurntSushi/toml/issues/360
|
||||
replace github.com/BurntSushi/toml v1.2.0 => github.com/BurntSushi/toml v1.1.0
|
||||
|
||||
// ambiguous import: found package github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http in multiple modules
|
||||
// tencentcloud uses monorepo with multimodule but the go.mod files are incomplete.
|
||||
exclude github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible
|
||||
|
|
51
go.sum
51
go.sum
|
@ -112,8 +112,8 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt
|
|||
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
|
||||
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
|
||||
github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
|
||||
github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
|
||||
github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
|
||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 h1:3nVO1nQyh64IUY6BPZUpMYMZ738Pu+LsMt3E0eqqIYw=
|
||||
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583/go.mod h1:EP9f4GqaDJyP1F5jTNMtzdIpw3JpNs3rMSJOnYywCiw=
|
||||
|
@ -522,6 +522,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xb
|
|||
github.com/denisenkom/go-mssqldb v0.11.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
|
||||
github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
|
||||
github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
|
||||
github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I=
|
||||
github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE=
|
||||
github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI=
|
||||
github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug=
|
||||
github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||
|
@ -681,8 +683,11 @@ github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7/go.mod h1:KungG
|
|||
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
|
||||
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
|
||||
github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
|
||||
github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
|
||||
github.com/gin-gonic/gin v1.7.0/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
|
||||
github.com/gin-gonic/gin v1.7.4 h1:QmUZXrvJ9qZ3GfWvQ+2wnW/1ePrTEJqPKMYEU3lD/DM=
|
||||
github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
|
||||
github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
|
||||
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
|
||||
|
@ -700,6 +705,7 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2
|
|||
github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
|
||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
|
||||
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea h1:CnEQOUv4ilElSwFB9g/lVmz206oLE4aNZDYngIY1Gvg=
|
||||
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
|
||||
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
|
||||
|
@ -735,11 +741,15 @@ github.com/go-pg/pg/v10 v10.0.0/go.mod h1:XHU1AkQW534GFuUdSiQ46+Xw6Ah+9+b8DlT4Yw
|
|||
github.com/go-pg/zerochecker v0.2.0/go.mod h1:NJZ4wKL0NmTtz0GKCoJ8kym6Xn/EQzXRl2OnAe7MmDo=
|
||||
github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
|
||||
github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
|
||||
github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
|
||||
github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
|
||||
github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
|
||||
github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
|
||||
github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
|
||||
github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
|
||||
github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
|
||||
github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
|
||||
github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw=
|
||||
github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
|
||||
github.com/go-redis/redis/v7 v7.1.0/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRfnwdHj/Dcg=
|
||||
github.com/go-redis/redis/v8 v8.0.0/go.mod h1:isLoQT/NFSP7V67lyvM9GmdvLdyZ7pEhsXvvyQtnQTo=
|
||||
|
@ -788,6 +798,12 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe
|
|||
github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
|
||||
github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
|
||||
github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
|
||||
github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
|
||||
github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
|
||||
github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
|
||||
github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
|
||||
github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
|
||||
github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
|
||||
github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
|
||||
github.com/gocql/gocql v0.0.0-20220224095938-0eacd3183625/go.mod h1:3gM2c4D3AnkISwBxGnMMsS8Oy4y2lhbPRsH4xnJrHG8=
|
||||
github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
|
||||
|
@ -962,6 +978,7 @@ github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu
|
|||
github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
|
||||
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
|
||||
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
|
||||
github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
|
||||
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
|
||||
github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
|
||||
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
|
||||
|
@ -973,8 +990,9 @@ github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:Fecb
|
|||
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.2.0 h1:0IKlLyQ3Hs9nDaiK5cSHAGmcQEIC8l2Ts1u6x5Dfrqg=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.2.0/go.mod h1:mJzapYve32yjrKlk9GbyCZHuPgZsrbyIbyKhSzOpg6s=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 h1:FlFbCRLd5Jr4iYXZufAvgWN6Ao0JrI5chLINnUXDDr0=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI=
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
|
||||
|
@ -1128,6 +1146,8 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
|
|||
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||
github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
|
||||
github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||
github.com/improbable-eng/grpc-web v0.15.0 h1:BN+7z6uNXZ1tQGcNAuaU1YjsLTApzkjt2tzCixLaUPQ=
|
||||
github.com/improbable-eng/grpc-web v0.15.0/go.mod h1:1sy9HKV4Jt9aEs9JSnkWlRJPuPtwNr0l57L4f878wP8=
|
||||
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
github.com/influxdata/influxdb-client-go/v2 v2.7.0 h1:QgP5mlBE9sGnzplpnf96pr+p7uqlIlL4W2GAP3n+XZg=
|
||||
|
@ -1278,7 +1298,9 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
|
|||
github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
|
||||
github.com/kisom/goutils v1.1.0/go.mod h1:+UBTfd78habUYWFbNWTJNG+jNG/i/lGURakr4A/yNRw=
|
||||
github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
|
||||
github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
|
||||
github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
|
||||
github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
|
||||
github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
|
||||
github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
|
||||
github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
|
||||
|
@ -1328,6 +1350,7 @@ github.com/labstack/echo/v4 v4.6.3/go.mod h1:Hk5OiHj0kDqmFq7aHe7eDqI7CUhuCrfpupQ
|
|||
github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
|
||||
github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
|
||||
github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
|
||||
github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
|
||||
github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
|
||||
github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
|
||||
github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ=
|
||||
|
@ -1522,7 +1545,9 @@ github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2
|
|||
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
|
||||
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
|
||||
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
|
||||
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=
|
||||
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
|
||||
github.com/mwitkow/grpc-proxy v0.0.0-20181017164139-0f1106ef9c76/go.mod h1:x5OoJHDHqxHS801UIuhqGl6QdSAEJvtausosHSdazIo=
|
||||
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
|
||||
github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g=
|
||||
github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
|
||||
|
@ -1730,6 +1755,7 @@ github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+
|
|||
github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
|
||||
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
|
||||
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
|
||||
github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
|
||||
github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
|
||||
github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
|
||||
github.com/prometheus/common v0.35.0 h1:Eyr+Pw2VymWejHqCugNaQXkAi6KayVNxaHeu6khmFBE=
|
||||
|
@ -1748,6 +1774,7 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
|
|||
github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
|
||||
github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
|
||||
github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
|
||||
github.com/prometheus/procfs v0.3.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
|
||||
github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
|
||||
github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
|
||||
github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
|
||||
|
@ -1769,6 +1796,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
|
|||
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
|
||||
github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
|
||||
github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
|
||||
github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
|
||||
github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
|
||||
github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
|
||||
github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
|
||||
github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
|
||||
|
@ -1968,8 +1997,8 @@ github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 h1:y/1cL5AL2oRcfz
|
|||
github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305/go.mod h1:gXOLibKqQTRAVuVZ9gX7G9Ykky8ll8yb4slxsEMoY0c=
|
||||
github.com/traefik/paerser v0.1.9 h1:x5hZafOt/yogLvr6upoSOYIAn2nh2GsnLb236MOzd4I=
|
||||
github.com/traefik/paerser v0.1.9/go.mod h1:Dk3Bfz6Zyj13/S8pJyRdx/FNvXlsVRVbtp0UK4ZSiA0=
|
||||
github.com/traefik/yaegi v0.14.2 h1:9t9xepIfar6BrYdwJHGc+XRKo6qFoJCl6Z46N3hUtUw=
|
||||
github.com/traefik/yaegi v0.14.2/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0=
|
||||
github.com/traefik/yaegi v0.14.3 h1:LqA0k8DKwvRMc+msfQjNusphHJc+r6WC5tZU5TmUFOM=
|
||||
github.com/traefik/yaegi v0.14.3/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0=
|
||||
github.com/transip/gotransip/v6 v6.17.0 h1:2RCyqYqz5+Ej8z96EyE4sf6tQrrfEBaFDO0LliSl6+8=
|
||||
github.com/transip/gotransip/v6 v6.17.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g=
|
||||
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
|
||||
|
@ -1982,9 +2011,11 @@ github.com/uber/jaeger-lib v2.2.0+incompatible h1:MxZXOiR2JuoANZ3J6DE/U0kSFv/eJ/
|
|||
github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
|
||||
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
|
||||
github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
|
||||
github.com/ugorji/go v1.2.6 h1:tGiWC9HENWE2tqYycIqFTNorMmFRVhNwCpDOpWqnk8E=
|
||||
github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
|
||||
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
|
||||
github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
|
||||
github.com/ugorji/go/codec v1.2.6 h1:7kbGefxLoDBuYXOms4yD7223OpNMMPNPZxXk5TvFcyQ=
|
||||
github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
|
||||
github.com/unrolled/render v1.0.2 h1:dGS3EmChQP3yOi1YeFNO/Dx+MbWZhdvhQJTXochM5bs=
|
||||
github.com/unrolled/render v1.0.2/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
|
||||
|
@ -2208,6 +2239,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
|
|||
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
|
||||
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
|
||||
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
|
||||
golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
|
||||
golang.org/x/exp v0.0.0-20200901203048-c4f52b2c50aa/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
|
||||
golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925 h1:5XVKs2rlCg8EFyRcvO8/XFwYxh1oKJO1Q3X5vttIf9c=
|
||||
golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925/go.mod h1:1phAWC201xIgDyaFpmDeZkgf70Q4Pd/CNqfRtVPtxNw=
|
||||
|
@ -2280,6 +2312,7 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL
|
|||
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
|
@ -2307,6 +2340,7 @@ golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qx
|
|||
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
|
@ -2420,6 +2454,7 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w
|
|||
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
|
@ -2470,6 +2505,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
|
|||
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
|
@ -2676,6 +2712,7 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG
|
|||
google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
|
@ -2695,6 +2732,7 @@ google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6D
|
|||
google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
|
@ -2939,6 +2977,9 @@ launchpad.net/gocheck v0.0.0-20140225173054-000000000087/go.mod h1:hj7XX3B/0A+80
|
|||
mellium.im/sasl v0.2.1/go.mod h1:ROaEDLQNuf9vjKqE1SrAfnsobm2YKXT1gnN1uDp1PjQ=
|
||||
mvdan.cc/xurls/v2 v2.1.0 h1:KaMb5GLhlcSX+e+qhbRJODnUUBvlw01jt4yrjFIHAuA=
|
||||
mvdan.cc/xurls/v2 v2.1.0/go.mod h1:5GrSd9rOnKOpZaji1OZLYL/yeAAtGDlo/cFe+8K5n8E=
|
||||
nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
|
||||
nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
|
||||
nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
|
||||
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
|
||||
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
|
||||
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
|
||||
|
|
|
@ -435,7 +435,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound(c *check.C) {
|
|||
checkNoOtherTraefikProblems(c)
|
||||
}
|
||||
|
||||
func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
|
||||
func (s *AccessLogSuite) TestAccessLogFrontendAllowlist(c *check.C) {
|
||||
ensureWorkingDirectoryIsClean()
|
||||
|
||||
expected := []accessLogValue{
|
||||
|
@ -443,7 +443,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
|
|||
formatOnly: false,
|
||||
code: "403",
|
||||
user: "-",
|
||||
routerName: "rt-frontendWhitelist",
|
||||
routerName: "rt-frontendAllowlist",
|
||||
serviceURL: "-",
|
||||
},
|
||||
}
|
||||
|
@ -458,7 +458,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
|
|||
|
||||
checkStatsForLogFile(c)
|
||||
|
||||
waitForTraefik(c, "frontendWhitelist")
|
||||
waitForTraefik(c, "frontendAllowlist")
|
||||
|
||||
// Verify Traefik started OK
|
||||
checkTraefikStarted(c)
|
||||
|
@ -466,7 +466,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
|
|||
// Test rate limit
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
|
||||
c.Assert(err, checker.IsNil)
|
||||
req.Host = "frontend.whitelist.docker.local"
|
||||
req.Host = "frontend.allowlist.docker.local"
|
||||
|
||||
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusForbidden), try.HasBody())
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
|
|
@ -967,6 +967,17 @@ spec:
|
|||
forward) all X-Forwarded-* headers.'
|
||||
type: boolean
|
||||
type: object
|
||||
grpcWeb:
|
||||
description: GrpcWeb holds the gRPC web middleware configuration.
|
||||
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
|
||||
properties:
|
||||
allowOrigins:
|
||||
description: AllowOrigins is a list of allowable origins. Can
|
||||
also be a wildcard origin "*".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
headers:
|
||||
description: 'Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers. More
|
||||
|
@ -1149,7 +1160,7 @@ spec:
|
|||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1174,14 +1185,14 @@ spec:
|
|||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: 'IPWhiteList holds the IP whitelist middleware configuration.
|
||||
ipAllowList:
|
||||
description: 'IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware accepts / refuses requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration used
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1345,7 +1356,7 @@ spec:
|
|||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1541,8 +1552,8 @@ spec:
|
|||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
ipAllowList:
|
||||
description: IPAllowList defines the IPAllowList middleware configuration.
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
[global]
|
||||
checkNewVersion = false
|
||||
sendAnonymousUsage = false
|
||||
|
||||
[log]
|
||||
level = "DEBUG"
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.webA]
|
||||
address = ":8001"
|
||||
[entryPoints.webB]
|
||||
address = ":8002"
|
||||
[entryPoints.webC]
|
||||
address = ":8003"
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[metrics]
|
||||
[metrics.prometheus]
|
||||
buckets = "0.1,0.3,1.2,5.0"
|
||||
|
||||
[providers]
|
||||
[providers.file]
|
||||
filename = "{{ .SelfFilename }}"
|
||||
|
||||
## dynamic configuration ##
|
||||
|
||||
[http.routers]
|
||||
|
||||
[http.routers.router-without]
|
||||
entrypoints = ["webA"]
|
||||
service = "service-without"
|
||||
rule = "PathPrefix(`/without`)"
|
||||
|
||||
[http.routers.router-req]
|
||||
entrypoints = ["webB"]
|
||||
service = "service-req"
|
||||
rule = "PathPrefix(`/with-req`)"
|
||||
middlewares = ["buffer-req"]
|
||||
|
||||
[http.routers.router-resp]
|
||||
entrypoints = ["webC"]
|
||||
service = "service-resp"
|
||||
rule = "PathPrefix(`/with-resp`)"
|
||||
middlewares = ["buffer-resp"]
|
||||
|
||||
[http.middlewares]
|
||||
[http.middlewares.buffer-req.buffering]
|
||||
maxRequestBodyBytes = 10
|
||||
|
||||
[http.middlewares.buffer-resp.buffering]
|
||||
maxResponseBodyBytes = 10
|
||||
|
||||
[http.services]
|
||||
[http.services.service-without.loadBalancer]
|
||||
[[http.services.service-without.loadBalancer.servers]]
|
||||
url = "http://{{ .IP }}"
|
||||
|
||||
[http.services.service-req.loadBalancer]
|
||||
[[http.services.service-req.loadBalancer.servers]]
|
||||
url = "http://{{ .IP }}"
|
||||
|
||||
[http.services.service-resp.loadBalancer]
|
||||
[[http.services.service-resp.loadBalancer.servers]]
|
||||
url = "http://{{ .IP }}"
|
|
@ -23,7 +23,7 @@
|
|||
entryPoints = ["tcp"]
|
||||
rule = "HostSNI(`whoami-a.test`)"
|
||||
service = "whoami-a"
|
||||
middlewares = ["blocking-ipwhitelist"]
|
||||
middlewares = ["blocking-ipallowlist"]
|
||||
[tcp.routers.to-whoami-a.tls]
|
||||
passthrough = true
|
||||
|
||||
|
@ -31,7 +31,7 @@
|
|||
entryPoints = ["tcp"]
|
||||
rule = "HostSNI(`whoami-b.test`)"
|
||||
service = "whoami-b"
|
||||
middlewares = ["allowing-ipwhitelist"]
|
||||
middlewares = ["allowing-ipallowlist"]
|
||||
[tcp.routers.to-whoami-b.tls]
|
||||
passthrough = true
|
||||
|
||||
|
@ -45,7 +45,7 @@
|
|||
address = "{{ .WhoamiB }}"
|
||||
|
||||
[tcp.middlewares]
|
||||
[tcp.middlewares.allowing-ipwhitelist.ipWhiteList]
|
||||
[tcp.middlewares.allowing-ipallowlist.ipAllowList]
|
||||
sourceRange = ["127.0.0.1/32"]
|
||||
[tcp.middlewares.blocking-ipwhitelist.ipWhiteList]
|
||||
[tcp.middlewares.blocking-ipallowlist.ipAllowList]
|
||||
sourceRange = ["127.127.127.127/32"]
|
|
@ -75,14 +75,14 @@ services:
|
|||
traefik.http.middlewares.rate.ratelimit.burst: 2
|
||||
traefik.http.services.service3.loadbalancer.server.port: 80
|
||||
|
||||
frontendWhitelist:
|
||||
frontendAllowlist:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.rt-frontendWhitelist.entryPoints: web
|
||||
traefik.http.routers.rt-frontendWhitelist.rule: Host(`frontend.whitelist.docker.local`)
|
||||
traefik.http.routers.rt-frontendWhitelist.middlewares: wl
|
||||
traefik.http.middlewares.wl.ipwhitelist.sourcerange: 8.8.8.8/32
|
||||
traefik.http.routers.rt-frontendAllowlist.entryPoints: web
|
||||
traefik.http.routers.rt-frontendAllowlist.rule: Host(`frontend.allowlist.docker.local`)
|
||||
traefik.http.routers.rt-frontendAllowlist.middlewares: wl
|
||||
traefik.http.middlewares.wl.ipallowlist.sourcerange: 8.8.8.8/32
|
||||
traefik.http.services.service3.loadbalancer.server.port: 80
|
||||
|
||||
networks:
|
||||
|
|
41
integration/resources/compose/allowlist.yml
Normal file
41
integration/resources/compose/allowlist.yml
Normal file
|
@ -0,0 +1,41 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
noOverrideAllowlist:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.rt1.rule: Host(`no.override.allowlist.docker.local`)
|
||||
traefik.http.routers.rt1.middlewares: wl1
|
||||
traefik.http.middlewares.wl1.ipallowList.sourceRange: 8.8.8.8
|
||||
|
||||
overrideIPStrategyRemoteAddrAllowlist:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.rt2.rule: Host(`override.remoteaddr.allowlist.docker.local`)
|
||||
traefik.http.routers.rt2.middlewares: wl2
|
||||
traefik.http.middlewares.wl2.ipallowlist.sourceRange: 8.8.8.8
|
||||
traefik.http.middlewares.wl2.ipallowlist.ipStrategy: true
|
||||
|
||||
overrideIPStrategyDepthAllowlist:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.rt3.rule: Host(`override.depth.allowlist.docker.local`)
|
||||
traefik.http.routers.rt3.middlewares: wl3
|
||||
traefik.http.middlewares.wl3.ipallowlist.sourceRange: 8.8.8.8
|
||||
traefik.http.middlewares.wl3.ipallowlist.ipStrategy.depth: 3
|
||||
|
||||
overrideIPStrategyExcludedIPsAllowlist:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.rt4.rule: Host(`override.excludedips.allowlist.docker.local`)
|
||||
traefik.http.routers.rt4.middlewares: wl4
|
||||
traefik.http.middlewares.wl4.ipallowlist.sourceRange: 8.8.8.8
|
||||
traefik.http.middlewares.wl4.ipallowlist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: traefik-test-network
|
||||
external: true
|
|
@ -1,41 +0,0 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
noOverrideWhitelist:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.rt1.rule: Host(`no.override.whitelist.docker.local`)
|
||||
traefik.http.routers.rt1.middlewares: wl1
|
||||
traefik.http.middlewares.wl1.ipwhiteList.sourceRange: 8.8.8.8
|
||||
|
||||
overrideIPStrategyRemoteAddrWhitelist:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.rt2.rule: Host(`override.remoteaddr.whitelist.docker.local`)
|
||||
traefik.http.routers.rt2.middlewares: wl2
|
||||
traefik.http.middlewares.wl2.ipwhitelist.sourceRange: 8.8.8.8
|
||||
traefik.http.middlewares.wl2.ipwhitelist.ipStrategy: true
|
||||
|
||||
overrideIPStrategyDepthWhitelist:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.rt3.rule: Host(`override.depth.whitelist.docker.local`)
|
||||
traefik.http.routers.rt3.middlewares: wl3
|
||||
traefik.http.middlewares.wl3.ipwhitelist.sourceRange: 8.8.8.8
|
||||
traefik.http.middlewares.wl3.ipwhitelist.ipStrategy.depth: 3
|
||||
|
||||
overrideIPStrategyExcludedIPsWhitelist:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.rt4.rule: Host(`override.excludedips.whitelist.docker.local`)
|
||||
traefik.http.routers.rt4.middlewares: wl4
|
||||
traefik.http.middlewares.wl4.ipwhitelist.sourceRange: 8.8.8.8
|
||||
traefik.http.middlewares.wl4.ipwhitelist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: traefik-test-network
|
||||
external: true
|
|
@ -308,7 +308,7 @@ func (s *SimpleSuite) TestMetricsPrometheusDefaultEntryPoint(c *check.C) {
|
|||
c.Assert(err, checker.IsNil)
|
||||
defer s.killCmd(cmd)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix"))
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix(`/whoami`)"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/whoami", 1*time.Second, try.StatusCodeIs(http.StatusOK))
|
||||
|
@ -369,6 +369,84 @@ func (s *SimpleSuite) TestMetricsPrometheusTwoRoutersOneService(c *check.C) {
|
|||
}
|
||||
}
|
||||
|
||||
// TestMetricsWithBufferingMiddleware checks that the buffering middleware
|
||||
// (which introduces its own response writer in the chain), does not interfere with
|
||||
// the capture middleware on which the metrics mechanism relies.
|
||||
func (s *SimpleSuite) TestMetricsWithBufferingMiddleware(c *check.C) {
|
||||
s.createComposeProject(c, "base")
|
||||
|
||||
s.composeUp(c)
|
||||
defer s.composeDown(c)
|
||||
|
||||
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
_, _ = w.Write([]byte("MORE THAN TEN BYTES IN RESPONSE"))
|
||||
}))
|
||||
|
||||
server.Start()
|
||||
defer server.Close()
|
||||
|
||||
file := s.adaptFile(c, "fixtures/simple_metrics_with_buffer_middleware.toml", struct{ IP string }{IP: strings.TrimPrefix(server.URL, "http://")})
|
||||
defer os.Remove(file)
|
||||
|
||||
cmd, output := s.traefikCmd(withConfigFile(file))
|
||||
defer output(c)
|
||||
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer s.killCmd(cmd)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix(`/without`)"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8001/without", 1*time.Second, try.StatusCodeIs(http.StatusOK))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8002/with-req", strings.NewReader("MORE THAN TEN BYTES IN REQUEST"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
// The request should fail because the body is too large.
|
||||
err = try.Request(req, 1*time.Second, try.StatusCodeIs(http.StatusRequestEntityTooLarge))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
// The request should fail because the response exceeds the configured limit.
|
||||
err = try.GetRequest("http://127.0.0.1:8003/with-resp", 1*time.Second, try.StatusCodeIs(http.StatusInternalServerError))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
request, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/metrics", nil)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
response, err := http.DefaultClient.Do(request)
|
||||
c.Assert(err, checker.IsNil)
|
||||
c.Assert(response.StatusCode, checker.Equals, http.StatusOK)
|
||||
|
||||
body, err := io.ReadAll(response.Body)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
// For allowed requests and responses, the entrypoint and service metrics have the same status code.
|
||||
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_total{code=\"200\",entrypoint=\"webA\",method=\"GET\",protocol=\"http\"} 1")
|
||||
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_bytes_total{code=\"200\",entrypoint=\"webA\",method=\"GET\",protocol=\"http\"} 0")
|
||||
c.Assert(string(body), checker.Contains, "traefik_entrypoint_responses_bytes_total{code=\"200\",entrypoint=\"webA\",method=\"GET\",protocol=\"http\"} 31")
|
||||
|
||||
c.Assert(string(body), checker.Contains, "traefik_service_requests_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-without@file\"} 1")
|
||||
c.Assert(string(body), checker.Contains, "traefik_service_requests_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-without@file\"} 0")
|
||||
c.Assert(string(body), checker.Contains, "traefik_service_responses_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-without@file\"} 31")
|
||||
|
||||
// For forbidden requests, the entrypoints have metrics, the services don't.
|
||||
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_total{code=\"413\",entrypoint=\"webB\",method=\"GET\",protocol=\"http\"} 1")
|
||||
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_bytes_total{code=\"413\",entrypoint=\"webB\",method=\"GET\",protocol=\"http\"} 0")
|
||||
c.Assert(string(body), checker.Contains, "traefik_entrypoint_responses_bytes_total{code=\"413\",entrypoint=\"webB\",method=\"GET\",protocol=\"http\"} 24")
|
||||
|
||||
// For disallowed responses, the entrypoint and service metrics don't have the same status code.
|
||||
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_bytes_total{code=\"500\",entrypoint=\"webC\",method=\"GET\",protocol=\"http\"} 0")
|
||||
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_total{code=\"500\",entrypoint=\"webC\",method=\"GET\",protocol=\"http\"} 1")
|
||||
c.Assert(string(body), checker.Contains, "traefik_entrypoint_responses_bytes_total{code=\"500\",entrypoint=\"webC\",method=\"GET\",protocol=\"http\"} 21")
|
||||
|
||||
c.Assert(string(body), checker.Contains, "traefik_service_requests_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-resp@file\"} 0")
|
||||
c.Assert(string(body), checker.Contains, "traefik_service_requests_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-resp@file\"} 1")
|
||||
c.Assert(string(body), checker.Contains, "traefik_service_responses_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-resp@file\"} 31")
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) {
|
||||
s.createComposeProject(c, "base")
|
||||
|
||||
|
@ -397,13 +475,13 @@ func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) {
|
|||
c.Assert(err, checker.IsNil)
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
|
||||
s.createComposeProject(c, "whitelist")
|
||||
func (s *SimpleSuite) TestIPStrategyAllowlist(c *check.C) {
|
||||
s.createComposeProject(c, "allowlist")
|
||||
|
||||
s.composeUp(c)
|
||||
defer s.composeDown(c)
|
||||
|
||||
cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml"))
|
||||
cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
|
||||
defer output(c)
|
||||
|
||||
err := cmd.Start()
|
||||
|
@ -413,7 +491,7 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
|
|||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.whitelist.docker.local"))
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.allowlist.docker.local"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
testCases := []struct {
|
||||
|
@ -425,31 +503,31 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
|
|||
{
|
||||
desc: "override remote addr reject",
|
||||
xForwardedFor: "8.8.8.8,8.8.8.8",
|
||||
host: "override.remoteaddr.whitelist.docker.local",
|
||||
host: "override.remoteaddr.allowlist.docker.local",
|
||||
expectedStatusCode: 403,
|
||||
},
|
||||
{
|
||||
desc: "override depth accept",
|
||||
xForwardedFor: "8.8.8.8,10.0.0.1,127.0.0.1",
|
||||
host: "override.depth.whitelist.docker.local",
|
||||
host: "override.depth.allowlist.docker.local",
|
||||
expectedStatusCode: 200,
|
||||
},
|
||||
{
|
||||
desc: "override depth reject",
|
||||
xForwardedFor: "10.0.0.1,8.8.8.8,127.0.0.1",
|
||||
host: "override.depth.whitelist.docker.local",
|
||||
host: "override.depth.allowlist.docker.local",
|
||||
expectedStatusCode: 403,
|
||||
},
|
||||
{
|
||||
desc: "override excludedIPs reject",
|
||||
xForwardedFor: "10.0.0.3,10.0.0.1,10.0.0.2",
|
||||
host: "override.excludedips.whitelist.docker.local",
|
||||
host: "override.excludedips.allowlist.docker.local",
|
||||
expectedStatusCode: 403,
|
||||
},
|
||||
{
|
||||
desc: "override excludedIPs accept",
|
||||
xForwardedFor: "8.8.8.8,10.0.0.1,10.0.0.2",
|
||||
host: "override.excludedips.whitelist.docker.local",
|
||||
host: "override.excludedips.allowlist.docker.local",
|
||||
expectedStatusCode: 200,
|
||||
},
|
||||
}
|
||||
|
@ -468,12 +546,12 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
|
|||
}
|
||||
|
||||
func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
|
||||
s.createComposeProject(c, "whitelist")
|
||||
s.createComposeProject(c, "allowlist")
|
||||
|
||||
s.composeUp(c)
|
||||
defer s.composeDown(c)
|
||||
|
||||
cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml"))
|
||||
cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
|
||||
defer output(c)
|
||||
|
||||
err := cmd.Start()
|
||||
|
@ -481,13 +559,13 @@ func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
|
|||
defer s.killCmd(cmd)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second,
|
||||
try.BodyContains("override.remoteaddr.whitelist.docker.local"))
|
||||
try.BodyContains("override.remoteaddr.allowlist.docker.local"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
req.Host = "override.depth.whitelist.docker.local"
|
||||
req.Host = "override.depth.allowlist.docker.local"
|
||||
req.Header.Set("X-Forwarded-For", "8.8.8.8,10.0.0.1,127.0.0.1")
|
||||
|
||||
err = try.Request(req, 1*time.Second,
|
||||
|
|
|
@ -241,8 +241,8 @@ func (s *TCPSuite) TestCatchAllNoTLSWithHTTPS(c *check.C) {
|
|||
c.Assert(err, checker.IsNil)
|
||||
}
|
||||
|
||||
func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) {
|
||||
file := s.adaptFile(c, "fixtures/tcp/ip-whitelist.toml", struct {
|
||||
func (s *TCPSuite) TestMiddlewareAllowList(c *check.C) {
|
||||
file := s.adaptFile(c, "fixtures/tcp/ipallowlist.toml", struct {
|
||||
WhoamiA string
|
||||
WhoamiB string
|
||||
}{
|
||||
|
@ -261,7 +261,7 @@ func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) {
|
|||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-a.test`)"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
// Traefik not passes through, ipWhitelist closes connection
|
||||
// Traefik not passes through, ipAllowList closes connection
|
||||
_, err = guessWhoTLSPassthrough("127.0.0.1:8093", "whoami-a.test")
|
||||
c.Assert(err, checker.ErrorMatches, "EOF")
|
||||
|
||||
|
|
|
@ -173,24 +173,24 @@ func TestHandler_Overview(t *testing.T) {
|
|||
},
|
||||
},
|
||||
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
|
||||
"ipwhitelist1@myprovider": {
|
||||
"ipallowlist1@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
Status: runtime.StatusEnabled,
|
||||
},
|
||||
"ipwhitelist2@myprovider": {
|
||||
"ipallowlist2@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
},
|
||||
"ipwhitelist3@myprovider": {
|
||||
"ipallowlist3@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -512,25 +512,25 @@ func TestHandler_TCP(t *testing.T) {
|
|||
path: "/api/tcp/middlewares",
|
||||
conf: runtime.Configuration{
|
||||
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
|
||||
"ipwhitelist1@myprovider": {
|
||||
"ipallowlist1@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"bar@myprovider", "test@myprovider"},
|
||||
},
|
||||
"ipwhitelist2@myprovider": {
|
||||
"ipallowlist2@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.2/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"test@myprovider"},
|
||||
},
|
||||
"ipwhitelist1@anotherprovider": {
|
||||
"ipallowlist1@anotherprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
@ -549,27 +549,27 @@ func TestHandler_TCP(t *testing.T) {
|
|||
path: "/api/tcp/middlewares?status=enabled",
|
||||
conf: runtime.Configuration{
|
||||
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
|
||||
"ipwhitelist@myprovider": {
|
||||
"ipallowlist@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"bar@myprovider", "test@myprovider"},
|
||||
Status: runtime.StatusEnabled,
|
||||
},
|
||||
"ipwhitelist2@myprovider": {
|
||||
"ipallowlist2@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.2/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"test@myprovider"},
|
||||
Status: runtime.StatusDisabled,
|
||||
},
|
||||
"ipwhitelist@anotherprovider": {
|
||||
"ipallowlist@anotherprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
@ -586,30 +586,30 @@ func TestHandler_TCP(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "middlewares filtered by search",
|
||||
path: "/api/tcp/middlewares?search=ipwhitelist",
|
||||
path: "/api/tcp/middlewares?search=ipallowlist",
|
||||
conf: runtime.Configuration{
|
||||
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
|
||||
"bad@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"bar@myprovider", "test@myprovider"},
|
||||
Status: runtime.StatusEnabled,
|
||||
},
|
||||
"ipwhitelist@myprovider": {
|
||||
"ipallowlist@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"test@myprovider"},
|
||||
Status: runtime.StatusDisabled,
|
||||
},
|
||||
"ipwhitelist@anotherprovider": {
|
||||
"ipallowlist@anotherprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
@ -629,25 +629,25 @@ func TestHandler_TCP(t *testing.T) {
|
|||
path: "/api/tcp/middlewares?page=2&per_page=1",
|
||||
conf: runtime.Configuration{
|
||||
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
|
||||
"ipwhitelist@myprovider": {
|
||||
"ipallowlist@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"bar@myprovider", "test@myprovider"},
|
||||
},
|
||||
"ipwhitelist2@myprovider": {
|
||||
"ipallowlist2@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.2/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"test@myprovider"},
|
||||
},
|
||||
"ipwhitelist@anotherprovider": {
|
||||
"ipallowlist@anotherprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
@ -663,28 +663,28 @@ func TestHandler_TCP(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "one middleware by id",
|
||||
path: "/api/tcp/middlewares/ipwhitelist@myprovider",
|
||||
path: "/api/tcp/middlewares/ipallowlist@myprovider",
|
||||
conf: runtime.Configuration{
|
||||
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
|
||||
"ipwhitelist@myprovider": {
|
||||
"ipallowlist@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"bar@myprovider", "test@myprovider"},
|
||||
},
|
||||
"ipwhitelist2@myprovider": {
|
||||
"ipallowlist2@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.2/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"test@myprovider"},
|
||||
},
|
||||
"ipwhitelist@anotherprovider": {
|
||||
"ipallowlist@anotherprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
@ -694,7 +694,7 @@ func TestHandler_TCP(t *testing.T) {
|
|||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/tcpmiddleware-ipwhitelist.json",
|
||||
jsonFile: "testdata/tcpmiddleware-ipallowlist.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -702,9 +702,9 @@ func TestHandler_TCP(t *testing.T) {
|
|||
path: "/api/tcp/middlewares/foo@myprovider",
|
||||
conf: runtime.Configuration{
|
||||
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
|
||||
"ipwhitelist@myprovider": {
|
||||
"ipallowlist@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
{
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": ["127.0.0.1/32"]
|
||||
},
|
||||
"name": "ipwhitelist@myprovider",
|
||||
"name": "ipallowlist@myprovider",
|
||||
"provider": "myprovider",
|
||||
"status": "enabled",
|
||||
"type": "ipwhitelist",
|
||||
"type": "ipallowlist",
|
||||
"usedBy": [
|
||||
"bar@myprovider",
|
||||
"test@myprovider"
|
||||
]
|
||||
}
|
||||
}
|
|
@ -1,26 +1,26 @@
|
|||
[
|
||||
{
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": ["127.0.0.1/32"]
|
||||
},
|
||||
"name": "ipwhitelist@anotherprovider",
|
||||
"name": "ipallowlist@anotherprovider",
|
||||
"provider": "anotherprovider",
|
||||
"status": "enabled",
|
||||
"type": "ipwhitelist",
|
||||
"type": "ipallowlist",
|
||||
"usedBy": [
|
||||
"bar@myprovider"
|
||||
]
|
||||
},
|
||||
{
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": ["127.0.0.1/32"]
|
||||
},
|
||||
"name": "ipwhitelist@myprovider",
|
||||
"name": "ipallowlist@myprovider",
|
||||
"provider": "myprovider",
|
||||
"status": "disabled",
|
||||
"type": "ipwhitelist",
|
||||
"type": "ipallowlist",
|
||||
"usedBy": [
|
||||
"test@myprovider"
|
||||
]
|
||||
}
|
||||
]
|
||||
]
|
||||
|
|
|
@ -1,27 +1,27 @@
|
|||
[
|
||||
{
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": ["127.0.0.1/32"]
|
||||
},
|
||||
"name": "ipwhitelist@anotherprovider",
|
||||
"name": "ipallowlist@anotherprovider",
|
||||
"provider": "anotherprovider",
|
||||
"status": "enabled",
|
||||
"type": "ipwhitelist",
|
||||
"type": "ipallowlist",
|
||||
"usedBy": [
|
||||
"bar@myprovider"
|
||||
]
|
||||
},
|
||||
{
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": ["127.0.0.1/32"]
|
||||
},
|
||||
"name": "ipwhitelist@myprovider",
|
||||
"name": "ipallowlist@myprovider",
|
||||
"provider": "myprovider",
|
||||
"status": "enabled",
|
||||
"type": "ipwhitelist",
|
||||
"type": "ipallowlist",
|
||||
"usedBy": [
|
||||
"bar@myprovider",
|
||||
"test@myprovider"
|
||||
]
|
||||
}
|
||||
]
|
||||
]
|
||||
|
|
8
pkg/api/testdata/tcpmiddlewares-page2.json
vendored
8
pkg/api/testdata/tcpmiddlewares-page2.json
vendored
|
@ -1,14 +1,14 @@
|
|||
[
|
||||
{
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": ["127.0.0.1/32"]
|
||||
},
|
||||
"name": "ipwhitelist@anotherprovider",
|
||||
"name": "ipallowlist@anotherprovider",
|
||||
"provider": "anotherprovider",
|
||||
"status": "enabled",
|
||||
"type": "ipwhitelist",
|
||||
"type": "ipallowlist",
|
||||
"usedBy": [
|
||||
"bar@myprovider"
|
||||
]
|
||||
}
|
||||
]
|
||||
]
|
||||
|
|
20
pkg/api/testdata/tcpmiddlewares.json
vendored
20
pkg/api/testdata/tcpmiddlewares.json
vendored
|
@ -1,39 +1,39 @@
|
|||
[
|
||||
{
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": ["127.0.0.1/32"]
|
||||
},
|
||||
"name": "ipwhitelist1@anotherprovider",
|
||||
"name": "ipallowlist1@anotherprovider",
|
||||
"provider": "anotherprovider",
|
||||
"status": "enabled",
|
||||
"type": "ipwhitelist",
|
||||
"type": "ipallowlist",
|
||||
"usedBy": [
|
||||
"bar@myprovider"
|
||||
]
|
||||
},
|
||||
{
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": ["127.0.0.1/32"]
|
||||
},
|
||||
"name": "ipwhitelist1@myprovider",
|
||||
"name": "ipallowlist1@myprovider",
|
||||
"provider": "myprovider",
|
||||
"status": "enabled",
|
||||
"type": "ipwhitelist",
|
||||
"type": "ipallowlist",
|
||||
"usedBy": [
|
||||
"bar@myprovider",
|
||||
"test@myprovider"
|
||||
]
|
||||
},
|
||||
{
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": ["127.0.0.2/32"]
|
||||
},
|
||||
"name": "ipwhitelist2@myprovider",
|
||||
"name": "ipallowlist2@myprovider",
|
||||
"provider": "myprovider",
|
||||
"status": "enabled",
|
||||
"type": "ipwhitelist",
|
||||
"type": "ipallowlist",
|
||||
"usedBy": [
|
||||
"test@myprovider"
|
||||
]
|
||||
}
|
||||
]
|
||||
]
|
||||
|
|
|
@ -358,11 +358,11 @@
|
|||
[http.middlewares.Middleware5.chain]
|
||||
middlewares = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware6]
|
||||
[http.middlewares.Middleware6.ipWhiteList]
|
||||
[http.middlewares.Middleware6.ipAllowList]
|
||||
sourceRange = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware7]
|
||||
[http.middlewares.Middleware7.ipWhiteList]
|
||||
[http.middlewares.Middleware7.ipWhiteList.ipStrategy]
|
||||
[http.middlewares.Middleware7.ipAllowList]
|
||||
[http.middlewares.Middleware7.ipAllowList.ipStrategy]
|
||||
depth = 42
|
||||
excludedIPs = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware8]
|
||||
|
|
|
@ -18,7 +18,7 @@ type Middleware struct {
|
|||
ReplacePath *ReplacePath `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"`
|
||||
ReplacePathRegex *ReplacePathRegex `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"`
|
||||
Chain *Chain `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"`
|
||||
IPWhiteList *IPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"`
|
||||
IPAllowList *IPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
|
||||
Headers *Headers `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
|
||||
Errors *ErrorPage `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"`
|
||||
RateLimit *RateLimit `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"`
|
||||
|
@ -34,12 +34,23 @@ type Middleware struct {
|
|||
PassTLSClientCert *PassTLSClientCert `json:"passTLSClientCert,omitempty" toml:"passTLSClientCert,omitempty" yaml:"passTLSClientCert,omitempty" export:"true"`
|
||||
Retry *Retry `json:"retry,omitempty" toml:"retry,omitempty" yaml:"retry,omitempty" export:"true"`
|
||||
ContentType *ContentType `json:"contentType,omitempty" toml:"contentType,omitempty" yaml:"contentType,omitempty" export:"true"`
|
||||
GrpcWeb *GrpcWeb `json:"grpcWeb,omitempty" toml:"grpcWeb,omitempty" yaml:"grpcWeb,omitempty" export:"true"`
|
||||
|
||||
Plugin map[string]PluginConf `json:"plugin,omitempty" toml:"plugin,omitempty" yaml:"plugin,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// GrpcWeb holds the gRPC web middleware configuration.
|
||||
// This middleware converts a gRPC web request to an HTTP/2 gRPC request.
|
||||
type GrpcWeb struct {
|
||||
// AllowOrigins is a list of allowable origins.
|
||||
// Can also be a wildcard origin "*".
|
||||
AllowOrigins []string `json:"allowOrigins,omitempty" toml:"allowOrigins,omitempty" yaml:"allowOrigins,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// ContentType holds the content-type middleware configuration.
|
||||
// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
|
||||
type ContentType struct {
|
||||
|
@ -346,7 +357,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
|
|||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy
|
||||
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy
|
||||
type IPStrategy struct {
|
||||
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
|
||||
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
|
||||
|
@ -385,10 +396,10 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
|
|||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// IPWhiteList holds the IP whitelist middleware configuration.
|
||||
// IPAllowList holds the IP allowlist middleware configuration.
|
||||
// This middleware accepts / refuses requests based on the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/
|
||||
type IPWhiteList struct {
|
||||
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/
|
||||
type IPAllowList struct {
|
||||
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
|
||||
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
|
||||
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
|
||||
|
|
|
@ -5,7 +5,7 @@ package dynamic
|
|||
// TCPMiddleware holds the TCPMiddleware configuration.
|
||||
type TCPMiddleware struct {
|
||||
InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"`
|
||||
IPWhiteList *TCPIPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"`
|
||||
IPAllowList *TCPIPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
@ -22,9 +22,9 @@ type TCPInFlightConn struct {
|
|||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// TCPIPWhiteList holds the TCP IPWhiteList middleware configuration.
|
||||
// TCPIPAllowList holds the TCP IPAllowList middleware configuration.
|
||||
// This middleware accepts/refuses connections based on the client IP.
|
||||
type TCPIPWhiteList struct {
|
||||
type TCPIPAllowList struct {
|
||||
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
|
||||
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
|
||||
}
|
||||
|
|
|
@ -353,6 +353,27 @@ func (in *ForwardingTimeouts) DeepCopy() *ForwardingTimeouts {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *GrpcWeb) DeepCopyInto(out *GrpcWeb) {
|
||||
*out = *in
|
||||
if in.AllowOrigins != nil {
|
||||
in, out := &in.AllowOrigins, &out.AllowOrigins
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrpcWeb.
|
||||
func (in *GrpcWeb) DeepCopy() *GrpcWeb {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(GrpcWeb)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *HTTPConfiguration) DeepCopyInto(out *HTTPConfiguration) {
|
||||
*out = *in
|
||||
|
@ -532,6 +553,32 @@ func (in *HealthCheck) DeepCopy() *HealthCheck {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *IPAllowList) DeepCopyInto(out *IPAllowList) {
|
||||
*out = *in
|
||||
if in.SourceRange != nil {
|
||||
in, out := &in.SourceRange, &out.SourceRange
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.IPStrategy != nil {
|
||||
in, out := &in.IPStrategy, &out.IPStrategy
|
||||
*out = new(IPStrategy)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAllowList.
|
||||
func (in *IPAllowList) DeepCopy() *IPAllowList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(IPAllowList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *IPStrategy) DeepCopyInto(out *IPStrategy) {
|
||||
*out = *in
|
||||
|
@ -553,32 +600,6 @@ func (in *IPStrategy) DeepCopy() *IPStrategy {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *IPWhiteList) DeepCopyInto(out *IPWhiteList) {
|
||||
*out = *in
|
||||
if in.SourceRange != nil {
|
||||
in, out := &in.SourceRange, &out.SourceRange
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.IPStrategy != nil {
|
||||
in, out := &in.IPStrategy, &out.IPStrategy
|
||||
*out = new(IPStrategy)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPWhiteList.
|
||||
func (in *IPWhiteList) DeepCopy() *IPWhiteList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(IPWhiteList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *InFlightReq) DeepCopyInto(out *InFlightReq) {
|
||||
*out = *in
|
||||
|
@ -654,9 +675,9 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
|
|||
*out = new(Chain)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.IPWhiteList != nil {
|
||||
in, out := &in.IPWhiteList, &out.IPWhiteList
|
||||
*out = new(IPWhiteList)
|
||||
if in.IPAllowList != nil {
|
||||
in, out := &in.IPAllowList, &out.IPAllowList
|
||||
*out = new(IPAllowList)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.Headers != nil {
|
||||
|
@ -734,6 +755,11 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
|
|||
*out = new(ContentType)
|
||||
**out = **in
|
||||
}
|
||||
if in.GrpcWeb != nil {
|
||||
in, out := &in.GrpcWeb, &out.GrpcWeb
|
||||
*out = new(GrpcWeb)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.Plugin != nil {
|
||||
in, out := &in.Plugin, &out.Plugin
|
||||
*out = make(map[string]PluginConf, len(*in))
|
||||
|
@ -1384,7 +1410,7 @@ func (in *TCPConfiguration) DeepCopy() *TCPConfiguration {
|
|||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) {
|
||||
func (in *TCPIPAllowList) DeepCopyInto(out *TCPIPAllowList) {
|
||||
*out = *in
|
||||
if in.SourceRange != nil {
|
||||
in, out := &in.SourceRange, &out.SourceRange
|
||||
|
@ -1394,12 +1420,12 @@ func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) {
|
|||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPWhiteList.
|
||||
func (in *TCPIPWhiteList) DeepCopy() *TCPIPWhiteList {
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPAllowList.
|
||||
func (in *TCPIPAllowList) DeepCopy() *TCPIPAllowList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(TCPIPWhiteList)
|
||||
out := new(TCPIPAllowList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
@ -1428,9 +1454,9 @@ func (in *TCPMiddleware) DeepCopyInto(out *TCPMiddleware) {
|
|||
*out = new(TCPInFlightConn)
|
||||
**out = **in
|
||||
}
|
||||
if in.IPWhiteList != nil {
|
||||
in, out := &in.IPWhiteList, &out.IPWhiteList
|
||||
*out = new(TCPIPWhiteList)
|
||||
if in.IPAllowList != nil {
|
||||
in, out := &in.IPAllowList, &out.IPAllowList
|
||||
*out = new(TCPIPAllowList)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
return
|
||||
|
|
|
@ -82,9 +82,9 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true",
|
||||
"traefik.http.middlewares.Middleware8.headers.stspreload": "true",
|
||||
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
|
||||
"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth": "42",
|
||||
"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips": "foobar, fiibar",
|
||||
"traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange": "foobar, fiibar",
|
||||
"traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.depth": "42",
|
||||
"traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.excludedips": "foobar, fiibar",
|
||||
"traefik.http.middlewares.Middleware9.ipallowlist.sourcerange": "foobar, fiibar",
|
||||
"traefik.http.middlewares.Middleware10.inflightreq.amount": "42",
|
||||
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth": "42",
|
||||
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar",
|
||||
|
@ -180,7 +180,7 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
"traefik.http.services.Service1.loadbalancer.sticky": "false",
|
||||
"traefik.http.services.Service1.loadbalancer.sticky.cookie.name": "fui",
|
||||
|
||||
"traefik.tcp.middlewares.Middleware0.ipwhitelist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.middlewares.Middleware0.ipallowlist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.middlewares.Middleware2.inflightconn.amount": "42",
|
||||
"traefik.tcp.routers.Router0.rule": "foobar",
|
||||
"traefik.tcp.routers.Router0.priority": "42",
|
||||
|
@ -244,7 +244,7 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"Middleware0": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"foobar", "fiibar"},
|
||||
},
|
||||
},
|
||||
|
@ -611,7 +611,7 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
},
|
||||
},
|
||||
"Middleware9": {
|
||||
IPWhiteList: &dynamic.IPWhiteList{
|
||||
IPAllowList: &dynamic.IPAllowList{
|
||||
SourceRange: []string{
|
||||
"foobar",
|
||||
"fiibar",
|
||||
|
@ -741,7 +741,7 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"Middleware0": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"foobar", "fiibar"},
|
||||
},
|
||||
},
|
||||
|
@ -1113,7 +1113,7 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
},
|
||||
},
|
||||
"Middleware9": {
|
||||
IPWhiteList: &dynamic.IPWhiteList{
|
||||
IPAllowList: &dynamic.IPAllowList{
|
||||
SourceRange: []string{
|
||||
"foobar",
|
||||
"fiibar",
|
||||
|
@ -1265,9 +1265,9 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
|
||||
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth": "42",
|
||||
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs": "foobar, fiibar",
|
||||
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange": "foobar, fiibar",
|
||||
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.Depth": "42",
|
||||
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.ExcludedIPs": "foobar, fiibar",
|
||||
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.SourceRange": "foobar, fiibar",
|
||||
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount": "42",
|
||||
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth": "42",
|
||||
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar",
|
||||
|
@ -1360,7 +1360,7 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
"traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme": "foobar",
|
||||
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0": "foobar",
|
||||
|
||||
"traefik.TCP.Middlewares.Middleware0.IPWhiteList.SourceRange": "foobar, fiibar",
|
||||
"traefik.TCP.Middlewares.Middleware0.IPAllowList.SourceRange": "foobar, fiibar",
|
||||
"traefik.TCP.Middlewares.Middleware2.InFlightConn.Amount": "42",
|
||||
"traefik.TCP.Routers.Router0.Rule": "foobar",
|
||||
"traefik.TCP.Routers.Router0.Priority": "42",
|
||||
|
|
|
@ -11,25 +11,25 @@ import (
|
|||
func TestIsAuthorized(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
whiteList []string
|
||||
allowList []string
|
||||
remoteAddr string
|
||||
authorized bool
|
||||
}{
|
||||
{
|
||||
desc: "remoteAddr not in range",
|
||||
whiteList: []string{"1.2.3.4/24"},
|
||||
allowList: []string{"1.2.3.4/24"},
|
||||
remoteAddr: "10.2.3.1:123",
|
||||
authorized: false,
|
||||
},
|
||||
{
|
||||
desc: "remoteAddr in range",
|
||||
whiteList: []string{"1.2.3.4/24"},
|
||||
allowList: []string{"1.2.3.4/24"},
|
||||
remoteAddr: "1.2.3.1:123",
|
||||
authorized: true,
|
||||
},
|
||||
{
|
||||
desc: "octal ip in remoteAddr",
|
||||
whiteList: []string{"127.2.3.4/24"},
|
||||
allowList: []string{"127.2.3.4/24"},
|
||||
remoteAddr: "0127.2.3.1:123",
|
||||
authorized: false,
|
||||
},
|
||||
|
@ -40,7 +40,7 @@ func TestIsAuthorized(t *testing.T) {
|
|||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ipChecker, err := NewChecker(test.whiteList)
|
||||
ipChecker, err := NewChecker(test.allowList)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = ipChecker.IsAuthorized(test.remoteAddr)
|
||||
|
|
|
@ -227,6 +227,15 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http
|
|||
core[ClientHost] = forwardedFor
|
||||
}
|
||||
|
||||
ctx := req.Context()
|
||||
capt, err := capture.FromContext(ctx)
|
||||
if err != nil {
|
||||
log.FromContext(log.With(ctx, log.Str(log.MiddlewareType, "AccessLogs"))).
|
||||
WithError(err).
|
||||
Errorf("Could not get Capture")
|
||||
return
|
||||
}
|
||||
|
||||
next.ServeHTTP(rw, reqWithDataTable)
|
||||
|
||||
if _, ok := core[ClientUsername]; !ok {
|
||||
|
@ -237,13 +246,6 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http
|
|||
headers: rw.Header().Clone(),
|
||||
}
|
||||
|
||||
ctx := req.Context()
|
||||
capt, err := capture.FromContext(ctx)
|
||||
if err != nil {
|
||||
log.FromContext(log.With(ctx, log.Str(log.MiddlewareType, "AccessLogs"))).Errorf("Could not get Capture: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
logDataTable.DownstreamResponse.status = capt.StatusCode()
|
||||
logDataTable.DownstreamResponse.size = capt.ResponseSize()
|
||||
logDataTable.Request.size = capt.RequestSize()
|
||||
|
|
|
@ -57,7 +57,7 @@ func TestLogRotation(t *testing.T) {
|
|||
})
|
||||
|
||||
chain := alice.New()
|
||||
chain = chain.Append(capture.WrapHandler(&capture.Handler{}))
|
||||
chain = chain.Append(capture.Wrap)
|
||||
chain = chain.Append(WrapHandler(logHandler))
|
||||
handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
rw.WriteHeader(http.StatusOK)
|
||||
|
@ -210,7 +210,7 @@ func TestLoggerHeaderFields(t *testing.T) {
|
|||
}
|
||||
|
||||
chain := alice.New()
|
||||
chain = chain.Append(capture.WrapHandler(&capture.Handler{}))
|
||||
chain = chain.Append(capture.Wrap)
|
||||
chain = chain.Append(WrapHandler(logger))
|
||||
handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
rw.WriteHeader(http.StatusOK)
|
||||
|
@ -784,7 +784,7 @@ func doLoggingTLSOpt(t *testing.T, config *types.AccessLog, enableTLS bool) {
|
|||
}
|
||||
|
||||
chain := alice.New()
|
||||
chain = chain.Append(capture.WrapHandler(&capture.Handler{}))
|
||||
chain = chain.Append(capture.Wrap)
|
||||
chain = chain.Append(WrapHandler(logger))
|
||||
handler, err := chain.Then(http.HandlerFunc(logWriterTestHandlerFunc))
|
||||
require.NoError(t, err)
|
||||
|
|
|
@ -3,9 +3,8 @@
|
|||
// For another middleware to get those attributes of a request/response, this middleware
|
||||
// should be added before in the middleware chain.
|
||||
//
|
||||
// handler, _ := NewHandler()
|
||||
// chain := alice.New().
|
||||
// Append(WrapHandler(handler)).
|
||||
// Append(capture.Wrap).
|
||||
// Append(myOtherMiddleware).
|
||||
// then(...)
|
||||
//
|
||||
|
@ -33,7 +32,6 @@ import (
|
|||
"net"
|
||||
"net/http"
|
||||
|
||||
"github.com/containous/alice"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares"
|
||||
)
|
||||
|
||||
|
@ -41,62 +39,67 @@ type key string
|
|||
|
||||
const capturedData key = "capturedData"
|
||||
|
||||
// Handler will store each request data to its context.
|
||||
type Handler struct{}
|
||||
|
||||
// WrapHandler wraps capture handler into an Alice Constructor.
|
||||
func WrapHandler(handler *Handler) alice.Constructor {
|
||||
return func(next http.Handler) (http.Handler, error) {
|
||||
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
handler.ServeHTTP(rw, req, next)
|
||||
}), nil
|
||||
}
|
||||
// Wrap returns a new handler that inserts a Capture into the given handler.
|
||||
// It satisfies the alice.Constructor type.
|
||||
func Wrap(handler http.Handler) (http.Handler, error) {
|
||||
c := Capture{}
|
||||
return c.Reset(handler), nil
|
||||
}
|
||||
|
||||
func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http.Handler) {
|
||||
c := Capture{}
|
||||
if req.Body != nil {
|
||||
readCounter := &readCounter{source: req.Body}
|
||||
c.rr = readCounter
|
||||
req.Body = readCounter
|
||||
// FromContext returns the Capture value found in ctx, or an empty Capture otherwise.
|
||||
func FromContext(ctx context.Context) (Capture, error) {
|
||||
c := ctx.Value(capturedData)
|
||||
if c == nil {
|
||||
return Capture{}, errors.New("value not found in context")
|
||||
}
|
||||
responseWriter := newResponseWriter(rw)
|
||||
c.rw = responseWriter
|
||||
ctx := context.WithValue(req.Context(), capturedData, &c)
|
||||
next.ServeHTTP(responseWriter, req.WithContext(ctx))
|
||||
capt, ok := c.(*Capture)
|
||||
if !ok {
|
||||
return Capture{}, errors.New("value stored in context is not a *Capture")
|
||||
}
|
||||
return *capt, nil
|
||||
}
|
||||
|
||||
// Capture is the object populated by the capture middleware,
|
||||
// allowing to gather information about the request and response.
|
||||
// holding probes that allow to gather information about the request and response.
|
||||
type Capture struct {
|
||||
rr *readCounter
|
||||
rw responseWriter
|
||||
}
|
||||
|
||||
// FromContext returns the Capture value found in ctx, or an empty Capture otherwise.
|
||||
func FromContext(ctx context.Context) (*Capture, error) {
|
||||
c := ctx.Value(capturedData)
|
||||
if c == nil {
|
||||
return nil, errors.New("value not found")
|
||||
}
|
||||
capt, ok := c.(*Capture)
|
||||
if !ok {
|
||||
return nil, errors.New("value stored in Context is not a *Capture")
|
||||
}
|
||||
return capt, nil
|
||||
// NeedsReset returns whether the given http.ResponseWriter is the capture's probe.
|
||||
func (c *Capture) NeedsReset(rw http.ResponseWriter) bool {
|
||||
return c.rw != rw
|
||||
}
|
||||
|
||||
func (c Capture) ResponseSize() int64 {
|
||||
// Reset returns a new handler that renews the Capture's probes, and inserts
|
||||
// them when deferring to next.
|
||||
func (c *Capture) Reset(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
ctx := context.WithValue(req.Context(), capturedData, c)
|
||||
newReq := req.WithContext(ctx)
|
||||
|
||||
if newReq.Body != nil {
|
||||
readCounter := &readCounter{source: newReq.Body}
|
||||
c.rr = readCounter
|
||||
newReq.Body = readCounter
|
||||
}
|
||||
c.rw = newResponseWriter(rw)
|
||||
|
||||
next.ServeHTTP(c.rw, newReq)
|
||||
})
|
||||
}
|
||||
|
||||
func (c *Capture) ResponseSize() int64 {
|
||||
return c.rw.Size()
|
||||
}
|
||||
|
||||
func (c Capture) StatusCode() int {
|
||||
func (c *Capture) StatusCode() int {
|
||||
return c.rw.Status()
|
||||
}
|
||||
|
||||
// RequestSize returns the size of the request's body if it applies,
|
||||
// zero otherwise.
|
||||
func (c Capture) RequestSize() int64 {
|
||||
func (c *Capture) RequestSize() int64 {
|
||||
if c.rr == nil {
|
||||
return 0
|
||||
}
|
||||
|
|
|
@ -38,9 +38,8 @@ func TestCapture(t *testing.T) {
|
|||
assert.Equal(t, "bar", string(all))
|
||||
})
|
||||
|
||||
wrapped := WrapHandler(&Handler{})
|
||||
chain := alice.New()
|
||||
chain = chain.Append(wrapped)
|
||||
chain = chain.Append(Wrap)
|
||||
chain = chain.Append(wrapMiddleware)
|
||||
handlers, err := chain.Then(handler)
|
||||
require.NoError(t, err)
|
||||
|
@ -142,8 +141,7 @@ func BenchmarkCapture(b *testing.B) {
|
|||
|
||||
chain := alice.New()
|
||||
if test.capture || test.body {
|
||||
captureWrapped := WrapHandler(&Handler{})
|
||||
chain = chain.Append(captureWrapped)
|
||||
chain = chain.Append(Wrap)
|
||||
}
|
||||
handlers, err := chain.Then(next)
|
||||
require.NoError(b, err)
|
||||
|
|
27
pkg/middlewares/grpcweb/grpcweb.go
Normal file
27
pkg/middlewares/grpcweb/grpcweb.go
Normal file
|
@ -0,0 +1,27 @@
|
|||
package grpcweb
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"github.com/improbable-eng/grpc-web/go/grpcweb"
|
||||
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
||||
"github.com/traefik/traefik/v2/pkg/log"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares"
|
||||
)
|
||||
|
||||
const typeName = "grpc-web"
|
||||
|
||||
// New builds a new gRPC web request converter.
|
||||
func New(ctx context.Context, next http.Handler, config dynamic.GrpcWeb, name string) http.Handler {
|
||||
log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)).Debug("Creating middleware")
|
||||
|
||||
return grpcweb.WrapHandler(next, grpcweb.WithCorsForRegisteredEndpointsOnly(false), grpcweb.WithOriginFunc(func(origin string) bool {
|
||||
for _, originCfg := range config.AllowOrigins {
|
||||
if originCfg == "*" || originCfg == origin {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}))
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
package ipwhitelist
|
||||
package ipallowlist
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
@ -15,29 +15,29 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
typeName = "IPWhiteLister"
|
||||
typeName = "IPAllowLister"
|
||||
)
|
||||
|
||||
// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists.
|
||||
type ipWhiteLister struct {
|
||||
// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
|
||||
type ipAllowLister struct {
|
||||
next http.Handler
|
||||
whiteLister *ip.Checker
|
||||
allowLister *ip.Checker
|
||||
strategy ip.Strategy
|
||||
name string
|
||||
}
|
||||
|
||||
// New builds a new IPWhiteLister given a list of CIDR-Strings to whitelist.
|
||||
func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, name string) (http.Handler, error) {
|
||||
// New builds a new IPAllowLister given a list of CIDR-Strings to allow.
|
||||
func New(ctx context.Context, next http.Handler, config dynamic.IPAllowList, name string) (http.Handler, error) {
|
||||
logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
|
||||
logger.Debug("Creating middleware")
|
||||
|
||||
if len(config.SourceRange) == 0 {
|
||||
return nil, errors.New("sourceRange is empty, IPWhiteLister not created")
|
||||
return nil, errors.New("sourceRange is empty, IPAllowLister not created")
|
||||
}
|
||||
|
||||
checker, err := ip.NewChecker(config.SourceRange)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err)
|
||||
return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
|
||||
}
|
||||
|
||||
strategy, err := config.IPStrategy.Get()
|
||||
|
@ -45,26 +45,26 @@ func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, nam
|
|||
return nil, err
|
||||
}
|
||||
|
||||
logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange)
|
||||
logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
|
||||
|
||||
return &ipWhiteLister{
|
||||
return &ipAllowLister{
|
||||
strategy: strategy,
|
||||
whiteLister: checker,
|
||||
allowLister: checker,
|
||||
next: next,
|
||||
name: name,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (wl *ipWhiteLister) GetTracingInformation() (string, ext.SpanKindEnum) {
|
||||
return wl.name, tracing.SpanKindNoneEnum
|
||||
func (al *ipAllowLister) GetTracingInformation() (string, ext.SpanKindEnum) {
|
||||
return al.name, tracing.SpanKindNoneEnum
|
||||
}
|
||||
|
||||
func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
ctx := middlewares.GetLoggerCtx(req.Context(), wl.name, typeName)
|
||||
func (al *ipAllowLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
ctx := middlewares.GetLoggerCtx(req.Context(), al.name, typeName)
|
||||
logger := log.FromContext(ctx)
|
||||
|
||||
clientIP := wl.strategy.GetIP(req)
|
||||
err := wl.whiteLister.IsAuthorized(clientIP)
|
||||
clientIP := al.strategy.GetIP(req)
|
||||
err := al.allowLister.IsAuthorized(clientIP)
|
||||
if err != nil {
|
||||
msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err)
|
||||
logger.Debug(msg)
|
||||
|
@ -74,7 +74,7 @@ func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||
}
|
||||
logger.Debugf("Accepting IP %s", clientIP)
|
||||
|
||||
wl.next.ServeHTTP(rw, req)
|
||||
al.next.ServeHTTP(rw, req)
|
||||
}
|
||||
|
||||
func reject(ctx context.Context, rw http.ResponseWriter) {
|
|
@ -1,4 +1,4 @@
|
|||
package ipwhitelist
|
||||
package ipallowlist
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
@ -11,22 +11,22 @@ import (
|
|||
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
||||
)
|
||||
|
||||
func TestNewIPWhiteLister(t *testing.T) {
|
||||
func TestNewIPAllowLister(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
whiteList dynamic.IPWhiteList
|
||||
allowList dynamic.IPAllowList
|
||||
expectedError bool
|
||||
}{
|
||||
{
|
||||
desc: "invalid IP",
|
||||
whiteList: dynamic.IPWhiteList{
|
||||
allowList: dynamic.IPAllowList{
|
||||
SourceRange: []string{"foo"},
|
||||
},
|
||||
expectedError: true,
|
||||
},
|
||||
{
|
||||
desc: "valid IP",
|
||||
whiteList: dynamic.IPWhiteList{
|
||||
allowList: dynamic.IPAllowList{
|
||||
SourceRange: []string{"10.10.10.10"},
|
||||
},
|
||||
},
|
||||
|
@ -38,28 +38,28 @@ func TestNewIPWhiteLister(t *testing.T) {
|
|||
t.Parallel()
|
||||
|
||||
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
||||
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
|
||||
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
|
||||
|
||||
if test.expectedError {
|
||||
assert.Error(t, err)
|
||||
} else {
|
||||
require.NoError(t, err)
|
||||
assert.NotNil(t, whiteLister)
|
||||
assert.NotNil(t, allowLister)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestIPWhiteLister_ServeHTTP(t *testing.T) {
|
||||
func TestIPAllowLister_ServeHTTP(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
whiteList dynamic.IPWhiteList
|
||||
allowList dynamic.IPAllowList
|
||||
remoteAddr string
|
||||
expected int
|
||||
}{
|
||||
{
|
||||
desc: "authorized with remote address",
|
||||
whiteList: dynamic.IPWhiteList{
|
||||
allowList: dynamic.IPAllowList{
|
||||
SourceRange: []string{"20.20.20.20"},
|
||||
},
|
||||
remoteAddr: "20.20.20.20:1234",
|
||||
|
@ -67,7 +67,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "non authorized with remote address",
|
||||
whiteList: dynamic.IPWhiteList{
|
||||
allowList: dynamic.IPAllowList{
|
||||
SourceRange: []string{"20.20.20.20"},
|
||||
},
|
||||
remoteAddr: "20.20.20.21:1234",
|
||||
|
@ -81,7 +81,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
|
|||
t.Parallel()
|
||||
|
||||
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
||||
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
|
||||
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
|
||||
require.NoError(t, err)
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
|
@ -92,7 +92,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
|
|||
req.RemoteAddr = test.remoteAddr
|
||||
}
|
||||
|
||||
whiteLister.ServeHTTP(recorder, req)
|
||||
allowLister.ServeHTTP(recorder, req)
|
||||
|
||||
assert.Equal(t, test.expected, recorder.Code)
|
||||
})
|
|
@ -24,6 +24,7 @@ const (
|
|||
protoWebsocket = "websocket"
|
||||
typeName = "Metrics"
|
||||
nameEntrypoint = "metrics-entrypoint"
|
||||
nameRouter = "metrics-router"
|
||||
nameService = "metrics-service"
|
||||
)
|
||||
|
||||
|
@ -56,7 +57,7 @@ func NewEntryPointMiddleware(ctx context.Context, next http.Handler, registry me
|
|||
|
||||
// NewRouterMiddleware creates a new metrics middleware for a Router.
|
||||
func NewRouterMiddleware(ctx context.Context, next http.Handler, registry metrics.Registry, routerName string, serviceName string) http.Handler {
|
||||
log.FromContext(middlewares.GetLoggerCtx(ctx, nameEntrypoint, typeName)).Debug("Creating middleware")
|
||||
log.FromContext(middlewares.GetLoggerCtx(ctx, nameRouter, typeName)).Debug("Creating middleware")
|
||||
|
||||
return &metricsMiddleware{
|
||||
next: next,
|
||||
|
@ -125,17 +126,25 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)
|
|||
m.reqsTLSCounter.With(tlsLabels...).Add(1)
|
||||
}
|
||||
|
||||
start := time.Now()
|
||||
|
||||
m.next.ServeHTTP(rw, req)
|
||||
|
||||
ctx := req.Context()
|
||||
|
||||
capt, err := capture.FromContext(ctx)
|
||||
if err != nil {
|
||||
log.FromContext(middlewares.GetLoggerCtx(ctx, nameEntrypoint, typeName)).Errorf("Could not get Capture: %w", err)
|
||||
for i := 0; i < len(m.baseLabels); i += 2 {
|
||||
ctx = log.With(ctx, log.Str(m.baseLabels[i], m.baseLabels[i+1]))
|
||||
}
|
||||
log.FromContext(ctx).WithError(err).Errorf("Could not get Capture")
|
||||
return
|
||||
}
|
||||
|
||||
next := m.next
|
||||
if capt.NeedsReset(rw) {
|
||||
next = capt.Reset(m.next)
|
||||
}
|
||||
|
||||
start := time.Now()
|
||||
next.ServeHTTP(rw, req)
|
||||
|
||||
labels = append(labels, "code", strconv.Itoa(capt.StatusCode()))
|
||||
m.reqDurationHistogram.With(labels...).ObserveFromStart(start)
|
||||
m.reqsCounter.With(labels...).Add(1)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
package tcpinflightconn
|
||||
package inflightconn
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
package tcpinflightconn
|
||||
package inflightconn
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
package tcpipwhitelist
|
||||
package ipallowlist
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
@ -13,46 +13,46 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
typeName = "IPWhiteListerTCP"
|
||||
typeName = "IPAllowListerTCP"
|
||||
)
|
||||
|
||||
// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists.
|
||||
type ipWhiteLister struct {
|
||||
// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
|
||||
type ipAllowLister struct {
|
||||
next tcp.Handler
|
||||
whiteLister *ip.Checker
|
||||
allowLister *ip.Checker
|
||||
name string
|
||||
}
|
||||
|
||||
// New builds a new TCP IPWhiteLister given a list of CIDR-Strings to whitelist.
|
||||
func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPWhiteList, name string) (tcp.Handler, error) {
|
||||
// New builds a new TCP IPAllowLister given a list of CIDR-Strings to allow.
|
||||
func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPAllowList, name string) (tcp.Handler, error) {
|
||||
logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
|
||||
logger.Debug("Creating middleware")
|
||||
|
||||
if len(config.SourceRange) == 0 {
|
||||
return nil, errors.New("sourceRange is empty, IPWhiteLister not created")
|
||||
return nil, errors.New("sourceRange is empty, IPAllowLister not created")
|
||||
}
|
||||
|
||||
checker, err := ip.NewChecker(config.SourceRange)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err)
|
||||
return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
|
||||
}
|
||||
|
||||
logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange)
|
||||
logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
|
||||
|
||||
return &ipWhiteLister{
|
||||
whiteLister: checker,
|
||||
return &ipAllowLister{
|
||||
allowLister: checker,
|
||||
next: next,
|
||||
name: name,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) {
|
||||
ctx := middlewares.GetLoggerCtx(context.Background(), wl.name, typeName)
|
||||
func (al *ipAllowLister) ServeTCP(conn tcp.WriteCloser) {
|
||||
ctx := middlewares.GetLoggerCtx(context.Background(), al.name, typeName)
|
||||
logger := log.FromContext(ctx)
|
||||
|
||||
addr := conn.RemoteAddr().String()
|
||||
|
||||
err := wl.whiteLister.IsAuthorized(addr)
|
||||
err := al.allowLister.IsAuthorized(addr)
|
||||
if err != nil {
|
||||
logger.Errorf("Connection from %s rejected: %v", addr, err)
|
||||
conn.Close()
|
||||
|
@ -61,5 +61,5 @@ func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) {
|
|||
|
||||
logger.Debugf("Connection from %s accepted", addr)
|
||||
|
||||
wl.next.ServeTCP(conn)
|
||||
al.next.ServeTCP(conn)
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
package tcpipwhitelist
|
||||
package ipallowlist
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
@ -12,27 +12,27 @@ import (
|
|||
"github.com/traefik/traefik/v2/pkg/tcp"
|
||||
)
|
||||
|
||||
func TestNewIPWhiteLister(t *testing.T) {
|
||||
func TestNewIPAllowLister(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
whiteList dynamic.TCPIPWhiteList
|
||||
allowList dynamic.TCPIPAllowList
|
||||
expectedError bool
|
||||
}{
|
||||
{
|
||||
desc: "Empty config",
|
||||
whiteList: dynamic.TCPIPWhiteList{},
|
||||
allowList: dynamic.TCPIPAllowList{},
|
||||
expectedError: true,
|
||||
},
|
||||
{
|
||||
desc: "invalid IP",
|
||||
whiteList: dynamic.TCPIPWhiteList{
|
||||
allowList: dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"foo"},
|
||||
},
|
||||
expectedError: true,
|
||||
},
|
||||
{
|
||||
desc: "valid IP",
|
||||
whiteList: dynamic.TCPIPWhiteList{
|
||||
allowList: dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"10.10.10.10"},
|
||||
},
|
||||
},
|
||||
|
@ -44,28 +44,28 @@ func TestNewIPWhiteLister(t *testing.T) {
|
|||
t.Parallel()
|
||||
|
||||
next := tcp.HandlerFunc(func(conn tcp.WriteCloser) {})
|
||||
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
|
||||
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
|
||||
|
||||
if test.expectedError {
|
||||
assert.Error(t, err)
|
||||
} else {
|
||||
require.NoError(t, err)
|
||||
assert.NotNil(t, whiteLister)
|
||||
assert.NotNil(t, allowLister)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestIPWhiteLister_ServeHTTP(t *testing.T) {
|
||||
func TestIPAllowLister_ServeHTTP(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
whiteList dynamic.TCPIPWhiteList
|
||||
allowList dynamic.TCPIPAllowList
|
||||
remoteAddr string
|
||||
expected string
|
||||
}{
|
||||
{
|
||||
desc: "authorized with remote address",
|
||||
whiteList: dynamic.TCPIPWhiteList{
|
||||
allowList: dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"20.20.20.20"},
|
||||
},
|
||||
remoteAddr: "20.20.20.20:1234",
|
||||
|
@ -73,7 +73,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
|
|||
},
|
||||
{
|
||||
desc: "non authorized with remote address",
|
||||
whiteList: dynamic.TCPIPWhiteList{
|
||||
allowList: dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"20.20.20.20"},
|
||||
},
|
||||
remoteAddr: "20.20.20.21:1234",
|
||||
|
@ -94,13 +94,13 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
|
|||
require.NoError(t, err)
|
||||
})
|
||||
|
||||
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
|
||||
allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
|
||||
require.NoError(t, err)
|
||||
|
||||
server, client := net.Pipe()
|
||||
|
||||
go func() {
|
||||
whiteLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}})
|
||||
allowLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}})
|
||||
}()
|
||||
|
||||
read, err := io.ReadAll(server)
|
|
@ -2022,7 +2022,7 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
Name: "Test",
|
||||
Labels: map[string]string{
|
||||
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
|
||||
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.routers.Test.middlewares": "Middleware1",
|
||||
},
|
||||
Address: "127.0.0.1",
|
||||
|
@ -2041,7 +2041,7 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"Middleware1": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"foobar", "fiibar"},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -2611,7 +2611,7 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
Name: "Test",
|
||||
Labels: map[string]string{
|
||||
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
|
||||
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.routers.Test.middlewares": "Middleware1",
|
||||
},
|
||||
NetworkSettings: networkSettings{
|
||||
|
@ -2638,7 +2638,7 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"Middleware1": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"foobar", "fiibar"},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -2333,7 +2333,7 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
name("Test"),
|
||||
labels(map[string]string{
|
||||
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
|
||||
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.routers.Test.middlewares": "Middleware1",
|
||||
}),
|
||||
iMachine(
|
||||
|
@ -2356,7 +2356,7 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"Middleware1": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"foobar", "fiibar"},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: ipwhitelist
|
||||
name: ipallowlist
|
||||
namespace: default
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
|
||||
|
@ -12,10 +12,10 @@ spec:
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: ipwhitelist
|
||||
name: ipallowlist
|
||||
namespace: foo
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
---
|
||||
|
@ -36,6 +36,6 @@ spec:
|
|||
port: 8000
|
||||
|
||||
middlewares:
|
||||
- name: ipwhitelist
|
||||
- name: ipwhitelist
|
||||
- name: ipallowlist
|
||||
- name: ipallowlist
|
||||
namespace: foo
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: ipwhitelist
|
||||
name: ipallowlist
|
||||
namespace: default
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
|
||||
|
@ -12,10 +12,10 @@ spec:
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: ipwhitelist
|
||||
name: ipallowlist
|
||||
namespace: foo
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
---
|
||||
|
@ -36,9 +36,9 @@ spec:
|
|||
port: 8000
|
||||
|
||||
middlewares:
|
||||
- name: ipwhitelist
|
||||
- name: ipwhitelist
|
||||
- name: ipallowlist
|
||||
- name: ipallowlist
|
||||
namespace: foo
|
||||
- name: ipwhitelist@file
|
||||
- name: ipwhitelist-foo@file
|
||||
- name: ipallowlist@file
|
||||
- name: ipallowlist-foo@file
|
||||
namespace: foo
|
||||
|
|
|
@ -4,7 +4,7 @@ metadata:
|
|||
name: multiple---hyphens
|
||||
namespace: default
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: ipwhitelist
|
||||
name: ipallowlist
|
||||
namespace: default
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
|
||||
|
@ -12,10 +12,10 @@ spec:
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: ipwhitelist
|
||||
name: ipallowlist
|
||||
namespace: cross-ns
|
||||
spec:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
---
|
||||
|
@ -36,7 +36,7 @@ spec:
|
|||
port: 8000
|
||||
|
||||
middlewares:
|
||||
- name: ipwhitelist
|
||||
- name: ipallowlist
|
||||
|
||||
- match: HostSNI(`bar.com`)
|
||||
services:
|
||||
|
@ -44,5 +44,5 @@ spec:
|
|||
port: 8000
|
||||
|
||||
middlewares:
|
||||
- name: ipwhitelist
|
||||
- name: ipallowlist
|
||||
namespace: cross-ns
|
||||
|
|
|
@ -263,7 +263,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
|
|||
ReplacePath: middleware.Spec.ReplacePath,
|
||||
ReplacePathRegex: middleware.Spec.ReplacePathRegex,
|
||||
Chain: createChainMiddleware(ctxMid, middleware.Namespace, middleware.Spec.Chain),
|
||||
IPWhiteList: middleware.Spec.IPWhiteList,
|
||||
IPAllowList: middleware.Spec.IPAllowList,
|
||||
Headers: middleware.Spec.Headers,
|
||||
Errors: errorPage,
|
||||
RateLimit: rateLimit,
|
||||
|
@ -279,6 +279,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
|
|||
PassTLSClientCert: middleware.Spec.PassTLSClientCert,
|
||||
Retry: retry,
|
||||
ContentType: middleware.Spec.ContentType,
|
||||
GrpcWeb: middleware.Spec.GrpcWeb,
|
||||
Plugin: plugin,
|
||||
}
|
||||
}
|
||||
|
@ -288,7 +289,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
|
|||
|
||||
conf.TCP.Middlewares[id] = &dynamic.TCPMiddleware{
|
||||
InFlightConn: middlewareTCP.Spec.InFlightConn,
|
||||
IPWhiteList: middlewareTCP.Spec.IPWhiteList,
|
||||
IPAllowList: middlewareTCP.Spec.IPAllowList,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -119,18 +119,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
|||
"default-test.route-fdd3e9338e47a45efefc": {
|
||||
EntryPoints: []string{"foo"},
|
||||
Service: "default-test.route-fdd3e9338e47a45efefc",
|
||||
Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist"},
|
||||
Middlewares: []string{"default-ipallowlist", "foo-ipallowlist"},
|
||||
Rule: "HostSNI(`foo.com`)",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"default-ipwhitelist": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
"default-ipallowlist": {
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
"foo-ipwhitelist": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
"foo-ipallowlist": {
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
@ -178,7 +178,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"default-multiple-hyphens": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
@ -220,18 +220,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
|||
"default-test.route-fdd3e9338e47a45efefc": {
|
||||
EntryPoints: []string{"foo"},
|
||||
Service: "default-test.route-fdd3e9338e47a45efefc",
|
||||
Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist", "ipwhitelist@file", "ipwhitelist-foo@file"},
|
||||
Middlewares: []string{"default-ipallowlist", "foo-ipallowlist", "ipallowlist@file", "ipallowlist-foo@file"},
|
||||
Rule: "HostSNI(`foo.com`)",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"default-ipwhitelist": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
"default-ipallowlist": {
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
"foo-ipwhitelist": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
"foo-ipallowlist": {
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
@ -5459,18 +5459,18 @@ func TestCrossNamespace(t *testing.T) {
|
|||
"default-test.route-fdd3e9338e47a45efefc": {
|
||||
EntryPoints: []string{"foo"},
|
||||
Service: "default-test.route-fdd3e9338e47a45efefc",
|
||||
Middlewares: []string{"default-ipwhitelist"},
|
||||
Middlewares: []string{"default-ipallowlist"},
|
||||
Rule: "HostSNI(`foo.com`)",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"default-ipwhitelist": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
"default-ipallowlist": {
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
"cross-ns-ipwhitelist": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
"cross-ns-ipallowlist": {
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
@ -5513,24 +5513,24 @@ func TestCrossNamespace(t *testing.T) {
|
|||
"default-test.route-fdd3e9338e47a45efefc": {
|
||||
EntryPoints: []string{"foo"},
|
||||
Service: "default-test.route-fdd3e9338e47a45efefc",
|
||||
Middlewares: []string{"default-ipwhitelist"},
|
||||
Middlewares: []string{"default-ipallowlist"},
|
||||
Rule: "HostSNI(`foo.com`)",
|
||||
},
|
||||
"default-test.route-f44ce589164e656d231c": {
|
||||
EntryPoints: []string{"foo"},
|
||||
Service: "default-test.route-f44ce589164e656d231c",
|
||||
Middlewares: []string{"cross-ns-ipwhitelist"},
|
||||
Middlewares: []string{"cross-ns-ipallowlist"},
|
||||
Rule: "HostSNI(`bar.com`)",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"default-ipwhitelist": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
"default-ipallowlist": {
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
"cross-ns-ipwhitelist": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
"cross-ns-ipallowlist": {
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -32,7 +32,7 @@ type MiddlewareSpec struct {
|
|||
ReplacePath *dynamic.ReplacePath `json:"replacePath,omitempty"`
|
||||
ReplacePathRegex *dynamic.ReplacePathRegex `json:"replacePathRegex,omitempty"`
|
||||
Chain *Chain `json:"chain,omitempty"`
|
||||
IPWhiteList *dynamic.IPWhiteList `json:"ipWhiteList,omitempty"`
|
||||
IPAllowList *dynamic.IPAllowList `json:"ipAllowList,omitempty"`
|
||||
Headers *dynamic.Headers `json:"headers,omitempty"`
|
||||
Errors *ErrorPage `json:"errors,omitempty"`
|
||||
RateLimit *RateLimit `json:"rateLimit,omitempty"`
|
||||
|
@ -48,6 +48,7 @@ type MiddlewareSpec struct {
|
|||
PassTLSClientCert *dynamic.PassTLSClientCert `json:"passTLSClientCert,omitempty"`
|
||||
Retry *Retry `json:"retry,omitempty"`
|
||||
ContentType *dynamic.ContentType `json:"contentType,omitempty"`
|
||||
GrpcWeb *dynamic.GrpcWeb `json:"grpcWeb,omitempty"`
|
||||
// Plugin defines the middleware plugin configuration.
|
||||
// More info: https://doc.traefik.io/traefik/plugins/
|
||||
Plugin map[string]apiextensionv1.JSON `json:"plugin,omitempty"`
|
||||
|
|
|
@ -25,8 +25,8 @@ type MiddlewareTCP struct {
|
|||
type MiddlewareTCPSpec struct {
|
||||
// InFlightConn defines the InFlightConn middleware configuration.
|
||||
InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"`
|
||||
// IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
|
||||
// IPAllowList defines the IPAllowList middleware configuration.
|
||||
IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
|
|
@ -689,9 +689,9 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) {
|
|||
*out = new(Chain)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.IPWhiteList != nil {
|
||||
in, out := &in.IPWhiteList, &out.IPWhiteList
|
||||
*out = new(dynamic.IPWhiteList)
|
||||
if in.IPAllowList != nil {
|
||||
in, out := &in.IPAllowList, &out.IPAllowList
|
||||
*out = new(dynamic.IPAllowList)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.Headers != nil {
|
||||
|
@ -769,6 +769,11 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) {
|
|||
*out = new(dynamic.ContentType)
|
||||
**out = **in
|
||||
}
|
||||
if in.GrpcWeb != nil {
|
||||
in, out := &in.GrpcWeb, &out.GrpcWeb
|
||||
*out = new(dynamic.GrpcWeb)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.Plugin != nil {
|
||||
in, out := &in.Plugin, &out.Plugin
|
||||
*out = make(map[string]v1.JSON, len(*in))
|
||||
|
@ -857,9 +862,9 @@ func (in *MiddlewareTCPSpec) DeepCopyInto(out *MiddlewareTCPSpec) {
|
|||
*out = new(dynamic.TCPInFlightConn)
|
||||
**out = **in
|
||||
}
|
||||
if in.IPWhiteList != nil {
|
||||
in, out := &in.IPWhiteList, &out.IPWhiteList
|
||||
*out = new(dynamic.TCPIPWhiteList)
|
||||
if in.IPAllowList != nil {
|
||||
in, out := &in.IPAllowList, &out.IPAllowList
|
||||
*out = new(dynamic.TCPIPAllowList)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
return
|
||||
|
|
|
@ -140,11 +140,11 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/browserXssFilter": "true",
|
||||
"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/0": "foobar",
|
||||
"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/1": "foobar",
|
||||
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/0": "foobar",
|
||||
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/1": "foobar",
|
||||
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/depth": "42",
|
||||
"traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/0": "foobar",
|
||||
"traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/1": "foobar",
|
||||
"traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/0": "foobar",
|
||||
"traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/1": "foobar",
|
||||
"traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/depth": "42",
|
||||
"traefik/http/middlewares/Middleware11/inFlightReq/amount": "42",
|
||||
"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/requestHost": "true",
|
||||
"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/ipStrategy/depth": "42",
|
||||
|
@ -340,7 +340,7 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{
|
||||
"Middleware10": {
|
||||
IPWhiteList: &dynamic.IPWhiteList{
|
||||
IPAllowList: &dynamic.IPAllowList{
|
||||
SourceRange: []string{
|
||||
"foobar",
|
||||
"foobar",
|
||||
|
|
|
@ -196,14 +196,14 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
},
|
||||
{
|
||||
desc: "TCP with IP whitelist",
|
||||
desc: "TCP with IP allowlist",
|
||||
applications: withApplications(
|
||||
application(
|
||||
appID("/app"),
|
||||
appPorts(80),
|
||||
|
||||
withLabel("traefik.tcp.routers.Test.rule", "HostSNI(`foo.bar`)"),
|
||||
withLabel("traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange", "foobar, fiibar"),
|
||||
withLabel("traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange", "foobar, fiibar"),
|
||||
withLabel("traefik.tcp.routers.Test.middlewares", "Middleware1"),
|
||||
withTasks(localhostTask(taskPorts(80))),
|
||||
)),
|
||||
|
@ -218,7 +218,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"Middleware1": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"foobar", "fiibar"},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -1621,7 +1621,7 @@ func Test_buildConfig(t *testing.T) {
|
|||
Name: "Test",
|
||||
Tags: []string{
|
||||
"traefik.tcp.routers.Test.rule = HostSNI(`foo.bar`)",
|
||||
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange = foobar, fiibar",
|
||||
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange = foobar, fiibar",
|
||||
"traefik.tcp.routers.Test.middlewares = Middleware1",
|
||||
},
|
||||
Address: "127.0.0.1",
|
||||
|
@ -1640,7 +1640,7 @@ func Test_buildConfig(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"Middleware1": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"foobar", "fiibar"},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -508,7 +508,7 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
Name: "Test",
|
||||
Labels: map[string]string{
|
||||
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
|
||||
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
|
||||
"traefik.tcp.routers.Test.middlewares": "Middleware1",
|
||||
},
|
||||
Port: "80/tcp",
|
||||
|
@ -528,7 +528,7 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{
|
||||
"Middleware1": {
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
IPAllowList: &dynamic.TCPIPAllowList{
|
||||
SourceRange: []string{"foobar", "fiibar"},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -191,7 +191,7 @@ func init() {
|
|||
Chain: &dynamic.Chain{
|
||||
Middlewares: []string{"foo"},
|
||||
},
|
||||
IPWhiteList: &dynamic.IPWhiteList{
|
||||
IPAllowList: &dynamic.IPAllowList{
|
||||
SourceRange: []string{"foo"},
|
||||
IPStrategy: &dynamic.IPStrategy{
|
||||
Depth: 42,
|
||||
|
|
|
@ -119,7 +119,7 @@
|
|||
"foo"
|
||||
]
|
||||
},
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": [
|
||||
"xxxx"
|
||||
],
|
||||
|
@ -478,4 +478,4 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -119,7 +119,7 @@
|
|||
"foo"
|
||||
]
|
||||
},
|
||||
"ipWhiteList": {
|
||||
"ipAllowList": {
|
||||
"sourceRange": [
|
||||
"foo"
|
||||
],
|
||||
|
@ -483,4 +483,4 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -18,16 +18,14 @@ type ChainBuilder struct {
|
|||
metricsRegistry metrics.Registry
|
||||
accessLoggerMiddleware *accesslog.Handler
|
||||
tracer *tracing.Tracing
|
||||
captureMiddleware *capture.Handler
|
||||
}
|
||||
|
||||
// NewChainBuilder Creates a new ChainBuilder.
|
||||
func NewChainBuilder(metricsRegistry metrics.Registry, accessLoggerMiddleware *accesslog.Handler, tracer *tracing.Tracing, captureMiddleware *capture.Handler) *ChainBuilder {
|
||||
func NewChainBuilder(metricsRegistry metrics.Registry, accessLoggerMiddleware *accesslog.Handler, tracer *tracing.Tracing) *ChainBuilder {
|
||||
return &ChainBuilder{
|
||||
metricsRegistry: metricsRegistry,
|
||||
accessLoggerMiddleware: accessLoggerMiddleware,
|
||||
tracer: tracer,
|
||||
captureMiddleware: captureMiddleware,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -35,8 +33,8 @@ func NewChainBuilder(metricsRegistry metrics.Registry, accessLoggerMiddleware *a
|
|||
func (c *ChainBuilder) Build(ctx context.Context, entryPointName string) alice.Chain {
|
||||
chain := alice.New()
|
||||
|
||||
if c.captureMiddleware != nil {
|
||||
chain = chain.Append(capture.WrapHandler(c.captureMiddleware))
|
||||
if c.accessLoggerMiddleware != nil || c.metricsRegistry != nil && (c.metricsRegistry.IsEpEnabled() || c.metricsRegistry.IsRouterEnabled() || c.metricsRegistry.IsSvcEnabled()) {
|
||||
chain = chain.Append(capture.Wrap)
|
||||
}
|
||||
|
||||
if c.accessLoggerMiddleware != nil {
|
||||
|
|
|
@ -17,9 +17,10 @@ import (
|
|||
"github.com/traefik/traefik/v2/pkg/middlewares/circuitbreaker"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/compress"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/customerrors"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/grpcweb"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/headers"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/inflightreq"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/ipwhitelist"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/ipallowlist"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/passtlsclientcert"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/ratelimiter"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/redirect"
|
||||
|
@ -219,6 +220,16 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
|
|||
}
|
||||
}
|
||||
|
||||
// GrpcWeb
|
||||
if config.GrpcWeb != nil {
|
||||
if middleware != nil {
|
||||
return nil, badConf
|
||||
}
|
||||
middleware = func(next http.Handler) (http.Handler, error) {
|
||||
return grpcweb.New(ctx, next, *config.GrpcWeb, middlewareName), nil
|
||||
}
|
||||
}
|
||||
|
||||
// Headers
|
||||
if config.Headers != nil {
|
||||
if middleware != nil {
|
||||
|
@ -229,13 +240,13 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
|
|||
}
|
||||
}
|
||||
|
||||
// IPWhiteList
|
||||
if config.IPWhiteList != nil {
|
||||
// IPAllowList
|
||||
if config.IPAllowList != nil {
|
||||
if middleware != nil {
|
||||
return nil, badConf
|
||||
}
|
||||
middleware = func(next http.Handler) (http.Handler, error) {
|
||||
return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName)
|
||||
return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -6,8 +6,8 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/traefik/traefik/v2/pkg/config/runtime"
|
||||
inflightconn "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn"
|
||||
ipwhitelist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipwhitelist"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipallowlist"
|
||||
"github.com/traefik/traefik/v2/pkg/server/provider"
|
||||
"github.com/traefik/traefik/v2/pkg/tcp"
|
||||
)
|
||||
|
@ -94,10 +94,10 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
|
|||
}
|
||||
}
|
||||
|
||||
// IPWhiteList
|
||||
if config.IPWhiteList != nil {
|
||||
// IPAllowList
|
||||
if config.IPAllowList != nil {
|
||||
middleware = func(next tcp.Handler) (tcp.Handler, error) {
|
||||
return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName)
|
||||
return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -316,7 +316,7 @@ func TestRouterManager_Get(t *testing.T) {
|
|||
roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}})
|
||||
serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager)
|
||||
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
|
||||
|
||||
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())
|
||||
|
||||
|
@ -422,7 +422,7 @@ func TestAccessLog(t *testing.T) {
|
|||
roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}})
|
||||
serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager)
|
||||
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
|
||||
|
||||
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())
|
||||
|
||||
|
@ -439,7 +439,7 @@ func TestAccessLog(t *testing.T) {
|
|||
reqHost := requestdecorator.New(nil)
|
||||
|
||||
chain := alice.New()
|
||||
chain = chain.Append(capture.WrapHandler(&capture.Handler{}))
|
||||
chain = chain.Append(capture.Wrap)
|
||||
chain = chain.Append(accesslog.WrapHandler(accesslogger))
|
||||
handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
reqHost.ServeHTTP(w, req, handlers["web"].ServeHTTP)
|
||||
|
@ -717,7 +717,7 @@ func TestRuntimeConfiguration(t *testing.T) {
|
|||
roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}})
|
||||
serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager)
|
||||
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
|
||||
|
||||
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())
|
||||
|
||||
|
@ -792,7 +792,7 @@ func TestProviderOnMiddlewares(t *testing.T) {
|
|||
roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}})
|
||||
serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager)
|
||||
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
|
||||
|
||||
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())
|
||||
|
||||
|
@ -860,7 +860,7 @@ func BenchmarkRouterServe(b *testing.B) {
|
|||
|
||||
serviceManager := service.NewManager(rtConf.Services, nil, nil, staticRoundTripperGetter{res})
|
||||
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil)
|
||||
chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
|
||||
|
||||
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@ func TestReuseService(t *testing.T) {
|
|||
managerFactory := service.NewManagerFactory(staticConfig, nil, metrics.NewVoidRegistry(), roundTripperManager, nil)
|
||||
tlsManager := tls.NewManager()
|
||||
|
||||
factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil, nil), nil, metrics.NewVoidRegistry())
|
||||
factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil), nil, metrics.NewVoidRegistry())
|
||||
|
||||
entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: dynamicConfigs}))
|
||||
|
||||
|
@ -189,7 +189,7 @@ func TestServerResponseEmptyBackend(t *testing.T) {
|
|||
managerFactory := service.NewManagerFactory(staticConfig, nil, metrics.NewVoidRegistry(), roundTripperManager, nil)
|
||||
tlsManager := tls.NewManager()
|
||||
|
||||
factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil, nil), nil, metrics.NewVoidRegistry())
|
||||
factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil), nil, metrics.NewVoidRegistry())
|
||||
|
||||
entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: test.config(testServer.URL)}))
|
||||
|
||||
|
@ -232,7 +232,7 @@ func TestInternalServices(t *testing.T) {
|
|||
|
||||
voidRegistry := metrics.NewVoidRegistry()
|
||||
|
||||
factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(voidRegistry, nil, nil, nil), nil, voidRegistry)
|
||||
factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(voidRegistry, nil, nil), nil, voidRegistry)
|
||||
|
||||
entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: dynamicConfigs}))
|
||||
|
||||
|
|
|
@ -593,9 +593,11 @@ func TestWebSocketTransferTLSConfig(t *testing.T) {
|
|||
require.NoError(t, err)
|
||||
assert.Equal(t, "ok", resp)
|
||||
|
||||
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
||||
// Don't alter default transport to prevent side effects on other tests.
|
||||
defaultTransport := http.DefaultTransport.(*http.Transport).Clone()
|
||||
defaultTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
||||
|
||||
forwarderWithTLSConfigFromDefaultTransport, err := buildProxy(Bool(true), nil, http.DefaultTransport, nil)
|
||||
forwarderWithTLSConfigFromDefaultTransport, err := buildProxy(Bool(true), nil, defaultTransport, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
proxyWithTLSConfigFromDefaultTransport := createProxyWithForwarder(t, forwarderWithTLSConfigFromDefaultTransport, srv.URL)
|
||||
|
|
|
@ -283,11 +283,11 @@ func TestSpiffeMTLS(t *testing.T) {
|
|||
}
|
||||
|
||||
testCases := []struct {
|
||||
desc string
|
||||
config dynamic.Spiffe
|
||||
clientSource SpiffeX509Source
|
||||
wantStatusCode int
|
||||
wantErrorMessage string
|
||||
desc string
|
||||
config dynamic.Spiffe
|
||||
clientSource SpiffeX509Source
|
||||
wantStatusCode int
|
||||
wantError bool
|
||||
}{
|
||||
{
|
||||
desc: "supports SPIFFE mTLS",
|
||||
|
@ -308,8 +308,8 @@ func TestSpiffeMTLS(t *testing.T) {
|
|||
config: dynamic.Spiffe{
|
||||
IDs: []string{"spiffe://traefik.test/not-server"},
|
||||
},
|
||||
clientSource: &clientSource,
|
||||
wantErrorMessage: `unexpected ID "spiffe://traefik.test/server"`,
|
||||
clientSource: &clientSource,
|
||||
wantError: true,
|
||||
},
|
||||
{
|
||||
desc: "allows expected server trust domain",
|
||||
|
@ -324,8 +324,8 @@ func TestSpiffeMTLS(t *testing.T) {
|
|||
config: dynamic.Spiffe{
|
||||
TrustDomain: "spiffe://not-traefik.test",
|
||||
},
|
||||
clientSource: &clientSource,
|
||||
wantErrorMessage: `unexpected trust domain "traefik.test"`,
|
||||
clientSource: &clientSource,
|
||||
wantError: true,
|
||||
},
|
||||
{
|
||||
desc: "spiffe IDs allowlist takes precedence",
|
||||
|
@ -333,14 +333,14 @@ func TestSpiffeMTLS(t *testing.T) {
|
|||
IDs: []string{"spiffe://traefik.test/not-server"},
|
||||
TrustDomain: "spiffe://not-traefik.test",
|
||||
},
|
||||
clientSource: &clientSource,
|
||||
wantErrorMessage: `unexpected ID "spiffe://traefik.test/server"`,
|
||||
clientSource: &clientSource,
|
||||
wantError: true,
|
||||
},
|
||||
{
|
||||
desc: "raises an error when spiffe is enabled on the transport but no workloadapi address is given",
|
||||
config: dynamic.Spiffe{},
|
||||
clientSource: nil,
|
||||
wantErrorMessage: `remote error: tls: bad certificate`,
|
||||
desc: "raises an error when spiffe is enabled on the transport but no workloadapi address is given",
|
||||
config: dynamic.Spiffe{},
|
||||
clientSource: nil,
|
||||
wantError: true,
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -362,8 +362,8 @@ func TestSpiffeMTLS(t *testing.T) {
|
|||
client := http.Client{Transport: tr}
|
||||
|
||||
resp, err := client.Get(srv.URL)
|
||||
if test.wantErrorMessage != "" {
|
||||
assert.ErrorContains(t, err, test.wantErrorMessage)
|
||||
if test.wantError {
|
||||
require.Error(t, err)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
@ -4,11 +4,11 @@ RepositoryName = "traefik"
|
|||
OutputType = "file"
|
||||
FileName = "traefik_changelog.md"
|
||||
|
||||
# example new bugfix v2.9.1
|
||||
# example new bugfix v2.9.2
|
||||
CurrentRef = "v2.9"
|
||||
PreviousRef = "v2.9.0"
|
||||
PreviousRef = "v2.9.1"
|
||||
BaseBranch = "v2.9"
|
||||
FutureCurrentRefName = "v2.9.0"
|
||||
FutureCurrentRefName = "v2.9.2"
|
||||
|
||||
ThresholdPreviousRef = 10
|
||||
ThresholdCurrentRef = 10
|
||||
|
|
|
@ -675,8 +675,8 @@
|
|||
</div>
|
||||
</q-card-section>
|
||||
|
||||
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - sourceRange -->
|
||||
<q-card-section v-if="middleware.ipWhiteList">
|
||||
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - sourceRange -->
|
||||
<q-card-section v-if="middleware.ipAllowList">
|
||||
<div class="row items-start no-wrap">
|
||||
<div class="col">
|
||||
<div class="text-subtitle2">Source Range</div>
|
||||
|
@ -689,8 +689,8 @@
|
|||
</div>
|
||||
</div>
|
||||
</q-card-section>
|
||||
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - ipStrategy -->
|
||||
<q-card-section v-if="middleware.ipWhiteList">
|
||||
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - ipStrategy -->
|
||||
<q-card-section v-if="middleware.ipAllowList">
|
||||
<div class="row items-start">
|
||||
<div class="col-12">
|
||||
<div class="text-subtitle2">IP Strategy</div>
|
||||
|
@ -1076,8 +1076,8 @@
|
|||
</q-card-section>
|
||||
|
||||
<q-card-section v-if="protocol === 'tcp'">
|
||||
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - sourceRange -->
|
||||
<q-card-section v-if="middleware.ipWhiteList">
|
||||
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - sourceRange -->
|
||||
<q-card-section v-if="middleware.ipAllowList">
|
||||
<div class="row items-start no-wrap">
|
||||
<div class="col">
|
||||
<div class="text-subtitle2">Source Range</div>
|
||||
|
|
Loading…
Reference in a new issue